mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-18 18:47:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into 1379-drone-DAT-ingest-module

Browse Source
This commit is contained in:
Kelly Kelly 2020-01-10 10:39:07 -05:00
commit fe04b10b24
121 changed files with 795 additions and 440 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/manifest.mf
View File

@ -2,7 +2,7 @@ Manifest-Version: 1.0
OpenIDE-Module: org.sleuthkit.autopsy.core/10
OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/core/Bundle.properties
OpenIDE-Module-Layer: org/sleuthkit/autopsy/core/layer.xml
OpenIDE-Module-Implementation-Version: 29
OpenIDE-Module-Implementation-Version: 30
OpenIDE-Module-Requires: org.openide.windows.WindowManager
AutoUpdate-Show-In-Client: true
AutoUpdate-Essential-Module: true

2
Core/nbproject/project.properties
View File

@ -128,5 +128,5 @@ nbm.homepage=http://www.sleuthkit.org/
nbm.module.author=Brian Carrier
nbm.needs.restart=true
source.reference.curator-recipes-2.8.0.jar=release/modules/ext/curator-recipes-2.8.0-sources.jar
spec.version.base=10.17
spec.version.base=10.18

1
Core/nbproject/project.xml
View File

@ -346,6 +346,7 @@
<package>org.sleuthkit.autopsy.texttranslation</package>
<package>org.sleuthkit.datamodel</package>
<package>org.sleuthkit.datamodel.blackboardutils</package>
<package>org.sleuthkit.datamodel.blackboardutils.attributes</package>
</public-packages>
<class-path-extension>
<runtime-relative-path>ext/commons-lang3-3.8.1.jar</runtime-relative-path>

34
Core/src/org/sleuthkit/autopsy/communications/relationships/AccountSummary.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019 Basis Technology Corp.
* Copyright 2019-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -18,16 +18,21 @@
*/
package org.sleuthkit.autopsy.communications.relationships;
import com.google.gson.Gson;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.ImageUtils;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
/**
*
@ -121,10 +126,29 @@ class AccountSummary {
}
}
try {
attachmentCnt += artifact.getChildrenCount();
for (Content childContent : artifact.getChildren()) {
if (ImageUtils.thumbnailSupported(childContent)) {
mediaCnt++;
// count the attachments from the TSK_ATTACHMENTS attribute.
BlackboardAttribute attachmentsAttr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS));
if (attachmentsAttr != null) {
String jsonVal = attachmentsAttr.getValueString();
MessageAttachments msgAttachments = new Gson().fromJson(jsonVal, MessageAttachments.class);
Collection<FileAttachment> fileAttachments = msgAttachments.getFileAttachments();
for (FileAttachment fileAttachment : fileAttachments) {
attachmentCnt++;
long attachedFileObjId = fileAttachment.getObjectId();
if (attachedFileObjId >= 0) {
AbstractFile attachedFile = artifact.getSleuthkitCase().getAbstractFileById(attachedFileObjId);
if (ImageUtils.thumbnailSupported(attachedFile)) {
mediaCnt++;
}
}
}
} else { // backward compatibility - email message attachments are derived files, children of the message.
attachmentCnt += artifact.getChildrenCount();
for (Content childContent : artifact.getChildren()) {
if (ImageUtils.thumbnailSupported(childContent)) {
mediaCnt++;
}
}
}
} catch (TskCoreException ex) {

6
Core/src/org/sleuthkit/autopsy/communications/relationships/AttachmentThumbnailsChildren.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019 Basis Technology Corp.
* Copyright 2019-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -38,8 +38,8 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.blackboardutils.FileAttachment;
import org.sleuthkit.datamodel.blackboardutils.MessageAttachments;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
/**
* Factory for creating thumbnail children nodes.

4
Core/src/org/sleuthkit/autopsy/communications/relationships/MessageNode.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019 Basis Technology Corp.
* Copyright 2019-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -40,7 +40,7 @@ import org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.blackboardutils.MessageAttachments;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
/**
* Wraps a BlackboardArtifact as an AbstractNode for use in an OutlookView

6
Core/src/org/sleuthkit/autopsy/contentviewers/Bundle.properties
View File

@ -87,9 +87,9 @@ HtmlPanel.showImagesToggleButton.text=Download Images
MediaViewImagePanel.tagsMenu.text_1=Tags Menu
MediaPlayerPanel.progressLabel.text=00:00:00/00:00:00
MediaPlayerPanel.audioSlider.toolTipText=
MediaPlayerPanel.rewindButton.text=\u2bc7\u2bc7
MediaPlayerPanel.fastForwardButton.text=\u2bc8\u2bc8
MediaPlayerPanel.playButton.text=\u25ba
MediaPlayerPanel.rewindButton.text=
MediaPlayerPanel.fastForwardButton.text=
MediaPlayerPanel.playButton.text=
MediaPlayerPanel.infoLabel.text=No Errors
MediaPlayerPanel.VolumeIcon.text=Volume
MediaPlayerPanel.playBackSpeedLabel.text=Speed:

6
Core/src/org/sleuthkit/autopsy/contentviewers/Bundle.properties-MERGED
View File

@ -158,9 +158,9 @@ HtmlPanel.showImagesToggleButton.text=Download Images
MediaViewImagePanel.tagsMenu.text_1=Tags Menu
MediaPlayerPanel.progressLabel.text=00:00:00/00:00:00
MediaPlayerPanel.audioSlider.toolTipText=
MediaPlayerPanel.rewindButton.text=\u2bc7\u2bc7
MediaPlayerPanel.fastForwardButton.text=\u2bc8\u2bc8
MediaPlayerPanel.playButton.text=\u25ba
MediaPlayerPanel.rewindButton.text=
MediaPlayerPanel.fastForwardButton.text=
MediaPlayerPanel.playButton.text=
MediaPlayerPanel.infoLabel.text=No Errors
MediaPlayerPanel.VolumeIcon.text=Volume
MediaPlayerPanel.playBackSpeedLabel.text=Speed:

74
Core/src/org/sleuthkit/autopsy/contentviewers/MediaPlayerPanel.form
View File

@ -41,7 +41,7 @@
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<EmptySpace min="0" pref="131" max="32767" attributes="0"/>
<EmptySpace min="0" pref="117" max="32767" attributes="0"/>
</Group>
</DimensionLayout>
</Layout>
@ -83,7 +83,7 @@
<EmptySpace min="-2" pref="5" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" max="-2" attributes="0">
<Component id="buttonPanel" max="32767" attributes="0"/>
<Component id="playBackPanel" pref="0" max="32767" attributes="0"/>
<Component id="playBackPanel" max="32767" attributes="0"/>
</Group>
<EmptySpace min="-2" pref="14" max="-2" attributes="0"/>
<Component id="infoLabel" min="-2" max="-2" attributes="0"/>
@ -107,7 +107,7 @@
</Property>
</Properties>
<AuxValues>
<AuxValue name="JavaCodeGenerator_InitCodePost" type="java.lang.String" value="progressSlider.setUI(new CircularJSliderUI(progressSlider, new CircularJSliderConfiguration(new Dimension(18,18))));"/>
<AuxValue name="JavaCodeGenerator_InitCodePost" type="java.lang.String" value="progressSlider.setUI(new CircularJSliderUI(progressSlider, new Dimension(18,18)));"/>
</AuxValues>
</Component>
<Component class="javax.swing.JLabel" name="progressLabel">
@ -123,9 +123,21 @@
<SubComponents>
<Component class="javax.swing.JButton" name="playButton">
<Properties>
<Property name="icon" type="javax.swing.Icon" editor="org.netbeans.modules.form.editors2.IconEditor">
<Image iconType="3" name="/org/sleuthkit/autopsy/contentviewers/images/Play-arrow-01.png"/>
</Property>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/contentviewers/Bundle.properties" key="MediaPlayerPanel.playButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="maximumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[53, 29]"/>
</Property>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[53, 29]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[49, 29]"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="playButtonActionPerformed"/>
@ -138,6 +150,9 @@
</Component>
<Component class="javax.swing.JButton" name="fastForwardButton">
<Properties>
<Property name="icon" type="javax.swing.Icon" editor="org.netbeans.modules.form.editors2.IconEditor">
<Image iconType="3" name="/org/sleuthkit/autopsy/contentviewers/images/Fast-forward-01.png"/>
</Property>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/contentviewers/Bundle.properties" key="MediaPlayerPanel.fastForwardButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
@ -153,6 +168,9 @@
</Component>
<Component class="javax.swing.JButton" name="rewindButton">
<Properties>
<Property name="icon" type="javax.swing.Icon" editor="org.netbeans.modules.form.editors2.IconEditor">
<Image iconType="3" name="/org/sleuthkit/autopsy/contentviewers/images/Fast-rewind-01.png"/>
</Property>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/contentviewers/Bundle.properties" key="MediaPlayerPanel.rewindButton.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
@ -172,6 +190,15 @@
<ResourceString bundle="org/sleuthkit/autopsy/contentviewers/Bundle.properties" key="MediaPlayerPanel.VolumeIcon.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="horizontalTextPosition" type="int" value="2"/>
<Property name="maximumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[34, 29]"/>
</Property>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[34, 29]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[34, 19]"/>
</Property>
</Properties>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
@ -188,15 +215,19 @@
<ResourceString bundle="org/sleuthkit/autopsy/contentviewers/Bundle.properties" key="MediaPlayerPanel.audioSlider.toolTipText" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="value" type="int" value="25"/>
<Property name="maximumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[32767, 19]"/>
</Property>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[200, 21]"/>
<Dimension value="[200, 19]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[200, 21]"/>
<Dimension value="[200, 30]"/>
</Property>
<Property name="requestFocusEnabled" type="boolean" value="false"/>
</Properties>
<AuxValues>
<AuxValue name="JavaCodeGenerator_InitCodePost" type="java.lang.String" value="audioSlider.setUI(new CircularJSliderUI(audioSlider, new CircularJSliderConfiguration(new Dimension(15,15))));"/>
<AuxValue name="JavaCodeGenerator_InitCodePost" type="java.lang.String" value="audioSlider.setUI(new CircularJSliderUI(audioSlider, new Dimension(15,15)));"/>
</AuxValues>
<Constraints>
<Constraint layoutClass="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout" value="org.netbeans.modules.form.compat2.layouts.DesignGridBagLayout$GridBagConstraintsDescription">
@ -223,7 +254,7 @@
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="playBackSpeedLabel" min="-2" max="-2" attributes="0"/>
<Component id="playBackSpeedLabel" min="-2" pref="34" max="-2" attributes="0"/>
<EmptySpace max="32767" attributes="0"/>
<Component id="playBackSpeedComboBox" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="13" max="-2" attributes="0"/>
@ -233,12 +264,15 @@
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="6" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="playBackSpeedComboBox" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="playBackSpeedLabel" alignment="3" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="7" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" max="-2" attributes="0">
<Group type="102" attributes="0">
<EmptySpace min="2" pref="2" max="-2" attributes="0"/>
<Component id="playBackSpeedLabel" max="32767" attributes="0"/>
</Group>
<Component id="playBackSpeedComboBox" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="32767" attributes="0"/>
<EmptySpace min="-2" pref="10" max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@ -260,14 +294,15 @@
</Property>
<Property name="selectedIndex" type="int" value="3"/>
<Property name="maximumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[53, 23]"/>
<Dimension value="[53, 29]"/>
</Property>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[53, 23]"/>
<Dimension value="[53, 29]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[53, 23]"/>
<Dimension value="[53, 29]"/>
</Property>
<Property name="requestFocusEnabled" type="boolean" value="false"/>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="playBackSpeedComboBoxActionPerformed"/>
@ -281,6 +316,15 @@
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/contentviewers/Bundle.properties" key="MediaPlayerPanel.playBackSpeedLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
<Property name="maximumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[34, 19]"/>
</Property>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[34, 19]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[34, 19]"/>
</Property>
</Properties>
</Component>
</SubComponents>

268
Core/src/org/sleuthkit/autopsy/contentviewers/MediaPlayerPanel.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013-2019 Basis Technology Corp.
* Copyright 2013-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -29,6 +29,7 @@ import java.awt.RenderingHints;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.MouseEvent;
import java.awt.event.MouseListener;
import java.io.File;
import java.io.IOException;
import java.util.Arrays;
@ -61,6 +62,7 @@ import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.TskData;
import javafx.embed.swing.JFXPanel;
import javax.swing.ImageIcon;
import javax.swing.JComponent;
import javax.swing.JSlider;
import javax.swing.SwingUtilities;
@ -72,6 +74,7 @@ import org.freedesktop.gstreamer.Format;
import org.freedesktop.gstreamer.GstException;
import org.freedesktop.gstreamer.event.SeekFlags;
import org.freedesktop.gstreamer.event.SeekType;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
/**
* This is a video player that is part of the Media View layered pane. It uses
@ -109,7 +112,7 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
".wav",
".webm",
".wma",
".wmv",}; //NON-NLS
".wmv"}; //NON-NLS
private static final List<String> MIME_TYPES = Arrays.asList(
"video/3gpp",
"video/3gpp2",
@ -200,15 +203,18 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
private static final int PROGRESS_SLIDER_SIZE = 2000;
private static final int SKIP_IN_SECONDS = 30;
private final ImageIcon playIcon = new ImageIcon(getClass().getResource("/org/sleuthkit/autopsy/contentviewers/images/Play-arrow-01.png"));
private final ImageIcon pauseIcon = new ImageIcon(getClass().getResource("/org/sleuthkit/autopsy/contentviewers/images/Pause-01.png"));
private ExtractMedia extractMediaWorker;
//Serialize setting the value of the Video progress slider.
//The slider is a shared resource between the VideoPanelUpdater
//and the TrackListener of the JSliderUI.
//and the TrackListener on the slider itself.
private final Semaphore sliderLock;
/**
* Creates new form MediaViewVideoPanel
* Creates a new MediaPlayerPanel
*/
public MediaPlayerPanel() throws GstException, UnsatisfiedLinkError {
initComponents();
@ -216,6 +222,14 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
//True for fairness. In other words,
//acquire() calls are processed in order of invocation.
sliderLock = new Semaphore(1, true);
/**
* See JIRA-5888 for details. Initializing gstreamer here is more stable
* on Windows.
*/
if (PlatformUtil.isWindowsOS()) {
Gst.init();
}
}
private void customizeComponents() {
@ -247,7 +261,37 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
}
}
});
//Manage the audio level when the user is adjusting the volumn slider
//Manage the video while the user is performing actions on the track.
progressSlider.addMouseListener(new MouseListener() {
private State previousState = State.NULL;
@Override
public void mousePressed(MouseEvent e) {
previousState = gstPlayBin.getState();
gstPlayBin.pause();
}
@Override
public void mouseReleased(MouseEvent e) {
if(previousState.equals(State.PLAYING)) {
gstPlayBin.play();
}
previousState = State.NULL;
}
@Override
public void mouseClicked(MouseEvent e) {
}
@Override
public void mouseEntered(MouseEvent e) {
}
@Override
public void mouseExited(MouseEvent e) {
}
});
//Manage the audio level when the user is adjusting the volume slider
audioSlider.addChangeListener((ChangeEvent event) -> {
if (audioSlider.getValueIsAdjusting()) {
double audioPercent = (audioSlider.getValue() * 2.0) / 100.0;
@ -271,11 +315,11 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
public void stateChanged(GstObject go, State oldState, State currentState, State pendingState) {
if (State.PLAYING.equals(currentState)) {
SwingUtilities.invokeLater(() -> {
playButton.setText("||");
playButton.setIcon(pauseIcon);
});
} else {
SwingUtilities.invokeLater(() -> {
playButton.setText("");
playButton.setIcon(playIcon);
});
}
}
@ -504,8 +548,10 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
// Initialize Gstreamer. It is safe to call this for every file.
// It was moved here from the constructor because having it happen
// earlier resulted in conflicts on Linux.
Gst.init();
// earlier resulted in conflicts on Linux. See JIRA-5888.
if (!PlatformUtil.isWindowsOS()) {
Gst.init();
}
//Video is ready for playback. Create new components
gstPlayBin = new PlayBin("VideoPlayer", tempFile.toURI());
@ -574,63 +620,15 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
}
}
/**
* Represents the default configuration for the circular JSliderUI.
*/
private class CircularJSliderConfiguration {
//Thumb configurations
private final Color thumbColor;
private final Dimension thumbDimension;
//Track configurations
//Progress bar can be bisected into a seen group
//and an unseen group.
private final Color unseen;
private final Color seen;
/**
* Default configuration
*
* JSlider is light blue RGB(0,130,255). Seen track is light blue
* RGB(0,130,255). Unseen track is light grey RGB(192, 192, 192).
*
* @param thumbDimension Size of the oval thumb.
*/
public CircularJSliderConfiguration(Dimension thumbDimension) {
Color lightBlue = new Color(0, 130, 255);
seen = lightBlue;
unseen = Color.LIGHT_GRAY;
thumbColor = lightBlue;
this.thumbDimension = new Dimension(thumbDimension);
}
public Color getThumbColor() {
return thumbColor;
}
public Color getUnseenTrackColor() {
return unseen;
}
public Color getSeenTrackColor() {
return seen;
}
public Dimension getThumbDimension() {
return new Dimension(thumbDimension);
}
}
/**
* Custom view for the JSlider.
*/
private class CircularJSliderUI extends BasicSliderUI {
private final CircularJSliderConfiguration config;
private final Dimension thumbDimension;
private final Color thumbColor;
private final Color trackUnseen;
private final Color trackSeen;
/**
* Creates a custom view for the JSlider. This view draws a blue oval
@ -638,21 +636,27 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
* the thumb progresses.
*
* @param slider JSlider component
* @param config Configuration object. Contains info about thumb
* dimensions and colors.
* @param thumbDimension
*/
public CircularJSliderUI(JSlider slider, CircularJSliderConfiguration config) {
public CircularJSliderUI(JSlider slider, Dimension thumbDimension) {
super(slider);
this.config = config;
this.thumbDimension = thumbDimension;
//Configure track and thumb colors.
Color lightBlue = new Color(0, 130, 255);
thumbColor = lightBlue;
trackSeen = lightBlue;
trackUnseen = Color.LIGHT_GRAY;
}
@Override
protected Dimension getThumbSize() {
return config.getThumbDimension();
return new Dimension(thumbDimension);
}
/**
* Modifies the View to be an oval rather than the rectangle Controller.
* Modifies the View to be an oval rather than the underlying
* rectangle Controller.
*/
@Override
public void paintThumb(Graphics graphic) {
@ -662,8 +666,7 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
//Change the thumb view from the rectangle
//controller to an oval.
graphic.setColor(config.getThumbColor());
Dimension thumbDimension = config.getThumbDimension();
graphic.setColor(thumbColor);
graphic.fillOval(thumb.x, thumb.y, thumbDimension.width, thumbDimension.height);
//Preserve the graphics original color
@ -686,12 +689,12 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
Color original = graphic.getColor();
//Paint the seen side
graphic.setColor(config.getSeenTrackColor());
graphic.setColor(trackSeen);
graphic.drawLine(track.x, track.y + track.height / 2,
thumbX, thumbY + track.height / 2);
//Paint the unseen side
graphic.setColor(config.getUnseenTrackColor());
graphic.setColor(trackUnseen);
graphic.drawLine(thumbX, thumbY + track.height / 2,
track.x + track.width, track.y + track.height / 2);
@ -701,7 +704,26 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
@Override
protected TrackListener createTrackListener(JSlider slider) {
return new CustomTrackListener();
/**
* This track listener will force the thumb to be snapped to the mouse
* location. This makes grabbing and dragging the JSlider much easier.
* Using the default track listener, the user would have to click
* exactly on the slider thumb to drag it. Now the thumb positions
* itself under the mouse so that it can always be dragged.
*/
return new TrackListener() {
@Override
public void mousePressed(MouseEvent e) {
if (!slider.isEnabled() || !SwingUtilities.isLeftMouseButton(e)) {
return;
}
//Snap the thumb to position of the mouse
scrollDueToClickInTrack(0);
//Handle the event as normal.
super.mousePressed(e);
}
};
}
@Override
@ -715,7 +737,7 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
int value = this.valueForXPosition(mousePosition.x);
//Lock the slider down, which is a shared resource.
//The VideoPanelUpdater (dedicated thread) keeps the
//The VideoPanelUpdater keeps the
//slider in sync with the video position, so without
//proper locking our change could be overwritten.
sliderLock.acquireUninterruptibly();
@ -738,43 +760,6 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
super.update(graphic, component);
}
/**
* This track listener will force the thumb to be snapped to the mouse
* location. This makes grabbing and dragging the JSlider much easier.
* Using the default track listener, the user would have to click
* exactly on the slider thumb to drag it. Now the thumb positions
* itself under the mouse so that it can always be dragged.
*/
private class CustomTrackListener extends CircularJSliderUI.TrackListener {
@Override
public void mousePressed(MouseEvent e) {
if (!slider.isEnabled() || !SwingUtilities.isLeftMouseButton(e)) {
return;
}
//Snap the thumb to position of the mouse
scrollDueToClickInTrack(0);
//Pause the video for convenience
gstPlayBin.pause();
//Handle the event as normal.
super.mousePressed(e);
}
@Override
public void mouseReleased(MouseEvent e) {
if (!slider.isEnabled() || !SwingUtilities.isLeftMouseButton(e)) {
return;
}
super.mouseReleased(e);
//Unpause once the mouse has been released.
gstPlayBin.play();
}
}
}
/**
@ -810,7 +795,7 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
);
videoPanelLayout.setVerticalGroup(
videoPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGap(0, 131, Short.MAX_VALUE)
.addGap(0, 117, Short.MAX_VALUE)
);
progressSlider.setValue(0);
@ -818,13 +803,17 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
progressSlider.setDoubleBuffered(true);
progressSlider.setMinimumSize(new java.awt.Dimension(36, 21));
progressSlider.setPreferredSize(new java.awt.Dimension(200, 21));
progressSlider.setUI(new CircularJSliderUI(progressSlider, new CircularJSliderConfiguration(new Dimension(18,18))));
progressSlider.setUI(new CircularJSliderUI(progressSlider, new Dimension(18,18)));
org.openide.awt.Mnemonics.setLocalizedText(progressLabel, org.openide.util.NbBundle.getMessage(MediaPlayerPanel.class, "MediaPlayerPanel.progressLabel.text")); // NOI18N
buttonPanel.setLayout(new java.awt.GridBagLayout());
playButton.setIcon(new javax.swing.ImageIcon(getClass().getResource("/org/sleuthkit/autopsy/contentviewers/images/Play-arrow-01.png"))); // NOI18N
org.openide.awt.Mnemonics.setLocalizedText(playButton, org.openide.util.NbBundle.getMessage(MediaPlayerPanel.class, "MediaPlayerPanel.playButton.text")); // NOI18N
playButton.setMaximumSize(new java.awt.Dimension(53, 29));
playButton.setMinimumSize(new java.awt.Dimension(53, 29));
playButton.setPreferredSize(new java.awt.Dimension(49, 29));
playButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
playButtonActionPerformed(evt);
@ -838,6 +827,7 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
gridBagConstraints.insets = new java.awt.Insets(5, 6, 0, 0);
buttonPanel.add(playButton, gridBagConstraints);
fastForwardButton.setIcon(new javax.swing.ImageIcon(getClass().getResource("/org/sleuthkit/autopsy/contentviewers/images/Fast-forward-01.png"))); // NOI18N
org.openide.awt.Mnemonics.setLocalizedText(fastForwardButton, org.openide.util.NbBundle.getMessage(MediaPlayerPanel.class, "MediaPlayerPanel.fastForwardButton.text")); // NOI18N
fastForwardButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
@ -851,6 +841,7 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
gridBagConstraints.insets = new java.awt.Insets(5, 6, 0, 0);
buttonPanel.add(fastForwardButton, gridBagConstraints);
rewindButton.setIcon(new javax.swing.ImageIcon(getClass().getResource("/org/sleuthkit/autopsy/contentviewers/images/Fast-rewind-01.png"))); // NOI18N
org.openide.awt.Mnemonics.setLocalizedText(rewindButton, org.openide.util.NbBundle.getMessage(MediaPlayerPanel.class, "MediaPlayerPanel.rewindButton.text")); // NOI18N
rewindButton.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
@ -866,6 +857,9 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
org.openide.awt.Mnemonics.setLocalizedText(VolumeIcon, org.openide.util.NbBundle.getMessage(MediaPlayerPanel.class, "MediaPlayerPanel.VolumeIcon.text")); // NOI18N
VolumeIcon.setHorizontalTextPosition(javax.swing.SwingConstants.LEFT);
VolumeIcon.setMaximumSize(new java.awt.Dimension(34, 29));
VolumeIcon.setMinimumSize(new java.awt.Dimension(34, 29));
VolumeIcon.setPreferredSize(new java.awt.Dimension(34, 19));
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 3;
gridBagConstraints.gridy = 0;
@ -880,9 +874,11 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
audioSlider.setMinorTickSpacing(5);
audioSlider.setToolTipText(org.openide.util.NbBundle.getMessage(MediaPlayerPanel.class, "MediaPlayerPanel.audioSlider.toolTipText")); // NOI18N
audioSlider.setValue(25);
audioSlider.setMinimumSize(new java.awt.Dimension(200, 21));
audioSlider.setPreferredSize(new java.awt.Dimension(200, 21));
audioSlider.setUI(new CircularJSliderUI(audioSlider, new CircularJSliderConfiguration(new Dimension(15,15))));
audioSlider.setMaximumSize(new java.awt.Dimension(32767, 19));
audioSlider.setMinimumSize(new java.awt.Dimension(200, 19));
audioSlider.setPreferredSize(new java.awt.Dimension(200, 30));
audioSlider.setRequestFocusEnabled(false);
audioSlider.setUI(new CircularJSliderUI(audioSlider, new Dimension(15,15)));
gridBagConstraints = new java.awt.GridBagConstraints();
gridBagConstraints.gridx = 4;
gridBagConstraints.gridy = 0;
@ -898,9 +894,10 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
playBackSpeedComboBox.setModel(new javax.swing.DefaultComboBoxModel<>(new String[] { "0.25x", "0.50x", "0.75x", "1x", "1.25x", "1.50x", "1.75x", "2x" }));
playBackSpeedComboBox.setSelectedIndex(3);
playBackSpeedComboBox.setMaximumSize(new java.awt.Dimension(53, 23));
playBackSpeedComboBox.setMinimumSize(new java.awt.Dimension(53, 23));
playBackSpeedComboBox.setPreferredSize(new java.awt.Dimension(53, 23));
playBackSpeedComboBox.setMaximumSize(new java.awt.Dimension(53, 29));
playBackSpeedComboBox.setMinimumSize(new java.awt.Dimension(53, 29));
playBackSpeedComboBox.setPreferredSize(new java.awt.Dimension(53, 29));
playBackSpeedComboBox.setRequestFocusEnabled(false);
playBackSpeedComboBox.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
playBackSpeedComboBoxActionPerformed(evt);
@ -908,13 +905,16 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
});
org.openide.awt.Mnemonics.setLocalizedText(playBackSpeedLabel, org.openide.util.NbBundle.getMessage(MediaPlayerPanel.class, "MediaPlayerPanel.playBackSpeedLabel.text")); // NOI18N
playBackSpeedLabel.setMaximumSize(new java.awt.Dimension(34, 19));
playBackSpeedLabel.setMinimumSize(new java.awt.Dimension(34, 19));
playBackSpeedLabel.setPreferredSize(new java.awt.Dimension(34, 19));
javax.swing.GroupLayout playBackPanelLayout = new javax.swing.GroupLayout(playBackPanel);
playBackPanel.setLayout(playBackPanelLayout);
playBackPanelLayout.setHorizontalGroup(
playBackPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(playBackPanelLayout.createSequentialGroup()
.addComponent(playBackSpeedLabel)
.addComponent(playBackSpeedLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 34, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(playBackSpeedComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addGap(13, 13, 13))
@ -922,11 +922,13 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
playBackPanelLayout.setVerticalGroup(
playBackPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(playBackPanelLayout.createSequentialGroup()
.addGap(6, 6, 6)
.addGroup(playBackPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(playBackSpeedComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(playBackSpeedLabel))
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addGap(7, 7, 7)
.addGroup(playBackPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
.addGroup(playBackPanelLayout.createSequentialGroup()
.addGap(2, 2, 2)
.addComponent(playBackSpeedLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addComponent(playBackSpeedComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGap(10, 10, 10))
);
javax.swing.GroupLayout controlPanelLayout = new javax.swing.GroupLayout(controlPanel);
@ -958,7 +960,7 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
.addGap(5, 5, 5)
.addGroup(controlPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
.addComponent(buttonPanel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(playBackPanel, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE))
.addComponent(playBackPanel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addGap(14, 14, 14)
.addComponent(infoLabel))
);
@ -1002,13 +1004,21 @@ public class MediaPlayerPanel extends JPanel implements MediaFileViewer.MediaVie
long currentTime = gstPlayBin.queryPosition(TimeUnit.NANOSECONDS);
//Skip 30 seconds.
long fastForwardDelta = TimeUnit.NANOSECONDS.convert(SKIP_IN_SECONDS, TimeUnit.SECONDS);
//Ignore fast forward requests if there are less than 30 seconds left.
if (currentTime + fastForwardDelta >= duration) {
//Don't allow skipping within 2 seconds of video ending. Skipping right to
//the end causes undefined behavior for some gstreamer plugins.
long twoSecondsInNano = TimeUnit.NANOSECONDS.convert(2, TimeUnit.SECONDS);
if((duration - currentTime) <= twoSecondsInNano) {
return;
}
long newTime;
if (currentTime + fastForwardDelta >= duration) {
//If there are less than 30 seconds left, only fast forward to the midpoint.
newTime = currentTime + (duration - currentTime)/2;
} else {
newTime = currentTime + fastForwardDelta;
}
long newTime = currentTime + fastForwardDelta;
double playBackRate = getPlayBackRate();
gstPlayBin.seek(playBackRate,
Format.TIME,

10
Core/src/org/sleuthkit/autopsy/contentviewers/MessageContentViewer.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2017-2019 Basis Technology Corp.
* Copyright 2017-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -72,10 +72,10 @@ import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEX
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.blackboardutils.FileAttachment;
import org.sleuthkit.datamodel.blackboardutils.MessageAttachments;
import org.sleuthkit.datamodel.blackboardutils.Attachment;
import org.sleuthkit.datamodel.blackboardutils.URLAttachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.Attachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.URLAttachment;
/**
* Shows SMS/MMS/EMail messages

BIN
Core/src/org/sleuthkit/autopsy/contentviewers/images/Fast-forward-01.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 415 B

BIN
Core/src/org/sleuthkit/autopsy/contentviewers/images/Fast-rewind-01.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 436 B

BIN
Core/src/org/sleuthkit/autopsy/contentviewers/images/Pause-01.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 247 B

BIN
Core/src/org/sleuthkit/autopsy/contentviewers/images/Play-arrow-01.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 418 B

121
Core/src/org/sleuthkit/autopsy/coreutils/textutils/EncodingUtils.java Executable file
View File

@ -0,0 +1,121 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2020-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.coreutils.textutils;
import com.ethteck.decodetect.core.Decodetect;
import com.ethteck.decodetect.core.DecodetectResult;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CharsetEncoder;
import java.util.List;
import org.apache.tika.parser.txt.CharsetDetector;
import org.apache.tika.parser.txt.CharsetMatch;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.ReadContentInputStream;
import org.sleuthkit.datamodel.TskCoreException;
/**
* Utilities for working with text file encodings.
*/
public class EncodingUtils {
// This value will be used as a threshold for determining which encoding
// detection library to use. If CharsetDetector's own confidence is at least
// MIN_MATCH_CONFIDENCE, CharsetDetector's result will be used for decoding.
// Otherwise, Decodetect will be used.
//
// Note: We initially used a confidence of 35, but it was causing some
// Chrome Cache files to get flagged as UTF-16 with confidence 40.
// These files had a small amount of binary data and then ASCII.
static final private int MIN_CHARSETDETECT_MATCH_CONFIDENCE = 41;
// This value determines whether we will consider Decodetect's top-scoring
// result a legitimate match or if we will disregard its findings.
//
// Possible values are 0 to 1, inclusive.
static final private double MIN_DECODETECT_MATCH_CONFIDENCE = 0.4;
/*
* The char set returned if the algorithm fails to detect the
* encoding of the file.
*/
public static final Charset UNKNOWN_CHARSET = new Charset("unknown", null) {
@Override
public boolean contains(Charset cs) {
return false;
}
@Override
public CharsetDecoder newDecoder() {
return null;
}
@Override
public CharsetEncoder newEncoder() {
return null;
}
};
/**
* Returns the encoding of the file.
*
* @return Detected encoding or UNKNOWN_CHARSET.
*/
public static Charset getEncoding(AbstractFile file) throws TskCoreException, IOException {
// Encoding detection is hard. We use several libraries since the data passed in is often messy.
// First try CharsetDetector (from Tika / ICU4J).
// It is a rule-based detection approach.
try (InputStream stream = new BufferedInputStream(new ReadContentInputStream(file))) {
CharsetDetector detector = new CharsetDetector();
detector.setText(stream);
CharsetMatch tikaResult = detector.detect();
if (tikaResult != null && tikaResult.getConfidence() >= MIN_CHARSETDETECT_MATCH_CONFIDENCE) {
String tikaCharSet = tikaResult.getName();
//Check if the nio package has support for the charset determined by Tika.
if(Charset.isSupported(tikaCharSet)) {
return Charset.forName(tikaCharSet);
}
}
}
// If that did not work, then use DecoDetect, which is statistical
// We needed this for some Japanese text files that were incorrectly detected by CharsetDetector (with low confidence)
// This will not always work with messy data that combines some binary and some ASCII.
int maxBytes = 100000;
int numBytes = maxBytes;
if (file.getSize() < maxBytes) {
numBytes = (int) file.getSize();
}
byte[] targetArray = new byte[numBytes];
file.read(targetArray, 0, numBytes);
List<DecodetectResult> results = Decodetect.DECODETECT.getResults(targetArray);
if (!results.isEmpty()) {
DecodetectResult topResult = results.get(0);
if (topResult.getConfidence() >= MIN_DECODETECT_MATCH_CONFIDENCE) {
return topResult.getEncoding();
}
}
return UNKNOWN_CHARSET;
}
}

8
Core/src/org/sleuthkit/autopsy/datamodel/AttachmentNode.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2017-2019 Basis Technology Corp.
* Copyright 2017-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -49,9 +49,9 @@ import org.sleuthkit.autopsy.directorytree.ViewContextAction;
import org.sleuthkit.autopsy.timeline.actions.ViewFileInTimelineAction;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.TskException;
import org.sleuthkit.datamodel.blackboardutils.Attachment;
import org.sleuthkit.datamodel.blackboardutils.FileAttachment;
import org.sleuthkit.datamodel.blackboardutils.URLAttachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.Attachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.URLAttachment;
/**
* Node for a message attachment.

3
Core/src/org/sleuthkit/autopsy/datamodel/Bundle.properties-MERGED
View File

@ -304,9 +304,6 @@ OpenReportAction.actionPerformed.ReportFileOpenPermissionDeniedMessage=Permissio
PoolNode.createSheet.name.desc=no description
PoolNode.createSheet.name.displayName=Name
PoolNode.createSheet.name.name=Name
PoolNode.createSheet.offset.desc=no description
PoolNode.createSheet.offset.displayName=Starting offset
PoolNode.createSheet.offset.name=Starting offset
PoolNode.createSheet.type.desc=no description
PoolNode.createSheet.type.displayName=Type
PoolNode.createSheet.type.name=Type

2
Core/src/org/sleuthkit/autopsy/filequery/FileSearchData.java
View File

@ -47,7 +47,7 @@ final class FileSearchData {
UNIQUE(0, 1, Bundle.FileSearchData_Frequency_unique_displayName()),
RARE(1, 10, Bundle.FileSearchData_Frequency_rare_displayName()),
COMMON(2, 100, Bundle.FileSearchData_Frequency_common_displayName()),
VERY_COMMON(3, 0, Bundle.FileSearchData_Frequency_common_displayName()),
VERY_COMMON(3, 0, Bundle.FileSearchData_Frequency_verycommon_displayName()),
KNOWN(4, 0, Bundle.FileSearchData_Frequency_known_displayName()),
UNKNOWN(5, 0, Bundle.FileSearchData_Frequency_unknown_displayName());

19
Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019 Basis Technology Corp.
* Copyright 2019-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -22,21 +22,17 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeIns
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.filequery.FileSearchData.FileSize;
import org.sleuthkit.autopsy.filequery.FileSearchData.FileType;
import org.sleuthkit.autopsy.filequery.FileSearchData.Frequency;
import org.sleuthkit.autopsy.filequery.FileSearchData.Score;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TagName;
import org.sleuthkit.datamodel.TskCoreException;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.stream.Collectors;
import org.openide.util.NbBundle;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ -48,8 +44,6 @@ import org.sleuthkit.datamodel.TskData;
*/
class FileSearchFiltering {
private final static Logger logger = Logger.getLogger(FileSearchFiltering.class.getName());
/**
* Run the given filters to get a list of matching files.
*
@ -61,18 +55,9 @@ class FileSearchFiltering {
* @return
*/
static List<ResultFile> runQueries(List<FileFilter> filters, SleuthkitCase caseDb, EamDb centralRepoDb) throws FileSearchException {
if (caseDb == null) {
throw new FileSearchException("Case DB parameter is null"); // NON-NLS
}
// Record the selected filters
String filterStr = "";
for (FileFilter filter : filters) {
filterStr += " " + filter.getDesc() + "\n";
}
logger.log(Level.INFO, "Running filters:\n{0}", filterStr);
// Combine all the SQL queries from the filters into one query
String combinedQuery = "";
for (FileFilter filter : filters) {
@ -112,8 +97,6 @@ class FileSearchFiltering {
private static List<ResultFile> getResultList(List<FileFilter> filters, String combinedQuery, SleuthkitCase caseDb, EamDb centralRepoDb) throws TskCoreException, FileSearchException {
// Get all matching abstract files
List<ResultFile> resultList = new ArrayList<>();
logger.log(Level.INFO, "Running SQL query: {0}", combinedQuery);
List<AbstractFile> sqlResults = caseDb.findAllFilesWhere(combinedQuery);
// If there are no results, return now

27
Core/src/org/sleuthkit/autopsy/filequery/FileSearchPanel.form
View File

@ -404,15 +404,6 @@
<Connection code="new DefaultListModel&lt;ParentSearchTerm&gt;()" type="code"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
<Property name="maximumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="null"/>
</Property>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="visibleRowCount" type="int" value="4"/>
</Properties>
<Events>
@ -457,12 +448,6 @@
<Connection code="new DefaultListModel&lt;String&gt;()" type="code"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="visibleRowCount" type="int" value="3"/>
</Properties>
<AuxValues>
@ -573,12 +558,6 @@
<Connection code="new DefaultListModel&lt;String&gt;()" type="code"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="visibleRowCount" type="int" value="2"/>
</Properties>
<AuxValues>
@ -631,12 +610,6 @@
<Connection code="new DefaultListModel&lt;String&gt;()" type="code"/>
</Property>
<Property name="enabled" type="boolean" value="false"/>
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 30]"/>
</Property>
<Property name="visibleRowCount" type="int" value="2"/>
</Properties>
<AuxValues>

9
Core/src/org/sleuthkit/autopsy/filequery/FileSearchPanel.java
View File

@ -1328,9 +1328,6 @@ final class FileSearchPanel extends javax.swing.JPanel implements ActionListener
parentList.setModel(new DefaultListModel<ParentSearchTerm>());
parentList.setEnabled(false);
parentList.setMaximumSize(null);
parentList.setMinimumSize(new java.awt.Dimension(0, 30));
parentList.setPreferredSize(new java.awt.Dimension(0, 30));
parentList.setVisibleRowCount(4);
parentList.addListSelectionListener(new javax.swing.event.ListSelectionListener() {
public void valueChanged(javax.swing.event.ListSelectionEvent evt) {
@ -1366,8 +1363,6 @@ final class FileSearchPanel extends javax.swing.JPanel implements ActionListener
hashSetList.setModel(new DefaultListModel<String>());
hashSetList.setEnabled(false);
hashSetList.setMinimumSize(new java.awt.Dimension(0, 30));
hashSetList.setPreferredSize(new java.awt.Dimension(0, 30));
hashSetList.setVisibleRowCount(3);
hashSetScrollPane.setViewportView(hashSetList);
@ -1454,8 +1449,6 @@ final class FileSearchPanel extends javax.swing.JPanel implements ActionListener
objectsList.setModel(new DefaultListModel<String>());
objectsList.setEnabled(false);
objectsList.setMinimumSize(new java.awt.Dimension(0, 30));
objectsList.setPreferredSize(new java.awt.Dimension(0, 30));
objectsList.setVisibleRowCount(2);
objectsScrollPane.setViewportView(objectsList);
@ -1487,8 +1480,6 @@ final class FileSearchPanel extends javax.swing.JPanel implements ActionListener
interestingItemsList.setModel(new DefaultListModel<String>());
interestingItemsList.setEnabled(false);
interestingItemsList.setMinimumSize(new java.awt.Dimension(0, 30));
interestingItemsList.setPreferredSize(new java.awt.Dimension(0, 30));
interestingItemsList.setVisibleRowCount(2);
interestingItemsScrollPane.setViewportView(interestingItemsList);

7
Core/src/org/sleuthkit/autopsy/filequery/ResultsPanel.form
View File

@ -290,11 +290,11 @@
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<EmptySpace min="0" pref="221" max="32767" attributes="0"/>
<EmptySpace min="0" pref="68" max="32767" attributes="0"/>
<Group type="103" rootIndex="1" groupAlignment="0" attributes="0">
<Group type="102" alignment="1" attributes="0">
<EmptySpace min="-2" pref="0" max="-2" attributes="0"/>
<Component id="instancesScrollPane" pref="221" max="32767" attributes="0"/>
<Component id="instancesScrollPane" max="32767" attributes="0"/>
</Group>
</Group>
</Group>
@ -331,9 +331,6 @@
<Property name="cellRenderer" type="javax.swing.ListCellRenderer" editor="org.netbeans.modules.form.RADConnectionPropertyEditor">
<Connection code="new InstancesCellRenderer()" type="code"/>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[0, 50]"/>
</Property>
<Property name="visibleRowCount" type="int" value="2"/>
</Properties>
<AuxValues>

5
Core/src/org/sleuthkit/autopsy/filequery/ResultsPanel.java
View File

@ -496,7 +496,6 @@ public class ResultsPanel extends javax.swing.JPanel {
instancesList.setModel(instancesListModel);
instancesList.setSelectionMode(javax.swing.ListSelectionModel.SINGLE_SELECTION);
instancesList.setCellRenderer(new InstancesCellRenderer());
instancesList.setPreferredSize(new java.awt.Dimension(0, 50));
instancesList.setVisibleRowCount(2);
instancesScrollPane.setViewportView(instancesList);
@ -510,11 +509,11 @@ public class ResultsPanel extends javax.swing.JPanel {
);
instancesPanelLayout.setVerticalGroup(
instancesPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGap(0, 221, Short.MAX_VALUE)
.addGap(0, 68, Short.MAX_VALUE)
.addGroup(instancesPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, instancesPanelLayout.createSequentialGroup()
.addGap(0, 0, 0)
.addComponent(instancesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 221, Short.MAX_VALUE)))
.addComponent(instancesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))
);
resultsSplitPane.setRightComponent(instancesPanel);

1
Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/Bundle.properties
View File

@ -16,7 +16,6 @@ EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg=Possib
EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnDetails=Compression ratio is {0}, skipping items in {1}.
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.warnMsg.zipBomb=Possible ZIP bomb detected: {0}
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.warnDetails.zipBomb=The archive is {0} levels deep, skipping processing of {1}
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.unknownPath.msg=Unknown item path in archive: {0}, will use: {1}
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.notEnoughDiskSpace.msg=Not enough disk space to unpack archive item: {0}, {1}
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.notEnoughDiskSpace.details=The archive item is too large to unpack, skipping unpacking this item.
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.errUnpacking.msg=Error unpacking {0}

1
Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/Bundle_ja.properties
View File

@ -28,7 +28,6 @@ EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg=\u30a2
EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnDetails=\u5727\u7e2e\u7387\u306f {0} \u3067\u3059\u3002{1} \u306e\u9805\u76ee\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u307e\u3059\u3002
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.warnMsg.zipBomb=ZIP\u7206\u5f3e\u304c\u691c\u51fa\u3055\u308c\u305f\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059: {0}
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.warnDetails.zipBomb=\u30a2\u30fc\u30ab\u30a4\u30d6\u306f {0} \u30ec\u30d9\u30eb\u306e\u6df1\u3055\u3067\u3059\u3002{1} \u306e\u51e6\u7406\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u307e\u3059
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.unknownPath.msg=\u30a2\u30fc\u30ab\u30a4\u30d6\u306e\u4e0d\u660e\u306a\u9805\u76ee\u30d1\u30b9: {0}\u3001\u6b21\u3092\u4f7f\u7528\u3057\u307e\u3059: {1}
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.notEnoughDiskSpace.msg=\u30a2\u30fc\u30ab\u30a4\u30d6\u9805\u76ee\u3092\u958b\u5c01\u3059\u308b\u305f\u3081\u306e\u5341\u5206\u306a\u30c7\u30a3\u30b9\u30af\u9818\u57df\u304c\u3042\u308a\u307e\u305b\u3093: {0}\u3001{1}
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.notEnoughDiskSpace.details=\u30a2\u30fc\u30ab\u30a4\u30d6\u9805\u76ee\u304c\u5927\u304d\u3059\u304e\u3067\u958b\u5c01\u3067\u304d\u307e\u305b\u3093\u3002\u3053\u306e\u9805\u76ee\u306e\u958b\u5c01\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u307e\u3059\u3002
EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.errUnpacking.msg={0} \u306e\u958b\u5c01\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f

4
Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
View File

@ -449,10 +449,6 @@ class SevenZipExtractor {
} else {
pathInArchive = "/" + useName;
}
String msg = NbBundle.getMessage(SevenZipExtractor.class,
"EmbeddedFileExtractorIngestModule.ArchiveExtractor.unpack.unknownPath.msg",
getArchiveFilePath(archiveFile), pathInArchive);
logger.log(Level.WARNING, msg);
}
return pathInArchive;
}

2
Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
View File

@ -197,7 +197,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
BlackboardArtifact bba = file.newArtifact(TSK_METADATA_EXIF);
BlackboardArtifact bba2 = file.newArtifact(TSK_USER_CONTENT_SUSPECTED);
bba.addAttributes(attributes);
bba2.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION, MODULE_NAME, Bundle.ExifParserFileIngestModule_userContent_description()));
bba2.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, Bundle.ExifParserFileIngestModule_userContent_description()));
try {
// index the artifact for keyword search
blackboard.postArtifact(bba, MODULE_NAME);

8
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2011-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -30,7 +30,7 @@ import org.apache.tika.Tika;
import org.apache.tika.io.TikaInputStream;
import org.apache.tika.mime.MimeTypes;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.textextractors.TextFileExtractor;
import org.sleuthkit.autopsy.coreutils.textutils.EncodingUtils;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.ReadContentInputStream;
import org.sleuthkit.datamodel.TskCoreException;
@ -257,8 +257,8 @@ public class FileTypeDetector {
* encoding
*/
if (file.getNameExtension().equals("txt")) {
Charset detectedCharset = new TextFileExtractor(file).getEncoding();
if (detectedCharset != TextFileExtractor.UNKNOWN_CHARSET) {
Charset detectedCharset = EncodingUtils.getEncoding(file);
if (detectedCharset != EncodingUtils.UNKNOWN_CHARSET) {
mimeType = MimeTypes.PLAIN_TEXT;
}
}

4
Core/src/org/sleuthkit/autopsy/modules/plaso/Bundle.properties-MERGED
View File

@ -3,7 +3,7 @@ PlasoIngestModule.artifact.progress=Adding events to case: {0}
PlasoIngestModule.bad.imageFile=Cannot find image file name and path
PlasoIngestModule.completed=Plaso Processing Completed
PlasoIngestModule.create.artifacts.cancelled=Cancelled Plaso Artifact Creation
PlasoIngestModule.dataSource.not.an.image=Datasource is not an Image.
PlasoIngestModule.dataSource.not.an.image=Skipping non-disk image datasource
PlasoIngestModule.error.creating.output.dir=Error creating Plaso module output directory.
PlasoIngestModule.error.running.log2timeline=Error running log2timeline, see log file.
PlasoIngestModule.error.running.psort=Error running Psort, see log file.
@ -11,7 +11,7 @@ PlasoIngestModule.event.datetime=Event Date Time
PlasoIngestModule.event.description=Event Description
PlasoIngestModule.exception.posting.artifact=Exception Posting artifact.
PlasoIngestModule.executable.not.found=Plaso Executable Not Found.
PlasoIngestModule.has.run=Plaso Plugin has been run.
PlasoIngestModule.has.run=Plaso
PlasoIngestModule.info.empty.database=Plaso database was empty.
PlasoIngestModule.log2timeline.cancelled=Log2timeline run was canceled
PlasoIngestModule.psort.cancelled=psort run was canceled

127
Core/src/org/sleuthkit/autopsy/textextractors/TextFileExtractor.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2018-2019 Basis Technology Corp.
* Copyright 2018-2020 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -18,23 +18,15 @@
*/
package org.sleuthkit.autopsy.textextractors;
import com.ethteck.decodetect.core.Decodetect;
import com.ethteck.decodetect.core.DecodetectResult;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.nio.charset.Charset;
import java.nio.charset.CharsetDecoder;
import java.nio.charset.CharsetEncoder;
import java.nio.charset.StandardCharsets;
import java.nio.charset.UnsupportedCharsetException;
import java.util.List;
import java.util.logging.Level;
import org.apache.tika.parser.txt.CharsetDetector;
import org.apache.tika.parser.txt.CharsetMatch;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.textutils.EncodingUtils;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.ReadContentInputStream;
import org.sleuthkit.datamodel.TskCoreException;
@ -44,44 +36,7 @@ import org.sleuthkit.datamodel.TskCoreException;
*/
public final class TextFileExtractor implements TextExtractor {
/*
* The char set returned if a text file extractor fails to detect the
* encoding of the file from which it is extracting text.
*/
public static final Charset UNKNOWN_CHARSET = new Charset("unknown", null) {
@Override
public boolean contains(Charset cs) {
return false;
}
@Override
public CharsetDecoder newDecoder() {
return null;
}
@Override
public CharsetEncoder newEncoder() {
return null;
}
};
// This value will be used as a threshold for determining which encoding
// detection library to use. If CharsetDetector's own confidence is at least
// MIN_MATCH_CONFIDENCE, CharsetDetector's result will be used for decoding.
// Otherwise, Decodetect will be used.
//
// Note: We initially used a confidence of 35, but it was causing some
// Chrome Cache files to get flagged as UTF-16 with confidence 40.
// These files had a small amount of binary data and then ASCII.
static final private int MIN_CHARSETDETECT_MATCH_CONFIDENCE = 41;
// This value determines whether we will consider Decodetect's top-scoring
// result a legitimate match or if we will disregard its findings.
//
// Possible values are 0 to 1, inclusive.
static final private double MIN_DECODETECT_MATCH_CONFIDENCE = 0.4;
private static final Logger logger = Logger.getLogger(SqliteTextExtractor.class.getName());
private static final Logger logger = Logger.getLogger(TextFileExtractor.class.getName());
private final AbstractFile file;
private Charset encoding = null;
@ -96,12 +51,21 @@ public final class TextFileExtractor implements TextExtractor {
}
@Override
public Reader getReader() {
Charset enc = getEncoding();
if (enc.equals(UNKNOWN_CHARSET)) {
enc = StandardCharsets.UTF_8;
public Reader getReader() throws InitReaderException {
if(encoding == null) {
try {
encoding = EncodingUtils.getEncoding(file);
if(encoding == EncodingUtils.UNKNOWN_CHARSET) {
encoding = StandardCharsets.UTF_8;
}
} catch (TskCoreException | IOException ex) {
logger.log(Level.SEVERE, String.format("Error detecting the "
+ "encoding for %s (objID=%d)", file.getName(), file.getId()), ex);
encoding = StandardCharsets.UTF_8;
}
}
return getReader(enc);
return getReader(encoding);
}
private Reader getReader(Charset encoding) {
@ -112,61 +76,4 @@ public final class TextFileExtractor implements TextExtractor {
public boolean isSupported() {
return file.getMIMEType().equals("text/plain");
}
/**
* Returns the encoding of the file.
*
* @return Detected encoding or UNKNOWN_CHARSET.
*/
public Charset getEncoding() {
if (encoding != null) {
return encoding;
}
// Encoding detection is hard. We use several libraries since the data passed in is often messy.
// First try CharsetDetector (from Tika / ICU4J).
// It is a rule-based detection approach.
try (InputStream stream = new BufferedInputStream(new ReadContentInputStream(file))) {
CharsetDetector detector = new CharsetDetector();
detector.setText(stream);
CharsetMatch tikaResult = detector.detect();
if (tikaResult != null && tikaResult.getConfidence() >= MIN_CHARSETDETECT_MATCH_CONFIDENCE) {
try {
encoding = Charset.forName(tikaResult.getName());
return encoding;
} catch (UnsupportedCharsetException ex) {
logger.log(Level.WARNING, String.format("Error converting CharsetDetector result for %s (objID=%d)", file.getName(), file.getId()), ex);
}
}
} catch (IOException ex) {
logger.log(Level.WARNING, String.format("Error setting CharsetDetector stream for %s (objID=%d)", file.getName(), file.getId()), ex);
}
// If that did not work, then use DecoDetect, which is stastical
// We needed this for some Japanese text files that were incorrectly detected by CharsetDetector (with low confidence)
// This will not always work with messy data that combines some binary and some ASCII.
try {
int maxBytes = 100000;
int numBytes = maxBytes;
if (file.getSize() < maxBytes) {
numBytes = (int) file.getSize();
}
byte[] targetArray = new byte[numBytes];
file.read(targetArray, 0, numBytes);
List<DecodetectResult> results = Decodetect.DECODETECT.getResults(targetArray);
if (!results.isEmpty()) {
DecodetectResult topResult = results.get(0);
if (topResult.getConfidence() >= MIN_DECODETECT_MATCH_CONFIDENCE) {
encoding = topResult.getEncoding();
return encoding;
}
}
} catch (TskCoreException ex) {
logger.log(Level.WARNING, String.format("Error reading content from %s (objID=%d)", file.getName(), file.getId()), ex);
}
encoding = UNKNOWN_CHARSET;
return encoding;
}
}

2
Experimental/nbproject/project.xml
View File

@ -135,7 +135,7 @@
<compile-dependency/>
<run-dependency>
<release-version>10</release-version>
<specification-version>10.17</specification-version>
<specification-version>10.18</specification-version>
</run-dependency>
</dependency>
<dependency>

2
ImageGallery/nbproject/project.xml
View File

@ -127,7 +127,7 @@
<compile-dependency/>
<run-dependency>
<release-version>10</release-version>
<specification-version>10.17</specification-version>
<specification-version>10.18</specification-version>
</run-dependency>
</dependency>
<dependency>

5
ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/DrawableDB.java
View File

@ -2150,10 +2150,15 @@ public final class DrawableDB {
public void deleteDataSource(long dataSourceID) throws SQLException, TskCoreException {
dbWriteLock();
DrawableTransaction trans = null;
String whereClause = "WHERE data_source_obj_id = " + dataSourceID;
String tableName = "image_gallery_groups";
try {
trans = beginTransaction();
deleteDataSourceStmt.setLong(1, dataSourceID);
deleteDataSourceStmt.executeUpdate();
if (caseDb.getCaseDbAccessManager().tableExists(tableName)) {
caseDb.getCaseDbAccessManager().delete(tableName, whereClause);
}
commitTransaction(trans, true);
} catch (SQLException | TskCoreException ex) {
if (null != trans) {

8
InternalPythonModules/android/fbmessenger.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -48,9 +48,9 @@ from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils import URLAttachment
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import URLAttachment
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CallMediaType

8
InternalPythonModules/android/imo.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -43,9 +43,9 @@ from org.sleuthkit.datamodel import Content
from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import URLAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import URLAttachment
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection

8
InternalPythonModules/android/line.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -43,8 +43,8 @@ from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.autopsy.casemodule import NoCurrentCaseException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection
from TskContactsParser import TskContactsParser
@ -439,4 +439,4 @@ class LineMessagesParser(TskMessagesParser):
return None
else:
return self.result_set.getString("attachement_local_uri")

8
InternalPythonModules/android/oruxmaps.py
View File

@ -44,7 +44,7 @@ from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.datamodel import Content
from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel.blackboardutils import ArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import GeoArtifactsHelper
import traceback
import general
@ -68,14 +68,14 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
for oruxMapsTrackpointsDb in oruxMapsTrackpointsDbs:
try:
current_case = Case.getCurrentCaseThrows()
oruxDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(),
oruxDbHelper = GeoArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, oruxMapsTrackpointsDb.getDBFile())
poiQueryString = "SELECT poilat, poilon, poitime, poiname FROM pois"
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
if poisResultSet is not None:
while poisResultSet.next():
oruxDbHelper.addGPSLocation(
oruxDbHelper.addGPSTrackpoint(
poisResultSet.getDouble("poilat"),
poisResultSet.getDouble("poilon"),
poisResultSet.getLong("poitime") / 1000, # milliseconds since unix epoch
@ -86,7 +86,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
trackpointsResultSet = oruxMapsTrackpointsDb.runQuery(trackpointsQueryString)
if trackpointsResultSet is not None:
while trackpointsResultSet.next():
oruxDbHelper.addGPSLocation(
oruxDbHelper.addGPSTrackpoint(
trackpointsResultSet.getDouble("trkptlat"),
trackpointsResultSet.getDouble("trkptlon"),
trackpointsResultSet.getLong("trkpttime") / 1000, # milliseconds since unix epoch

6
InternalPythonModules/android/shareit.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -43,8 +43,8 @@ from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection

6
InternalPythonModules/android/skype.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -46,8 +46,8 @@ from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from TskMessagesParser import TskMessagesParser
from TskContactsParser import TskContactsParser
from TskCallLogsParser import TskCallLogsParser

9
InternalPythonModules/android/textmessage.py
View File

@ -126,11 +126,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
artifact.addAttributes(attributes)
# Create an account
msgAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.PHONE, address, general.MODULE_NAME, abstractFile);
if address is not None:
# Create an account
msgAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.PHONE, address, general.MODULE_NAME, abstractFile);
# create relationship between accounts
Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().addRelationships(deviceAccountInstance, [msgAccountInstance], artifact,Relationship.Type.MESSAGE, date);
# create relationship between accounts
Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().addRelationships(deviceAccountInstance, [msgAccountInstance], artifact,Relationship.Type.MESSAGE, date);
bbartifacts.append(artifact)

6
InternalPythonModules/android/textnow.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -44,8 +44,8 @@ from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.autopsy.casemodule import NoCurrentCaseException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection

6
InternalPythonModules/android/viber.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -43,8 +43,8 @@ from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.autopsy.casemodule import NoCurrentCaseException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection
from TskMessagesParser import TskMessagesParser

8
InternalPythonModules/android/whatsapp.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -45,9 +45,9 @@ from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import URLAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import URLAttachment
from TskMessagesParser import TskMessagesParser
from TskContactsParser import TskContactsParser
from TskCallLogsParser import TskCallLogsParser

6
InternalPythonModules/android/xender.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -42,9 +42,9 @@ from org.sleuthkit.datamodel import Content
from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection
import traceback

6
InternalPythonModules/android/zapya.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2020 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -42,9 +42,9 @@ from org.sleuthkit.datamodel import Content
from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection

2
KeywordSearch/nbproject/project.xml
View File

@ -119,7 +119,7 @@
<compile-dependency/>
<run-dependency>
<release-version>10</release-version>
<specification-version>10.17</specification-version>
<specification-version>10.18</specification-version>
</run-dependency>
</dependency>
<dependency>

2
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
View File

@ -692,7 +692,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule {
putIngestStatus(jobId, aFile.getId(), IngestStatus.TEXT_INGESTED);
return true;
}
} catch (IngesterException | IOException ex) {
} catch (IngesterException | IOException | TextExtractor.InitReaderException ex) {
logger.log(Level.WARNING, "Unable to index " + aFile.getName(), ex);
}
return false;

33
NEWS.txt
View File

@ -1,3 +1,36 @@
---------------- VERSION 4.14.0 --------------
Specialized UIs:
- New File Discovery UI that allows you to search and filter for certain types of files.
- New Map viewer that uses either Bing (when online) or offline map tiles.
- Communications UI shows country names for phone numbers and fixed bug in summary panel.
- Fixed bugs in timeline filtering.
- Refactored backend timeline filtering code based on The Sleuth Kit datamodel changes to remove JavaFX dependency.
Data Sources:
- Added limited support for APFS disk images. Does not include encrypted volumes or ones that span multiple disks. Uses contribution to The Sleuth Kit from Blackbag Technologies.
- New data source processor that parses “XRY File Exports”.
Content Viewers:
- Added a new “Context” viewer to show where a file came from. Currently shows what message a file was attached to or what URL a file was downloaded from.
- Added support to seek and change playback speed for videos in “Application” viewer.
- Improved support for Unicode HTML files in “Application” viewer.
- Added support for webp image files in “Application” viewer.
Ingest Modules:
- Keyword Search module uses Decodetect statistical encoding detection for plain text files. Fixes issues with incorrect detection of Japanese files.
- Embedded File Extractor module uses statistical analysis to determine encoding of file names in ZIP files. Fixes issues with ZIP files created on Windows Japanese computers.
- Solr (Keyword Search module) now uses Japanese-specific tokenization using Kuromoji.
- Fixed Shellbags module in RegRipper (used by Autopsy Recent Activity module) to fix parsing errors.
- Plaso module no longer generates an error if enabled for non-disk image data sources.
- Added support for message attachments that are stored as an external file system file. Expanded Email and Android modules to use this technique.
General:
- Fixed crashes by gstreamer when a video is selected.
- Added initial capability to delete a data source from a case (excludes data in the CR).
- Changed behavior of portable case menu item to automatically open the case and warn if it was already unpacked.
- Fixed bug that caused issues when case metadata had Unicode values.
- Added new Attachment APIs to the CommunicationsArtifactHelper class to support attachments stored as external file system files.
---------------- VERSION 4.13.0 --------------
General:
- Switch from Oracle JDK to OpenJDK.

2
RecentActivity/nbproject/project.xml
View File

@ -60,7 +60,7 @@
<compile-dependency/>
<run-dependency>
<release-version>10</release-version>
<specification-version>10.17</specification-version>
<specification-version>10.18</specification-version>
</run-dependency>
</dependency>
<dependency>

2
Testing/nbproject/project.xml
View File

@ -47,7 +47,7 @@
<compile-dependency/>
<run-dependency>
<release-version>10</release-version>
<specification-version>10.17</specification-version>
<specification-version>10.18</specification-version>
</run-dependency>
</dependency>
<dependency>

2
docs/doxygen-dev/footer.html
View File

@ -1,5 +1,5 @@
<hr/>
<p><i>Copyright &#169; 2012-2019 Basis Technology. Generated on $date<br/>
<p><i>Copyright &#169; 2012-2020 Basis Technology. Generated on $date<br/>
This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p>

4
docs/doxygen-user/Doxyfile
View File

@ -38,7 +38,7 @@ PROJECT_NAME = "Autopsy User Documentation"
# could be handy for archiving the generated documentation or if some version
# control system is used.
PROJECT_NUMBER = 4.13.0
PROJECT_NUMBER = 4.14.0
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
@ -1025,7 +1025,7 @@ GENERATE_HTML = YES
# The default directory is: html.
# This tag requires that the tag GENERATE_HTML is set to YES.
HTML_OUTPUT = 4.13.0
HTML_OUTPUT = 4.14.0
# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each
# generated HTML page (for example: .htm, .php, .asp).

10
docs/doxygen-user/content_viewer.dox
View File

@ -54,6 +54,10 @@ It will display most image types, which can be scaled and rotated:
\image html content_viewer_app_image.png
It displays video files, allowing you to move play/pause, move forward or backward 30 seconds, adjust the volume, and change the playback speed.
\image html content_viewer_video.png
It also allows you to browse SQLite tables and export their contents as CSV:
\image html content_viewer_app_sqlite.png
@ -82,6 +86,12 @@ The File Metadata tab displays basic information about the file, such as type, s
\image html content_viewer_metadata.png
\section cv_context Context
The Context tab shows the the source of attached files and allows you to view the original result. In the image below you can see the context for an image that was sent as an email attachment.
\image html content_viewer_context.png
\section cv_results Results
The Results tab is active when selecting items with associated results such as keyword hits, call logs, and messages. The exact fields displayed depend on the type of result. The two images below show the Results tab for a call log and a web bookmark.

12
docs/doxygen-user/data_sources.dox
View File

@ -3,7 +3,7 @@
A data source is the thing you want to analyze. It can be a disk image, some logical files, a local disk, etc. You must open a case prior to adding a data source to Autopsy.
Autopsy supports four types of data sources:
Autopsy supports multiple types of data sources:
- Disk Image or VM File: A file (or set of files) that is a byte-for-byte copy of a hard drive or media card, or a virtual machine image. (see \ref ds_img)
- Local Disk: Local storage device (local drive, USB-attached drive, etc.). (see \ref ds_local)
- Logical Files: Local files or folders. (see \ref ds_log)
@ -42,7 +42,7 @@ NOTE: If you are adding a data source to a multi-user case, ensure that all Auto
6) After the ingest modules have been configured and the basic examination of the data source is complete, the ingest modules will begin to analyze the file contents.
You cannot remove a data source from a case.
Data sources can be removed from cases created with Autopsy 4.14.0 and later. See the section \ref data_source_deletion "below".
\section ds_img Adding a Disk Image
@ -128,4 +128,12 @@ To add exported text files:
\image html xry_dsp.png
\section data_source_deletion Deleting Data Sources
As of Autopsy 4.14.0, data sources can be removed from cases. Removing a data source will delete all files associate with the data source, as well as all results from running ingest modules, tags, and timeline data. \ref reporting_page "Reports" will not be deleted, as most are not associated with a specific data source. If a new data source was created while processing another (from the \ref vm_extractor_page for example), this new data source will also be deleted if its parent is deleted.
To delete a data source, right click it in either the \ref tree_viewer_page or the \ref result_viewer_page and select "Remove Data Source". If the case was originally created with a version of Autopsy earlier than 4.14.0 then this option will be disabled. After a confirmation dialog, the case will close and then reopen after the data source has been removed.
\image html data_source_delete.png
*/

4
docs/doxygen-user/extension_mismatch.dox
View File

@ -14,6 +14,10 @@ One can add and remove MIME types in the "Tools", "Options", "File Extension Mis
\image html extension-mismatch-detected-configuration.PNG
<br>
If you'd like to contribute your changes back to the community, then you'll need to upload your updated %APPDATA%\autopsy\dev\config\mismatch_config.xml file by either:
- Make a fork of the Github Autopsy repository, copy the new file into the src\org\sleuthkit\autopsy\fileextmismatch folder and submit a pull request
- Attach the entire mismatch_config.xml file to a github issue.
Using the Module
======
Note that you can get a lot of false positives with this module. You can add your own rules to Autopsy to reduce unwanted hits.

189
docs/doxygen-user/file_discovery.dox Normal file
View File

@ -0,0 +1,189 @@
/*! \page file_discovery_page File Discovery
\section file_disc_overview Overview
The file discovery tool shows images or videos that match a set of filters configured by the user. You can choose how to group and order your results in order to see the most relevant data first.
\section file_disc_prereq Prerequisites
We suggest running all \ref ingest_page "ingest modules" before launching file discovery, but if time is a factor the following are the modules that are the most important. You will see a warning if you open file discovery without running the \ref file_type_identification_page and \ref EXIF_parser_page.
Required ingest modules:
<ul>
<li>\ref file_type_identification_page
</ul>
Optional ingest modules:
<ul>
<li>\ref cr_ingest_module - Needed to use the \ref file_disc_occur_filter
<li> \ref EXIF_parser_page - Needed to use the \ref file_disc_user_filter
<li>\ref hash_db_page - Needed to use the \ref file_disc_hash_filter and to de-duplicate files
<li>\ref interesting_files_identifier_page - Needed to use the \ref file_disc_int_filter
<li>\ref object_detection_page - Needed to use the \ref file_disc_obj_filter
</ul>
\section file_disc_run Running File Discovery
To launch file discovery, either click the "File Discovery" icon near the top of the Autopsy UI or go to "Tools", "File Discovery". There are three steps when setting up file discovery, which flow from the top of the panel to the bottom:
<ol>
<li>\ref file_disc_type "Choose the file type"
<li>\ref file_disc_filtering "Set up filters"
<li>\ref file_disc_grouping "Choose how to group and sort the results
</ol>
Once everything is set up, use the "Show" button at the bottom of the left panel to display your results. If you want to cancel a search in progress you can use the "Cancel" button.
\image html FileDiscovery/fd_main.png
\subsection file_disc_type File Type
The first step is choosing whether you want to display images or videos. The file type is determined by the MIME type of the file, which is why the file_type_identification_page must be run to see any results. Switching between the file types will clear any results being displayed and reset the filters.
\image html FileDiscovery/fd_fileType.png
\subsection file_disc_filtering Filtering
The second step is to select and configure your filters. For most filters, you enable them using the checkbox on the left and then select your options. Multiple options can be selected by using CTRL + left click. Files must pass all enabled filters to be displayed.
\subsubsection file_disc_size_filter File Size Filter
The file size filter lets you restrict the size of your results. The options are different for images and videos - an extra small image might be under 16 KB while an extra small video is anything under 500 KB.
\image html FileDiscovery/fd_fileSizeFilter.png
\subsubsection file_disc_ds_filter Data Source Filter
The data source filter lets you restrict which data sources in your case to include in the results.
\image html FileDiscovery/fd_dataSourceFilter.png
\subsubsection file_disc_occur_filter Past Occurrences Filter
The past occurrences filter uses the \ref central_repo_page "central repository" and \ref hash_db_page "known hash sets" to restrict how commom/rare a file must be to be included in the results. By default, the "Known Files" option is disabled, meaning that any file matching the NSRL or other white-listed hash set will not be displayed.
\image html FileDiscovery/fd_pastOccur.png
The counts for the rest of the options are based on how many data sources in your central repository contain a copy of this file (based on hash). If a file only appears in one data source in the current case, then it will match "Unique(1)". If it has only been seen in a few other data source, it will match "Rare(2-10)". Note that it doesn't matter how many times a file appears in each data source - a file could have twenty copies in one data source and still be "unique".
\subsubsection file_disc_user_filter Possibly User Created
The possibly user created filter restricts the results to files that suspected to be raw images or videos.
\image html FileDiscovery/fd_userCreatedFilter.png
This means the image or video must have a "User Content Suspected" result associated with it. These primarily come from the \ref EXIF_parser_page "Exif parser module".
\image html FileDiscovery/fd_userContentArtifact.png
\subsubsection file_disc_hash_filter Hash Set Filter
The hash set filter restricts the results to files found in the selected hash sets. Only notable hash sets that have hits in the current case are listed (though those hits may not be images or videos). See the \ref hash_db_page page for more information on creating and using hash sets.
\image html FileDiscovery/fd_hashSetFilter.png
\subsubsection file_disc_int_filter Interesting Item Filter
The interesting item filter restricts the results to files found in the selected interesting item rule sets. Only interesting file rule sets that have results in the current case are listed (though those matches may not be images or videos). See the \ref interesting_files_identifier_page page for more information on creating and using interesting item rule sets.
\image html FileDiscovery/fd_interestingItemsFilter.png
\subsubsection file_disc_obj_filter Object Detected Filter
The object detected filter restricts the results to files that matched the selected classifiers. Only classifiers that have results in the current case are listed. Note that currently the built-in \ref object_detection_page ingest module only works on images, so you should generally not use this filter with videos. See the \ref object_detection_page page for more information on setting up classifiers.
\image html FileDiscovery/fd_objectFilter.png
\subsubsection file_disc_parent_filter Parent Folder Filter
The parent folder filter either restricts the path the files can be on. This filter works differently than the others in that the individual options do not have to be selected - every rule that has been entered will be applied.
\image html FileDiscovery/fd_parentFilter.png
You can enter paths that should be included and paths that should be ignored. For both you then specify whether the path string you entered is a full path or a substring. For full path matches you'll need to include the leading and trailing slashes. Full path matches are also case-sensitive.
The default options, shown above, will exclude any file that has a "Windows" folder or a "Program Files" folder in its path. It would exclude files like "/Windows/System32/image1.jpg" but would not exclude "/My Pictures/Bay Windows/image2.jpg" because the slashes around "Windows" force it to match the exact folder name.
Here is another example. This rule was created with "Full" and "Include" selected.
\image html FileDiscovery/fd_parentEx2.png
This matches the file "/LogicalFileSet2/File Discovery/bird1.tif" but not any images in subfolders under "File Discovery".
When there are multiple path options in the filter, they will be applied as follows:
<ul>
<li>The file path must match every "exclude" rule to pass
<li>If any "include" rules exist, the file path must match at least one "include" rule to pass
</ul>
This allows you to, for example, make rules to include both the "My Documents" and the "My Pictures" folders.
\subsection file_disc_grouping Grouping and Sorting
The final options are for how you want to group and sort your results.
\image html FileDiscovery/fd_grouping.png
The first option lets you choose the top level grouping for your results and the second option lets you choose how to sort them. The groups appear in the middle column of the file discovery panel. Note that some of the grouping options may not always appear - for example, grouping by past occurrences will only be present if the \ref central_repo_page is enabled, and grouping by hash set will only be present if there are hash set hits in your current case. The example below shows the groups created using the default options (group by file size, order groups by group name):
\image html FileDiscovery/fd_groupingSize.png
In the case of file size and past occurrences, ordering by group name is based on the natural ordering of the group (largest to smallest or most rare to most common). For the other groups it will be alphabetical. Ordering groups by size will sort them based on how many files each group contains, going largest to smallest. For example, here we've grouped by interesting item set and ordered the groups by their size.
\image html FileDiscovery/fd_groupingInt.png
The interesting items filter was not enabled so most images ended up in the "None" group, meaning they have no interesting file result associated with them. The final group in the list contains a file that matched both interesting item rule sets.
The last grouping and sorting option is choosing how to sort the results within a group. This is the order of the results in the top right panel after selecting a group from the middle column. Note that due to the merging of results with the same hash in that panel, ordering by file name, path, or data source can vary. See the \ref file_disc_dedupe section below for more information.
\section file_disc_results Viewing Results
\subsection file_disc_results_overview Overview
Once you select your options and click "Show", you'll see a list of groups in the middle panel. Selecting one of these groups will display the results from that group in the right panel. If your results are images, you'll see thumbnails for each image in the top area of the right panel.
\image html FileDiscovery/fd_resultGroups.png
If your results are videos, each result will display four thumbnails from the video.
\image html FileDiscovery/fd_videos.png
When you select a result from the top of the right panel, you'll see the path to the corresponding file(s) in the "Instances" panel below the thumbnails. There may be more than one file instance associated with a result - see the \ref file_disc_dedupe section below. You can right-click on files in the instances panel to use most of options available in the normal \ref result_viewer_page.
\image html FileDiscovery/fd_instanceContext.png
The bottom section of the panel is identical to the standard \ref content_viewer_page and displays data corresponding to the file instance selected in the middle of the panel.
\subsection file_disc_dedupe De-duplication
Assuming the \ref hash_db_page module has been run, all files in a result group with the same hash will be merged together under a single instance. You can see the number of instances of each file under the thumbnail, and each file instance will be displayed in the middle section of the panel.
\image html FileDiscovery/fd_dupeEx.png
Clicking on a particular instance will load data for that file in the content viewer area at the bottom.
Note that files in different groups will not be merged together or appear under the instances list of each other. For example, if you choose to group by parent folder and have two instances of a file with the same hash but in different folders, each will appear once under its parent folder. Grouping by file size (the default) will always merge every instance of the same file.
\subsection file_disc_icons Status Icons
A number of icons may be displayed in the bottom right of the thumbnails to help point out notable results. Hovering over the icon will display a message explaining why the icon is present. In the image below, the yellow icon is present because the file is associated with an interesting item set.
\image html FileDiscovery/fd_icon.png
Most of the icons match what would be displayed in the "S" column of the normal \ref result_viewer_page.
| Icon | Usage |
|-------|------|
\image html FileDiscovery/yellow-circle-yield.png "" | \ref interesting_files_identifier_page "Interesting file set match" or normal \ref tagging_page "file tag"
\image html FileDiscovery/red-circle-exclamation.png "" | Notable \ref hash_db_page "hash set hit" or notable \ref tagging_page "file tag"
\image html FileDiscovery/file-icon-deleted.png "" | Deleted file (every instance is deleted)
\subsection file_disc_paging Paging
If the group you select has many results, the results will be split up into pages. You can use the left and right arrows to move between pages or type in the page number you wish to go to. You can adjust the number of results per page using the drop down box in the upper right.
\image html FileDiscovery/fd_paging.png
*/

2
docs/doxygen-user/footer.html
View File

@ -1,5 +1,5 @@
<hr/>
<p><i>Copyright &#169; 2012-2019 Basis Technology. Generated on $date<br/>
<p><i>Copyright &#169; 2012-2020 Basis Technology. Generated on $date<br/>
This work is licensed under a
<a rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/us/">Creative Commons Attribution-Share Alike 3.0 United States License</a>.
</i></p>

2
docs/doxygen-user/geolocation.dox
View File

@ -49,7 +49,7 @@ on the Geolocation panel in the Options dialog. There are four options for geolo
<ul>
<li><b>Default online tile server</b>
<ul>
<li>The default Geolocation window tile data source is the Microsoft Virtual Earth server bing.com\maps.
<li>The default Geolocation window tile data source is the Microsoft Virtual Earth server https://www.bing.com/maps.
</ul>
<li><b>OpenStreetMap server</b>
<ul>

BIN
docs/doxygen-user/images/FileDiscovery/fd_dataSourceFilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.1 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_dupeEx.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 155 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_fileSizeFilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.4 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_fileType.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_grouping.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.1 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_groupingInt.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_groupingSize.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_hashSetFilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 142 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_instanceContext.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 78 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_interestingItemsFilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.0 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_loadSettings.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 12 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_main.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 448 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_objectFilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.2 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_paging.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 118 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_parentEx2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_parentFilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.6 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_pastOccur.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.9 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_resultGroups.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 265 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_userContentArtifact.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_userCreatedFilter.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
docs/doxygen-user/images/FileDiscovery/fd_videos.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 418 KiB

BIN
docs/doxygen-user/images/FileDiscovery/file-icon-deleted.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 636 B

BIN
docs/doxygen-user/images/FileDiscovery/red-circle-exclamation.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 314 B

BIN
docs/doxygen-user/images/FileDiscovery/yellow-circle-yield.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 578 B

BIN
docs/doxygen-user/images/content_viewer_annotations.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

BIN
docs/doxygen-user/images/content_viewer_app_image.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 293 KiB

After

Width:  |  Height:  |  Size: 293 KiB

BIN
docs/doxygen-user/images/content_viewer_app_plist.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 25 KiB

BIN
docs/doxygen-user/images/content_viewer_app_sqlite.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 26 KiB

After

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/doxygen-user/images/content_viewer_context.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 32 KiB

BIN
docs/doxygen-user/images/content_viewer_hex.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/doxygen-user/images/content_viewer_html.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 27 KiB

After

Width:  |  Height:  |  Size: 27 KiB

BIN
docs/doxygen-user/images/content_viewer_indexed_text.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/doxygen-user/images/content_viewer_message.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 23 KiB

After

Width:  |  Height:  |  Size: 24 KiB

BIN
docs/doxygen-user/images/content_viewer_metadata.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/doxygen-user/images/content_viewer_other_occurrences.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 21 KiB

After

Width:  |  Height:  |  Size: 22 KiB

BIN
docs/doxygen-user/images/content_viewer_registry.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 32 KiB

After

Width:  |  Height:  |  Size: 33 KiB

BIN
docs/doxygen-user/images/content_viewer_results_bookmark.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 18 KiB

After

Width:  |  Height:  |  Size: 19 KiB

BIN
docs/doxygen-user/images/content_viewer_results_call.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 20 KiB

BIN
docs/doxygen-user/images/content_viewer_strings_cyrillic.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 37 KiB

BIN
docs/doxygen-user/images/content_viewer_strings_latin.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 28 KiB

Some files were not shown because too many files have changed in this diff Show More