Autopsy  4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
WindowsRegistryViewer.java
Go to the documentation of this file.
1 /*
2  * Autopsy
3  *
4  * Copyright 2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Copyright 2013-2018 Willi Ballenthin
8  * Contact: willi.ballenthin <at> gmail <dot> com
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License");
11  * you may not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS,
18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  */
22 package org.sleuthkit.autopsy.contentviewers;
23 
24 import com.williballenthin.rejistry.RegistryHive;
25 import com.williballenthin.rejistry.RegistryHiveBuffer;
26 import com.williballenthin.rejistry.RegistryParseException;
27 import java.awt.BorderLayout;
28 import java.awt.Component;
29 import java.awt.Cursor;
30 import java.nio.ByteBuffer;
31 import java.util.Arrays;
32 import java.util.List;
33 import java.util.logging.Level;
34 import javax.swing.JPanel;
37 import org.sleuthkit.datamodel.AbstractFile;
38 import org.sleuthkit.datamodel.Content;
39 import org.sleuthkit.datamodel.TskCoreException;
40 
44 class WindowsRegistryViewer extends JPanel implements FileTypeViewer {
45 
46  private static final long serialVersionUID = 1L;
47  private static final Logger logger = Logger.getLogger(WindowsRegistryViewer.class.getName());
48  private static final String[] SUPPORTED_MIMETYPES = new String[]{"application/x.windows-registry"};
49  //Registry log files which should be ignored share the same signature as Registry files but appear to have a size of 1024
50  private static final String LOG_FILE_EXTENSION = "log"; //base extension for log files
51  private RejView regview;
52  private AbstractFile lastFile;
53 
54  WindowsRegistryViewer() {
55  super(new BorderLayout());
56  }
57 
58  private void setDataView(Content content) {
59  if (content == null) {
60  this.resetComponent();
61  return;
62  }
63 
64  this.setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
65 
66  if (content.getSize() == 0) {
67  return;
68  }
69 
70  byte[] data = new byte[(int) content.getSize()];
71 
72  try {
73  content.read(data, 0x0, content.getSize());
74  } catch (TskCoreException ex) {
75  logger.log(Level.WARNING, "Failed to read file content.", ex);
76  return;
77  }
78  ByteBuffer buf = ByteBuffer.wrap(data);
79 
80  RegistryHive h = new RegistryHiveBuffer(buf);
81  this.regview = new RejView(h);
82  this.add(this.regview, BorderLayout.CENTER);
83 
84  this.setCursor(null);
85  }
86 
87  @Override
88  public Component getComponent() {
89  return this;
90  }
91 
92  @Override
93  public void resetComponent() {
94  // cleanup anything
95  if (this.regview != null) {
96  this.remove(this.regview);
97  this.regview = null;
98  }
99  lastFile = null;
100  }
101 
102  @Override
103  public boolean isSupported(AbstractFile file) {
104  if (file == null) {
105  return false;
106  }
107  if (file.getSize() == 0) {
108  return false;
109  }
110 
111  if (file.getNameExtension().toLowerCase().startsWith(LOG_FILE_EXTENSION)) {
112  return false;
113  }
114  byte[] header = new byte[0x4000];
115 
116  try {
117  file.read(header, 0x0, Math.min(0x4000, file.getSize()));
118  } catch (TskCoreException ex) {
119  logger.log(Level.WARNING, "Failed to read file content", ex);
120  return false;
121  }
122  ByteBuffer buf = ByteBuffer.wrap(header);
123 
124  RegistryHive hive = new RegistryHiveBuffer(buf);
125  try {
126  hive.getHeader();
127  return true;
128  } catch (RegistryParseException ex) {
129  logger.log(Level.WARNING, "Failed to get hive header", ex);
130  return false;
131  }
132  }
133 
134  @Override
135  public List<String> getSupportedMIMETypes() {
136  return Arrays.asList(SUPPORTED_MIMETYPES);
137  }
138 
139  @Override
140  public void setFile(AbstractFile file) {
141  if (file == null) {
142  resetComponent();
143  return;
144  }
145  if (file.equals(lastFile)) {
146  return; //prevent from loading twice if setNode() called mult. times
147  }
148  lastFile = file;
149  this.setDataView(file);
150  }
151 }

Copyright © 2012-2021 Basis Technology. Generated on: Tue Jan 19 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.