mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-19 11:07:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated FileManager API methods to take an Image as argument so that only

Browse Source 
files for that image is returned. These changes in support of AUT-613.
This commit is contained in:
Tim McIver 2012-11-29 16:37:37 -05:00
parent 0949fb13d1
commit f43d072bcf
6 changed files with 31 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Core/src/org/sleuthkit/autopsy/casemodule/services/FileManager.java
View File

@ -9,6 +9,7 @@ import java.io.IOException;
import java.util.Collections;
import java.util.List;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
@ -28,11 +29,11 @@ public class FileManager implements Closeable {
* @return a list of FsContent for files/directories whose name matches the
* given fileName
*/
public List<FsContent> findFiles(String fileName) throws TskCoreException {
public List<FsContent> findFiles(Image image, String fileName) throws TskCoreException {
if (tskCase == null) {
throw new TskCoreException("Attemtped to use FileManager after it was closed.");
}
return tskCase.findFiles(fileName);
return tskCase.findFiles(image, fileName);
}
/**
@ -41,11 +42,11 @@ public class FileManager implements Closeable {
* @return a list of FsContent for files/directories whose name matches
* fileName and whose parent directory contains dirName.
*/
public List<FsContent> findFiles(String fileName, String dirName) throws TskCoreException {
public List<FsContent> findFiles(Image image, String fileName, String dirName) throws TskCoreException {
if (tskCase == null) {
throw new TskCoreException("Attemtped to use FileManager after it was closed.");
}
return tskCase.findFiles(fileName, dirName);
return tskCase.findFiles(image, fileName, dirName);
}
/**
@ -54,11 +55,11 @@ public class FileManager implements Closeable {
* @return a list of FsContent for files/directories whose name matches
* fileName and that were inside a directory described by parentFsContent.
*/
public List<FsContent> findFiles(String fileName, FsContent parentFsContent) throws TskCoreException {
public List<FsContent> findFiles(Image image, String fileName, FsContent parentFsContent) throws TskCoreException {
if (tskCase == null) {
throw new TskCoreException("Attemtped to use FileManager after it was closed.");
}
return findFiles(fileName, parentFsContent.getName());
return findFiles(image, fileName, parentFsContent.getName());
}
/**
@ -66,11 +67,11 @@ public class FileManager implements Closeable {
* optionally include the image and volume names.
* @return a list of FsContent that have the given file path.
*/
public List<FsContent> openFiles(String filePath) throws TskCoreException {
public List<FsContent> openFiles(Image image, String filePath) throws TskCoreException {
if (tskCase == null) {
throw new TskCoreException("Attemtped to use FileManager after it was closed.");
}
return tskCase.openFiles(filePath);
return tskCase.openFiles(image, filePath);
}
@Override

12
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -102,7 +102,7 @@ public class Chrome extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> historyFiles = null;
try {
historyFiles = fileManager.findFiles("History", "Chrome");
historyFiles = fileManager.findFiles(image, "History", "Chrome");
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
}
@ -156,7 +156,7 @@ public class Chrome extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> bookmarkFiles = null;
try {
bookmarkFiles = fileManager.findFiles("Bookmarks", "Chrome");
bookmarkFiles = fileManager.findFiles(image, "Bookmarks", "Chrome");
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
}
@ -229,7 +229,7 @@ public class Chrome extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> cookiesFiles = null;
try {
cookiesFiles = fileManager.findFiles("Cookies", "Chrome");
cookiesFiles = fileManager.findFiles(image, "Cookies", "Chrome");
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
}
@ -288,7 +288,7 @@ public class Chrome extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> historyFiles = null;
try {
historyFiles = fileManager.findFiles("History", "Chrome");
historyFiles = fileManager.findFiles(image, "History", "Chrome");
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
}
@ -315,7 +315,7 @@ public class Chrome extends Extract implements IngestModuleImage {
for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", (result.get("full_path").toString())));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "Recent Activity", Util.findID((result.get("full_path").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "Recent Activity", Util.findID(image, (result.get("full_path").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
Long time = (Long.valueOf(result.get("start_time").toString()));
@ -348,7 +348,7 @@ public class Chrome extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> signonFiles = null;
try {
signonFiles = fileManager.findFiles("signons.sqlite", "Chrome");
signonFiles = fileManager.findFiles(image, "signons.sqlite", "Chrome");
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
}

10
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -133,7 +133,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> favoritesFiles = null;
try {
favoritesFiles = fileManager.findFiles("%.url", "Favorites");
favoritesFiles = fileManager.findFiles(image, "%.url", "Favorites");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
}
@ -189,7 +189,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> cookiesFiles = null;
try {
cookiesFiles = fileManager.findFiles("%.txt", "Cookies");
cookiesFiles = fileManager.findFiles(image, "%.txt", "Cookies");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
}
@ -244,7 +244,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> recentFiles = null;
try {
recentFiles = fileManager.findFiles("%.lnk", "Recent");
recentFiles = fileManager.findFiles(image, "%.lnk", "Recent");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
}
@ -261,7 +261,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", path));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", Util.getFileName(path)));
long id = Util.findID(path);
long id = Util.findID(image, path);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", id));
//TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Date Created", datetime));
@ -327,7 +327,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> indexFiles = null;
try {
indexFiles = fileManager.findFiles("index.dat");
indexFiles = fileManager.findFiles(image, "index.dat");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
}

18
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -111,7 +111,7 @@ public class ExtractRegistry extends Extract implements IngestModuleImage {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> allRegistryFiles = new ArrayList<FsContent>();
try {
allRegistryFiles.addAll(fileManager.findFiles("ntuser.dat"));
allRegistryFiles.addAll(fileManager.findFiles(image, "ntuser.dat"));
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'ntuser.dat' file.");
}
@ -121,26 +121,14 @@ public class ExtractRegistry extends Extract implements IngestModuleImage {
String[] regFileNames = new String[] {"system", "software", "security", "sam", "default"};
for (String regFileName : regFileNames) {
try {
allRegistryFiles.addAll(fileManager.findFiles(regFileName, "%/system32/config%"));
allRegistryFiles.addAll(fileManager.findFiles(image, regFileName, "%/system32/config%"));
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching registry file: " + regFileName);
}
}
// filter out those registry files that are not from this image
List<FsContent> regFiles = new ArrayList<FsContent>();
for (FsContent regFile : allRegistryFiles) {
try {
if (regFile.getImage().equals(image)) {
regFiles.add(regFile);
}
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error when trying to get image from FsContent object.");
}
}
int j = 0;
for (FsContent regFile : regFiles) {
for (FsContent regFile : allRegistryFiles) {
String regFileName = regFile.getName();
String temps = currentCase.getTempDirectory() + "\\" + regFileName;
try {

10
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -98,7 +98,7 @@ public class Firefox extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> historyFiles = null;
try {
historyFiles = fileManager.findFiles("%places.sqlite%", "Firefox");
historyFiles = fileManager.findFiles(image, "%places.sqlite%", "Firefox");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching internet history files for Firefox.");
}
@ -154,7 +154,7 @@ public class Firefox extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> bookmarkFiles = null;
try {
bookmarkFiles = fileManager.findFiles("%places.sqlite%", "Firefox");
bookmarkFiles = fileManager.findFiles(image, "%places.sqlite%", "Firefox");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching bookmark files for Firefox.");
}
@ -209,7 +209,7 @@ public class Firefox extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> cookiesFiles = null;
try {
cookiesFiles = fileManager.findFiles("%cookies.sqlite%", "Firefox");
cookiesFiles = fileManager.findFiles(image, "%cookies.sqlite%", "Firefox");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching cookies files for Firefox.");
}
@ -287,7 +287,7 @@ public class Firefox extends Extract implements IngestModuleImage {
FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> downloadsFiles = null;
try {
downloadsFiles = fileManager.findFiles("%cookies.sqlite%", "Firefox");
downloadsFiles = fileManager.findFiles(image, "%cookies.sqlite%", "Firefox");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'downloads' files for Firefox.");
}
@ -324,7 +324,7 @@ public class Firefox extends Extract implements IngestModuleImage {
//TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("startTime").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", Util.findID(urldecodedtarget)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", Util.findID(image, urldecodedtarget)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", urldecodedtarget));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : ""))));

9
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -31,22 +31,19 @@ import java.nio.MappedByteBuffer;
import java.nio.channels.FileChannel;
import java.nio.charset.Charset;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
import java.util.StringTokenizer;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
//import org.apache.commons.lang.NullArgumentException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.autopsy.report.SQLiteDBConnect;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.TskCoreException;
/**
@ -190,7 +187,7 @@ public class Util {
return path;
}
public static long findID(String path) {
public static long findID(Image image, String path) {
String parent_path = path.replace('\\', '/'); // fix Chrome paths
if (parent_path.length() > 2 && parent_path.charAt(1) == ':') {
parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:')
@ -203,7 +200,7 @@ public class Util {
FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
List<FsContent> files = null;
try {
files = fileManager.findFiles(name, parent_path);
files = fileManager.findFiles(image, name, parent_path);
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
}