From ff96ae6f13476d8e7fe06739d28c0704aadf438f Mon Sep 17 00:00:00 2001 From: adam-m Date: Wed, 2 May 2012 00:26:43 -0400 Subject: [PATCH] Merge branch 'master' of https://github.com/sleuthkit/autopsy - fix previous merge --- .../recentactivity/BrowserActivity.java | 64 +- .../recentactivity/BrowserActivityType.java | 64 +- .../autopsy/recentactivity/BrowserType.java | 64 +- .../autopsy/recentactivity/Chrome.java | 677 +++++++++-------- .../autopsy/recentactivity/ExtractAll.java | 111 +-- .../autopsy/recentactivity/ExtractIE.java | 486 ++++++------ .../recentactivity/ExtractRegistry.java | 465 ++++++------ .../autopsy/recentactivity/Firefox.java | 490 +++++++------ .../recentactivity/JavaSystemCaller.java | 688 +++++++++-------- .../recentactivity/RAImageIngestService.java | 70 +- .../autopsy/recentactivity/Util.java | 269 ++++--- .../autopsy/recentactivity/dbconnect.java | 47 +- .../autopsy/recentactivity/layer.xml | 4 +- .../recentactivity/sqlitedbconnect.java | 190 ++--- .../org/sleuthkit/autopsy/report/report.java | 489 ++++++------- .../autopsy/report/reportAction.java | 119 +-- .../autopsy/report/reportFilter.form | 31 +- .../autopsy/report/reportFilter.java | 286 +++++--- .../autopsy/report/reportFilterAction.java | 13 +- .../sleuthkit/autopsy/report/reportHTML.java | 656 ++++++++--------- .../sleuthkit/autopsy/report/reportPanel.form | 2 +- .../sleuthkit/autopsy/report/reportPanel.java | 158 ++-- .../autopsy/report/reportPanelAction.java | 73 +- .../sleuthkit/autopsy/report/reportUtils.java | 76 +- .../sleuthkit/autopsy/report/reportXLS.java | 692 +++++++++--------- .../sleuthkit/autopsy/report/reportXML.java | 292 ++++---- 26 files changed, 3407 insertions(+), 3169 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivity.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivity.java index ce72e7ef54..a99226768d 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivity.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivity.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; @@ -13,34 +29,36 @@ import java.util.Map; * @author arivera */ public enum BrowserActivity { - IE(0), - FF(1), - CH(2); - private static final Map lookup - = new HashMap(); + + IE(0), + FF(1), + CH(2); + private static final Map lookup = new HashMap(); static { - for(BrowserActivity bat : values()) + for (BrowserActivity bat : values()) { lookup.put(bat.type, bat); + } + } + private int type; + + private BrowserActivity(int type) { + this.type = type; } - - private int type; - - private BrowserActivity(int type) - { - this.type = type; - } - - public int getType() { return type; } + public int getType() { + return type; + } public static BrowserActivity get(int type) { - switch(type) { - case 0: return IE; - case 1: return FF; - case 2: return CH; + switch (type) { + case 0: + return IE; + case 1: + return FF; + case 2: + return CH; } return null; } - } \ No newline at end of file diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivityType.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivityType.java index b22a80975f..6443fd91e3 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivityType.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivityType.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; @@ -13,34 +29,36 @@ import java.util.Map; * @author arivera */ public enum BrowserActivityType { - Cookies(0), - Url(1), - Bookmarks(2); - private static final Map lookup - = new HashMap(); + + Cookies(0), + Url(1), + Bookmarks(2); + private static final Map lookup = new HashMap(); static { - for(BrowserActivityType bat : values()) + for (BrowserActivityType bat : values()) { lookup.put(bat.type, bat); + } + } + private int type; + + private BrowserActivityType(int type) { + this.type = type; } - - private int type; - - private BrowserActivityType(int type) - { - this.type = type; - } - - public int getType() { return type; } + public int getType() { + return type; + } public static BrowserActivityType get(int type) { - switch(type) { - case 0: return Cookies; - case 1: return Url; - case 2: return Bookmarks; + switch (type) { + case 0: + return Cookies; + case 1: + return Url; + case 2: + return Bookmarks; } return null; } - } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserType.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserType.java index 494a10ba10..d272bfd776 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserType.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserType.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; @@ -12,34 +28,36 @@ import java.util.Map; * @author arivera */ public enum BrowserType { - IE(0), //Internet Explorer - FF(1), //Firefox - CH(2); //Chrome - private static final Map lookup - = new HashMap(); + + IE(0), //Internet Explorer + FF(1), //Firefox + CH(2); //Chrome + private static final Map lookup = new HashMap(); static { - for(BrowserType bt : values()) + for (BrowserType bt : values()) { lookup.put(bt.type, bt); + } + } + private int type; + + private BrowserType(int type) { + this.type = type; } - - private int type; - - private BrowserType(int type) - { - this.type = type; - } - - public int getType() { return type; } + public int getType() { + return type; + } public static BrowserType get(int type) { - switch(type) { - case 0: return IE; - case 1: return FF; - case 2: return CH; + switch (type) { + case 0: + return IE; + case 1: + return FF; + case 2: + return CH; } return null; } - } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index 8c08e45054..0025df247b 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -1,8 +1,25 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; + import com.google.gson.JsonArray; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -25,398 +42,410 @@ import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; + /** * * @author Alex */ - - public class Chrome { - - public static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " - + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; - public static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; - public static final String chbookmarkquery = "SELECT starred.title, urls.url, starred.date_added, starred.date_modified, urls.typed_count,urls._last_visit_time FROM starred INNER JOIN urls ON urls.id = starred.url_id"; - public static final String chdownloadquery = "select full_path, url, start_time, received_bytes from downloads"; - public static final String chloginquery = "select origin_url, username_value, signon_realm from logins"; - private final Logger logger = Logger.getLogger(this.getClass().getName()); - public int ChromeCount = 0; - - public Chrome(){ - - } - - public void getchdb(List image, IngestImageWorkerController controller){ - - try - { + public static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " + + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; + public static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; + public static final String chbookmarkquery = "SELECT starred.title, urls.url, starred.date_added, starred.date_modified, urls.typed_count,urls._last_visit_time FROM starred INNER JOIN urls ON urls.id = starred.url_id"; + public static final String chdownloadquery = "select full_path, url, start_time, received_bytes from downloads"; + public static final String chloginquery = "select origin_url, username_value, signon_realm from logins"; + private final Logger logger = Logger.getLogger(this.getClass().getName()); + public int ChromeCount = 0; + + public Chrome() { + } + + public void getchdb(List image, IngestImageWorkerController controller) { + + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - List FFSqlitedb; - Map kvs = new LinkedHashMap(); + List FFSqlitedb = null; + Map kvs = new LinkedHashMap(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' AND parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + ChromeCount = FFSqlitedb.size(); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' AND parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - ChromeCount = FFSqlitedb.size(); - - rs.close(); - rs.getStatement().close(); int j = 0; - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to write to disk.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chquery); - - while(temprs.next()) - { - String domain = Util.extractDomain(temprs.getString("url")); - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Accessed",(temprs.getLong("last_visit_time")/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("from_visit"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } - - j++; - dbFile.delete(); - } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); - } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //COOKIES section - // This gets the cookie info - try - { - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) - allFS += " AND (0"; - allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) - allFS += ")"; - } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%Cookies%' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) - { - String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; - String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); - File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chcookiequery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); - Collection bbattributes = new ArrayList(); - String domain = temprs.getString("host_key"); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host_key"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",(temprs.getLong("last_access_utc")/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",temprs.getString("value"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chquery); + + while (temprs.next()) { + try { + String domain = Util.extractDomain(temprs.getString("url")); + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("url"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Accessed", (temprs.getLong("last_visit_time") / 10000))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", temprs.getString("from_visit"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", ((temprs.getString("title") != null) ? temprs.getString("title") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to insert BB artifact.{0}", ex); + } + + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //BOokmarks section - // This gets the bm info - try - { + + + //COOKIES section + // This gets the cookie info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%Cookies%' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'Bookmarks' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; - - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + String connectionString = "jdbc:sqlite:" + temps; + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to write IO.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chcookiequery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); + Collection bbattributes = new ArrayList(); + String domain = temprs.getString("host_key"); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host_key"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", (temprs.getLong("last_access_utc") / 10000))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + j++; + dbFile.delete(); + } + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); + } + + + //BOokmarks section + // This gets the bm info + try { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { + allFS += " AND (0"; + } + allFS += " OR fs_obj_id = '" + image.get(i) + "'"; + if (i == image.size() - 1) { + allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'Bookmarks' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + int j = 0; + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) + { + while (j < FFSqlitedb.size()) { + String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to write IO {0}", ex); + } + File dbFile = new File(temps); + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + final JsonParser parser = new JsonParser(); - JsonElement jsonElement = parser.parse(new FileReader(temps)); + JsonElement jsonElement = parser.parse(new FileReader(temps)); JsonObject test = jsonElement.getAsJsonObject(); JsonObject whatever = test.get("roots").getAsJsonObject(); JsonObject whatever2 = whatever.get("bookmark_bar").getAsJsonObject(); JsonArray whatever3 = whatever2.getAsJsonArray("children"); - - // JsonArray results = parser.parse(new FileReader(temps)).getAsJsonObject().getAsJsonArray("roots").getAsJsonObject().getAsJsonArray("bookmark_bar").get(0).getAsJsonObject().getAsJsonArray("children"); - for (JsonElement result : whatever3) { - - JsonObject address = result.getAsJsonObject(); - String url = address.get("url").getAsString(); - String name = address.get("name").getAsString(); - Long date = address.get("date_added").getAsLong(); - String domain = Util.extractDomain(url); - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",(date/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",url)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - } + for (JsonElement result : whatever3) { + try { + JsonObject address = result.getAsJsonObject(); + String url = address.get("url").getAsString(); + String name = address.get("name").getAsString(); + Long date = address.get("date_added").getAsLong(); + String domain = Util.extractDomain(url); + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (date / 10000))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", name)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to insert BB artifact{0}", ex); + } + } - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into the Bookmarks for Chrome." + ex); - } + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into the Bookmarks for Chrome." + ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //Downloads section - // This gets the downloads info - try - { + + + //Downloads section + // This gets the downloads info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - List FFSqlitedb; - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + List FFSqlitedb = null; + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'History' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chdownloadquery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); - Collection bbattributes = new ArrayList(); - String domain = Util.extractDomain(temprs.getString("url")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",(temprs.getLong("start_time")/10000))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : ""))); - //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),"RecentActivity","",Util.findID(temprs.getString("full_path")))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chdownloadquery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); + Collection bbattributes = new ArrayList(); + String domain = Util.extractDomain(temprs.getString("url")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (temprs.getLong("start_time") / 10000))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : ""))); + //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", temprs.getString("full_path"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(temprs.getString("full_path")))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + + } + tempdbconnect.closeConnection(); + temprs.close(); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } + } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - //Login/Password section - // This gets the user info - try - { + + + //Login/Password section + // This gets the user info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'signons.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Chrome%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(chloginquery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("start_time"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity","", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",Util.extractDomain(((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Chrome")); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(chloginquery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", ((temprs.getString("username_value") != null) ? temprs.getString("username_value").replaceAll("'", "''") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "Recent Activity", "", temprs.getString("signon_realm"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(((temprs.getString("origin_url") != null) ? temprs.getString("origin_url") : "")))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Chrome")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Chrome SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - + } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java index 6cc7779ff5..892851768c 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractAll.java @@ -1,9 +1,26 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; +import java.sql.SQLException; import java.util.List; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; @@ -12,49 +29,51 @@ import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; * @author Alex */ public class ExtractAll { - - void ExtractAll(){ - - } - - public boolean extractToBlackboard(IngestImageWorkerController controller, List imgIds){ - controller.switchToDeterminate(3); - try{ - // Will make registry entries later, comment out for DEMO ONLY - controller.switchToDeterminate(4); - controller.progress(0); - ExtractRegistry eree = new ExtractRegistry(); - eree.getregistryfiles(imgIds, controller); - controller.progress(1); - if (controller.isCancelled()) - return true; - - Firefox ffre = new Firefox(); - ffre.getffdb(imgIds, controller); - controller.progress(2); - if (controller.isCancelled()) - return true; - - Chrome chre = new Chrome(); - chre.getchdb(imgIds, controller); - controller.progress(3); - if (controller.isCancelled()) - return true; - - ExtractIE eere = new ExtractIE(imgIds, controller); - eere.parsePascoResults(); - controller.progress(4); - if (controller.isCancelled()) - return true; - //Find a way to put these results into BB - + void ExtractAll() { + } + + public boolean extractToBlackboard(IngestImageWorkerController controller, List imgIds) { + controller.switchToDeterminate(3); + try { + // Will make registry entries later, comment out for DEMO ONLY + controller.switchToDeterminate(4); + controller.progress(0); + ExtractRegistry eree = new ExtractRegistry(); + eree.getregistryfiles(imgIds, controller); + controller.progress(1); + if (controller.isCancelled()) { return true; - } - catch(Error e){ - return false; - } - - } - + } + + Firefox ffre = new Firefox(); + ffre.getffdb(imgIds, controller); + controller.progress(2); + if (controller.isCancelled()) { + return true; + } + + Chrome chre = new Chrome(); + chre.getchdb(imgIds, controller); + controller.progress(3); + if (controller.isCancelled()) { + return true; + } + + ExtractIE eere = new ExtractIE(imgIds, controller); + eere.parsePascoResults(); + controller.progress(4); + if (controller.isCancelled()) { + return true; + } + //Find a way to put these results into BB + + return true; + } catch (SQLException e) { + return false; + } catch (Error e) { + return false; + } + + } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java index f93a76534f..483a302d18 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java @@ -1,15 +1,17 @@ -/* + /* + * * Autopsy Forensic Browser - * - * Copyright 2011 Basis Technology Corp. - * Contact: carrier sleuthkit org - * + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,7 +29,6 @@ import java.io.IOException; import java.sql.ResultSet; //Util Imports -import java.sql.SQLException; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -43,7 +44,6 @@ import java.util.regex.Pattern; // TSK Imports import org.openide.modules.InstalledFileLocator; -import org.openide.util.Exceptions; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.DataConversion; @@ -58,7 +58,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskException; +import org.sleuthkit.autopsy.coreutils.PlatformUtil; public class ExtractIE { // implements BrowserActivity { @@ -69,220 +69,223 @@ public class ExtractIE { // implements BrowserActivity { private String recentQuery = "select * from `tsk_files` where parent_path LIKE '%/Recent%' and name LIKE '%.lnk'"; //sleauthkit db handle SleuthkitCase tempDb; - //paths set in init() private String PASCO_RESULTS_PATH; private String PASCO_LIB_PATH; - + private String JAVA_PATH; //Results List to be referenced/used outside the class public ArrayList> PASCO_RESULTS_LIST = new ArrayList>(); //Look Up Table that holds Pasco2 results private HashMap PASCO_RESULTS_LUT; private KeyValue IE_PASCO_LUT = new KeyValue(BrowserType.IE.name(), BrowserType.IE.getType()); public LinkedHashMap IE_OBJ; - - boolean pascoFound = false; public ExtractIE(List image, IngestImageWorkerController controller) { init(image, controller); - + //Favorites section - // This gets the favorite info - try - { + // This gets the favorite info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FavoriteList = new ArrayList(); + try { + ResultSet rs = tempDb.runQuery(favoriteQuery + allFS); + FavoriteList = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FavoriteList; - ResultSet rs = tempDb.runQuery(favoriteQuery + allFS); - FavoriteList = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - - for(FsContent Favorite : FavoriteList) - { - if (controller.isCancelled() ) { - break; - } + for (FsContent Favorite : FavoriteList) { + if (controller.isCancelled()) { + break; + } Content fav = Favorite; byte[] t = new byte[(int) fav.getSize()]; final int bytesRead = fav.read(t, 0, fav.getSize()); String bookmarkString = new String(t); - String re1=".*?"; // Non-greedy match on filler - String re2="((?:http|https)(?::\\/{2}[\\w]+)(?:[\\/|\\.]?)(?:[^\\s\"]*))"; // HTTP URL 1 + String re1 = ".*?"; // Non-greedy match on filler + String re2 = "((?:http|https)(?::\\/{2}[\\w]+)(?:[\\/|\\.]?)(?:[^\\s\"]*))"; // HTTP URL 1 String url = ""; - Pattern p = Pattern.compile(re1+re2,Pattern.CASE_INSENSITIVE | Pattern.DOTALL); + Pattern p = Pattern.compile(re1 + re2, Pattern.CASE_INSENSITIVE | Pattern.DOTALL); Matcher m = p.matcher(bookmarkString); - if (m.find()) - { - url = m.group(1); + if (m.find()) { + url = m.group(1); } String name = Favorite.getName(); - String datetime = Favorite.getCrtimeAsDate(); + Long datetime = Favorite.getCrtime(); String domain = Util.extractDomain(url); - BlackboardArtifact bbart = Favorite.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",datetime)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",url)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); - + try { + BlackboardArtifact bbart = Favorite.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", datetime)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", name)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } - } - catch(TskException ex) - { + } catch (Exception ex) { logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); } - catch(SQLException ioex) - { - logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex); - } - - //Cookies section - // This gets the cookies info - try - { + + + //Cookies section + // This gets the cookies info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List CookiesList = new ArrayList(); + try { + ResultSet rs = tempDb.runQuery(cookiesQuery + allFS); + CookiesList = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List CookiesList; - ResultSet rs = tempDb.runQuery(cookiesQuery + allFS); - CookiesList = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - - for(FsContent Cookie : CookiesList) - { - if (controller.isCancelled() ) { - break; - } + for (FsContent Cookie : CookiesList) { + if (controller.isCancelled()) { + break; + } Content fav = Cookie; byte[] t = new byte[(int) fav.getSize()]; final int bytesRead = fav.read(t, 0, fav.getSize()); String cookieString = new String(t); - - String[] values = cookieString.split("\n"); + + String[] values = cookieString.split("\n"); String url = values.length > 2 ? values[2] : ""; String value = values.length > 1 ? values[1] : ""; String name = values.length > 0 ? values[0] : ""; - String datetime = Cookie.getCrtimeAsDate(); - String domain = Util.extractDomain(url); - BlackboardArtifact bbart = Cookie.newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity", "Last Visited",datetime)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),"RecentActivity", "",value)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",(name != null) ? name : "")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbart.addAttributes(bbattributes); - + Long datetime = Cookie.getCrtime(); + String domain = Util.extractDomain(url); + try { + BlackboardArtifact bbart = Cookie.newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", url)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", datetime)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", value)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", (name != null) ? name : "")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } - - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); - } - catch(TskException ex) - { + + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } catch (Exception ex) { logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); } - catch(SQLException ioex) - { - logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex); - } - - - //Recent Documents section - // This gets the recent object info - try - { + + + + //Recent Documents section + // This gets the recent object info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } } - List RecentList; + List RecentList = new ArrayList(); - ResultSet rs = tempDb.runQuery(recentQuery + allFS); - RecentList = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - - for(FsContent Recent : RecentList) - { - if (controller.isCancelled() ) { - break; - } + try { + ResultSet rs = tempDb.runQuery(recentQuery + allFS); + RecentList = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + + for (FsContent Recent : RecentList) { + if (controller.isCancelled()) { + break; + } Content fav = Recent; - - byte[] t = new byte[(int) fav.getSize()]; + + byte[] t = new byte[(int) fav.getSize()]; int bytesRead = 0; if (fav.getSize() > 0) { bytesRead = fav.read(t, 0, fav.getSize()); // read the data - } + } // set the data on the bottom and show it - - String recentString = new String(); - + + String recentString = new String(); + if (bytesRead > 0) { - recentString = DataConversion.getString(t, bytesRead, 4); + recentString = DataConversion.getString(t, bytesRead, 4); } - - + + String path = Util.getPath(recentString); String name = Util.getFileName(path); - String datetime = Recent.getCrtimeAsDate(); - BlackboardArtifact bbart = Recent.newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),"RecentActivity","Last Visited",path)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","",name)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),"RecentActivity","",Util.findID(path))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),"RecentActivity","Date Created",datetime)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Windows Explorer")); - bbart.addAttributes(bbattributes); - + Long datetime = Recent.getCrtime(); + try { + BlackboardArtifact bbart = Recent.newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", "Last Visited", path)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", name)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(path))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Date Created", datetime)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Windows Explorer")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT)); - - } - catch(TskException ex) - { + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT)); + + } catch (Exception ex) { logger.log(Level.WARNING, "Error while trying to retrieve content from the TSK .", ex); } - catch(SQLException ioex) - { - logger.log(Level.WARNING, "Error while trying to retrieve files from the TSK .", ioex); - } - - + + + } //@Override @@ -293,44 +296,52 @@ public class ExtractIE { // implements BrowserActivity { private void init(List image, IngestImageWorkerController controller) { final Case currentCase = Case.getCurrentCase(); final String caseDir = Case.getCurrentCase().getCaseDirectory(); - PASCO_RESULTS_PATH = caseDir + File.separator + "recentactivity" + File.separator + "results"; - + PASCO_RESULTS_PATH = Case.getCurrentCase().getTempDirectory() + File.separator + "results"; + JAVA_PATH = PlatformUtil.getJavaPath(); + if (JAVA_PATH.isEmpty() || JAVA_PATH == null) { + JAVA_PATH = "java"; + } logger.log(Level.INFO, "Pasco results path: " + PASCO_RESULTS_PATH); - - final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false); - if (pascoRoot == null) { - logger.log(Level.SEVERE, "Pasco2 not found"); - pascoFound = false; - return; - } - else { - pascoFound = true; - } - + + final File pascoRoot = InstalledFileLocator.getDefault().locate("pasco2", ExtractIE.class.getPackage().getName(), false); + if (pascoRoot == null) { + logger.log(Level.SEVERE, "Pasco2 not found"); + pascoFound = false; + return; + } else { + pascoFound = true; + } + final String pascoHome = pascoRoot.getAbsolutePath(); logger.log(Level.INFO, "Pasco2 home: " + pascoHome); - - PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator - + pascoHome + File.separator + "*"; + + PASCO_LIB_PATH = pascoHome + File.separator + "pasco2.jar" + File.pathSeparator + + pascoHome + File.separator + "*"; try { File resultsDir = new File(PASCO_RESULTS_PATH); resultsDir.mkdirs(); - Collection FsContentCollection; + Collection FsContentCollection = null; tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + try { + ResultSet rs = tempDb.runQuery(indexDatQueryStr + allFS); + FsContentCollection = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - ResultSet rs = tempDb.runQuery(indexDatQueryStr + allFS); - FsContentCollection = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); String temps; String indexFileName; @@ -340,22 +351,21 @@ public class ExtractIE { // implements BrowserActivity { // index.dat (i.e. index0.dat, index1.dat,..., indexN.dat) // Write each index.dat file to a temp directory. //BlackboardArtifact bbart = fsc.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - indexFileName = "index" + Integer.toString((int)fsc.getId()) + ".dat"; + indexFileName = "index" + Integer.toString((int) fsc.getId()) + ".dat"; //indexFileName = "index" + Long.toString(bbart.getArtifactID()) + ".dat"; temps = currentCase.getTempDirectory() + File.separator + indexFileName; File datFile = new File(temps); - if (controller.isCancelled() ) { - datFile.delete(); - break; - } + if (controller.isCancelled()) { + datFile.delete(); + break; + } try { ContentUtils.writeToFile(fsc, datFile); - } - catch (IOException e) { + } catch (IOException e) { logger.log(Level.WARNING, "Error while trying to write index.dat file " + datFile.getAbsolutePath(), e); } - boolean bPascProcSuccess = executePasco(temps, (int)fsc.getId()); + boolean bPascProcSuccess = executePasco(temps, (int) fsc.getId()); //At this point pasco2 proccessed the index files. //Now fetch the results, parse them and the delete the files. @@ -368,9 +378,9 @@ public class ExtractIE { // implements BrowserActivity { } catch (Exception ioex) { logger.log(Level.SEVERE, "Error while trying to write index.dat files.", ioex); } - + //bookmarks - + //cookies } @@ -378,8 +388,9 @@ public class ExtractIE { // implements BrowserActivity { // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. private boolean executePasco(String indexFilePath, int fileIndex) { - if (pascoFound == false) + if (pascoFound == false) { return false; + } boolean success = true; try { @@ -391,9 +402,9 @@ public class ExtractIE { // implements BrowserActivity { command.append(" -T history"); command.append(" \"").append(indexFilePath).append("\""); command.append(" > \"").append(PASCO_RESULTS_PATH).append("\\pasco2Result.").append(Integer.toString(fileIndex)).append(".txt\""); - // command.add(" > " + "\"" + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId) + "\""); + // command.add(" > " + "\"" + PASCO_RESULTS_PATH + File.separator + Long.toString(bbId) + "\""); String cmd = command.toString(); - JavaSystemCaller.Exec.execute("\"java "+cmd+ "\""); + JavaSystemCaller.Exec.execute("\"" + JAVA_PATH + " " + cmd + "\""); } catch (Exception e) { success = false; @@ -404,8 +415,9 @@ public class ExtractIE { // implements BrowserActivity { } public void parsePascoResults() { - if (pascoFound == false) + if (pascoFound == false) { return; + } // First thing we want to do is check to make sure the results directory // is not empty. File rFile = new File(PASCO_RESULTS_PATH); @@ -421,8 +433,8 @@ public class ExtractIE { // implements BrowserActivity { if (pascoFiles.length > 0) { try { for (File file : pascoFiles) { - String fileName = file.getName(); - long artObjId = Long.parseLong(fileName.substring(fileName.indexOf(".")+1, fileName.lastIndexOf("."))); + String fileName = file.getName(); + long artObjId = Long.parseLong(fileName.substring(fileName.indexOf(".") + 1, fileName.lastIndexOf("."))); //bbartname = bbartname.substring(0, 4); // Make sure the file the is not empty or the Scanner will @@ -433,7 +445,7 @@ public class ExtractIE { // implements BrowserActivity { fileScanner.nextLine(); fileScanner.nextLine(); fileScanner.nextLine(); - // long inIndexId = 0; + // long inIndexId = 0; while (fileScanner.hasNext()) { //long bbartId = Long.parseLong(bbartname + inIndexId++); @@ -449,56 +461,58 @@ public class ExtractIE { // implements BrowserActivity { try { String[] lineBuff = line.split("\\t"); PASCO_RESULTS_LUT = new HashMap(); - String url[] = lineBuff[1].split("@",2); + String url[] = lineBuff[1].split("@", 2); String ddtime = lineBuff[2]; String actime = lineBuff[3]; - Long ftime = (long)0; + Long ftime = (long) 0; String user = ""; String realurl = ""; String domain = ""; - if(url.length > 1) - { - user = url[0]; - user = user.replace("Visited:", ""); - user = user.replace(":Host:", ""); - user = user.replaceAll("(:)(.*?)(:)", ""); - user = user.trim(); - realurl = url[1]; - realurl = realurl.replace("Visited:", ""); - realurl = realurl.replaceAll(":(.*?):", ""); - realurl = realurl.replace(":Host:", ""); - realurl = realurl.trim(); - domain = Util.extractDomain(realurl); - } - if(!ddtime.isEmpty()){ - ddtime = ddtime.replace("T"," "); - ddtime = ddtime.substring(ddtime.length()-5); - } - if(!actime.isEmpty()){ - try{ - Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(actime).getTime(); - ftime = epochtime.longValue(); + if (url.length > 1) { + user = url[0]; + user = user.replace("Visited:", ""); + user = user.replace(":Host:", ""); + user = user.replaceAll("(:)(.*?)(:)", ""); + user = user.trim(); + realurl = url[1]; + realurl = realurl.replace("Visited:", ""); + realurl = realurl.replaceAll(":(.*?):", ""); + realurl = realurl.replace(":Host:", ""); + realurl = realurl.trim(); + domain = Util.extractDomain(realurl); } - catch(ParseException e){ - logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage()); + if (!ddtime.isEmpty()) { + ddtime = ddtime.replace("T", " "); + ddtime = ddtime.substring(ddtime.length() - 5); } - } - + if (!actime.isEmpty()) { + try { + Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(actime).getTime(); + ftime = epochtime.longValue(); + } catch (ParseException e) { + logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage()); + } + } + // TODO: Need to fix this so we have the right obj_id - BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", ftime)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "")); - - // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",domain)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(),"RecentActivity","",user)); - bbart.addAttributes(bbattributes); + try { + BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl)); + + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", ftime)); + + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "")); + + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime)); + + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "Internet Explorer")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", domain)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USERNAME.getTypeID(), "RecentActivity", "", user)); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } //KeyValueThing //This will be redundant in terms IE.name() because of @@ -508,9 +522,9 @@ public class ExtractIE { // implements BrowserActivity { IE_PASCO_LUT.addMap(IE_OBJ); PASCO_RESULTS_LIST.add(PASCO_RESULTS_LUT); - } catch (TskException ex) { - Exceptions.printStackTrace(ex); - } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } } } @@ -524,7 +538,7 @@ public class ExtractIE { // implements BrowserActivity { } } - - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index e6a6df1ab1..251c1f68fa 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -4,22 +4,14 @@ */ package org.sleuthkit.autopsy.recentactivity; -import java.io.BufferedReader; import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.StringReader; +import java.io.*; import java.sql.ResultSet; -import java.sql.SQLException; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; -import java.util.Scanner; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.*; import java.util.logging.Level; import java.util.logging.Logger; -import org.apache.commons.lang3.StringEscapeUtils; import org.jdom.Document; import org.jdom.Element; import org.jdom.input.SAXBuilder; @@ -27,15 +19,9 @@ import org.openide.modules.InstalledFileLocator; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; -import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; -import org.sleuthkit.datamodel.Content; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; - - +import org.sleuthkit.datamodel.*; /** * @@ -43,271 +29,232 @@ import org.sleuthkit.datamodel.SleuthkitCase; */ public class ExtractRegistry { - public Logger logger = Logger.getLogger(this.getClass().getName()); - private String RR_PATH; - boolean rrFound = false; - private int sysid; - ExtractRegistry(){ + public Logger logger = Logger.getLogger(this.getClass().getName()); + private String RR_PATH; + boolean rrFound = false; + private int sysid; + + ExtractRegistry() { final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); - if (rrRoot == null) { - logger.log(Level.SEVERE, "RegRipper not found"); - rrFound = false; - return; - } - else { - rrFound = true; - } - try{ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); - - while (artset.next()){ - sysid = artset.getInt("artifact_type_id"); - } - } - catch(Exception e){ - - } - final String rrHome = rrRoot.getAbsolutePath(); - logger.log(Level.INFO, "RegRipper home: " + rrHome); - - RR_PATH = rrHome + File.separator + "rip.exe"; - } - - - -public void getregistryfiles(List image, IngestImageWorkerController controller){ - try - { + if (rrRoot == null) { + logger.log(Level.SEVERE, "RegRipper not found"); + rrFound = false; + return; + } else { + rrFound = true; + } + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) - allFS += " AND (0"; - allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) - allFS += ")"; + ResultSet artset = tempDb.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); + + while (artset.next()) { + sysid = artset.getInt("artifact_type_id"); } - List Regfiles; - ResultSet rs = tempDb.runQuery("select * from tsk_files where lower(name) = 'ntuser.dat' OR lower(parent_path) LIKE '%/system32/config%' and (name LIKE 'system' OR name LIKE 'software' OR name = 'SECURITY' OR name = 'SAM' OR name = 'default')" + allFS); - Regfiles = tempDb.resultSetToFsContents(rs); - + } catch (Exception e) { + } + final String rrHome = rrRoot.getAbsolutePath(); + logger.log(Level.INFO, "RegRipper home: " + rrHome); + + RR_PATH = rrHome + File.separator + "rip.exe"; + } + + public void getregistryfiles(List image, IngestImageWorkerController controller) { + try { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { + allFS += " AND (0"; + } + allFS += " OR fs_obj_id = '" + image.get(i) + "'"; + if (i == image.size() - 1) { + allFS += ")"; + } + } + List Regfiles = new ArrayList(); + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where lower(name) = 'ntuser.dat' OR lower(parent_path) LIKE '%/system32/config%' and (name LIKE 'system' OR name LIKE 'software' OR name = 'SECURITY' OR name = 'SAM' OR name = 'default')" + allFS); + Regfiles = tempDb.resultSetToFsContents(rs); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + int j = 0; - - while (j < Regfiles.size()) - { + + while (j < Regfiles.size()) { boolean Success; Content orgFS = Regfiles.get(j); long orgId = orgFS.getId(); String temps = currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName().toString(); - ContentUtils.writeToFile(Regfiles.get(j), new File(currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName())); + try { + ContentUtils.writeToFile(Regfiles.get(j), new File(currentCase.getTempDirectory() + "\\" + Regfiles.get(j).getName())); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File regFile = new File(temps); - - String txtPath = executeRegRip(temps, j); - if(txtPath.length() > 0) - { - Success = parseReg(txtPath,orgId); - } - else - { - Success = false; - } - //At this point pasco2 proccessed the index files. - //Now fetch the results, parse them and the delete the files. - if(Success) - { - //Delete dat file since it was succcessful - regFile.delete(); - } - j++; - - - - } - } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Registry files", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } -} + String txtPath = executeRegRip(temps, j); + if (txtPath.length() > 0) { + Success = parseReg(txtPath, orgId); + } else { + Success = false; + } + //At this point pasco2 proccessed the index files. + //Now fetch the results, parse them and the delete the files. + if (Success) { + //Delete dat file since it was succcessful + regFile.delete(); + } + j++; + + } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Registry files", ex); + } + + } // TODO: Hardcoded command args/path needs to be removed. Maybe set some constants and set env variables for classpath // I'm not happy with this code. Can't stand making a system call, is not an acceptable solution but is a hack for now. - private String executeRegRip(String regFilePath, int fileIndex) - { - String txtPath = regFilePath + Integer.toString(fileIndex) + ".txt"; - String type = ""; - + private String executeRegRip(String regFilePath, int fileIndex) { + String txtPath = regFilePath + Integer.toString(fileIndex) + ".txt"; + String type = ""; - try - { - - if(regFilePath.toLowerCase().contains("system")) - { - type = "autopsysystem"; - } - if(regFilePath.toLowerCase().contains("software")) - { - type = "autopsysoftware"; - } - if(regFilePath.toLowerCase().contains("ntuser")) - { - type = "autopsy"; - } - if(regFilePath.toLowerCase().contains("default")) - { - type = "1default"; - } - if(regFilePath.toLowerCase().contains("sam")) - { - type = "1sam"; - } - if(regFilePath.toLowerCase().contains("security")) - { - type = "1security"; - } - String command = "\"" + RR_PATH + "\" -r \"" + regFilePath +"\" -f " + type + " > \"" + txtPath + "\" 2> NUL"; - JavaSystemCaller.Exec.execute("\""+command + "\""); - + try { - } - catch(Exception e) - { - - logger.log(Level.SEVERE, "ExtractRegistry::executeRegRip() -> " ,e.getMessage() ); - } + if (regFilePath.toLowerCase().contains("system")) { + type = "autopsysystem"; + } + if (regFilePath.toLowerCase().contains("software")) { + type = "autopsysoftware"; + } + if (regFilePath.toLowerCase().contains("ntuser")) { + type = "autopsy"; + } + if (regFilePath.toLowerCase().contains("default")) { + type = "1default"; + } + if (regFilePath.toLowerCase().contains("sam")) { + type = "1sam"; + } + if (regFilePath.toLowerCase().contains("security")) { + type = "1security"; + } - return txtPath; + String command = "\"" + RR_PATH + "\" -r \"" + regFilePath + "\" -f " + type + " > \"" + txtPath + "\" 2> NUL"; + JavaSystemCaller.Exec.execute("\"" + command + "\""); + + + } catch (Exception e) { + + logger.log(Level.SEVERE, "ExtractRegistry::executeRegRip() -> ", e.getMessage()); + } + + return txtPath; } - - - private boolean parseReg(String regRecord, long orgId) - { + + private boolean parseReg(String regRecord, long orgId) { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - - try { - File regfile = new File(regRecord); - - FileInputStream fstream = new FileInputStream(regfile); - InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8"); - BufferedReader input = new BufferedReader(fstreamReader); - //logger.log(Level.INFO, "using encoding " + fstreamReader.getEncoding()); - String regString = new Scanner(input).useDelimiter("\\Z").next(); - regfile.delete(); - String startdoc = ""; - String result = regString.replaceAll("----------------------------------------",""); - result = result.replaceAll("\\n", ""); - result = result.replaceAll("\\r",""); - result = result.replaceAll("'","'"); - result = result.replaceAll("&", "&"); - String enddoc = ""; - String stringdoc = startdoc + result + enddoc; - SAXBuilder sb = new SAXBuilder(); - Document document = sb.build(new StringReader(stringdoc)); - Element root = document.getRootElement(); - List types = root.getChildren(); - Iterator iterator = types.iterator(); - //for(int i = 0; i < types.size(); i++) - //for(Element tempnode : types) + + try { + File regfile = new File(regRecord); + FileInputStream fstream = new FileInputStream(regfile); + InputStreamReader fstreamReader = new InputStreamReader(fstream, "UTF-8"); + BufferedReader input = new BufferedReader(fstreamReader); + //logger.log(Level.INFO, "using encoding " + fstreamReader.getEncoding()); + String regString = new Scanner(input).useDelimiter("\\Z").next(); + regfile.delete(); + String startdoc = ""; + String result = regString.replaceAll("----------------------------------------", ""); + result = result.replaceAll("\\n", ""); + result = result.replaceAll("\\r", ""); + result = result.replaceAll("'", "'"); + result = result.replaceAll("&", "&"); + String enddoc = ""; + String stringdoc = startdoc + result + enddoc; + SAXBuilder sb = new SAXBuilder(); + Document document = sb.build(new StringReader(stringdoc)); + Element root = document.getRootElement(); + List types = root.getChildren(); + Iterator iterator = types.iterator(); while (iterator.hasNext()) { - String time = ""; - String context = ""; - Element tempnode = iterator.next(); - // Element tempnode = types.get(i); - context = tempnode.getName(); - Element timenode = tempnode.getChild("time"); - time = timenode.getTextTrim(); - - Element artroot = tempnode.getChild("artifacts"); - List artlist = artroot.getChildren(); - String winver = ""; - String installdate = ""; - if(artlist.isEmpty()){ - } - else{ - - Iterator aiterator = artlist.iterator(); - while (aiterator.hasNext()) { - Element artnode = aiterator.next(); - String name = artnode.getAttributeValue("name"); - String value = artnode.getTextTrim(); - Collection bbattributes = new ArrayList(); - - if("recentdocs".equals(context)){ -// BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); -// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); -// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name)); -// bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); -// bbart.addAttributes(bbattributes); - } - else if("usb".equals(context)){ - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); - String dev = artnode.getAttributeValue("dev"); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value)); - bbart.addAttributes(bbattributes); - } - else if("uninstall".equals(context)){ - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); - bbart.addAttributes(bbattributes); + String etime = ""; + String context = ""; + Element tempnode = iterator.next(); + // Element tempnode = types.get(i); + context = tempnode.getName(); + Element timenode = tempnode.getChild("time"); + etime = timenode.getTextTrim(); + Long time = null; + try { + Long epochtime = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse(etime).getTime(); + time = epochtime.longValue(); + } catch (ParseException e) { + logger.log(Level.SEVERE, "ExtractIE::parsePascosResults() -> ", e.getMessage()); } - else if("WinVersion".equals(context)){ - - if(name.contains("ProductName")) - { - winver = value; - } - if(name.contains("CSDVersion")){ - winver = winver + " " + value; - } - if(name.contains("InstallDate")) - { - installdate = value; - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver)); - - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate)); - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); - bbart.addAttributes(bbattributes); + Element artroot = tempnode.getChild("artifacts"); + List artlist = artroot.getChildren(); + String winver = ""; + String installdate = ""; + if (artlist.isEmpty()) { + } else { + Iterator aiterator = artlist.iterator(); + while (aiterator.hasNext()) { + Element artnode = aiterator.next(); + String name = artnode.getAttributeValue("name"); + String value = artnode.getTextTrim(); + Collection bbattributes = new ArrayList(); + + if ("recentdocs".equals(context)) { + // BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name)); + // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value)); + // bbart.addAttributes(bbattributes); + } else if ("usb".equals(context)) { + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); + String dev = artnode.getAttributeValue("dev"); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), "RecentActivity", context, dev)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), "RecentActivity", context, value)); + bbart.addAttributes(bbattributes); + } else if ("uninstall".equals(context)) { + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name)); + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); + bbart.addAttributes(bbattributes); + } else if ("WinVersion".equals(context)) { + + if (name.contains("ProductName")) { + winver = value; + } + if (name.contains("CSDVersion")) { + winver = winver + " " + value; + } + if (name.contains("InstallDate")) { + installdate = value; + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate)); + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG); + bbart.addAttributes(bbattributes); + } + } else { + + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid); + bbart.addAttributes(bbattributes); + } } - } - else - { - - BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(sysid); - bbart.addAttributes(bbattributes); - } - } - - + } } - } - } - catch (Exception ex) - { - - logger.log(Level.WARNING, "Error while trying to read into a registry file." + ex); - String sadafd = ""; - } - + } catch (Exception ex) { - - return true; + logger.log(Level.WARNING, "Error while trying to read into a registry file." + ex); + } + return true; } - } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index f6e9ab0184..3b4b2c9110 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -1,30 +1,49 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.autopsy.datamodel.ContentUtils; -import java.sql.*; -import java.util.logging.Level; -import java.util.logging.Logger; -// -import java.lang.*; -// -import java.util.*; + import java.io.File; import java.io.IOException; import java.net.URLDecoder; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.logging.Level; +import java.util.logging.Logger; +import org.openide.util.Exceptions; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.ServiceDataEvent; import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.*; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; +import org.sleuthkit.datamodel.FsContent; +import org.sleuthkit.datamodel.SleuthkitCase; + /** * * @author Alex @@ -33,282 +52,275 @@ public class Firefox { private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; private static final String ffcookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed,(creationTime/1000) as creationTime FROM moz_cookies"; + private static final String ff3cookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000) as lastAccessed FROM moz_cookies"; private static final String ffbookmarkquery = "SELECT fk, moz_bookmarks.title, url FROM moz_bookmarks INNER JOIN moz_places ON moz_bookmarks.fk=moz_places.id"; private static final String ffdownloadquery = "select target, source,(startTime/1000) as startTime, maxBytes from moz_downloads"; - public Logger logger = Logger.getLogger(this.getClass().getName()); - public int FireFoxCount = 0; - - public Firefox(){ - - } - public void getffdb(List image, IngestImageWorkerController controller){ - //Make these seperate, this is for history - try - { + public Firefox() { + } + + public void getffdb(List image, IngestImageWorkerController controller) throws SQLException { + //Make these seperate, this is for history + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; - } - List FFSqlitedb; - - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - Statement s = rs.getStatement(); - rs.close(); - if (s != null) - s.close(); + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + Statement s = rs.getStatement(); + rs.close(); + if (s != null) { + s.close(); FireFoxCount = FFSqlitedb.size(); - - rs.close(); - rs.getStatement().close(); - int j = 0; - - while (j < FFSqlitedb.size()) + } + rs.close(); + rs.getStatement().close(); + } catch (SQLException ex) { + logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); + } - { + int j = 0; + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) + { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - - try - { - - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(ffquery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",((temprs.getString("url") != null) ? temprs.getString("url") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getLong("visit_date"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",(Util.extractDomain((temprs.getString("url") != null) ? temprs.getString("url") : "")))); - bbart.addAttributes(bbattributes); - - } - temprs.close(); - tempdbconnect.closeConnection(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } - - try - { - - - dbconnect tempdbconnect2 = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet tempbm = tempdbconnect2.executeQry(ffbookmarkquery); - while(tempbm.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",((tempbm.getString("url") != null) ? tempbm.getString("url") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((tempbm.getString("title") != null) ? tempbm.getString("title").replaceAll("'", "''") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",Util.extractDomain(tempbm.getString("url")))); - bbart.addAttributes(bbattributes); - } - tempbm.close(); - tempdbconnect2.closeConnection(); - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } - - + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + + ResultSet temprs = Util.runQuery(ffquery, connectionString); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("url") != null) ? temprs.getString("url") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("visit_date"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", ((temprs.getString("ref") != null) ? temprs.getString("ref") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", ((temprs.getString("title") != null) ? temprs.getString("title") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", (Util.extractDomain((temprs.getString("url") != null) ? temprs.getString("url") : "")))); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + } + temprs.close(); + + + + try { + dbconnect tempdbconnect2 = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet tempbm = tempdbconnect2.executeQry(ffbookmarkquery); + while (tempbm.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((tempbm.getString("url") != null) ? tempbm.getString("url") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "", ((tempbm.getString("title") != null) ? tempbm.getString("title").replaceAll("'", "''") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(tempbm.getString("url")))); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempbm.close(); + tempdbconnect2.closeConnection(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } + + j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + } } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); + catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - + //COOKIES section - // This gets the cookie info - try - { + // This gets the cookie info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } + } + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%cookies.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); } - List FFSqlitedb; - - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE '%cookies.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + File.separator + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(ffcookiequery); - while(temprs.next()) - { - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("lastAccessed"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","Title",((temprs.getString("name") != null) ? temprs.getString("name") : ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",temprs.getString("host"))); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + boolean checkColumn = Util.checkColumn("creationTime", "moz_cookies", connectionString); + String query; + if (checkColumn) { + query = ffcookiequery; + } else { + query = ff3cookiequery; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(query); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", temprs.getString("host"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("lastAccessed"))); + if (checkColumn == true) { + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Created", temprs.getLong("creationTime"))); + } + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", "", temprs.getString("value"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", "Title", ((temprs.getString("name") != null) ? temprs.getString("name") : ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", temprs.getString("host"))); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); + + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get Firefox SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - - - //Downloads section - // This gets the downloads info - try - { + + + + //Downloads section + // This gets the downloads info + try { Case currentCase = Case.getCurrentCase(); // get the most updated case SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - String allFS = new String(); - for(int i = 0; i < image.size(); i++) { - if(i == 0) + String allFS = new String(); + for (int i = 0; i < image.size(); i++) { + if (i == 0) { allFS += " AND (0"; + } allFS += " OR fs_obj_id = '" + image.get(i) + "'"; - if(i == image.size()-1) + if (i == image.size() - 1) { allFS += ")"; + } } - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - rs.close(); - rs.getStatement().close(); - + List FFSqlitedb = null; + try { + ResultSet rs = tempDb.runQuery("select * from tsk_files where name LIKE 'downloads.sqlite' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'" + allFS); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + rs.close(); + rs.getStatement().close(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + int j = 0; - - while (j < FFSqlitedb.size()) + if(FFSqlitedb != null && !FFSqlitedb.isEmpty()) { + while (j < FFSqlitedb.size()) { String temps = currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db"; String connectionString = "jdbc:sqlite:" + temps; - ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + try { + ContentUtils.writeToFile(FFSqlitedb.get(j), new File(currentCase.getTempDirectory() + "\\" + FFSqlitedb.get(j).getName().toString() + j + ".db")); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } File dbFile = new File(temps); - if (controller.isCancelled() ) { - dbFile.delete(); - break; - } - try - { - dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC",connectionString); - ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery); - while(temprs.next()) - { - - BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); - Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getLong("startTime"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity","",((temprs.getString("source") != null) ? temprs.getString("source") : ""))); - //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity","", ((temprs.getString("title") != null) ? temprs.getString("title").replaceAll("'", "''") : ""))); - String urldecodedtarget = URLDecoder.decode(temprs.getString("target").replaceAll("file:///", ""), "UTF-8"); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(),"RecentActivity","",Util.findID(urldecodedtarget))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", urldecodedtarget)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),"RecentActivity","",Util.extractDomain(temprs.getString("source")))); + if (controller.isCancelled()) { + dbFile.delete(); + break; + } + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connectionString); + ResultSet temprs = tempdbconnect.executeQry(ffdownloadquery); + while (temprs.next()) { + try { + BlackboardArtifact bbart = FFSqlitedb.get(j).newArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); + Collection bbattributes = new ArrayList(); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", temprs.getLong("startTime"))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", ((temprs.getString("source") != null) ? temprs.getString("source") : ""))); + String urldecodedtarget = URLDecoder.decode(temprs.getString("target").replaceAll("file:///", ""), "UTF-8"); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", "", Util.findID(urldecodedtarget))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", "", urldecodedtarget)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", "", Util.extractDomain(temprs.getString("source")))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "", "FireFox")); + bbart.addAttributes(bbattributes); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); + } + } + tempdbconnect.closeConnection(); + temprs.close(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox")); - bbart.addAttributes(bbattributes); - - } - tempdbconnect.closeConnection(); - temprs.close(); - - } - catch (Exception ex) - { - logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); - } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); + } j++; dbFile.delete(); } - IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + } + IngestManager.fireServiceDataEvent(new ServiceDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex); } - catch (SQLException ex) - { - logger.log(Level.WARNING, "Error while trying to get FireFox SQLite db.", ex); - } - catch(IOException ioex) - { - logger.log(Level.WARNING, "Error while trying to write to the file system.", ioex); - } - } + } } - //@Override -// public HashMap ExtractActivity() { -// return ExtractActivity; -// -// } - - - - - - - diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/JavaSystemCaller.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/JavaSystemCaller.java index 3fc7947130..74f81c8674 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/JavaSystemCaller.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/JavaSystemCaller.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; @@ -11,332 +27,372 @@ import java.io.InputStreamReader; import java.util.ArrayList; /** - * Make a system call through a system shell in a platform-independent manner in Java.
- * This class only demonstrate a 'dir' or 'ls' within current (execution) path, if no parameters are used. - * If parameters are used, the first one is the system command to execute, the others are its system command parameters.
- * To be system independent, an - * Abstract Factory Pattern will be used to build the right underlying system shell in which the system command will be executed. + * Make a system call through a system shell in a platform-independent manner in + * Java.
This class only demonstrate a 'dir' or 'ls' within current + * (execution) path, if no parameters are used. If parameters are used, the + * first one is the system command to execute, the others are its system command + * parameters.
To be system independent, an + * Abstract Factory Pattern will be used to build the right underlying + * system shell in which the system command will be executed. + * * @author VonC - * @see - How to make a system call that returns the stdout output as a string in various languages? + * @see How to make + * a system call that returns the stdout output as a string in various + * languages? */ -public final class JavaSystemCaller -{ - - /** - * Execute a system command.
- * Default is 'ls' in current directory if no parameters, or a system command (if Windows, it is automatically translated to 'dir') - * @param args first element is the system command, the others are its parameters (NOT NULL) - * @throws IllegalArgumentException if one parameters is null or empty. - * 'args' can be empty (default 'ls' performed then) - */ - public static void main(final String[] args) - { - String anOutput = ""; - if(args.length == 0) - { - anOutput = Exec.execute("ls"); - } - else - { - String[] someParameters = null; - anOutput = Exec.execute(args[0],someParameters); - } - System.out.println("Final output: " + anOutput); - } - /** - * Asynchronously read the output of a given input stream.
- * Any exception during execution of the command in managed in this thread. - * @author VonC - */ - public static class StreamGobbler extends Thread - { - private InputStream is; - private String type; - private StringBuffer output = new StringBuffer(); +public final class JavaSystemCaller { - StreamGobbler(final InputStream anIs, final String aType) - { - this.is = anIs; - this.type = aType; - } + /** + * Execute a system command.
Default is 'ls' in current directory if + * no parameters, or a system command (if Windows, it is automatically + * translated to 'dir') + * + * @param args first element is the system command, the others are its + * parameters (NOT NULL) + * @throws IllegalArgumentException if one parameters is null or empty. + * 'args' can be empty (default 'ls' performed then) + */ + public static void main(final String[] args) { + String anOutput = ""; + if (args.length == 0) { + anOutput = Exec.execute("ls"); + } else { + String[] someParameters = null; + anOutput = Exec.execute(args[0], someParameters); + } + System.out.println("Final output: " + anOutput); + } - /** - * Asynchronous read of the input stream.
- * Will report output as its its displayed. - * @see java.lang.Thread#run() - */ - @Override - public final void run() - { - try - { - final InputStreamReader isr = new InputStreamReader(this.is); - final BufferedReader br = new BufferedReader(isr); - String line=null; - while ( (line = br.readLine()) != null) - { - System.out.println(this.type + ">" + line); - this.output.append(line+System.getProperty("line.separator")); - } - } catch (final IOException ioe) - { - ioe.printStackTrace(); - } - } - /** - * Get output filled asynchronously.
- * Should be called after execution - * @return final output - */ - public final String getOutput() - { - return this.output.toString(); - } - } - /** - * Execute a system command in the appropriate shell.
- * Read asynchronously stdout and stderr to report any result. - * @author VonC - */ - public static final class Exec - { - - /** - * Execute a system command.
- * Listen asynchronously to stdout and stderr - * @param aCommand system command to be executed (must not be null or empty) - * @param someParameters parameters of the command (must not be null or empty) - * @return final output (stdout only) - */ - public static String execute(final String aCommand, final String... someParameters) - { - String output = ""; - try - { - ExecEnvironmentFactory anExecEnvFactory = getExecEnvironmentFactory(aCommand, someParameters); - final IShell aShell = anExecEnvFactory.createShell(); - final String aCommandLine = anExecEnvFactory.createCommandLine(); + /** + * Asynchronously read the output of a given input stream.
Any + * exception during execution of the command in managed in this thread. + * + * @author VonC + */ + public static class StreamGobbler extends Thread { - final Runtime rt = Runtime.getRuntime(); - System.out.println("Executing " + aShell.getShellCommand() + " " + aCommandLine); + private InputStream is; + private String type; + private StringBuffer output = new StringBuffer(); - final Process proc = rt.exec(aShell.getShellCommand() + " " + aCommandLine); - // any error message? - final StreamGobbler errorGobbler = new - StreamGobbler(proc.getErrorStream(), "ERROR"); + StreamGobbler(final InputStream anIs, final String aType) { + this.is = anIs; + this.type = aType; + } - // any output? - final StreamGobbler outputGobbler = new - StreamGobbler(proc.getInputStream(), "OUTPUT"); + /** + * Asynchronous read of the input stream.
Will report output as + * its its displayed. + * + * @see java.lang.Thread#run() + */ + @Override + public final void run() { + try { + final InputStreamReader isr = new InputStreamReader(this.is); + final BufferedReader br = new BufferedReader(isr); + String line = null; + while ((line = br.readLine()) != null) { + System.out.println(this.type + ">" + line); + this.output.append(line + System.getProperty("line.separator")); + } + } catch (final IOException ioe) { + ioe.printStackTrace(); + } + } - // kick them off - errorGobbler.start(); - outputGobbler.start(); + /** + * Get output filled asynchronously.
Should be called after + * execution + * + * @return final output + */ + public final String getOutput() { + return this.output.toString(); + } + } - // any error??? - final int exitVal = proc.waitFor(); - System.out.println("ExitValue: " + exitVal); + /** + * Execute a system command in the appropriate shell.
Read + * asynchronously stdout and stderr to report any result. + * + * @author VonC + */ + public static final class Exec { - output = outputGobbler.getOutput(); + /** + * Execute a system command.
Listen asynchronously to stdout and + * stderr + * + * @param aCommand system command to be executed (must not be null or + * empty) + * @param someParameters parameters of the command (must not be null or + * empty) + * @return final output (stdout only) + */ + public static String execute(final String aCommand, final String... someParameters) { + String output = ""; + try { + ExecEnvironmentFactory anExecEnvFactory = getExecEnvironmentFactory(aCommand, someParameters); + final IShell aShell = anExecEnvFactory.createShell(); + final String aCommandLine = anExecEnvFactory.createCommandLine(); - } catch (final Throwable t) - { - t.printStackTrace(); - } - return output; - } - - private static ExecEnvironmentFactory getExecEnvironmentFactory(final String aCommand, final String... someParameters) - { - final String anOSName = System.getProperty("os.name" ); - if(anOSName.toLowerCase().startsWith("windows")) - { - return new WindowsExecEnvFactory(aCommand, someParameters); - } - return new UnixExecEnvFactory(aCommand, someParameters); - // TODO be more specific for other OS. - } - - private Exec() { /**/ } - } - private JavaSystemCaller() { /**/ } - - /* - * ABSTRACT FACTORY PATTERN - */ - /** - * Environment needed to be build for the Exec class to be able to execute the system command.
- * Must have the right shell and the right command line.
- * @author VonC - */ - public abstract static class ExecEnvironmentFactory - { - private String command = null; - private ArrayList parameters = new ArrayList(); - final String getCommand() { return this.command; } - final ArrayList getParameters() { return this.parameters; } - /** - * Builds an execution environment for a system command to be played.
- * Independent from the OS. - * @param aCommand system command to be executed (must not be null or empty) - * @param someParameters parameters of the command (must not be null or empty) - */ - public ExecEnvironmentFactory(final String aCommand, final String... someParameters) - { - if(aCommand == null || aCommand.length() == 0) { throw new IllegalArgumentException("Command must not be empty"); } - this.command = aCommand; - for (int i = 0; i < someParameters.length; i++) { - final String aParameter = someParameters[i]; - if(aParameter == null || aParameter.length() == 0) { throw new IllegalArgumentException("Parameter n° '"+i+"' must not be empty"); } - this.parameters.add(aParameter); - } - } - /** - * Builds the right Shell for the current OS.
- * Allow for independent platform execution. - * @return right shell, NEVER NULL - */ - public abstract IShell createShell(); - /** - * Builds the right command line for the current OS.
- * Means that a command might be translated, if it does not fit the right OS ('dir' => 'ls' on unix) - * @return right complete command line, with parameters added (NEVER NULL) - */ - public abstract String createCommandLine(); - - protected final String buildCommandLine(final String aCommand, final ArrayList someParameters) - { - final StringBuilder aCommandLine = new StringBuilder(); - aCommandLine.append(aCommand); - for (String aParameter : someParameters) { - aCommandLine.append(" "); - aCommandLine.append(aParameter); - } - return aCommandLine.toString(); - } - } - - /** - * Builds a Execution Environment for Windows.
- * Cmd with windows commands - * @author VonC - */ - public static final class WindowsExecEnvFactory extends ExecEnvironmentFactory - { + final Runtime rt = Runtime.getRuntime(); + System.out.println("Executing " + aShell.getShellCommand() + " " + aCommandLine); - /** - * Builds an execution environment for a Windows system command to be played.
- * Any command not from windows will be translated in its windows equivalent if possible. - * @param aCommand system command to be executed (must not be null or empty) - * @param someParameters parameters of the command (must not be null or empty) - */ - public WindowsExecEnvFactory(final String aCommand, final String... someParameters) - { - super(aCommand, someParameters); - } - /** - * @see test.JavaSystemCaller.ExecEnvironmentFactory#createShell() - */ - @Override - public IShell createShell() { - return new WindowsShell(); - } + final Process proc = rt.exec(aShell.getShellCommand() + " " + aCommandLine); + // any error message? + final StreamGobbler errorGobbler = new StreamGobbler(proc.getErrorStream(), "ERROR"); - /** - * @see test.JavaSystemCaller.ExecEnvironmentFactory#createCommandLine() - */ - @Override - public String createCommandLine() { - String aCommand = getCommand(); - if(aCommand.toLowerCase().trim().equals("ls")) { aCommand = "dir"; } - // TODO translates other Unix commands - return buildCommandLine(aCommand, getParameters()); - } - } - - /** - * Builds a Execution Environment for Unix.
- * Sh with Unix commands - * @author VonC - */ - public static final class UnixExecEnvFactory extends ExecEnvironmentFactory - { + // any output? + final StreamGobbler outputGobbler = new StreamGobbler(proc.getInputStream(), "OUTPUT"); - /** - * Builds an execution environment for a Unix system command to be played.
- * Any command not from Unix will be translated in its Unix equivalent if possible. - * @param aCommand system command to be executed (must not be null or empty) - * @param someParameters parameters of the command (must not be null or empty) - */ - public UnixExecEnvFactory(final String aCommand, final String... someParameters) - { - super(aCommand, someParameters); - } - /** - * @see test.JavaSystemCaller.ExecEnvironmentFactory#createShell() - */ - @Override - public IShell createShell() { - return new UnixShell(); - } + // kick them off + errorGobbler.start(); + outputGobbler.start(); - /** - * @see test.JavaSystemCaller.ExecEnvironmentFactory#createCommandLine() - */ - @Override - public String createCommandLine() { - String aCommand = getCommand(); - if(aCommand.toLowerCase().trim().equals("dir")) { aCommand = "ls"; } - // TODO translates other Windows commands - return buildCommandLine(aCommand, getParameters()); - } - } - - /** - * System Shell with its right OS command.
- * 'cmd' for Windows or 'sh' for Unix, ... - * @author VonC - */ - public interface IShell - { - /** - * Get the right shell command.
- * Used to launch a new shell - * @return command used to launch a Shell (NEVEL NULL) - */ - String getShellCommand(); - } - /** - * Windows shell (cmd).
- * More accurately 'cmd /C' - * @author VonC - */ - public static class WindowsShell implements IShell - { - /** - * @see test.JavaSystemCaller.IShell#getShellCommand() - */ - @Override - public final String getShellCommand() { - final String osName = System.getProperty("os.name" ); - if( osName.equals( "Windows 95" ) ) { return "command.com /C"; } - return "cmd.exe /C"; - } - } - /** - * Unix shell (sh).
- * More accurately 'sh -C' - * @author VonC - */ - public static class UnixShell implements IShell - { - /** - * @see test.JavaSystemCaller.IShell#getShellCommand() - */ - @Override - public final String getShellCommand() { - return "/bin/sh -c"; - } - } + // any error??? + final int exitVal = proc.waitFor(); + System.out.println("ExitValue: " + exitVal); + + output = outputGobbler.getOutput(); + + } catch (final Throwable t) { + t.printStackTrace(); + } + return output; + } + + private static ExecEnvironmentFactory getExecEnvironmentFactory(final String aCommand, final String... someParameters) { + final String anOSName = System.getProperty("os.name"); + if (anOSName.toLowerCase().startsWith("windows")) { + return new WindowsExecEnvFactory(aCommand, someParameters); + } + return new UnixExecEnvFactory(aCommand, someParameters); + // TODO be more specific for other OS. + } + + private Exec() { /* + * + */ } + } + + private JavaSystemCaller() { /* + * + */ } + + /* + * ABSTRACT FACTORY PATTERN + */ + /** + * Environment needed to be build for the Exec class to be able to execute + * the system command.
Must have the right shell and the right + * command line.
+ * + * @author VonC + */ + public abstract static class ExecEnvironmentFactory { + + private String command = null; + private ArrayList parameters = new ArrayList(); + + final String getCommand() { + return this.command; + } + + final ArrayList getParameters() { + return this.parameters; + } + + /** + * Builds an execution environment for a system command to be played. + *
Independent from the OS. + * + * @param aCommand system command to be executed (must not be null or + * empty) + * @param someParameters parameters of the command (must not be null or + * empty) + */ + public ExecEnvironmentFactory(final String aCommand, final String... someParameters) { + if (aCommand == null || aCommand.length() == 0) { + throw new IllegalArgumentException("Command must not be empty"); + } + this.command = aCommand; + for (int i = 0; i < someParameters.length; i++) { + final String aParameter = someParameters[i]; + if (aParameter == null || aParameter.length() == 0) { + throw new IllegalArgumentException("Parameter n° '" + i + "' must not be empty"); + } + this.parameters.add(aParameter); + } + } + + /** + * Builds the right Shell for the current OS.
Allow for + * independent platform execution. + * + * @return right shell, NEVER NULL + */ + public abstract IShell createShell(); + + /** + * Builds the right command line for the current OS.
Means that a + * command might be translated, if it does not fit the right OS ('dir' + * => 'ls' on unix) + * + * @return right complete command line, with parameters added (NEVER + * NULL) + */ + public abstract String createCommandLine(); + + protected final String buildCommandLine(final String aCommand, final ArrayList someParameters) { + final StringBuilder aCommandLine = new StringBuilder(); + aCommandLine.append(aCommand); + for (String aParameter : someParameters) { + aCommandLine.append(" "); + aCommandLine.append(aParameter); + } + return aCommandLine.toString(); + } + } + + /** + * Builds a Execution Environment for Windows.
Cmd with windows + * commands + * + * @author VonC + */ + public static final class WindowsExecEnvFactory extends ExecEnvironmentFactory { + + /** + * Builds an execution environment for a Windows system command to be + * played.
Any command not from windows will be translated in its + * windows equivalent if possible. + * + * @param aCommand system command to be executed (must not be null or + * empty) + * @param someParameters parameters of the command (must not be null or + * empty) + */ + public WindowsExecEnvFactory(final String aCommand, final String... someParameters) { + super(aCommand, someParameters); + } + + /** + * @see test.JavaSystemCaller.ExecEnvironmentFactory#createShell() + */ + @Override + public IShell createShell() { + return new WindowsShell(); + } + + /** + * @see test.JavaSystemCaller.ExecEnvironmentFactory#createCommandLine() + */ + @Override + public String createCommandLine() { + String aCommand = getCommand(); + if (aCommand.toLowerCase().trim().equals("ls")) { + aCommand = "dir"; + } + // TODO translates other Unix commands + return buildCommandLine(aCommand, getParameters()); + } + } + + /** + * Builds a Execution Environment for Unix.
Sh with Unix commands + * + * @author VonC + */ + public static final class UnixExecEnvFactory extends ExecEnvironmentFactory { + + /** + * Builds an execution environment for a Unix system command to be + * played.
Any command not from Unix will be translated in its + * Unix equivalent if possible. + * + * @param aCommand system command to be executed (must not be null or + * empty) + * @param someParameters parameters of the command (must not be null or + * empty) + */ + public UnixExecEnvFactory(final String aCommand, final String... someParameters) { + super(aCommand, someParameters); + } + + /** + * @see test.JavaSystemCaller.ExecEnvironmentFactory#createShell() + */ + @Override + public IShell createShell() { + return new UnixShell(); + } + + /** + * @see test.JavaSystemCaller.ExecEnvironmentFactory#createCommandLine() + */ + @Override + public String createCommandLine() { + String aCommand = getCommand(); + if (aCommand.toLowerCase().trim().equals("dir")) { + aCommand = "ls"; + } + // TODO translates other Windows commands + return buildCommandLine(aCommand, getParameters()); + } + } + + /** + * System Shell with its right OS command.
'cmd' for Windows or 'sh' + * for Unix, ... + * + * @author VonC + */ + public interface IShell { + + /** + * Get the right shell command.
Used to launch a new shell + * + * @return command used to launch a Shell (NEVEL NULL) + */ + String getShellCommand(); + } + + /** + * Windows shell (cmd).
More accurately 'cmd /C' + * + * @author VonC + */ + public static class WindowsShell implements IShell { + + /** + * @see test.JavaSystemCaller.IShell#getShellCommand() + */ + @Override + public final String getShellCommand() { + final String osName = System.getProperty("os.name"); + if (osName.equals("Windows 95")) { + return "command.com /C"; + } + return "cmd.exe /C"; + } + } + + /** + * Unix shell (sh).
More accurately 'sh -C' + * + * @author VonC + */ + public static class UnixShell implements IShell { + + /** + * @see test.JavaSystemCaller.IShell#getShellCommand() + */ + @Override + public final String getShellCommand() { + return "/bin/sh -c"; + } + } } \ No newline at end of file diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java index c4840f9fcc..c2c0c773bd 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestService.java @@ -1,15 +1,17 @@ -/* + /* + * * Autopsy Forensic Browser - * - * Copyright 2011 Basis Technology Corp. - * Contact: carrier sleuthkit org - * + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -35,8 +37,8 @@ import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.FileSystem; /** - * Recent activity image ingest service - * + * Recent activity image ingest service + * */ public final class RAImageIngestService implements IngestServiceImage { @@ -77,27 +79,20 @@ public final class RAImageIngestService implements IngestServiceImage { try { //do the work for(FileSystem img : imageFS ) - try{ - ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); - int artcount = 0; - while (artset.next()){ - artcount++; - } - - // artset.beforeFirst(); - if(artcount > 0) - { + try { + ResultSet artset = sCurrentCase.runQuery("SELECT * from blackboard_artifact_types WHERE type_name = 'TSK_SYS_INFO'"); + int artcount = 0; + while (artset.next()) { + artcount++; + } - } - else - { - int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information"); - } - - } - catch(Exception e) - { - + // artset.beforeFirst(); + if (artcount > 0) { + } else { + int artint = sCurrentCase.addArtifactType("TSK_SYS_INFO", "System Information"); + } + + } catch (Exception e) { } ext.extractToBlackboard(controller, fsIds); @@ -123,7 +118,7 @@ public final class RAImageIngestService implements IngestServiceImage { public String getName() { return "Recent Activity"; } - + @Override public String getDescription() { return "Extracts recent user activity, such as Internet browsing, recently used documents and installed programs."; @@ -149,12 +144,12 @@ public final class RAImageIngestService implements IngestServiceImage { public ServiceType getType() { return ServiceType.Image; } - - @Override + + @Override public boolean hasSimpleConfiguration() { return false; } - + @Override public boolean hasAdvancedConfiguration() { return false; @@ -164,23 +159,22 @@ public final class RAImageIngestService implements IngestServiceImage { public javax.swing.JPanel getSimpleConfiguration() { return null; } - + @Override public javax.swing.JPanel getAdvancedConfiguration() { return null; } - + @Override public void saveAdvancedConfiguration() { } - + @Override public void saveSimpleConfiguration() { } - + @Override public boolean hasBackgroundJobsRunning() { return false; } - } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java index e1cf6666d7..0d9bc2b17b 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java @@ -1,8 +1,25 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; + import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -24,138 +41,133 @@ import java.util.regex.Pattern; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.SleuthkitCase; + /** * * @author Alex */ public class Util { -private static Logger logger = Logger.getLogger(Util.class.getName()); - - private Util(){ - - } -public static boolean pathexists(String path){ - File file=new File(path); - boolean exists = file.exists(); - return exists; -} + private static Logger logger = Logger.getLogger(Util.class.getName()); -public static String utcConvert(String utc){ - SimpleDateFormat formatter = new SimpleDateFormat("MM-dd-yyyy HH:mm"); - String tempconvert = formatter.format(new Date(Long.parseLong(utc))); - return tempconvert; -} - -public static String readFile(String path) throws IOException { - FileInputStream stream = new FileInputStream(new File(path)); - try { - FileChannel fc = stream.getChannel(); - MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size()); - /* Instead of using default, pass in a decoder. */ - return Charset.defaultCharset().decode(bb).toString(); - } - finally { - stream.close(); - } -} - -public static boolean imgpathexists(String path){ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - Boolean rt = false; - int count = 0; - try { - List FFSqlitedb; - ResultSet rs = tempDb.runQuery("select * from tsk_files where parent_path LIKE '%"+ path + "%'"); - FFSqlitedb = tempDb.resultSetToFsContents(rs); - count = FFSqlitedb.size(); - final Statement s = rs.getStatement(); - rs.close(); - if (s != null){ - s.close(); - } - if(count > 0) - { - rt = true; - } - else - { - rt = false; - } + private Util() { } - catch (SQLException ex) - { - //logger.log(Level.WARNING, "Error while trying to contact SQLite db.", ex); + + public static boolean pathexists(String path) { + File file = new File(path); + boolean exists = file.exists(); + return exists; + } + + public static String utcConvert(String utc) { + SimpleDateFormat formatter = new SimpleDateFormat("MM-dd-yyyy HH:mm"); + String tempconvert = formatter.format(new Date(Long.parseLong(utc))); + return tempconvert; + } + + public static String readFile(String path) throws IOException { + FileInputStream stream = new FileInputStream(new File(path)); + try { + FileChannel fc = stream.getChannel(); + MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size()); + /* + * Instead of using default, pass in a decoder. + */ + return Charset.defaultCharset().decode(bb).toString(); + } finally { + stream.close(); } - return rt; } -public static String extractDomain(String value){ - if (value == null) throw new java.lang.NullPointerException("domains to extract"); + public static boolean imgpathexists(String path) { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + Boolean rt = false; + int count = 0; + try { + List FFSqlitedb; + ResultSet rs = tempDb.runQuery("select * from tsk_files where parent_path LIKE '%" + path + "%'"); + FFSqlitedb = tempDb.resultSetToFsContents(rs); + count = FFSqlitedb.size(); + final Statement s = rs.getStatement(); + rs.close(); + if (s != null) { + s.close(); + } + if (count > 0) { + rt = true; + } else { + rt = false; + } + } catch (SQLException ex) { + //logger.log(Level.WARNING, "Error while trying to contact SQLite db.", ex); + } + return rt; + } + + public static String extractDomain(String value) { + if (value == null) { + throw new java.lang.NullPointerException("domains to extract"); + } String result = ""; - // String domainPattern = "(\\w+)\\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XXX|YE|YT|ZA|ZM|ZW(co\\.[a-z].))"; - // Pattern p = Pattern.compile(domainPattern,Pattern.CASE_INSENSITIVE); - // Matcher m = p.matcher(value); - // while (m.find()) { - // result = value.substring(m.start(0),m.end(0)); - // } - try{ - URL url = new URL(value); - result = url.getHost(); + // String domainPattern = "(\\w+)\\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XXX|YE|YT|ZA|ZM|ZW(co\\.[a-z].))"; + // Pattern p = Pattern.compile(domainPattern,Pattern.CASE_INSENSITIVE); + // Matcher m = p.matcher(value); + // while (m.find()) { + // result = value.substring(m.start(0),m.end(0)); + // } + try { + URL url = new URL(value); + result = url.getHost(); + } catch (Exception e) { } - catch(Exception e){ - + + return result; + } + + public static String getFileName(String value) { + String filename = ""; + String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?\"|]*(?|]+)+)"; // Windows network + String network = "(\\\\(?:\\\\[^:\\s?*\"<>|]+)+)"; // Windows network - Pattern p2 = Pattern.compile(network,Pattern.CASE_INSENSITIVE | Pattern.DOTALL); - Matcher m2 = p2.matcher(txt); - if (m2.find()) - { - path = m2.group(1); + Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL); + Matcher m2 = p2.matcher(txt); + if (m2.find()) { + path = m2.group(1); + } } - } - return path; + return path; } -public static long findID(String path) { + public static long findID(String path) { String parent_path = path.replace('\\', '/'); // fix Chrome paths - if(parent_path.length() > 2 && parent_path.charAt(1) == ':') + if (parent_path.length() > 2 && parent_path.charAt(1) == ':') { parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:') + } int index = parent_path.lastIndexOf('/'); String name = parent_path.substring(++index); parent_path = parent_path.substring(0, index); @@ -167,14 +179,45 @@ public static long findID(String path) { List results = tempDb.resultSetToFsContents(rs); Statement s = rs.getStatement(); rs.close(); - if (s != null) + if (s != null) { s.close(); - if(results.size() > 0) { + } + if (results.size() > 0) { return results.get(0).getId(); } } catch (Exception ex) { - // logger.log(Level.WARNING, "Error retrieving content from DB", ex); + // logger.log(Level.WARNING, "Error retrieving content from DB", ex); } return -1; } + + public static boolean checkColumn(String column, String tablename, String connection) { + String query = "PRAGMA table_info(" + tablename + ")"; + boolean found = false; + ResultSet temprs; + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connection); + temprs = tempdbconnect.executeQry(query); + while (temprs.next()) { + if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) { + found = true; + } + } + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); + } + return found; + } + + public static ResultSet runQuery(String query, String connection) { + ResultSet results = null; + try { + dbconnect tempdbconnect = new dbconnect("org.sqlite.JDBC", connection); + results = tempdbconnect.executeQry(query); + tempdbconnect.closeConnection(); + } catch (Exception ex) { + logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); + } + return results; + } } \ No newline at end of file diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java index 67272f5900..2f939d3e14 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/dbconnect.java @@ -1,25 +1,40 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; import java.sql.*; + /** * * @author Alex */ - public class dbconnect extends sqlitedbconnect{ - - private String sDriverForclass = "org.sqlite.JDBC"; - public dbconnect(String sDriverForClass, String sUrlKey) throws Exception - { - init(sDriverForClass, sUrlKey); - //Statement stmt = conn.createStatement(); - //String selecthistory = "SELECT moz_historyvisits.id,url,title,visit_count,visit_date,from_visit,rev_host FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; - // ResultSet rs = stmt.executeQuery(selecthistory); - - } - - +public class dbconnect extends sqlitedbconnect { + + private String sDriverForclass = "org.sqlite.JDBC"; + + public dbconnect(String sDriverForClass, String sUrlKey) throws Exception { + init(sDriverForClass, sUrlKey); + //Statement stmt = conn.createStatement(); + //String selecthistory = "SELECT moz_historyvisits.id,url,title,visit_count,visit_date,from_visit,rev_host FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; + // ResultSet rs = stmt.executeQuery(selecthistory); + } +} diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/layer.xml b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/layer.xml index 2f2e81d6d3..4dd2957304 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/layer.xml +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/layer.xml @@ -1,11 +1,11 @@ - + - + diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/sqlitedbconnect.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/sqlitedbconnect.java index 59e1f1c557..e10801f962 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/sqlitedbconnect.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/sqlitedbconnect.java @@ -1,5 +1,22 @@ -/* - * General C&P class that we need to figure out a better way to integrate, replace after demo + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; @@ -7,96 +24,99 @@ package org.sleuthkit.autopsy.recentactivity; * * @author Alex */ - import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; - - -/** Database connection class & utilities **/ - + +/** + * Database connection class & utilities * + */ abstract class sqlitedbconnect { - -public String sDriver = ""; -public String sUrl = null; -public int iTimeout = 30; -public Connection conn = null; -public Statement statement = null; - - -/* Stub constructor for quick instantiation o/t fly for using some of the ancillary stuff */ - -public sqlitedbconnect() -{} - -/* quick and dirty constructor to test the database passing the DriverManager name and the fully loaded url to handle */ -/* NB this will typically be available if you make this class concrete and not abstract */ -public sqlitedbconnect(String sDriverToLoad, String sUrlToLoad) throws Exception -{ -init(sDriverToLoad, sUrlToLoad); -} - -public void init(String sDriverVar, String sUrlVar) throws Exception -{ -setDriver(sDriverVar); -setUrl(sUrlVar); -setConnection(); -setStatement(); -} - -private void setDriver(String sDriverVar) -{ -sDriver = sDriverVar; -} - -private void setUrl(String sUrlVar) -{ -sUrl = sUrlVar; -} - -public void setConnection() throws Exception { -Class.forName(sDriver); -conn = DriverManager.getConnection(sUrl); -} - - -public Connection getConnection() { -return conn; -} - -public void setStatement() throws Exception { -if (conn == null) { -setConnection(); -} -statement = conn.createStatement(); -statement.setQueryTimeout(iTimeout); // set timeout to 30 sec. -} - -public Statement getStatement() { -return statement; -} - -public void executeStmt(String instruction) throws SQLException { -statement.executeUpdate(instruction); -} - + + public String sDriver = ""; + public String sUrl = null; + public int iTimeout = 30; + public Connection conn = null; + public Statement statement = null; + + /* + * Stub constructor for quick instantiation o/t fly for using some of the + * ancillary stuff + */ + public sqlitedbconnect() { + } + + /* + * quick and dirty constructor to test the database passing the + * DriverManager name and the fully loaded url to handle + */ + /* + * NB this will typically be available if you make this class concrete and + * not abstract + */ + public sqlitedbconnect(String sDriverToLoad, String sUrlToLoad) throws Exception { + init(sDriverToLoad, sUrlToLoad); + } + + public void init(String sDriverVar, String sUrlVar) throws Exception { + setDriver(sDriverVar); + setUrl(sUrlVar); + setConnection(); + setStatement(); + } + + private void setDriver(String sDriverVar) { + sDriver = sDriverVar; + } + + private void setUrl(String sUrlVar) { + sUrl = sUrlVar; + } + + public void setConnection() throws Exception { + Class.forName(sDriver); + conn = DriverManager.getConnection(sUrl); + } + + public Connection getConnection() { + return conn; + } + + public void setStatement() throws Exception { + if (conn == null) { + setConnection(); + } + statement = conn.createStatement(); + statement.setQueryTimeout(iTimeout); // set timeout to 30 sec. + } + + public Statement getStatement() { + return statement; + } + + public void executeStmt(String instruction) throws SQLException { + statement.executeUpdate(instruction); + } + // processes an array of instructions e.g. a set of SQL command strings passed from a file //NB you should ensure you either handle empty lines in files by either removing them or parsing them out // since they will generate spurious SQLExceptions when they are encountered during the iteration.... -public void executeStmt(String[] instructionSet) throws SQLException { -for (int i = 0; i < instructionSet.length; i++) { -executeStmt(instructionSet[i]); -} -} - -public ResultSet executeQry(String instruction) throws SQLException { -return statement.executeQuery(instruction); -} - -public void closeConnection() { -try { conn.close(); } catch (Exception ignore) {} -} - + public void executeStmt(String[] instructionSet) throws SQLException { + for (int i = 0; i < instructionSet.length; i++) { + executeStmt(instructionSet[i]); + } + } + + public ResultSet executeQry(String instruction) throws SQLException { + return statement.executeQuery(instruction); + } + + public void closeConnection() { + try { + conn.close(); + } catch (Exception ignore) { + } + } } \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/report.java b/Report/src/org/sleuthkit/autopsy/report/report.java index 1c95b969d0..16f6578383 100644 --- a/Report/src/org/sleuthkit/autopsy/report/report.java +++ b/Report/src/org/sleuthkit/autopsy/report/report.java @@ -1,12 +1,29 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; import java.sql.ResultSet; import java.util.ArrayList; import java.util.HashMap; +import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; import org.sleuthkit.autopsy.casemodule.Case; @@ -18,278 +35,242 @@ import org.sleuthkit.datamodel.SleuthkitCase; * * @author Alex */ -public class report implements reportInterface { - -private void report(){ +public class report { -} -@Override -public HashMap> getGenInfo() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(1); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } + private void report() { } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getWebHistory() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(4); - for (BlackboardArtifact artifact : bbart) - { + public HashMap> getGenInfo() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO); + for (BlackboardArtifact artifact : bbart) { ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); + reportMap.put(artifact, attributes); } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getWebCookie() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(3); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getWebBookmark() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(2); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } -@Override -public HashMap> getWebDownload() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(5); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } + return reportMap; } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getRecentObject() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(6); - for (BlackboardArtifact artifact : bbart) - { + public HashMap> getWebHistory() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY); + for (BlackboardArtifact artifact : bbart) { ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); + reportMap.put(artifact, attributes); } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } -@Override -public HashMap> getKeywordHit() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(9); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } + return reportMap; } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getHashHit() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(10); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getInstalledProg() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(8); - for (BlackboardArtifact artifact : bbart) - { - ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); - } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} -@Override -public HashMap> getDevices() { - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ArrayList bbart = tempDb.getBlackboardArtifacts(11); - for (BlackboardArtifact artifact : bbart) - { + public HashMap> getWebCookie() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE); + for (BlackboardArtifact artifact : bbart) { ArrayList attributes = artifact.getAttributes(); - reportMap.put(artifact, attributes); + reportMap.put(artifact, attributes); } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - return reportMap; -} + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } -@Override -public String getGroupedKeywordHit() { - StringBuilder table = new StringBuilder(); - HashMap> reportMap = new HashMap>(); - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase tempDb = currentCase.getSleuthkitCase(); - try - { - ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC"); - while(uniqueresults.next()) - { - table.append("").append(uniqueresults.getString("value_text")).append(""); - table.append(""); - ArrayList artlist = new ArrayList(); - ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") +"'"); - while(tempresults.next()) - { - artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id"))); + return reportMap; + } + + public HashMap> getWebBookmark() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); } - for(BlackboardArtifact art : artlist) - { - String filename = tempDb.getFsContentById(art.getObjectID()).getName(); - String preview = ""; - String set = ""; - table.append(""); - ArrayList tempatts = art.getAttributes(); - for(BlackboardAttribute att : tempatts) - { - if(att.getAttributeTypeID() == 12) - { - preview = ""; + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return reportMap; + } + + public HashMap> getWebDownload() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); + } + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return reportMap; + } + + public HashMap> getRecentObject() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); + } + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return reportMap; + } + + public HashMap> getKeywordHit() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); + } + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return reportMap; + } + + public HashMap> getHashHit() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); + } + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return reportMap; + } + + public HashMap> getInstalledProg() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); + } + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return reportMap; + } + + public HashMap> getDevices() { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ArrayList bbart = tempDb.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); + } + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + return reportMap; + } + + public String getGroupedKeywordHit() { + StringBuilder table = new StringBuilder(); + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + ResultSet uniqueresults = tempDb.runQuery("SELECT DISTINCT value_text from blackboard_attributes where attribute_type_id = '10' order by value_text ASC"); + while (uniqueresults.next()) { + table.append("").append(uniqueresults.getString("value_text")).append(""); + table.append("
").append("File Name").append("PreviewKeyword List
").append(filename).append("" + att.getValueString() + "
"); + ArrayList artlist = new ArrayList(); + ResultSet tempresults = tempDb.runQuery("select DISTINCT artifact_id from blackboard_attributes where attribute_type_id = '10' and value_text = '" + uniqueresults.getString("value_text") + "'"); + while (tempresults.next()) { + artlist.add(tempDb.getBlackboardArtifact(tempresults.getLong("artifact_id"))); + } + for (BlackboardArtifact art : artlist) { + String filename = tempDb.getFsContentById(art.getObjectID()).getName(); + String preview = ""; + String set = ""; + table.append(""); + ArrayList tempatts = art.getAttributes(); + for (BlackboardAttribute att : tempatts) { + if (att.getAttributeTypeID() == 12) { + preview = ""; + } + if (att.getAttributeTypeID() == 13) { + set = ""; + } } - if(att.getAttributeTypeID() == 13) - { - set = ""; + table.append(preview).append(set).append(""); + } + + + table.append("
").append("File Name").append("PreviewKeyword List
").append(filename).append("" + att.getValueString() + "" + att.getValueString() + "" + att.getValueString() + "


"); + } + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + + String result = table.toString(); + return result; + } + + public HashMap> getAllTypes(ReportConfiguration config) { + HashMap> reportMap = new HashMap>(); + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase tempDb = currentCase.getSleuthkitCase(); + try { + for (Map.Entry entry : config.config.entrySet()) { + if (entry.getValue()) { + ArrayList bbart = tempDb.getBlackboardArtifacts(entry.getKey()); + for (BlackboardArtifact artifact : bbart) { + ArrayList attributes = artifact.getAttributes(); + reportMap.put(artifact, attributes); } } - table.append(preview).append(set).append(""); } - - - table.append("

"); + } catch (Exception e) { + Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e); } - } - catch (Exception e) - { - Logger.getLogger(report.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - - String result = table.toString(); - return result; -} + return reportMap; + } } \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/reportAction.java b/Report/src/org/sleuthkit/autopsy/report/reportAction.java index dbdd86f698..afde5e4c52 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportAction.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportAction.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; @@ -12,22 +28,22 @@ import java.awt.event.ActionListener; import java.beans.PropertyChangeEvent; import java.beans.PropertyChangeListener; import java.io.File; +import java.util.logging.Level; +import java.util.logging.Logger; +import javax.swing.ImageIcon; import javax.swing.JButton; import javax.swing.JDialog; import javax.swing.JFrame; -import org.openide.awt.ActionRegistration; +import org.openide.awt.ActionID; import org.openide.awt.ActionReference; import org.openide.awt.ActionReferences; -import org.openide.awt.ActionID; +import org.openide.awt.ActionRegistration; import org.openide.util.HelpCtx; import org.openide.util.NbBundle.Messages; import org.openide.util.actions.CallableSystemAction; import org.openide.util.actions.Presenter; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.coreutils.Log; -import java.util.logging.Level; -import java.util.logging.Logger; -import javax.swing.ImageIcon; @ActionID(category = "Tools", id = "org.sleuthkit.autopsy.report.reportAction") @@ -36,53 +52,50 @@ id = "org.sleuthkit.autopsy.report.reportAction") @ActionReference(path = "Menu/Tools", position = 80) }) @Messages("CTL_reportAction=Run Report") -public final class reportAction extends CallableSystemAction implements Presenter.Toolbar{ - +public final class reportAction extends CallableSystemAction implements Presenter.Toolbar { + private JButton toolbarButton = new JButton(); private static final String ACTION_NAME = "Generate Report"; - Logger logger = Logger.getLogger(reportAction.class.getName()); - + static final Logger logger = Logger.getLogger(reportAction.class.getName()); + public reportAction() { setEnabled(false); Case.addPropertyChangeListener(new PropertyChangeListener() { @Override public void propertyChange(PropertyChangeEvent evt) { - if(evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)){ + if (evt.getPropertyName().equals(Case.CASE_CURRENT_CASE)) { setEnabled(evt.getNewValue() != null); } } - }); //attempt to create a report folder if a case is active - Case.addPropertyChangeListener(new PropertyChangeListener () { + Case.addPropertyChangeListener(new PropertyChangeListener() { - @Override - public void propertyChange(PropertyChangeEvent evt) { - String changed = evt.getPropertyName(); + @Override + public void propertyChange(PropertyChangeEvent evt) { + String changed = evt.getPropertyName(); - //case has been changed - if (changed.equals(Case.CASE_CURRENT_CASE)) { - Case newCase = (Case)evt.getNewValue(); + //case has been changed + if (changed.equals(Case.CASE_CURRENT_CASE)) { + Case newCase = (Case) evt.getNewValue(); - if (newCase != null) { - boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists(); - if (exists) { - // report directory exists -- don't need to do anything - - } else { - // report directory does not exist -- create it - boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs(); - if(!reportCreate){ - logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist."); + if (newCase != null) { + boolean exists = (new File(newCase.getCaseDirectory() + "\\Reports")).exists(); + if (exists) { + // report directory exists -- don't need to do anything + } else { + // report directory does not exist -- create it + boolean reportCreate = (new File(newCase.getCaseDirectory() + "\\Reports")).mkdirs(); + if (!reportCreate) { + logger.log(Level.WARNING, "Could not create Reports directory for case. It does not exist."); + } } } - } + } } - } + }); -}); - // set action of the toolbar button toolbarButton.addActionListener(new ActionListener() { @@ -93,24 +106,25 @@ public final class reportAction extends CallableSystemAction implements Presente }); } - + @Override public void actionPerformed(ActionEvent e) { try { - + // create the popUp window for it final JFrame frame = new JFrame(ACTION_NAME); final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal // initialize panel with loaded settings - final reportFilter panel = new reportFilter(); - panel.setjButton2ActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - popUpWindow.dispose(); - } - }); - + final reportFilter panel = new reportFilter(); + panel.setjButton2ActionListener(new ActionListener() { + + @Override + public void actionPerformed(ActionEvent e) { + popUpWindow.dispose(); + } + }); + // add the panel to the popup window popUpWindow.add(panel); popUpWindow.pack(); @@ -125,16 +139,15 @@ public final class reportAction extends CallableSystemAction implements Presente // display the window popUpWindow.setVisible(true); // add the command to close the window to the button on the Case Properties form / panel - - + + } catch (Exception ex) { Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); } } - + @Override public void performAction() { - } @Override @@ -146,11 +159,11 @@ public final class reportAction extends CallableSystemAction implements Presente public HelpCtx getHelpCtx() { return HelpCtx.DEFAULT_HELP; } - + /** * Returns the toolbar component of this action * - * @return component the toolbar button + * @return component the toolbar button */ @Override public Component getToolbarPresenter() { @@ -163,10 +176,10 @@ public final class reportAction extends CallableSystemAction implements Presente /** * Set this action to be enabled/disabled * - * @param value whether to enable this action or not + * @param value whether to enable this action or not */ @Override - public void setEnabled(boolean value){ + public void setEnabled(boolean value) { super.setEnabled(value); toolbarButton.setEnabled(value); } diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilter.form b/Report/src/org/sleuthkit/autopsy/report/reportFilter.form index 7b3e65968b..6f51b2114a 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportFilter.form +++ b/Report/src/org/sleuthkit/autopsy/report/reportFilter.form @@ -1,4 +1,4 @@ - +
@@ -39,29 +39,24 @@ - - - - - - - - - - - - - - - - - + + + + + + + + + + + + diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilter.java b/Report/src/org/sleuthkit/autopsy/report/reportFilter.java index ed3e7e0007..e369a4caab 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportFilter.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportFilter.java @@ -1,43 +1,63 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -/* - * reportFilter.java + /* * - * Created on Feb 22, 2012, 11:12:12 AM + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; + import java.awt.event.ActionListener; import java.util.ArrayList; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.swing.SwingUtilities; import javax.swing.SwingWorker; import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskException; + /** * * @author Alex */ public class reportFilter extends javax.swing.JPanel { - public static ArrayList filters = new ArrayList(); - public final reportFilter panel = this; - reportPanelAction rpa = new reportPanelAction(); - public static boolean cancel = false; - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - /** Creates new form reportFilter */ - public reportFilter() { + + public static ArrayList filters = new ArrayList(); + public static ReportConfiguration config = new ReportConfiguration(); + private final Logger logger = Logger.getLogger(this.getClass().getName()); + public final reportFilter panel = this; + reportPanelAction rpa = new reportPanelAction(); + public static boolean cancel = false; + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + + /** + * Creates new form reportFilter + */ + public reportFilter() { initComponents(); cancel = false; - + } - /** This method is called from within the constructor to - * initialize the form. - * WARNING: Do NOT modify this code. The content of this method is - * always regenerated by the Form Editor. + /** + * This method is called from within the constructor to initialize the form. + * WARNING: Do NOT modify this code. The content of this method is always + * regenerated by the Form Editor. */ @SuppressWarnings("unchecked") // //GEN-BEGIN:initComponents @@ -162,65 +182,94 @@ public class reportFilter extends javax.swing.JPanel { }// //GEN-END:initComponents private void jCheckBox1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jCheckBox1ActionPerformed - }//GEN-LAST:event_jCheckBox1ActionPerformed -public void getfilters(java.awt.event.ActionEvent evt) -{ - jButton1ActionPerformed(evt); -} + public void getfilters(java.awt.event.ActionEvent evt) { + jButton1ActionPerformed(evt); + } private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed - - jButton1.setEnabled(false); + + jButton1.setEnabled(false); progBar.setEnabled(true); cancelButton.setEnabled(true); progBar.setStringPainted(true); - progBar.setValue(0); + progBar.setValue(0); filters.clear(); - if(jCheckBox1.isSelected()) - { - filters.add(2); - filters.add(3); - filters.add(4); - filters.add(5); + if (jCheckBox1.isSelected()) { + try { + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK, true); + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE, true); + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY, true); + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, true); + + filters.add(2); + filters.add(3); + filters.add(4); + filters.add(5); + } catch (ReportModuleException ex) { + logger.log(Level.WARNING, "", ex); + } } - if(jCheckBox2.isSelected()) - { - filters.add(1); + if (jCheckBox2.isSelected()) { + try { + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO, true); + filters.add(1); + } catch (ReportModuleException ex) { + logger.log(Level.WARNING, "", ex); + } } - if(jCheckBox3.isSelected()) - { - filters.add(9); + if (jCheckBox3.isSelected()) { + try { + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT, true); + filters.add(9); + } catch (ReportModuleException ex) { + logger.log(Level.WARNING, "", ex); + } } - if(jCheckBox4.isSelected()) - { - filters.add(10); - + if (jCheckBox4.isSelected()) { + try { + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT, true); + filters.add(10); + } catch (ReportModuleException ex) { + logger.log(Level.WARNING, "", ex); + } + } - if(jCheckBox5.isSelected()) - { - filters.add(6); - filters.add(8); - filters.add(11); + if (jCheckBox5.isSelected()) { + try { + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT, true); + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG, true); + config.setGenArtifactType(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED, true); + filters.add(6); + filters.add(8); + filters.add(11); + } catch (ReportModuleException ex) { + } } - getReports(); + getReports(); }//GEN-LAST:event_jButton1ActionPerformed -public void getReports() { - new SwingWorker() { - protected Void doInBackground() throws Exception { - rpa.reportGenerate(filters, panel); - return null; - }; + public void getReports() { + new SwingWorker() { + + @Override + protected Void doInBackground() throws Exception { + rpa.reportGenerate(config, panel); + return null; + } + + ; // this is called when the SwingWorker's doInBackground finishes - protected void done() { - progBar.setVisible(false); // hide my progress bar JFrame - }; - }.execute(); + @Override + protected void done() { + progBar.setVisible(false); // hide my progress bar JFrame + } + ; + }.execute(); progBar.setVisible(true); -} + } private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_cancelButtonActionPerformed cancelButton.setText("Cancelled!"); @@ -228,67 +277,69 @@ private void cancelButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN- }//GEN-LAST:event_cancelButtonActionPerformed private void jButton1MouseReleased(java.awt.event.MouseEvent evt) {//GEN-FIRST:event_jButton1MouseReleased - }//GEN-LAST:event_jButton1MouseReleased -public void progBarSet(int cc) -{ - final int count = cc; - SwingUtilities.invokeLater(new Runnable() { - public void run() { - int start = progBar.getValue(); - int end = start + count; - progBar.setValue(end); - progBar.setString(null); - progBar.setString(progBar.getString()); - progBar.setStringPainted(true); - if(progBar.getPercentComplete() == 1.0){ - progBar.setString("Populating Report - Please wait..."); - progBar.setStringPainted(true); - progBar.setIndeterminate(true); - } - }}); -} + public void progBarSet(int cc) { + final int count = cc; + SwingUtilities.invokeLater(new Runnable() { -public void progBarDone(){ - int max = progBar.getMaximum(); - progBar.setValue(max); - jButton2.doClick(); -} -public void progBarStartText(){ - progBar.setIndeterminate(true); - progBar.setString("Querying Database for Report Results..."); -} -public void progBarText(){ - - progBar.setString("Populating Report - Please wait..."); - progBar.setStringPainted(true); - progBar.repaint(); - progBar.setIndeterminate(true); - -} - -public void progBarCount(int count){ - progBar.setIndeterminate(false); - progBar.setString(null); - progBar.setMinimum(0); - progBar.setMaximum(count); - progBar.setValue(0); - //Double bper = progBar.getPercentComplete(); - progBar.setString(progBar.getString()); - -} - -public void setjButton1ActionListener(ActionListener e){ - jButton1.addActionListener(e); - + @Override + public void run() { + int start = progBar.getValue(); + int end = start + count; + progBar.setValue(end); + progBar.setString(null); + progBar.setString(progBar.getString()); + progBar.setStringPainted(true); + if (progBar.getPercentComplete() == 1.0) { + progBar.setString("Populating Report - Please wait..."); + progBar.setStringPainted(true); + progBar.setIndeterminate(true); + } + } + }); } -public void setjButton2ActionListener(ActionListener e){ - jButton2.addActionListener(e); - cancelButton.addActionListener(e); + public void progBarDone() { + int max = progBar.getMaximum(); + progBar.setValue(max); + jButton2.doClick(); } + public void progBarStartText() { + progBar.setIndeterminate(true); + progBar.setString("Querying Database for Report Results..."); + } + + public void progBarText() { + + progBar.setString("Populating Report - Please wait..."); + progBar.setStringPainted(true); + progBar.repaint(); + progBar.setIndeterminate(true); + + } + + public void progBarCount(int count) { + progBar.setIndeterminate(false); + progBar.setString(null); + progBar.setMinimum(0); + progBar.setMaximum(count); + progBar.setValue(0); + //Double bper = progBar.getPercentComplete(); + progBar.setString(progBar.getString()); + + } + + public void setjButton1ActionListener(ActionListener e) { + jButton1.addActionListener(e); + + } + + public void setjButton2ActionListener(ActionListener e) { + jButton2.addActionListener(e); + cancelButton.addActionListener(e); + } // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JButton cancelButton; private javax.swing.JButton jButton1; @@ -300,5 +351,4 @@ public void setjButton2ActionListener(ActionListener e){ private javax.swing.JCheckBox jCheckBox5; private javax.swing.JProgressBar progBar; // End of variables declaration//GEN-END:variables - } diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java b/Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java index 304b204f91..f6346a4ee2 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportFilterAction.java @@ -16,7 +16,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.sleuthkit.autopsy.report; import java.awt.Container; @@ -31,6 +30,7 @@ import org.sleuthkit.autopsy.coreutils.Log; /** * The reportFilterAction opens the reportFilterPanel in a dialog, and saves the * settings of the panel if the Apply button is clicked. + * * @author pmartel */ class reportFilterAction { @@ -44,10 +44,10 @@ class reportFilterAction { try { // create the popUp window for it - Container cpane; + Container cpane; final JFrame frame = new JFrame(ACTION_NAME); final JDialog popUpWindow = new JDialog(frame, ACTION_NAME, true); // to make the popUp Window to be modal - cpane = frame.getContentPane(); + cpane = frame.getContentPane(); // initialize panel with loaded settings final reportFilter panel = new reportFilter(); @@ -64,8 +64,8 @@ class reportFilterAction { // display the window popUpWindow.setVisible(true); - - + + } catch (Exception ex) { Log.get(reportFilterAction.class).log(Level.WARNING, "Error displaying " + ACTION_NAME + " window.", ex); } @@ -76,9 +76,8 @@ class reportFilterAction { return ACTION_NAME; } - // @Override + // @Override public HelpCtx getHelpCtx() { return HelpCtx.DEFAULT_HELP; } } - diff --git a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java index b9d086c5eb..f1fc88bf56 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; @@ -30,383 +46,369 @@ import org.sleuthkit.datamodel.TskData; * @author Alex */ public class reportHTML { - + //Declare our publically accessible formatted report, this will change everytime they run a report public static StringBuilder formatted_Report = new StringBuilder(); public static StringBuilder unformatted_header = new StringBuilder(); public static StringBuilder formatted_header = new StringBuilder(); public static String htmlPath = ""; -public reportHTML (HashMap> report, reportFilter rr){ - - //This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones. - //Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded. - //Also, clearing variables to generate new report. - formatted_Report.setLength(0); - unformatted_header.setLength(0); - formatted_header.setLength(0); - - int countGen = 0; - int countWebBookmark = 0; - int countWebCookie = 0; - int countWebHistory = 0; - int countWebDownload = 0; - int countRecentObjects = 0; - int countTrackPoint = 0; - int countInstalled = 0; - int countKeyword = 0; - int countHash = 0; - int countDevice = 0; - for (Entry> entry : report.entrySet()) { - if(entry.getKey().getArtifactTypeID() == 1){ - countGen++; - } - if(entry.getKey().getArtifactTypeID() == 2){ - countWebBookmark++; - } - if(entry.getKey().getArtifactTypeID() == 3){ - countWebCookie++; - } - if(entry.getKey().getArtifactTypeID() == 4){ + public reportHTML(HashMap> report, reportFilter rr) { - countWebHistory++; - } - if(entry.getKey().getArtifactTypeID() == 5){ - countWebDownload++; - } - if(entry.getKey().getArtifactTypeID() == 6){ - countRecentObjects++; - } - if(entry.getKey().getArtifactTypeID() == 7){ - countTrackPoint++; - } - if(entry.getKey().getArtifactTypeID() == 8){ - countInstalled++; - } - if(entry.getKey().getArtifactTypeID() == 9){ - countKeyword++; - } - if(entry.getKey().getArtifactTypeID() == 10){ - countHash++; - } - if(entry.getKey().getArtifactTypeID() == 11){ - countDevice++; - } - } - - try{ - String ingestwarning = "

Warning, this report was run before ingest services completed!

"; - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - String caseName = currentCase.getName(); - Integer imagecount = currentCase.getImageIDs().length; - Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); - Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); - int reportsize = report.size(); - Integer filesystemcount = currentCase.getRootObjectsCount(); - DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); - DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy"); - Date date = new Date(); - String datetime = datetimeFormat.format(date); - String datenotime = dateFormat.format(date); - String CSS = ""; - //Add additional header information - String header = "Autopsy Report for Case: " + caseName + ""; - formatted_header.append(header); - formatted_header.append(CSS); - - //do for unformatted + + "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} " + + "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} " + + "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} " + + "table tr th:nth-child(1) {text-align: center; width: 60px;} " + + "table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} " + + "table tr:nth-child(even) td {background: #f3f3f3;} " + + "table tr td:nth-child(1) {text-align: left; width: 60px; background: #f3f3f3;} " + + "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}" + + ""; + //Add additional header information + String header = "Autopsy Report for Case: " + caseName + ""; + formatted_header.append(header); + formatted_header.append(CSS); + + //do for unformatted String simpleCSS = ""; - unformatted_header.append(header); - unformatted_header.append(simpleCSS); + + ""; + unformatted_header.append(header); + unformatted_header.append(simpleCSS); //formatted_Report.append(""); formatted_Report.append("
"); // Add summary information now - + formatted_Report.append("

Report for Case: ").append(caseName).append("

"); - if(IngestManager.getDefault().isIngestRunning()) - { + if (IngestManager.getDefault().isIngestRunning()) { formatted_Report.append(ingestwarning); } - formatted_Report.append("

Case Summary

HTML Report Generated by Autopsy 3 on ").append(datetime).append("

"); - formatted_header.append(formatted_Report); - // unformatted_header.append(formatted_Report); - htmlPath = currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".html"; - Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlPath), "UTF-8")); - out.write(formatted_header.toString()); - - out.flush(); - out.close(); - - } - catch(Exception e) - { - Logger.getLogger(reportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e); - } - } + formatted_Report.append(""); + formatted_header.append(formatted_Report); + // unformatted_header.append(formatted_Report); + htmlPath = currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".html"; + Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlPath), "UTF-8")); + out.write(formatted_header.toString()); - + out.flush(); + out.close(); + + } catch (Exception e) { + + Logger.getLogger(reportHTML.class.getName()).log(Level.WARNING, "Exception occurred", e); + } + } } \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanel.form b/Report/src/org/sleuthkit/autopsy/report/reportPanel.form index 25b5456d3b..813c576b43 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportPanel.form +++ b/Report/src/org/sleuthkit/autopsy/report/reportPanel.form @@ -1,4 +1,4 @@ - + diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanel.java b/Report/src/org/sleuthkit/autopsy/report/reportPanel.java index ff67e76400..337c9012ff 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportPanel.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportPanel.java @@ -1,20 +1,27 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -/* - * reportPanel.java + /* * - * Created on Feb 21, 2012, 12:13:14 PM + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; + import java.awt.event.ActionListener; -import java.io.BufferedWriter; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.OutputStreamWriter; -import java.io.Writer; +import java.io.*; import java.text.DateFormat; import java.text.SimpleDateFormat; import java.util.Date; @@ -30,16 +37,17 @@ import org.jdom.output.XMLOutputter; */ public class reportPanel extends javax.swing.JPanel { - /** Creates new form reportPanel */ - public reportPanel(String report) { + /** + * Creates new form reportPanel + */ + public reportPanel() { initComponents(); - setReportWindow(report); } - /** This method is called from within the constructor to - * initialize the form. - * WARNING: Do NOT modify this code. The content of this method is - * always regenerated by the Form Editor. + /** + * This method is called from within the constructor to initialize the form. + * WARNING: Do NOT modify this code. The content of this method is always + * regenerated by the Form Editor. */ @SuppressWarnings("unchecked") // //GEN-BEGIN:initComponents @@ -94,86 +102,64 @@ public class reportPanel extends javax.swing.JPanel { }// //GEN-END:initComponents private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_saveReportActionPerformed - + saveReportAction(); }//GEN-LAST:event_saveReportActionPerformed - /** + /** * Sets the listener for the OK button * - * @param e The action listener + * @param e The action listener */ - public void setjButton1ActionListener(ActionListener e){ - jButton1.addActionListener(e); + public void setjButton1ActionListener(ActionListener e) { + jButton1.addActionListener(e); } - public void getLink(HyperlinkEvent evt){ - try{ - - String str = evt.getDescription(); - // jEditorPane1.scrollToReference(str.substring(1)); - } - catch(Exception e){ - String whater = ""; - } - } - public void setjEditorPane1EventListener(HyperlinkListener evt){ - // jEditorPane1.addHyperlinkListener(evt); - } - - private void setReportWindow(String report) - { - // jEditorPane1.setText(report); - // jEditorPane1.setCaretPosition(0); - } - - public void setFinishedReportText(){ + + public void setFinishedReportText() { DateFormat dateFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); Date date = new Date(); String reportText = "Report was sucessfully generated at " + dateFormat.format(date) + "."; jLabel1.setText(reportText); } - - - private void saveReportAction(){ - + + private void saveReportAction() { + int option = jFileChooser1.showSaveDialog(this); - if(option == JFileChooser.APPROVE_OPTION){ - if(jFileChooser1.getSelectedFile()!=null){ - String path = jFileChooser1.getSelectedFile().toString(); - exportReport(path); + if (option == JFileChooser.APPROVE_OPTION) { + if (jFileChooser1.getSelectedFile() != null) { + String path = jFileChooser1.getSelectedFile().toString(); + exportReport(path); + } } - } - } - - private void exportReport(String path){ - - String htmlpath = reportUtils.changeExtension(path, ".html"); - String xmlpath = reportUtils.changeExtension(path, ".xml"); - String xlspath = reportUtils.changeExtension(path, ".xlsx"); - try { - Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8")); - - // FileOutputStream out = new FileOutputStream(htmlpath); - out.write(reportHTML.formatted_header.toString()); - out.flush(); - out.close(); - - //xls report - FileOutputStream fos = new FileOutputStream(xlspath); - reportXLS.wb.write(fos); - fos.close(); - - FileOutputStream xmlout = new FileOutputStream(xmlpath); - XMLOutputter serializer = new XMLOutputter(); - serializer.output(reportXML.xmldoc, xmlout); - xmlout.flush(); - xmlout.close(); - JOptionPane.showMessageDialog(this, "Report has been successfully saved!"); - } - catch (IOException e) { - System.err.println(e); - } } + private void exportReport(String path) { + + String htmlpath = reportUtils.changeExtension(path, ".html"); + String xmlpath = reportUtils.changeExtension(path, ".xml"); + String xlspath = reportUtils.changeExtension(path, ".xlsx"); + try { + Writer out = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(htmlpath), "UTF-8")); + + // FileOutputStream out = new FileOutputStream(htmlpath); + out.write(reportHTML.formatted_header.toString()); + out.flush(); + out.close(); + + //xls report + FileOutputStream fos = new FileOutputStream(xlspath); + reportXLS.wb.write(fos); + fos.close(); + + FileOutputStream xmlout = new FileOutputStream(xmlpath); + XMLOutputter serializer = new XMLOutputter(); + serializer.output(reportXML.xmldoc, xmlout); + xmlout.flush(); + xmlout.close(); + JOptionPane.showMessageDialog(this, "Report has been successfully saved!"); + } catch (IOException e) { + System.err.println(e); + } + } // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JButton jButton1; private javax.swing.JFileChooser jFileChooser1; @@ -181,6 +167,4 @@ private void saveReportActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FI private javax.swing.JOptionPane jOptionPane1; private javax.swing.JButton saveReport; // End of variables declaration//GEN-END:variables - - } diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java b/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java index da4a2b0add..72077c11df 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; @@ -8,18 +24,11 @@ import java.awt.Dimension; import java.awt.Toolkit; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; -import java.net.URL; -import java.util.ArrayList; -import java.util.HashMap; import java.util.logging.Level; import javax.swing.JDialog; import javax.swing.JFrame; import javax.swing.SwingUtilities; -import javax.swing.event.HyperlinkEvent; -import javax.swing.event.HyperlinkListener; import org.sleuthkit.autopsy.coreutils.Log; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; /** * @@ -32,15 +41,14 @@ public class reportPanelAction { } - public void reportGenerate(ArrayList reportlist, final reportFilter rr){ + public void reportGenerate(ReportConfiguration reportconfig, final reportFilter rr){ try { //Clear any old reports in the string viewReport.setLength(0); // Generate the reports and create the hashmap - final HashMap> Results = new HashMap>(); - report bbreport = new report(); + final ReportGen report = new ReportGen(); //see what reports we need to run and run them //Set progress bar to move while doing this SwingUtilities.invokeLater(new Runnable() { @@ -48,21 +56,11 @@ public class reportPanelAction { public void run() { rr.progBarStartText(); }}); - if(reportlist.contains(1)){Results.putAll(bbreport.getGenInfo());} - if(reportlist.contains(2)){Results.putAll(bbreport.getWebBookmark());} - if(reportlist.contains(3)){Results.putAll(bbreport.getWebCookie());} - if(reportlist.contains(4)){Results.putAll(bbreport.getWebHistory());} - if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());} - if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());} - // if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());} - if(reportlist.contains(8)){Results.putAll(bbreport.getInstalledProg());} - if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());} - if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());} - if(reportlist.contains(11)){Results.putAll(bbreport.getDevices());} + report.populateReport(reportconfig); SwingUtilities.invokeLater(new Runnable() { @Override public void run() { - rr.progBarCount(2*Results.size()); + rr.progBarCount(2*report.Results.size()); }}); //Turn our results into the appropriate xml/html reports //TODO: add a way for users to select what they will run when @@ -71,7 +69,7 @@ public class reportPanelAction { @Override public void run() { - reportXML xmlReport = new reportXML(Results, rr); + reportXML xmlReport = new reportXML(report.Results, rr); } }); Thread htmlthread = new Thread(new Runnable() @@ -79,8 +77,8 @@ public class reportPanelAction { @Override public void run() { - reportHTML htmlReport = new reportHTML(Results,rr); - + reportHTML htmlReport = new reportHTML(report.Results,rr); + BrowserControl.openUrl(reportHTML.htmlPath); } }); Thread xlsthread = new Thread(new Runnable() @@ -88,8 +86,8 @@ public class reportPanelAction { @Override public void run() { - reportXLS xlsReport = new reportXLS(Results,rr); - // BrowserControl.openUrl(xlsReport.xlsPath); + reportXLS xlsReport = new reportXLS(report.Results,rr); + // } }); @@ -110,7 +108,7 @@ public class reportPanelAction { htmlthread.join(); //Set the temporary label to let the user know its done and is waiting on the report rr.progBarText(); - final reportPanel panel = new reportPanel(viewReport.toString()); + final reportPanel panel = new reportPanel(); panel.setjButton1ActionListener(new ActionListener() { @@ -120,19 +118,6 @@ public class reportPanelAction { popUpWindow.dispose(); } }); - panel.setjEditorPane1EventListener(new HyperlinkListener(){ - @Override - public void hyperlinkUpdate(HyperlinkEvent hev) { - try { - if (hev.getEventType() == HyperlinkEvent.EventType.ACTIVATED) - - panel.getLink(hev); - } - catch (Exception e) { - // Exceptions thrown............... - } - } - }); // add the panel to the popup window popUpWindow.add(panel); diff --git a/Report/src/org/sleuthkit/autopsy/report/reportUtils.java b/Report/src/org/sleuthkit/autopsy/report/reportUtils.java index eb2ce020a1..c07f277da8 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportUtils.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportUtils.java @@ -1,6 +1,22 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; @@ -9,34 +25,32 @@ package org.sleuthkit.autopsy.report; * @author Alex */ public class reportUtils { - -static String changeExtension(String originalName, String newExtension) { - int lastDot = originalName.lastIndexOf("."); - if (lastDot != -1) { - return originalName.substring(0, lastDot) + newExtension; - } else { - return originalName + newExtension; - } -} -public static String insertPeriodically( - String text, String insert, int period) -{ - StringBuilder builder = new StringBuilder( - text.length() + insert.length() * (text.length()/period)+1); - - int index = 0; - String prefix = ""; - while (index < text.length()) - { - // Don't put the insert in the very first iteration. - // This is easier than appending it *after* each substring - builder.append(prefix); - prefix = insert; - builder.append(text.substring(index, - Math.min(index + period, text.length()))); - index += period; + static String changeExtension(String originalName, String newExtension) { + int lastDot = originalName.lastIndexOf("."); + if (lastDot != -1) { + return originalName.substring(0, lastDot) + newExtension; + } else { + return originalName + newExtension; + } + } + + public static String insertPeriodically( + String text, String insert, int period) { + StringBuilder builder = new StringBuilder( + text.length() + insert.length() * (text.length() / period) + 1); + + int index = 0; + String prefix = ""; + while (index < text.length()) { + // Don't put the insert in the very first iteration. + // This is easier than appending it *after* each substring + builder.append(prefix); + prefix = insert; + builder.append(text.substring(index, + Math.min(index + period, text.length()))); + index += period; + } + return builder.toString(); } - return builder.toString(); -} } \ No newline at end of file diff --git a/Report/src/org/sleuthkit/autopsy/report/reportXLS.java b/Report/src/org/sleuthkit/autopsy/report/reportXLS.java index 3d9f785a55..bff3e66243 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportXLS.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportXLS.java @@ -1,11 +1,26 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; import java.io.FileOutputStream; - import java.io.IOException; import java.text.DateFormat; import java.text.SimpleDateFormat; @@ -14,362 +29,343 @@ import java.util.Date; import java.util.HashMap; import java.util.Map.Entry; import java.util.TreeMap; -import org.apache.poi.ss.usermodel.Cell; -import org.apache.poi.ss.usermodel.CellStyle; -import org.apache.poi.ss.usermodel.Font; -import org.apache.poi.ss.usermodel.Row; -import org.apache.poi.ss.usermodel.Sheet; -import org.apache.poi.ss.usermodel.Workbook; +import org.apache.poi.ss.usermodel.*; import org.apache.poi.xssf.usermodel.XSSFWorkbook; import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskData; +import org.sleuthkit.datamodel.*; /** * * @author Alex */ public class reportXLS { - public static Workbook wb = new XSSFWorkbook(); - public reportXLS(HashMap> report, reportFilter rr){ - //Empty the workbook first - Workbook wbtemp = new XSSFWorkbook(); - - int countGen = 0; - int countBookmark = 0; - int countCookie = 0; - int countHistory = 0; - int countDownload = 0; - int countRecentObjects = 0; - int countTrackPoint = 0; - int countInstalled = 0; - int countKeyword = 0; - int countHash = 0; - int countDevice = 0; - for (Entry> entry : report.entrySet()) { - if(entry.getKey().getArtifactTypeID() == 1){ - countGen++; - } - if(entry.getKey().getArtifactTypeID() == 2){ - countBookmark++; - } - if(entry.getKey().getArtifactTypeID() == 3){ - countCookie++; - } - if(entry.getKey().getArtifactTypeID() == 4){ + public static Workbook wb = new XSSFWorkbook(); - countHistory++; + public reportXLS(HashMap> report, reportFilter rr) { + //Empty the workbook first + Workbook wbtemp = new XSSFWorkbook(); + + int countGen = 0; + int countBookmark = 0; + int countCookie = 0; + int countHistory = 0; + int countDownload = 0; + int countRecentObjects = 0; + int countTrackPoint = 0; + int countInstalled = 0; + int countKeyword = 0; + int countHash = 0; + int countDevice = 0; + for (Entry> entry : report.entrySet()) { + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + countGen++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + countBookmark++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + + countCookie++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + + countHistory++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + countDownload++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + countRecentObjects++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + countTrackPoint++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + countInstalled++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + countKeyword++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + countHash++; + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + countDevice++; + } + } + + try { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + String caseName = currentCase.getName(); + Integer imagecount = currentCase.getImageIDs().length; + Integer filesystemcount = currentCase.getRootObjectsCount(); + Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); + Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); + DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); + DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); + Date date = new Date(); + String datetime = datetimeFormat.format(date); + String datenotime = dateFormat.format(date); + + //The first summary report page + Sheet sheetSummary = wbtemp.createSheet("Summary"); + //Generate a sheet per artifact type + // Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName()); + Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName()); + Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName()); + Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName()); + Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName()); + // Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName()); + Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName()); + Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName()); + Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName()); + Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName()); + Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName()); + + //Bold/underline cell style for the top header rows + CellStyle style = wbtemp.createCellStyle(); + style.setBorderBottom((short) 2); + Font font = wbtemp.createFont(); + font.setFontHeightInPoints((short) 16); + font.setFontName("Courier New"); + font.setBoldweight((short) 2); + style.setFont(font); + //create the rows in the worksheet for our records + //Create first row and header + // sheetGen.createRow(0); + // sheetGen.getRow(0).createCell(0).setCellValue("Name"); + // sheetGen.getRow(0).createCell(1).setCellValue("Value"); + // sheetGen.getRow(0).createCell(2).setCellValue("Date/Time"); + + sheetSummary.createRow(0).setRowStyle(style); + sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information"); + sheetSummary.getRow(0).createCell(1).setCellValue(caseName); + //add some basic information + sheetSummary.createRow(1); + sheetSummary.getRow(1).createCell(0).setCellValue("# of Images"); + sheetSummary.getRow(1).createCell(1).setCellValue(imagecount); + sheetSummary.createRow(2); + sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found"); + sheetSummary.getRow(2).createCell(1).setCellValue(imagecount); + sheetSummary.createRow(3); + sheetSummary.getRow(3).createCell(0).setCellValue("# of Files"); + sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles); + sheetSummary.createRow(4); + sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories"); + sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs); + sheetSummary.createRow(5); + sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time"); + sheetSummary.getRow(5).createCell(1).setCellValue(datetime); + + + + sheetHash.createRow(0).setRowStyle(style); + sheetHash.getRow(0).createCell(0).setCellValue("Name"); + sheetHash.getRow(0).createCell(1).setCellValue("Size"); + sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name"); + + sheetDevice.createRow(0).setRowStyle(style); + sheetDevice.getRow(0).createCell(0).setCellValue("Name"); + sheetDevice.getRow(0).createCell(1).setCellValue("Serial #"); + sheetDevice.getRow(0).createCell(2).setCellValue("Time"); + + sheetInstalled.createRow(0).setRowStyle(style); + sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name"); + sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time"); + + sheetKeyword.createRow(0).setRowStyle(style); + sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword"); + sheetKeyword.getRow(0).createCell(1).setCellValue("File Name"); + sheetKeyword.getRow(0).createCell(2).setCellValue("Preview"); + sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst"); + + sheetRecent.createRow(0).setRowStyle(style); + sheetRecent.getRow(0).createCell(0).setCellValue("Name"); + sheetRecent.getRow(0).createCell(1).setCellValue("Path"); + sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut"); + + sheetCookie.createRow(0).setRowStyle(style); + sheetCookie.getRow(0).createCell(0).setCellValue("URL"); + sheetCookie.getRow(0).createCell(1).setCellValue("Date"); + sheetCookie.getRow(0).createCell(2).setCellValue("Name"); + sheetCookie.getRow(0).createCell(3).setCellValue("Value"); + sheetCookie.getRow(0).createCell(4).setCellValue("Program"); + + sheetBookmark.createRow(0).setRowStyle(style); + sheetBookmark.getRow(0).createCell(0).setCellValue("URL"); + sheetBookmark.getRow(0).createCell(1).setCellValue("Title"); + sheetBookmark.getRow(0).createCell(2).setCellValue("Program"); + + sheetDownload.createRow(0).setRowStyle(style); + sheetDownload.getRow(0).createCell(0).setCellValue("File"); + sheetDownload.getRow(0).createCell(1).setCellValue("Source"); + sheetDownload.getRow(0).createCell(2).setCellValue("Time"); + sheetDownload.getRow(0).createCell(3).setCellValue("Program"); + + sheetHistory.createRow(0).setRowStyle(style); + sheetHistory.getRow(0).createCell(0).setCellValue("URL"); + sheetHistory.getRow(0).createCell(1).setCellValue("Date"); + sheetHistory.getRow(0).createCell(2).setCellValue("Referrer"); + sheetHistory.getRow(0).createCell(3).setCellValue("Title"); + sheetHistory.getRow(0).createCell(4).setCellValue("Program"); + + for (int i = 0; i < wbtemp.getNumberOfSheets(); i++) { + Sheet tempsheet = wbtemp.getSheetAt(i); + tempsheet.setAutobreaks(true); + + for (Row temprow : tempsheet) { + for (Cell cell : temprow) { + cell.setCellStyle(style); + tempsheet.autoSizeColumn(cell.getColumnIndex()); } - if(entry.getKey().getArtifactTypeID() == 5){ - countDownload++; + } + } + + int countedGen = 0; + int countedBookmark = 0; + int countedCookie = 0; + int countedHistory = 0; + int countedDownload = 0; + int countedRecentObjects = 0; + int countedTrackPoint = 0; + int countedInstalled = 0; + int countedKeyword = 0; + int countedHash = 0; + int countedDevice = 0; + + //start populating the sheets in the workbook + for (Entry> entry : report.entrySet()) { + if (reportFilter.cancel == true) { + break; + } + int cc = 0; + Long objId = entry.getKey().getObjectID(); + FsContent file = skCase.getFsContentById(objId); + Long filesize = file.getSize(); + TreeMap attributes = new TreeMap(); + // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type + int n; + for (n = 1; n <= 36; n++) { + attributes.put(n, ""); + + } + for (BlackboardAttribute tempatt : entry.getValue()) { + if (reportFilter.cancel == true) { + break; } - if(entry.getKey().getArtifactTypeID() == 6){ - countRecentObjects++; + String value = ""; + int type = tempatt.getAttributeTypeID(); + if (tempatt.getValueString() == null || "null".equals(tempatt.getValueString())) { + } else if (type == 2 || type == 33) { + value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date((tempatt.getValueLong()) * 1000)); + } else { + value = tempatt.getValueString(); } - if(entry.getKey().getArtifactTypeID() == 7){ - countTrackPoint++; - } - if(entry.getKey().getArtifactTypeID() == 8){ - countInstalled++; - } - if(entry.getKey().getArtifactTypeID() == 9){ - countKeyword++; - } - if(entry.getKey().getArtifactTypeID() == 10){ - countHash++; - } - if(entry.getKey().getArtifactTypeID() == 11){ - countDevice++; - } + + attributes.put(type, value); + cc++; + } + + + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + countedGen++; + // Row temp = sheetGen.getRow(countedGen); + + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + countedBookmark++; + Row temp = sheetBookmark.createRow(countedBookmark); + temp.createCell(0).setCellValue(attributes.get(1)); + temp.createCell(1).setCellValue(attributes.get(3)); + temp.createCell(2).setCellValue(attributes.get(4)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + countedCookie++; + Row temp = sheetCookie.createRow(countedCookie); + temp.createCell(0).setCellValue(attributes.get(1)); + temp.createCell(1).setCellValue(attributes.get(2)); + temp.createCell(2).setCellValue(attributes.get(3)); + temp.createCell(3).setCellValue(attributes.get(6)); + temp.createCell(4).setCellValue(attributes.get(4)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + countedHistory++; + Row temp = sheetHistory.createRow(countedHistory); + temp.createCell(0).setCellValue(attributes.get(1)); + temp.createCell(1).setCellValue(attributes.get(33)); + temp.createCell(2).setCellValue(attributes.get(32)); + temp.createCell(3).setCellValue(attributes.get(3)); + temp.createCell(4).setCellValue(attributes.get(4)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + countedDownload++; + Row temp = sheetDownload.createRow(countedDownload); + temp.createCell(0).setCellValue(attributes.get(8)); + temp.createCell(1).setCellValue(attributes.get(1)); + temp.createCell(2).setCellValue(attributes.get(33)); + temp.createCell(3).setCellValue(attributes.get(4)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + countedRecentObjects++; + Row temp = sheetRecent.createRow(countedRecentObjects); + temp.createCell(0).setCellValue(attributes.get(3)); + temp.createCell(1).setCellValue(attributes.get(8)); + temp.createCell(2).setCellValue(file.getName()); + temp.createCell(3).setCellValue(attributes.get(4)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + // sheetTrackpoint.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + countedInstalled++; + Row temp = sheetInstalled.createRow(countedInstalled); + temp.createCell(0).setCellValue(attributes.get(4)); + temp.createCell(1).setCellValue(attributes.get(2)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + countedKeyword++; + Row temp = sheetKeyword.createRow(countedKeyword); + temp.createCell(0).setCellValue(attributes.get(10)); + temp.createCell(1).setCellValue(attributes.get(3)); + temp.createCell(2).setCellValue(attributes.get(12)); + temp.createCell(3).setCellValue(attributes.get(13)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + countedHash++; + Row temp = sheetHash.createRow(countedHash); + temp.createCell(0).setCellValue(file.getName().toString()); + temp.createCell(1).setCellValue(filesize.toString()); + temp.createCell(2).setCellValue(attributes.get(30)); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + countedDevice++; + Row temp = sheetDevice.createRow(countedDevice); + temp.createCell(0).setCellValue(attributes.get(18)); + temp.createCell(1).setCellValue(attributes.get(20)); + temp.createCell(2).setCellValue(attributes.get(2)); + } + + + cc++; + rr.progBarSet(cc); + } + + + //write out the report to the reports folder + try { + FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".xlsx"); + wbtemp.write(fos); + fos.close(); + wb = wbtemp; + } catch (IOException e) { + System.err.println(e); + } + + } catch (Exception E) { + String test = E.toString(); + } + } - - try{ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - String caseName = currentCase.getName(); - Integer imagecount = currentCase.getImageIDs().length; - Integer filesystemcount = currentCase.getRootObjectsCount(); - Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); - Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); - DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); - DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); - Date date = new Date(); - String datetime = datetimeFormat.format(date); - String datenotime = dateFormat.format(date); - - //The first summary report page - Sheet sheetSummary = wbtemp.createSheet("Summary"); - //Generate a sheet per artifact type - // Sheet sheetGen = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getDisplayName()); - Sheet sheetHash = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName()); - Sheet sheetDevice = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getDisplayName()); - Sheet sheetInstalled = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getDisplayName()); - Sheet sheetKeyword = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName()); - // Sheet sheetTrackpoint = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getDisplayName()); - Sheet sheetRecent = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getDisplayName()); - Sheet sheetCookie = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getDisplayName()); - Sheet sheetBookmark = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getDisplayName()); - Sheet sheetDownload = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getDisplayName()); - Sheet sheetHistory = wbtemp.createSheet(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getDisplayName()); - - //Bold/underline cell style for the top header rows - CellStyle style = wbtemp.createCellStyle(); - style.setBorderBottom((short) 2); - Font font = wbtemp.createFont(); - font.setFontHeightInPoints((short)16); - font.setFontName("Courier New"); - font.setBoldweight((short)2); - style.setFont(font); - //create the rows in the worksheet for our records - //Create first row and header - // sheetGen.createRow(0); - // sheetGen.getRow(0).createCell(0).setCellValue("Name"); - // sheetGen.getRow(0).createCell(1).setCellValue("Value"); - // sheetGen.getRow(0).createCell(2).setCellValue("Date/Time"); - - sheetSummary.createRow(0).setRowStyle(style); - sheetSummary.getRow(0).createCell(0).setCellValue("Summary Information"); - sheetSummary.getRow(0).createCell(1).setCellValue(caseName); - //add some basic information - sheetSummary.createRow(1); - sheetSummary.getRow(1).createCell(0).setCellValue("# of Images"); - sheetSummary.getRow(1).createCell(1).setCellValue(imagecount); - sheetSummary.createRow(2); - sheetSummary.getRow(2).createCell(0).setCellValue("Filesystems found"); - sheetSummary.getRow(2).createCell(1).setCellValue(imagecount); - sheetSummary.createRow(3); - sheetSummary.getRow(3).createCell(0).setCellValue("# of Files"); - sheetSummary.getRow(3).createCell(1).setCellValue(totalfiles); - sheetSummary.createRow(4); - sheetSummary.getRow(4).createCell(0).setCellValue("# of Directories"); - sheetSummary.getRow(4).createCell(1).setCellValue(totaldirs); - sheetSummary.createRow(5); - sheetSummary.getRow(5).createCell(0).setCellValue("Date/Time"); - sheetSummary.getRow(5).createCell(1).setCellValue(datetime); - - - - sheetHash.createRow(0).setRowStyle(style); - sheetHash.getRow(0).createCell(0).setCellValue("Name"); - sheetHash.getRow(0).createCell(1).setCellValue("Size"); - sheetHash.getRow(0).createCell(2).setCellValue("Hashset Name"); - - sheetDevice.createRow(0).setRowStyle(style); - sheetDevice.getRow(0).createCell(0).setCellValue("Name"); - sheetDevice.getRow(0).createCell(1).setCellValue("Serial #"); - sheetDevice.getRow(0).createCell(2).setCellValue("Time"); - - sheetInstalled.createRow(0).setRowStyle(style); - sheetInstalled.getRow(0).createCell(0).setCellValue("Program Name"); - sheetInstalled.getRow(0).createCell(1).setCellValue("Install Date/Time"); - - sheetKeyword.createRow(0).setRowStyle(style); - sheetKeyword.getRow(0).createCell(0).setCellValue("Keyword"); - sheetKeyword.getRow(0).createCell(1).setCellValue("File Name"); - sheetKeyword.getRow(0).createCell(2).setCellValue("Preview"); - sheetKeyword.getRow(0).createCell(3).setCellValue("Keyword LIst"); - - sheetRecent.createRow(0).setRowStyle(style); - sheetRecent.getRow(0).createCell(0).setCellValue("Name"); - sheetRecent.getRow(0).createCell(1).setCellValue("Path"); - sheetRecent.getRow(0).createCell(2).setCellValue("Related Shortcut"); - - sheetCookie.createRow(0).setRowStyle(style); - sheetCookie.getRow(0).createCell(0).setCellValue("URL"); - sheetCookie.getRow(0).createCell(1).setCellValue("Date"); - sheetCookie.getRow(0).createCell(2).setCellValue("Name"); - sheetCookie.getRow(0).createCell(3).setCellValue("Value"); - sheetCookie.getRow(0).createCell(4).setCellValue("Program"); - - sheetBookmark.createRow(0).setRowStyle(style); - sheetBookmark.getRow(0).createCell(0).setCellValue("URL"); - sheetBookmark.getRow(0).createCell(1).setCellValue("Title"); - sheetBookmark.getRow(0).createCell(2).setCellValue("Program"); - - sheetDownload.createRow(0).setRowStyle(style); - sheetDownload.getRow(0).createCell(0).setCellValue("File"); - sheetDownload.getRow(0).createCell(1).setCellValue("Source"); - sheetDownload.getRow(0).createCell(2).setCellValue("Time"); - sheetDownload.getRow(0).createCell(3).setCellValue("Program"); - - sheetHistory.createRow(0).setRowStyle(style); - sheetHistory.getRow(0).createCell(0).setCellValue("URL"); - sheetHistory.getRow(0).createCell(1).setCellValue("Date"); - sheetHistory.getRow(0).createCell(2).setCellValue("Referrer"); - sheetHistory.getRow(0).createCell(3).setCellValue("Title"); - sheetHistory.getRow(0).createCell(4).setCellValue("Program"); - - for(int i = 0;i < wbtemp.getNumberOfSheets();i++){ - Sheet tempsheet = wbtemp.getSheetAt(i); - tempsheet.setAutobreaks(true); - - for (Row temprow : tempsheet){ - for (Cell cell : temprow) { - cell.setCellStyle(style); - tempsheet.autoSizeColumn(cell.getColumnIndex()); - } - } - } - - int countedGen = 0; - int countedBookmark = 0; - int countedCookie = 0; - int countedHistory = 0; - int countedDownload = 0; - int countedRecentObjects = 0; - int countedTrackPoint = 0; - int countedInstalled = 0; - int countedKeyword = 0; - int countedHash = 0; - int countedDevice = 0; - - //start populating the sheets in the workbook - for (Entry> entry : report.entrySet()) { - if(reportFilter.cancel == true){ - break; - } - int cc = 0; - Long objId = entry.getKey().getObjectID(); - FsContent file = skCase.getFsContentById(objId); - Long filesize = file.getSize(); - TreeMap attributes = new TreeMap(); - // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type - int n; - for(n=1;n<=36;n++) - { - attributes.put(n, ""); - - } - for (BlackboardAttribute tempatt : entry.getValue()) - { - if(reportFilter.cancel == true){ - break; - } - String value = ""; - int type = tempatt.getAttributeTypeID(); - if(tempatt.getValueString() == null || "null".equals(tempatt.getValueString())){ - - } - else if(type == 2){ - value = new java.text.SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new java.util.Date ((tempatt.getValueLong())*1000)); - } - else - { - value = tempatt.getValueString(); - } - - attributes.put(type, value); - cc++; - } - - - if(entry.getKey().getArtifactTypeID() == 1){ - countedGen++; - // Row temp = sheetGen.getRow(countedGen); - - } - if(entry.getKey().getArtifactTypeID() == 2){ - countedBookmark++; - Row temp = sheetBookmark.createRow(countedBookmark); - temp.createCell(0).setCellValue(attributes.get(1)); - temp.createCell(1).setCellValue(attributes.get(3)); - temp.createCell(2).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 3){ - countedCookie++; - Row temp = sheetCookie.createRow(countedCookie); - temp.createCell(0).setCellValue(attributes.get(1)); - temp.createCell(1).setCellValue(attributes.get(2)); - temp.createCell(2).setCellValue(attributes.get(3)); - temp.createCell(3).setCellValue(attributes.get(6)); - temp.createCell(4).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 4){ - countedHistory++; - Row temp = sheetHistory.createRow(countedHistory); - temp.createCell(0).setCellValue(attributes.get(1)); - temp.createCell(1).setCellValue(attributes.get(33)); - temp.createCell(2).setCellValue(attributes.get(32)); - temp.createCell(3).setCellValue(attributes.get(3)); - temp.createCell(4).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 5){ - countedDownload++; - Row temp = sheetDownload.createRow(countedDownload); - temp.createCell(0).setCellValue(attributes.get(8)); - temp.createCell(1).setCellValue(attributes.get(1)); - temp.createCell(2).setCellValue(attributes.get(33)); - temp.createCell(3).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 6){ - countedRecentObjects++; - Row temp = sheetRecent.createRow(countedRecentObjects); - temp.createCell(0).setCellValue(attributes.get(3)); - temp.createCell(1).setCellValue(attributes.get(8)); - temp.createCell(2).setCellValue(file.getName()); - temp.createCell(3).setCellValue(attributes.get(4)); - } - if(entry.getKey().getArtifactTypeID() == 7){ - // sheetTrackpoint.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 8){ - countedInstalled++; - Row temp = sheetInstalled.createRow(countedInstalled); - temp.createCell(0).setCellValue(attributes.get(4)); - temp.createCell(1).setCellValue(attributes.get(2)); - } - if(entry.getKey().getArtifactTypeID() == 9){ - countedKeyword++; - Row temp = sheetKeyword.createRow(countedKeyword); - temp.createCell(0).setCellValue(attributes.get(10)); - temp.createCell(1).setCellValue(attributes.get(3)); - temp.createCell(2).setCellValue(attributes.get(12)); - temp.createCell(3).setCellValue(attributes.get(13)); - } - if(entry.getKey().getArtifactTypeID() == 10){ - countedHash++; - Row temp = sheetHash.createRow(countedHash); - temp.createCell(0).setCellValue(file.getName().toString()); - temp.createCell(1).setCellValue(filesize.toString()); - temp.createCell(2).setCellValue(attributes.get(30)); - } - if(entry.getKey().getArtifactTypeID() == 11){ - countedDevice++; - Row temp = sheetDevice.createRow(countedDevice); - temp.createCell(0).setCellValue(attributes.get(18)); - temp.createCell(1).setCellValue(attributes.get(20)); - temp.createCell(2).setCellValue(attributes.get(2)); - } - - - cc++; - rr.progBarSet(cc); - } - - - //write out the report to the reports folder - try { - FileOutputStream fos = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xlsx"); - wbtemp.write(fos); - fos.close(); - wb = wbtemp; - } - catch (IOException e) { - System.err.println(e); - } - - } - - catch(Exception E) - { - String test = E.toString(); - } - - } - - } diff --git a/Report/src/org/sleuthkit/autopsy/report/reportXML.java b/Report/src/org/sleuthkit/autopsy/report/reportXML.java index c8d9d0335a..eb03ff140f 100644 --- a/Report/src/org/sleuthkit/autopsy/report/reportXML.java +++ b/Report/src/org/sleuthkit/autopsy/report/reportXML.java @@ -1,8 +1,25 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. + /* + * + * Autopsy Forensic Browser + * + * Copyright 2012 42six Solutions. + * Contact: aebadirad 42six com + * Project Contact/Architect: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ package org.sleuthkit.autopsy.report; + import java.io.FileOutputStream; import java.io.IOException; import java.text.DateFormat; @@ -31,128 +48,129 @@ import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskData; + public class reportXML { + public static Document xmldoc = new Document(); - public reportXML (HashMap> report, reportFilter rr){ - try{ - Case currentCase = Case.getCurrentCase(); // get the most updated case - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - String caseName = currentCase.getName(); - Integer imagecount = currentCase.getImageIDs().length; - Integer filesystemcount = currentCase.getRootObjectsCount(); - Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); - Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); - Element root = new Element("Case"); - xmldoc = new Document(root); - DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); - DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); - Date date = new Date(); - String datetime = datetimeFormat.format(date); - String datenotime = dateFormat.format(date); - Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime); - root.addContent(comment); - //Create summary node involving how many of each type - Element summary = new Element("Summary"); - if(IngestManager.getDefault().isIngestRunning()) - { - summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!")); + + public reportXML(HashMap> report, reportFilter rr) { + try { + Case currentCase = Case.getCurrentCase(); // get the most updated case + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + String caseName = currentCase.getName(); + Integer imagecount = currentCase.getImageIDs().length; + Integer filesystemcount = currentCase.getRootObjectsCount(); + Integer totalfiles = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG); + Integer totaldirs = skCase.countFsContentType(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR); + Element root = new Element("Case"); + xmldoc = new Document(root); + DateFormat datetimeFormat = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); + DateFormat dateFormat = new SimpleDateFormat("MM-dd-yyyy-HH-mm-ss"); + Date date = new Date(); + String datetime = datetimeFormat.format(date); + String datenotime = dateFormat.format(date); + Comment comment = new Comment("XML Report Generated by Autopsy 3 on " + datetime); + root.addContent(comment); + //Create summary node involving how many of each type + Element summary = new Element("Summary"); + if (IngestManager.getDefault().isIngestRunning()) { + summary.addContent(new Element("Warning").setText("Report was run before ingest services completed!")); } - summary.addContent(new Element("Name").setText(caseName)); - summary.addContent(new Element("Total-Images").setText(imagecount.toString())); - summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString())); - summary.addContent(new Element("Total-Files").setText(totalfiles.toString())); - summary.addContent(new Element("Total-Directories").setText(totaldirs.toString())); - root.addContent(summary); - //generate the nodes for each of the types so we can use them later - Element nodeGen = new Element("General-Information"); - Element nodeWebBookmark = new Element("Web-Bookmarks"); - Element nodeWebCookie = new Element("Web-Cookies"); - Element nodeWebHistory = new Element("Web-History"); - Element nodeWebDownload = new Element("Web-Downloads"); - Element nodeRecentObjects = new Element("Recent-Documents"); - Element nodeTrackPoint = new Element("Track-Points"); - Element nodeInstalled = new Element("Installed-Programfiles"); - Element nodeKeyword = new Element("Keyword-Search-Hits"); - Element nodeHash = new Element("Hashset-Hits"); - Element nodeDevice = new Element("Attached-Devices"); - //remove bytes - Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]"); - for (Entry> entry : report.entrySet()) { - if(reportFilter.cancel == true){ - break; - } - int cc = 0; - Element artifact = new Element("Artifact"); - Long objId = entry.getKey().getObjectID(); - Content cont = skCase.getContentById(objId); - Long filesize = cont.getSize(); - artifact.setAttribute("ID", objId.toString()); - artifact.setAttribute("Name", cont.accept(new NameVisitor())); - artifact.setAttribute("Size", filesize.toString()); - - // Get all the attributes for this guy - for (BlackboardAttribute tempatt : entry.getValue()) - { - if(reportFilter.cancel == true){ - break; - } - Element attribute = new Element("Attribute").setAttribute("Type",tempatt.getAttributeTypeDisplayName()); - String tempvalue = tempatt.getValueString(); - //INVALID_XML_CHARS.matcher(tempvalue).replaceAll(""); - Element value = new Element("Value").setText(tempvalue); - attribute.addContent(value); - Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext())); - attribute.addContent(context); - artifact.addContent(attribute); - cc++; - } - - if(entry.getKey().getArtifactTypeID() == 1){ - //while (entry.getValue().iterator().hasNext()) - // { - // } - nodeGen.addContent(artifact); + summary.addContent(new Element("Name").setText(caseName)); + summary.addContent(new Element("Total-Images").setText(imagecount.toString())); + summary.addContent(new Element("Total-FileSystems").setText(filesystemcount.toString())); + summary.addContent(new Element("Total-Files").setText(totalfiles.toString())); + summary.addContent(new Element("Total-Directories").setText(totaldirs.toString())); + root.addContent(summary); + //generate the nodes for each of the types so we can use them later + Element nodeGen = new Element("General-Information"); + Element nodeWebBookmark = new Element("Web-Bookmarks"); + Element nodeWebCookie = new Element("Web-Cookies"); + Element nodeWebHistory = new Element("Web-History"); + Element nodeWebDownload = new Element("Web-Downloads"); + Element nodeRecentObjects = new Element("Recent-Documents"); + Element nodeTrackPoint = new Element("Track-Points"); + Element nodeInstalled = new Element("Installed-Programfiles"); + Element nodeKeyword = new Element("Keyword-Search-Hits"); + Element nodeHash = new Element("Hashset-Hits"); + Element nodeDevice = new Element("Attached-Devices"); + //remove bytes + Pattern INVALID_XML_CHARS = Pattern.compile("[^\\u0009\\u000A\\u000D\\u0020-\\uD7FF\\uE000-\\uFFFD\uD800\uDC00-\uDBFF\uDFFF]"); + for (Entry> entry : report.entrySet()) { + if (reportFilter.cancel == true) { + break; + } + int cc = 0; + Element artifact = new Element("Artifact"); + Long objId = entry.getKey().getObjectID(); + Content cont = skCase.getContentById(objId); + Long filesize = cont.getSize(); + artifact.setAttribute("ID", objId.toString()); + artifact.setAttribute("Name", cont.accept(new NameVisitor())); + artifact.setAttribute("Size", filesize.toString()); + + // Get all the attributes for this guy + for (BlackboardAttribute tempatt : entry.getValue()) { + if (reportFilter.cancel == true) { + break; + } + Element attribute = new Element("Attribute").setAttribute("Type", tempatt.getAttributeTypeDisplayName()); + String tempvalue = tempatt.getValueString(); + //INVALID_XML_CHARS.matcher(tempvalue).replaceAll(""); + Element value = new Element("Value").setText(tempvalue); + attribute.addContent(value); + Element context = new Element("Context").setText(StringEscapeUtils.escapeXml(tempatt.getContext())); + attribute.addContent(context); + artifact.addContent(attribute); + cc++; + } + + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()) { + //while (entry.getValue().iterator().hasNext()) + // { + // } + nodeGen.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()) { + + + nodeWebBookmark.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()) { + + nodeWebCookie.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()) { + + nodeWebHistory.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()) { + nodeWebDownload.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID()) { + nodeRecentObjects.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_TRACKPOINT.getTypeID()) { + nodeTrackPoint.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID()) { + nodeInstalled.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + nodeKeyword.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { + nodeHash.addContent(artifact); + } + if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { + nodeDevice.addContent(artifact); + } + cc++; + rr.progBarSet(cc); + //end of master loop } - if(entry.getKey().getArtifactTypeID() == 2){ - - - nodeWebBookmark.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 3){ - - nodeWebCookie.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 4){ - - nodeWebHistory.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 5){ - nodeWebDownload.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 6){ - nodeRecentObjects.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 7){ - nodeTrackPoint.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 8){ - nodeInstalled.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 9){ - nodeKeyword.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 10){ - nodeHash.addContent(artifact); - } - if(entry.getKey().getArtifactTypeID() == 11){ - nodeDevice.addContent(artifact); - } - cc++; - rr.progBarSet(cc); - //end of master loop - } - - //add them in the order we want them to the document + + //add them in the order we want them to the document root.addContent(nodeGen); root.addContent(nodeWebBookmark); root.addContent(nodeWebCookie); @@ -162,26 +180,24 @@ public class reportXML { root.addContent(nodeTrackPoint); root.addContent(nodeInstalled); root.addContent(nodeKeyword); - root.addContent(nodeHash); + root.addContent(nodeHash); root.addContent(nodeDevice); - - try { - FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory()+"/Reports/" + caseName + "-" + datenotime + ".xml"); - XMLOutputter serializer = new XMLOutputter(); - serializer.output(xmldoc, out); - out.flush(); - out.close(); - } - catch (IOException e) { - System.err.println(e); - } - } - catch (Exception e){ - Logger.getLogger(reportXML.class.getName()).log(Level.WARNING, "Exception occurred", e); + try { + FileOutputStream out = new FileOutputStream(currentCase.getCaseDirectory() + "/Reports/" + caseName + "-" + datenotime + ".xml"); + XMLOutputter serializer = new XMLOutputter(); + serializer.output(xmldoc, out); + out.flush(); + out.close(); + } catch (IOException e) { + System.err.println(e); + } + + } catch (Exception e) { + Logger.getLogger(reportXML.class.getName()).log(Level.WARNING, "Exception occurred", e); + } } - } - + private class NameVisitor extends ContentVisitor.Default { @Override