Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Util.java
Go to the documentation of this file.
1  /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
26 import java.io.File;
27 import java.io.FileInputStream;
28 import java.io.IOException;
29 import java.net.MalformedURLException;
30 import java.net.URL;
31 import java.nio.MappedByteBuffer;
32 import java.nio.channels.FileChannel;
33 import java.nio.charset.Charset;
34 import java.sql.ResultSet;
35 import java.text.SimpleDateFormat;
36 import java.util.Date;
37 import java.util.List;
38 import java.util.StringTokenizer;
39 import java.util.logging.Level;
41 import java.util.regex.Matcher;
42 import java.util.regex.Pattern;
45 import org.sleuthkit.datamodel.AbstractFile;
46 import org.sleuthkit.datamodel.Content;
47 import org.sleuthkit.datamodel.TskCoreException;
48 
53 class Util {
54 
55  private static Logger logger = Logger.getLogger(Util.class.getName());
56 
57  private Util() {
58  }
59 
60  public static boolean pathexists(String path) {
61  File file = new File(path);
62  boolean exists = file.exists();
63  return exists;
64  }
65 
66  public static String utcConvert(String utc) {
67  SimpleDateFormat formatter = new SimpleDateFormat("MM-dd-yyyy HH:mm");
68  String tempconvert = formatter.format(new Date(Long.parseLong(utc)));
69  return tempconvert;
70  }
71 
72  public static String readFile(String path) throws IOException {
73  FileInputStream stream = new FileInputStream(new File(path));
74  try {
75  FileChannel fc = stream.getChannel();
76  MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size());
77  /*
78  * Instead of using default, pass in a decoder.
79  */
80  return Charset.defaultCharset().decode(bb).toString();
81  } finally {
82  stream.close();
83  }
84  }
85 
86  public static String getBaseDomain(String url) {
87  String host = null;
88  //strip protocol
89  String cleanUrl = url.replaceFirst("/.*:\\/\\//", "");
90 
91  //strip after slashes
92  String dirToks[] = cleanUrl.split("/\\//");
93  if (dirToks.length > 0) {
94  host = dirToks[0];
95  } else {
96  host = cleanUrl;
97  }
98 
99  //get the domain part from host (last 2)
100  StringTokenizer tok = new StringTokenizer(host, ".");
101  StringBuilder hostB = new StringBuilder();
102  int toks = tok.countTokens();
103 
104  for (int count = 0; count < toks; ++count) {
105  String part = tok.nextToken();
106  int diff = toks - count;
107  if (diff < 3) {
108  hostB.append(part);
109  }
110  if (diff == 2) {
111  hostB.append(".");
112  }
113  }
114 
115  return hostB.toString();
116  }
117 
118  public static String extractDomain(String value) {
119  if (value == null) {
120  return "";
121 
122  }
123  String result = "";
124  // String domainPattern = "(\\w+)\\.(AC|AD|AE|AERO|AF|AG|AI|AL|AM|AN|AO|AQ|AR|ARPA|AS|ASIA|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BIZ|BJ|BM|BN|BO|BR|BS|BT|BV|BW|BY|BZ|CA|CAT|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|COM|COOP|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EDU|EE|EG|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GOV|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|INFO|INT|IO|IQ|IR|IS|IT|JE|JM|JO|JOBS|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MIL|MK|ML|MM|MN|MO|MOBI|MP|MQ|MR|MS|MT|MU|MUSEUM|MV|MW|MX|MY|MZ|NA|NAME|NC|NE|NET|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|ORG|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PRO|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|ST|SU|SV|SX|SY|SZ|TC|TD|TEL|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TRAVEL|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|XXX|YE|YT|ZA|ZM|ZW(co\\.[a-z].))";
125  // Pattern p = Pattern.compile(domainPattern,Pattern.CASE_INSENSITIVE);
126  // Matcher m = p.matcher(value);
127  // while (m.find()) {
128  // result = value.substring(m.start(0),m.end(0));
129  // }
130 
131  try {
132  URL url = new URL(value);
133  result = url.getHost();
134  } catch (MalformedURLException ex) {
135  //do not log if not a valid URL, and handle later
136  //Logger.getLogger(Util.class.getName()).log(Level.SEVERE, null, ex);
137  }
138 
139  //was not a valid URL, try a less picky method
140  if (result == null || result.trim().isEmpty()) {
141  return getBaseDomain(value);
142  }
143 
144  return result;
145  }
146 
147  public static String getFileName(String value) {
148  String filename = "";
149  String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?<!\\[ \\]))*(\\.[a-zA-Z]{2,6})$"; //NON-NLS
150 
151  Pattern p = Pattern.compile(filematch, Pattern.CASE_INSENSITIVE | Pattern.DOTALL | Pattern.COMMENTS);
152  Matcher m = p.matcher(value);
153  if (m.find()) {
154  filename = m.group(1);
155 
156  }
157  int lastPos = value.lastIndexOf('\\');
158  filename = (lastPos < 0) ? value : value.substring(lastPos + 1);
159  return filename.toString();
160  }
161 
162  public static String getPath(String txt) {
163  String path = "";
164 
165  //String drive ="([a-z]:\\\\(?:[-\\w\\.\\d]+\\\\)*(?:[-\\w\\.\\d]+)?)"; // Windows drive
166  String drive = "([a-z]:\\\\\\S.+)"; //NON-NLS
167  Pattern p = Pattern.compile(drive, Pattern.CASE_INSENSITIVE | Pattern.COMMENTS);
168  Matcher m = p.matcher(txt);
169  if (m.find()) {
170  path = m.group(1);
171 
172  } else {
173 
174  String network = "(\\\\(?:\\\\[^:\\s?*\"<>|]+)+)"; // Windows network NON-NLS
175 
176  Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
177  Matcher m2 = p2.matcher(txt);
178  if (m2.find()) {
179  path = m2.group(1);
180  }
181  }
182  return path;
183  }
184 
185  public static long findID(Content dataSource, String path) {
186  String parent_path = path.replace('\\', '/'); // fix Chrome paths
187  if (parent_path.length() > 2 && parent_path.charAt(1) == ':') {
188  parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:')
189  }
190  int index = parent_path.lastIndexOf('/');
191  String name = parent_path.substring(++index);
192  parent_path = parent_path.substring(0, index);
193  FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
194  List<AbstractFile> files = null;
195  try {
196  files = fileManager.findFiles(dataSource, name, parent_path);
197  } catch (TskCoreException ex) {
198  logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); //NON-NLS
199  }
200 
201  if (files == null || files.isEmpty()) {
202  return -1;
203  }
204  return files.get(0).getId();
205  }
206 
207  public static boolean checkColumn(String column, String tablename, String connection) {
208  String query = "PRAGMA table_info(" + tablename + ")"; //NON-NLS
209  boolean found = false;
210  ResultSet temprs;
211  try {
212  SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
213  temprs = tempdbconnect.executeQry(query);
214  while (temprs.next()) {
215  if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) { //NON-NLS
216  found = true;
217  }
218  }
219  } catch (Exception ex) {
220  logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); //NON-NLS
221  }
222  return found;
223  }
224 
225  public static ResultSet runQuery(String query, String connection) {
226  ResultSet results = null;
227  try {
228  SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
229  results = tempdbconnect.executeQry(query);
230  tempdbconnect.closeConnection();
231  } catch (Exception ex) {
232  logger.log(Level.WARNING, "Error while trying to run sql query: " + query + " : " + connection, ex); //NON-NLS
233  }
234  return results;
235  }
236 }

Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.