diff --git a/Core/ivy.xml b/Core/ivy.xml
index cedeba9b2df6bc2d4cdf2cfc44c0bf58cb79286f..fba2d99acd3235b14e78018dd9e42d7ea5d8928a 100644
--- a/Core/ivy.xml
+++ b/Core/ivy.xml
@@ -22,9 +22,9 @@
<dependency conf="core->default" org="org.apache.commons" name="commons-dbcp2" rev="2.9.0"/>
- <dependency conf="core->default" org="org.jsoup" name="jsoup" rev="1.14.3"/>
+ <dependency conf="core->default" org="org.jsoup" name="jsoup" rev="1.16.1"/>
- <dependency conf="core->default" org="com.drewnoakes" name="metadata-extractor" rev="2.17.0"/>
+ <dependency conf="core->default" org="com.drewnoakes" name="metadata-extractor" rev="2.18.0"/>
<dependency conf="core->default" org="com.ethteck.decodetect" name="decodetect-core" rev="0.3"/>
<dependency conf="core->default" org="com.googlecode.libphonenumber" name="libphonenumber" rev="8.12.45" />
@@ -33,7 +33,7 @@
<dependency conf="core->default" org="org.jfree" name="jfreechart" rev="1.5.3"/>
<!-- for yaml reading/writing -->
- <dependency conf="core->default" org="org.yaml" name="snakeyaml" rev="1.30"/>
+ <dependency conf="core->default" org="org.yaml" name="snakeyaml" rev="2.0"/>
<!-- map support for geolocation -->
<dependency conf="core->default" org="org.jxmapviewer" name="jxmapviewer2" rev="2.6"/>
@@ -77,8 +77,8 @@
<override org="jakarta.ws.rs" module="jakarta.ws.rs-api" rev="2.1.5"/>
<override org="org.slf4j" module="slf4j-api" rev="1.7.36"/>
- <override org="com.google.guava" module="guava" rev="31.1-jre"/>
- <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
+ <override org="com.google.guava" module="guava" rev="32.0.1-jre"/>
+ <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
<!-- changes to bouncy castle version may also be reflected in thirdparty/IcePDF 6.2.2 -->
<override org="org.bouncycastle" module="bcprov-ext-jdk15on" rev="1.70"/>
diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties
index 1ef54eac7f208d9e1756b980f956a106e9e50ac7..a24bcb423ed0d769482e9c0bda655ee94ad8745d 100644
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@@ -17,7 +17,7 @@ file.reference.bcprov-ext-jdk15on-1.70.jar=release/modules/ext/bcprov-ext-jdk15o
file.reference.bcprov-jdk15on-1.70.jar=release/modules/ext/bcprov-jdk15on-1.70.jar
file.reference.bcutil-jdk15on-1.70.jar=release/modules/ext/bcutil-jdk15on-1.70.jar
file.reference.c3p0-0.9.5.5.jar=release/modules/ext/c3p0-0.9.5.5.jar
-file.reference.checker-qual-3.12.0.jar=release/modules/ext/checker-qual-3.12.0.jar
+file.reference.checker-qual-3.33.0.jar=release/modules/ext/checker-qual-3.33.0.jar
file.reference.commons-dbcp2-2.9.0.jar=release/modules/ext/commons-dbcp2-2.9.0.jar
file.reference.commons-io-2.11.0.jar=release/modules/ext/commons-io-2.11.0.jar
file.reference.commons-lang3-3.10.jar=release/modules/ext/commons-lang3-3.10.jar
@@ -28,13 +28,13 @@ file.reference.curator-framework-5.2.1.jar=release/modules/ext/curator-framework
file.reference.curator-recipes-5.2.1.jar=release/modules/ext/curator-recipes-5.2.1.jar
file.reference.DatCon.jar=release/modules/ext/DatCon.jar
file.reference.decodetect-core-0.3.jar=release/modules/ext/decodetect-core-0.3.jar
-file.reference.error_prone_annotations-2.11.0.jar=release/modules/ext/error_prone_annotations-2.11.0.jar
+file.reference.error_prone_annotations-2.18.0.jar=release/modules/ext/error_prone_annotations-2.18.0.jar
file.reference.failureaccess-1.0.1.jar=release/modules/ext/failureaccess-1.0.1.jar
-file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
+file.reference.guava-32.0.1-jre.jar=release/modules/ext/guava-32.0.1-jre.jar
file.reference.icepdf-core-6.2.2.jar=release/modules/ext/icepdf-core-6.2.2.jar
file.reference.icepdf-viewer-6.2.2.jar=release/modules/ext/icepdf-viewer-6.2.2.jar
file.reference.istack-commons-runtime-3.0.11.jar=release/modules/ext/istack-commons-runtime-3.0.11.jar
-file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
+file.reference.j2objc-annotations-2.8.jar=release/modules/ext/j2objc-annotations-2.8.jar
file.reference.jackcess-4.0.1.jar=release/modules/ext/jackcess-4.0.1.jar
file.reference.jackcess-encrypt-4.0.1.jar=release/modules/ext/jackcess-encrypt-4.0.1.jar
file.reference.jai_core-1.1.3.jar=release/modules/ext/jai_core-1.1.3.jar
@@ -49,7 +49,7 @@ file.reference.jaxb-runtime-2.3.3.jar=release/modules/ext/jaxb-runtime-2.3.3.jar
file.reference.jdom-2.0.5.jar=release/modules/ext/jdom-2.0.5.jar
file.reference.jfreechart-1.5.3.jar=release/modules/ext/jfreechart-1.5.3.jar
file.reference.jgraphx-4.2.2.jar=release/modules/ext/jgraphx-4.2.2.jar
-file.reference.jsoup-1.14.3.jar=release/modules/ext/jsoup-1.14.3.jar
+file.reference.jsoup-1.16.1.jar=release/modules/ext/jsoup-1.16.1.jar
file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
file.reference.jutf7-1.0.0.jar=release/modules/ext/jutf7-1.0.0.jar
file.reference.jxmapviewer2-2.6.jar=release/modules/ext/jxmapviewer2-2.6.jar
@@ -59,7 +59,7 @@ file.reference.listenablefuture-1.0.jar=release/modules/ext/listenablefuture-1.0
file.reference.logback-classic-1.2.10.jar=release/modules/ext/logback-classic-1.2.10.jar
file.reference.logback-core-1.2.10.jar=release/modules/ext/logback-core-1.2.10.jar
file.reference.mchange-commons-java-0.2.20.jar=release/modules/ext/mchange-commons-java-0.2.20.jar
-file.reference.metadata-extractor-2.17.0.jar=release/modules/ext/metadata-extractor-2.17.0.jar
+file.reference.metadata-extractor-2.18.0.jar=release/modules/ext/metadata-extractor-2.18.0.jar
file.reference.netty-buffer-4.1.73.Final.jar=release/modules/ext/netty-buffer-4.1.73.Final.jar
file.reference.netty-codec-4.1.73.Final.jar=release/modules/ext/netty-codec-4.1.73.Final.jar
file.reference.netty-common-4.1.73.Final.jar=release/modules/ext/netty-common-4.1.73.Final.jar
@@ -80,7 +80,8 @@ file.reference.sevenzipjbinding-AllPlatforms.jar=release/modules/ext/sevenzipjbi
file.reference.sevenzipjbinding.jar=release/modules/ext/sevenzipjbinding.jar
file.reference.sleuthkit-4.12.0.jar=release/modules/ext/sleuthkit-4.12.0.jar
file.reference.sleuthkit-caseuco-4.12.0.jar=release/modules/ext/sleuthkit-caseuco-4.12.0.jar
-file.reference.snakeyaml-1.30.jar=release/modules/ext/snakeyaml-1.30.jar
+file.reference.slf4j-api-1.7.36.jar=release/modules/ext/slf4j-api-1.7.36.jar
+file.reference.snakeyaml-2.0.jar=release/modules/ext/snakeyaml-2.0.jar
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
diff --git a/Core/nbproject/project.xml b/Core/nbproject/project.xml
index 97a3e8b00a39b686921674bce013bf3e05dce8a9..0553a915ca279a4833b7f03ebad6378ceb400f11 100644
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@@ -445,8 +445,8 @@
<binary-origin>release/modules/ext/c3p0-0.9.5.5.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/checker-qual-3.12.0.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/checker-qual-3.12.0.jar</binary-origin>
+ <runtime-relative-path>ext/checker-qual-3.33.0.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/checker-qual-3.33.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/commons-dbcp2-2.9.0.jar</runtime-relative-path>
@@ -489,16 +489,16 @@
<binary-origin>release/modules/ext/decodetect-core-0.3.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/error_prone_annotations-2.11.0.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/error_prone_annotations-2.11.0.jar</binary-origin>
+ <runtime-relative-path>ext/error_prone_annotations-2.18.0.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/error_prone_annotations-2.18.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/failureaccess-1.0.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/failureaccess-1.0.1.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
+ <runtime-relative-path>ext/guava-32.0.1-jre.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/guava-32.0.1-jre.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/icepdf-core-6.2.2.jar</runtime-relative-path>
@@ -513,8 +513,8 @@
<binary-origin>release/modules/ext/istack-commons-runtime-3.0.11.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/j2objc-annotations-1.3.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
+ <runtime-relative-path>ext/j2objc-annotations-2.8.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/j2objc-annotations-2.8.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jackcess-4.0.1.jar</runtime-relative-path>
@@ -573,8 +573,8 @@
<binary-origin>release/modules/ext/jgraphx-4.2.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jsoup-1.14.3.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jsoup-1.14.3.jar</binary-origin>
+ <runtime-relative-path>ext/jsoup-1.16.1.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jsoup-1.16.1.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jsr305-3.0.2.jar</runtime-relative-path>
@@ -613,8 +613,8 @@
<binary-origin>release/modules/ext/mchange-commons-java-0.2.20.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/metadata-extractor-2.17.0.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/metadata-extractor-2.17.0.jar</binary-origin>
+ <runtime-relative-path>ext/metadata-extractor-2.18.0.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/metadata-extractor-2.18.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/netty-buffer-4.1.73.Final.jar</runtime-relative-path>
@@ -697,8 +697,12 @@
<binary-origin>release/modules/ext/sleuthkit-caseuco-4.12.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/snakeyaml-1.30.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/snakeyaml-1.30.jar</binary-origin>
+ <runtime-relative-path>ext/slf4j-api-1.7.36.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/slf4j-api-1.7.36.jar</binary-origin>
+ </class-path-extension>
+ <class-path-extension>
+ <runtime-relative-path>ext/snakeyaml-2.0.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/snakeyaml-2.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/SparseBitSet-1.1.jar</runtime-relative-path>
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/AutopsyContentProvider.java b/Core/src/org/sleuthkit/autopsy/casemodule/AutopsyContentProvider.java
new file mode 100644
index 0000000000000000000000000000000000000000..f5f8fe59d79214f4de91a206bdc851a19dd2282a
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/AutopsyContentProvider.java
@@ -0,0 +1,47 @@
+/*
+ * Autopsy Forensic Browser
+ *
+ * Copyright 2023 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.casemodule;
+
+import org.sleuthkit.datamodel.ContentStreamProvider;
+
+/**
+ * Interface that modules can implement to provide their own The Sleuth Kit
+ * ContentProvider implementations
+ */
+public interface AutopsyContentProvider {
+
+ /**
+ * Attempts to create a ContentProvider given the specified args. Returns
+ * null if arguments are invalid for this custom content provider.
+ *
+ * @param args The key value pair of arguments loaded from the .aut xml
+ * file.
+ * @return The created content provider or null if arguments are invalid.
+ */
+ ContentStreamProvider load();
+
+ /**
+ * Returns the uniquely identifying name of this FileContentProvider. This
+ * name will be stored in the .AUT file and used for lookup when the case is
+ * opened.
+ *
+ * @return The unique name.
+ */
+ String getName();
+}
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index 6f10bcf3642dfa7cad4cb2ec084e1746a097ee9c..6ece795e35547c8b59b54e1d2b086b4a75efff29 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -41,7 +41,6 @@
import java.sql.Statement;
import java.text.SimpleDateFormat;
import java.util.Collection;
-import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
@@ -133,8 +132,6 @@
import org.sleuthkit.autopsy.discovery.ui.OpenDiscoveryAction;
import org.sleuthkit.autopsy.ingest.IngestJob;
import org.sleuthkit.autopsy.ingest.IngestManager;
-import org.sleuthkit.autopsy.ingest.IngestServices;
-import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService;
import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchServiceException;
import org.sleuthkit.autopsy.machinesettings.UserMachinePreferences;
@@ -143,18 +140,14 @@
import org.sleuthkit.autopsy.progress.ProgressIndicator;
import org.sleuthkit.autopsy.timeline.OpenTimelineAction;
import org.sleuthkit.autopsy.timeline.events.TimelineEventAddedEvent;
-import org.sleuthkit.datamodel.Blackboard;
-import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifactTag;
import org.sleuthkit.datamodel.CaseDbConnectionInfo;
import org.sleuthkit.datamodel.Content;
+import org.sleuthkit.datamodel.ContentStreamProvider;
import org.sleuthkit.datamodel.ContentTag;
import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.FileSystem;
-import org.sleuthkit.datamodel.Host;
import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.OsAccount;
-import org.sleuthkit.datamodel.Person;
import org.sleuthkit.datamodel.Report;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TimelineManager;
@@ -2078,7 +2071,7 @@ private Case(CaseMetadata caseMetaData) {
metadata = caseMetaData;
sleuthkitEventListener = new SleuthkitEventListener();
}
-
+
/**
* Performs a case action that involves creating or opening a case. If the
* case is a multi-user case, the action is done after acquiring a
@@ -2742,10 +2735,18 @@ private void openCaseDataBase(ProgressIndicator progressIndicator) throws CaseAc
progressIndicator.progress(Bundle.Case_progressMessage_openingCaseDatabase());
try {
String databaseName = metadata.getCaseDatabaseName();
+
+ ContentStreamProvider contentProvider = loadContentProvider(metadata.getContentProviderName());
+
if (CaseType.SINGLE_USER_CASE == metadata.getCaseType()) {
- caseDb = SleuthkitCase.openCase(Paths.get(metadata.getCaseDirectory(), databaseName).toString());
+ // only prefix with metadata directory if databaseName is a relative path
+ String fullDatabasePath = (new File(databaseName).isAbsolute())
+ ? databaseName
+ : Paths.get(metadata.getCaseDirectory(), databaseName).toString();
+
+ caseDb = SleuthkitCase.openCase(fullDatabasePath, contentProvider);
} else if (UserPreferences.getIsMultiUserModeEnabled()) {
- caseDb = SleuthkitCase.openCase(databaseName, UserPreferences.getDatabaseConnectionInfo(), metadata.getCaseDirectory());
+ caseDb = SleuthkitCase.openCase(databaseName, UserPreferences.getDatabaseConnectionInfo(), metadata.getCaseDirectory(), contentProvider);
} else {
throw new CaseActionException(Bundle.Case_open_exception_multiUserCaseNotEnabled());
}
@@ -2758,6 +2759,36 @@ private void openCaseDataBase(ProgressIndicator progressIndicator) throws CaseAc
throw new CaseActionException(Bundle.Case_exceptionMessage_couldNotOpenCaseDatabase(ex.getLocalizedMessage()), ex);
}
}
+
+
+ /**
+ * Attempts to load a content provider for the provided arguments. Returns
+ * null if no content provider for the arguments can be identified.
+ *
+ * @param providerName The name of the content provider.
+ * @param args The arguments.
+ * @return The content provider or null if no content provider can be
+ * provisioned for the arguments
+ */
+ private static ContentStreamProvider loadContentProvider(String providerName) {
+ Collection<? extends AutopsyContentProvider> customContentProviders = Lookup.getDefault().lookupAll(AutopsyContentProvider.class);
+ if (customContentProviders != null) {
+ for (AutopsyContentProvider customProvider : customContentProviders) {
+ // ensure the provider matches the name
+ if (customProvider == null || !StringUtils.equalsIgnoreCase(providerName, customProvider.getName())) {
+ continue;
+ }
+
+ ContentStreamProvider contentProvider = customProvider.load();
+ if (contentProvider != null) {
+ return contentProvider;
+ }
+ }
+ }
+
+ return null;
+ }
+
/**
* Opens the case-level services: the files manager, tags manager and
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java
index 96f9899dae4273f0e79fe7c96028c7d0cd4ca09f..c9170b1e68d5a7920d265d9cebfd81a9a9c4cf32 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java
@@ -29,8 +29,16 @@
import java.nio.file.Paths;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
import java.util.Locale;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.stream.Collectors;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
@@ -42,10 +50,14 @@
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.Pair;
+import org.openide.util.Lookup;
import org.sleuthkit.autopsy.coreutils.Version;
import org.sleuthkit.autopsy.coreutils.XMLUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
@@ -103,13 +115,21 @@ public final class CaseMetadata {
private static final String SCHEMA_VERSION_FIVE = "5.0";
private final static String ORIGINAL_CASE_ELEMENT_NAME = "OriginalCase"; //NON-NLS
+ /*
+ * Fields from schema version 6
+ */
+ private static final String SCHEMA_VERSION_SIX = "6.0";
+ private final static String CONTENT_PROVIDER_ELEMENT_NAME = "ContentProvider";
+ private final static String CONTENT_PROVIDER_NAME_ELEMENT_NAME = "Name";
+ private final static String CONTENT_PROVIDER_ARG_DEFAULT_KEY = "DEFAULT";
+
/*
* Unread fields, regenerated on save.
*/
private final static String MODIFIED_DATE_ELEMENT_NAME = "ModifiedDate"; //NON-NLS
private final static String AUTOPSY_SAVED_BY_ELEMENT_NAME = "SavedByAutopsyVersion"; //NON-NLS
- private final static String CURRENT_SCHEMA_VERSION = SCHEMA_VERSION_FIVE;
+ private final static String CURRENT_SCHEMA_VERSION = SCHEMA_VERSION_SIX;
private final Path metadataFilePath;
private Case.CaseType caseType;
@@ -121,6 +141,7 @@ public final class CaseMetadata {
private String createdDate;
private String createdByVersion;
private CaseMetadata originalMetadata = null; // For portable cases
+ private String contentProviderName;
/**
* Gets the file extension used for case metadata files.
@@ -176,6 +197,7 @@ public static DateFormat getDateFormat() {
createdByVersion = Version.getVersion();
createdDate = CaseMetadata.DATE_FORMAT.format(new Date());
this.originalMetadata = originalMetadata;
+ this.contentProviderName = originalMetadata == null ? null : originalMetadata.contentProviderName;
}
/**
@@ -213,6 +235,14 @@ public static Path getCaseMetadataFilePath(Path directoryPath) {
return null;
}
+ /**
+ * @return The custom provider name for content byte data or null if no
+ * custom provider.
+ */
+ public String getContentProviderName() {
+ return this.contentProviderName;
+ }
+
/**
* Gets the full path to the case metadata file.
*
@@ -458,6 +488,15 @@ private void createXMLDOM(Document doc) {
Element caseElement = doc.createElement(CASE_ELEMENT_NAME);
rootElement.appendChild(caseElement);
+ Element contentProviderEl = doc.createElement(CONTENT_PROVIDER_ELEMENT_NAME);
+ rootElement.appendChild(contentProviderEl);
+
+ Element contentProviderNameEl = doc.createElement(CONTENT_PROVIDER_NAME_ELEMENT_NAME);
+ if (this.contentProviderName != null) {
+ contentProviderNameEl.setTextContent(this.contentProviderName);
+ }
+ contentProviderEl.appendChild(contentProviderNameEl);
+
/*
* Create the children of the case element.
*/
@@ -543,7 +582,15 @@ private void readFromFile() throws CaseMetadataException {
} else {
this.createdByVersion = getElementTextContent(rootElement, AUTOPSY_CREATED_BY_ELEMENT_NAME, true);
}
-
+
+ Element contentProviderEl = getChildElOrNull(rootElement, CONTENT_PROVIDER_ELEMENT_NAME);
+ if (contentProviderEl != null) {
+ Element contentProviderNameEl = getChildElOrNull(contentProviderEl, CONTENT_PROVIDER_NAME_ELEMENT_NAME);
+ this.contentProviderName = contentProviderNameEl != null ? contentProviderNameEl.getTextContent() : null;
+ } else {
+ this.contentProviderName = null;
+ }
+
/*
* Get the content of the children of the case element.
*/
@@ -614,7 +661,16 @@ private void readFromFile() throws CaseMetadataException {
throw new CaseMetadataException(String.format("Error reading from case metadata file %s", metadataFilePath), ex);
}
}
-
+
+ private Element getChildElOrNull(Element parent, String childTag) {
+ NodeList nl = parent.getElementsByTagName(childTag);
+ if (nl != null && nl.getLength() > 0 && nl.item(0) instanceof Element) {
+ return (Element) nl.item(0);
+ } else {
+ return null;
+ }
+ }
+
/**
* Gets the text content of an XML element.
*
diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/DefaultTableArtifactContentViewer.java b/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/DefaultTableArtifactContentViewer.java
index b440d4c41cf659955b61dc77e4a94f5103333cc9..d8a6fb49c95774893f2dc57d7587862162350f9d 100644
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/DefaultTableArtifactContentViewer.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/DefaultTableArtifactContentViewer.java
@@ -348,9 +348,8 @@ private void addRows(BlackboardArtifact artifact) {
case JSON:
// Get the attribute's JSON value and convert to indented multiline display string
String jsonVal = attr.getValueString();
- JsonObject json = JsonParser.parseString(jsonVal).getAsJsonObject();
-
- value = toJsonDisplayString(json, "");
+ JsonElement jsonEl = JsonParser.parseString(jsonVal);
+ value = toJsonDisplayString(jsonEl, "");
break;
case STRING:
@@ -411,19 +410,43 @@ String getArtifactDisplayName() {
* @return A multi-line display string.
*/
private String toJsonDisplayString(JsonElement element, String startIndent) {
+ if (element == null || element.isJsonNull()) {
+ return "";
+ } else if (element.isJsonPrimitive()) {
+ return element.getAsString();
+ } else if (element.isJsonObject()) {
+ StringBuilder sb = new StringBuilder("");
+ JsonObject obj = element.getAsJsonObject();
+
+ for (Map.Entry<String, JsonElement> entry : obj.entrySet()) {
+ appendJsonElementToString(entry.getKey(), entry.getValue(), startIndent, sb);
+ }
- StringBuilder sb = new StringBuilder("");
- JsonObject obj = element.getAsJsonObject();
-
- for (Map.Entry<String, JsonElement> entry : obj.entrySet()) {
- appendJsonElementToString(entry.getKey(), entry.getValue(), startIndent, sb);
- }
+ String returnString = sb.toString();
+ if (startIndent.length() == 0 && returnString.startsWith(NEW_LINE)) {
+ returnString = returnString.substring(NEW_LINE.length());
+ }
+ return returnString;
+ } else if (element.isJsonArray()) {
+ StringBuilder sb = new StringBuilder("");
+ JsonArray jsonArray = element.getAsJsonArray();
+ if (jsonArray.size() > 0) {
+ int count = 1;
+ for (JsonElement arrayMember : jsonArray) {
+ sb.append(NEW_LINE).append(String.format("%s%d", startIndent, count));
+ sb.append(toJsonDisplayString(arrayMember, startIndent.concat(INDENT_RIGHT)));
+ count++;
+ }
+ }
- String returnString = sb.toString();
- if (startIndent.length() == 0 && returnString.startsWith(NEW_LINE)) {
- returnString = returnString.substring(NEW_LINE.length());
+ String returnString = sb.toString();
+ if (startIndent.length() == 0 && returnString.startsWith(NEW_LINE)) {
+ returnString = returnString.substring(NEW_LINE.length());
+ }
+ return returnString;
+ } else {
+ return "";
}
- return returnString;
}
/**
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyTreeChildFactory.java b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyTreeChildFactory.java
index d4becd5d63011b67aadb01bc9d23fc2b761910a3..f76bfe5469af3cfc576cea310615ee70185efdc2 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyTreeChildFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyTreeChildFactory.java
@@ -143,14 +143,16 @@ protected boolean createKeys(List<Object> list) {
// either way, add in reports node
nodes.add(new Reports());
} else {
+ SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
// data source by type view
nodes = Arrays.asList(
new DataSourcesByType(),
- new Views(Case.getCurrentCaseThrows().getSleuthkitCase()),
+ new Views(skCase),
new DataArtifacts(),
new AnalysisResults(),
- new OsAccounts(Case.getCurrentCaseThrows().getSleuthkitCase()),
+ new OsAccounts(skCase),
new Tags(),
+ new ScoreContent(skCase),
new Reports()
);
}
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/DataSourceGroupingNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/DataSourceGroupingNode.java
index 8e99aa2172e9abaa34c4143d623a3c5d59d51e2c..04757d49873473654f328fa5efd8ad889bc83dab 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/DataSourceGroupingNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/DataSourceGroupingNode.java
@@ -29,6 +29,7 @@
import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.LocalFilesDataSource;
+import org.sleuthkit.datamodel.SleuthkitCase;
/**
* Data source grouping node - an optional grouping node in the data tree view
@@ -74,13 +75,15 @@ private static RootContentChildren createDSGroupingNodeChildren(DataSource dataS
long dsObjId = dataSource.getId();
try {
+ SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
return new RootContentChildren(Arrays.asList(
new DataSources(dsObjId),
- new Views(Case.getCurrentCaseThrows().getSleuthkitCase(), dsObjId),
+ new Views(skCase, dsObjId),
new DataArtifacts(dsObjId),
new AnalysisResults(dsObjId),
- new OsAccounts(Case.getCurrentCaseThrows().getSleuthkitCase(), dsObjId),
- new Tags(dsObjId)
+ new OsAccounts(skCase, dsObjId),
+ new Tags(dsObjId),
+ new ScoreContent(skCase, dsObjId)
));
} catch (NoCurrentCaseException ex) {
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ScoreContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ScoreContent.java
index 3b6521f8391be444f65ad2f147c97c0806601216..a6cc791fd4ae2bb25f8c4496ef1021869c303f16 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ScoreContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ScoreContent.java
@@ -20,33 +20,46 @@
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
+import java.sql.SQLException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Comparator;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import java.util.Set;
+import java.util.concurrent.atomic.AtomicLong;
+import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Level;
+import java.util.stream.Collectors;
+import java.util.stream.IntStream;
import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.AbstractNode;
import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children;
import org.openide.nodes.Node;
import org.openide.nodes.Sheet;
import org.openide.util.NbBundle;
+import org.openide.util.NbBundle.Messages;
import org.openide.util.WeakListeners;
import org.openide.util.lookup.Lookups;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.autopsy.coreutils.TimeZoneUtils;
+import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR;
import org.sleuthkit.autopsy.guiutils.RefreshThrottler;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestManager.IngestModuleEvent;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.AbstractFile;
+import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.Category;
+import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.DerivedFile;
@@ -110,6 +123,7 @@ public <T> T accept(AutopsyItemVisitor<T> visitor) {
/**
* Constructor assuming no data source filtering.
+ *
* @param skCase The sleuthkit case.
*/
public ScoreContent(SleuthkitCase skCase) {
@@ -118,6 +132,7 @@ public ScoreContent(SleuthkitCase skCase) {
/**
* Constructor.
+ *
* @param skCase The sleuthkit case.
* @param dsObjId The data source object id to filter on if > 0.
*/
@@ -153,11 +168,17 @@ public SleuthkitCase getSleuthkitCase() {
Case.Events.BLACKBOARD_ARTIFACT_TAG_ADDED,
Case.Events.BLACKBOARD_ARTIFACT_TAG_DELETED
);
+ private static final Set<String> CASE_EVENTS_OF_INTEREST_STRS = CASE_EVENTS_OF_INTEREST.stream()
+ .map(evt -> evt.name())
+ .collect(Collectors.toSet());
+
private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED);
private static final Set<IngestManager.IngestModuleEvent> INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(IngestModuleEvent.CONTENT_CHANGED);
/**
- * Returns a property change listener listening for possible updates to aggregate score updates for files.
+ * Returns a property change listener listening for possible updates to
+ * aggregate score updates for files.
+ *
* @param onRefresh Action on refresh.
* @param onRemove Action to remove listener (i.e. case close).
* @return The property change listener.
@@ -182,7 +203,7 @@ private static PropertyChangeListener getPcl(final Runnable onRefresh, final Run
if (evt.getNewValue() == null && onRemove != null) {
onRemove.run();
}
- } else if (CASE_EVENTS_OF_INTEREST.contains(eventType)) {
+ } else if (CASE_EVENTS_OF_INTEREST_STRS.contains(eventType)) {
// only refresh if there is a current case.
try {
Case.getCurrentCaseThrows();
@@ -199,34 +220,61 @@ private static PropertyChangeListener getPcl(final Runnable onRefresh, final Run
}
/**
- * The sql where statement for the files.
+ * The sql where statement for the content.
+ *
* @param filter The filter type.
+ * @param objIdAlias The alias for the object id of the content. Must be sql
+ * safe.
+ * @param dsIdAlias The alias for the data source id. Must be sql safe.
* @param filteringDSObjId The data source object id to filter on if > 0.
* @return The sql where statement.
- * @throws IllegalArgumentException
+ * @throws IllegalArgumentException
*/
- static private String getFileFilter(ScoreContent.ScoreContentFilter filter, long filteringDSObjId) throws IllegalArgumentException {
- String aggregateScoreFilter = "";
+ private static String getFilter(ScoreContent.ScoreContentFilter filter, String objIdAlias, String dsIdAlias, long filteringDSObjId) throws IllegalArgumentException {
+ String aggregateScoreFilter = getScoreFilter(filter);
+ String query = " " + objIdAlias + " IN (SELECT tsk_aggregate_score.obj_id FROM tsk_aggregate_score WHERE " + aggregateScoreFilter + ") ";
+
+ if (filteringDSObjId > 0) {
+ query += " AND " + dsIdAlias + " = " + filteringDSObjId;
+ }
+ return query;
+ }
+
+ private static String getScoreFilter(ScoreContentFilter filter) throws IllegalArgumentException {
switch (filter) {
case SUS_ITEM_FILTER:
- aggregateScoreFilter = " tsk_aggregate_score.significance = " + Significance.LIKELY_NOTABLE.getId() + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
-
- break;
+ return " tsk_aggregate_score.significance = " + Significance.LIKELY_NOTABLE.getId()
+ + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
case BAD_ITEM_FILTER:
- aggregateScoreFilter = " tsk_aggregate_score.significance = " + Significance.NOTABLE.getId() + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
- break;
-
+ return " tsk_aggregate_score.significance = " + Significance.NOTABLE.getId()
+ + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
default:
throw new IllegalArgumentException(MessageFormat.format("Unsupported filter type to get suspect content: {0}", filter));
-
}
+ }
- String query = " obj_id IN (SELECT tsk_aggregate_score.obj_id FROM tsk_aggregate_score WHERE " + aggregateScoreFilter + ") ";
+ /**
+ * Returns a sql where statement for files.
+ *
+ * @param filter The filter type.
+ * @param filteringDSObjId The data source object id to filter on if > 0.
+ * @return The sql where statement.
+ * @throws IllegalArgumentException
+ */
+ private static String getFileFilter(ScoreContent.ScoreContentFilter filter, long filteringDsObjId) throws IllegalArgumentException {
+ return getFilter(filter, "obj_id", "data_source_obj_id", filteringDsObjId);
+ }
- if (filteringDSObjId > 0) {
- query += " AND data_source_obj_id = " + filteringDSObjId;
- }
- return query;
+ /**
+ * Returns a sql where statement for files.
+ *
+ * @param filter The filter type.
+ * @param filteringDSObjId The data source object id to filter on if > 0.
+ * @return The sql where statement.
+ * @throws IllegalArgumentException
+ */
+ private static String getDataArtifactFilter(ScoreContent.ScoreContentFilter filter, long filteringDsObjId) throws IllegalArgumentException {
+ return getFilter(filter, "artifacts.artifact_obj_id", "artifacts.data_source_obj_id", filteringDsObjId);
}
/**
@@ -424,7 +472,34 @@ void updateDisplayName() {
* @return
*/
private static long calculateItems(SleuthkitCase sleuthkitCase, ScoreContent.ScoreContentFilter filter, long datasourceObjId) throws TskCoreException {
- return sleuthkitCase.countFilesWhere(getFileFilter(filter, datasourceObjId));
+ AtomicLong retVal = new AtomicLong(0L);
+ AtomicReference<SQLException> exRef = new AtomicReference(null);
+
+ String query = " COUNT(tsk_aggregate_score.obj_id) AS count FROM tsk_aggregate_score WHERE\n"
+ + getScoreFilter(filter) + "\n"
+ + ((datasourceObjId > 0) ? "AND tsk_aggregate_score.data_source_obj_id = \n" + datasourceObjId : "")
+ + " AND tsk_aggregate_score.obj_id IN\n"
+ + " (SELECT tsk_files.obj_id AS obj_id FROM tsk_files UNION\n"
+ + " SELECT blackboard_artifacts.artifact_obj_id AS obj_id FROM blackboard_artifacts WHERE blackboard_artifacts.artifact_type_id IN\n"
+ + " (SELECT artifact_type_id FROM blackboard_artifact_types WHERE category_type = " + Category.DATA_ARTIFACT.getID() + ")) ";
+ sleuthkitCase.getCaseDbAccessManager().select(query, (rs) -> {
+ try {
+ if (rs.next()) {
+ retVal.set(rs.getLong("count"));
+ }
+ } catch (SQLException ex) {
+ exRef.set(ex);
+ }
+ });
+
+ SQLException sqlEx = exRef.get();
+ if (sqlEx != null) {
+ throw new TskCoreException(
+ MessageFormat.format("A sql exception occurred fetching results with query: SELECT {0}", query),
+ sqlEx);
+ } else {
+ return retVal.get();
+ }
}
@Override
@@ -466,7 +541,7 @@ public String getItemType() {
/**
* Children showing files for a score filter.
*/
- static class ScoreContentChildren extends BaseChildFactory<AbstractFile> implements RefreshThrottler.Refresher {
+ static class ScoreContentChildren extends BaseChildFactory<Content> implements RefreshThrottler.Refresher {
private final RefreshThrottler refreshThrottler = new RefreshThrottler(this);
@@ -515,15 +590,21 @@ public boolean isRefreshRequired(PropertyChangeEvent evt) {
return ScoreContent.isRefreshRequired(evt);
}
- private List<AbstractFile> runFsQuery() {
- List<AbstractFile> ret = new ArrayList<>();
+ private List<Content> runFsQuery() {
+ List<Content> ret = new ArrayList<>();
- String query = null;
+ String fileFilter = null;
+ String dataArtifactFilter = null;
try {
- query = getFileFilter(filter, datasourceObjId);
- ret = skCase.findAllFilesWhere(query);
+ fileFilter = getFileFilter(filter, datasourceObjId);
+ dataArtifactFilter = getDataArtifactFilter(filter, datasourceObjId);
+ ret.addAll(skCase.findAllFilesWhere(fileFilter));
+ ret.addAll(skCase.getBlackboard().getDataArtifactsWhere(dataArtifactFilter));
} catch (TskCoreException | IllegalArgumentException e) {
- logger.log(Level.SEVERE, "Error getting files for the deleted content view using: " + StringUtils.defaultString(query, "<null>"), e); //NON-NLS
+ logger.log(Level.SEVERE, MessageFormat.format(
+ "Error getting files for the deleted content view using file filter: {0} data artifact filter: {1}",
+ StringUtils.defaultString(fileFilter, "<null>"),
+ StringUtils.defaultString(dataArtifactFilter, "<null>")), e); //NON-NLS
}
return ret;
@@ -531,66 +612,201 @@ private List<AbstractFile> runFsQuery() {
}
@Override
- protected List<AbstractFile> makeKeys() {
+ protected List<Content> makeKeys() {
return runFsQuery();
}
@Override
- protected Node createNodeForKey(AbstractFile key) {
+ protected Node createNodeForKey(Content key) {
return key.accept(new ContentVisitor.Default<AbstractNode>() {
public FileNode visit(AbstractFile f) {
- return new FileNode(f, false);
+ return new ScoreFileNode(f, false);
}
public FileNode visit(FsContent f) {
- return new FileNode(f, false);
+ return new ScoreFileNode(f, false);
}
@Override
public FileNode visit(LayoutFile f) {
- return new FileNode(f, false);
+ return new ScoreFileNode(f, false);
}
@Override
public FileNode visit(File f) {
- return new FileNode(f, false);
+ return new ScoreFileNode(f, false);
}
@Override
public FileNode visit(Directory f) {
- return new FileNode(f, false);
+ return new ScoreFileNode(f, false);
}
@Override
public FileNode visit(VirtualDirectory f) {
- return new FileNode(f, false);
+ return new ScoreFileNode(f, false);
}
@Override
public AbstractNode visit(SlackFile sf) {
- return new FileNode(sf, false);
+ return new ScoreFileNode(sf, false);
}
@Override
public AbstractNode visit(LocalFile lf) {
- return new FileNode(lf, false);
+ return new ScoreFileNode(lf, false);
}
@Override
public AbstractNode visit(DerivedFile df) {
- return new FileNode(df, false);
+ return new ScoreFileNode(df, false);
}
-
+
+ @Override
+ public AbstractNode visit(BlackboardArtifact ba) {
+ return new ScoreArtifactNode(ba);
+ }
+
@Override
protected AbstractNode defaultVisit(Content di) {
if (di instanceof AbstractFile) {
return visit((AbstractFile) di);
} else {
- throw new UnsupportedOperationException("Not supported for this type of Displayable Item: " + di.toString());
+ throw new UnsupportedOperationException("Not supported for this type of Displayable Item: " + di.toString());
}
}
});
}
}
}
+
+ private static final String SOURCE_PROP = "Source";
+ private static final String TYPE_PROP = "Type";
+ private static final String PATH_PROP = "Path";
+ private static final String DATE_PROP = "Created Date";
+
+ private static Sheet createScoreSheet(String type, String path, Long time) {
+ Sheet sheet = new Sheet();
+ Sheet.Set sheetSet = Sheet.createPropertiesSet();
+ sheet.put(sheetSet);
+
+ List<NodeProperty<?>> properties = new ArrayList<>();
+ properties.add(new NodeProperty<>(
+ SOURCE_PROP,
+ SOURCE_PROP,
+ NO_DESCR,
+ StringUtils.defaultString(path)));
+
+ properties.add(new NodeProperty<>(
+ TYPE_PROP,
+ TYPE_PROP,
+ NO_DESCR,
+ type));
+
+ if (StringUtils.isNotBlank(path)) {
+ properties.add(new NodeProperty<>(
+ PATH_PROP,
+ PATH_PROP,
+ NO_DESCR,
+ path));
+ }
+
+ if (time != null && time > 0) {
+ properties.add(new NodeProperty<>(
+ DATE_PROP,
+ DATE_PROP,
+ NO_DESCR,
+ TimeZoneUtils.getFormattedTime(time)));
+ }
+
+ properties.forEach((property) -> {
+ sheetSet.put(property);
+ });
+
+ return sheet;
+ }
+
+ public static class ScoreArtifactNode extends BlackboardArtifactNode {
+
+ private static final Logger logger = Logger.getLogger(ScoreArtifactNode.class.getName());
+
+ private static final List<BlackboardAttribute.Type> TIME_ATTRS = Arrays.asList(
+ BlackboardAttribute.Type.TSK_DATETIME,
+ BlackboardAttribute.Type.TSK_DATETIME_ACCESSED,
+ BlackboardAttribute.Type.TSK_DATETIME_RCVD,
+ BlackboardAttribute.Type.TSK_DATETIME_SENT,
+ BlackboardAttribute.Type.TSK_DATETIME_CREATED,
+ BlackboardAttribute.Type.TSK_DATETIME_MODIFIED,
+ BlackboardAttribute.Type.TSK_DATETIME_START,
+ BlackboardAttribute.Type.TSK_DATETIME_END,
+ BlackboardAttribute.Type.TSK_DATETIME_DELETED,
+ BlackboardAttribute.Type.TSK_DATETIME_PASSWORD_RESET,
+ BlackboardAttribute.Type.TSK_DATETIME_PASSWORD_FAIL
+ );
+
+ private static final Map<Integer, Integer> TIME_ATTR_IMPORTANCE = IntStream.range(0, TIME_ATTRS.size())
+ .mapToObj(idx -> Pair.of(TIME_ATTRS.get(idx).getTypeID(), idx))
+ .collect(Collectors.toMap(Entry::getKey, Entry::getValue, (v1, v2) -> v1));
+
+ public ScoreArtifactNode(BlackboardArtifact artifact) {
+ super(artifact);
+ }
+
+ private Long getTime(BlackboardArtifact artifact) {
+ try {
+ BlackboardAttribute timeAttr = artifact.getAttributes().stream()
+ .filter((attr) -> TIME_ATTR_IMPORTANCE.keySet().contains(attr.getAttributeType().getTypeID()))
+ .sorted(Comparator.comparing(attr -> TIME_ATTR_IMPORTANCE.get(attr.getAttributeType().getTypeID())))
+ .findFirst()
+ .orElse(null);
+
+ if (timeAttr != null) {
+ return timeAttr.getValueLong();
+ } else {
+ return (artifact.getParent() instanceof AbstractFile) ? ((AbstractFile) artifact.getParent()).getCtime() : null;
+ }
+ } catch (TskCoreException ex) {
+ logger.log(Level.WARNING, "An exception occurred while fetching time for artifact", ex);
+ return null;
+ }
+ }
+
+ @Override
+ protected synchronized Sheet createSheet() {
+ try {
+ return createScoreSheet(
+ this.content.getType().getDisplayName(),
+ this.content.getUniquePath(),
+ getTime(this.content)
+ );
+ } catch (TskCoreException ex) {
+ logger.log(Level.WARNING, "An error occurred while fetching sheet data for score artifact.", ex);
+ return new Sheet();
+ }
+ }
+ }
+
+ @Messages("ScoreContent_ScoreFileNode_type=File")
+ public static class ScoreFileNode extends FileNode {
+
+ private static final Logger logger = Logger.getLogger(ScoreFileNode.class.getName());
+
+ public ScoreFileNode(AbstractFile af, boolean directoryBrowseMode) {
+ super(af, directoryBrowseMode);
+ }
+
+ @Override
+ protected synchronized Sheet createSheet() {
+ try {
+ return createScoreSheet(
+ Bundle.ScoreContent_ScoreFileNode_type(),
+ this.content.getUniquePath(),
+ this.content.getCtime()
+ );
+ } catch (TskCoreException ex) {
+ logger.log(Level.WARNING, "An error occurred while fetching sheet data for score file.", ex);
+ return new Sheet();
+ }
+ }
+ }
}
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ViewsNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/ViewsNode.java
index 8307fe01c235d78ccb912b0316fe918174e5312f..423e58e1ed94ce3f93228f96dfce4144079a5f0d 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ViewsNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ViewsNode.java
@@ -46,8 +46,7 @@ public ViewsNode(SleuthkitCase sleuthkitCase, long dsObjId) {
// add it back in if we can filter the results to a more managable size.
// new RecentFiles(sleuthkitCase),
new DeletedContent(sleuthkitCase, dsObjId),
- new FileSize(sleuthkitCase, dsObjId),
- new ScoreContent(sleuthkitCase, dsObjId))
+ new FileSize(sleuthkitCase, dsObjId))
),
Lookups.singleton(NAME)
);
diff --git a/Core/src/org/sleuthkit/autopsy/integrationtesting/OutputResults.java b/Core/src/org/sleuthkit/autopsy/integrationtesting/OutputResults.java
index bf927da4bae0c350938e0558048c5d4d7980ff78..2b5025a9de2ef9fa4642acf08e4392147f8bd114 100644
--- a/Core/src/org/sleuthkit/autopsy/integrationtesting/OutputResults.java
+++ b/Core/src/org/sleuthkit/autopsy/integrationtesting/OutputResults.java
@@ -114,7 +114,7 @@ private String getCaseTypeId(Case.CaseType caseType) {
/**
* Used by yaml serialization to properly represent objects.
*/
- private static final Representer MAP_REPRESENTER = new Representer() {
+ private static final Representer MAP_REPRESENTER = new Representer(new DumperOptions()) {
@Override
protected MappingNode representJavaBean(Set<Property> properties, Object javaBean) {
// don't show class name in yaml
diff --git a/CoreLibs/ivy.xml b/CoreLibs/ivy.xml
index f7f326b6e361f4f2244669e22588aaab6aa1b350..51bbeb822023e2b238f62270509f1ac26f372639 100644
--- a/CoreLibs/ivy.xml
+++ b/CoreLibs/ivy.xml
@@ -74,7 +74,7 @@
<!-- commmon -->
<dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-lang3" rev="3.12.0"/>
<dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-csv" rev="1.9.0"/>
- <dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-text" rev="1.9"/>
+ <dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-text" rev="1.10.0"/>
<!-- keep old commons-lang because some deps may need it at runtime.
Note there is no namespace collision with ver 3 -->
@@ -87,7 +87,7 @@
<dependency conf="autopsy_core->default" org="net.htmlparser.jericho" name="jericho-html" rev="3.4"/>
- <dependency conf="autopsy_core->default" org="com.fasterxml.jackson.dataformat" name="jackson-dataformat-csv" rev="2.13.2"/>
+ <dependency conf="autopsy_core->default" org="com.fasterxml.jackson.dataformat" name="jackson-dataformat-csv" rev="2.15.2"/>
<!-- better image resizing -->
<dependency conf="autopsy_core->default" org="org.imgscalr" name="imgscalr-lib" rev="4.2" />
@@ -141,9 +141,9 @@
<override org="org.slf4j" module="slf4j-api" rev="1.7.36"/>
<override org="com.google.code.gson" module="gson" rev="2.9.0"/>
- <override org="com.google.guava" module="guava" rev="31.1-jre"/>
- <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.13.2"/>
- <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
+ <override org="com.google.guava" module="guava" rev="32.0.1-jre"/>
+ <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.15.2"/>
+ <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
<!-- changes to bouncy castle version may also be reflected in thirdparty/IcePDF 6.2.2 -->
<override org="org.bouncycastle" module="bcprov-jdk15on" rev="1.70"/>
diff --git a/CoreLibs/nbproject/project.properties b/CoreLibs/nbproject/project.properties
index b8ef72969a00d7bcca6c970d6e2dcac9d586427d..fe5e78acffee0357254968f4833ac23fcb76ee49 100644
--- a/CoreLibs/nbproject/project.properties
+++ b/CoreLibs/nbproject/project.properties
@@ -22,7 +22,7 @@ file.reference.commons-io-2.11.0.jar=release/modules/ext/commons-io-2.11.0.jar
file.reference.commons-lang-2.6.jar=release/modules/ext/commons-lang-2.6.jar
file.reference.commons-lang3-3.12.0.jar=release/modules/ext/commons-lang3-3.12.0.jar
file.reference.commons-logging-1.2.jar=release/modules/ext/commons-logging-1.2.jar
-file.reference.commons-text-1.9.jar=release/modules/ext/commons-text-1.9.jar
+file.reference.commons-text-1.10.0.jar=release/modules/ext/commons-text-1.10.0.jar
file.reference.commons-validator-1.7.jar=release/modules/ext/commons-validator-1.7.jar
file.reference.compiler-0.9.10.jar=release/modules/ext/compiler-0.9.10.jar
file.reference.conscrypt-openjdk-uber-2.5.1.jar=release/modules/ext/conscrypt-openjdk-uber-2.5.1.jar
@@ -61,7 +61,7 @@ file.reference.grpc-stub-1.44.1.jar=release/modules/ext/grpc-stub-1.44.1.jar
file.reference.grpc-xds-1.44.1.jar=release/modules/ext/grpc-xds-1.44.1.jar
file.reference.gson-2.9.0.jar=release/modules/ext/gson-2.9.0.jar
file.reference.gst1-java-core-1.4.0.jar=release/modules/ext/gst1-java-core-1.4.0.jar
-file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
+file.reference.guava-32.0.1-jre.jar=release/modules/ext/guava-32.0.1-jre.jar
file.reference.httpclient-4.5.13.jar=release/modules/ext/httpclient-4.5.13.jar
file.reference.httpcore-4.4.15.jar=release/modules/ext/httpcore-4.4.15.jar
file.reference.imageio-bmp-3.8.2.jar=release/modules/ext/imageio-bmp-3.8.2.jar
@@ -80,10 +80,10 @@ file.reference.imageio-thumbsdb-3.8.2.jar=release/modules/ext/imageio-thumbsdb-3
file.reference.imageio-tiff-3.8.2.jar=release/modules/ext/imageio-tiff-3.8.2.jar
file.reference.imgscalr-lib-4.2.jar=release/modules/ext/imgscalr-lib-4.2.jar
file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
-file.reference.jackson-annotations-2.13.2.jar=release/modules/ext/jackson-annotations-2.13.2.jar
-file.reference.jackson-core-2.13.2.jar=release/modules/ext/jackson-core-2.13.2.jar
-file.reference.jackson-databind-2.13.2.jar=release/modules/ext/jackson-databind-2.13.2.jar
-file.reference.jackson-dataformat-csv-2.13.2.jar=release/modules/ext/jackson-dataformat-csv-2.13.2.jar
+file.reference.jackson-annotations-2.15.2.jar=release/modules/ext/jackson-annotations-2.15.2.jar
+file.reference.jackson-core-2.15.2.jar=release/modules/ext/jackson-core-2.15.2.jar
+file.reference.jackson-databind-2.15.2.jar=release/modules/ext/jackson-databind-2.15.2.jar
+file.reference.jackson-dataformat-csv-2.15.2.jar=release/modules/ext/jackson-dataformat-csv-2.15.2.jar
file.reference.javafx-base-17.0.7-linux.jar=release/modules/ext/javafx-base-17.0.7-linux.jar
file.reference.javafx-base-17.0.7-mac.jar=release/modules/ext/javafx-base-17.0.7-mac.jar
file.reference.javafx-base-17.0.7-win.jar=release/modules/ext/javafx-base-17.0.7-win.jar
diff --git a/CoreLibs/nbproject/project.xml b/CoreLibs/nbproject/project.xml
index 8e8b42928b5dd699c9ac922bfcf2fe7d6be41473..f7b139f50237a2d456d2e0d6c74258f23638b9ee 100644
--- a/CoreLibs/nbproject/project.xml
+++ b/CoreLibs/nbproject/project.xml
@@ -684,8 +684,8 @@
<binary-origin>release/modules/ext/commons-logging-1.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/commons-text-1.9.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/commons-text-1.9.jar</binary-origin>
+ <runtime-relative-path>ext/commons-text-1.10.0.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/commons-text-1.10.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/commons-validator-1.7.jar</runtime-relative-path>
@@ -840,8 +840,8 @@
<binary-origin>release/modules/ext/gst1-java-core-1.4.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
+ <runtime-relative-path>ext/guava-32.0.1-jre.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/guava-32.0.1-jre.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/httpclient-4.5.13.jar</runtime-relative-path>
@@ -916,20 +916,20 @@
<binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-annotations-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-annotations-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-annotations-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-annotations-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-core-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-core-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-core-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-core-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-databind-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-databind-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-databind-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-databind-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-dataformat-csv-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-dataformat-csv-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-dataformat-csv-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-dataformat-csv-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/javafx-base-17.0.7-linux.jar</runtime-relative-path>
diff --git a/KeywordSearch/ivy.xml b/KeywordSearch/ivy.xml
index 174c2e22fd1cb57e19a63f91736c5caa88c1ed8a..a2bf2cb14ccd25b7fb5830fd6cdf2699a427d90a 100644
--- a/KeywordSearch/ivy.xml
+++ b/KeywordSearch/ivy.xml
@@ -31,9 +31,9 @@
<dependency conf="autopsy->default" org="junit" name="junit" rev="4.13.2"/>
<!-- Jetty -->
- <dependency conf="start-solr->default" org="org.eclipse.jetty" name="jetty-start" rev="11.0.8"/>
- <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-server" rev="11.0.8"/>
- <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-deploy" rev="11.0.8"/>
+ <dependency conf="start-solr->default" org="org.eclipse.jetty" name="jetty-start" rev="11.0.15"/>
+ <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-server" rev="11.0.15"/>
+ <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-deploy" rev="11.0.15"/>
<dependency conf="servlet->default" org="org.eclipse.jetty.orbit" name="javax.servlet" rev="3.0.0.v201112011016"/>
<!-- logging -->
diff --git a/KeywordSearch/nbproject/project.properties b/KeywordSearch/nbproject/project.properties
index 639894fee3de216c50b214ca4da1ed1c9969dff3..baa7a10c98634da5633e610d1110948628aab807 100644
--- a/KeywordSearch/nbproject/project.properties
+++ b/KeywordSearch/nbproject/project.properties
@@ -1,10 +1,7 @@
file.reference.annotations-12.0.jar=release/modules/ext/annotations-12.0.jar
-file.reference.checker-qual-3.12.0.jar=release/modules/ext/checker-qual-3.12.0.jar
file.reference.commons-io-2.8.0.jar=release/modules/ext/commons-io-2.8.0.jar
file.reference.commons-lang-2.6.jar=release/modules/ext/commons-lang-2.6.jar
file.reference.commons-math3-3.6.1.jar=release/modules/ext/commons-math3-3.6.1.jar
-file.reference.error_prone_annotations-2.11.0.jar=release/modules/ext/error_prone_annotations-2.11.0.jar
-file.reference.failureaccess-1.0.1.jar=release/modules/ext/failureaccess-1.0.1.jar
file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
file.reference.hamcrest-core-1.3.jar=release/modules/ext/hamcrest-core-1.3.jar
file.reference.http2-client-9.4.44.v20210927.jar=release/modules/ext/http2-client-9.4.44.v20210927.jar
@@ -15,7 +12,6 @@ file.reference.httpclient-4.5.13.jar=release/modules/ext/httpclient-4.5.13.jar
file.reference.httpcore-4.4.14.jar=release/modules/ext/httpcore-4.4.14.jar
file.reference.httpmime-4.5.13.jar=release/modules/ext/httpmime-4.5.13.jar
file.reference.icu4j-70.1.jar=release/modules/ext/icu4j-70.1.jar
-file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
file.reference.jcl-over-slf4j-1.7.24.jar=release/modules/ext/jcl-over-slf4j-1.7.24.jar
file.reference.jetty-alpn-client-9.4.44.v20210927.jar=release/modules/ext/jetty-alpn-client-9.4.44.v20210927.jar
file.reference.jetty-alpn-java-client-9.4.44.v20210927.jar=release/modules/ext/jetty-alpn-java-client-9.4.44.v20210927.jar
@@ -25,12 +21,11 @@ file.reference.jetty-http-9.4.44.v20210927.jar=release/modules/ext/jetty-http-9.
file.reference.jetty-io-9.4.44.v20210927.jar=release/modules/ext/jetty-io-9.4.44.v20210927.jar
file.reference.jetty-util-9.4.44.v20210927.jar=release/modules/ext/jetty-util-9.4.44.v20210927.jar
file.reference.jsonic-1.2.11.jar=release/modules/ext/jsonic-1.2.11.jar
-file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
file.reference.junit-4.13.2.jar=release/modules/ext/junit-4.13.2.jar
file.reference.language-detector-0.6.jar=release/modules/ext/language-detector-0.6.jar
-file.reference.listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar=release/modules/ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
file.reference.logback-classic-1.2.10.jar=release/modules/ext/logback-classic-1.2.10.jar
file.reference.logback-core-1.2.10.jar=release/modules/ext/logback-core-1.2.10.jar
+file.reference.lucene-core-8.11.2.jar=release/modules/ext/lucene-core-8.11.2.jar
file.reference.netty-buffer-4.1.68.Final.jar=release/modules/ext/netty-buffer-4.1.68.Final.jar
file.reference.netty-codec-4.1.68.Final.jar=release/modules/ext/netty-codec-4.1.68.Final.jar
file.reference.netty-common-4.1.68.Final.jar=release/modules/ext/netty-common-4.1.68.Final.jar
@@ -48,7 +43,6 @@ file.reference.stax2-api-4.2.1.jar=release/modules/ext/stax2-api-4.2.1.jar
file.reference.woodstox-core-6.2.4.jar=release/modules/ext/woodstox-core-6.2.4.jar
file.reference.zookeeper-3.8.0.jar=release/modules/ext/zookeeper-3.8.0.jar
file.reference.zookeeper-jute-3.8.0.jar=release/modules/ext/zookeeper-jute-3.8.0.jar
-file.reference.lucene-core-8.11.2.jar=release/modules/ext/lucene-core-8.11.2.jar
javac.source=17
javac.compilerargs=-Xlint -Xlint:-serial
license.file=../LICENSE-2.0.txt
diff --git a/KeywordSearch/nbproject/project.xml b/KeywordSearch/nbproject/project.xml
index b1ec158a2ae07bc30a20e272846b2e73bf33364b..c1048f48ee89c9df1b1c0d9a225a017a7ff5d8eb 100644
--- a/KeywordSearch/nbproject/project.xml
+++ b/KeywordSearch/nbproject/project.xml
@@ -238,10 +238,6 @@
<runtime-relative-path>ext/annotations-12.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/annotations-12.0.jar</binary-origin>
</class-path-extension>
- <class-path-extension>
- <runtime-relative-path>ext/checker-qual-3.12.0.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/checker-qual-3.12.0.jar</binary-origin>
- </class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/commons-io-2.8.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/commons-io-2.8.0.jar</binary-origin>
@@ -254,14 +250,6 @@
<runtime-relative-path>ext/commons-math3-3.6.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/commons-math3-3.6.1.jar</binary-origin>
</class-path-extension>
- <class-path-extension>
- <runtime-relative-path>ext/error_prone_annotations-2.11.0.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/error_prone_annotations-2.11.0.jar</binary-origin>
- </class-path-extension>
- <class-path-extension>
- <runtime-relative-path>ext/failureaccess-1.0.1.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/failureaccess-1.0.1.jar</binary-origin>
- </class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
<binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
@@ -302,10 +290,6 @@
<runtime-relative-path>ext/icu4j-70.1.jar</runtime-relative-path>
<binary-origin>release/modules/ext/icu4j-70.1.jar</binary-origin>
</class-path-extension>
- <class-path-extension>
- <runtime-relative-path>ext/j2objc-annotations-1.3.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
- </class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jcl-over-slf4j-1.7.24.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jcl-over-slf4j-1.7.24.jar</binary-origin>
@@ -342,10 +326,6 @@
<runtime-relative-path>ext/jsonic-1.2.11.jar</runtime-relative-path>
<binary-origin>release/modules/ext/jsonic-1.2.11.jar</binary-origin>
</class-path-extension>
- <class-path-extension>
- <runtime-relative-path>ext/jsr305-3.0.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jsr305-3.0.2.jar</binary-origin>
- </class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/junit-4.13.2.jar</runtime-relative-path>
<binary-origin>release/modules/ext/junit-4.13.2.jar</binary-origin>
@@ -354,10 +334,6 @@
<runtime-relative-path>ext/language-detector-0.6.jar</runtime-relative-path>
<binary-origin>release/modules/ext/language-detector-0.6.jar</binary-origin>
</class-path-extension>
- <class-path-extension>
- <runtime-relative-path>ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar</binary-origin>
- </class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/logback-classic-1.2.10.jar</runtime-relative-path>
<binary-origin>release/modules/ext/logback-classic-1.2.10.jar</binary-origin>
@@ -366,6 +342,10 @@
<runtime-relative-path>ext/logback-core-1.2.10.jar</runtime-relative-path>
<binary-origin>release/modules/ext/logback-core-1.2.10.jar</binary-origin>
</class-path-extension>
+ <class-path-extension>
+ <runtime-relative-path>ext/lucene-core-8.11.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/lucene-core-8.11.2.jar</binary-origin>
+ </class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/netty-buffer-4.1.68.Final.jar</runtime-relative-path>
<binary-origin>release/modules/ext/netty-buffer-4.1.68.Final.jar</binary-origin>
@@ -434,10 +414,6 @@
<runtime-relative-path>ext/zookeeper-jute-3.8.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/zookeeper-jute-3.8.0.jar</binary-origin>
</class-path-extension>
- <class-path-extension>
- <runtime-relative-path>ext/lucene-core-8.11.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/lucene-core-8.11.2.jar</binary-origin>
- </class-path-extension>
</data>
</configuration>
</project>
diff --git a/Tika/ivy.xml b/Tika/ivy.xml
index 096749a5e297b3cc3434d7391de98fad28c3feba..62b93e7caefd1beab6f19833200086bfdc27c78a 100755
--- a/Tika/ivy.xml
+++ b/Tika/ivy.xml
@@ -7,14 +7,14 @@
<dependency conf="tika->default" org="org.apache.tika" name="tika-parsers" rev="1.28.1"/>
<dependency conf="tika->default" org="org.apache.poi" name="ooxml-schemas" rev="1.4"/>
- <override org="org.jsoup" module="jsoup" rev="1.14.3"/>
+ <override org="org.jsoup" module="jsoup" rev="1.16.1"/>
<override org="org.apache.poi" module="poi-ooxml-schemas" rev="4.1.2"/>
<override org="org.slf4j" module="slf4j-api" rev="1.7.36"/>
<override org="com.google.code.gson" module="gson" rev="2.9.0"/>
- <override org="com.google.guava" module="guava" rev="31.1-jre"/>
- <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
- <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.13.2"/>
- <override org="com.fasterxml.jackson.core" module="jackson-annotations" rev="2.13.2"/>
+ <override org="com.google.guava" module="guava" rev="32.0.1-jre"/>
+ <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
+ <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.15.2"/>
+ <override org="com.fasterxml.jackson.core" module="jackson-annotations" rev="2.15.2"/>
<!-- changes to bouncy castle version may also be reflected in thirdparty/IcePDF 6.2.2 -->
<override org="org.bouncycastle" module="bcmail-jdk15on" rev="1.70"/>
diff --git a/Tika/nbproject/project.properties b/Tika/nbproject/project.properties
index 927ba0e0ef908a2ce04fb2d05d4c8862f7b128a5..2ebead2a20bfd6d688c2ce92d1676cbef177826f 100755
--- a/Tika/nbproject/project.properties
+++ b/Tika/nbproject/project.properties
@@ -9,7 +9,7 @@ file.reference.boilerpipe-1.1.0.jar=release/modules/ext/boilerpipe-1.1.0.jar
file.reference.bzip2-0.9.1.jar=release/modules/ext/bzip2-0.9.1.jar
file.reference.c3p0-0.9.5.5.jar=release/modules/ext/c3p0-0.9.5.5.jar
file.reference.cdm-4.5.5.jar=release/modules/ext/cdm-4.5.5.jar
-file.reference.checker-qual-3.12.0.jar=release/modules/ext/checker-qual-3.12.0.jar
+file.reference.checker-qual-3.33.0.jar=release/modules/ext/checker-qual-3.33.0.jar
file.reference.commons-codec-1.15.jar=release/modules/ext/commons-codec-1.15.jar
file.reference.commons-collections4-4.4.jar=release/modules/ext/commons-collections4-4.4.jar
file.reference.commons-compress-1.21.jar=release/modules/ext/commons-compress-1.21.jar
@@ -28,13 +28,13 @@ file.reference.cxf-rt-transports-http-3.5.0.jar=release/modules/ext/cxf-rt-trans
file.reference.dd-plist-1.23.jar=release/modules/ext/dd-plist-1.23.jar
file.reference.dec-0.1.2.jar=release/modules/ext/dec-0.1.2.jar
file.reference.ehcache-core-2.6.2.jar=release/modules/ext/ehcache-core-2.6.2.jar
-file.reference.error_prone_annotations-2.11.0.jar=release/modules/ext/error_prone_annotations-2.11.0.jar
+file.reference.error_prone_annotations-2.18.0.jar=release/modules/ext/error_prone_annotations-2.18.0.jar
file.reference.failureaccess-1.0.1.jar=release/modules/ext/failureaccess-1.0.1.jar
file.reference.fontbox-2.0.25.jar=release/modules/ext/fontbox-2.0.25.jar
file.reference.geoapi-3.0.1.jar=release/modules/ext/geoapi-3.0.1.jar
file.reference.grib-4.5.5.jar=release/modules/ext/grib-4.5.5.jar
file.reference.gson-2.9.0.jar=release/modules/ext/gson-2.9.0.jar
-file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
+file.reference.guava-32.0.1-jre.jar=release/modules/ext/guava-32.0.1-jre.jar
file.reference.HikariCP-java7-2.4.13.jar=release/modules/ext/HikariCP-java7-2.4.13.jar
file.reference.httpclient-4.5.13.jar=release/modules/ext/httpclient-4.5.13.jar
file.reference.httpcore-4.4.13.jar=release/modules/ext/httpcore-4.4.13.jar
@@ -42,12 +42,12 @@ file.reference.httpmime-4.5.13.jar=release/modules/ext/httpmime-4.5.13.jar
file.reference.httpservices-4.5.5.jar=release/modules/ext/httpservices-4.5.5.jar
file.reference.isoparser-1.9.41.7.jar=release/modules/ext/isoparser-1.9.41.7.jar
file.reference.istack-commons-runtime-3.0.12.jar=release/modules/ext/istack-commons-runtime-3.0.12.jar
-file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
+file.reference.j2objc-annotations-2.8.jar=release/modules/ext/j2objc-annotations-2.8.jar
file.reference.jackcess-4.0.1.jar=release/modules/ext/jackcess-4.0.1.jar
file.reference.jackcess-encrypt-4.0.1.jar=release/modules/ext/jackcess-encrypt-4.0.1.jar
-file.reference.jackson-annotations-2.13.2.jar=release/modules/ext/jackson-annotations-2.13.2.jar
-file.reference.jackson-core-2.13.2.jar=release/modules/ext/jackson-core-2.13.2.jar
-file.reference.jackson-databind-2.13.2.jar=release/modules/ext/jackson-databind-2.13.2.jar
+file.reference.jackson-annotations-2.15.2.jar=release/modules/ext/jackson-annotations-2.15.2.jar
+file.reference.jackson-core-2.15.2.jar=release/modules/ext/jackson-core-2.15.2.jar
+file.reference.jackson-databind-2.15.2.jar=release/modules/ext/jackson-databind-2.15.2.jar
file.reference.jai-imageio-core-1.4.0.jar=release/modules/ext/jai-imageio-core-1.4.0.jar
file.reference.jakarta.activation-1.2.2.jar=release/modules/ext/jakarta.activation-1.2.2.jar
file.reference.jakarta.activation-api-1.2.2.jar=release/modules/ext/jakarta.activation-api-1.2.2.jar
diff --git a/Tika/nbproject/project.xml b/Tika/nbproject/project.xml
index 9dc448105e1a73d2e82f446de72ae972032568c5..c103d1a1c6d8bc2d2b5d895a2635e0d201eb0bd9 100755
--- a/Tika/nbproject/project.xml
+++ b/Tika/nbproject/project.xml
@@ -400,8 +400,8 @@
<binary-origin>release/modules/ext/cdm-4.5.5.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/checker-qual-3.12.0.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/checker-qual-3.12.0.jar</binary-origin>
+ <runtime-relative-path>ext/checker-qual-3.33.0.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/checker-qual-3.33.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/commons-codec-1.15.jar</runtime-relative-path>
@@ -476,8 +476,8 @@
<binary-origin>release/modules/ext/ehcache-core-2.6.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/error_prone_annotations-2.11.0.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/error_prone_annotations-2.11.0.jar</binary-origin>
+ <runtime-relative-path>ext/error_prone_annotations-2.18.0.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/error_prone_annotations-2.18.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/failureaccess-1.0.1.jar</runtime-relative-path>
@@ -500,8 +500,8 @@
<binary-origin>release/modules/ext/gson-2.9.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
+ <runtime-relative-path>ext/guava-32.0.1-jre.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/guava-32.0.1-jre.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/HikariCP-java7-2.4.13.jar</runtime-relative-path>
@@ -532,8 +532,8 @@
<binary-origin>release/modules/ext/istack-commons-runtime-3.0.12.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/j2objc-annotations-1.3.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
+ <runtime-relative-path>ext/j2objc-annotations-2.8.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/j2objc-annotations-2.8.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jackcess-4.0.1.jar</runtime-relative-path>
@@ -544,16 +544,16 @@
<binary-origin>release/modules/ext/jackcess-encrypt-4.0.1.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-annotations-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-annotations-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-annotations-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-annotations-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-core-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-core-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-core-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-core-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-databind-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-databind-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-databind-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-databind-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/jai-imageio-core-1.4.0.jar</runtime-relative-path>
diff --git a/thirdparty/Volatility/AUTHORS-2.5.txt b/thirdparty/Volatility/AUTHORS-2.5.txt
deleted file mode 100644
index d01f09405fcbfca870f7ee264e4636766173f944..0000000000000000000000000000000000000000
--- a/thirdparty/Volatility/AUTHORS-2.5.txt
+++ /dev/null
@@ -1,42 +0,0 @@
-===============================================
-This file identifies core Volatility authors.
-
-All lists are alphabetical.
-===============================================
-
-Volatility 2.4, 2.5:
-------------
-
-Mike Auty
-Andrew Case
-Michael Hale Ligh
-Jamie Levy
-AAron Walters
-
-Volatility 2.0, 2.1, 2.2, 2.3:
-------------
-
-Mike Auty
-Andrew Case
-Michael Cohen
-Brendan Dolan-Gavitt
-Michael Hale Ligh
-Jamie Levy
-AAron Walters
-
-Volatility 1.3:
-------------
-
-AAron Walters <awalters@4tphi.net>
-Volatile Systems LLC
-
-Brendan Dolan-Gavitt <bdolangavitt@wesleyan.edu>
-
-Volatools Basic authors:
-------------
-
-AAron Walters
-Komoku, Inc.
-
-Nick L. Petroni, Jr.
-Komoku, Inc.
diff --git a/thirdparty/Volatility/CREDITS-2.5.txt b/thirdparty/Volatility/CREDITS-2.5.txt
deleted file mode 100644
index 26082de49db58b9144187d0497dd2e127d10fb1d..0000000000000000000000000000000000000000
--- a/thirdparty/Volatility/CREDITS-2.5.txt
+++ /dev/null
@@ -1,105 +0,0 @@
-===============================================
-We would like to acknowledge individuals that
-have made significant contributions, code, or
-ideas toward the respective volatility releases.
-
-All lists are alphabetical.
-
-These lists exclude the core Volatility authors,
-who are identified in AUTHORS.txt.
-
-If you believe you've been left off, it is not
-intentional. Please bring it to our attention!
-===============================================
-
-Volatility 2.5:
-
-Adam Bridge for adding a --count option (humanly readable byte stats) to imagecopy/raw2dmp
-Sebastien Bourdon-Richard for various patches and bug fixes
-Bruno Constanzo for various patches to enhance performance/optimization
-Glenn P. Edwards, Jr for adding combined user/kernel scans, --case, and ascii/unicode options to yarascan
-@f-s-p for converting some plugins to unfied output format
-Cem Gurkok for submitting the mac_threads plugin
-Takahiro Haruyama for noticing and fixing a bug in impscan
-@masdif for contributing a fix for kernel 3.7+ in linux/module.c
-Wyatt Roersma for converting a large number of plugins to the unified output format
-Karl Vogel for pointing out an issue with IPv4 addresses on big endian systems
-
-Volatility 2.4:
-
-Steven Adair for assistance identifying a large memory PAE bug
-Sebastien Bourdon-Richard for his work on the VMware vmem/vmss split (with meta) AS
-Justin Capella and Espen Olsen for their work on the Qemu ELF core dumps
-Cem Gurkok for help updating Mac OS X support for 10.9
-Matt McCormack for supplying a patch to rebase dumped PE files
-Stewart McIntyre for extending apihooks for detecting JMP FAR instructions
-Kevin Marker for contributing over 160 standard build Linux profiles
-synack33 for creating various Mac OS X profiles, including initial ones for 10.10
-Raphaƫl Vinot for his patch to fix IPython within volshell
-
-Volatility 2.3:
-
-Cem Gurkok for his work on the privileges plugin for Windows
-Nir Izraeli for his work on the VMware snapshot address space (see also the vmsnparser project)
-@osxmem of the volafox project (Mac OS X & BSD Memory Analysis Toolkit)
-@osxreverser of reverse.put.as for his help with OSX memory analysis
-Carl Pulley for numerous bug reports, example patches, and plugin testing
-Andreas Schuster for his work on poison ivy plugins for Windows
-Joe Sylve for his work on the ARM address space and significant contributions to linux and mac capabilities
-Philippe Teuwen for his work on the virtual box address space
-Santiago Vicente for his work on the citadel plugins for Windows
-
-Volatility 2.2:
-------------
-
-Joe Sylve
-
-Volatility 2.1:
-------------
-
----
-
-Volatility 2.0:
-------------
-
-Frank Boldewin
-Carl Pulley
-Andreas Schuster
-Bradley Schatz
-
-Volatility 1.3:
-------------
-
-Harlan Carvey
-Michael Cohen
-David Collett
-Brendan Dolan-Gavitt
-Andreas Schuster
-Matthieu Suiche
-
-We would also like to acknowledge those who have provided valuable
-feedback, bug reports, and testing:
-
-Jide Abu
-Joseph Ayo Akinyele
-Tommaso Assandri
-Richard Austin
-Cameron C Caffee
-Eoghan Casey
-Angelo Cavallini
-Andre' DiMino
-Jon Evans
-Robert Guess
-Christian Herndler
-jeremie0
-Eugene Libster
-Erik Ligda
-Robert Lowe
-Tony Martin
-Timothy Morgan
-Bryan D. Payne
-Golden G. Richard III
-Wyatt Roersma
-RB
-Sam F. Stover
-Marko Thure
diff --git a/thirdparty/Volatility/LEGAL-2.5.txt b/thirdparty/Volatility/LEGAL-2.5.txt
deleted file mode 100644
index 69924bcab351af5fe57ffd078faa0a2a5b494937..0000000000000000000000000000000000000000
--- a/thirdparty/Volatility/LEGAL-2.5.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-Volatility
-===============
-
-License
--------
-
-Copyright (C) 2007-2013 Volatility Foundation
-
-Volatility is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
-
-Volatility is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with Volatility. If not, see <http://www.gnu.org/licenses/>.
diff --git a/thirdparty/Volatility/LICENSE-2.5.txt b/thirdparty/Volatility/LICENSE-2.5.txt
deleted file mode 100644
index fa6a77d4a4564648ee9c360a9f8e2d7cb2fe1f7a..0000000000000000000000000000000000000000
--- a/thirdparty/Volatility/LICENSE-2.5.txt
+++ /dev/null
@@ -1,281 +0,0 @@
- GNU GENERAL PUBLIC LICENSE
- Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users. This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it. (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.) You can apply it to
-your programs, too.
-
- When we speak of free software, we are referring to freedom, not
-price. Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
- To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
- For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have. You must make sure that they, too, receive or can get the
-source code. And you must show them these terms so they know their
-rights.
-
- We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
- Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software. If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
- Finally, any free program is threatened constantly by software
-patents. We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary. To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
- The precise terms and conditions for copying, distribution and
-modification follow.
-�
- GNU GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License. The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language. (Hereinafter, translation is included without limitation in
-the term "modification".) Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
- 1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
- 2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) You must cause the modified files to carry prominent notices
- stating that you changed the files and the date of any change.
-
- b) You must cause any work that you distribute or publish, that in
- whole or in part contains or is derived from the Program or any
- part thereof, to be licensed as a whole at no charge to all third
- parties under the terms of this License.
-
- c) If the modified program normally reads commands interactively
- when run, you must cause it, when started running for such
- interactive use in the most ordinary way, to print or display an
- announcement including an appropriate copyright notice and a
- notice that there is no warranty (or else, saying that you provide
- a warranty) and that users may redistribute the program under
- these conditions, and telling the user how to view a copy of this
- License. (Exception: if the Program itself is interactive but
- does not normally print such an announcement, your work based on
- the Program is not required to print an announcement.)
-�
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
- a) Accompany it with the complete corresponding machine-readable
- source code, which must be distributed under the terms of Sections
- 1 and 2 above on a medium customarily used for software interchange; or,
-
- b) Accompany it with a written offer, valid for at least three
- years, to give any third party, for a charge no more than your
- cost of physically performing source distribution, a complete
- machine-readable copy of the corresponding source code, to be
- distributed under the terms of Sections 1 and 2 above on a medium
- customarily used for software interchange; or,
-
- c) Accompany it with the information you received as to the offer
- to distribute corresponding source code. (This alternative is
- allowed only for noncommercial distribution and only if you
- received the program in object code or executable form with such
- an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it. For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable. However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-�
- 4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License. Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
- 5. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Program or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
- 6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
- 7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all. For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-�
- 8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded. In such case, this License incorporates
-the limitation as if written in the body of this License.
-
- 9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time. Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation. If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
- 10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission. For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this. Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
- NO WARRANTY
-
- 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
- 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
- END OF TERMS AND CONDITIONS
-
diff --git a/thirdparty/Volatility/README-2.5.txt b/thirdparty/Volatility/README-2.5.txt
deleted file mode 100644
index dc4e57db121412cbe187b5b4a1b8d944bcf0cc4c..0000000000000000000000000000000000000000
--- a/thirdparty/Volatility/README-2.5.txt
+++ /dev/null
@@ -1,553 +0,0 @@
-============================================================================
-Volatility Framework - Volatile memory extraction utility framework
-============================================================================
-
-The Volatility Framework is a completely open collection of tools,
-implemented in Python under the GNU General Public License, for the
-extraction of digital artifacts from volatile memory (RAM) samples.
-The extraction techniques are performed completely independent of the
-system being investigated but offer visibilty into the runtime state
-of the system. The framework is intended to introduce people to the
-techniques and complexities associated with extracting digital artifacts
-from volatile memory samples and provide a platform for further work into
-this exciting area of research.
-
-The Volatility distribution is available from:
-http://www.volatilityfoundation.org/#!releases/component_71401
-
-Volatility should run on any platform that supports
-Python (http://www.python.org)
-
-Volatility supports investigations of the following memory images:
-
-Windows:
-* 32-bit Windows XP Service Pack 2 and 3
-* 32-bit Windows 2003 Server Service Pack 0, 1, 2
-* 32-bit Windows Vista Service Pack 0, 1, 2
-* 32-bit Windows 2008 Server Service Pack 1, 2 (there is no SP0)
-* 32-bit Windows 7 Service Pack 0, 1
-* 32-bit Windows 8, 8.1, and 8.1 Update 1
-* 32-bit Windows 10 (initial support)
-* 64-bit Windows XP Service Pack 1 and 2 (there is no SP0)
-* 64-bit Windows 2003 Server Service Pack 1 and 2 (there is no SP0)
-* 64-bit Windows Vista Service Pack 0, 1, 2
-* 64-bit Windows 2008 Server Service Pack 1 and 2 (there is no SP0)
-* 64-bit Windows 2008 R2 Server Service Pack 0 and 1
-* 64-bit Windows 7 Service Pack 0 and 1
-* 64-bit Windows 8, 8.1, and 8.1 Update 1
-* 64-bit Windows Server 2012 and 2012 R2
-* 64-bit Windows 10 (initial support)
-
-Linux:
-* 32-bit Linux kernels 2.6.11 to 4.2.3
-* 64-bit Linux kernels 2.6.11 to 4.2.3
-* OpenSuSE, Ubuntu, Debian, CentOS, Fedora, Mandriva, etc
-
-Mac OSX:
-* 32-bit 10.5.x Leopard (the only 64-bit 10.5 is Server, which isn't supported)
-* 32-bit 10.6.x Snow Leopard
-* 64-bit 10.6.x Snow Leopard
-* 32-bit 10.7.x Lion
-* 64-bit 10.7.x Lion
-* 64-bit 10.8.x Mountain Lion (there is no 32-bit version)
-* 64-bit 10.9.x Mavericks (there is no 32-bit version)
-* 64-bit 10.10.x Yosemite (there is no 32-bit version)
-* 64-bit 10.11.x El Capitan (there is no 32-bit version)
-
-Volatility does not provide memory sample acquisition
-capabilities. For acquisition, there are both free and commercial
-solutions available. If you would like suggestions about suitable
-acquisition solutions, please contact us at:
-
-volatility (at) volatilityfoundation (dot) org
-
-Volatility supports a variety of sample file formats and the
-ability to convert between these formats:
-
- - Raw linear sample (dd)
- - Hibernation file
- - Crash dump file
- - VirtualBox ELF64 core dump
- - VMware saved state and snapshot files
- - EWF format (E01)
- - LiME (Linux Memory Extractor) format
- - Mach-o file format
- - QEMU virtual machine dumps
- - Firewire
- - HPAK (FDPro)
-
-For a more detailed list of capabilities, see the following:
-
- https://github.com/volatilityfoundation/volatility/wiki
-
-Also see the community plugins repository:
-
- https://github.com/volatilityfoundation/community
-
-Example Data
-============
-
-If you want to give Volatility a try, you can download exemplar
-memory images from the following url:
-
- https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples
-
-Mailing Lists
-=============
-
-Mailing lists to support the users and developers of Volatility
-can be found at the following address:
-
- http://lists.volatilesystems.com/mailman/listinfo
-
-Contact
-=======
-For information or requests, contact:
-
-Volatility Foundation
-
-Web: http://www.volatilityfoundation.org
- http://volatility-labs.blogspot.com
- http://volatility.tumblr.com
-
-Email: volatility (at) volatilityfoundation (dot) org
-
-IRC: #volatility on freenode
-
-Twitter: @volatility
-
-Requirements
-============
-- Python 2.6 or later, but not 3.0. http://www.python.org
-
-Some plugins may have other requirements which can be found at:
- https://github.com/volatilityfoundation/volatility/wiki/Installation
-
-Quick Start
-===========
-1. Unpack the latest version of Volatility from
- volatilityfoundation.org
-
-2. To see available options, run "python vol.py -h" or "python vol.py --info"
-
- Example:
-
-$ python vol.py --info
-Volatility Foundation Volatility Framework 2.5
-
-Profiles
---------
-VistaSP0x64 - A Profile for Windows Vista SP0 x64
-VistaSP0x86 - A Profile for Windows Vista SP0 x86
-VistaSP1x64 - A Profile for Windows Vista SP1 x64
-VistaSP1x86 - A Profile for Windows Vista SP1 x86
-VistaSP2x64 - A Profile for Windows Vista SP2 x64
-VistaSP2x86 - A Profile for Windows Vista SP2 x86
-Win10x64 - A Profile for Windows 10 x64
-Win10x86 - A Profile for Windows 10 x86
-Win2003SP0x86 - A Profile for Windows 2003 SP0 x86
-Win2003SP1x64 - A Profile for Windows 2003 SP1 x64
-Win2003SP1x86 - A Profile for Windows 2003 SP1 x86
-Win2003SP2x64 - A Profile for Windows 2003 SP2 x64
-Win2003SP2x86 - A Profile for Windows 2003 SP2 x86
-Win2008R2SP0x64 - A Profile for Windows 2008 R2 SP0 x64
-Win2008R2SP1x64 - A Profile for Windows 2008 R2 SP1 x64
-Win2008SP1x64 - A Profile for Windows 2008 SP1 x64
-Win2008SP1x86 - A Profile for Windows 2008 SP1 x86
-Win2008SP2x64 - A Profile for Windows 2008 SP2 x64
-Win2008SP2x86 - A Profile for Windows 2008 SP2 x86
-Win2012R2x64 - A Profile for Windows Server 2012 R2 x64
-Win2012x64 - A Profile for Windows Server 2012 x64
-Win7SP0x64 - A Profile for Windows 7 SP0 x64
-Win7SP0x86 - A Profile for Windows 7 SP0 x86
-Win7SP1x64 - A Profile for Windows 7 SP1 x64
-Win7SP1x86 - A Profile for Windows 7 SP1 x86
-Win81U1x64 - A Profile for Windows 8.1 Update 1 x64
-Win81U1x86 - A Profile for Windows 8.1 Update 1 x86
-Win8SP0x64 - A Profile for Windows 8 x64
-Win8SP0x86 - A Profile for Windows 8 x86
-Win8SP1x64 - A Profile for Windows 8.1 x64
-Win8SP1x86 - A Profile for Windows 8.1 x86
-WinXPSP1x64 - A Profile for Windows XP SP1 x64
-WinXPSP2x64 - A Profile for Windows XP SP2 x64
-WinXPSP2x86 - A Profile for Windows XP SP2 x86
-WinXPSP3x86 - A Profile for Windows XP SP3 x86
-
-Address Spaces
---------------
-AMD64PagedMemory - Standard AMD 64-bit address space.
-ArmAddressSpace - Address space for ARM processors
-FileAddressSpace - This is a direct file AS.
-HPAKAddressSpace - This AS supports the HPAK format
-IA32PagedMemory - Standard IA-32 paging address space.
-IA32PagedMemoryPae - This class implements the IA-32 PAE paging address space. It is responsible
-LimeAddressSpace - Address space for Lime
-MachOAddressSpace - Address space for mach-o files to support atc-ny memory reader
-OSXPmemELF - This AS supports VirtualBox ELF64 coredump format
-QemuCoreDumpElf - This AS supports Qemu ELF32 and ELF64 coredump format
-VMWareAddressSpace - This AS supports VMware snapshot (VMSS) and saved state (VMSS) files
-VMWareMetaAddressSpace - This AS supports the VMEM format with VMSN/VMSS metadata
-VirtualBoxCoreDumpElf64 - This AS supports VirtualBox ELF64 coredump format
-WindowsCrashDumpSpace32 - This AS supports windows Crash Dump format
-WindowsCrashDumpSpace64 - This AS supports windows Crash Dump format
-WindowsCrashDumpSpace64BitMap - This AS supports Windows BitMap Crash Dump format
-WindowsHiberFileSpace32 - This is a hibernate address space for windows hibernation files.
-
-Plugins
--------
-amcache - Print AmCache information
-apihooks - Detect API hooks in process and kernel memory
-atoms - Print session and window station atom tables
-atomscan - Pool scanner for atom tables
-auditpol - Prints out the Audit Policies from HKLM\SECURITY\Policy\PolAdtEv
-bigpools - Dump the big page pools using BigPagePoolScanner
-bioskbd - Reads the keyboard buffer from Real Mode memory
-cachedump - Dumps cached domain hashes from memory
-callbacks - Print system-wide notification routines
-clipboard - Extract the contents of the windows clipboard
-cmdline - Display process command-line arguments
-cmdscan - Extract command history by scanning for _COMMAND_HISTORY
-connections - Print list of open connections [Windows XP and 2003 Only]
-connscan - Pool scanner for tcp connections
-consoles - Extract command history by scanning for _CONSOLE_INFORMATION
-crashinfo - Dump crash-dump information
-deskscan - Poolscaner for tagDESKTOP (desktops)
-devicetree - Show device tree
-dlldump - Dump DLLs from a process address space
-dlllist - Print list of loaded dlls for each process
-driverirp - Driver IRP hook detection
-drivermodule - Associate driver objects to kernel modules
-driverscan - Pool scanner for driver objects
-dumpcerts - Dump RSA private and public SSL keys
-dumpfiles - Extract memory mapped and cached files
-dumpregistry - Dumps registry files out to disk
-envars - Display process environment variables
-eventhooks - Print details on windows event hooks
-evtlogs - Extract Windows Event Logs (XP/2003 only)
-filescan - Pool scanner for file objects
-gahti - Dump the USER handle type information
-gditimers - Print installed GDI timers and callbacks
-gdt - Display Global Descriptor Table
-getservicesids - Get the names of services in the Registry and return Calculated SID
-getsids - Print the SIDs owning each process
-handles - Print list of open handles for each process
-hashdump - Dumps passwords hashes (LM/NTLM) from memory
-hibinfo - Dump hibernation file information
-hivedump - Prints out a hive
-hivelist - Print list of registry hives.
-hivescan - Pool scanner for registry hives
-hpakextract - Extract physical memory from an HPAK file
-hpakinfo - Info on an HPAK file
-idt - Display Interrupt Descriptor Table
-iehistory - Reconstruct Internet Explorer cache / history
-imagecopy - Copies a physical address space out as a raw DD image
-imageinfo - Identify information for the image
-impscan - Scan for calls to imported functions
-joblinks - Print process job link information
-kdbgscan - Search for and dump potential KDBG values
-kpcrscan - Search for and dump potential KPCR values
-ldrmodules - Detect unlinked DLLs
-limeinfo - Dump Lime file format information
-linux_apihooks - Checks for userland apihooks
-linux_arp - Print the ARP table
-linux_banner - Prints the Linux banner information
-linux_bash - Recover bash history from bash process memory
-linux_bash_env - Recover a process' dynamic environment variables
-linux_bash_hash - Recover bash hash table from bash process memory
-linux_check_afinfo - Verifies the operation function pointers of network protocols
-linux_check_creds - Checks if any processes are sharing credential structures
-linux_check_evt_arm - Checks the Exception Vector Table to look for syscall table hooking
-linux_check_fop - Check file operation structures for rootkit modifications
-linux_check_idt - Checks if the IDT has been altered
-linux_check_inline_kernel - Check for inline kernel hooks
-linux_check_modules - Compares module list to sysfs info, if available
-linux_check_syscall - Checks if the system call table has been altered
-linux_check_syscall_arm - Checks if the system call table has been altered
-linux_check_tty - Checks tty devices for hooks
-linux_cpuinfo - Prints info about each active processor
-linux_dentry_cache - Gather files from the dentry cache
-linux_dmesg - Gather dmesg buffer
-linux_dump_map - Writes selected memory mappings to disk
-linux_dynamic_env - Recover a process' dynamic environment variables
-linux_elfs - Find ELF binaries in process mappings
-linux_enumerate_files - Lists files referenced by the filesystem cache
-linux_find_file - Lists and recovers files from memory
-linux_getcwd - Lists current working directory of each process
-linux_hidden_modules - Carves memory to find hidden kernel modules
-linux_ifconfig - Gathers active interfaces
-linux_info_regs - It's like 'info registers' in GDB. It prints out all the
-linux_iomem - Provides output similar to /proc/iomem
-linux_kernel_opened_files - Lists files that are opened from within the kernel
-linux_keyboard_notifiers - Parses the keyboard notifier call chain
-linux_ldrmodules - Compares the output of proc maps with the list of libraries from libdl
-linux_library_list - Lists libraries loaded into a process
-linux_librarydump - Dumps shared libraries in process memory to disk
-linux_list_raw - List applications with promiscuous sockets
-linux_lsmod - Gather loaded kernel modules
-linux_lsof - Lists file descriptors and their path
-linux_malfind - Looks for suspicious process mappings
-linux_memmap - Dumps the memory map for linux tasks
-linux_moddump - Extract loaded kernel modules
-linux_mount - Gather mounted fs/devices
-linux_mount_cache - Gather mounted fs/devices from kmem_cache
-linux_netfilter - Lists Netfilter hooks
-linux_netscan - Carves for network connection structures
-linux_netstat - Lists open sockets
-linux_pidhashtable - Enumerates processes through the PID hash table
-linux_pkt_queues - Writes per-process packet queues out to disk
-linux_plthook - Scan ELF binaries' PLT for hooks to non-NEEDED images
-linux_proc_maps - Gathers process memory maps
-linux_proc_maps_rb - Gathers process maps for linux through the mappings red-black tree
-linux_procdump - Dumps a process's executable image to disk
-linux_process_hollow - Checks for signs of process hollowing
-linux_psaux - Gathers processes along with full command line and start time
-linux_psenv - Gathers processes along with their static environment variables
-linux_pslist - Gather active tasks by walking the task_struct->task list
-linux_pslist_cache - Gather tasks from the kmem_cache
-linux_pstree - Shows the parent/child relationship between processes
-linux_psxview - Find hidden processes with various process listings
-linux_recover_filesystem - Recovers the entire cached file system from memory
-linux_route_cache - Recovers the routing cache from memory
-linux_sk_buff_cache - Recovers packets from the sk_buff kmem_cache
-linux_slabinfo - Mimics /proc/slabinfo on a running machine
-linux_strings - Match physical offsets to virtual addresses (may take a while, VERY verbose)
-linux_threads - Prints threads of processes
-linux_tmpfs - Recovers tmpfs filesystems from memory
-linux_truecrypt_passphrase - Recovers cached Truecrypt passphrases
-linux_vma_cache - Gather VMAs from the vm_area_struct cache
-linux_volshell - Shell in the memory image
-linux_yarascan - A shell in the Linux memory image
-lsadump - Dump (decrypted) LSA secrets from the registry
-mac_adium - Lists Adium messages
-mac_apihooks - Checks for API hooks in processes
-mac_apihooks_kernel - Checks to see if system call and kernel functions are hooked
-mac_arp - Prints the arp table
-mac_bash - Recover bash history from bash process memory
-mac_bash_env - Recover bash's environment variables
-mac_bash_hash - Recover bash hash table from bash process memory
-mac_calendar - Gets calendar events from Calendar.app
-mac_check_mig_table - Lists entires in the kernel's MIG table
-mac_check_syscall_shadow - Looks for shadow system call tables
-mac_check_syscalls - Checks to see if system call table entries are hooked
-mac_check_sysctl - Checks for unknown sysctl handlers
-mac_check_trap_table - Checks to see if mach trap table entries are hooked
-mac_compressed_swap - Prints Mac OS X VM compressor stats and dumps all compressed pages
-mac_contacts - Gets contact names from Contacts.app
-mac_dead_procs - Prints terminated/de-allocated processes
-mac_dead_sockets - Prints terminated/de-allocated network sockets
-mac_dead_vnodes - Lists freed vnode structures
-mac_dmesg - Prints the kernel debug buffer
-mac_dump_file - Dumps a specified file
-mac_dump_maps - Dumps memory ranges of process(es), optionally including pages in compressed swap
-mac_dyld_maps - Gets memory maps of processes from dyld data structures
-mac_find_aslr_shift - Find the ASLR shift value for 10.8+ images
-mac_get_profile - Automatically detect Mac profiles
-mac_ifconfig - Lists network interface information for all devices
-mac_ip_filters - Reports any hooked IP filters
-mac_keychaindump - Recovers possbile keychain keys. Use chainbreaker to open related keychain files
-mac_ldrmodules - Compares the output of proc maps with the list of libraries from libdl
-mac_librarydump - Dumps the executable of a process
-mac_list_files - Lists files in the file cache
-mac_list_kauth_listeners - Lists Kauth Scope listeners
-mac_list_kauth_scopes - Lists Kauth Scopes and their status
-mac_list_raw - List applications with promiscuous sockets
-mac_list_sessions - Enumerates sessions
-mac_list_zones - Prints active zones
-mac_lsmod - Lists loaded kernel modules
-mac_lsmod_iokit - Lists loaded kernel modules through IOkit
-mac_lsmod_kext_map - Lists loaded kernel modules
-mac_lsof - Lists per-process opened files
-mac_machine_info - Prints machine information about the sample
-mac_malfind - Looks for suspicious process mappings
-mac_memdump - Dump addressable memory pages to a file
-mac_moddump - Writes the specified kernel extension to disk
-mac_mount - Prints mounted device information
-mac_netstat - Lists active per-process network connections
-mac_network_conns - Lists network connections from kernel network structures
-mac_notesapp - Finds contents of Notes messages
-mac_notifiers - Detects rootkits that add hooks into I/O Kit (e.g. LogKext)
-mac_orphan_threads - Lists threads that don't map back to known modules/processes
-mac_pgrp_hash_table - Walks the process group hash table
-mac_pid_hash_table - Walks the pid hash table
-mac_print_boot_cmdline - Prints kernel boot arguments
-mac_proc_maps - Gets memory maps of processes
-mac_procdump - Dumps the executable of a process
-mac_psaux - Prints processes with arguments in user land (**argv)
-mac_psenv - Prints processes with environment in user land (**envp)
-mac_pslist - List Running Processes
-mac_pstree - Show parent/child relationship of processes
-mac_psxview - Find hidden processes with various process listings
-mac_recover_filesystem - Recover the cached filesystem
-mac_route - Prints the routing table
-mac_socket_filters - Reports socket filters
-mac_strings - Match physical offsets to virtual addresses (may take a while, VERY verbose)
-mac_tasks - List Active Tasks
-mac_threads - List Process Threads
-mac_threads_simple - Lists threads along with their start time and priority
-mac_trustedbsd - Lists malicious trustedbsd policies
-mac_version - Prints the Mac version
-mac_volshell - Shell in the memory image
-mac_yarascan - Scan memory for yara signatures
-machoinfo - Dump Mach-O file format information
-malfind - Find hidden and injected code
-mbrparser - Scans for and parses potential Master Boot Records (MBRs)
-memdump - Dump the addressable memory for a process
-memmap - Print the memory map
-messagehooks - List desktop and thread window message hooks
-mftparser - Scans for and parses potential MFT entries
-moddump - Dump a kernel driver to an executable file sample
-modscan - Pool scanner for kernel modules
-modules - Print list of loaded modules
-multiscan - Scan for various objects at once
-mutantscan - Pool scanner for mutex objects
-netscan - Scan a Vista (or later) image for connections and sockets
-notepad - List currently displayed notepad text
-objtypescan - Scan for Windows object type objects
-patcher - Patches memory based on page scans
-poolpeek - Configurable pool scanner plugin
-pooltracker - Show a summary of pool tag usage
-printkey - Print a registry key, and its subkeys and values
-privs - Display process privileges
-procdump - Dump a process to an executable file sample
-pslist - Print all running processes by following the EPROCESS lists
-psscan - Pool scanner for process objects
-pstree - Print process list as a tree
-psxview - Find hidden processes with various process listings
-qemuinfo - Dump Qemu information
-raw2dmp - Converts a physical memory sample to a windbg crash dump
-screenshot - Save a pseudo-screenshot based on GDI windows
-servicediff - List Windows services (ala Plugx)
-sessions - List details on _MM_SESSION_SPACE (user logon sessions)
-shellbags - Prints ShellBags info
-shimcache - Parses the Application Compatibility Shim Cache registry key
-shutdowntime - Print ShutdownTime of machine from registry
-sockets - Print list of open sockets
-sockscan - Pool scanner for tcp socket objects
-ssdt - Display SSDT entries
-strings - Match physical offsets to virtual addresses (may take a while, VERY verbose)
-svcscan - Scan for Windows services
-symlinkscan - Pool scanner for symlink objects
-thrdscan - Pool scanner for thread objects
-threads - Investigate _ETHREAD and _KTHREADs
-timeliner - Creates a timeline from various artifacts in memory
-timers - Print kernel timers and associated module DPCs
-truecryptmaster - Recover TrueCrypt 7.1a Master Keys
-truecryptpassphrase - TrueCrypt Cached Passphrase Finder
-truecryptsummary - TrueCrypt Summary
-unloadedmodules - Print list of unloaded modules
-userassist - Print userassist registry keys and information
-userhandles - Dump the USER handle tables
-vaddump - Dumps out the vad sections to a file
-vadinfo - Dump the VAD info
-vadtree - Walk the VAD tree and display in tree format
-vadwalk - Walk the VAD tree
-vboxinfo - Dump virtualbox information
-verinfo - Prints out the version information from PE images
-vmwareinfo - Dump VMware VMSS/VMSN information
-volshell - Shell in the memory image
-win10cookie - Find the ObHeaderCookie value for Windows 10
-windows - Print Desktop Windows (verbose details)
-wintree - Print Z-Order Desktop Windows Tree
-wndscan - Pool scanner for window stations
-yarascan - Scan process or kernel memory with Yara signatures
-
-3. To get more information on a Windows memory sample and to make sure Volatility
- supports that sample type, run 'python vol.py imageinfo -f <imagename>' or 'python vol.py kdbgscan -f <imagename>'
-
- Example:
-
- $ python vol.py imageinfo -f WIN-II7VOJTUNGL-20120324-193051.raw
- Volatility Foundation Volatility Framework 2.5
- Determining profile based on KDBG search...
-
- Suggested Profile(s) : Win2008R2SP0x64, Win7SP1x64, Win7SP0x64, Win2008R2SP1x64 (Instantiated with Win7SP0x64)
- AS Layer1 : AMD64PagedMemory (Kernel AS)
- AS Layer2 : FileAddressSpace (/Path/to/WIN-II7VOJTUNGL-20120324-193051.raw)
- PAE type : PAE
- DTB : 0x187000L
- KDBG : 0xf800016460a0
- Number of Processors : 1
- Image Type (Service Pack) : 1
- KPCR for CPU 0 : 0xfffff80001647d00L
- KUSER_SHARED_DATA : 0xfffff78000000000L
- Image date and time : 2012-03-24 19:30:53 UTC+0000
- Image local date and time : 2012-03-25 03:30:53 +0800
-
-4. Run some other plugins. -f is a required option for all plugins. Some
- also require/accept other options. Run "python vol.py <plugin> -h" for
- more information on a particular command. A Command Reference wiki
- is also available on the Google Code site:
-
- https://github.com/volatilityfoundation/volatility/wiki
-
- as well as Basic Usage:
-
- https://github.com/volatilityfoundation/volatility/wiki/Volatility-Usage
-
-Licensing and Copyright
-=======================
-
-Copyright (C) 2007-2015 Volatility Foundation
-
-All Rights Reserved
-
-Volatility is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or
-(at your option) any later version.
-
-Volatility is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with Volatility. If not, see <http://www.gnu.org/licenses/>.
-
-Bugs and Support
-================
-There is no support provided with Volatility. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
-PURPOSE.
-
-If you think you've found a bug, please report it at:
-
- https://github.com/volatilityfoundation/volatility/issues
-
-In order to help us solve your issues as quickly as possible,
-please include the following information when filing a bug:
-
-* The version of volatility you're using
-* The operating system used to run volatility
-* The version of python used to run volatility
-* The suspected operating system of the memory image
-* The complete command line you used to run volatility
-
-Depending on the operating system of the memory image, you may need to provide
-additional information, such as:
-
-For Windows:
-* The suspected Service Pack of the memory image
-
-For Linux:
-* The suspected kernel version of the memory image
-
-Other options for communicaton can be found at:
- https://github.com/volatilityfoundation/volatility/wiki
-
-Missing or Truncated Information
-================================
-Volatility Foundation makes no claims about the validity or correctness of the
-output of Volatility. Many factors may contribute to the
-incorrectness of output from Volatility including, but not
-limited to, malicious modifications to the operating system,
-incomplete information due to swapping, and information corruption on
-image acquisition.
-
-Command Reference
-====================
-The following url contains a reference of all commands supported by
-Volatility.
-
- https://github.com/volatilityfoundation/volatility/wiki
-
diff --git a/thirdparty/Volatility/volatility-2.5.standalone.exe b/thirdparty/Volatility/volatility-2.5.standalone.exe
deleted file mode 100644
index a9d700bd57fbffa075cf24f887362ea9ce447b07..0000000000000000000000000000000000000000
Binary files a/thirdparty/Volatility/volatility-2.5.standalone.exe and /dev/null differ
diff --git a/thunderbirdparser/ivy.xml b/thunderbirdparser/ivy.xml
index 0efca69cb5a1f62658f3c15d7b00f73ee19b6755..df9efc81303ed63197c2b2431cc84d04b5fcd21d 100644
--- a/thunderbirdparser/ivy.xml
+++ b/thunderbirdparser/ivy.xml
@@ -9,7 +9,7 @@
<dependencies>
<dependency conf="autopsy->default" org="org.apache.james" name="apache-mime4j-mbox-iterator" rev="0.8.4"/>
<dependency conf="autopsy->default" org="com.googlecode.ez-vcard" name="ez-vcard" rev="0.11.3"/>
- <override org="org.jsoup" module="jsoup" rev="1.14.3"/>
- <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
+ <override org="org.jsoup" module="jsoup" rev="1.16.1"/>
+ <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
</dependencies>
</ivy-module>
diff --git a/thunderbirdparser/nbproject/project.properties b/thunderbirdparser/nbproject/project.properties
index 0c973f2af0d84f63af3a706915f8ef66e7ecd520..8d13059ed61c4f5369e87cf29387a1e7fd20aa08 100644
--- a/thunderbirdparser/nbproject/project.properties
+++ b/thunderbirdparser/nbproject/project.properties
@@ -1,9 +1,9 @@
file.reference.apache-mime4j-mbox-iterator-0.8.4.jar=release/modules/ext/apache-mime4j-mbox-iterator-0.8.4.jar
file.reference.ez-vcard-0.11.3.jar=release/modules/ext/ez-vcard-0.11.3.jar
file.reference.freemarker-2.3.31.jar=release/modules/ext/freemarker-2.3.31.jar
-file.reference.jackson-core-2.13.2.jar=release/modules/ext/jackson-core-2.13.2.jar
+file.reference.jackson-core-2.15.2.jar=release/modules/ext/jackson-core-2.15.2.jar
file.reference.java-libpst-0.9.5-SNAPSHOT.jar=release/modules/ext/java-libpst-0.9.5-SNAPSHOT.jar
-file.reference.jsoup-1.14.3.jar=release/modules/ext/jsoup-1.14.3.jar
+file.reference.jsoup-1.16.1.jar=release/modules/ext/jsoup-1.16.1.jar
file.reference.vinnie-2.0.2.jar=release/modules/ext/vinnie-2.0.2.jar
javac.source=17
javac.compilerargs=-Xlint -Xlint:-serial
diff --git a/thunderbirdparser/nbproject/project.xml b/thunderbirdparser/nbproject/project.xml
index 269ee0eae61b4a0515b65cca8478b35a4a8dc7b3..5c4fa0e042b6df43ecc8660dda35661fd9c2fe13 100644
--- a/thunderbirdparser/nbproject/project.xml
+++ b/thunderbirdparser/nbproject/project.xml
@@ -90,16 +90,16 @@
<binary-origin>release/modules/ext/freemarker-2.3.31.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jackson-core-2.13.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jackson-core-2.13.2.jar</binary-origin>
+ <runtime-relative-path>ext/jackson-core-2.15.2.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jackson-core-2.15.2.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/java-libpst-0.9.5-SNAPSHOT.jar</runtime-relative-path>
<binary-origin>release/modules/ext/java-libpst-0.9.5-SNAPSHOT.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/jsoup-1.14.3.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/jsoup-1.14.3.jar</binary-origin>
+ <runtime-relative-path>ext/jsoup-1.16.1.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/jsoup-1.16.1.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/vinnie-2.0.2.jar</runtime-relative-path>