mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial Report Frame check in, addition of 'checkcolumn' class in RA utils to check if a column is present in a sqlite db before proceeding.

Browse Source 
Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alex Ebadirad 2012-04-25 07:13:36 -07:00
parent 224bbf13f9
commit e8ac5e729d
7 changed files with 173 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
KeywordSearch/nbproject/genfiles.properties
View File

@ -3,6 +3,6 @@ build.xml.script.CRC32=87b97b04
build.xml.stylesheet.CRC32=a56c6a5b@1.46.2
# This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
# Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
nbproject/build-impl.xml.data.CRC32=d7ecf067
nbproject/build-impl.xml.data.CRC32=ab518119
nbproject/build-impl.xml.script.CRC32=fe1f48d2
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@1.46.2
nbproject/build-impl.xml.stylesheet.CRC32=238281d1@2.47.2

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -61,6 +61,7 @@ import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException;
import org.sleuthkit.autopsy.keywordsearch.KeywordSearchUtil;
public class ExtractIE { // implements BrowserActivity {
@ -75,6 +76,7 @@ public class ExtractIE { // implements BrowserActivity {
//paths set in init()
private String PASCO_RESULTS_PATH;
private String PASCO_LIB_PATH;
private String JAVA_PATH;
//Results List to be referenced/used outside the class
public ArrayList<HashMap<String, Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String, Object>>();

17
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -49,6 +49,7 @@ public class Firefox {
private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String ffcookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed,(creationTime/1000) as creationTime FROM moz_cookies";
private static final String ff3cookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed FROM moz_cookies";
private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id";
private static final String ffdownloadquery = "select target, source,(startTime/1000) as startTime, maxBytes from moz_downloads";
@ -198,17 +199,29 @@ public class Firefox {
if (controller.isCancelled() ) {
dbFile.delete();
break;
}
}
boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", connectionString);
String query;
if(checkColumn){
query = ffcookiequery;
}
else{
query = ff3cookiequery;
}
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffcookiequery);
ResultSet temprs = tempdbconnect.executeQry(query);
while(temprs.next())
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("lastAccessed")));
if(checkColumn == true)
{
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Created", temprs.getLong("creationTime")));
}
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));

25
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -193,4 +193,29 @@ public static long findID(String path) {
}
return -1;
}
public static boolean checkColumn(String column, String tablename, String connection){
String query = "PRAGMA table_info(" + tablename + ")";
boolean found = false;
ResultSet temprs;
try{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connection);
temprs = tempdbconnect.executeQry(query);
while(temprs.next())
{
if(temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column))
{
found = true;
}
}
}
catch(Exception ex)
{
logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex);
}
return found;
}
}

43
Report/src/org/sleuthkit/autopsy/report/ReportConfiguration.java Normal file
View File

@ -0,0 +1,43 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> autopsy <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
/**
* Configures which parts of report were requested
* e.g. based on user input
* Some specialized reporting modules may choose not to generate all
requested sections
* and some modules may generate additional, specialized sections
*
*/
class ReportConfiguration {
//setters for generally supported report parts
public void setGenWebHistory();
public void setGenWebCookie();
public void setGenDevices();
//getters for generally supported report parts
public void getGenWebHistory();
public void getGenWebCookie();
public void getGenDevices();
}

62
Report/src/org/sleuthkit/autopsy/report/ReportModule.java Normal file
View File

@ -0,0 +1,62 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> autopsy <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//interface every reporting module should implement
public interface ReportModule {
/**
* Generates a report on the current case
* Reporting module should traverse the blackboard, extract needed
* information as specified in the config
* and generate a report file
*
* @param config specifiying parts that should be generated
* @return absolute file path to the report generated
* @throws ReportModuleException if report generation failed
*/
public String generateReport(ReportConfiguration config) throws ReportModuleException;
/**
* save already generated report to the user specified location ???
* or should this be part of generateReport() ???
*/
public void save() throws ReportModuleException;
/**
* Returns a short description of report type/file format this module generates
* for instance, "XML", "Excel"
* @return
*/
public String getReportType();
/**
* Returns a one line human readable description of the type of report
this module generates
*/
public String getReportTypeDescription();
}

24
Report/src/org/sleuthkit/autopsy/report/ReportModuleException.java Normal file
View File

@ -0,0 +1,24 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2012 42six Solutions.
* Contact: aebadirad <at> 42six <dot> com
* Project Contact/Architect: carrier <at> autopsy <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.report;
//exception thrown by a reporting module when report generation failed
class ReportModuleException extends Exception {}