diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java b/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java index 59bf3c258e1..edd58ae582d 100644 --- a/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java +++ b/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java @@ -340,6 +340,24 @@ public static boolean isWindowsOS() { return PlatformUtil.getOSName().toLowerCase().contains("windows"); //NON-NLS } + /** + * Check if running on Linux OS + * + * @return true if running on Linux OS + */ + public static boolean isLinuxOS() { + return PlatformUtil.getOSName().toLowerCase().contains("linux"); //NON-NLS + } + + /** + * Check if running on Macos OS + * + * @return true if running on Macos OS + */ + public static boolean isMacOS() { + return PlatformUtil.getOSName().toLowerCase().contains("mac"); //NON-NLS + } + /** * Convert file path (quote) for OS specific * diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java index a500367ba9b..bc8fb268aed 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java @@ -69,8 +69,11 @@ final class ExtractPrefetch extends Extract { private static final String PREFETCH_TSK_COMMENT = "Prefetch File"; private static final String PREFETCH_FILE_LOCATION = "/windows/prefetch"; private static final String PREFETCH_TOOL_FOLDER = "markmckinnon"; //NON-NLS - private static final String PREFETCH_TOOL_NAME_WINDOWS = "parse_prefetch.exe"; //NON-NLS - private static final String PREFETCH_TOOL_NAME_LINUX = "parse_prefetch_linux"; //NON-NLS + private static final String PREFETCH_TOOL_NAME_X64_WINDOWS = "mm_artifact_parser_x64_win.exe"; //NON-NLS + private static final String PREFETCH_TOOL_NAME_X64_LINUX = "mm_artifact_parser_x64_linux"; //NON-NLS + private static final String PREFETCH_TOOL_NAME_X64_MACOS = "mm_artifact_parser_x64_macos"; //NON-NLS + private static final String PREFETCH_TOOL_NAME_AARCH64_LINUX = "mm_artifact_parser_aarch64_linux"; //NON-NLS + private static final String PREFETCH_TOOL_NAME_AARCH64_MACOS = "mm_artifact_parser_aarch64_macos"; //NON-NLS private static final String PREFETCH_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS private static final String PREFETCH_ERROR_FILE_NAME = "Error.txt"; //NON-NLS private static final String PREFETCH_PARSER_DB_FILE = "Autopsy_PF_DB.db3"; //NON-NLS @@ -196,7 +199,11 @@ void parsePrefetchFiles(String prefetchExePath, String prefetchDir, String tempO List commandLine = new ArrayList<>(); commandLine.add(prefetchExePath); + commandLine.add("-a"); + commandLine.add("prefetch"); + commandLine.add("-f"); commandLine.add(prefetchDir); //NON-NLS + commandLine.add("-db"); commandLine.add(tempOutFile); ProcessBuilder processBuilder = new ProcessBuilder(commandLine); @@ -216,11 +223,20 @@ void parsePrefetchFiles(String prefetchExePath, String prefetchDir, String tempO private String getPathForPrefetchDumper() { Path path = null; if (PlatformUtil.isWindowsOS()) { - path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_WINDOWS); - } else { - if ("Linux".equals(PlatformUtil.getOSName())) { - path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_LINUX); + path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_X64_WINDOWS); + } else if (PlatformUtil.isLinuxOS()) { + if ("aarch64".equals(PlatformUtil.getOSArch())) { + path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_AARCH64_LINUX); + } else { + path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_X64_LINUX); } + } else if (PlatformUtil.isMacOS()) { + if ("aarch64".equals(PlatformUtil.getOSArch())) { + path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_AARCH64_MACOS); + } else { + path = Paths.get(PREFETCH_TOOL_FOLDER, PREFETCH_TOOL_NAME_X64_MACOS); + } + } File prefetchToolFile = InstalledFileLocator.getDefault().locate(path.toString(), ExtractPrefetch.class.getPackage().getName(), false); diff --git a/thirdparty/markmckinnon/mm_artifact_parser_aarch64_linux b/thirdparty/markmckinnon/mm_artifact_parser_aarch64_linux new file mode 100644 index 00000000000..2486199d336 Binary files /dev/null and b/thirdparty/markmckinnon/mm_artifact_parser_aarch64_linux differ diff --git a/thirdparty/markmckinnon/mm_artifact_parser_aarch64_macos b/thirdparty/markmckinnon/mm_artifact_parser_aarch64_macos new file mode 100644 index 00000000000..df579d759aa Binary files /dev/null and b/thirdparty/markmckinnon/mm_artifact_parser_aarch64_macos differ diff --git a/thirdparty/markmckinnon/mm_artifact_parser_x64_linux b/thirdparty/markmckinnon/mm_artifact_parser_x64_linux new file mode 100644 index 00000000000..3197710dae8 Binary files /dev/null and b/thirdparty/markmckinnon/mm_artifact_parser_x64_linux differ diff --git a/thirdparty/markmckinnon/mm_artifact_parser_x64_macos b/thirdparty/markmckinnon/mm_artifact_parser_x64_macos new file mode 100644 index 00000000000..07fcd9b94db Binary files /dev/null and b/thirdparty/markmckinnon/mm_artifact_parser_x64_macos differ diff --git a/thirdparty/markmckinnon/mm_artifact_parser_x64_win.exe b/thirdparty/markmckinnon/mm_artifact_parser_x64_win.exe new file mode 100644 index 00000000000..d9e52517c3a Binary files /dev/null and b/thirdparty/markmckinnon/mm_artifact_parser_x64_win.exe differ diff --git a/thirdparty/markmckinnon/parse_prefetch.exe b/thirdparty/markmckinnon/parse_prefetch.exe deleted file mode 100644 index eec6490f99b..00000000000 Binary files a/thirdparty/markmckinnon/parse_prefetch.exe and /dev/null differ diff --git a/thirdparty/markmckinnon/parse_prefetch_linux b/thirdparty/markmckinnon/parse_prefetch_linux deleted file mode 100755 index 2519a2c05e9..00000000000 Binary files a/thirdparty/markmckinnon/parse_prefetch_linux and /dev/null differ