mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Code to dedup lnk files as they are analyzed

Browse Source 
Code to dedup lnk files, this is a by product of Jumplists having lots of the same named lnk files,  dedup occurs on path and lnk name, only first file is kept in Recent Docs.
This commit is contained in:
Mark McKinnon 2021-07-20 09:34:39 -04:00
parent 4620403834
commit 050672a8b2
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentDocumentsByLnk.java
View File

@ -22,6 +22,7 @@
*/
package org.sleuthkit.autopsy.recentactivity;
import java.io.File;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
@ -29,6 +30,7 @@ import org.apache.commons.io.FilenameUtils;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.coreutils.Logger;
import java.util.Collection;
import java.util.HashMap;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.coreutils.JLNK;
import org.sleuthkit.autopsy.coreutils.JLnkParser;
@ -87,6 +89,7 @@ class RecentDocumentsByLnk extends Extract {
dataFound = true;
List<BlackboardArtifact> bbartifacts = new ArrayList<>();
HashMap<String, String> recentFileMap = new HashMap<>();
for (AbstractFile recentFile : recentFiles) {
if (context.dataSourceIngestIsCancelled()) {
break;
@ -111,6 +114,8 @@ class RecentDocumentsByLnk extends Extract {
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
String path = lnk.getBestPath();
if (recentFileMap.get(path + File.separator + recentFile.getName()) == null) {
recentFileMap.put(path + File.separator + recentFile.getName(), recentFile.getName());
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH,
NbBundle.getMessage(this.getClass(),
"RecentDocumentsByLnk.parentModuleName.noSpace"),
@ -136,6 +141,7 @@ class RecentDocumentsByLnk extends Extract {
logger.log(Level.SEVERE, String.format("Failed to create TSK_RECENT_OBJECT artifact for file %d", recentFile.getId()), ex);
}
}
}
if (!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts);