Autopsy  4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
ExtractOs.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019-2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.recentactivity;
20 
21 import java.util.ArrayList;
22 import java.util.Arrays;
23 import java.util.Collection;
24 import java.util.Collections;
25 import java.util.List;
26 import java.util.logging.Level;
27 import org.apache.commons.io.FilenameUtils;
28 import org.openide.util.NbBundle.Messages;
32 import org.sleuthkit.datamodel.AbstractFile;
33 import org.sleuthkit.datamodel.BlackboardArtifact;
34 import org.sleuthkit.datamodel.BlackboardAttribute;
35 import org.sleuthkit.datamodel.Content;
36 import org.sleuthkit.datamodel.TskCoreException;
37 
42 @Messages({"ExtractOs.displayName=OS Info Analyzer",
43  "ExtractOS_progressMessage=Checking for OS"})
44 class ExtractOs extends Extract {
45 
46  private static final Logger logger = Logger.getLogger(ExtractOs.class.getName());
47 
48  private static final String WINDOWS_VOLUME_PATH = "/windows/system32";
49  private static final String OSX_VOLUME_PATH = "/System/Library/CoreServices/SystemVersion.plist";
50  private static final String ANDROID_VOLUME_PATH = "/data/com.android.providers.settings/databases/settings.db";
51  //linux specific files reference https://www.novell.com/coolsolutions/feature/11251.html
52  private static final String LINUX_RED_HAT_PATHS[] = {"/etc/redhat-release", "/etc/redhat_version"};
53  private static final String LINUX_NOVELL_SUSE_PATH = "/etc/SUSE-release";
54  private static final String LINUX_FEDORA_PATH = "/etc/fedora-release";
55  private static final String LINUX_SLACKWARE_PATHS[] = {"/etc/slackware-release", "/etc/slackware-version"};
56  private static final String LINUX_DEBIAN_PATHS[] = {"/etc/debian_release", "/etc/debian_version"};
57  private static final String LINUX_MANDRAKE_PATH = "/etc/mandrake-release";
58  private static final String LINUX_YELLOW_DOG_PATH = "/etc/yellowdog-release";
59  private static final String LINUX_SUN_JDS_PATH = "/etc/sun-release";
60  private static final String LINUX_SOLARIS_SPARC_PATH = "/etc/release";
61  private static final String LINUX_GENTOO_PATH = "/etc/gentoo-release";
62  private static final String LINUX_UNITED_LINUX_PATH = "/etc/UnitedLinux-release";
63  private static final String LINUX_UBUNTU_PATH = "/etc/lsb-release";
64 
65  private Content dataSource;
66  private final IngestJobContext context;
67 
68  ExtractOs(IngestJobContext context) {
69  super(Bundle.ExtractOs_displayName(), context);
70  this.context = context;
71  }
72 
73  @Override
74  void process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
75  this.dataSource = dataSource;
76  try {
77  progressBar.progress(Bundle.ExtractOS_progressMessage());
78  for (OS_TYPE value : OS_TYPE.values()) {
79  if (context.dataSourceIngestIsCancelled()) {
80  return;
81  }
82 
83  checkForOSFiles(value);
84  }
85  } catch (TskCoreException ex) {
86  logger.log(Level.WARNING, "Failed to check if datasource contained a volume with operating system specific files", ex);
87  }
88  }
89 
97  private void checkForOSFiles(OS_TYPE osType) throws TskCoreException {
98  if (osType.getOsInfoLabel().isEmpty()) {
99  //shortcut out if it was called with out a specified program name so no OS INFO artifacts are created
100  return;
101  }
102  AbstractFile file = getFirstFileFound(osType.getFilePaths());
103 
104  if (file != null && tskCase.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_OS_INFO, file.getId()).isEmpty()) {
105  //if the os info program name is not empty create an os info artifact on the first of the files found
106  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
107  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
108  getRAModuleName(),
109  osType.getOsInfoLabel())); //NON-NLS
110  postArtifact(createArtifactWithAttributes(BlackboardArtifact.Type.TSK_OS_INFO, file, bbattributes));
111  }
112  }
113 
124  private AbstractFile getFirstFileFound(List<String> pathsToSearchFor) throws TskCoreException {
125  for (String filePath : pathsToSearchFor) {
126  List<AbstractFile> files = currentCase.getSleuthkitCase().getFileManager().findFilesExactNameExactPath(dataSource, FilenameUtils.getName(filePath), FilenameUtils.getPath(filePath));
127  if (!files.isEmpty()) {
128  return files.get(0);
129  }
130  }
131  return null;
132  }
133 
134  @Messages({
135  "ExtractOs.osx.label=Mac OS X",
136  "ExtractOs.androidOs.label=Android",
137  "ExtractOs.redhatLinuxOs.label=Linux (Redhat)",
138  "ExtractOs.novellSUSEOs.label=Linux (Novell SUSE)",
139  "ExtractOs.fedoraLinuxOs.label=Linux (Fedora)",
140  "ExtractOs.slackwareLinuxOs.label=Linux (Slackware)",
141  "ExtractOs.debianLinuxOs.label=Linux (Debian)",
142  "ExtractOs.mandrakeLinuxOs.label=Linux (Mandrake)",
143  "ExtractOs.yellowDogLinuxOs.label=Linux (Yellow Dog)",
144  "ExtractOs.sunJDSLinuxOs.label=Linux (Sun JDS)",
145  "ExtractOs.solarisSparcOs.label=Linux (Solaris/Sparc)",
146  "ExtractOs.gentooLinuxOs.label=Linux (Gentoo)",
147  "ExtractOs.unitedLinuxOs.label=Linux (United Linux)",
148  "ExtractOs.ubuntuLinuxOs.label=Linux (Ubuntu)",
149  "ExtractOs.windowsVolume.label=OS Drive (Windows)",
150  "ExtractOs.osxVolume.label=OS Drive (OS X)",
151  "ExtractOs.androidVolume.label=OS Drive (Android)",
152  "ExtractOs.redhatLinuxVolume.label=OS Drive (Linux Redhat)",
153  "ExtractOs.novellSUSEVolume.label=OS Drive (Linux Novell SUSE)",
154  "ExtractOs.fedoraLinuxVolume.label=OS Drive (Linux Fedora)",
155  "ExtractOs.slackwareLinuxVolume.label=OS Drive (Linux Slackware)",
156  "ExtractOs.debianLinuxVolume.label=OS Drive (Linux Debian)",
157  "ExtractOs.mandrakeLinuxVolume.label=OS Drive (Linux Mandrake)",
158  "ExtractOs.yellowDogLinuxVolume.label=OS Drive (Linux Yellow Dog)",
159  "ExtractOs.sunJDSLinuxVolume.label=OS Drive (Linux Sun JDS)",
160  "ExtractOs.solarisSparcVolume.label=OS Drive (Linux Solaris/Sparc)",
161  "ExtractOs.gentooLinuxVolume.label=OS Drive (Linux Gentoo)",
162  "ExtractOs.unitedLinuxVolume.label=OS Drive (Linux United Linux)",
163  "ExtractOs.ubuntuLinuxVolume.label=OS Drive (Linux Ubuntu)"})
168  enum OS_TYPE {
169  WINDOWS("", Bundle.ExtractOs_windowsVolume_label(), Arrays.asList(WINDOWS_VOLUME_PATH)), //windows doesn't get OS_INFO artifacts created for it here
170  MAC_OS_X(Bundle.ExtractOs_osx_label(), Bundle.ExtractOs_osxVolume_label(), Arrays.asList(OSX_VOLUME_PATH)),
171  ANDROID(Bundle.ExtractOs_androidOs_label(), Bundle.ExtractOs_androidVolume_label(), Arrays.asList(ANDROID_VOLUME_PATH)),
172  LINUX_REDHAT(Bundle.ExtractOs_redhatLinuxOs_label(), Bundle.ExtractOs_redhatLinuxVolume_label(), Arrays.asList(LINUX_RED_HAT_PATHS)),
173  LINUX_NOVELL_SUSE(Bundle.ExtractOs_novellSUSEOs_label(), Bundle.ExtractOs_novellSUSEVolume_label(), Arrays.asList(LINUX_NOVELL_SUSE_PATH)),
174  LINUX_FEDORA(Bundle.ExtractOs_fedoraLinuxOs_label(), Bundle.ExtractOs_fedoraLinuxVolume_label(), Arrays.asList(LINUX_FEDORA_PATH)),
175  LINUX_SLACKWARE(Bundle.ExtractOs_slackwareLinuxOs_label(), Bundle.ExtractOs_slackwareLinuxVolume_label(), Arrays.asList(LINUX_SLACKWARE_PATHS)),
176  LINUX_DEBIAN(Bundle.ExtractOs_debianLinuxOs_label(), Bundle.ExtractOs_debianLinuxVolume_label(), Arrays.asList(LINUX_DEBIAN_PATHS)),
177  LINUX_MANDRAKE(Bundle.ExtractOs_mandrakeLinuxOs_label(), Bundle.ExtractOs_mandrakeLinuxVolume_label(), Arrays.asList(LINUX_MANDRAKE_PATH)),
178  LINUX_YELLOW_DOG(Bundle.ExtractOs_yellowDogLinuxOs_label(), Bundle.ExtractOs_yellowDogLinuxVolume_label(), Arrays.asList(LINUX_YELLOW_DOG_PATH)),
179  LINUX_SUN_JDS(Bundle.ExtractOs_sunJDSLinuxOs_label(), Bundle.ExtractOs_sunJDSLinuxVolume_label(), Arrays.asList(LINUX_SUN_JDS_PATH)),
180  LINUX_SOLARIS_SPARC(Bundle.ExtractOs_solarisSparcOs_label(), Bundle.ExtractOs_solarisSparcVolume_label(), Arrays.asList(LINUX_SOLARIS_SPARC_PATH)),
181  LINUX_GENTOO(Bundle.ExtractOs_gentooLinuxOs_label(), Bundle.ExtractOs_gentooLinuxVolume_label(), Arrays.asList(LINUX_GENTOO_PATH)),
182  LINUX_UNITED_LINUX(Bundle.ExtractOs_unitedLinuxOs_label(), Bundle.ExtractOs_unitedLinuxVolume_label(), Arrays.asList(LINUX_UNITED_LINUX_PATH)),
183  LINUX_UBUNTU(Bundle.ExtractOs_ubuntuLinuxOs_label(), Bundle.ExtractOs_ubuntuLinuxVolume_label(), Arrays.asList(LINUX_UBUNTU_PATH));
184 
185  private final String osInfoLabel;
186  private final String dsUsageLabel;
187  private final List<String> filePaths;
188 
199  private OS_TYPE(String osInfoText, String dsUsageText, List<String> filePathList) {
200  this.osInfoLabel = osInfoText;
201  this.dsUsageLabel = dsUsageText;
202  this.filePaths = filePathList;
203  }
204 
211  String getOsInfoLabel() {
212  return osInfoLabel;
213  }
214 
221  String getDsUsageLabel() {
222  return dsUsageLabel;
223  }
224 
231  List<String> getFilePaths() {
232  return Collections.unmodifiableList(filePaths);
233  }
234 
245  static public OS_TYPE fromDsUsageLabel(String dsUsageLabel) {
246  for (OS_TYPE value : OS_TYPE.values()) {
247  if (value.getDsUsageLabel().equals(dsUsageLabel)) {
248  return value;
249  }
250  }
251  return null;
252  }
253 
263  static public OS_TYPE fromOsInfoLabel(String osInfoLabel) {
264  for (OS_TYPE value : OS_TYPE.values()) {
265  if (value.getOsInfoLabel().equals(osInfoLabel)) {
266  return value;
267  }
268  }
269  return null;
270  }
271  }
272 }

Copyright © 2012-2022 Basis Technology. Generated on: Tue Feb 6 2024
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.