mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 02:07:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleaned up web downloads and it's associated html format

Browse Source 
Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
This commit is contained in:
Alex Ebadirad 2012-03-21 12:46:50 -07:00
parent 6197700737
commit fa8ff3365a
3 changed files with 198 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -31,6 +31,8 @@ public class Chrome {
+ "datetime(urls.last_visit_time/1000000-11644473600,'unixepoch','localtime') as last_visit_time, urls.hidden, visits.visit_time, visits.from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url";
public static final String chcookiequery = "select name, value, host, expires_utc, datetime(last_access_utc/1000000-11644473600,'unixepoch','localtime') as last_access_utc, creation_utc from cookies";
public static final String chbookmarkquery = "SELECT starred.title, urls.url, starred.date_added, starred.date_modified, urls.typed_count, datetime(urls.last_visit_time/1000000-11644473600,'unixepoch','localtime') as urls._last_visit_time FROM starred INNER JOIN urls ON urls.id = starred.url_id";
public static final String chdownloadquery = "select full_path, url, start_time, received_bytes from `downloads`";
public static final String chloginquery = "select origin_url, username_value, signon_realm from `logins`";
private final Logger logger = Logger.getLogger(this.getClass().getName());
public int ChromeCount = 0;
@ -229,5 +231,129 @@ public class Chrome {
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Downloads section
// This gets the downloads info
try
{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb;
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and parent_path LIKE '%Chrome%' and fs_obj_id = '" + image + "'");
FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close();
rs.getStatement().close();
int j = 0;
while (j < FFSqlitedb.size())
{
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps;
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
File dbFile = new File(temps);
if (controller.isCancelled() ) {
dbFile.delete();
break;
}
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(chdownloadquery);
while(temprs.next())
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("start_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : "")));
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
tempdbconnect.closeConnection();
temprs.close();
}
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
j++;
dbFile.delete();
}
}
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
}
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Login/Password section
// This gets the user info
try
{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb;
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and parent_path LIKE '%Chrome%' and fs_obj_id = '" + image + "'");
FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close();
rs.getStatement().close();
int j = 0;
while (j < FFSqlitedb.size())
{
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps;
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
File dbFile = new File(temps);
if (controller.isCancelled() ) {
dbFile.delete();
break;
}
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(chloginquery);
while(temprs.next())
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("start_time")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity","", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
tempdbconnect.closeConnection();
temprs.close();
}
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
j++;
dbFile.delete();
}
}
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex);
}
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
}
}

64
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -31,6 +31,7 @@ public class Firefox {
private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,datetime(moz_historyvisits.visit_date/1000000,'unixepoch','localtime') as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String ffcookiequery = "SELECT name,value,host,expiry,datetime(moz_cookies.lastAccessed/1000000,'unixepoch','localtime') as lastAccessed,creationTime FROM moz_cookies";
private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id";
private static final String ffdownloadquery = "select target, source, startTime, maxBytes from `moz_downloads`";
public Logger logger = Logger.getLogger(this.getClass().getName());
@ -193,6 +194,69 @@ public class Firefox {
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
//Downloads section
// This gets the downloads info
try
{
Case currentCase = Case.getCurrentCase(); // get the most updated case
SleuthkitCase tempDb = currentCase.getSleuthkitCase();
List<FsContent> FFSqlitedb;
ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and parent_path LIKE '%Firefox%' and fs_obj_id = '" + image + "'");
FFSqlitedb = tempDb.resultSetToFsContents(rs);
rs.close();
rs.getStatement().close();
int j = 0;
while (j < FFSqlitedb.size())
{
String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db";
String connectionString = "jdbc:sqlite:" + temps;
ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"));
File dbFile = new File(temps);
if (controller.isCancelled() ) {
dbFile.delete();
break;
}
try
{
dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString);
ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery);
while(temprs.next())
{
BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("startTime")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("source") != null) ? temprs.getString("source") : "")));
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("target")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome"));
bbart.addAttributes(bbattributes);
}
tempdbconnect.closeConnection();
temprs.close();
}
catch (Exception ex)
{
logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex);
}
j++;
dbFile.delete();
}
}
catch (SQLException ex)
{
logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex);
}
catch(IOException ioex)
{
logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex);
}
}
}
//@Override

15
Report/src/org/sleuthkit/autopsy/report/reportHTML.java
View File

@ -134,7 +134,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
StringBuilder nodeWebBookmark = new StringBuilder("<h3>Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebCookie = new StringBuilder("<h3>Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebHistory = new StringBuilder("<h3>Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
StringBuilder nodeRecentObjects = new StringBuilder("<h3>Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Name</th><th>Path</th></tr></thead><tbody>");
StringBuilder nodeTrackPoint = new StringBuilder("<h3>Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
@ -175,14 +175,14 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
nodeGen.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 2){
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebBookmark.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 3){
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
artifact.append("<td>").append(attributes.get(6)).append("</td>");
@ -191,7 +191,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
nodeWebCookie.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 4){
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(32)).append("</td>");
artifact.append("<td>").append(attributes.get(3)).append("</td>");
@ -200,9 +200,10 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
nodeWebHistory.append(artifact);
}
if(entry.getKey().getArtifactTypeID() == 5){
artifact.append("<tr><td>").append(objId.toString());
artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
artifact.append("<td>").append(filesize.toString()).append("</td>");
artifact.append("<tr><td>").append(attributes.get(8)).append("</td>");
artifact.append("<td>").append(attributes.get(1)).append("</td>");
artifact.append("<td>").append(attributes.get(2)).append("</td>");
artifact.append("<td>").append(attributes.get(4)).append("</td>");
artifact.append("</tr>");
nodeWebDownload.append(artifact);
}