sleuthkit · markmckinnon · Mar 24, 2025 · Mar 30, 2025 · Mar 31, 2025 · Mar 31, 2025
diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java b/Core/src/org/sleuthkit/autopsy/coreutils/PlatformUtil.java
@@ -340,6 +340,24 @@ public static boolean isWindowsOS() {
         return PlatformUtil.getOSName().toLowerCase().contains("windows"); //NON-NLS
     }
 
+    /**
+     * Check if running on Linux OS
+     *
+     * @return true if running on Linux OS
+     */
+    public static boolean isLinuxOS() {
+        return PlatformUtil.getOSName().toLowerCase().contains("linux"); //NON-NLS
+    }
+
+    /**
+     * Check if running on Macos OS
+     *
+     * @return true if running on Macos OS
+     */
+    public static boolean isMacOS() {
+        return PlatformUtil.getOSName().toLowerCase().contains("mac"); //NON-NLS
+    }
+
     /**
      * Convert file path (quote) for OS specific
      *

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
@@ -19,6 +19,7 @@ DefaultPriorityDomainCategorizer_searchEngineCategory=Search Engine
 DomainCategoryRunner_moduleName_text=Domain Category Analyzer
 DomainCategoryRunner_parentModuleName=Recent Activity
 DomainCategoryRunner_Progress_Message_Domain_Types=Finding Domain Types
+EventPartitionLog_Not_Found=Event Log Partition information not found
 ExtractEdge_getHistory_containerFileNotFound=Error while trying to analyze Edge history
 ExtractEdge_Module_Name=Microsoft Edge Analyzer
 ExtractEdge_process_errMsg_errGettingWebCacheFiles=Error trying to retrieving Edge WebCacheV01 file
@@ -75,6 +76,15 @@ ExtractSru_process_errormsg_find_software_hive=Unable to find SOFTWARE HIVE file
 ExtractSru_process_errormsg_find_srudb_dat=Unable to find srudb.dat file
 ExtractSru_process_errormsg_write_software_hive=Unable to write SOFTWARE HIVE file
 ExtractSru_process_errormsg_write_srudb_dat=Unable to write srudb.dat file
+ExtractUsb_error_finding_usbparser_program=Error finding usbparser program
+ExtractUsb_module_name=USB Analyzer
+ExtractUsb_process_error_executing_export_srudb_program=Error running usbparser program
+ExtractUsb_process_errormsg_find_evtx=Unable to find evtx file
+ExtractUsb_process_errormsg_find_hive=Unable to find HIVE file
+ExtractUsb_process_errormsg_find_lnk=Unable to find lnk file
+ExtractUsb_process_errormsg_write_evtx=Unable to write evtx file
+ExtractUsb_process_errormsg_write_hive=Unable to write HIVE file
+ExtractUsb_process_errormsg_write_lnk=Unable to write lnk file
 ExtractWebAccountType.role.admin=Administrator role
 ExtractWebAccountType.role.moderator=Moderator role
 ExtractWebAccountType.role.user=User role
@@ -260,4 +270,18 @@ ExtractWebAccountType.parentModuleName=Recent Activity
 Shellbag_Artifact_Display_Name=Shell Bags
 Shellbag_Key_Attribute_Display_Name=Key
 Shellbag_Last_Write_Attribute_Display_Name=Last Write
+SoftwareHiveFile_Not_Found=SOFTWARE hive file not found
+SystemHiveFile_Not_Found=SYSTEM hive file not found
+Usb_Artifact_Connect_Disconnect=USB Connects/Disconnects
+Usb_Artifact_Name=USB Removable Device
+Usb_connect_disconnect=Connection Type
+Usb_disconnectedTime=Disconnected Time
+Usb_diskSignature=Disk Signature
+Usb_driveLetter=Drive Letter
+Usb_fileSystem=File System
+Usb_firstConnectTime=First Connect Time
+Usb_lastConnectTime=Last Connect Time
+Usb_serialNumber=Serial Number
+Usb_volumeName=Volume Label
+Usb_vsn=Volume Serial Number
 UsbDeviceIdMapper.parseAndLookup.text=Product: {0}
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -766,34 +766,34 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                                         // @@@ BC: Why are we ignoring this...
                                         break;
                                     case "usb": //NON-NLS
-                                        try {
-                                            Long usbMtime = Long.valueOf("0");
-                                            if (!artnode.getAttribute("mtime").isEmpty()) {
-                                                usbMtime = Long.parseLong(artnode.getAttribute("mtime")); //NON-NLS
-                                            } 
-                                            usbMtime = Long.valueOf(usbMtime.toString());
-                                            if (usbMtime > 0) {
-                                                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, parentModuleName, usbMtime));
-                                            }
-                                            String dev = artnode.getAttribute("dev"); //NON-NLS
-                                            String make = "";
-                                            String model = dev;
-                                            if (dev.toLowerCase().contains("vid")) { //NON-NLS
-                                                USBInfo info = USB_MAPPER.parseAndLookup(dev);
-                                                if (info.getVendor() != null) {
-                                                    make = info.getVendor();
-                                                }
-                                                if (info.getProduct() != null) {
-                                                    model = info.getProduct();
-                                                }
-                                            }
-                                            bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE, parentModuleName, make));
-                                            bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL, parentModuleName, model));
-                                            bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID, parentModuleName, value));
-                                            newArtifacts.add(createArtifactWithAttributes(BlackboardArtifact.Type.TSK_DEVICE_ATTACHED, regFile, bbattributes));
-                                        } catch (TskCoreException ex) {
-                                            logger.log(Level.SEVERE, String.format("Error adding device_attached artifact to blackboard for file %d.", regFile.getId()), ex); //NON-NLS
-                                        }
+                                        // replaced by new USB Parsing,                                        
+                                        //try {
+                                        //    Long usbMtime = Long.valueOf("0");
+                                        //    if (!artnode.getAttribute("mtime").isEmpty()) {
+                                        //        usbMtime = Long.parseLong(artnode.getAttribute("mtime")); //NON-NLS
+                                        //    } 
+                                        //    usbMtime = Long.valueOf(usbMtime.toString());
+                                        //    if (usbMtime > 0) {
+                                        //        bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, parentModuleName, usbMtime));
+                                        //    }
+                                        //    String dev = artnode.getAttribute("dev"); //NON-NLS
+                                        //    String make = "";
+                                        //    String model = dev;
+                                        //    if (dev.toLowerCase().contains("vid")) { //NON-NLS
+                                        //        USBInfo info = USB_MAPPER.parseAndLookup(dev);
+                                        //        if (info.getVendor() != null) {
+                                        //            make = info.getVendor();
+                                        //        }
+                                        //        if (info.getProduct() != null) {
+                                        //            model = info.getProduct();
+                                        //        }
+                                        //    }
+                                        //    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE, parentModuleName, make));
+                                        //    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL, parentModuleName, model));
+                                        //    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID, parentModuleName, value));
+                                        //    newArtifacts.add(createArtifactWithAttributes(BlackboardArtifact.Type.TSK_DEVICE_ATTACHED, regFile, bbattributes));
+                                        //} catch (TskCoreException ex) {
+                                        //    logger.log(Level.SEVERE, String.format("Error adding device_attached artifact to blackboard for file %d.", regFile.getId()), ex); //NON-NLS                                        }
                                         break;
                                     case "uninstall": //NON-NLS
                                         Long itemMtime = null;