sleuthkit
diff --git a/‎Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java‎
Lines changed: 29 additions & 12 deletions b/‎Core/src/org/sleuthkit/autopsy/modules/photoreccarver/PhotoRecCarverFileIngestModule.java‎
Lines changed: 29 additions & 12 deletions
diff --git a/‎RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java‎
Lines changed: 29 additions & 11 deletions b/‎RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java‎
Lines changed: 29 additions & 11 deletions
diff --git a/‎RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java‎
Lines changed: 3 additions & 0 deletions b/‎RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎build.xml‎
Lines changed: 27 additions & 4 deletions b/‎build.xml‎
Lines changed: 27 additions & 4 deletions
@@ -37,6 +37,7 @@
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.logging.Level;
 import org.openide.modules.InstalledFileLocator;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.coreutils.ExecUtil;
@@ -78,6 +79,7 @@ final class PhotoRecCarverFileIngestModule implements FileIngestModule {
 
     private static final String PHOTOREC_DIRECTORY = "photorec_exec"; //NON-NLS
     private static final String PHOTOREC_EXECUTABLE = "photorec_win.exe"; //NON-NLS
+    private static final String PHOTOREC_LINUX_EXECUTABLE = "photorec";
     private static final String PHOTOREC_RESULTS_BASE = "results"; //NON-NLS
     private static final String PHOTOREC_RESULTS_EXTENDED = "results.1"; //NON-NLS
     private static final String PHOTOREC_REPORT = "report.xml"; //NON-NLS
@@ -136,8 +138,8 @@ public void startUp(IngestJobContext context) throws IngestModule.IngestModuleEx
 
         this.rootOutputDirPath = createModuleOutputDirectoryForCase();
 
-        Path execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE);
-        executableFile = locateExecutable(execName.toString());
+        //Set photorec executable directory based on operating system.
+            executableFile = locateExecutable();
 
         if (PhotoRecCarverFileIngestModule.refCounter.incrementAndGet(this.jobId) == 1) {
             try {
@@ -222,13 +224,13 @@ public IngestModule.ProcessResult process(AbstractFile file) {
 
             // Scan the file with Unallocated Carver.
             ProcessBuilder processAndSettings = new ProcessBuilder(
-                    "\"" + executableFile + "\"",
+                    executableFile.toString(),
                     "/d", // NON-NLS
-                    "\"" + outputDirPath.toAbsolutePath() + File.separator + PHOTOREC_RESULTS_BASE + "\"",
+                    outputDirPath.toAbsolutePath().toString() + File.separator + PHOTOREC_RESULTS_BASE,
                     "/cmd", // NON-NLS
-                    "\"" + tempFilePath.toFile() + "\"",
+                    tempFilePath.toFile().toString(),
                     "search");  // NON-NLS
-
+            
             // Add environment variable to force PhotoRec to run with the same permissions Autopsy uses
             processAndSettings.environment().put("__COMPAT_LAYER", "RunAsInvoker"); //NON-NLS
             processAndSettings.redirectErrorStream(true);
@@ -435,17 +437,32 @@ synchronized Path createModuleOutputDirectoryForCase() throws IngestModule.Inges
      *
      * @throws IngestModuleException
      */
-    public static File locateExecutable(String executableToFindName) throws IngestModule.IngestModuleException {
-        // Must be running under a Windows operating system.
-        if (!PlatformUtil.isWindowsOS()) {
-            throw new IngestModule.IngestModuleException(Bundle.unsupportedOS_message());
+    public static File locateExecutable() throws IngestModule.IngestModuleException {
+        File exeFile = null;
+        Path execName = null;
+        String photorec_linux_directory = "/usr/bin";
+        if (PlatformUtil.isWindowsOS()) {
+            execName = Paths.get(PHOTOREC_DIRECTORY, PHOTOREC_EXECUTABLE);
+            exeFile = InstalledFileLocator.getDefault().locate(execName.toString(), PhotoRecCarverFileIngestModule.class.getPackage().getName(), false);
+        } else {
+            File usrBin = new File("/usr/bin/photorec");
+            File usrLocalBin = new File("/usr/local/bin/photorec");
+            if (usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()) {
+                photorec_linux_directory = "/usr/bin";
+            }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
+                photorec_linux_directory = "/usr/local/bin";
+            }else{
+                throw new IngestModule.IngestModuleException("Photorec not found");
+            }
+            execName = Paths.get(photorec_linux_directory, PHOTOREC_LINUX_EXECUTABLE);
+            exeFile = new File(execName.toString());
         }
 
-        File exeFile = InstalledFileLocator.getDefault().locate(executableToFindName, PhotoRecCarverFileIngestModule.class.getPackage().getName(), false);
         if (null == exeFile) {
             throw new IngestModule.IngestModuleException(Bundle.missingExecutable_message());
         }
-
+        
+        
         if (!exeFile.canExecute()) {
             throw new IngestModule.IngestModuleException(Bundle.cannotRunExecutable_message());
         }
 
@@ -76,10 +76,13 @@ class ExtractRegistry extends Extract {
     final private static UsbDeviceIdMapper USB_MAPPER = new UsbDeviceIdMapper();
     final private static String RIP_EXE = "rip.exe";
     final private static String RIP_PL = "rip.pl";
-    final private static String PERL = "perl ";
+    private List<String> rrCmd = new ArrayList<>();
+    private List<String> rrFullCmd= new ArrayList<>();
+    
 
     ExtractRegistry() throws IngestModuleException {
         moduleName = NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text");
+        
         final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
         if (rrRoot == null) {
             throw new IngestModuleException(Bundle.RegRipperNotFound());
@@ -98,20 +101,33 @@ class ExtractRegistry extends Extract {
         RR_PATH = rrHome.resolve(executableToRun).toString();
         rrFullHome = rrFullRoot.toPath();
         RR_FULL_PATH = rrFullHome.resolve(executableToRun).toString();
-
+        
         if (!(new File(RR_PATH).exists())) {
             throw new IngestModuleException(Bundle.RegRipperNotFound());
         }
         if (!(new File(RR_FULL_PATH).exists())) {
             throw new IngestModuleException(Bundle.RegRipperFullNotFound());
         }
-
-        if (!PlatformUtil.isWindowsOS()) {
-            RR_PATH = PERL + RR_PATH;
-            RR_FULL_PATH = PERL + RR_FULL_PATH;
+        if(PlatformUtil.isWindowsOS()){
+            rrCmd.add(RR_PATH);
+            rrFullCmd.add(RR_FULL_PATH);
+        }else{
+            String perl;
+            File usrBin = new File("/usr/bin/perl");
+            File usrLocalBin = new File("/usr/local/bin/perl");
+            if(usrBin.canExecute() && usrBin.exists() && !usrBin.isDirectory()){
+                perl = "/usr/bin/perl";
+            }else if(usrLocalBin.canExecute() && usrLocalBin.exists() && !usrLocalBin.isDirectory()){
+                perl = "/usr/local/bin/perl";
+            }else{
+                throw new IngestModuleException("perl not found in your system");
+            }
+            rrCmd.add(perl);
+            rrCmd.add(RR_PATH);
+            rrFullCmd.add(perl);
+            rrFullCmd.add(RR_FULL_PATH);
         }
     }
-
     /**
      * Search for the registry hives on the system.
      */
@@ -262,7 +278,7 @@ private RegOutputFiles ripRegistryFile(String regFilePath, String outFilePathBas
             regOutputFiles.autopsyPlugins = outFilePathBase + "-autopsy.txt"; //NON-NLS
             String errFilePath = outFilePathBase + "-autopsy.err.txt"; //NON-NLS
             logger.log(Level.INFO, "Writing RegRipper results to: {0}", regOutputFiles.autopsyPlugins); //NON-NLS
-            executeRegRipper(RR_PATH, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
+            executeRegRipper(rrCmd, rrHome, regFilePath, autopsyType, regOutputFiles.autopsyPlugins, errFilePath);
         }
         if (context.dataSourceIngestIsCancelled()) {
             return regOutputFiles;
@@ -273,15 +289,17 @@ private RegOutputFiles ripRegistryFile(String regFilePath, String outFilePathBas
             regOutputFiles.fullPlugins = outFilePathBase + "-full.txt"; //NON-NLS
             String errFilePath = outFilePathBase + "-full.err.txt"; //NON-NLS
             logger.log(Level.INFO, "Writing Full RegRipper results to: {0}", regOutputFiles.fullPlugins); //NON-NLS
-            executeRegRipper(RR_FULL_PATH, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
+            executeRegRipper(rrFullCmd, rrFullHome, regFilePath, fullType, regOutputFiles.fullPlugins, errFilePath);
         }
         return regOutputFiles;
     }
 
-    private void executeRegRipper(String regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
+    private void executeRegRipper(List<String> regRipperPath, Path regRipperHomeDir, String hiveFilePath, String hiveFileType, String outputFile, String errFile) {
         try {
             List<String> commandLine = new ArrayList<>();
-            commandLine.add(regRipperPath);
+            for(String cmd: regRipperPath){
+                commandLine.add(cmd);
+            }
             commandLine.add("-r"); //NON-NLS
             commandLine.add(hiveFilePath);
             commandLine.add("-f"); //NON-NLS
 
@@ -23,9 +23,11 @@
 package org.sleuthkit.autopsy.recentactivity;
 
 import java.io.File;
+import java.io.FileNotFoundException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Level;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.coreutils.Logger;
@@ -57,6 +59,7 @@ public final class RAImageIngestModule implements DataSourceIngestModule {
     public void startUp(IngestJobContext context) throws IngestModuleException {
         this.context = context;
 
+        
         Extract registry = new ExtractRegistry();
         Extract iexplore = new ExtractIE();
         Extract recentDocuments = new RecentDocumentsByLnk();
 
@@ -32,7 +32,12 @@
     </condition>  
     <condition property="os.family" value="windows">  
         <os family="windows"/>  
-    </condition>  
+    </condition> 
+    
+    <condition property="os.family" value="mac">  
+        <os family="mac"/>  
+    </condition> 
+     
     <import file="build-${os.family}.xml"/> 
 
     <!-- Third party tools dependencies -->
@@ -82,7 +87,13 @@
         <copy file="${basedir}/LICENSE-2.0.txt" tofile="${zip-tmp}/${app.name}/LICENSE-2.0.txt"/>
         <copy file="${basedir}/NEWS.txt" tofile="${zip-tmp}/${app.name}/NEWS.txt"/>
         <copy file="${basedir}/KNOWN_ISSUES.txt" tofile="${zip-tmp}/${app.name}/KNOWN_ISSUES.txt"/>
-        <unzip src="${thirdparty.dir}/gstreamer/${os.family}/i386/0.10.7/gstreamer.zip" dest="${zip-tmp}/${app.name}/gstreamer"/>
+        <if>
+            <equals arg1="${os.family}" arg2="windows"/>
+            <then>
+                <unzip src="${thirdparty.dir}/gstreamer/${os.family}/i386/0.10.7/gstreamer.zip" dest="${zip-tmp}/${app.name}/gstreamer"/>
+            </then>
+        </if>
+        
         <copy file="${basedir}/icons/icon.ico" tofile="${zip-tmp}/${app.name}/icon.ico" overwrite="true"/>
 
         <!-- Copy the Autopsy documentation to the docs folder -->
@@ -91,8 +102,20 @@
         </copy>
 
         <property name="app.property.file" value="${zip-tmp}/${app.name}/etc/${app.name}.conf" />
-        <!-- for Japanese localized version add option:  -Duser.language=ja -->        
-        <property name="jvm.options" value="&quot;--branding ${app.name} -J-Xms24m -J-Xmx4G -J-XX:MaxPermSize=128M -J-Xverify:none -J-XX:+UseG1GC -J-XX:+UseStringDeduplication -J-Xdock:name=${app.title}&quot;" />
+        <var name="jvm-value" value="--branding ${app.name} -J-Xms24m -J-Xmx4G -J-Xverify:none -J-XX:+UseG1GC -J-XX:+UseStringDeduplication"/>
+        <!-- for Japanese localized version add option:  -Duser.language=ja -->
+        
+            
+            <if>
+                <equals arg1="${os.family}" arg2="mac"/>
+                <then>
+                    <property name="jvm.options" value="&quot;${jvm-value} -J-Xdock:name=${app.title}&quot;"/>
+                </then>
+                <else>
+                    <property name="jvm.options" value="&quot;${jvm-value}&quot;"/>
+                </else>
+            </if>
+                
         <propertyfile file="${app.property.file}">
             <!-- Note: can be higher on 64 bit systems, should be in sync with project.properties -->
             <entry key="default_options" value="@JVM_OPTIONS" />