diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
index f28ecf856918ca0c4e2e53ef7fce939e234d4b12..540bc15a54fd1a70ddd908a89e2e246a8623be38 100755
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
@@ -240,18 +240,30 @@ public void parsePascoResults() {
String[] lineBuff = line.split("\\t");
PASCO_RESULTS_LUT = new HashMap<String, Object>();
String url[] = lineBuff[1].split("@",2);
+ String ddtime = lineBuff[2];
+ String actime = lineBuff[3];
String user = "";
String realurl = "";
if(url.length > 1)
{
user = url[0];
user = user.replace("Visited:", "");
- user = user.replace(":(.*?):", "");
user = user.replace(":Host:", "");
+ user = user.replaceAll("(:)(.*?)(:)", "");
+ user = user.trim();
realurl = url[1];
realurl = realurl.replace("Visited:", "");
- realurl = realurl.replace(":(.*?):", "");
+ realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", "");
+ realurl = realurl.trim();
+ }
+ if(!ddtime.isEmpty()){
+ ddtime = ddtime.replace("T"," ");
+ ddtime = ddtime.substring(ddtime.length()-4);
+ }
+ if(!actime.isEmpty()){
+ actime = actime.replace("z"," ");
+ actime = actime.substring(0,actime.length()-5);
}
// TODO: Need to fix this so we have the right obj_id
@@ -259,11 +271,11 @@ public void parsePascoResults() {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", "", realurl));
- bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", lineBuff[3]));
+ bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "", actime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(), "RecentActivity", "", "None"));
- bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", lineBuff[2]));
+ // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "", ddtime));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","Internet Explorer"));
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index bc6bc7cb5ed62a2e178167e1a78c893b50ba71aa..395416397b81612c3fea28d4b1996e02a32c3154 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -76,7 +76,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
if(Success)
{
//Delete dat file since it was succcessfully by Pasco
- regFile.delete();
+ //regFile.delete();
}
j++;
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
index 84e1a7e186cf97fb8351cb97725ee8a7015932f7..c7c4a68eee39f8be3f042c56ec5fc646a1eff6d9 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
@@ -88,7 +88,7 @@ public void getffdb(List<String> image, IngestImageWorkerController controller){
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),"RecentActivity","",temprs.getString("url")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(),"RecentActivity","Last Visited",temprs.getString("visit_date")));
- bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",temprs.getString("ref")));
+ bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),"RecentActivity","",((temprs.getString("ref") != null) ? temprs.getString("ref") : "None")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(),"RecentActivity","",((temprs.getString("title") != null) ? temprs.getString("title") : "No Title")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),"RecentActivity","","FireFox"));
bbart.addAttributes(bbattributes);
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
index f0714f677c5d3ceb06057963b17e505639ec2b01..df962744ff7952f22d854a68e664f429286df048 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
@@ -4,6 +4,7 @@
*/
package org.sleuthkit.autopsy.report;
+import java.io.File;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
@@ -41,57 +42,85 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
Date date = new Date();
String datetime = datetimeFormat.format(date);
String datenotime = dateFormat.format(date);
- //Add html header info
- formatted_Report.append("<html><head>Autopsy Report for Case:").append(caseName).append("</head><body><div id=\"main\"><div id=\"content\">");
+ // String CSS = "<replaceme>"
+ // + "body {padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;} "
+ // + "h1 {font-size: 26px; color: #005577; margin: 0 0 20px 0;} "
+ // + "h2 {font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;} "
+ // + "h3 {font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;} "
+ // + "p {margin: 0 0 20px 0;} table {width: 100%; padding: 0; margin: 0; border-collapse: collapse; border-bottom: 1px solid #e5e5e5;} "
+ // + "table thead th {display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede;} "
+ // + "table tr th:nth-child(1) {text-align: center; width: 60px;} table td {display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;} "
+ // + "table tr:nth-child(even) td {background: #f3f3f3;} "
+ // + "table tr td:nth-child(1) {text-align: center; width: 60px; background: #f3f3f3;} "
+ // + "table tr:nth-child(even) td:nth-child(1) {background: #eaeaea;}"
+ // + "</replaceme>";
+ //Add additional header information
+ formatted_Report.append("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\"><head><title>Autopsy Report for Case:").append(caseName).append("</title>");
+
+ //formatted_Report.append("<link rel=\"stylesheet\" href=\"" + rrpath + "report.css\" type=\"text/css\" />");
+ formatted_Report.append("</head><body style=\"padding: 30px; margin: 0; background: #FFFFFF; font: 13px/20px Arial, Helvetica, sans-serif; color: #535353;\"><div id=\"main\"><div id=\"content\">");
// Add summary information now
- formatted_Report.append("<h1>Report for Case: ").append(caseName).append("</h1>");
- formatted_Report.append("<h3>Case Summary</h3><p>HTML Report Generated by Autopsy 3 on ").append(datetime).append("<br /><ul>");
+ // formatted_Report.append("<style>" + CSS + "</style>");
+ formatted_Report.append("<h1 style=\"font-size: 26px; color: #005577; margin: 0 0 20px 0;\">Report for Case: ").append(caseName).append("</h1>");
+ formatted_Report.append("<h2 style=\"font-size: 20px; font-weight: normal; color: #0077aa; margin: 40px 0 10px 0; padding: 0 0 10px 0; border-bottom: 1px solid #dddddd;\">Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>");
formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
-
- StringBuilder nodeGen = new StringBuilder("<h3>General Information</h3>");
- StringBuilder nodeWebBookmark = new StringBuilder("<h3>Web Bookmarks</h3>");
- StringBuilder nodeWebCookie = new StringBuilder("<h3>Web Cookies</h3>");
- StringBuilder nodeWebHistory = new StringBuilder("<h3>Web History</h3>");
- StringBuilder nodeWebDownload = new StringBuilder("<h3>Web Downloads</h3>");
- StringBuilder nodeRecentObjects = new StringBuilder("<h3>Recent Documents</h3>");
- StringBuilder nodeTrackPoint = new StringBuilder("<h3>Track Points</h3>");
- StringBuilder nodeInstalled = new StringBuilder("<h3>Installed Programs</h3>");
- StringBuilder nodeKeyword = new StringBuilder("<h3>Keyword Search Hits</h3>");
- StringBuilder nodeHash = new StringBuilder("<h3>Hashset Hits</h3>");
-
+ String tableHeader = "<table><thead style=\"display: table-cell; text-align: left; padding: 8px 16px; background: #e5e5e5; color: #777;font-size: 11px;text-shadow: #e9f9fd 0 1px 0; border-top: 1px solid #dedede; border-bottom: 2px solid #dedede; \"><tr><th style=\"text-align: center; width: 60px; \">Artifact ID</th><th style=\"text-align: center; width: 60px; \">Name</th><th style=\"text-align: center; width: 60px; \">Size</th><th style=\"text-align: center; width: 60px; \">Attribute</th><th style=\"text-align: center; width: 60px; \">Value</th></tr></thead><tbody>";
+ StringBuilder nodeGen = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">General Information</h3>" + tableHeader);
+ StringBuilder nodeWebBookmark = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Bookmarks</h3>" + tableHeader);
+ StringBuilder nodeWebCookie = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Cookies</h3>" + tableHeader);
+ StringBuilder nodeWebHistory = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web History</h3>" + tableHeader);
+ StringBuilder nodeWebDownload = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Web Downloads</h3>" + tableHeader);
+ StringBuilder nodeRecentObjects = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Recent Documents</h3>" + tableHeader);
+ StringBuilder nodeTrackPoint = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Track Points</h3>" + tableHeader);
+ StringBuilder nodeInstalled = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Installed Programs</h3>" + tableHeader);
+ StringBuilder nodeKeyword = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Keyword Search Hits</h3>" + tableHeader);
+ StringBuilder nodeHash = new StringBuilder("<h3 style=\"font-size: 16px;color: #0077aa; margin: 40px 0 10px 0;\">Hashset Hits</h3>" + tableHeader);
+ int pp = 0;
for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
if(reportFilter.cancel == true){
break;
}
int cc = 0;
- StringBuilder artifact = new StringBuilder("<p>Artifact");
+ StringBuilder artifact = new StringBuilder("");
Long objId = entry.getKey().getObjectID();
//Content file = skCase.getContentById(objId);
FsContent file = skCase.getFsContentById(objId);
- // File file = cfile
- // File file = cfile.
+ String tdcolor = "";
Long filesize = file.getSize();
- artifact.append(" ID: ").append(objId.toString());
- artifact.append(" Name: <strong>").append(file.getName().toString()).append("</strong>");
- artifact.append("<br />Path: ").append(file.getParentPath());
- artifact.append("<br /> Size: ").append(filesize.toString());
- artifact.append("</p><ul style=\"list-style-type: none;\">");
+
+
// Get all the attributes for this guy
for (BlackboardAttribute tempatt : entry.getValue())
{
+
if(reportFilter.cancel == true){
break;
}
- StringBuilder attribute = new StringBuilder("<li style=\"list-style-type: none;\">Type: ").append(tempatt.getAttributeTypeDisplayName()).append("</li>");
- attribute.append("<li style=\"list-style-type: none;\">Value: ").append(tempatt.getValueString()).append("</li>");
- attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>");
+ if(pp > 0)
+ {
+ pp = 0;
+ tdcolor = "background: #eaeaea;";
+ }
+ else
+ {
+ tdcolor = "";
+ pp = 1;
+ }
+ artifact.append("<tr><td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; " + tdcolor + " \">").append(objId.toString());
+ artifact.append("</td><td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \"><strong>").append(file.getName().toString()).append("</strong></td>");
+ //artifact.append("Path: ").append(file.getParentPath());
+ artifact.append("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \">").append(filesize.toString()).append("</td>");
+ StringBuilder attribute = new StringBuilder("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif; " + tdcolor + " \">").append(tempatt.getAttributeTypeDisplayName()).append("</td>");
+ attribute.append("<td style=\"display: table-cell; padding: 8px 16px; font: 13px/20px Arial, Helvetica, sans-serif;" + tdcolor + " \">").append(tempatt.getValueString()).append("</td></tr>");
+ //attribute.append("<li style=\"list-style-type: none;\"> Context: ").append(tempatt.getContext()).append("</li>");
artifact.append(attribute);
cc++;
+
}
- artifact.append("</ul>");
+ //artifact.append("</tr>");
if(entry.getKey().getArtifactTypeID() == 1){
nodeGen.append(artifact);
}
@@ -129,15 +158,25 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
}
//Add them back in order
formatted_Report.append(nodeGen);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebBookmark);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebCookie);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebHistory);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeWebDownload);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeRecentObjects);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeTrackPoint);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeInstalled);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeKeyword);
+ formatted_Report.append("</tbody></table>");
formatted_Report.append(nodeHash);
+ formatted_Report.append("</tbody></table>");
//end of master loop
formatted_Report.append("</div></div></body></html>");