mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-20 11:26:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #333 from jawallace/miscBugFixes

Browse Source 
Misc bug fixes
This commit is contained in:
Brian Carrier 2013-10-31 11:21:45 -07:00
commit f47a071c65
11 changed files with 207 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Core/src/org/sleuthkit/autopsy/corecomponents/DataResultPanel.java
View File

@ -607,8 +607,10 @@ public class DataResultPanel extends javax.swing.JPanel implements DataResult, C
* Set number of matches to be displayed in the top right
* @param numMatches
*/
public void setNumMatches(int numMatches) {
this.numberMatchLabel.setText(Integer.toString(numMatches));
public void setNumMatches(Integer numMatches) {
if (this.numberMatchLabel != null) {
this.numberMatchLabel.setText(Integer.toString(numMatches));
}
}
private class DummyNodeListener implements NodeListener {
@ -625,12 +627,7 @@ public class DataResultPanel extends javax.swing.JPanel implements DataResult, C
if (load && containsReal(delta)) {
load = false;
setupTabs(nme.getNode());
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
numberMatchLabel.setText(Integer.toString(rootNode.getChildren().getNodesCount()));
}
});
updateMatches();
}
}
@ -642,9 +639,25 @@ public class DataResultPanel extends javax.swing.JPanel implements DataResult, C
}
return false;
}
/**
* Updates the Number of Matches label on the DataResultPanel.
*
*/
private void updateMatches() {
SwingUtilities.invokeLater(new Runnable() {
@Override
public void run() {
if (rootNode != null && rootNode.getChildren() != null) {
setNumMatches(rootNode.getChildren().getNodesCount());
}
}
});
}
@Override
public void childrenRemoved(NodeMemberEvent nme) {
updateMatches();
}
@Override

10
Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java
View File

@ -292,7 +292,11 @@ public class DataResultViewerTable extends AbstractDataResultViewer {
final OutlineView ov = ((OutlineView) DataResultViewerTable.this.tableScrollPanel);
if (ov == null) {
return;
}
propertiesAcc.clear();
DataResultViewerTable.this.getAllChildPropertyHeadersRec(root, 100);
@ -339,7 +343,9 @@ public class DataResultViewerTable extends AbstractDataResultViewer {
//int scrollWidth = ttv.getWidth();
int margin = 4;
int startColumn = 1;
ov.getOutline().setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
if (props.size() > 0) {
ov.getOutline().setAutoResizeMode(JTable.AUTO_RESIZE_OFF);
}

1
Core/src/org/sleuthkit/autopsy/corecomponents/FXVideoPanel.java
View File

@ -404,6 +404,7 @@ public class FXVideoPanel extends MediaViewVideoPanel {
*/
public void reset() {
if (mediaPlayer != null) {
setInfoLabelText("");
if (mediaPlayer.getStatus() == Status.PLAYING) {
mediaPlayer.stop();
}

29
Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java
View File

@ -32,11 +32,14 @@ import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children;
import org.openide.nodes.Node;
import org.openide.nodes.Sheet;
import org.openide.util.Exceptions;
import org.openide.util.lookup.Lookups;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskException;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.TskCoreException;
/**
* Keyword hits node support
@ -326,7 +329,7 @@ public class KeywordHits implements AutopsyVisitableItem {
ss.put(new NodeProperty("List Name",
"List Name",
"no description",
name));
getDisplayName()));
ss.put(new NodeProperty("Files with Hits",
@ -364,7 +367,29 @@ public class KeywordHits implements AutopsyVisitableItem {
@Override
protected Node createNodeForKey(BlackboardArtifact artifact) {
return new BlackboardArtifactNode(artifact);
BlackboardArtifactNode n = new BlackboardArtifactNode(artifact);
AbstractFile file;
try {
file = artifact.getSleuthkitCase().getAbstractFileById(artifact.getObjectID());
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "TskCoreException while constructing BlackboardArtifact Node from KeywordHitsKeywordChildren");
return n;
}
n.addNodeProperty(new NodeProperty("ModifiedTime",
"Modified Time",
"Modified Time",
ContentUtils.getStringTime(file.getMtime(), file)));
n.addNodeProperty(new NodeProperty("AccessTime",
"Access Time",
"Access Time",
ContentUtils.getStringTime(file.getAtime(), file)));
n.addNodeProperty(new NodeProperty("ChangeTime",
"Change Time",
"Change Time",
ContentUtils.getStringTime(file.getCtime(), file)));
return n;
}
}
}

19
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
View File

@ -67,22 +67,6 @@ class KeywordSearchFilterNode extends FilterNode {
return snippet;
}
Property<String> getSnippetProperty() {
Property<String> prop = new PropertySupport.ReadOnly<String>("snippet",
String.class, "Context", "Snippet of matching content.") {
@Override
public String getValue() {
return getSnippet();
}
};
prop.setValue("suppressCustomEditor", Boolean.TRUE); // remove the "..." (editing) button
return prop;
}
@Override
public Node.PropertySet[] getPropertySets() {
Node.PropertySet[] propertySets = super.getPropertySets();
@ -100,9 +84,6 @@ class KeywordSearchFilterNode extends FilterNode {
int j = 0;
for (Property<?> p : oldProperties) {
if (j++ == 1) {
newPs.put(getSnippetProperty());
}
newPs.put(p);
}

8
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java
View File

@ -79,13 +79,6 @@ public class KeywordSearchResultFactory extends ChildFactory<KeyValueQuery> {
return BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getDisplayName();
}
},
MATCH {
@Override
public String toString() {
return "File Name";
}
},
CONTEXT {
@Override
@ -268,7 +261,6 @@ public class KeywordSearchResultFactory extends ChildFactory<KeyValueQuery> {
final int previewChunk = hitContents.get(f);
//get unique match result files
Map<String, Object> resMap = new LinkedHashMap<>();
setCommonProperty(resMap, CommonPropertyTypes.MATCH, f.getName());
try {
String snippet;

48
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -82,7 +82,7 @@ public class Chrome extends Extract {
@Override
public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
historyFound = true;
dataFound = false;
this.getHistory(dataSource, controller);
this.getBookmark(dataSource, controller);
this.getCookie(dataSource, controller);
@ -105,7 +105,6 @@ public class Chrome extends Extract {
String msg = "Error when trying to get Chrome history files.";
logger.log(Level.SEVERE, msg, ex);
this.addErrorMessage(this.getName() + ": " + msg);
historyFound = false;
return;
}
@ -121,11 +120,10 @@ public class Chrome extends Extract {
if (allocatedHistoryFiles.isEmpty()) {
String msg = "Could not find any allocated Chrome history files.";
logger.log(Level.INFO, msg);
addErrorMessage(getName() + ": " + msg);
historyFound = false;
return;
}
dataFound = true;
int j = 0;
while (j < historyFiles.size()) {
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFiles.get(j).getName().toString() + j + ".db";
@ -187,6 +185,12 @@ public class Chrome extends Extract {
return;
}
if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome bookmark files.");
return;
}
dataFound = true;
int j = 0;
while (j < bookmarkFiles.size()) {
@ -306,6 +310,12 @@ public class Chrome extends Extract {
return;
}
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome cookies files.");
return;
}
dataFound = true;
int j = 0;
while (j < cookiesFiles.size()) {
AbstractFile cookiesFile = cookiesFiles.get(j++);
@ -355,9 +365,9 @@ public class Chrome extends Extract {
private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> historyFiles = null;
List<AbstractFile> downloadFiles = null;
try {
historyFiles = fileManager.findFiles(dataSource, "History", "Chrome");
downloadFiles = fileManager.findFiles(dataSource, "History", "Chrome");
} catch (TskCoreException ex) {
String msg = "Error when trying to get Chrome history files.";
logger.log(Level.SEVERE, msg, ex);
@ -365,18 +375,24 @@ public class Chrome extends Extract {
return;
}
if (downloadFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome download files.");
return;
}
dataFound = true;
int j = 0;
while (j < historyFiles.size()) {
AbstractFile historyFile = historyFiles.get(j++);
if (historyFile.getSize() == 0) {
while (j < downloadFiles.size()) {
AbstractFile downloadFile = downloadFiles.get(j++);
if (downloadFile.getSize() == 0) {
continue;
}
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + historyFile.getName().toString() + j + ".db";
String temps = RAImageIngestModule.getRATempPath(currentCase, "chrome") + File.separator + downloadFile.getName().toString() + j + ".db";
try {
ContentUtils.writeToFile(historyFile, new File(temps));
ContentUtils.writeToFile(downloadFile, new File(temps));
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing temp sqlite db for Chrome download artifacts.{0}", ex);
this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + historyFile.getName());
this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + downloadFile.getName());
continue;
}
File dbFile = new File(temps);
@ -409,7 +425,7 @@ public class Chrome extends Extract {
String domain = Util.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", domain));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "Recent Activity", "Chrome"));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, historyFile, bbattributes);
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadFile, bbattributes);
}
dbFile.delete();
@ -436,6 +452,12 @@ public class Chrome extends Extract {
return;
}
if (signonFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Chrome signon files.");
return;
}
dataFound = true;
int j = 0;
while (j < signonFiles.size()) {
AbstractFile signonFile = signonFiles.get(j++);

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -40,11 +40,11 @@ abstract public class Extract extends IngestModuleDataSource{
public final Logger logger = Logger.getLogger(this.getClass().getName());
protected final ArrayList<String> errorMessages = new ArrayList<>();
protected String moduleName = "";
protected boolean historyFound = false;
protected boolean dataFound = false;
//hide public constructor to prevent from instantiation by ingest module loader
Extract() {
historyFound = true;
dataFound = false;
}
/**
@ -145,7 +145,7 @@ abstract public class Extract extends IngestModuleDataSource{
return moduleName;
}
public boolean foundHistory() {
return historyFound;
public boolean foundData() {
return dataFound;
}
}

25
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -93,7 +93,7 @@ public class ExtractIE extends Extract {
@Override
public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
historyFound = true;
dataFound = false;
this.getBookmark(dataSource, controller);
this.getCookie(dataSource, controller);
this.getRecentDocuments(dataSource, controller);
@ -116,6 +116,12 @@ public class ExtractIE extends Extract {
return;
}
if (favoritesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE bookmark files.");
return;
}
dataFound = true;
for (AbstractFile favoritesFile : favoritesFiles) {
if (favoritesFile.getSize() == 0) {
continue;
@ -171,11 +177,17 @@ public class ExtractIE extends Extract {
try {
cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies");
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error finding cookie files for IE");
logger.log(Level.WARNING, "Error getting cookie files for IE");
this.addErrorMessage(this.getName() + ": " + "Error getting Internet Explorer cookie files.");
return;
}
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE cookies files.");
return;
}
dataFound = true;
for (AbstractFile cookiesFile : cookiesFiles) {
if (controller.isCancelled()) {
break;
@ -231,6 +243,12 @@ public class ExtractIE extends Extract {
return;
}
if (recentFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any IE recent files.");
return;
}
dataFound = true;
for (AbstractFile recentFile : recentFiles) {
if (controller.isCancelled()) {
break;
@ -303,11 +321,10 @@ public class ExtractIE extends Extract {
if (indexFiles.isEmpty()) {
String msg = "No InternetExplorer history files found.";
logger.log(Level.INFO, msg);
addErrorMessage(getName() + ": " + msg);
historyFound = false;
return;
}
dataFound = true;
String temps;
String indexFileName;
for (AbstractFile indexFile : indexFiles) {

128
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -75,7 +75,7 @@ public class Firefox extends Extract {
@Override
public void process(PipelineContext<IngestModuleDataSource> pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
historyFound = true;
dataFound = false;
this.getHistory(dataSource, controller);
this.getBookmark(dataSource, controller);
this.getDownload(dataSource, controller);
@ -95,18 +95,17 @@ public class Firefox extends Extract {
String msg = "Error fetching internet history files for Firefox.";
logger.log(Level.WARNING, msg);
this.addErrorMessage(this.getName() + ": " + msg);
historyFound = false;
return;
}
if (historyFiles.isEmpty()) {
String msg = "No FireFox history files found.";
logger.log(Level.INFO, msg);
addErrorMessage(getName() + ": " + msg);
historyFound = false;
return;
}
dataFound = true;
int j = 0;
for (AbstractFile historyFile : historyFiles) {
if (historyFile.getSize() == 0) {
@ -168,6 +167,13 @@ public class Firefox extends Extract {
return;
}
if (bookmarkFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any firefox bookmark files.");
return;
}
dataFound = true;
int j = 0;
for (AbstractFile bookmarkFile : bookmarkFiles) {
if (bookmarkFile.getSize() == 0) {
@ -224,6 +230,12 @@ public class Firefox extends Extract {
return;
}
if (cookiesFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any Firefox cookie files.");
return;
}
dataFound = true;
int j = 0;
for (AbstractFile cookiesFile : cookiesFiles) {
if (cookiesFile.getSize() == 0) {
@ -276,9 +288,44 @@ public class Firefox extends Extract {
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
}
private void getDownloadPreVersion24(Content dataSource, IngestDataSourceWorkerController controller, List<AbstractFile> downloadsFiles) {
/**
* Queries for downloads files and adds artifacts
* @param dataSource
* @param controller
*/
private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
getDownloadPreVersion24(dataSource, controller);
getDownloadVersion24(dataSource, controller);
}
/**
* Finds downloads artifacts from Firefox data from versions before 24.0.
*
* Downloads were stored in a separate downloads database.
*
* @param dataSource
* @param controller
*/
private void getDownloadPreVersion24(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadsFiles = null;
try {
downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox");
} catch (TskCoreException ex) {
String msg = "Error fetching 'downloads' files for Firefox.";
logger.log(Level.WARNING, msg);
this.addErrorMessage(this.getName() + ": " + msg);
return;
}
if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any pre-version-24.0 Firefox download files.");
return;
}
dataFound = true;
int j = 0;
for (AbstractFile downloadsFile : downloadsFiles) {
if (downloadsFile.getSize() == 0) {
@ -336,18 +383,20 @@ public class Firefox extends Extract {
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
}
/**
* Queries for downloads files and adds artifacts
* Gets download artifacts from Firefox data from version 24.
*
* Downloads are stored in the places database.
*
* @param dataSource
* @param controller
*/
private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
private void getDownloadVersion24(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> downloadsFiles = null;
List<AbstractFile> placesFiles = null;
try {
downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox");
placesFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
downloadsFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
} catch (TskCoreException ex) {
String msg = "Error fetching 'downloads' files for Firefox.";
logger.log(Level.WARNING, msg);
@ -355,34 +404,12 @@ public class Firefox extends Extract {
return;
}
getDownloadPreVersion24(dataSource, controller, downloadsFiles);
getDownloadVersion24(dataSource, controller, placesFiles);
}
@Override
public void init(IngestModuleInit initContext) {
services = IngestServices.getDefault();
}
@Override
public void complete() {
}
@Override
public void stop() {
}
@Override
public String getDescription() {
return "Extracts activity from the Mozilla FireFox browser.";
}
@Override
public boolean hasBackgroundJobsRunning() {
return false;
}
private void getDownloadVersion24(Content dataSource, IngestDataSourceWorkerController controller, List<AbstractFile> downloadsFiles) {
if (downloadsFiles.isEmpty()) {
logger.log(Level.INFO, "Didn't find any version-24.0 Firefox download files.");
return;
}
dataFound = true;
int j = 0;
for (AbstractFile downloadsFile : downloadsFiles) {
if (downloadsFile.getSize() == 0) {
@ -432,4 +459,27 @@ public class Firefox extends Extract {
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
}
@Override
public void init(IngestModuleInit initContext) {
services = IngestServices.getDefault();
}
@Override
public void complete() {
}
@Override
public void stop() {
}
@Override
public String getDescription() {
return "Extracts activity from the Mozilla FireFox browser.";
}
@Override
public boolean hasBackgroundJobsRunning() {
return false;
}
}

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -113,7 +113,7 @@ public final class RAImageIngestModule extends IngestModuleDataSource {
historyMsg.append("<p>Browser Data on ").append(dataSource.getName()).append(":<ul>\n");
for (Extract module : browserModules) {
historyMsg.append("<li>").append(module.getName());
historyMsg.append(": ").append((module.foundHistory()) ? " Found." : " Not Found.");
historyMsg.append(": ").append((module.foundData()) ? " Found." : " Not Found.");
historyMsg.append("</li>");
}
historyMsg.append("</ul>");