├── .gitattributes
├── .gitignore
├── Android Forensic Toolkit-SetupFiles
└── Android Forensic Toolkit.msi
├── Android Forensic Toolkit-cache
├── cacheIndex.txt
└── part1
│ ├── disk1.cab
│ └── output-info.ini
├── Android Forensic Toolkit.aip
├── README.txt
├── build.xml
├── manifest.mf
├── nbproject
├── build-impl.xml
├── genfiles.properties
├── private
│ ├── config.properties
│ ├── private.properties
│ ├── private.xml
│ └── profiler
│ │ └── configurations.xml
├── project.properties
└── project.xml
└── src
├── JHexEditor
├── JHexEditor.java
├── JHexEditorASCII.java
├── JHexEditorHEX.java
└── Test.java
├── android
└── forensic
│ └── toolkit
│ ├── CustomCellRenderer.java
│ ├── FAT12.java
│ ├── FAT16.java
│ ├── FAT32.java
│ ├── FileList.java
│ ├── FileRecord.java
│ ├── MFT.java
│ ├── MainJFrame.form
│ ├── MainJFrame.java
│ ├── NTFS.java
│ ├── Utils.java
│ ├── refresh.png
│ └── yaffs_obj_hdr.java
├── cache
└── res
│ ├── Thumbs.db
│ ├── deleted_file.png
│ ├── deleted_folder.png
│ ├── deleted_hidden_file.png
│ ├── deleted_hidden_folder.png
│ ├── file.png
│ ├── folder.png
│ ├── hidden_file.png
│ └── hidden_folder.png
└── res
├── Thumbs.db
├── cache_template.html
├── camera.ico
├── deleted_file.ico
├── deleted_file.png
├── deleted_file2.ico
├── deleted_file2.png
├── deleted_folder.ico
├── deleted_folder.png
├── deleted_hidden_file.png
├── deleted_hidden_folder.png
├── disk.ico
├── file.ico
├── file.png
├── folder.ico
├── folder.png
├── folder2.ico
├── help.ico
├── hidden_file.png
├── hidden_folder.png
├── mem_card.ico
├── mobile.ico
├── off.ico
├── ram.ico
└── stop.ico
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
4 | # Custom for Visual Studio
5 | *.cs diff=csharp
6 | *.sln merge=union
7 | *.csproj merge=union
8 | *.vbproj merge=union
9 | *.fsproj merge=union
10 | *.dbproj merge=union
11 |
12 | # Standard to msysgit
13 | *.doc diff=astextplain
14 | *.DOC diff=astextplain
15 | *.docx diff=astextplain
16 | *.DOCX diff=astextplain
17 | *.dot diff=astextplain
18 | *.DOT diff=astextplain
19 | *.pdf diff=astextplain
20 | *.PDF diff=astextplain
21 | *.rtf diff=astextplain
22 | *.RTF diff=astextplain
23 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | /dist/
2 | /build/
3 | /src/cache/
--------------------------------------------------------------------------------
/Android Forensic Toolkit-SetupFiles/Android Forensic Toolkit.msi:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/Android Forensic Toolkit-SetupFiles/Android Forensic Toolkit.msi
--------------------------------------------------------------------------------
/Android Forensic Toolkit-cache/cacheIndex.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/Android Forensic Toolkit-cache/cacheIndex.txt
--------------------------------------------------------------------------------
/Android Forensic Toolkit-cache/part1/disk1.cab:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/Android Forensic Toolkit-cache/part1/disk1.cab
--------------------------------------------------------------------------------
/Android Forensic Toolkit-cache/part1/output-info.ini:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/Android Forensic Toolkit-cache/part1/output-info.ini
--------------------------------------------------------------------------------
/README.txt:
--------------------------------------------------------------------------------
1 | Android Forensic Toolkit - Version 1.0 18/12/2013
2 |
3 | ---------------------
4 | GENERAL USAGE NOTES
5 | ---------------------
6 | All operations in Android Forensic Toolkit (AFTK, henceforth the software) can be done in the following steps.
7 | - Connect the device/drive and refresh drive list in the software.
8 | - Select desired drive from the drop down menu.
9 | - Click the button for the desired operation.
10 | - Sit back and relax as the software does the work.
11 |
12 | Clone Disk
13 | This option allows you to make an exact replica of a disk/drive onto another disk/drive. There must be enough space on the destination disk/drive for cloning to take place.
14 |
15 | Compute Hash
16 | This option allows you to choose from a variety of options to compute the hash value of the entire disk/drive. This value can also be compared with the value stored in another file.
17 |
18 | Get Details
19 | This option lets you view and recover all the deleted files that still exist on the disk/drive. It also displays additional details about the drive and hex data of important parts of the drive.
20 |
21 | -------------
22 | INSTALLATION
23 | -------------
24 | This software requires the Java Runtime Environment (JRE) to be installed on the machine in order to run. Although the software package comes with a setup for JRE, you may wish to download and install it separately from http://java.com/en/download/index.jsp
25 | Additionally in order access certain devices, such as Android phones and Tablets, it is necessary to have the required drivers present on the system. The software will install necessary drivers to your System32\Drivers folder and/or to a \Drivers folder in the installation folder.
26 | The software will always need to run as administrator in order to properly access the system files.
27 |
28 | --------------------
29 | SYSTEM REQUIREMENTS
30 | --------------------
31 | - Windows XP or above
32 | - Java Runtime Environment 7 or above
33 | - 1 GHz Processor or better
34 | - 32 MB Hard disk space
35 |
36 | --------------------
37 | CONTACT INFORMATION
38 | --------------------
39 | Resley Rodrigues
40 | resley.rodrigues@yahoo.com
41 | +91 976-525-4154
42 | On behalf of Intelligent Quotient Security Systems
43 |
--------------------------------------------------------------------------------
/build.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 | Builds, tests, and runs the project Android_Forensic_Toolkit.
12 |
13 |
74 |
75 |
--------------------------------------------------------------------------------
/manifest.mf:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 | X-COMMENT: Main-Class will be added automatically by build
3 |
4 |
--------------------------------------------------------------------------------
/nbproject/genfiles.properties:
--------------------------------------------------------------------------------
1 | build.xml.data.CRC32=975e57a0
2 | build.xml.script.CRC32=0851b116
3 | build.xml.stylesheet.CRC32=28e38971@1.56.1.46
4 | # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
5 | # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
6 | nbproject/build-impl.xml.data.CRC32=975e57a0
7 | nbproject/build-impl.xml.script.CRC32=7a58791d
8 | nbproject/build-impl.xml.stylesheet.CRC32=c6d2a60f@1.56.1.46
9 |
--------------------------------------------------------------------------------
/nbproject/private/config.properties:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/nbproject/private/config.properties
--------------------------------------------------------------------------------
/nbproject/private/private.properties:
--------------------------------------------------------------------------------
1 | compile.on.save=true
2 | do.depend=true
3 | do.jar=true
4 | javac.debug=true
5 | javadoc.preview=true
6 | user.properties.file=C:\\Users\\Resley\\AppData\\Roaming\\NetBeans\\7.3.1\\build.properties
7 |
--------------------------------------------------------------------------------
/nbproject/private/private.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/nbproject/private/profiler/configurations.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | 1000
5 | false
6 | profiler.simple.filter
7 | false
8 |
9 | 64
10 | true
11 |
12 | 10
13 | true
14 | 0
15 | false
16 | true
17 | 1
18 | false
19 | false
20 | false
21 | profiler.simple.filter
22 | 32
23 | false
24 | 1
25 | true
26 | 1
27 | 10
28 | 1
29 | true
30 | Analyze Memory
31 | false
32 | 10
33 | 1
34 | true
35 | 10
36 | 0
37 | profiler.simple.filter
38 | 0
39 | false
40 | true
41 |
42 | 1
43 |
44 | true
45 |
46 |
47 | false
48 | 10
49 | false
50 | true
51 | false
52 | false
53 | 32
54 | Quick filter...
55 | 0
56 | false
57 | 0
58 |
59 | 10
60 | 0
61 | true
62 | true
63 |
64 | true
65 | 10
66 |
67 | 1000
68 | 0
69 | profiler.simple.filter
70 | false
71 | Analyze Performance
72 |
73 | 1
74 | 2
75 |
76 | false
77 | 0
78 | profiler.simple.filter
79 | Quick filter...
80 | false
81 | true
82 | 0
83 | true
84 |
85 | 2
86 |
87 | 32
88 | 0
89 | false
90 | Profile only project classes
91 | 0
92 | 0
93 | true
94 | profiler.simple.filter
95 | 1
96 | 10
97 | false
98 | 10
99 | false
100 | false
101 | true
102 | false
103 | false
104 | 0
105 | Quick filter...
106 | false
107 |
108 | Monitor Application
109 | 128
110 | 1000
111 | true
112 | false
113 |
114 |
--------------------------------------------------------------------------------
/nbproject/project.properties:
--------------------------------------------------------------------------------
1 | annotation.processing.enabled=true
2 | annotation.processing.enabled.in.editor=false
3 | annotation.processing.processors.list=
4 | annotation.processing.run.all.processors=true
5 | annotation.processing.source.output=${build.generated.sources.dir}/ap-source-output
6 | application.title=Android Forensic Toolkit
7 | application.vendor=Resley Rodrigues
8 | build.classes.dir=${build.dir}/classes
9 | build.classes.excludes=**/*.java,**/*.form
10 | # This directory is removed when the project is cleaned:
11 | build.dir=build
12 | build.generated.dir=${build.dir}/generated
13 | build.generated.sources.dir=${build.dir}/generated-sources
14 | # Only compile against the classpath explicitly listed here:
15 | build.sysclasspath=ignore
16 | build.test.classes.dir=${build.dir}/test/classes
17 | build.test.results.dir=${build.dir}/test/results
18 | # Uncomment to specify the preferred debugger connection transport:
19 | #debug.transport=dt_socket
20 | debug.classpath=\
21 | ${run.classpath}
22 | debug.test.classpath=\
23 | ${run.test.classpath}
24 | # This directory is removed when the project is cleaned:
25 | dist.dir=dist
26 | dist.jar=${dist.dir}/Android_Forensic_Toolkit.jar
27 | dist.javadoc.dir=${dist.dir}/javadoc
28 | endorsed.classpath=
29 | excludes=
30 | includes=**
31 | jar.archive.disabled=${jnlp.enabled}
32 | jar.compress=false
33 | jar.index=${jnlp.enabled}
34 | javac.classpath=
35 | # Space-separated list of extra javac options
36 | javac.compilerargs=
37 | javac.deprecation=true
38 | javac.processorpath=\
39 | ${javac.classpath}
40 | javac.source=1.7
41 | javac.target=1.7
42 | javac.test.classpath=\
43 | ${javac.classpath}:\
44 | ${build.classes.dir}
45 | javac.test.processorpath=\
46 | ${javac.test.classpath}
47 | javadoc.additionalparam=
48 | javadoc.author=false
49 | javadoc.encoding=${source.encoding}
50 | javadoc.noindex=false
51 | javadoc.nonavbar=false
52 | javadoc.notree=false
53 | javadoc.private=false
54 | javadoc.splitindex=true
55 | javadoc.use=true
56 | javadoc.version=false
57 | javadoc.windowtitle=
58 | jnlp.codebase.type=no.codebase
59 | jnlp.descriptor=application
60 | jnlp.enabled=false
61 | jnlp.mixed.code=default
62 | jnlp.offline-allowed=false
63 | jnlp.signed=false
64 | jnlp.signing=
65 | jnlp.signing.alias=
66 | jnlp.signing.keystore=
67 | main.class=android.forensic.toolkit.MainJFrame
68 | manifest.file=manifest.mf
69 | meta.inf.dir=${src.dir}/META-INF
70 | mkdist.disabled=false
71 | platform.active=default_platform
72 | run.classpath=\
73 | ${javac.classpath}:\
74 | ${build.classes.dir}
75 | # Space-separated list of JVM arguments used when running the project.
76 | # You may also define separate properties like run-sys-prop.name=value instead of -Dname=value.
77 | # To set system properties for unit tests define test-sys-prop.name=value:
78 | run.jvmargs=
79 | run.test.classpath=\
80 | ${javac.test.classpath}:\
81 | ${build.test.classes.dir}
82 | source.encoding=UTF-8
83 | src.dir=src
84 | test.src.dir=test
85 |
--------------------------------------------------------------------------------
/nbproject/project.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | org.netbeans.modules.java.j2seproject
4 |
5 |
6 | Android_Forensic_Toolkit
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/src/JHexEditor/JHexEditor.java:
--------------------------------------------------------------------------------
1 | package JHexEditor;
2 |
3 | import javax.swing.*;
4 | import java.awt.*;
5 | import java.awt.event.*;
6 |
7 | /**
8 | * Created by IntelliJ IDEA.
9 | * User: laullon
10 | * Date: 08-abr-2003
11 | * Time: 13:21:09
12 | */
13 | public class JHexEditor extends JPanel implements FocusListener,AdjustmentListener,MouseWheelListener
14 | {
15 | byte[] buff;
16 | public int cursor;
17 | protected static Font font=new Font("Monospaced",0,12);
18 | protected int border=2;
19 | public boolean DEBUG=false;
20 | private JPanel panel;
21 | private JScrollBar sb;
22 | private int inicio=0;
23 | private int lineas=10;
24 | private int address = 0x000000;
25 |
26 | public JHexEditor(byte[] buff, int a)
27 | {
28 | super();
29 | this.buff=buff;
30 | address = a;
31 | this.addMouseWheelListener(this);
32 |
33 | sb=new JScrollBar(JScrollBar.VERTICAL);
34 | sb.addAdjustmentListener(this);
35 | sb.setMinimum(0);
36 | sb.setMaximum(buff.length/getLineas());
37 |
38 | JPanel p1,p2,p3;
39 | //centro
40 | p1=new JPanel(new BorderLayout(1,1));
41 | p1.add(new JHexEditorHEX(this),BorderLayout.CENTER);
42 | p1.add(new Columnas(),BorderLayout.NORTH);
43 |
44 | // izq.
45 | p2=new JPanel(new BorderLayout(1,1));
46 | p2.add(new Filas(),BorderLayout.CENTER);
47 | p2.add(new Caja(),BorderLayout.NORTH);
48 |
49 | // der
50 | p3=new JPanel(new BorderLayout(1,1));
51 | p3.add(sb,BorderLayout.EAST);
52 | p3.add(new JHexEditorASCII(this),BorderLayout.CENTER);
53 | p3.add(new Caja(),BorderLayout.NORTH);
54 |
55 | panel=new JPanel();
56 | panel.setLayout(new BorderLayout(1,1));
57 | panel.add(p1,BorderLayout.CENTER);
58 | panel.add(p2,BorderLayout.WEST);
59 | panel.add(p3,BorderLayout.EAST);
60 |
61 | this.setLayout(new BorderLayout(1,1));
62 | this.add(panel,BorderLayout.CENTER);
63 | }
64 |
65 | public void paint(Graphics g)
66 | {
67 | FontMetrics fn=getFontMetrics(font);
68 | Rectangle rec=this.getBounds();
69 | lineas=(rec.height/fn.getHeight())-1;
70 | int n=(buff.length/16)-1;
71 | if(lineas>n) { lineas=n; inicio=0; }
72 |
73 | sb.setValues(getInicio(),+getLineas(),0,buff.length/16);
74 | sb.setValueIsAdjusting(true);
75 | super.paint(g);
76 | }
77 |
78 | protected void actualizaCursor()
79 | {
80 | int n=(cursor/16);
81 |
82 | System.out.print("- "+inicio+"<"+n+"<"+(lineas+inicio)+"("+lineas+")");
83 |
84 | if(n=inicio+lineas) inicio=n-(lineas-1);
86 |
87 | System.out.println(" - "+inicio+"<"+n+"<"+(lineas+inicio)+"("+lineas+")");
88 |
89 | repaint();
90 | }
91 |
92 | protected int getInicio()
93 | {
94 | return inicio;
95 | }
96 |
97 | protected int getLineas()
98 | {
99 | return lineas;
100 | }
101 |
102 | protected void fondo(Graphics g,int x,int y,int s)
103 | {
104 | FontMetrics fn=getFontMetrics(font);
105 | g.fillRect(((fn.stringWidth(" ")+1)*x)+border,(fn.getHeight()*y)+border,((fn.stringWidth(" ")+1)*s),fn.getHeight()+1);
106 | }
107 |
108 | protected void cuadro(Graphics g,int x,int y,int s)
109 | {
110 | FontMetrics fn=getFontMetrics(font);
111 | g.drawRect(((fn.stringWidth(" ")+1)*x)+border,(fn.getHeight()*y)+border,((fn.stringWidth(" ")+1)*s),fn.getHeight()+1);
112 | }
113 |
114 | protected void printString(Graphics g,String s,int x,int y)
115 | {
116 | FontMetrics fn=getFontMetrics(font);
117 | g.drawString(s,((fn.stringWidth(" ")+1)*x)+border,((fn.getHeight()*(y+1))-fn.getMaxDescent())+border);
118 | }
119 |
120 | public void focusGained(FocusEvent e)
121 | {
122 | this.repaint();
123 | }
124 |
125 | public void focusLost(FocusEvent e)
126 | {
127 | this.repaint();
128 | }
129 |
130 | public void adjustmentValueChanged(AdjustmentEvent e)
131 | {
132 | inicio=e.getValue();
133 | if(inicio<0) inicio=0;
134 | repaint();
135 | }
136 |
137 | public void mouseWheelMoved(MouseWheelEvent e)
138 | {
139 | inicio+=(e.getUnitsToScroll());
140 | if((inicio+lineas)>=buff.length/16) inicio=(buff.length/16)-lineas;
141 | if(inicio<0) inicio=0;
142 | repaint();
143 | }
144 |
145 | public void keyPressed(KeyEvent e)
146 | {
147 | switch(e.getKeyCode())
148 | {
149 | case 33: // rep
150 | if(cursor>=(16*lineas)) cursor-=(16*lineas);
151 | actualizaCursor();
152 | break;
153 | case 34: // fin
154 | if(cursor<(buff.length-(16*lineas))) cursor+=(16*lineas);
155 | actualizaCursor();
156 | break;
157 | case 35: // fin
158 | cursor=buff.length-1;
159 | actualizaCursor();
160 | break;
161 | case 36: // ini
162 | cursor=0;
163 | actualizaCursor();
164 | break;
165 | case 37: // <--
166 | if(cursor!=0) cursor--;
167 | actualizaCursor();
168 | break;
169 | case 38: // <--
170 | if(cursor>15) cursor-=16;
171 | actualizaCursor();
172 | break;
173 | case 39: // -->
174 | if(cursor!=(buff.length-1)) cursor++;
175 | actualizaCursor();
176 | break;
177 | case 40: // -->
178 | if(cursor<(buff.length-16)) cursor+=16;
179 | actualizaCursor();
180 | break;
181 | }
182 | }
183 |
184 | private class Columnas extends JPanel
185 | {
186 | public Columnas()
187 | {
188 | this.setLayout(new BorderLayout(1,1));
189 | }
190 | public Dimension getPreferredSize()
191 | {
192 | return getMinimumSize();
193 | }
194 |
195 | public Dimension getMinimumSize()
196 | {
197 | Dimension d=new Dimension();
198 | FontMetrics fn=getFontMetrics(font);
199 | int h=fn.getHeight();
200 | int nl=1;
201 | d.setSize(((fn.stringWidth(" ")+1)*+((16*3)-1))+(border*2)+1,h*nl+(border*2)+1);
202 | return d;
203 | }
204 |
205 | public void paint(Graphics g)
206 | {
207 | Dimension d=getMinimumSize();
208 | g.setColor(Color.white);
209 | g.fillRect(0,0,d.width,d.height);
210 | g.setColor(Color.black);
211 | g.setFont(font);
212 |
213 | for(int n=0;n<16;n++)
214 | {
215 | if(n==(cursor%16)) cuadro(g,n*3,0,2);
216 | String s="00"+Integer.toHexString(n);
217 | s=s.substring(s.length()-2);
218 | printString(g,s,n*3,0);
219 | }
220 | }
221 | }
222 |
223 | private class Caja extends JPanel
224 | {
225 | public Dimension getPreferredSize()
226 | {
227 | return getMinimumSize();
228 | }
229 |
230 | public Dimension getMinimumSize()
231 | {
232 | Dimension d=new Dimension();
233 | FontMetrics fn=getFontMetrics(font);
234 | int h=fn.getHeight();
235 | d.setSize((fn.stringWidth(" ")+1)+(border*2)+1,h+(border*2)+1);
236 | return d;
237 | }
238 |
239 | }
240 |
241 | private class Filas extends JPanel
242 | {
243 | public Filas()
244 | {
245 | this.setLayout(new BorderLayout(1,1));
246 | }
247 | public Dimension getPreferredSize()
248 | {
249 | return getMinimumSize();
250 | }
251 |
252 | public Dimension getMinimumSize()
253 | {
254 | Dimension d=new Dimension();
255 | FontMetrics fn=getFontMetrics(font);
256 | int h=fn.getHeight();
257 | int nl=getLineas();
258 | d.setSize((fn.stringWidth(" ")+1)*(8)+(border*2)+1,h*nl+(border*2)+1);
259 | return d;
260 | }
261 |
262 | public void paint(Graphics g)
263 | {
264 | Dimension d=getMinimumSize();
265 | g.setColor(Color.white);
266 | g.fillRect(0,0,d.width,d.height);
267 | g.setColor(Color.black);
268 | g.setFont(font);
269 |
270 | int ini=getInicio();
271 | int fin=ini+getLineas();
272 | int y=0;
273 | for(int n=ini;n126)) s=""+(char)16;
75 | he.printString(g,s,(x++),y);
76 | if(x==16)
77 | {
78 | x=0;
79 | y++;
80 | }
81 | }
82 |
83 | }
84 |
85 | private void debug(String s)
86 | {
87 | if(he.DEBUG) System.out.println("JHexEditorASCII ==> "+s);
88 | }
89 |
90 | // calcular la posicion del raton
91 | public int calcularPosicionRaton(int x,int y)
92 | {
93 | FontMetrics fn=getFontMetrics(he.font);
94 | x=x/(fn.stringWidth(" ")+1);
95 | y=y/fn.getHeight();
96 | debug("x="+x+" ,y="+y);
97 | return x+((y+he.getInicio())*16);
98 | }
99 |
100 | // mouselistener
101 | public void mouseClicked(MouseEvent e)
102 | {
103 | debug("mouseClicked("+e+")");
104 | he.cursor=calcularPosicionRaton(e.getX(),e.getY());
105 | this.requestFocus();
106 | he.repaint();
107 | }
108 |
109 | public void mousePressed(MouseEvent e)
110 | {
111 | }
112 |
113 | public void mouseReleased(MouseEvent e)
114 | {
115 | }
116 |
117 | public void mouseEntered(MouseEvent e)
118 | {
119 | }
120 |
121 | public void mouseExited(MouseEvent e)
122 | {
123 | }
124 |
125 | //KeyListener
126 | public void keyTyped(KeyEvent e)
127 | {
128 | debug("keyTyped("+e+")");
129 |
130 | he.buff[he.cursor]=(byte)e.getKeyChar();
131 |
132 | if(he.cursor!=(he.buff.length-1)) he.cursor++;
133 | he.repaint();
134 | }
135 |
136 | public void keyPressed(KeyEvent e)
137 | {
138 | debug("keyPressed("+e+")");
139 | he.keyPressed(e);
140 | }
141 |
142 | public void keyReleased(KeyEvent e)
143 | {
144 | debug("keyReleased("+e+")");
145 | }
146 |
147 | public boolean isFocusTraversable()
148 | {
149 | return true;
150 | }
151 | }
152 |
--------------------------------------------------------------------------------
/src/JHexEditor/JHexEditorHEX.java:
--------------------------------------------------------------------------------
1 | package JHexEditor;
2 |
3 | import javax.swing.*;
4 | import java.awt.*;
5 | import java.awt.event.*;
6 |
7 | /**
8 | * Created by IntelliJ IDEA.
9 | * User: laullon
10 | * Date: 09-abr-2003
11 | * Time: 12:47:32
12 | */
13 | public class JHexEditorHEX extends JComponent implements MouseListener,KeyListener
14 | {
15 | private JHexEditor he;
16 | private int cursor=0;
17 |
18 | public JHexEditorHEX(JHexEditor he)
19 | {
20 | this.he=he;
21 | addMouseListener(this);
22 | addKeyListener(this);
23 | addFocusListener(he);
24 | }
25 |
26 | public Dimension getPreferredSize()
27 | {
28 | debug("getPreferredSize()");
29 | return getMinimumSize();
30 | }
31 |
32 | public Dimension getMaximumSize()
33 | {
34 | debug("getMaximumSize()");
35 | return getMinimumSize();
36 | }
37 |
38 | public Dimension getMinimumSize()
39 | {
40 | debug("getMinimumSize()");
41 |
42 | Dimension d=new Dimension();
43 | FontMetrics fn=getFontMetrics(he.font);
44 | int h=fn.getHeight();
45 | int nl=he.getLineas();
46 | d.setSize(((fn.stringWidth(" ")+1)*+((16*3)-1))+(he.border*2)+1,h*nl+(he.border*2)+1);
47 | return d;
48 | }
49 |
50 | public void paint(Graphics g)
51 | {
52 | debug("paint("+g+")");
53 | debug("cursor="+he.cursor+" buff.length="+he.buff.length);
54 | Dimension d=getMinimumSize();
55 | g.setColor(Color.white);
56 | g.fillRect(0,0,d.width,d.height);
57 | g.setColor(Color.black);
58 |
59 | g.setFont(he.font);
60 |
61 | int ini=he.getInicio()*16;
62 | int fin=ini+(he.getLineas()*16);
63 | if(fin>he.buff.length) fin=he.buff.length;
64 |
65 | //datos hex
66 | int x=0;
67 | int y=0;
68 | for(int n=ini;n "+s);
104 | }
105 |
106 | // calcular la posicion del raton
107 | public int calcularPosicionRaton(int x,int y)
108 | {
109 | FontMetrics fn=getFontMetrics(he.font);
110 | x=x/((fn.stringWidth(" ")+1)*3);
111 | y=y/fn.getHeight();
112 | debug("x="+x+" ,y="+y);
113 | return x+((y+he.getInicio())*16);
114 | }
115 |
116 | // mouselistener
117 | public void mouseClicked(MouseEvent e)
118 | {
119 | debug("mouseClicked("+e+")");
120 | he.cursor=calcularPosicionRaton(e.getX(),e.getY());
121 | this.requestFocus();
122 | he.repaint();
123 | }
124 |
125 | public void mousePressed(MouseEvent e)
126 | {
127 | }
128 |
129 | public void mouseReleased(MouseEvent e)
130 | {
131 | }
132 |
133 | public void mouseEntered(MouseEvent e)
134 | {
135 | }
136 |
137 | public void mouseExited(MouseEvent e)
138 | {
139 | }
140 |
141 | //KeyListener
142 | public void keyTyped(KeyEvent e)
143 | {
144 | debug("keyTyped("+e+")");
145 |
146 | char c=e.getKeyChar();
147 | if(((c>='0')&&(c<='9'))||((c>='A')&&(c<='F'))||((c>='a')&&(c<='f')))
148 | {
149 | char[] str=new char[2];
150 | String n="00"+Integer.toHexString((int)he.buff[he.cursor]);
151 | if(n.length()>2) n=n.substring(n.length()-2);
152 | str[1-cursor]=n.charAt(1-cursor);
153 | str[cursor]=e.getKeyChar();
154 | he.buff[he.cursor]=(byte)Integer.parseInt(new String(str),16);
155 |
156 | if(cursor!=1) cursor=1;
157 | else if(he.cursor!=(he.buff.length-1)){ he.cursor++; cursor=0;}
158 | he.actualizaCursor();
159 | }
160 | }
161 |
162 | public void keyPressed(KeyEvent e)
163 | {
164 | debug("keyPressed("+e+")");
165 | he.keyPressed(e);
166 | }
167 |
168 | public void keyReleased(KeyEvent e)
169 | {
170 | debug("keyReleased("+e+")");
171 | }
172 |
173 | public boolean isFocusTraversable()
174 | {
175 | return true;
176 | }
177 | }
178 |
--------------------------------------------------------------------------------
/src/JHexEditor/Test.java:
--------------------------------------------------------------------------------
1 | package JHexEditor;
2 |
3 | import javax.swing.*;
4 | import java.util.*;
5 | import java.awt.*;
6 | import java.awt.event.*;
7 | import java.io.*;
8 |
9 | /**
10 | * Created by IntelliJ IDEA.
11 | * User: laullon
12 | * Date: 08-abr-2003
13 | * Time: 13:16:06
14 | */
15 | public class Test extends WindowAdapter
16 | {
17 | private JFrame win;
18 |
19 | public Test() throws IOException
20 | {
21 | byte[] ar;
22 | ar=new byte[16*16*100];
23 | Arrays.fill(ar,(byte)0);
24 |
25 | //ByteArrayOutputStream bos=new ByteArrayOutputStream();
26 | //ObjectOutputStream oos=new ObjectOutputStream(bos);
27 | //oos.writeObject("dfasnvcxnz.,mvnmc,xznvmcxzmnvcmxzcccbnxz cz hajk vc jbcvj xbnzvc sbj cvxz,bcxjnzbcvjhs avcjz cxmzncvxz ");
28 | //ar=bos.toByteArray();
29 |
30 | win=new JFrame();
31 | win.getContentPane().add(new JHexEditor(ar,0));
32 | win.addWindowListener(this);
33 | win.pack();
34 | win.show();
35 | }
36 |
37 | public void windowClosing(WindowEvent e)
38 | {
39 | System.exit(0);
40 | }
41 |
42 | //
43 | //
44 | // public static void main(String arg[]) throws IOException
45 | // {
46 | // new Test();
47 | // }
48 | }
49 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/CustomCellRenderer.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | import java.awt.Component;
8 | import javax.swing.ImageIcon;
9 | import javax.swing.JLabel;
10 | import javax.swing.JList;
11 | import javax.swing.ListCellRenderer;
12 |
13 | /**
14 | *
15 | * @author Resley Rodrigues
16 | */
17 | public class CustomCellRenderer extends JLabel implements ListCellRenderer {
18 | public CustomCellRenderer() {
19 | setOpaque(true);
20 | setHorizontalAlignment(LEFT);
21 | setVerticalAlignment(CENTER);
22 | }
23 |
24 | /*
25 | * This method finds the image and text corresponding
26 | * to the selected value and returns the label, set up
27 | * to display the text and image.
28 | */
29 | @Override
30 | public Component getListCellRendererComponent(
31 | JList list,
32 | Object value,
33 | int index,
34 | boolean isSelected,
35 | boolean cellHasFocus) {
36 | //Get the selected index. (The index param isn't
37 | //always valid, so just use the value.)
38 | // int selectedIndex = list.getSelectedIndex();
39 | Component component = (Component)value;
40 |
41 | if (isSelected) {
42 | component.setBackground(list.getSelectionBackground());
43 | component.setForeground(list.getSelectionForeground());
44 | } else {
45 | component.setBackground(list.getBackground());
46 | component.setForeground(list.getForeground());
47 | }
48 |
49 | //Set the icon and text. If icon was null, say so.
50 | // ImageIcon icon = createImageIcon("images/" + value. + ".gif");
51 | // String pet = petStrings[selectedIndex];
52 | // setIcon(icon);
53 | return component;
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/FAT12.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | import static android.forensic.toolkit.FAT32.jumpto;
8 | import java.awt.Color;
9 | import java.awt.FlowLayout;
10 | import java.io.BufferedWriter;
11 | import java.io.File;
12 | import java.io.FileNotFoundException;
13 | import java.io.FileReader;
14 | import java.io.FileWriter;
15 | import java.io.IOException;
16 | import java.io.RandomAccessFile;
17 | import java.nio.ByteBuffer;
18 | import java.nio.channels.FileChannel;
19 | import java.util.ArrayList;
20 | import java.util.Arrays;
21 | import java.util.logging.Level;
22 | import java.util.logging.Logger;
23 | import javax.swing.DefaultListModel;
24 | import javax.swing.ImageIcon;
25 | import javax.swing.JLabel;
26 | import javax.swing.JPanel;
27 | import javax.swing.ListSelectionModel;
28 | import javax.swing.event.ListSelectionEvent;
29 | import javax.swing.event.ListSelectionListener;
30 | import javax.xml.bind.JAXBContext;
31 | import javax.xml.bind.JAXBException;
32 | import javax.xml.bind.Marshaller;
33 | import javax.xml.bind.Unmarshaller;
34 |
35 | /**
36 | *
37 | * @author Resley Rodrigues
38 | */
39 | public class FAT12 {
40 | //Default FAT values
41 | String jump_instruction = ""; //0-2
42 | String OEM_name = ""; //3-10
43 | int bytes_per_Sector; //11-12
44 | int sectors_per_cluster; //13
45 | int reserved_sectors; //14-15
46 | int number_of_FAT_copies; //16
47 | int number_of_root_directory_entries; //17-18 0 for FAT32
48 | int total_sectors; //19-20 for smaller than 32 MB
49 | String media_descriptor; //21
50 | int sectors_per_FAT; //22-23 0 for FAT32
51 | int sectors_per_track; //24-25
52 | int number_of_heads; //26-27
53 | int hidden_sectors; //28-29
54 | long hidden_sectorsL; //28-31
55 | long total_sectorsL; //32-35
56 | int logical_drive_number; //36 for use with INT 13, e.g. 0 or 0x80
57 | //37 Reserved
58 | int extened_signature; //38 Extended signature (0x29)
59 | // Indicates that the three following fields are present.
60 | long serial_number; //39-42
61 | String label = ""; //43-53
62 | String type = ""; //54-61
63 | //62-509 Bootstrap
64 | //510-511 Signature (imported)
65 | //30-509 Bootstrap
66 | String signature = ""; //510-511
67 | int i=0;
68 | RandomAccessFile diskAccess;
69 | byte[] content = new byte[512];
70 | int address = 0x000000;
71 | File diskRoot;
72 | static int jumpto; //root directory location
73 | long first_data_sector;
74 | //Additional variables
75 | private static final String src_file = "/res/file.png";
76 | private static final String deleted_file = "/res/deleted_file.png";
77 | // private static final String folder = "/res/folder.png";
78 | // private static final String deleted_folder = "/res/deleted_folder.png";
79 | private static final String hidden_file = "/res/hidden_file.png";
80 | private static final String hidden_deleted_file = "/res/deleted_hidden_file.png";
81 | // private static final String hidden_folder = "/res/hidden_folder.png";
82 | // private static final String hidden_deleted_folder = "/res/deleted_hidden_folder.png";
83 | String title = "";
84 | String body = "";
85 | Boolean deleted = null;
86 | String Image = "";
87 | static ArrayList files = new ArrayList<>();
88 |
89 |
90 | public void getBPB(String path) throws FileNotFoundException, IOException {
91 | diskRoot = new File("\\\\.\\" + path);
92 | diskAccess = new RandomAccessFile(diskRoot, "r");
93 | diskAccess.readFully(content);
94 |
95 | jump_instruction = Utils.hex(content[i++]) +Utils.hex(content[i++]) + Utils.hex(content[i++]); //0-2
96 | for (i = 3; i <= 10; i++) {
97 | OEM_name = OEM_name.concat(String.valueOf(Utils.hexToText(Utils.hex(content[i])))); //3-10
98 | }
99 | bytes_per_Sector = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //11-12
100 | sectors_per_cluster = Utils.hexToInt(Utils.hex(content[i++]), "00"); //13
101 | reserved_sectors = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //14-15
102 | number_of_FAT_copies = Utils.hexToInt(Utils.hex(content[i++]), "00"); //16
103 | number_of_root_directory_entries = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //17-18
104 | total_sectors = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //19-20
105 | media_descriptor = Utils.hex(content[i++]); //21
106 | sectors_per_FAT = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //22-23
107 | sectors_per_track = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //24-25
108 | number_of_heads = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //26-27
109 | hidden_sectors = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++])); //28-29
110 | i=28;
111 | hidden_sectorsL = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++])); //28-31
112 | total_sectorsL = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++])); //32-35
113 | logical_drive_number = Utils.hexToInt(Utils.hex(content[i++]), "00"); //36
114 | i++; //37 Reserved - used to be Current Head (used by Windows NT)
115 | extened_signature = Utils.hexToInt(Utils.hex(content[i++]), "00"); //38 Extended signature (0x29) Indicates that the three following fields are present.
116 | serial_number = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++])); //39-42 Serial number of partition
117 | for(i=43;i<=53;i++)
118 | label = label.concat(String.valueOf(Utils.hexToText(Utils.hex(content[i])))); //71-81 Volume label
119 | for(i=54;i<=61;i++)
120 | type = type.concat(String.valueOf(Utils.hexToText(Utils.hex(content[i])))); //82-89 Filesystem type ("FAT32 ")
121 | signature = Utils.hex(content[i=510]) + Utils.hex(content[i=511]);
122 | }
123 |
124 | public void printBPB(javax.swing.JTextArea a,javax.swing.JTextArea b) {
125 | b.append("\t\t 0\t 1\t 2\t 3\t 4\t 5\t 6\t 7\t\t 8\t 9\t A\t B\t C\t D\t E\t F");
126 | for (i=0; i");
212 | attrib = attrib.concat(" HS"); // HIDDEN & SYSTEM DIRECTORY
213 | break;
214 | case 0x17:
215 | Image = ((deleted) ? hidden_deleted_folder : hidden_folder);
216 | attrib = attrib.concat("RHS"); // READ ONLY, HIDDEN & SYSTEM DIRECTORY
217 | break;
218 | */
219 | default: //also case 0x20 ARCHIEVE
220 | Image = ((deleted) ? deleted_file : src_file);
221 | attrib = attrib.concat(" ");
222 | break;
223 | }
224 | return attrib;
225 | }
226 |
227 | protected void recalulate(javax.swing.JTextArea a, byte ar[]) throws JAXBException {
228 | FileWriter fWriter = null;
229 | BufferedWriter writer = null;
230 | try {
231 | File file = new File("src/cache/" + title + ".dat");
232 | file.getParentFile().mkdirs();
233 | fWriter = new FileWriter(file);
234 | writer = new BufferedWriter(fWriter);
235 | StringBuilder b = new StringBuilder("\t0\t1\t2\t3\t4\t5\t6\t7\t\t8\t9\tA\tB\tC\tD\tE\tF\n");
236 | int j = 0, old_j = 0, new_j;
237 | int number_of_root_sectors = 2; //needs to be dynamic
238 | // int last_byte_in_root = number_of_root_sectors * sectors_per_cluster * bytes_per_Sector;
239 | int last_byte_in_root = number_of_root_directory_entries*32;
240 | System.out.println("last byte: "+last_byte_in_root);
241 | System.out.println("65k entries: "+(65536*32));
242 | filelister:
243 | while (j < last_byte_in_root) {
244 | FileRecord fileRec = new FileRecord();
245 | String name = "", size = "";
246 | long startSector;
247 | //Write Hex Data
248 | for (i = j; i < (j + 16); i++) {
249 | if (i % 8 == 0) {
250 | b = b.append("\t");
251 | }
252 | b = b.append(Utils.hex(ar[i])).append("\t");
253 | }
254 | b = b.append("\t\t\t");
255 | for (i = j; i < (j + 16); i++) {
256 | b = b.append(String.valueOf(Utils.hexToText(Utils.hex(ar[i]))));
257 | }
258 | b = b.append("\n");
259 | for (i = (j + 16); i < (j + 32); i++) {
260 | if (i % 8 == 0) {
261 | b = b.append("\t");
262 | }
263 | b = b.append(Utils.hex(ar[i])).append("\t");
264 | }
265 | b = b.append("\t\t\t");
266 | for (i = (j + 16); i < (j + 32); i++) {
267 | b = b.append(String.valueOf(Utils.hexToText(Utils.hex(ar[i]))));
268 | }
269 | b = b.append("\n");
270 | body = b.toString();
271 | a.setText(body);
272 | //Finished writing hex data
273 | int attribute = Utils.hexToInt(Utils.hex(ar[i = j + 11]), "0"); //Byte 11 attribute
274 | switch (attribute) {
275 | case 0x0F:
276 | // LongFileName
277 | j += 32;
278 | continue filelister;
279 | default: //Normal File/Folder
280 | String attrib;
281 | if ((Utils.hexToInt(Utils.hex(ar[j]), "0") == 0xE5)&&(attribute<0x10)) {
282 | deleted = true;
283 |
284 | switch (Utils.hexToInt(Utils.hex(ar[j + 6]), "0")) {
285 | case 0x7E: //LongName
286 | new_j = j;
287 | j -= 32;
288 | attrib = checkIfDeleted(attribute);
289 | String temp;
290 | System.out.println("OldJ: "+old_j+"\tNewJ: "+new_j);
291 | if(old_j==new_j){
292 | System.out.println("Found improper name");
293 | for (i = j; i <= (j + 10); i++) //Byte 0-10 filename
294 | {
295 |
296 | name = name.concat(String.valueOf(Utils.hexToText(Utils.hex(ar[i]))));
297 | }
298 | }else{
299 | while (j > old_j) {
300 | for (i = j + 2; i <= (j + 10); i += 3) {
301 | temp = String.valueOf(Utils.hexToText(Utils.hex(ar[i]) + Utils.hex(ar[--i])));
302 | if ((temp.equals("\u0000")) || (temp.equals("\uFFFF"))) {
303 | break;
304 | }
305 | name = name.concat(temp);
306 | }
307 | for (i = j + 15; i <= (j + 25); i += 3) {
308 | temp = String.valueOf(Utils.hexToText(Utils.hex(ar[i]) + Utils.hex(ar[--i])));
309 | if ((temp.equals("\u0000")) || (temp.equals("\uFFFF"))) {
310 | break;
311 | }
312 | name = name.concat(temp);
313 | }
314 | for (i = j + 29; i <= (j + 31); i += 3) {
315 | temp = String.valueOf(Utils.hexToText(Utils.hex(ar[i]) + Utils.hex(ar[--i])));
316 | if ((temp.equals("\u0000")) || (temp.equals("\uFFFF"))) {
317 | break;
318 | }
319 | name = name.concat(temp);
320 | }
321 | j -= 32;
322 | }}
323 | j = new_j;
324 | break;
325 | default:
326 | attrib = checkIfDeleted(attribute);
327 | System.out.println("OldJ: "+old_j);
328 | for (i = j; i <= (j + 10); i++) //Byte 0-10 filename
329 | {
330 | name = name.concat(String.valueOf(Utils.hexToText(Utils.hex(ar[i]))));
331 | }
332 | break;
333 | }
334 | i = j + 20; //Byte 20-21 starting sector high order
335 | //Byte 26-27 starting sector low order
336 | startSector = Utils.hexToInt(Utils.hex(ar[i++]), Utils.hex(ar[i]), Utils.hex(ar[i = j + 26]), Utils.hex(ar[++i]), "0", "0", "0", "0");
337 | //Bytes 28-31 file size
338 | size = size.concat(Utils.getSize(Utils.hexToInt(Utils.hex(ar[++i]), Utils.hex(ar[++i]), Utils.hex(ar[++i]), Utils.hex(ar[++i]), "0", "0", "0", "0")));
339 | old_j = j;
340 | fileRec.setName(name);
341 | fileRec.setAttributes(attrib);
342 | fileRec.setStartSector(startSector);
343 | fileRec.setImage(Image);
344 | fileRec.setFileSize(size);
345 | fileRec.setFoundAt(j);
346 | files.add(fileRec);
347 | } else {
348 | deleted = false;
349 | old_j = j;
350 | }
351 | break;
352 | case 0x08:
353 | // VOLUME ID
354 | break;
355 | }
356 | //increment by 32 to go to next file entry.
357 | j += 32;
358 | }
359 | writer.write(body); //Write hex data to .dat file
360 | writer.close(); //make sure you close the writer object
361 | } catch (Exception ex) {
362 | Logger.getLogger(FAT32.class.getName()).log(Level.SEVERE, null, ex);
363 | System.err.println("Exception Occured");
364 | }
365 | FileList filelist = new FileList();
366 | filelist.setFile(files);
367 | // create JAXB context and instantiate marshaller
368 | JAXBContext context = JAXBContext.newInstance(FileList.class);
369 | Marshaller m = context.createMarshaller();
370 | m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
371 | // Write to FileList .xml file
372 | m.marshal(filelist, new File("src/cache/" + title + ".xml"));
373 | }
374 |
375 | public void readFAT(javax.swing.JTextArea a, final javax.swing.JList list, Boolean forceReCalc) throws IOException, JAXBException {
376 | first_data_sector = reserved_sectors + (number_of_FAT_copies * sectors_per_FAT);
377 | jumpto = (int) (first_data_sector * bytes_per_Sector);
378 | System.out.println("jump to: "+jumpto);
379 | diskAccess.seek(jumpto);
380 | title = "" + serial_number;
381 | File cachedXML = new File("src/cache/" + title + ".xml");
382 | File cachedDAT = new File("src/cache/" + title + ".dat");
383 | if (cachedXML.exists() && cachedDAT.exists() && !forceReCalc) {
384 | FileReader dat = new FileReader(cachedDAT);
385 | a.read(dat, null);
386 | JAXBContext context = JAXBContext.newInstance(FileList.class);
387 | Unmarshaller um = context.createUnmarshaller();
388 | FileList filesList = (FileList) um.unmarshal(new FileReader(cachedXML));
389 | if (filesList != null) {
390 | System.out.println("Unmarshalled");
391 | } else {
392 | System.err.println("Error in unmarshallling");
393 | }
394 | files = filesList.getFile();
395 | listFiles(list);
396 | MainJFrame.re_calc.setVisible(true);
397 | } else {
398 | byte[] ar;
399 | ar = new byte[((int) sectors_per_FAT) * bytes_per_Sector];//16*16*100];
400 | Arrays.fill(ar, (byte) 0);
401 | files = new ArrayList<>();
402 | address = reserved_sectors * bytes_per_Sector;
403 | diskAccess.seek(jumpto);
404 | diskAccess.read(ar);
405 | recalulate(a, ar);
406 | listFiles(list);
407 | }
408 | diskAccess.close();
409 |
410 | }
411 |
412 | protected void listFiles(final javax.swing.JList list) {
413 | list.setEnabled(true);
414 | list.setBackground(Color.white);
415 | list.setSelectionForeground(Color.white);
416 | DefaultListModel l1 = new DefaultListModel();
417 | for (FileRecord file : files) {
418 | JPanel panel = new JPanel(new FlowLayout(FlowLayout.LEFT));
419 | java.net.URL imgUrl = getClass().getResource(file.img);
420 | if (imgUrl != null) {
421 | panel.add(new JLabel(new ImageIcon(imgUrl)));
422 | }
423 | panel.add(new JLabel(file.name + " " + file.filesize));
424 | l1.addElement(panel);
425 | }
426 | list.setModel(l1);
427 | list.setSelectionMode(ListSelectionModel.MULTIPLE_INTERVAL_SELECTION);
428 | list.setSelectedIndex(0);
429 | list.addListSelectionListener(new ListSelectionListener() {
430 | @Override
431 | public void valueChanged(ListSelectionEvent e) {
432 | System.out.println(String.format("Selected: %s", list.getSelectedIndex()));
433 | }
434 | });
435 | list.setCellRenderer(new CustomCellRenderer());
436 | }
437 |
438 | public void recoverFiles(javax.swing.JList list, String path) throws FileNotFoundException {
439 | if (!list.isSelectionEmpty()) {
440 | int indices[] = list.getSelectedIndices();
441 | System.out.println("Jumpto value: " + jumpto + "\t\tAll foundAt relative to this");
442 | byte ar[] = new byte[512];
443 | diskRoot = new File(path);
444 | System.out.println("\\\\.\\" + path);
445 | diskAccess = new RandomAccessFile("\\\\.\\" + diskRoot, "r");
446 | System.out.println(diskRoot.exists());
447 | System.out.println(diskRoot.getAbsolutePath());
448 | ByteBuffer bb = ByteBuffer.allocate(1);
449 | byte b = Byte.valueOf("1");
450 | bb.put(b);
451 | System.out.println(bb.toString());
452 | for (int k = 0; k < indices.length; k++) {
453 | try {
454 | System.out.println(indices[k]);
455 | FileRecord file = files.get(indices[k]);
456 | System.out.println(file.getName()+"\t"+file.getFileSize()+"\t"+file.getFoundAt());
457 | Long fileLoc = (long) jumpto + (long) file.getFoundAt();
458 |
459 |
460 | System.out.println(diskRoot.getTotalSpace());
461 | System.out.println(fileLoc);
462 |
463 | System.out.println("Seeking to " + jumpto);
464 | diskAccess.seek(jumpto);
465 | System.out.println("File Pointer: " + diskAccess.getFilePointer());
466 | diskAccess.read(ar);
467 | System.out.println(Utils.hex(ar[0]));
468 | System.out.println("Long Max " + Long.MAX_VALUE);
469 | System.out.println("Long Min " + Long.MIN_VALUE);//System.out.println("File Pointer: "+diskAccess.getFilePointer()); diskAccess.seek(jumpto-235456);
470 | System.out.println("File Pointer: " + diskAccess.getFilePointer());
471 | // System.out.println("Seeking to " + fileLoc);
472 | // diskAccess.seek(fileLoc);
473 | System.out.println("File Pointer: " + diskAccess.getFilePointer());
474 | FileChannel fc = diskAccess.getChannel();
475 | System.out.println("open?" + fc.isOpen());
476 | System.out.println("File Pointer: " + diskAccess.getFilePointer());
477 | System.out.println("File Position: " + fc.position());
478 | fc.position(jumpto);
479 | System.out.println("File Position: " + fc.position());
480 | if (Utils.hexToInt(Utils.hex(ar[0]), "0") == 0xE5) {
481 | System.out.println("Lets recover " + file.getName());
482 | // diskAccess.seek(fileLoc);
483 | fc.position(fileLoc);
484 | System.out.println("File Position: " + fc.position());
485 | //diskAccess.write(1);
486 | // diskAccess.seek(fileLoc);
487 |
488 | System.out.println("File Pointer: " + diskAccess.getFilePointer());
489 | for (i = 0; i <= 10; i++) //Byte 0-10 filename
490 | {
491 | System.out.print(String.valueOf(Utils.hexToText(Utils.hex(ar[file.getFoundAt() + i]))));
492 | }
493 | diskAccess.seek(file.getStartSector()*bytes_per_Sector);
494 | for(i=0;i<10;i++){
495 | System.out.print(diskAccess.read());
496 | }
497 | } else {
498 | System.out.println("Why recover an existing file?");
499 | for (i = 0; i <= 10; i++) //Byte 0-10 filename
500 | {
501 | System.out.print(String.valueOf(Utils.hexToText(Utils.hex(ar[i]))));
502 | }
503 | }
504 | System.out.println(file.getName() + "\t" + file.getFileSize() + "\tfrom" + file.getFoundAt());
505 | } catch (IOException ex) {
506 | Logger.getLogger(FAT32.class.getName()).log(Level.SEVERE, null, ex);
507 | }
508 | }
509 | } else {
510 | System.out.println("Empty selection");
511 | }
512 | }
513 | }
514 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/FAT16.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | /**
8 | *
9 | * @author Resley Rodrigues
10 | */
11 | public class FAT16 extends FAT12 {
12 | //Import Default FAT values from base class
13 |
14 |
15 | //getBPB() same as super.getBPB()
16 | @Override
17 | public void printBPB(javax.swing.JTextArea a,javax.swing.JTextArea b) {
18 | b.append("\t\t 0\t 1\t 2\t 3\t 4\t 5\t 6\t 7\t\t 8\t 9\t A\t B\t C\t D\t E\t F");
19 | for (i=0; i();
142 | address = reserved_sectors * bytes_per_Sector;
143 | diskAccess.seek(jumpto);
144 | diskAccess.read(ar);
145 | recalulate(a, ar);
146 | listFiles(list);
147 | }
148 | diskAccess.close();
149 | System.out.println("closed diskAccess");
150 | }
151 | }
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/FileList.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | import java.util.ArrayList;
8 | import javax.xml.bind.annotation.*;
9 | /**
10 | *
11 | * @author Resley Rodrigues
12 | */
13 |
14 | @XmlRootElement(name = "FileList", namespace = "aftk")
15 | @XmlAccessorType(XmlAccessType.FIELD)
16 | public class FileList {
17 | @XmlElementWrapper(name = "list")
18 |
19 | @XmlElement(name = "File")
20 | ArrayList file;
21 |
22 | public void setFile(ArrayList File) {
23 | this.file = File;
24 | }
25 |
26 | public ArrayList getFile() {
27 | return file;
28 | }
29 | }
30 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/FileRecord.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | import javax.xml.bind.annotation.*;
8 | /**
9 | *
10 | * @author Resley Rodrigues
11 | */
12 | @XmlRootElement(name = "File")
13 | public class FileRecord {
14 | String img;
15 | String name;
16 | String attributes;
17 | String filesize;
18 | int foundAt;
19 | long startSector;
20 |
21 | public String getImage() {
22 | return img;
23 | }
24 |
25 | @XmlElement
26 | public void setImage(String Image) {
27 | this.img = Image;
28 | }
29 |
30 | public String getName() {
31 | return name;
32 | }
33 | @XmlElement
34 | public void setName(String Name) {
35 | this.name = Name;
36 | }
37 | public String getAttributes() {
38 | return attributes;
39 | }
40 | @XmlElement
41 | public void setAttributes(String Attributes) {
42 | this.attributes = Attributes;
43 | }
44 | public String getFileSize() {
45 | return filesize;
46 | }
47 | @XmlElement
48 | public void setFileSize(String FileSize) {
49 | this.filesize = FileSize;
50 | }
51 | public int getFoundAt() {
52 | return foundAt;
53 | }
54 | @XmlElement
55 | public void setFoundAt(int Sector) {
56 | this.foundAt = Sector;
57 | }
58 | public long getStartSector() {
59 | return startSector;
60 | }
61 | @XmlElement
62 | public void setStartSector(long Sector) {
63 | this.startSector = Sector;
64 | }
65 |
66 |
67 | }
68 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/MFT.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | /**
8 | *
9 | * @author Resley Rodrigues
10 | */
11 | public class MFT {
12 |
13 | // int flag; //at byte 21
14 | // int Length of File Name; //1 byte
15 |
16 | String File_Identifier = ""; //4 bytes 0 0x00-0x03
17 | int Offset_to_update_sequence;//2 bytes 4 0x04 0x05
18 | int Size_of_update_sequence; //2 bytes 6 0x06 0x07
19 | int $LogFile_Sequence_Number; //8 bytes 8 0x08-0x0F
20 | int Sequence_Number; //2 bytes 16 0x10 0x11
21 | int Reference_Count; //2 bytes 18 0x12 0x13
22 | int Offset_to_Update_Sequence_Array;//2 bytes 20 0x14 0x15
23 | int Flags; //2 bytes 22 0x16 0x17
24 | int Real_size_of_the_FILE_record;//4 bytes 24 0x18-0x1B //logical size
25 | int allocated_size_of_the_FILE_record;//4 bytes 28 0x1C-0x1F //physical size
26 | int File_reference_to_the_base_FILE_record; //8 bytes32 0x20-0x27 //0 means itself
27 | int Next_Attribute_Id; //4 bytes 40 0x28-0x2B
28 | int Id_of_this_FILE; //4 bytes 44 0x2C-0x2F
29 |
30 | //If Flags field has bit 1 set, it means that file is in-use. Zero means it is deleted.
31 |
32 | //Starting from 0x48, we have Standard Information Attribute (second bold section):
33 | int File_Creation_Time; //8 bytes 72
34 | int File_Last_Modification_Time;//8 bytes 80
35 | int File_Last_Modification_Time_for_File_Record;//8 bytes 88
36 | int File_Access_Time_for_File_Record;//8 bytes 96
37 |
38 |
39 | //Following standard attribute header,
40 | //we have File Name Attribute belonging to DOS name space,
41 | //short file names, (offset 0xA8)
42 | //and again following standard attribute header,
43 | //we have File Name Attribute belonging to Win32 name space,
44 | //long file names, (offset 0x120):
45 |
46 | int File_Reference_to_the_Parent_Directory; //8 bytes 288
47 | int File_Modification_Times; //32 bytes 296
48 | long Allocated_Size_of_the_File; //8 bytes 328
49 | long Real_Size_of_the_File; //8 bytes 336
50 | int FlagsL; //8 bytes 344
51 | int Length_of_File_Name; //1 byte 352 0xF0
52 | int File_Name_Space; //1 byte 353 0xF1
53 | String File_Name = ""; //Length_of_File_Name * 2 bytes 354 0xF2-...
54 |
55 | //we can extract file name, File Creation and
56 | //Modification times, and Parent Directory Record number.
57 |
58 | //Starting from offset 0x188, there is a non-resident Data attribute.
59 |
60 | int Attribute_Type; //4 bytes (e.g. 0x80)
61 | int Length_including_header; //4 bytes
62 | int Non_resident_flag; //1 byte
63 | int Name_length; //1 byte
64 | int Offset_to_the_Name; //2 bytes
65 | int FlagsNR; //2 bytes
66 | int Attribute_Id; //2 bytes
67 | int Starting_VCN; //8 bytes
68 | int Last_VCN; //8 bytes
69 | int Offset_to_the_Data_Runs; //2 bytes
70 | int Compression_Unit_Size; //2 bytes
71 | int Padding; //4 bytes
72 | int Allocated_size_of_the_attribute;//8 bytes
73 | int Real_size_of_the_attribute; //8 bytes
74 | int Initialized_data_size_of_the_stream; //8 bytes
75 |
76 | //Data_Runs_...
77 | private static final String Image = "/res/deleted_file.png";
78 |
79 | public boolean set_data(byte[] ar, long startSector){
80 | int i;
81 | int j;//=242;
82 | FileRecord fileRec = new FileRecord();
83 | String size = "NTFS Sizer Error";
84 | String attrib="";
85 | Offset_to_Update_Sequence_Array = Utils.hexToInt(Utils.hex(ar[20]), Utils.hex(ar[21]));
86 | for(i=0;i<4;i++) //byte 0-3 0x00-0x03
87 | File_Identifier = File_Identifier.concat(String.valueOf(Utils.hexToText(Utils.hex(ar[i]))));
88 | //Flags byte 22-23 0x16-0x17
89 | Flags = Utils.hexToInt(Utils.hex(ar[22]), Utils.hex(ar[23]));
90 | if(Flags!=0){
91 | return false;
92 | }
93 | do {
94 | System.out.println("Offset: "+Utils.hex(Offset_to_Update_Sequence_Array));
95 |
96 | i = Offset_to_Update_Sequence_Array;
97 | System.out.print("i: "+Utils.hex(i));
98 | Attribute_Type = Utils.hexToInt(Utils.hex(ar[i++]), Utils.hex(ar[i++]),Utils.hex(ar[i++]), Utils.hex(ar[i++]));
99 | if(Attribute_Type==-1){
100 | return false;
101 | }
102 | System.out.print("\tType: "+Utils.hex(Attribute_Type));
103 | System.out.print("\ti: "+Utils.hex(i));
104 | int temp = Utils.hexToInt(Utils.hex(ar[i++]), Utils.hex(ar[i++]),Utils.hex(ar[i++]), Utils.hex(ar[i++])); //Offset + Length of Attribute
105 | System.out.print("\tLength: "+temp+"\t\t");
106 | Offset_to_Update_Sequence_Array += temp;
107 | }while(Attribute_Type!=48); //Loop until Attribute Type is 0x30 (Std Info)
108 | System.out.println("");
109 | // i=224;
110 | // Real_Size_of_the_File = Utils.hexToInt(Utils.hex(ar[i++]), Utils.hex(ar[i++]), Utils.hex(ar[i++]), Utils.hex(ar[i++]), Utils.hex(ar[i++]), Utils.hex(ar[i++]), Utils.hex(ar[i++]), Utils.hex(ar[i++]));
111 | i+=80;
112 | Name_length = Utils.hexToInt(Utils.hex(ar[i]),"0");
113 | System.out.println("Offset: "+Utils.hex(i)+"\tName length: "+Utils.hex(ar[i++]));
114 | i++;
115 | for(j=0;j<(Name_length*2);j++){
116 | File_Name = File_Name.concat(String.valueOf(Utils.hexToText(Utils.hex(ar[i+j]))));
117 | }
118 | System.out.println(File_Name);
119 | fileRec.setName(File_Name);
120 | fileRec.setAttributes(attrib);
121 | fileRec.setStartSector(startSector);
122 | fileRec.setImage(Image);
123 | fileRec.setFileSize(size);
124 | fileRec.setFoundAt(j);
125 | NTFS.files.add(fileRec);
126 | return true;
127 | }
128 |
129 | public void print_data(javax.swing.JTextArea a){
130 | a.append(File_Identifier + "\t\t" + Flags + "\t\t" + Name_length + "\t\t" + File_Name +"\t\t"+
131 | // Utils.getSize(Real_Size_of_the_File)+
132 | "\n");
133 | }
134 |
135 |
136 | }
137 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/MainJFrame.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
716 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/MainJFrame.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | import java.io.File;
8 | import java.io.FileNotFoundException;
9 | import java.io.IOException;
10 | import java.io.RandomAccessFile;
11 | import java.math.BigInteger;
12 | import java.security.MessageDigest;
13 | import java.security.NoSuchAlgorithmException;
14 | import java.util.logging.Level;
15 | import java.util.logging.Logger;
16 | import javax.swing.ButtonModel;
17 | import javax.swing.JFileChooser;
18 | import javax.swing.filechooser.FileNameExtensionFilter;
19 | import javax.swing.filechooser.FileSystemView;
20 | import javax.xml.bind.JAXBException;
21 |
22 | /**
23 | *
24 | * @author Resley Rodrigues
25 | */
26 |
27 | public class MainJFrame extends javax.swing.JFrame {
28 | String jump_instruction = null, path=null;
29 | private FAT12 fat12; FAT16 fat16; FAT32 fat32; NTFS ntfs; //disk objcts
30 | public void getDrives(javax.swing.JComboBox DriveSelector) {
31 |
32 | DriveSelector.removeAllItems();
33 | File[] roots = File.listRoots();
34 | for (int i = 0; i < roots.length; i++) {
35 | DriveSelector.addItem(roots[i]);
36 | }
37 | jTabbedPane1.setTitleAt(0, "Boot Sector");
38 | jTabbedPane1.setTitleAt(1, "FAT");
39 | // jTabbedPane1.setTitleAt(2, "Boot Sector HEX View");
40 | }
41 |
42 | /**
43 | * Creates new form MainJFrame
44 | */
45 | public MainJFrame() {
46 | initComponents();
47 | }
48 |
49 | /**
50 | * This method is called from within the constructor to initialize the form.
51 | * WARNING: Do NOT modify this code. The content of this method is always
52 | * regenerated by the Form Editor.
53 | */
54 | @SuppressWarnings("unchecked")
55 | // //GEN-BEGIN:initComponents
56 | private void initComponents() {
57 |
58 | cloneDialog = new javax.swing.JDialog();
59 | jComboBox1 = new javax.swing.JComboBox();
60 | jLabel1 = new javax.swing.JLabel();
61 | jTextField2 = new javax.swing.JTextField();
62 | jLabel2 = new javax.swing.JLabel();
63 | jButton4 = new javax.swing.JButton();
64 | jProgressBar1 = new javax.swing.JProgressBar();
65 | jButton5 = new javax.swing.JButton();
66 | startClone = new javax.swing.JButton();
67 | hashDialog = new javax.swing.JDialog();
68 | MD5 = new javax.swing.JRadioButton();
69 | SHA1 = new javax.swing.JRadioButton();
70 | SHA256 = new javax.swing.JRadioButton();
71 | jLabel3 = new javax.swing.JLabel();
72 | jComboBox2 = new javax.swing.JComboBox();
73 | jTextField3 = new javax.swing.JTextField();
74 | jLabel4 = new javax.swing.JLabel();
75 | jLabel5 = new javax.swing.JLabel();
76 | jButton6 = new javax.swing.JButton();
77 | jButton7 = new javax.swing.JButton();
78 | jLabel6 = new javax.swing.JLabel();
79 | HashValue = new javax.swing.JTextField();
80 | ComputeHash = new javax.swing.JButton();
81 | RefreshDriveList1 = new javax.swing.JButton();
82 | HashProgressBar = new javax.swing.JProgressBar();
83 | HashAlgorithm = new javax.swing.ButtonGroup();
84 | FileSaveAs = new javax.swing.JFileChooser();
85 | DriveSelector = new javax.swing.JComboBox();
86 | lbl_SelectDrive = new javax.swing.JLabel();
87 | get_details = new javax.swing.JButton();
88 | VolumeLabel = new javax.swing.JLabel();
89 | FreeSpace = new javax.swing.JLabel();
90 | TotalSpace = new javax.swing.JLabel();
91 | DriveType = new javax.swing.JLabel();
92 | lbl_Label = new javax.swing.JLabel();
93 | lbl_FreeSpace = new javax.swing.JLabel();
94 | lbl_TotalSize = new javax.swing.JLabel();
95 | lbl_Type = new javax.swing.JLabel();
96 | RefreshDriveList = new javax.swing.JButton();
97 | Hash = new javax.swing.JLabel();
98 | jTabbedPane1 = new javax.swing.JTabbedPane();
99 | jSplitPane1 = new javax.swing.JSplitPane();
100 | BootSector = new javax.swing.JScrollPane();
101 | BootSectorData = new javax.swing.JTextArea();
102 | BootSectorHex = new javax.swing.JScrollPane();
103 | BootSectorHexData = new javax.swing.JTextArea();
104 | PartitionTable = new javax.swing.JScrollPane();
105 | PartitionTableData = new javax.swing.JTextArea();
106 | clone_disk = new javax.swing.JButton();
107 | hash_disk = new javax.swing.JButton();
108 | jLayeredPane1 = new javax.swing.JLayeredPane();
109 | jScrollPane2 = new javax.swing.JScrollPane();
110 | fileList = new javax.swing.JList();
111 | re_calc = new javax.swing.JButton();
112 | recoverFiles = new javax.swing.JButton();
113 |
114 | cloneDialog.setTitle("Clone Disk - Android Forensic Toolkit");
115 | cloneDialog.setAlwaysOnTop(true);
116 | cloneDialog.setBounds(new java.awt.Rectangle(0, 0, 300, 150));
117 |
118 | jComboBox1.setModel(new javax.swing.DefaultComboBoxModel(new String[] { "C:\\", "D:\\", "E:\\", "F:\\" }));
119 | jComboBox1.addActionListener(new java.awt.event.ActionListener() {
120 | public void actionPerformed(java.awt.event.ActionEvent evt) {
121 | jComboBox1ActionPerformed(evt);
122 | }
123 | });
124 |
125 | jLabel1.setText("Disk to Clone:");
126 |
127 | jTextField2.setText("E:\\");
128 |
129 | jLabel2.setText("Save to: ");
130 |
131 | jButton4.setText("Browse");
132 | jButton4.addActionListener(new java.awt.event.ActionListener() {
133 | public void actionPerformed(java.awt.event.ActionEvent evt) {
134 | jButton4ActionPerformed(evt);
135 | }
136 | });
137 |
138 | jProgressBar1.setValue(74);
139 | jProgressBar1.setIndeterminate(true);
140 |
141 | jButton5.setText("Cancel");
142 | jButton5.addActionListener(new java.awt.event.ActionListener() {
143 | public void actionPerformed(java.awt.event.ActionEvent evt) {
144 | jButton5ActionPerformed(evt);
145 | }
146 | });
147 |
148 | startClone.setText("Clone");
149 | startClone.addActionListener(new java.awt.event.ActionListener() {
150 | public void actionPerformed(java.awt.event.ActionEvent evt) {
151 | startCloneActionPerformed(evt);
152 | }
153 | });
154 |
155 | javax.swing.GroupLayout cloneDialogLayout = new javax.swing.GroupLayout(cloneDialog.getContentPane());
156 | cloneDialog.getContentPane().setLayout(cloneDialogLayout);
157 | cloneDialogLayout.setHorizontalGroup(
158 | cloneDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
159 | .addGroup(cloneDialogLayout.createSequentialGroup()
160 | .addGap(26, 26, 26)
161 | .addGroup(cloneDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
162 | .addComponent(jProgressBar1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
163 | .addGroup(cloneDialogLayout.createSequentialGroup()
164 | .addGroup(cloneDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING, false)
165 | .addGroup(javax.swing.GroupLayout.Alignment.LEADING, cloneDialogLayout.createSequentialGroup()
166 | .addComponent(jLabel2)
167 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
168 | .addComponent(jTextField2))
169 | .addGroup(cloneDialogLayout.createSequentialGroup()
170 | .addComponent(jLabel1)
171 | .addGap(51, 51, 51)
172 | .addComponent(jComboBox1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)))
173 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
174 | .addGroup(cloneDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
175 | .addComponent(jButton4, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
176 | .addComponent(jButton5, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))))
177 | .addContainerGap(26, Short.MAX_VALUE))
178 | .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, cloneDialogLayout.createSequentialGroup()
179 | .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
180 | .addComponent(startClone)
181 | .addGap(112, 112, 112))
182 | );
183 | cloneDialogLayout.setVerticalGroup(
184 | cloneDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
185 | .addGroup(cloneDialogLayout.createSequentialGroup()
186 | .addContainerGap()
187 | .addGroup(cloneDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
188 | .addComponent(jComboBox1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
189 | .addComponent(jLabel1)
190 | .addComponent(jButton5))
191 | .addGap(18, 18, 18)
192 | .addGroup(cloneDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
193 | .addComponent(jTextField2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
194 | .addComponent(jLabel2)
195 | .addComponent(jButton4))
196 | .addGap(18, 18, 18)
197 | .addComponent(jProgressBar1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
198 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
199 | .addComponent(startClone)
200 | .addContainerGap(102, Short.MAX_VALUE))
201 | );
202 |
203 | hashDialog.setTitle("Compute Hash - Android Forensic Toolkit");
204 | hashDialog.setBounds(new java.awt.Rectangle(0, 0, 400, 240));
205 | hashDialog.setResizable(false);
206 |
207 | MD5.setText("MD5");
208 | MD5.addActionListener(new java.awt.event.ActionListener() {
209 | public void actionPerformed(java.awt.event.ActionEvent evt) {
210 | MD5ActionPerformed(evt);
211 | }
212 | });
213 |
214 | SHA1.setText("SHA1");
215 |
216 | SHA256.setText("SHA256");
217 |
218 | jLabel3.setText("Choose Algorithm:");
219 |
220 | jComboBox2.setModel(new javax.swing.DefaultComboBoxModel(new String[] { "C:\\", "D:\\", "E:\\", "F:\\" }));
221 |
222 | jLabel4.setText("Compare With:");
223 |
224 | jLabel5.setText("Disk to Hash:");
225 |
226 | jButton6.setText("Hide");
227 | jButton6.addActionListener(new java.awt.event.ActionListener() {
228 | public void actionPerformed(java.awt.event.ActionEvent evt) {
229 | jButton6ActionPerformed(evt);
230 | }
231 | });
232 |
233 | jButton7.setText("Browse");
234 |
235 | jLabel6.setText("Hash Value:");
236 |
237 | ComputeHash.setText("Compute");
238 | ComputeHash.addActionListener(new java.awt.event.ActionListener() {
239 | public void actionPerformed(java.awt.event.ActionEvent evt) {
240 | ComputeHashActionPerformed(evt);
241 | }
242 | });
243 |
244 | RefreshDriveList1.setIcon(new javax.swing.ImageIcon(getClass().getResource("/android/forensic/toolkit/refresh.png"))); // NOI18N
245 | RefreshDriveList1.setToolTipText("Refresh");
246 | RefreshDriveList1.setBorder(null);
247 | RefreshDriveList1.setBorderPainted(false);
248 | RefreshDriveList1.setContentAreaFilled(false);
249 | RefreshDriveList1.setCursor(new java.awt.Cursor(java.awt.Cursor.HAND_CURSOR));
250 | RefreshDriveList1.addActionListener(new java.awt.event.ActionListener() {
251 | public void actionPerformed(java.awt.event.ActionEvent evt) {
252 | RefreshDriveList1ActionPerformed(evt);
253 | }
254 | });
255 |
256 | javax.swing.GroupLayout hashDialogLayout = new javax.swing.GroupLayout(hashDialog.getContentPane());
257 | hashDialog.getContentPane().setLayout(hashDialogLayout);
258 | hashDialogLayout.setHorizontalGroup(
259 | hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
260 | .addGroup(hashDialogLayout.createSequentialGroup()
261 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
262 | .addGroup(hashDialogLayout.createSequentialGroup()
263 | .addContainerGap()
264 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
265 | .addGroup(hashDialogLayout.createSequentialGroup()
266 | .addComponent(jLabel3)
267 | .addGap(18, 18, 18)
268 | .addComponent(MD5)
269 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
270 | .addComponent(SHA1)
271 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
272 | .addComponent(SHA256))
273 | .addGroup(hashDialogLayout.createSequentialGroup()
274 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
275 | .addGroup(javax.swing.GroupLayout.Alignment.LEADING, hashDialogLayout.createSequentialGroup()
276 | .addComponent(jLabel5)
277 | .addGap(18, 18, 18)
278 | .addComponent(jComboBox2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
279 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
280 | .addComponent(RefreshDriveList1, javax.swing.GroupLayout.PREFERRED_SIZE, 26, javax.swing.GroupLayout.PREFERRED_SIZE))
281 | .addGroup(javax.swing.GroupLayout.Alignment.LEADING, hashDialogLayout.createSequentialGroup()
282 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
283 | .addComponent(jLabel4)
284 | .addComponent(jLabel6))
285 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
286 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
287 | .addComponent(jTextField3, javax.swing.GroupLayout.DEFAULT_SIZE, 171, Short.MAX_VALUE)
288 | .addComponent(HashValue))))
289 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
290 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
291 | .addComponent(ComputeHash)
292 | .addComponent(jButton7, javax.swing.GroupLayout.PREFERRED_SIZE, 75, javax.swing.GroupLayout.PREFERRED_SIZE)))
293 | .addComponent(HashProgressBar, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))
294 | .addGroup(hashDialogLayout.createSequentialGroup()
295 | .addGap(148, 148, 148)
296 | .addComponent(jButton6, javax.swing.GroupLayout.PREFERRED_SIZE, 67, javax.swing.GroupLayout.PREFERRED_SIZE)))
297 | .addContainerGap(52, Short.MAX_VALUE))
298 | );
299 | hashDialogLayout.setVerticalGroup(
300 | hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
301 | .addGroup(hashDialogLayout.createSequentialGroup()
302 | .addGap(20, 20, 20)
303 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
304 | .addComponent(MD5)
305 | .addComponent(SHA1)
306 | .addComponent(SHA256)
307 | .addComponent(jLabel3))
308 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
309 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
310 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
311 | .addComponent(jComboBox2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
312 | .addComponent(jLabel5)
313 | .addComponent(ComputeHash))
314 | .addComponent(RefreshDriveList1, javax.swing.GroupLayout.PREFERRED_SIZE, 29, javax.swing.GroupLayout.PREFERRED_SIZE))
315 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
316 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
317 | .addComponent(jLabel6)
318 | .addComponent(HashValue, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
319 | .addGap(11, 11, 11)
320 | .addGroup(hashDialogLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
321 | .addComponent(jTextField3, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
322 | .addComponent(jLabel4)
323 | .addComponent(jButton7))
324 | .addGap(18, 18, 18)
325 | .addComponent(HashProgressBar, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
326 | .addGap(35, 35, 35)
327 | .addComponent(jButton6)
328 | .addContainerGap(62, Short.MAX_VALUE))
329 | );
330 |
331 | FileSaveAs.setDialogType(javax.swing.JFileChooser.SAVE_DIALOG);
332 | FileSaveAs.setFileFilter(new FileNameExtensionFilter("Disk Image (*.iso)", ".iso"));
333 | FileSaveAs.setFileSelectionMode(javax.swing.JFileChooser.FILES_AND_DIRECTORIES);
334 |
335 | setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
336 | setTitle("Android Forensic Toolkit");
337 | setCursor(new java.awt.Cursor(java.awt.Cursor.DEFAULT_CURSOR));
338 | setResizable(false);
339 |
340 | DriveSelector.setName(""); // NOI18N
341 |
342 | lbl_SelectDrive.setText("Select Drive");
343 |
344 | get_details.setText("Get Details");
345 | get_details.addActionListener(new java.awt.event.ActionListener() {
346 | public void actionPerformed(java.awt.event.ActionEvent evt) {
347 | get_detailsActionPerformed(evt);
348 | }
349 | });
350 |
351 | VolumeLabel.setToolTipText("");
352 |
353 | lbl_Label.setText("Label:");
354 |
355 | lbl_FreeSpace.setText("Free Space:");
356 |
357 | lbl_TotalSize.setText("Total Size:");
358 |
359 | lbl_Type.setText("Type:");
360 |
361 | RefreshDriveList.setIcon(new javax.swing.ImageIcon(getClass().getResource("/android/forensic/toolkit/refresh.png"))); // NOI18N
362 | RefreshDriveList.setToolTipText("Refresh");
363 | RefreshDriveList.setBorder(null);
364 | RefreshDriveList.setBorderPainted(false);
365 | RefreshDriveList.setContentAreaFilled(false);
366 | RefreshDriveList.setCursor(new java.awt.Cursor(java.awt.Cursor.HAND_CURSOR));
367 | RefreshDriveList.addActionListener(new java.awt.event.ActionListener() {
368 | public void actionPerformed(java.awt.event.ActionEvent evt) {
369 | RefreshDriveListActionPerformed(evt);
370 | }
371 | });
372 |
373 | jTabbedPane1.setCursor(new java.awt.Cursor(java.awt.Cursor.DEFAULT_CURSOR));
374 | jTabbedPane1.setName(""); // NOI18N
375 |
376 | BootSectorData.setColumns(20);
377 | BootSectorData.setRows(5);
378 | BootSector.setViewportView(BootSectorData);
379 |
380 | jSplitPane1.setLeftComponent(BootSector);
381 |
382 | BootSectorHexData.setColumns(20);
383 | BootSectorHexData.setRows(5);
384 | BootSectorHex.setViewportView(BootSectorHexData);
385 |
386 | jSplitPane1.setRightComponent(BootSectorHex);
387 |
388 | jTabbedPane1.addTab("BootSector", jSplitPane1);
389 |
390 | PartitionTableData.setColumns(20);
391 | PartitionTableData.setRows(5);
392 | PartitionTable.setViewportView(PartitionTableData);
393 |
394 | jTabbedPane1.addTab("FAT", PartitionTable);
395 |
396 | clone_disk.setText("Clone Disk");
397 | clone_disk.addActionListener(new java.awt.event.ActionListener() {
398 | public void actionPerformed(java.awt.event.ActionEvent evt) {
399 | clone_diskActionPerformed(evt);
400 | }
401 | });
402 |
403 | hash_disk.setText("Compute Hash");
404 | hash_disk.addActionListener(new java.awt.event.ActionListener() {
405 | public void actionPerformed(java.awt.event.ActionEvent evt) {
406 | hash_diskActionPerformed(evt);
407 | }
408 | });
409 |
410 | fileList.setModel(new javax.swing.AbstractListModel() {
411 | String[] strings = { "Please select a drive from the dropdown box and click Get Details to list the files on that drive." };
412 | public int getSize() { return strings.length; }
413 | public Object getElementAt(int i) { return strings[i]; }
414 | });
415 | fileList.setEnabled(false);
416 | jScrollPane2.setViewportView(fileList);
417 |
418 | jScrollPane2.setBounds(0, 8, 978, 190);
419 | jLayeredPane1.add(jScrollPane2, javax.swing.JLayeredPane.DEFAULT_LAYER);
420 |
421 | re_calc.setText("Recalculate");
422 | re_calc.setToolTipText("Recalculate the list of files");
423 | re_calc.setName(""); // NOI18N
424 | re_calc.addActionListener(new java.awt.event.ActionListener() {
425 | public void actionPerformed(java.awt.event.ActionEvent evt) {
426 | re_calcActionPerformed(evt);
427 | }
428 | });
429 |
430 | recoverFiles.setText("Recover");
431 | recoverFiles.setToolTipText("Recover the selected files.");
432 | recoverFiles.addActionListener(new java.awt.event.ActionListener() {
433 | public void actionPerformed(java.awt.event.ActionEvent evt) {
434 | recoverFilesActionPerformed(evt);
435 | }
436 | });
437 |
438 | javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
439 | getContentPane().setLayout(layout);
440 | layout.setHorizontalGroup(
441 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
442 | .addGroup(layout.createSequentialGroup()
443 | .addContainerGap()
444 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
445 | .addComponent(lbl_SelectDrive)
446 | .addGroup(layout.createSequentialGroup()
447 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
448 | .addComponent(DriveSelector, javax.swing.GroupLayout.PREFERRED_SIZE, 85, javax.swing.GroupLayout.PREFERRED_SIZE)
449 | .addComponent(lbl_Label)
450 | .addComponent(lbl_Type)
451 | .addComponent(lbl_FreeSpace)
452 | .addComponent(lbl_TotalSize))
453 | .addGap(9, 9, 9)
454 | .addComponent(RefreshDriveList, javax.swing.GroupLayout.PREFERRED_SIZE, 26, javax.swing.GroupLayout.PREFERRED_SIZE)
455 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
456 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
457 | .addComponent(FreeSpace)
458 | .addGroup(layout.createSequentialGroup()
459 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
460 | .addComponent(VolumeLabel)
461 | .addComponent(DriveType)
462 | .addComponent(get_details)
463 | .addComponent(TotalSpace))
464 | .addGap(87, 87, 87)
465 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
466 | .addGroup(layout.createSequentialGroup()
467 | .addComponent(re_calc)
468 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
469 | .addComponent(recoverFiles))
470 | .addGroup(layout.createSequentialGroup()
471 | .addComponent(clone_disk)
472 | .addGap(18, 18, 18)
473 | .addComponent(hash_disk))
474 | .addGroup(layout.createSequentialGroup()
475 | .addGap(68, 68, 68)
476 | .addComponent(Hash)))))))
477 | .addContainerGap(469, Short.MAX_VALUE))
478 | .addComponent(jTabbedPane1, javax.swing.GroupLayout.Alignment.TRAILING)
479 | .addComponent(jLayeredPane1)
480 | );
481 | layout.setVerticalGroup(
482 | layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
483 | .addGroup(layout.createSequentialGroup()
484 | .addGap(6, 6, 6)
485 | .addComponent(lbl_SelectDrive)
486 | .addGap(1, 1, 1)
487 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
488 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
489 | .addComponent(get_details)
490 | .addComponent(clone_disk)
491 | .addComponent(hash_disk))
492 | .addComponent(RefreshDriveList, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 29, javax.swing.GroupLayout.PREFERRED_SIZE)
493 | .addComponent(DriveSelector, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
494 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
495 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
496 | .addGroup(layout.createSequentialGroup()
497 | .addComponent(lbl_Label)
498 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
499 | .addComponent(lbl_Type)
500 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
501 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
502 | .addComponent(lbl_FreeSpace)
503 | .addComponent(FreeSpace))
504 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
505 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
506 | .addComponent(lbl_TotalSize, javax.swing.GroupLayout.PREFERRED_SIZE, 14, javax.swing.GroupLayout.PREFERRED_SIZE)
507 | .addComponent(TotalSpace)))
508 | .addGroup(layout.createSequentialGroup()
509 | .addComponent(VolumeLabel)
510 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
511 | .addComponent(DriveType)
512 | .addGap(26, 26, 26)
513 | .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
514 | .addComponent(re_calc)
515 | .addComponent(recoverFiles)))
516 | .addGroup(layout.createSequentialGroup()
517 | .addGap(26, 26, 26)
518 | .addComponent(Hash)))
519 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 15, Short.MAX_VALUE)
520 | .addComponent(jLayeredPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 207, javax.swing.GroupLayout.PREFERRED_SIZE)
521 | .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
522 | .addComponent(jTabbedPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 318, javax.swing.GroupLayout.PREFERRED_SIZE))
523 | );
524 |
525 | VolumeLabel.getAccessibleContext().setAccessibleName("VolumeLabel");
526 |
527 | pack();
528 | }// //GEN-END:initComponents
529 |
530 | private void get_detailsActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_get_detailsActionPerformed
531 | String freeSpace, totalSpace;
532 | path = DriveSelector.getSelectedItem().toString();
533 | File temp = new File(path);
534 |
535 | freeSpace = Utils.getSize(temp.getFreeSpace());
536 | totalSpace = Utils.getSize(temp.getTotalSpace());
537 |
538 | VolumeLabel.setText(FileSystemView.getFileSystemView().getSystemDisplayName(temp));
539 | DriveType.setText(FileSystemView.getFileSystemView().getSystemTypeDescription(temp));
540 | FreeSpace.setText(freeSpace);
541 | TotalSpace.setText(totalSpace);
542 |
543 | File diskRoot = new File("\\\\.\\" + path);
544 | RandomAccessFile diskAccess;
545 | try {
546 | diskAccess = new RandomAccessFile(diskRoot, "r");
547 | byte[] content = new byte[512];
548 | diskAccess.readFully(content);
549 |
550 | BootSectorData.setText("");
551 | PartitionTableData.setText("");
552 | BootSectorHexData.setText("");
553 | BootSectorData.setTabSize(3);
554 | PartitionTableData.setTabSize(3);
555 | BootSectorHexData.setTabSize(3);
556 | jump_instruction = Utils.hex(content[0]) + Utils.hex(content[1]) + Utils.hex(content[2]);
557 | int txm;
558 | switch (jump_instruction) {
559 | case "EB5290":
560 | {
561 | ntfs = new NTFS();
562 | jTabbedPane1.setTitleAt(1, "MFT");
563 | ntfs.getBPB(path);
564 | ntfs.printBPB(BootSectorData,BootSectorHexData);
565 | ntfs.readMFT(PartitionTableData,fileList,false);
566 | TotalSpace.setText(Utils.getSize(ntfs.bytes_per_Sector * ntfs.total_sectors));
567 | break;
568 | }
569 | case "EB5890":
570 | {
571 | fat32 = new FAT32();
572 | jTabbedPane1.setTitleAt(1, "FAT");
573 | fat32.getBPB(path);
574 | fat32.printBPB(BootSectorData,BootSectorHexData);
575 | fat32.readFAT(PartitionTableData, fileList, false);
576 | VolumeLabel.setText(fat32.label);
577 | // jTextField1.setText(fat32.type);
578 | if(fat32.total_sectors==0)
579 | TotalSpace.setText(Utils.getSize(fat32.bytes_per_Sector*fat32.total_sectorsL));
580 | else
581 | TotalSpace.setText(Utils.getSize(fat32.bytes_per_Sector*fat32.total_sectors));
582 | break;
583 | }
584 | case "EB0090":
585 | case "EB3C90":
586 | {
587 | fat16 = new FAT16();
588 | jTabbedPane1.setTitleAt(1, "FAT");
589 | fat16.getBPB(path);
590 | fat16.printBPB(BootSectorData, BootSectorHexData);
591 | fat16.readFAT(PartitionTableData,fileList,false);
592 | VolumeLabel.setText(fat16.label);
593 | if(fat16.total_sectors==0)
594 | TotalSpace.setText(Utils.getSize(fat16.bytes_per_Sector*fat16.total_sectorsL));
595 | else
596 | TotalSpace.setText(Utils.getSize(fat16.bytes_per_Sector*fat16.total_sectors));
597 | break;
598 | }
599 | default:
600 | int i=0;
601 | jump_instruction = Utils.hex(content[i++]) +Utils.hex(content[i++]) + Utils.hex(content[i++]); //0-2
602 | System.out.println(String.format("%-22s\t%s","Jump Instruction",jump_instruction));
603 | int sector_size = Utils.hexToInt(Utils.hex(content[11]), Utils.hex(content[12]));
604 | int reserved_sectors = Utils.hexToInt(Utils.hex(content[14]), Utils.hex(content[15]));
605 | int number_of_fat_sectors = Utils.hexToInt(Utils.hex(content[36]), Utils.hex(content[37]), Utils.hex(content[38]), Utils.hex(content[39]));
606 | BootSectorData.append("OEM = ");
607 | for (i = 3; i <= 10; i++) {
608 | BootSectorData.append(String.valueOf(Utils.hexToText(Utils.hex(content[i]))));
609 | }
610 | BootSectorData.append("\nFilesystem Type = ");
611 | for (i = 82; i <= 89; i++) {
612 | BootSectorData.append(String.valueOf(Utils.hexToText(Utils.hex(content[i]))));
613 | }
614 | BootSectorData.append("\nNumber of bytes per sector = " + sector_size + "\n");
615 | BootSectorData.append("Number of sectors per cluster = " + Utils.hexToInt(Utils.hex(content[13]), "00") + "\n");
616 | BootSectorData.append("Number of reserved sectors = " + reserved_sectors + "\n");
617 | BootSectorData.append("Number of sectors in filesystem = " + Utils.hexToInt(Utils.hex(content[19]), Utils.hex(content[20])) + "\n");
618 | BootSectorData.append("Number of sectors per FAT = " + number_of_fat_sectors + "\n");
619 | BootSectorData.append("\t\t 0\t 1\t 2\t 3\t 4\t 5\t 6\t 7\t\t 8\t 9\t A\t B\t C\t D\t E\t F");
620 | PartitionTableData.append("\t\t 0\t 1\t 2\t 3\t 4\t 5\t 6\t 7\t\t 8\t 9\t A\t B\t C\t D\t E\t F");
621 | int address = 0x000000;
622 | for ( i = 0; i < sector_size; i++) {
623 | txm = content[i];
624 | if (i % 16 == 0) {
625 | BootSectorData.append(String.format("\n%07X0\t", address++));
626 | } else if (i % 8 == 0) {
627 | BootSectorData.append("\t");
628 | }
629 | BootSectorData.append(Utils.hex(txm) + "\t");
630 | }
631 | // System.out.println("Disk size = "+ getSize(diskAccess.length()));
632 | System.out.println("File pointer at " + diskAccess.getFilePointer());
633 | diskAccess.seek(reserved_sectors * sector_size);
634 | System.out.println("File pointer at " + diskAccess.getFilePointer());
635 | content = new byte[sector_size * number_of_fat_sectors];
636 | System.out.println("index=" + reserved_sectors * sector_size);
637 | System.out.println("len = " + sector_size * 2);
638 | diskAccess.read(content, 0, sector_size * number_of_fat_sectors);
639 | System.out.println("works");
640 | // address = Integer.valueOf(Integer.toHexString(reserved_sectors*sector_size), 16);
641 | address = Integer.parseInt(Integer.toHexString(reserved_sectors * sector_size), 16);
642 | System.out.println("Address = " + address);
643 | for ( i = 0; i < 1921024; i++) {
644 | txm = content[i];
645 | if (i % 16 == 0) {
646 | PartitionTableData.append(String.format("\n%08X\t", address));
647 | System.out.println(String.format("@ %08X",address));
648 | address += 16;
649 | } else if (i % 8 == 0) {
650 | PartitionTableData.append("\t");
651 | }
652 | PartitionTableData.append(Utils.hex(txm) + "\t");
653 |
654 | }
655 | diskAccess.seek(4308992); //root directory for my pendrive
656 | content = new byte[16384];
657 | System.out.println("@" + diskAccess.getFilePointer());
658 | diskAccess.readFully(content);
659 | for ( i = 0; i < 512; i++) {
660 |
661 | for (int j = (i * 32); j <= (i * 32) + 10; j++) {
662 | System.out.print(Utils.hexToText(Utils.hex(content[j])));
663 | }
664 | System.out.print(" ");
665 | System.out.print((Utils.hex(content[(i * 32) + 11])));
666 | System.out.print(" ");
667 | int temp_int = 0;
668 | for (int j = (i * 32) + 27; j < (i * 32) + 32; j++) {
669 | temp_int += Utils.hexToInt(Utils.hex(content[j]), "00");
670 | }
671 | System.out.print(Utils.getSize(temp_int));
672 | System.out.println();
673 | }
674 | break;
675 | }
676 | recoverFiles.setVisible(true);
677 | } catch (FileNotFoundException ex) {
678 | Logger.getLogger(MainJFrame.class.getName()).log(Level.SEVERE, null, ex);
679 | } catch (Exception ex) {
680 | Logger.getLogger(MainJFrame.class.getName()).log(Level.SEVERE, null, ex);
681 | }
682 | }//GEN-LAST:event_get_detailsActionPerformed
683 |
684 | private void RefreshDriveListActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_RefreshDriveListActionPerformed
685 | this.getDrives(DriveSelector);
686 | }//GEN-LAST:event_RefreshDriveListActionPerformed
687 |
688 | private void jButton5ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton5ActionPerformed
689 | cloneDialog.setVisible(false);
690 | }//GEN-LAST:event_jButton5ActionPerformed
691 |
692 | private void clone_diskActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_clone_diskActionPerformed
693 | cloneDialog.setVisible(true);
694 | this.getDrives(jComboBox1);
695 | }//GEN-LAST:event_clone_diskActionPerformed
696 |
697 | private void hash_diskActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_hash_diskActionPerformed
698 | this.getDrives(jComboBox2);
699 | hashDialog.setVisible(true);
700 | MD5.setActionCommand("MD5");
701 | SHA1.setActionCommand("SHA1");
702 | SHA256.setActionCommand("SHA512");
703 | HashAlgorithm.add(MD5);
704 | HashAlgorithm.add(SHA1);
705 | HashAlgorithm.add(SHA256);
706 | }//GEN-LAST:event_hash_diskActionPerformed
707 |
708 | private void re_calcActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_re_calcActionPerformed
709 | try {
710 | switch (jump_instruction) {
711 | case "EB5290":
712 | {
713 | ntfs = new NTFS();
714 | jTabbedPane1.setTitleAt(1, "MFT");
715 | ntfs.getBPB(path);
716 | ntfs.printBPB(BootSectorData,BootSectorHexData);
717 | ntfs.readMFT(PartitionTableData,fileList, true);
718 | TotalSpace.setText(Utils.getSize(ntfs.bytes_per_Sector * ntfs.total_sectors));
719 | break;
720 | }
721 | case "EB5890":
722 | {
723 | fat32 = new FAT32();
724 | jTabbedPane1.setTitleAt(1, "FAT");
725 | fat32.getBPB(path);
726 | fat32.printBPB(BootSectorData,BootSectorHexData);
727 | fat32.readFAT(PartitionTableData, fileList, true);
728 | VolumeLabel.setText(fat32.label);
729 | // jTextField1.setText(fat32.type);
730 | if(fat32.total_sectors==0)
731 | TotalSpace.setText(Utils.getSize(fat32.bytes_per_Sector*fat32.total_sectorsL));
732 | else
733 | TotalSpace.setText(Utils.getSize(fat32.bytes_per_Sector*fat32.total_sectors));
734 | break;
735 | }
736 | default:
737 | break;
738 | }
739 | re_calc.setVisible(false);
740 | recoverFiles.setVisible(true);
741 | } catch (IOException | JAXBException ex) {
742 | Logger.getLogger(MainJFrame.class.getName()).log(Level.SEVERE, null, ex);
743 | }
744 | }//GEN-LAST:event_re_calcActionPerformed
745 |
746 | private void recoverFilesActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_recoverFilesActionPerformed
747 | try {
748 | switch (jump_instruction) {
749 | case "EB5290":
750 | {//NTFS
751 | break;
752 | }
753 | case "EB5890":
754 | {
755 |
756 | fat32.recoverFiles(fileList, path);
757 | // disk.recoverFiles(jList1);
758 | }
759 | default:
760 | break;
761 | }
762 |
763 | } catch (Exception ex) {
764 | Logger.getLogger(MainJFrame.class.getName()).log(Level.SEVERE, null, ex);
765 | }
766 |
767 | }//GEN-LAST:event_recoverFilesActionPerformed
768 |
769 | private void ComputeHashActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_ComputeHashActionPerformed
770 | try {
771 | File spath = new File(jComboBox2.getSelectedItem().toString());
772 | long diskSize = spath.getTotalSpace();
773 | System.out.println("Disk size: " + diskSize + " or " + Utils.getSize(diskSize));
774 | System.out.println("Disk : "+spath.getAbsolutePath() + " or " + spath.getCanonicalPath());
775 | final int size=10485760; //5242880
776 |
777 | ButtonModel algorithm = HashAlgorithm.getSelection();
778 | final String algo = algorithm.getActionCommand();
779 |
780 | final int stop = (int) (diskSize/size);
781 | final int extra = (int) (diskSize%size);
782 | HashProgressBar.setMaximum(stop);
783 | HashProgressBar.setMinimum(0);
784 | HashProgressBar.setStringPainted(true);
785 | System.out.println("extra "+extra);
786 | System.out.println("Stop: "+stop);
787 | Thread thread = new Thread(new Runnable() {
788 |
789 | @Override
790 | public void run() {
791 | try {
792 | StringBuilder hashString = new StringBuilder();
793 | MessageDigest m = null;
794 | byte[] content = new byte[size];
795 | try {
796 | m = MessageDigest.getInstance(algo);
797 | } catch (NoSuchAlgorithmException ex) {
798 | Logger.getLogger(MainJFrame.class.getName()).log(Level.SEVERE, null, ex);
799 | }
800 | File sxpath = new File("\\\\.\\" + jComboBox2.getSelectedItem().toString());
801 |
802 | RandomAccessFile diskAccess1 = new RandomAccessFile(sxpath, "r");
803 |
804 | m.reset();
805 | for(int i=0;i
895 | /* If Nimbus (introduced in Java SE 6) is not available, stay with the default look and feel.
896 | * For details see http://download.oracle.com/javase/tutorial/uiswing/lookandfeel/plaf.html
897 | */
898 | try {
899 | for (javax.swing.UIManager.LookAndFeelInfo info : javax.swing.UIManager.getInstalledLookAndFeels()) {
900 | if ("Nimbus".equals(info.getName())) {
901 | javax.swing.UIManager.setLookAndFeel(info.getClassName());
902 | break;
903 | }
904 | }
905 | } catch (ClassNotFoundException ex) {
906 | java.util.logging.Logger.getLogger(MainJFrame.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
907 | } catch (InstantiationException ex) {
908 | java.util.logging.Logger.getLogger(MainJFrame.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
909 | } catch (IllegalAccessException ex) {
910 | java.util.logging.Logger.getLogger(MainJFrame.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
911 | } catch (javax.swing.UnsupportedLookAndFeelException ex) {
912 | java.util.logging.Logger.getLogger(MainJFrame.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
913 | }
914 | //
915 |
916 | /* Create and display the form */
917 | java.awt.EventQueue.invokeLater(new Runnable() {
918 | public void run() {
919 | MainJFrame a = new MainJFrame();
920 | a.setVisible(true);
921 | re_calc.setVisible(false);
922 | recoverFiles.setVisible(false);
923 | a.getDrives(a.DriveSelector);
924 | }
925 | });
926 | }
927 | // Variables declaration - do not modify//GEN-BEGIN:variables
928 | private javax.swing.JScrollPane BootSector;
929 | private javax.swing.JTextArea BootSectorData;
930 | private javax.swing.JScrollPane BootSectorHex;
931 | private javax.swing.JTextArea BootSectorHexData;
932 | private javax.swing.JButton ComputeHash;
933 | private javax.swing.JComboBox DriveSelector;
934 | private javax.swing.JLabel DriveType;
935 | private javax.swing.JFileChooser FileSaveAs;
936 | private javax.swing.JLabel FreeSpace;
937 | private javax.swing.JLabel Hash;
938 | private javax.swing.ButtonGroup HashAlgorithm;
939 | private javax.swing.JProgressBar HashProgressBar;
940 | private javax.swing.JTextField HashValue;
941 | private javax.swing.JRadioButton MD5;
942 | private javax.swing.JScrollPane PartitionTable;
943 | private javax.swing.JTextArea PartitionTableData;
944 | private javax.swing.JButton RefreshDriveList;
945 | private javax.swing.JButton RefreshDriveList1;
946 | private javax.swing.JRadioButton SHA1;
947 | private javax.swing.JRadioButton SHA256;
948 | private javax.swing.JLabel TotalSpace;
949 | private javax.swing.JLabel VolumeLabel;
950 | private javax.swing.JDialog cloneDialog;
951 | private javax.swing.JButton clone_disk;
952 | private javax.swing.JList fileList;
953 | private javax.swing.JButton get_details;
954 | private javax.swing.JDialog hashDialog;
955 | private javax.swing.JButton hash_disk;
956 | private javax.swing.JButton jButton4;
957 | private javax.swing.JButton jButton5;
958 | private javax.swing.JButton jButton6;
959 | private javax.swing.JButton jButton7;
960 | private javax.swing.JComboBox jComboBox1;
961 | private javax.swing.JComboBox jComboBox2;
962 | private javax.swing.JLabel jLabel1;
963 | private javax.swing.JLabel jLabel2;
964 | private javax.swing.JLabel jLabel3;
965 | private javax.swing.JLabel jLabel4;
966 | private javax.swing.JLabel jLabel5;
967 | private javax.swing.JLabel jLabel6;
968 | private javax.swing.JLayeredPane jLayeredPane1;
969 | private javax.swing.JProgressBar jProgressBar1;
970 | private javax.swing.JScrollPane jScrollPane2;
971 | private javax.swing.JSplitPane jSplitPane1;
972 | private javax.swing.JTabbedPane jTabbedPane1;
973 | private javax.swing.JTextField jTextField2;
974 | private javax.swing.JTextField jTextField3;
975 | private javax.swing.JLabel lbl_FreeSpace;
976 | private javax.swing.JLabel lbl_Label;
977 | private javax.swing.JLabel lbl_SelectDrive;
978 | private javax.swing.JLabel lbl_TotalSize;
979 | private javax.swing.JLabel lbl_Type;
980 | public static javax.swing.JButton re_calc;
981 | public static javax.swing.JButton recoverFiles;
982 | private javax.swing.JButton startClone;
983 | // End of variables declaration//GEN-END:variables
984 | }
985 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/NTFS.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 |
7 | import java.awt.Color;
8 | import java.awt.FlowLayout;
9 | import java.io.File;
10 | import java.io.FileNotFoundException;
11 | import java.io.IOException;
12 | import java.io.RandomAccessFile;
13 | import java.util.ArrayList;
14 | import javax.swing.DefaultListModel;
15 | import javax.swing.ImageIcon;
16 | import javax.swing.JLabel;
17 | import javax.swing.JPanel;
18 | import javax.swing.ListSelectionModel;
19 | import javax.swing.event.ListSelectionEvent;
20 | import javax.swing.event.ListSelectionListener;
21 | import javax.xml.bind.JAXBContext;
22 | import javax.xml.bind.JAXBException;
23 | import javax.xml.bind.Marshaller;
24 |
25 | /**
26 | *
27 | * @author Resley Rodrigues
28 | */
29 | public class NTFS {
30 | String jump_instruction = ""; //0-2 0x00
31 | String file_system_ID = ""; //3-10 0x03
32 | int bytes_per_Sector; //11-12 0x0B
33 | int sectors_per_cluster; //13 0x0D
34 | int reserved_sectors; //14-15 0x0E
35 | String media_descriptor; //21 0x13
36 | int sectors_per_track; //24-25 0x18
37 | int number_of_heads; //26-27 0x1A
38 | int hidden_sectors; //28-31 0x1C
39 | long total_sectors; //40-47 0x28
40 | long location_$MFT; //48-55 0x30
41 | long location_$MFTMirr; //56-63 0x38
42 | int clusters_per_file_segment; //64-67 0x40
43 | int clusters_per_index_buffer; //68 0x44
44 | long volume_serial_number; //72-79 0x48
45 | int checksum; //80-81 0x50
46 | int i=0;
47 | RandomAccessFile diskAccess;
48 | byte[] content = new byte[512];
49 | int address = 0x000000;
50 |
51 | public static ArrayList files = new ArrayList<>();
52 |
53 | public void getBPB(String path) throws FileNotFoundException, IOException {
54 | File diskRoot = new File("\\\\.\\" + path);
55 | diskAccess = new RandomAccessFile(diskRoot, "r");
56 | diskAccess.readFully(content);
57 | jump_instruction = Utils.hex(content[i++]) +Utils.hex(content[i++]) + Utils.hex(content[i++]);
58 | for (i = 3; i <= 10; i++) {
59 | file_system_ID = file_system_ID.concat(String.valueOf(Utils.hexToText(Utils.hex(content[i]))));
60 | }
61 | bytes_per_Sector = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]));
62 | sectors_per_cluster = Utils.hexToInt(Utils.hex(content[i++]), "00");
63 | reserved_sectors = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]));
64 | media_descriptor = Utils.hex(content[i = 21]);
65 | i = 24;
66 | sectors_per_track = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]));
67 | number_of_heads = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]));
68 | hidden_sectors = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]));
69 | i = 40;
70 | total_sectors = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]));
71 | location_$MFT = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]));
72 | location_$MFTMirr = Utils.hexToInt(Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]));
73 | volume_serial_number = Utils.hexToInt(Utils.hex(content[i=72]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]), Utils.hex(content[i++]));
74 | }
75 |
76 | public void printBPB(javax.swing.JTextArea a,javax.swing.JTextArea b) {
77 | b.append("\t\t 0\t 1\t 2\t 3\t 4\t 5\t 6\t 7\t\t 8\t 9\t A\t B\t C\t D\t E\t F");
78 | for (i=0; i 1024) {
85 | size /= 1024;
86 | strSize = dFormat.format(size) + " KB";
87 | if (size > 1024) {
88 | size /= 1024;
89 | strSize = dFormat.format(size) + " MB";
90 | if (size > 1024) {
91 | size /= 1024;
92 | strSize = dFormat.format(size) + " GB";
93 | }
94 | }
95 | }
96 | return strSize;
97 | }
98 |
99 | public static String hex(int n) {
100 | return String.format("0x%8s", Integer.toHexString(n).toUpperCase()).replace(' ', '0').substring(8);
101 | }
102 | }
103 |
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/refresh.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/android/forensic/toolkit/refresh.png
--------------------------------------------------------------------------------
/src/android/forensic/toolkit/yaffs_obj_hdr.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 | package android.forensic.toolkit;
6 | import java.io.BufferedReader;
7 | import java.io.File;
8 | import java.io.FileReader;
9 | import java.io.InputStreamReader;
10 | import java.util.ArrayList;
11 | import java.util.HashSet;
12 | import java.util.Map;
13 | import java.util.TreeMap;
14 |
15 | /**
16 | *
17 | * @author Pranav
18 | */
19 |
20 |
21 | //this two classes are writen using pseudocode found in "reverse engineering of android file system"
22 | //mounting part of sd card can i take from other projects its too difficult..
23 |
24 |
25 |
26 | public class yaffs_obj_hdr
27 | {
28 |
29 | // enum yaffs_obj_type type;
30 |
31 | int parent_obj_id;
32 | int sum_no_longer_used; /* checksum of name. No longer used */
33 | // char name[YAFFS_MAX_NAME_LENGTH + 1];
34 |
35 | /* The following apply to all object types except for hard links */
36 | int yst_mode; /* protection */
37 |
38 | int yst_uid;
39 | int yst_gid;
40 | int yst_atime;
41 | int yst_mtime;
42 | int yst_ctime;
43 |
44 | /* File size applies to files only */
45 | int file_size_low;
46 |
47 | /* Equivalent object id applies to hard links only. */
48 | int equiv_id;
49 |
50 | /* Alias is for symlinks only. */
51 | // YCHAR alias[YAFFS_MAX_ALIAS_LENGTH + 1];
52 |
53 | int yst_rdev; /* stuff for block and char devices (major/min) */
54 |
55 | int win_ctime[] = new int[2];
56 | int win_atime[] = new int[2];
57 | int win_mtime[] = new int[2];
58 |
59 | int inband_shadowed_obj_id;
60 | int inband_is_shrink;
61 |
62 | int file_size_high;
63 | int reserved[] = new int[1];
64 | int shadows_obj; /* This object header shadows the specified object if > 0 */
65 |
66 | /* is_shrink applies to object headers written when we make a hole. */
67 | int is_shrink;
68 | };
69 | //
70 | //
71 | // public class yaffs_ext_tags
72 | // {
73 | // long chunk_used; /* Status of the chunk: used or unused */
74 | // long obj_id; /* If 0 this is not used */
75 | // long chunk_id; /* If 0 this is a header, else a data chunk */
76 | // long n_bytes; /* Only valid for data chunks */
77 | //
78 | // /* The following stuff only has meaning when we read */
79 | // yaffs_ECCResult yaffs_ECCResult ;
80 | // long block_bad;
81 | //
82 | // /* YAFFS 1 stuff */
83 | // long is_deleted; /* The chunk is marked deleted */
84 | // long serial_number; /* Yaffs1 2-bit serial number */
85 | //
86 | // /* YAFFS2 stuff */
87 | // long seq_number; /* The sequence number of this block */
88 | //
89 | // /* Extra info if this is an object header (YAFFS2 only) */
90 | //
91 | // long extra_available; /* Extra info available if not zero */
92 | // long extra_parent_id; /* The parent object */
93 | // long extra_is_shrink; /* Is it a shrink header? */
94 | // long extra_shadows; /* Does this shadow another object? */
95 | //
96 | // yaffs_obj_type extra_obj_type; /* What object type? */
97 | //
98 | // long extra_equiv_id; /* Equivalent object for a hard link */
99 | //};
100 | //
101 | //}
102 | //
103 | // */
--------------------------------------------------------------------------------
/src/cache/res/Thumbs.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/Thumbs.db
--------------------------------------------------------------------------------
/src/cache/res/deleted_file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/deleted_file.png
--------------------------------------------------------------------------------
/src/cache/res/deleted_folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/deleted_folder.png
--------------------------------------------------------------------------------
/src/cache/res/deleted_hidden_file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/deleted_hidden_file.png
--------------------------------------------------------------------------------
/src/cache/res/deleted_hidden_folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/deleted_hidden_folder.png
--------------------------------------------------------------------------------
/src/cache/res/file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/file.png
--------------------------------------------------------------------------------
/src/cache/res/folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/folder.png
--------------------------------------------------------------------------------
/src/cache/res/hidden_file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/hidden_file.png
--------------------------------------------------------------------------------
/src/cache/res/hidden_folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/cache/res/hidden_folder.png
--------------------------------------------------------------------------------
/src/res/Thumbs.db:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/Thumbs.db
--------------------------------------------------------------------------------
/src/res/cache_template.html:
--------------------------------------------------------------------------------
1 |
3 |
4 |
5 |
6 | $title
7 |
8 | $body
9 |
10 |
--------------------------------------------------------------------------------
/src/res/camera.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/camera.ico
--------------------------------------------------------------------------------
/src/res/deleted_file.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_file.ico
--------------------------------------------------------------------------------
/src/res/deleted_file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_file.png
--------------------------------------------------------------------------------
/src/res/deleted_file2.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_file2.ico
--------------------------------------------------------------------------------
/src/res/deleted_file2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_file2.png
--------------------------------------------------------------------------------
/src/res/deleted_folder.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_folder.ico
--------------------------------------------------------------------------------
/src/res/deleted_folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_folder.png
--------------------------------------------------------------------------------
/src/res/deleted_hidden_file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_hidden_file.png
--------------------------------------------------------------------------------
/src/res/deleted_hidden_folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/deleted_hidden_folder.png
--------------------------------------------------------------------------------
/src/res/disk.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/disk.ico
--------------------------------------------------------------------------------
/src/res/file.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/file.ico
--------------------------------------------------------------------------------
/src/res/file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/file.png
--------------------------------------------------------------------------------
/src/res/folder.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/folder.ico
--------------------------------------------------------------------------------
/src/res/folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/folder.png
--------------------------------------------------------------------------------
/src/res/folder2.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/folder2.ico
--------------------------------------------------------------------------------
/src/res/help.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/help.ico
--------------------------------------------------------------------------------
/src/res/hidden_file.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/hidden_file.png
--------------------------------------------------------------------------------
/src/res/hidden_folder.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/hidden_folder.png
--------------------------------------------------------------------------------
/src/res/mem_card.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/mem_card.ico
--------------------------------------------------------------------------------
/src/res/mobile.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/mobile.ico
--------------------------------------------------------------------------------
/src/res/off.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/off.ico
--------------------------------------------------------------------------------
/src/res/ram.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/ram.ico
--------------------------------------------------------------------------------
/src/res/stop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ResleyR/Android_Forensic_Toolkit/e48e27083f4454d21b70e1fb1c49a9e850a1650a/src/res/stop.ico
--------------------------------------------------------------------------------