diff --git a/.gitignore b/.gitignore index 6f6f3fb653..fd160c9744 100644 --- a/.gitignore +++ b/.gitignore @@ -82,6 +82,8 @@ hs_err_pid*.log /RecentActivity/release/ /CentralRepository/release/ +/.idea/ + *.img *.vhd *.E01 diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties index aa2b4b9297..fca33fe6f4 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties @@ -1,7 +1,6 @@ -DataContentViewerOtherCases.selectAllMenuItem.text=Select All DataContentViewerOtherCases.showCaseDetailsMenuItem.text=Show Case Details DataContentViewerOtherCases.table.toolTip.text=Click column name to sort. Right-click on the table for more options. -DataContentViewerOtherCases.exportToCSVMenuItem.text=Export Selected Rows to CSV +DataContentViewerOtherCases.exportToCSVMenuItem.text=Export all Other Occurrences to CSV DataContentViewerOtherCases.showCommonalityMenuItem.text=Show Frequency DataContentViewerOtherCases.earliestCaseDate.text=Earliest Case Date DataContentViewerOtherCases.earliestCaseLabel.toolTipText= diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties-MERGED index 21c7b81c76..b2606170ed 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/Bundle.properties-MERGED @@ -13,12 +13,11 @@ DataContentViewerOtherCases.dataSources.header.text=Data Source Name DataContentViewerOtherCases.earliestCaseNotAvailable=\ Not Enabled. DataContentViewerOtherCases.foundIn.text=Found %d instances in %d cases and %d data sources. DataContentViewerOtherCases.noOpenCase.errMsg=No open case available. -DataContentViewerOtherCases.selectAllMenuItem.text=Select All DataContentViewerOtherCases.showCaseDetailsMenuItem.text=Show Case Details DataContentViewerOtherCases.table.noArtifacts=Item has no attributes with which to search. DataContentViewerOtherCases.table.noResultsFound=No results found. DataContentViewerOtherCases.table.toolTip.text=Click column name to sort. Right-click on the table for more options. -DataContentViewerOtherCases.exportToCSVMenuItem.text=Export Selected Rows to CSV +DataContentViewerOtherCases.exportToCSVMenuItem.text=Export all Other Occurrences to CSV DataContentViewerOtherCases.showCommonalityMenuItem.text=Show Frequency DataContentViewerOtherCases.earliestCaseDate.text=Earliest Case Date DataContentViewerOtherCases.earliestCaseLabel.toolTipText= diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.form b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.form index e20c9954ac..fd1b0b81b1 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.form +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.form @@ -11,13 +11,6 @@ - - - - - - - diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java index 659a5a04e9..9713a5b47a 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java @@ -141,9 +141,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi private void customizeComponents() { ActionListener actList = (ActionEvent e) -> { JMenuItem jmi = (JMenuItem) e.getSource(); - if (jmi.equals(selectAllMenuItem)) { - filesTable.selectAll(); - } else if (jmi.equals(showCaseDetailsMenuItem)) { + if (jmi.equals(showCaseDetailsMenuItem)) { showCaseDetails(filesTable.getSelectedRow()); } else if (jmi.equals(exportToCSVMenuItem)) { try { @@ -157,7 +155,6 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi }; exportToCSVMenuItem.addActionListener(actList); - selectAllMenuItem.addActionListener(actList); showCaseDetailsMenuItem.addActionListener(actList); showCommonalityMenuItem.addActionListener(actList); @@ -813,6 +810,13 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi occurrencePanel.getPreferredSize(); detailsPanelScrollPane.setViewportView(occurrencePanel); } else { + String currentCaseName; + try { + currentCaseName = Case.getCurrentCaseThrows().getName(); + } catch (NoCurrentCaseException ex) { + currentCaseName = null; + LOGGER.log(Level.WARNING, "Unable to get current case for other occurrences content viewer", ex); + } for (CorrelationAttributeInstance corAttr : correlationAttributes) { Map correlatedNodeDataMap = new HashMap<>(0); @@ -826,7 +830,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi && casesTableModel.getCorrelationCase(casesTable.convertRowIndexToModel(selectedRow)).getCaseUUID().equals(nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID())) { dataSourcesTableModel.addNodeData(nodeData); } - } else { + } else if (currentCaseName != null && (casesTableModel.getCorrelationCase(casesTable.convertRowIndexToModel(selectedRow)).getCaseUUID().equals(currentCaseName))) { dataSourcesTableModel.addNodeData(nodeData); } } catch (EamDbException ex) { @@ -956,7 +960,6 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi private void initComponents() { rightClickPopupMenu = new javax.swing.JPopupMenu(); - selectAllMenuItem = new javax.swing.JMenuItem(); exportToCSVMenuItem = new javax.swing.JMenuItem(); showCaseDetailsMenuItem = new javax.swing.JMenuItem(); showCommonalityMenuItem = new javax.swing.JMenuItem(); @@ -986,9 +989,6 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi } }); - org.openide.awt.Mnemonics.setLocalizedText(selectAllMenuItem, org.openide.util.NbBundle.getMessage(DataContentViewerOtherCases.class, "DataContentViewerOtherCases.selectAllMenuItem.text")); // NOI18N - rightClickPopupMenu.add(selectAllMenuItem); - org.openide.awt.Mnemonics.setLocalizedText(exportToCSVMenuItem, org.openide.util.NbBundle.getMessage(DataContentViewerOtherCases.class, "DataContentViewerOtherCases.exportToCSVMenuItem.text")); // NOI18N rightClickPopupMenu.add(exportToCSVMenuItem); @@ -1130,7 +1130,6 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi private javax.swing.JScrollPane filesTableScrollPane; private javax.swing.JLabel foundInLabel; private javax.swing.JPopupMenu rightClickPopupMenu; - private javax.swing.JMenuItem selectAllMenuItem; private javax.swing.JMenuItem showCaseDetailsMenuItem; private javax.swing.JMenuItem showCommonalityMenuItem; private javax.swing.JPanel tableContainerPanel; @@ -1161,8 +1160,14 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi try { tempCaseUUID = nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID(); } catch (EamDbException ignored) { - tempCaseUUID = UUID_PLACEHOLDER_STRING; - //place holder value will be used since correlation attribute was unavailble + //non central repo nodeData won't have a correlation case + try { + tempCaseUUID = Case.getCurrentCaseThrows().getName(); + //place holder value will be used since correlation attribute was unavailble + } catch (NoCurrentCaseException ex) { + LOGGER.log(Level.WARNING, "Unable to get current case", ex); + tempCaseUUID = UUID_PLACEHOLDER_STRING; + } } caseUUID = tempCaseUUID; } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesDataSourcesTableModel.java b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesDataSourcesTableModel.java index 240826b8b7..76871d074d 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesDataSourcesTableModel.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesDataSourcesTableModel.java @@ -21,9 +21,13 @@ package org.sleuthkit.autopsy.centralrepository.contentviewer; import java.util.LinkedHashSet; import java.util.Objects; import java.util.Set; +import java.util.logging.Level; import javax.swing.table.AbstractTableModel; import org.openide.util.NbBundle; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; +import org.sleuthkit.autopsy.coreutils.Logger; /** * Model for cells in the data sources section of the other occurrences data @@ -32,6 +36,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; final class OtherOccurrencesDataSourcesTableModel extends AbstractTableModel { private static final long serialVersionUID = 1L; + private static final Logger logger = Logger.getLogger(OtherOccurrencesDataSourcesTableModel.class.getName()); private final Set dataSourceSet = new LinkedHashSet<>(); /** @@ -140,8 +145,14 @@ final class OtherOccurrencesDataSourcesTableModel extends AbstractTableModel { try { caseUUID = nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID(); } catch (EamDbException ignored) { - caseUUID = DataContentViewerOtherCases.getPlaceholderUUID(); - //place holder value will be used since correlation attribute was unavailble + //non central repo nodeData won't have a correlation case + try { + caseUUID = Case.getCurrentCaseThrows().getName(); + //place holder value will be used since correlation attribute was unavailble + } catch (NoCurrentCaseException ex) { + logger.log(Level.WARNING, "Unable to get current case", ex); + caseUUID = DataContentViewerOtherCases.getPlaceholderUUID(); + } } dataSourceSet.add(new DataSourceColumnItem(nodeData.getCaseName(), nodeData.getDeviceID(), nodeData.getDataSourceName(), caseUUID)); fireTableDataChanged(); diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesFilesTableModel.java b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesFilesTableModel.java index f759ecfd2a..3344951857 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesFilesTableModel.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/OtherOccurrencesFilesTableModel.java @@ -22,10 +22,14 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.logging.Level; import javax.swing.table.AbstractTableModel; import org.openide.util.NbBundle.Messages; import org.apache.commons.io.FilenameUtils; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; +import org.sleuthkit.autopsy.coreutils.Logger; /** * Model for cells in the files section of the other occurrences data content @@ -34,6 +38,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; public class OtherOccurrencesFilesTableModel extends AbstractTableModel { private static final long serialVersionUID = 1L; + private static final Logger logger = Logger.getLogger(OtherOccurrencesFilesTableModel.class.getName()); private final List nodeKeys = new ArrayList<>(); private final Map> nodeMap = new HashMap<>(); @@ -119,8 +124,14 @@ public class OtherOccurrencesFilesTableModel extends AbstractTableModel { try { caseUUID = nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID(); } catch (EamDbException ignored) { - caseUUID = DataContentViewerOtherCases.getPlaceholderUUID(); - //place holder value will be used since correlation attribute was unavailble + //non central repo nodeData won't have a correlation case + try { + caseUUID = Case.getCurrentCaseThrows().getName(); + //place holder value will be used since correlation attribute was unavailble + } catch (NoCurrentCaseException ex) { + logger.log(Level.WARNING, "Unable to get current case", ex); + caseUUID = DataContentViewerOtherCases.getPlaceholderUUID(); + } } return nodeData.getCaseName() + nodeData.getDataSourceName() + nodeData.getDeviceID() + nodeData.getFilePath() + caseUUID; } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.form index 82383f135f..6c189d736e 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.form @@ -29,7 +29,7 @@ - + @@ -44,7 +44,7 @@ - + diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.java index 6438b399e7..c9ecbfc146 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.java @@ -88,7 +88,7 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel { .addComponent(flagTaggedNotableItemsCheckbox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(flagPreviouslySeenDevicesCheckbox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(createCorrelationPropertiesCheckbox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))) - .addContainerGap(65, Short.MAX_VALUE)) + .addContainerGap(47, Short.MAX_VALUE)) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) @@ -101,7 +101,7 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel { .addComponent(flagTaggedNotableItemsCheckbox) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(flagPreviouslySeenDevicesCheckbox) - .addContainerGap(197, Short.MAX_VALUE)) + .addContainerGap(47, Short.MAX_VALUE)) ); }// //GEN-END:initComponents diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java index 1008ade02e..eeacf491bf 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java @@ -394,8 +394,8 @@ public abstract class AbstractAbstractFileNode extends A @NbBundle.Messages({ "AbstractAbstractFileNode.createSheet.count.displayName=O", "AbstractAbstractFileNode.createSheet.count.hashLookupNotRun.description=Hash lookup had not been run on this file when the column was populated", - "# {0} - occurenceCount", - "AbstractAbstractFileNode.createSheet.count.description=There were {0} datasource(s) found with occurences of the MD5 correlation value"}) + "# {0} - occurrenceCount", + "AbstractAbstractFileNode.createSheet.count.description=There were {0} datasource(s) found with occurrences of the MD5 correlation value"}) @Override protected Pair getCountPropertyAndDescription(CorrelationAttributeInstance.Type attributeType, String attributeValue, String defaultDescription) { diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 8b4423c840..0ea8b04660 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -748,7 +748,7 @@ public class BlackboardArtifactNode extends AbstractContentNode { + + private static final Logger logger = Logger.getLogger(LayoutFileNode.class.getName()); @Deprecated public static enum LayoutContentPropertyType { @@ -91,9 +100,14 @@ public class LayoutFileNode extends AbstractAbstractFileNode { } @Override + @NbBundle.Messages({ + "LayoutFileNode.getActions.viewFileInDir.text=View File in Directory"}) public Action[] getActions(boolean context) { List actionsList = new ArrayList<>(); actionsList.addAll(Arrays.asList(super.getActions(true))); + actionsList.add(new ViewContextAction(Bundle.LayoutFileNode_getActions_viewFileInDir_text(), this)); + actionsList.add(null); // Creates an item separator + actionsList.add(new NewWindowViewAction( NbBundle.getMessage(this.getClass(), "LayoutFileNode.getActions.viewInNewWin.text"), this)); final Collection selectedFilesList @@ -104,6 +118,7 @@ public class LayoutFileNode extends AbstractAbstractFileNode { } else { actionsList.add(ExternalViewerShortcutAction.getInstance()); } + actionsList.add(ViewFileInTimelineAction.createViewFileAction(getContent())); actionsList.add(null); // creates a menu separator actionsList.add(ExtractAction.getInstance()); actionsList.add(ExportCSVAction.getInstance()); @@ -115,6 +130,15 @@ public class LayoutFileNode extends AbstractAbstractFileNode { } actionsList.addAll(ContextMenuExtensionPoint.getActions()); + if (FileTypeExtensions.getArchiveExtensions().contains("." + this.content.getNameExtension().toLowerCase())) { + try { + if (this.content.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED).size() > 0) { + actionsList.add(new ExtractArchiveWithPasswordAction(this.getContent())); + } + } catch (TskCoreException ex) { + logger.log(Level.WARNING, "Unable to add unzip with password action to context menus", ex); + } + } return actionsList.toArray(new Action[actionsList.size()]); } diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java index 62c57f7118..8a92159ecb 100644 --- a/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java @@ -39,6 +39,7 @@ import org.sleuthkit.autopsy.casemodule.CasePreferences; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.core.UserPreferences; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; +import org.sleuthkit.autopsy.datamodel.AbstractAbstractFileNode; import org.sleuthkit.autopsy.datamodel.AbstractFsContentNode; import org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode; import org.sleuthkit.autopsy.datamodel.ContentNodeSelectionInfo; @@ -105,6 +106,22 @@ public class ViewContextAction extends AbstractAction { super(displayName); this.content = fileSystemContentNode.getLookup().lookup(Content.class); } + + + /** + * An action that displays the context for abstract file by + * expanding the data sources branch of the tree view to the level of the + * parent of the content, selecting the parent in the tree view, then + * selecting the content in the results view. + * + * @param displayName The display name for the action. + * @param abstractAbstractFileNode The AbstractAbstractFileNode node for the + * content. + */ + public ViewContextAction(String displayName, AbstractAbstractFileNode abstractAbstractFileNode) { + super(displayName); + this.content = abstractAbstractFileNode.getLookup().lookup(Content.class); + } /** * An action that displays the context for some content by expanding the diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.form index 4ea5377716..5629803cd2 100644 --- a/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.form @@ -19,7 +19,7 @@ - + diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.java index 22a7cb3e2f..0d54172cf7 100644 --- a/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/examples/SampleIngestModuleIngestJobSettingsPanel.java @@ -81,7 +81,7 @@ public class SampleIngestModuleIngestJobSettingsPanel extends IngestModuleIngest .addGroup(layout.createSequentialGroup() .addContainerGap() .addComponent(skipKnownFilesCheckBox) - .addContainerGap(255, Short.MAX_VALUE)) + .addContainerGap(155, Short.MAX_VALUE)) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleIngestJobSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleIngestJobSettingsPanel.java index cb321f35cb..f356b4d04f 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleIngestJobSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleIngestJobSettingsPanel.java @@ -22,7 +22,8 @@ import javax.swing.JPanel; /** * Abstract base class for panels that allow users to specify per ingest job - * settings for ingest modules. + * settings for ingest modules. The max recommended dimensions for these panels + * is 300 width by 300 height. */ public abstract class IngestModuleIngestJobSettingsPanel extends JPanel { diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form index b9fc6f08b1..8c970ef7d9 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form @@ -1,6 +1,11 @@
+ + + + + @@ -24,7 +29,7 @@ - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java index 30e3b11b05..9fa465739f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java @@ -64,6 +64,8 @@ final class DataSourceIntegrityIngestSettingsPanel extends IngestModuleIngestJob jLabel3 = new javax.swing.JLabel(); jLabel1 = new javax.swing.JLabel(); + setPreferredSize(new java.awt.Dimension(300, 155)); + org.openide.awt.Mnemonics.setLocalizedText(computeHashesCheckbox, org.openide.util.NbBundle.getMessage(DataSourceIntegrityIngestSettingsPanel.class, "DataSourceIntegrityIngestSettingsPanel.computeHashesCheckbox.text")); // NOI18N computeHashesCheckbox.addActionListener(new java.awt.event.ActionListener() { public void actionPerformed(java.awt.event.ActionEvent evt) { @@ -89,7 +91,7 @@ final class DataSourceIntegrityIngestSettingsPanel extends IngestModuleIngestJob .addComponent(verifyHashesCheckbox) .addComponent(computeHashesCheckbox) .addComponent(jLabel3)) - .addContainerGap(47, Short.MAX_VALUE)) + .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) diff --git a/Core/src/org/sleuthkit/autopsy/textextractors/TextExtractorFactory.java b/Core/src/org/sleuthkit/autopsy/textextractors/TextExtractorFactory.java index 86b96194c0..2c8316ba60 100755 --- a/Core/src/org/sleuthkit/autopsy/textextractors/TextExtractorFactory.java +++ b/Core/src/org/sleuthkit/autopsy/textextractors/TextExtractorFactory.java @@ -73,8 +73,7 @@ public class TextExtractorFactory { throw new NoTextExtractorFound( String.format("Could not find a suitable reader for " - + "content with name [%s] and id=[%d]. Try using " - + "the strings extractor instead.", + + "content with name [%s] and id=[%d].", content.getName(), content.getId()) ); } diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/Bundle.properties-MERGED b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/Bundle.properties-MERGED index 4256a2a349..9b2baa6467 100755 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/Bundle.properties-MERGED +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/Bundle.properties-MERGED @@ -3,5 +3,7 @@ ObjectDetectionFileIngestModule.classifierDetection.text=Classifier detected {0} # {0} - classifierDir ObjectDetectionFileIngestModule.noClassifiersFound.message=No classifiers were found in {0}, object detection will not be executed. ObjectDetectionFileIngestModule.noClassifiersFound.subject=No classifiers found. +ObjectDetectionFileIngestModule.notWindowsError=This module is only available on Windows. +ObjectDetectionFileIngestModule.openCVNotLoaded=OpenCV was not loaded, but is required to run. ObjectDetectionModuleFactory.moduleDescription.text=Use object classifiers to identify objects in pictures. ObjectDetectionModuleFactory.moduleName.text=Object Detection diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java index 4ad9a79165..e5d342aef8 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java @@ -65,14 +65,32 @@ public class ObjectDetectectionFileIngestModule extends FileIngestModuleAdapter private Blackboard blackboard; @Messages({"ObjectDetectionFileIngestModule.noClassifiersFound.subject=No classifiers found.", - "# {0} - classifierDir", "ObjectDetectionFileIngestModule.noClassifiersFound.message=No classifiers were found in {0}, object detection will not be executed."}) + "# {0} - classifierDir", "ObjectDetectionFileIngestModule.noClassifiersFound.message=No classifiers were found in {0}, object detection will not be executed.", + "ObjectDetectionFileIngestModule.openCVNotLoaded=OpenCV was not loaded, but is required to run.", + "ObjectDetectionFileIngestModule.notWindowsError=This module is only available on Windows." + }) @Override public void startUp(IngestJobContext context) throws IngestModule.IngestModuleException { jobId = context.getJobId(); File classifierDir = new File(PlatformUtil.getObjectDetectionClassifierPath()); classifiers = new HashMap<>(); + + if(!PlatformUtil.isWindowsOS()) { + //Pop-up that catches IngestModuleException will automatically indicate + //the name of the module before the message. + String errorMsg = Bundle.ObjectDetectionFileIngestModule_notWindowsError(); + logger.log(Level.SEVERE, errorMsg); + throw new IngestModule.IngestModuleException(errorMsg); + } + + if(!OpenCvLoader.hasOpenCvLoaded()) { + String errorMsg = Bundle.ObjectDetectionFileIngestModule_openCVNotLoaded(); + logger.log(Level.SEVERE, errorMsg); + throw new IngestModule.IngestModuleException(errorMsg); + } + //Load all classifiers found in PlatformUtil.getObjectDetectionClassifierPath() - if (OpenCvLoader.hasOpenCvLoaded() && classifierDir.exists() && classifierDir.isDirectory()) { + if (classifierDir.exists() && classifierDir.isDirectory()) { for (File classifier : classifierDir.listFiles()) { if (classifier.isFile() && FilenameUtils.getExtension(classifier.getName()).equalsIgnoreCase("xml")) { classifiers.put(classifier.getName(), new CascadeClassifier(classifier.getAbsolutePath())); diff --git a/docs/doxygen-user/auto_ingest_setup.dox b/docs/doxygen-user/auto_ingest_setup.dox index 35000028c6..c49beee662 100644 --- a/docs/doxygen-user/auto_ingest_setup.dox +++ b/docs/doxygen-user/auto_ingest_setup.dox @@ -90,6 +90,11 @@ Some notes on shared configuration:
  • Shared copies of the hash databases are also not currently supported. Each node will download its own copy of each database. +\subsection auto_ingest_test_button Testing + +Once everything is configured, you can use the "Test" button near the bottom of the panel to test if everything is set up correctly. The button will test whether the services are available, whether a case can be created, and if the ingest settings are valid. If the test passes you'll see a green check. If it fails you'll see a message giving a short description of what error occurred. Depending on the error you may also see a pop-up message. You can check the logs for additional information (close the Options panel and click on "Help" then "Open Log Folder"). + +\image html AutoIngest/test_button_failure.png \subsection auto_ingest_error_suppression Error Suppression diff --git a/docs/doxygen-user/central_repo.dox b/docs/doxygen-user/central_repo.dox index b08ef7dcad..03b45b6040 100644 --- a/docs/doxygen-user/central_repo.dox +++ b/docs/doxygen-user/central_repo.dox @@ -161,33 +161,24 @@ properties from the central repository. If the selected file or artifact is asso to one or more properties in the database, the associated properties will be displayed. Note: the Content Viewer will display ALL associated properties available in the database. It ignores the user's enabled/disabled Correlation Properties. -The other occurrences are grouped by case and then data source. The rows in the content viewer have background colors to indicate if they are known to be of interest. Properties that are notable -will have a Red background, all others will have a White background. The notable status will also be displayed in the "Known" column. +The other occurrences are grouped by case and then data source. Selecting one of the results brings up information on it in the right column. If a file or artifact was previously marked as notable, you will see "notable" in red next to "Known Status". \image html central_repo_content_viewer.png The user can click on any column heading to sort by the values in that column. -If the user selects a row and then right-clicks, a menu will be displayed. +If the user selects an entry in the third column and then right-clicks, a menu will be displayed. This menu has several options. --# Select All --# Export Selected Rows to CSV +-# Export All Other Occurrences to CSV -# Show Case Details -# Show Frequency -Select All +Export All Other Occurrences to CSV -This option will select all rows in the Content Viewer table. - -Export Selected Rows to CSV - -This option will save ALL SELECTED rows in the Content Viewer table to a CSV file. +This option will save every other occurrence in the Content Viewer table to a CSV file. By default, the CSV file is saved into the Export directory inside the currently open Autopsy case, but the user is free to select a different location. -Note: if you want to copy/paste rows, it is usually possible to use CTRL+C to copy the -selected rows and then CTRL+V to paste them into a file, but it will not be CSV formatted. - Show Case Details This option will open a dialog that displays all of the relevant details for the selected case. The diff --git a/docs/doxygen-user/communications.dox b/docs/doxygen-user/communications.dox index 1e89a28d8e..94b46e9d30 100644 --- a/docs/doxygen-user/communications.dox +++ b/docs/doxygen-user/communications.dox @@ -14,15 +14,38 @@ The Communications Visualization Tool is loaded through the Tools->Communication \image html cvt_main.png -From the left hand column, you can choose which devices to display, which types of data to display, and optionally select a time range. After any changes to the filters, use the Apply button to update the tables. +From the left hand column, you can choose which devices to display, which types of data to display, and optionally select a time range. You can also choose to limit the display to only the most recent communications. After any changes to the filters, use the Apply button to update the tables. -The middle column displays each account, its device and type, and the number of associated messages (emails, call logs, etc.). By default it will be sorted in descending order of frequency. +The middle column displays each account, its device and type, and the number of associated messages (emails, call logs, etc.). By default it will be sorted in descending order of frequency. The middle column and the right hand column both have a \ref ui_quick_search feature which can be used to quickly find a visible item in their section's table. -Selecting an account in the middle column will bring up the messages for that account in the right hand column. Here data about each message is displayed in the top section, and the messages itself can be seen in the bottom section (if applicable). +Selecting an account in the middle column will bring up the data for that account in the right hand column. There are four tabs that show information about the selected account. -\image html cvt_messages.png +
      +
    • The Summary tab displays counts of how many times the account has appeared in different data types in the top section. In the middle it displays the files this account was found in. If the \ref central_repo_page is enabled, the bottom section will show any other cases that contained this account. -The middle column and the right hand column both have a \ref ui_quick_search feature which can be used to quickly find a visible item in their section's table. +\image html cvt_summary_tab.png + +
    • The Messages tab displays any messages or call logs associated with the account. The Messages will either be in a thread, or listed under a node called "Unthreaded". Clicking on the "Unthreaded" node will show all the messages that are not "Threaded". Call logs will all be under a node named "Call Logs". + +\image html cvt_messages_threaded.png + +You can use the "All Messages" button at the bottom of the panel to show all messages. Clicking on a threaded message will show you all messages in that thread. You can click on an individual message to view it in the lower panel. Click the "Threads" button to return to the original screen. + +\image html cvt_message_email.png + +If the message has attachments, you can view them on the Attachments tab. If you select an attachment you can choose to open it in a new window, or you can look at it in the Thumbnails tab. + +\image html cvt_message_attach.png + +
    • The Contacts tab shows any information on this account that was found in a contacts file. + +\image html cvt_contacts.png + +
    • The Media tab shows thumbnails of any media files in messages for that account. If you click on one, it will show the message the media file came from. + +\image html cvt_media.png + +
    \section cvt_viz Visualization @@ -42,8 +65,12 @@ After selecting either option, the middle tab will switch to the Visualize view \image html cvt_visualize.png -The options at the top allow you to clear the graph, try different graph layouts, and resize the graph. The nodes in the graph can be dragged around and nodes and edges can be selected to display their messages or relationships in the right side tab. For example, in the image below the link between two email addresses has been selected so the Messages viewer is displaying the single email between those two email addresses. +The options at the top allow you to clear the graph and resize the graph. The nodes in the graph can be dragged around and nodes and edges can be selected to display their messages or relationships in the right side tab. For example, in the image below only one node has been selected so the Messages viewer is displaying only messages involving that email address. \image html cvt_links.png +If you click the "Snapshot Report" button, you can generate a report similar to the HTML \ref reporting_page "report module". Select a name for your report, which will be saved to the "Reports" folder in the current case. The Snapshot Report will contain two pages. The first will have a summary of the case, and second will contain the current graph along with your filter settings. + +\image html cvt_snapshot.png + */ \ No newline at end of file diff --git a/docs/doxygen-user/images/AutoIngest/auto_ingest_mode_setup.png b/docs/doxygen-user/images/AutoIngest/auto_ingest_mode_setup.png index e11db06246..b9875d6245 100644 Binary files a/docs/doxygen-user/images/AutoIngest/auto_ingest_mode_setup.png and b/docs/doxygen-user/images/AutoIngest/auto_ingest_mode_setup.png differ diff --git a/docs/doxygen-user/images/AutoIngest/test_button_failure.png b/docs/doxygen-user/images/AutoIngest/test_button_failure.png new file mode 100644 index 0000000000..b4410d8df1 Binary files /dev/null and b/docs/doxygen-user/images/AutoIngest/test_button_failure.png differ diff --git a/docs/doxygen-user/images/central_repo_content_viewer.png b/docs/doxygen-user/images/central_repo_content_viewer.png index 7c0a137a86..55ef8e2398 100644 Binary files a/docs/doxygen-user/images/central_repo_content_viewer.png and b/docs/doxygen-user/images/central_repo_content_viewer.png differ diff --git a/docs/doxygen-user/images/cvt_contacts.png b/docs/doxygen-user/images/cvt_contacts.png new file mode 100644 index 0000000000..d085873a16 Binary files /dev/null and b/docs/doxygen-user/images/cvt_contacts.png differ diff --git a/docs/doxygen-user/images/cvt_links.png b/docs/doxygen-user/images/cvt_links.png index 1aa4db9033..5765d5c087 100644 Binary files a/docs/doxygen-user/images/cvt_links.png and b/docs/doxygen-user/images/cvt_links.png differ diff --git a/docs/doxygen-user/images/cvt_main.png b/docs/doxygen-user/images/cvt_main.png index be2c390f66..56d565bab3 100644 Binary files a/docs/doxygen-user/images/cvt_main.png and b/docs/doxygen-user/images/cvt_main.png differ diff --git a/docs/doxygen-user/images/cvt_media.png b/docs/doxygen-user/images/cvt_media.png new file mode 100644 index 0000000000..5fbc03d785 Binary files /dev/null and b/docs/doxygen-user/images/cvt_media.png differ diff --git a/docs/doxygen-user/images/cvt_message_attach.png b/docs/doxygen-user/images/cvt_message_attach.png new file mode 100644 index 0000000000..3eee863ba2 Binary files /dev/null and b/docs/doxygen-user/images/cvt_message_attach.png differ diff --git a/docs/doxygen-user/images/cvt_message_email.png b/docs/doxygen-user/images/cvt_message_email.png new file mode 100644 index 0000000000..335a90013b Binary files /dev/null and b/docs/doxygen-user/images/cvt_message_email.png differ diff --git a/docs/doxygen-user/images/cvt_messages.png b/docs/doxygen-user/images/cvt_messages.png deleted file mode 100644 index 956e8a87c6..0000000000 Binary files a/docs/doxygen-user/images/cvt_messages.png and /dev/null differ diff --git a/docs/doxygen-user/images/cvt_messages_threaded.png b/docs/doxygen-user/images/cvt_messages_threaded.png new file mode 100644 index 0000000000..4399f8d3a6 Binary files /dev/null and b/docs/doxygen-user/images/cvt_messages_threaded.png differ diff --git a/docs/doxygen-user/images/cvt_select_account.png b/docs/doxygen-user/images/cvt_select_account.png index 3a0874e081..f12d8df325 100644 Binary files a/docs/doxygen-user/images/cvt_select_account.png and b/docs/doxygen-user/images/cvt_select_account.png differ diff --git a/docs/doxygen-user/images/cvt_snapshot.png b/docs/doxygen-user/images/cvt_snapshot.png new file mode 100644 index 0000000000..82dae4e80e Binary files /dev/null and b/docs/doxygen-user/images/cvt_snapshot.png differ diff --git a/docs/doxygen-user/images/cvt_summary_tab.png b/docs/doxygen-user/images/cvt_summary_tab.png new file mode 100644 index 0000000000..c5e634c8a0 Binary files /dev/null and b/docs/doxygen-user/images/cvt_summary_tab.png differ diff --git a/docs/doxygen-user/images/cvt_visualize.png b/docs/doxygen-user/images/cvt_visualize.png index e5d56950b5..a7301abaee 100644 Binary files a/docs/doxygen-user/images/cvt_visualize.png and b/docs/doxygen-user/images/cvt_visualize.png differ diff --git a/docs/doxygen-user/images/portable_case_report_panel.png b/docs/doxygen-user/images/portable_case_report_panel.png index 9b46e610c4..e0a8a00513 100644 Binary files a/docs/doxygen-user/images/portable_case_report_panel.png and b/docs/doxygen-user/images/portable_case_report_panel.png differ diff --git a/docs/doxygen-user/images/view_options_options_panel.png b/docs/doxygen-user/images/view_options_options_panel.png index 3a917e166e..40b5f6cf8a 100644 Binary files a/docs/doxygen-user/images/view_options_options_panel.png and b/docs/doxygen-user/images/view_options_options_panel.png differ diff --git a/docs/doxygen-user/result_viewer.dox b/docs/doxygen-user/result_viewer.dox index b5b349682b..fae9ebb360 100644 --- a/docs/doxygen-user/result_viewer.dox +++ b/docs/doxygen-user/result_viewer.dox @@ -29,7 +29,7 @@ These columns display the following information:
  • (O)ther occurrences column - indicates how many data sources in the Central Repository contain this item. The count will include the selected item. -To display more information about why an icon has appeared, you can hover over it. The Comment and Other occurrences columns query the Central Repository. If this seems to be having a performance impact, it can be disabled through the \ref view_options_page. This will remove the Other occurrences column entirely and the Comment column will be based only on tags. +To display more information about why an icon has appeared, you can hover over it. These columns query the Central Repository as well as the case database. If this seems to be having a performance impact, you can disable them through the \ref view_options_page. This will remove the Other occurrences column entirely, the Comment column will be based only on tags, and the Score column will no longer be able to reflect Notable items. \subsection export_csv Exporting to CSV diff --git a/docs/doxygen-user/view_options.dox b/docs/doxygen-user/view_options.dox index 4516a035ef..14e14d76a4 100644 --- a/docs/doxygen-user/view_options.dox +++ b/docs/doxygen-user/view_options.dox @@ -35,9 +35,9 @@ Similarly, the option to hide slack in the views area will prevent slack files f This option allows you to hide tags from other users in the Tagging section of the tree. See \ref user_tags for more details. -\subsection view_options_cr_columns Do not use the Central Repository to populate columns +\subsection view_options_cr_columns Do not add columns for S(core), C(omments) and (O)ccurrences -By default, the first three columns in the result viewer after the file name in the results viewer are named "S", "C" and "O". These are described in more detail on the \ref result_viewer_page page. The Comment and Other occurrences columns query the Central Repository. If this seems to be having a performance impact, it can be disabled using the checkbox. This will remove the Other occurrences column entirely and the Comment column will be based only on tags. +By default, the first three columns in the result viewer after the file name in the results viewer are named "S", "C" and "O". Populating these columns can increase loading times. See the \ref result_viewer_sco section for additional information. \subsection view_options_paging Paging diff --git a/nbproject/project.properties b/nbproject/project.properties index 0014be6b88..5d59189544 100644 --- a/nbproject/project.properties +++ b/nbproject/project.properties @@ -6,8 +6,8 @@ app.name=${branding.token} ### if left unset, version will default to today's date app.version=4.12.0 ### build.type must be one of: DEVELOPMENT, RELEASE -build.type=RELEASE -#build.type=DEVELOPMENT +#build.type=RELEASE +build.type=DEVELOPMENT project.org.netbeans.progress=org-netbeans-api-progress project.org.sleuthkit.autopsy.experimental=Experimental