diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java b/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java index 99fbb652c5..28065dacbc 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2015-2019 Basis Technology Corp. + * Copyright 2015-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,7 +56,7 @@ public final class Blackboard implements Closeable { @Deprecated public synchronized void indexArtifact(BlackboardArtifact artifact) throws BlackboardException { try { - Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, ""); + Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, "", null); } catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) { throw new BlackboardException(ex.getMessage(), ex); } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java index 85dc90ea42..b1cac61e4c 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java @@ -761,8 +761,7 @@ public final class CaseEventListener implements PropertyChangeListener { BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, score, null, Bundle.CaseEventsListener_prevExists_text(), justification, attributesForNewArtifact, osAccountInstance.getDataSource().getId()).getAnalysisResult(); try { - // index the artifact for keyword search - blackboard.postArtifact(newAnalysisResult, MODULE_NAME); + blackboard.postArtifact(newAnalysisResult, MODULE_NAME, null); break; } catch (Blackboard.BlackboardException ex) { LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newAnalysisResult.getArtifactID(), ex); //NON-NLS diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java index 68dcb8e456..6af51f69af 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java @@ -351,8 +351,7 @@ public class IngestEventsListener { .getAnalysisResult(); try { - // index the artifact for keyword search - blackboard.postArtifact(newArtifact, MODULE_NAME); + blackboard.postArtifact(newArtifact, MODULE_NAME, null); } catch (Blackboard.BlackboardException ex) { LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newArtifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java index 26d262b4c6..df6bd58801 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java @@ -87,6 +87,7 @@ final class CentralRepoIngestModule implements FileIngestModule { private Blackboard blackboard; private final boolean createCorrelationProperties; private final boolean flagUniqueArtifacts; + private IngestJobContext context; /** * Instantiate the Central Repository ingest module. @@ -229,6 +230,8 @@ final class CentralRepoIngestModule implements FileIngestModule { }) @Override public void startUp(IngestJobContext context) throws IngestModuleException { + this.context = context; + IngestEventsListener.incrementCorrelationEngineModuleCount(); /* @@ -365,7 +368,7 @@ final class CentralRepoIngestModule implements FileIngestModule { .getAnalysisResult(); try { // index the artifact for keyword search - blackboard.postArtifact(tifArtifact, MODULE_NAME); + blackboard.postArtifact(tifArtifact, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java index 58a418e66d..2e3bb1d8d7 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,6 @@ import java.util.Collection; import java.util.List; import java.util.logging.Level; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.Blackboard.BlackboardException; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -288,7 +287,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser { if (callerId != null) { try { currentCase.getCommunicationsManager().createAccountFileInstance( - Account.Type.PHONE, callerId, PARSER_NAME, parent); + Account.Type.PHONE, callerId, PARSER_NAME, parent, null); } catch (InvalidAccountIDException ex) { logger.log(Level.WARNING, String.format("Invalid account identifier %s", callerId), ex); } @@ -301,7 +300,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser { for (String phone : calleeList) { try { currentCase.getCommunicationsManager().createAccountFileInstance( - Account.Type.PHONE, phone, PARSER_NAME, parent); + Account.Type.PHONE, phone, PARSER_NAME, parent, null); } catch (InvalidAccountIDException ex) { logger.log(Level.WARNING, String.format("Invalid account identifier %s", phone), ex); } @@ -314,13 +313,13 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser { if (!otherAttributes.isEmpty()) { BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG), otherAttributes); - currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME); + currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null); } } else { // Otherwise we can safely use the helper. CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper( - currentCase, PARSER_NAME, parent, Account.Type.PHONE); + currentCase, PARSER_NAME, parent, Account.Type.PHONE, null); helper.addCalllog(direction, callerId, calleeList, startTime, endTime, callType, otherAttributes); diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java index f721479d07..a961abfe21 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,6 @@ import java.util.List; import java.util.logging.Level; import org.sleuthkit.autopsy.coreutils.Logger; import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -136,7 +135,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser { // complain about illegal arguments. if (phoneNumber != null || homePhoneNumber != null || mobilePhoneNumber != null || hasAnEmail) { CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper( - currentCase, PARSER_NAME, parent, Account.Type.DEVICE); + currentCase, PARSER_NAME, parent, Account.Type.DEVICE, null); helper.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, additionalAttributes); @@ -145,7 +144,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser { if (!additionalAttributes.isEmpty()) { BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), additionalAttributes); - currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME); + currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null); } } } diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java index 6fb7413c8e..c51deab219 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -318,7 +318,7 @@ final class XRYMessagesFileParser implements XRYFileParser { } else { try { currentCase.getCommunicationsManager().createAccountFileInstance( - Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent); + Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent, null); } catch (InvalidAccountIDException ex) { logger.log(Level.WARNING, String.format("Invalid account identifier %s", pair.getValue()), ex); } @@ -437,7 +437,7 @@ final class XRYMessagesFileParser implements XRYFileParser { } CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper( - currentCase, PARSER_NAME, parent, Account.Type.PHONE); + currentCase, PARSER_NAME, parent, Account.Type.PHONE, null); helper.addMessage(messageType, direction, senderId, recipientIdsList, dateTime, readStatus, subject, text, threadId, otherAttributes); diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java index b3042fb4a5..746b76f61e 100644 --- a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java @@ -73,8 +73,8 @@ class SampleFileIngestModule implements FileIngestModule { // Skip anything other than actual file system files. if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) - || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) - || (file.isFile() == false)) { + || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) + || (file.isFile() == false)) { return IngestModule.ProcessResult.OK; } @@ -111,10 +111,13 @@ class SampleFileIngestModule implements FileIngestModule { addToBlackboardPostCount(context.getJobId(), 1L); /* - * post the artifact which will index the artifact for keyword - * search, and fire an event to notify UI of this new artifact + * Post the artifact to the blackboard. Doing so will cause events + * to be published that will trigger additional analysis, if + * applicable. For example, the creation of timeline events, + * indexing of the artifact for keyword search, and analysis by the + * data artifact ingest modules if the artifact is a data artifact. */ - file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName()); + file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName(), context.getJobId()); return IngestModule.ProcessResult.OK; diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index bcc0f2735e..2c87487232 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -34,6 +34,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; import java.util.concurrent.Callable; import java.util.concurrent.ConcurrentHashMap; @@ -296,8 +297,8 @@ public class IngestManager implements IngestProgressSnapshotProvider { @Subscribe void handleArtifactsPosted(Blackboard.ArtifactsPostedEvent tskEvent) { /* - * Add any new data artifacts to the source ingest job for possible - * analysis. + * Add any new data artifacts included in the event to the source ingest + * job for possible analysis. */ List newDataArtifacts = new ArrayList<>(); Collection newArtifacts = tskEvent.getArtifacts(); @@ -308,18 +309,58 @@ public class IngestManager implements IngestProgressSnapshotProvider { } if (!newDataArtifacts.isEmpty()) { IngestJob ingestJob = null; - Long ingestJobId = tskEvent.getIngestJobId(); - if (ingestJobId != null) { + Optional ingestJobId = tskEvent.getIngestJobId(); + if (ingestJobId.isPresent()) { synchronized (ingestJobsById) { - ingestJob = ingestJobsById.get(ingestJobId); + ingestJob = ingestJobsById.get(ingestJobId.get()); } } else { /* - * Handle the case where ingest modules may not supply an ingest - * job ID. In such cases, try to identify the ingest job, if - * any, via its data source. There is a slight risk here that - * the wrong ingest job will be selected if multiple ingests of - * the same data source are in progress. + * There are four use cases where the ingest job ID returned by + * the event is expected be null: + * + * 1. The artifacts are being posted by a data source proccessor + * (DSP) module that runs before the ingest job is created, + * i.e., a DSP that does not support streaming ingest and has no + * noton of an ingest job ID. In this use case, the event is + * handled synchronously. The DSP calls + * Blackboard.postArtifacts(), which puts the event on the event + * bus to which this method subscribes, so the event will be + * handled here before the DSP completes and calls + * DataSourceProcessorCallback.done(). This means the code below + * will execute before the ingest job is created, so it will not + * find an ingest job to which to add the artifacts. However, + * the artifacts WILL be analyzed after the ingest job is + * started, when the ingest job executor, working in batch mode, + * schedules ingest tasks for all of the data artifacts in the + * case database. There is a slight risk that the wrong ingest + * job will be selected if multiple ingests of the same data + * source are in progress. + * + * 2. The artifacts were posted by an ingest module that either + * has not been updated to use the current + * Blackboard.postArtifacts() API, or is using it incorrectly. + * In this use case, the code below should be able to find the + * ingest job to which to add the artifacts via their data + * source. There is a slight risk that the wrong ingest job will + * be selected if multiple ingests of the same data source are + * in progress. + * + * 3. The portable case generator uses a + * CommunicationArtifactsHelper constructed with a null ingest + * job ID, and the CommunicatonsArtifactHelper posts artifacts. + * Ingest of that data source might be running, in which case + * the data artifact will be analyzed. It also might be analyzed + * by a subsequent ingest job for the data source. This is an + * acceptable edge case. + * + * 4. The user can manually create timeline events with the + * timeline tool, which posts the TSK_TL_EVENT data artifacts. + * The user selects the data source for these artifacts. Ingest + * of that data source might be running, in which case the data + * artifact will be analyzed. It also might be analyzed by a + * subsequent ingest job for the data source. This is an + * acceptable edge case. */ DataArtifact dataArtifact = newDataArtifacts.get(0); try { diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java index e2dd585582..ede9a6ea83 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java @@ -33,7 +33,7 @@ import org.sleuthkit.datamodel.SleuthkitCase; */ public final class IngestServices { - private static Logger logger = Logger.getLogger(IngestServices.class.getName()); + private final static Logger logger = Logger.getLogger(IngestServices.class.getName()); private static IngestServices instance = null; /** @@ -115,7 +115,7 @@ public final class IngestServices { public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) { try { Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); - blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName()); + blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName(), null); } catch (NoCurrentCaseException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Failed to post artifacts", ex); } diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index eb52c88baf..ceb0ebbde6 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -1,7 +1,7 @@ /* * Autopsy * - * Copyright 2019 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -513,8 +513,7 @@ final class AddLogicalImageTask implements Runnable { private void postArtifacts(List artifacts) { try { - // index the artifact for keyword search - blackboard.postArtifacts(artifacts, MODULE_NAME); + blackboard.postArtifacts(artifacts, MODULE_NAME, null); } catch (Blackboard.BlackboardException ex) { LOGGER.log(Level.SEVERE, "Unable to post artifacts to blackboard", ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java index ec614e56b0..2f83f3d827 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2013-2019 Basis Technology Corp. + * Copyright 2013-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -303,7 +303,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule { .getAnalysisResult(); Case.getCurrentCase().getServices().getArtifactsBlackboard() - .postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName()); + .postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName(), context.getJobId()); } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Error creating verification failed artifact", ex); } catch (Blackboard.BlackboardException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java index 3966317d15..dc468db858 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -114,7 +114,7 @@ final class DATExtractor extends DroneExtractor { GeoTrackPoints trackPoints = processCSVFile(context, DATFile, csvFilePath); if (trackPoints != null && !trackPoints.isEmpty()) { - (new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile)).addTrack(DATFile.getName(), trackPoints, null); + (new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile, context.getJobId())).addTrack(DATFile.getName(), trackPoints, null); } else { logger.log(Level.INFO, String.format("No trackpoints with valid longitude or latitude found in %s", DATFile.getName())); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index 75cef1a8f1..574b034ab4 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -341,7 +341,7 @@ class SevenZipExtractor { * keyword search, and fire an event to notify UI of this * new artifact */ - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId()); String msg = NbBundle.getMessage(SevenZipExtractor.class, "EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg", archiveFile.getName(), escapedFilePath);//NON-NLS @@ -870,7 +870,7 @@ class SevenZipExtractor { * keyword search, and fire an event to notify UI of this * new artifact */ - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to post blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error( diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java index 5eb6f91e12..95b3dc7132 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -172,7 +172,7 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges * post the artifact which will index the artifact for keyword * search, and fire an event to notify UI of this new artifact */ - blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index 81e7c1877e..3d08163c9e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2018 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -212,7 +212,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter * post the artifact which will index the artifact for keyword * search, and fire an event to notify UI of this new artifact */ - blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index 586543c003..0d3f40bd3e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -155,7 +155,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule { * keyword search, and fire an event to notify UI of this * new artifact */ - blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName()); + blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName(), jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bart.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(FileExtMismatchDetectorModuleFactory.getModuleName(), Bundle.FileExtMismatchIngestModule_indexError_message()); diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 0288d5b463..734eedaf35 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2013-2018 Basis Technology Corp. + * Copyright 2013-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -206,7 +206,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { * keyword search, and fire an event to notify UI of this * new artifact */ - tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName()); + tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName(), jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 8b6cc47d79..c89e7893c6 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,6 @@ package org.sleuthkit.autopsy.modules.hashdatabase; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.concurrent.atomic.AtomicLong; @@ -43,13 +42,11 @@ import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.HashHitInfo; import org.sleuthkit.datamodel.HashUtility; import org.sleuthkit.datamodel.Score; -import org.sleuthkit.datamodel.Score.Significance; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; @@ -552,7 +549,7 @@ public class HashDbIngestModule implements FileIngestModule { * post the artifact which will index the artifact for keyword * search, and fire an event to notify UI of this new artifact */ - blackboard.postArtifact(badFile, moduleName); + blackboard.postArtifact(badFile, moduleName, jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + badFile.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error( diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java index d447f204d5..ec259e933a 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014-2018 Basis Technology Corp. + * Copyright 2014-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -151,7 +151,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule { try { // Post thet artifact to the blackboard. - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName()); diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java index 3409098d95..06f367d691 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -101,7 +101,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule { } try { - aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName()); + aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName(), context); } catch (IOException | IngestModuleException | NoCurrentCaseException ex) { throw new IngestModuleException(Bundle.ALeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex); } diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java index 339be316a9..c3afd036d8 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -101,7 +101,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule { } try { - iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName()); + iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName(), context); } catch (IOException | IngestModuleException | NoCurrentCaseException ex) { throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex); } @@ -333,7 +333,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule { * added to reports */ private void addILeappReportToReports(Path iLeappOutputDir, Case currentCase) { - List allIndexFiles = new ArrayList<>(); + List allIndexFiles; try (Stream walk = Files.walk(iLeappOutputDir)) { @@ -402,7 +402,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule { String fileName = FilenameUtils.getName(ffp); String filePath = FilenameUtils.getPath(ffp); - List iLeappFiles = new ArrayList<>(); + List iLeappFiles; try { if (filePath.isEmpty()) { iLeappFiles = fileManager.findFiles(dataSource, fileName); //NON-NLS diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 5ebf4ddca6..8b500820d2 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -61,6 +61,7 @@ import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.coreutils.NetworkUtils; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.PlatformUtil; +import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException; import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult; import org.sleuthkit.datamodel.AbstractFile; @@ -144,6 +145,7 @@ public final class LeappFileProcessor { private static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName()); private final String xmlFile; //NON-NLS private final String moduleName; + private final IngestJobContext context; private final Map tsvFiles; private final Map tsvFileArtifacts; @@ -192,15 +194,16 @@ public final class LeappFileProcessor { .put("call history.tsv", "calllog") .build(); - Blackboard blkBoard; + private final Blackboard blkBoard; - public LeappFileProcessor(String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException { + public LeappFileProcessor(String xmlFile, String moduleName, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException { this.tsvFiles = new HashMap<>(); this.tsvFileArtifacts = new HashMap<>(); this.tsvFileArtifactComments = new HashMap<>(); this.tsvFileAttributes = new HashMap<>(); this.xmlFile = xmlFile; this.moduleName = moduleName; + this.context = context; blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); @@ -250,7 +253,7 @@ public final class LeappFileProcessor { * we know we want to process and return the list to process those files. */ private List findTsvFiles(Path LeappOutputDir) throws IngestModuleException { - List allTsvFiles = new ArrayList<>(); + List allTsvFiles; List foundTsvFiles = new ArrayList<>(); try (Stream walk = Files.walk(LeappOutputDir)) { @@ -348,10 +351,10 @@ public final class LeappFileProcessor { AbstractFile geoAbstractFile = null; if (LeappFile == null || !LeappFile.exists() || fileName == null) { - logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "")); + logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile != null ? LeappFile.toString() : "")); return; } else if (attrList == null || artifactType == null || dataSource == null) { - logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile == null ? LeappFile.toString() : "")); + logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile.toString())); return; } @@ -408,9 +411,8 @@ public final class LeappFileProcessor { } try { - if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase() == "trackpoint") { - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile)).addTrack(trackpointSegmentName, pointList, new ArrayList<>()); - + if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase().equals("trackpoint")) { + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile, context.getJobId())).addTrack(trackpointSegmentName, pointList, new ArrayList<>()); } } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS @@ -433,7 +435,7 @@ public final class LeappFileProcessor { Long dateTime = Long.valueOf(0); Collection otherAttributes = new ArrayList<>(); String sourceFile = null; - AbstractFile absFile = null; + AbstractFile absFile; String comment = ""; try { @@ -478,7 +480,7 @@ public final class LeappFileProcessor { GeoWaypoints waypointList = new GeoWaypoints(); waypointList.addPoint(new Waypoint(startLatitude, startLongitude, zeroValue, "")); waypointList.addPoint(new Waypoint(endLatitude, endLongitude, zeroValue, locationName)); - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addRoute(destinationName, dateTime, waypointList, new ArrayList<>()); + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addRoute(destinationName, dateTime, waypointList, new ArrayList<>()); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_waypoint_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS @@ -536,13 +538,10 @@ public final class LeappFileProcessor { if (absFile == null) { absFile = (AbstractFile) dataSource; } - if ((trackpointSegmentName == null) || (trackpointSegmentName == segmentName)) { - trackpointSegmentName = segmentName; + if ((trackpointSegmentName == null) || (trackpointSegmentName.equals(segmentName))) { pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); } else { - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addTrack(segmentName, pointList, new ArrayList<>()); - trackpointSegmentName = segmentName; - pointList = new GeoTrackPoints(); + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addTrack(segmentName, pointList, new ArrayList<>()); pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); } @@ -573,7 +572,7 @@ public final class LeappFileProcessor { List otherAttributes = new ArrayList<>(); List fileAttachments = new ArrayList<>(); String sourceFile = null; - MessageAttachments messageAttachments = null; + MessageAttachments messageAttachments; try { for (BlackboardAttribute bba : bbattributes) { @@ -635,21 +634,21 @@ public final class LeappFileProcessor { if (absFile == null) { absFile = (AbstractFile) dataSource; } - CommunicationArtifactsHelper accountArtifact; + CommunicationArtifactsHelper accountHelper; Account.Type accountType = getAccountType(fileName); if (alternateId == null) { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + moduleName, absFile, accountType, context.getJobId()); } else { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } - BlackboardArtifact messageArtifact = accountArtifact.addMessage(messageType, communicationDirection, senderId, + BlackboardArtifact messageArtifact = accountHelper.addMessage(messageType, communicationDirection, senderId, receipentId, dateTime, messageStatus, subject, messageText, threadId, otherAttributes); if (!fileAttachments.isEmpty()) { messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>()); - accountArtifact.addAttachments(messageArtifact, messageAttachments); + accountHelper.addAttachments(messageArtifact, messageAttachments); } } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS @@ -712,15 +711,15 @@ public final class LeappFileProcessor { Account.Type accountType = getAccountType(fileName); if (accountType != null) { - CommunicationArtifactsHelper accountArtifact; + CommunicationArtifactsHelper accountHelper; if (alternateId == null) { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + moduleName, absFile, accountType, context.getJobId()); } else { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } - BlackboardArtifact messageArtifact = accountArtifact.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes); + BlackboardArtifact messageArtifact = accountHelper.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes); } } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_contact_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS @@ -782,7 +781,7 @@ public final class LeappFileProcessor { } } - if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING) { + if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING && callerId != null) { String[] calleeTempList = callerId.split(",", 0); calleeId = Arrays.asList(calleeTempList); callerId = null; @@ -792,15 +791,15 @@ public final class LeappFileProcessor { absFile = (AbstractFile) dataSource; } Account.Type accountType = getAccountType(fileName); - CommunicationArtifactsHelper accountArtifact; + CommunicationArtifactsHelper accountHelper; if (accountType != null) { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + moduleName, absFile, accountType, context.getJobId()); } else { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } - BlackboardArtifact callLogArtifact = accountArtifact.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes); + accountHelper.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_calllog_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS } @@ -927,7 +926,7 @@ public final class LeappFileProcessor { String formattedValue = formatValueBasedOnAttrType(colAttr, value); - BlackboardAttribute attr = (value == null) ? null : getAttribute(colAttr.getAttributeType(), formattedValue, fileName); + BlackboardAttribute attr = getAttribute(colAttr.getAttributeType(), formattedValue, fileName); if (attr == null) { logger.log(Level.WARNING, String.format("Blackboard attribute could not be parsed column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName)); return Collections.emptyList(); @@ -997,7 +996,7 @@ public final class LeappFileProcessor { (v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v).longValue())); case DOUBLE: return parseAttrValue(value.trim(), attrType, fileName, true, false, - (v) -> new BlackboardAttribute(attrType, moduleName, (double) Double.valueOf(v))); + (v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v))); case BYTE: return parseAttrValue(value.trim(), attrType, fileName, true, false, (v) -> new BlackboardAttribute(attrType, moduleName, new byte[]{Byte.valueOf(v)})); @@ -1048,20 +1047,20 @@ public final class LeappFileProcessor { private BlackboardAttribute parseAttrValue(String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) { // remove non-printable characters from tsv input // https://stackoverflow.com/a/6199346 - value = value.replaceAll("\\p{C}", ""); + String sanitizedValue = value.replaceAll("\\p{C}", ""); - if (blankIsNull && StringUtils.isBlank(value)) { + if (blankIsNull && StringUtils.isBlank(sanitizedValue)) { return null; } - if (zeroIsNull && value.matches("^\\s*[0\\.]*\\s*$")) { + if (zeroIsNull && sanitizedValue.matches("^\\s*[0\\.]*\\s*$")) { return null; } try { - return valueConverter.apply(value); + return valueConverter.apply(sanitizedValue); } catch (NumberFormatException | ParseException ex) { - logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", value, attrType.getValueType().getLabel(), fileName), ex); + logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", sanitizedValue, attrType.getValueType().getLabel(), fileName), ex); return null; } } @@ -1183,10 +1182,13 @@ public final class LeappFileProcessor { if (columnName == null) { logger.log(Level.SEVERE, String.format("No column name provided for [%s]", getXmlAttrIdentifier(parentName, attributeName))); + continue; } else if (columnName.trim().length() != columnName.length()) { logger.log(Level.SEVERE, String.format("Column name '%s' starts or ends with whitespace for [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName))); + continue; } else if (columnName.matches("[^ \\S]")) { logger.log(Level.SEVERE, String.format("Column name '%s' contains invalid characters [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName))); + continue; } TsvColumn thisCol = new TsvColumn( @@ -1228,7 +1230,7 @@ public final class LeappFileProcessor { case ANALYSIS_RESULT: return dataSource.newAnalysisResult(artType, Score.SCORE_UNKNOWN, null, null, null, bbattributes).getAnalysisResult(); default: - logger.log(Level.SEVERE, "Unknown category type: " + artType.getCategory().getDisplayName()); + logger.log(Level.SEVERE, String.format("Unknown category type: %s", artType.getCategory().getDisplayName())); return null; } } catch (TskException ex) { @@ -1249,7 +1251,7 @@ public final class LeappFileProcessor { } try { - Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName); + Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, Bundle.LeappFileProcessor_postartifacts_error(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java index cb6e017067..2806931f69 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java @@ -172,7 +172,7 @@ public class EXIFProcessor implements PictureProcessor { artifacts.add(userSuspectedArtifact); try { - blackboard.postArtifacts(artifacts, MODULE_NAME); + blackboard.postArtifacts(artifacts, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Error posting TSK_METADATA_EXIF and TSK_USER_CONTENT_SUSPECTED artifacts for %s (object ID = %d)", file.getName(), file.getId()), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java index f2b7e5942f..5a7a1646ed 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018-2019 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -352,7 +352,7 @@ public class PlasoIngestModule implements DataSourceIngestModule { * keyword search, and fire an event to notify UI of * this new artifact */ - blackboard.postArtifact(bbart, MODULE_NAME); + blackboard.postArtifact(bbart, MODULE_NAME, context.getJobId()); } catch (BlackboardException ex) { logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java index 40d4c4abb7..b2980ddcbb 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -159,7 +159,7 @@ public class YaraIngestModule extends FileIngestModuleAdapter { if(!artifacts.isEmpty()) { Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); - blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName()); + blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName(), context.getJobId()); } } catch (BlackboardException | NoCurrentCaseException | IngestModuleException | TskCoreException | YaraWrapperException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java index 3eb07b45f6..830f706b7d 100644 --- a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java +++ b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -1424,7 +1424,7 @@ public class PortableCaseReportModule implements ReportModule { // Add the attachment. The account type specified in the constructor will not be used. CommunicationArtifactsHelper communicationArtifactsHelper = new CommunicationArtifactsHelper(currentCase.getSleuthkitCase(), - newSourceStr, newFile, Account.Type.EMAIL); + newSourceStr, newFile, Account.Type.EMAIL, null); communicationArtifactsHelper.addAttachments(newArtifact, new MessageAttachments(newFileAttachments, msgAttachments.getUrlAttachments())); } catch (BlackboardJsonAttrUtil.InvalidJsonException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java index 834adc0a97..3fb49998a3 100644 --- a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java +++ b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2020 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,7 +23,6 @@ import java.util.List; import javax.xml.bind.DatatypeConverter; import org.joda.time.DateTime; import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.Blackboard.BlackboardException; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -87,6 +86,7 @@ final class CustomArtifactType { * blackboard. * * @param source The artifact source content. + * @param ingestJobId The ingest job ID. * * @return A BlackboardArtifact object. * @@ -95,7 +95,7 @@ final class CustomArtifactType { * @throws Blackboard.BlackboardException If there is an error posting the * artifact to the blackboard. */ - static BlackboardArtifact createAndPostInstance(Content source) throws TskCoreException, Blackboard.BlackboardException { + static BlackboardArtifact createAndPostInstance(Content source, long ingestJobId) throws TskCoreException, Blackboard.BlackboardException { List attributes = new ArrayList<>(); attributes.add(new BlackboardAttribute(intAttrType, MODULE_NAME, 0)); attributes.add(new BlackboardAttribute(doubleAttrType, MODULE_NAME, 0.0)); @@ -131,7 +131,7 @@ final class CustomArtifactType { } Blackboard blackboard = Case.getCurrentCase().getServices().getArtifactsBlackboard(); - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, ingestJobId); return artifact; } diff --git a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java index ffe9b595bf..8cbd01ef02 100644 --- a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2020 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -38,7 +38,8 @@ import org.sleuthkit.datamodel.TskCoreException; public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceIngestModuleAdapter { private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorDataSourceIngestModule.class.getName()); - + private IngestJobContext context; + /** * Adds the custom artifact type this module uses to the case database of * the current case. @@ -51,6 +52,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge */ @Override public void startUp(IngestJobContext context) throws IngestModuleException { + this.context = context; try { CustomArtifactType.addToCaseDatabase(); } catch (Blackboard.BlackboardException ex) { @@ -70,7 +72,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge @Override public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) { try { - CustomArtifactType.createAndPostInstance(dataSource); + CustomArtifactType.createAndPostInstance(dataSource, context.getJobId()); } catch (TskCoreException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Failed to process data source (obj_id = %d)", dataSource.getId()), ex); return ProcessResult.ERROR; diff --git a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java index de015d8a21..235ef1f84b 100644 --- a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2020 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -37,6 +37,7 @@ import org.sleuthkit.datamodel.TskCoreException; final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapter { private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorFileIngestModule.class.getName()); + private IngestJobContext context; /** * Adds the custom artifact type this module uses to the case database of @@ -50,6 +51,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt */ @Override public void startUp(IngestJobContext context) throws IngestModuleException { + this.context = context; try { CustomArtifactType.addToCaseDatabase(); } catch (Blackboard.BlackboardException ex) { @@ -71,7 +73,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt return ProcessResult.OK; } try { - CustomArtifactType.createAndPostInstance(file); + CustomArtifactType.createAndPostInstance(file, context.getJobId()); } catch (TskCoreException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex); return ProcessResult.ERROR; diff --git a/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java b/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java index 4b7f43cb8f..acae10c1e0 100755 --- a/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java @@ -157,7 +157,7 @@ public class AddManualEvent extends Action { BlackboardArtifact artifact = eventInfo.datasource.newDataArtifact(new BlackboardArtifact.Type(TSK_TL_EVENT), attributes, null); try { - sleuthkitCase.getBlackboard().postArtifact(artifact, source); + sleuthkitCase.getBlackboard().postArtifact(artifact, source, null); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Error posting artifact to the blackboard.", ex); //NON-NLS new Alert(Alert.AlertType.ERROR, Bundle.AddManualEvent_postArtifactFailed(), ButtonType.OK).showAndWait(); diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java index 08a5be91d3..eee83e16ef 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -177,7 +177,7 @@ public class ObjectDetectectionFileIngestModule extends FileIngestModuleAdapter /* * Index the artifact for keyword search. */ - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS } diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java index 5cd15156a1..0efa6cbfc4 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java @@ -1,7 +1,7 @@ /* * Autopsy * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -390,7 +390,7 @@ class VolatilityProcessor { try { // index the artifact for keyword search - blackboard.postArtifact(volArtifact, VOLATILITY); + blackboard.postArtifact(volArtifact, VOLATILITY, null); } catch (Blackboard.BlackboardException ex) { errorMsgs.add(Bundle.VolatilityProcessor_errorMessage_failedToIndexArtifact(pluginName)); /* diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index 49e26483d0..375652b6c4 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -134,7 +134,7 @@ class GPXParserFileIngestModule(FileIngestModule): # Create a GeoArtifactsHelper for this file. geoArtifactHelper = GeoArtifactsHelper( - self.skCase, self.moduleName, None, file) + self.skCase, self.moduleName, None, file, context.getJobId()) if self.writeDebugMsgs: self.log(Level.INFO, "Processing " + file.getUniquePath() + @@ -213,7 +213,7 @@ class GPXParserFileIngestModule(FileIngestModule): art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) - self.blackboard.postArtifact(art, self.moduleName) + self.blackboard.postArtifact(art, self.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " + diff --git a/InternalPythonModules/android/browserlocation.py b/InternalPythonModules/android/browserlocation.py index faab73bcfa..ab0d52f709 100644 --- a/InternalPythonModules/android/browserlocation.py +++ b/InternalPythonModules/android/browserlocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -104,9 +104,8 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer): # NOTE: originally commented out try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, general.MODULE_NAME) + blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/cachelocation.py b/InternalPythonModules/android/cachelocation.py index 599eb60ca1..15879e99b8 100644 --- a/InternalPythonModules/android/cachelocation.py +++ b/InternalPythonModules/android/cachelocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -102,9 +102,8 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer): # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy)) # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence)) try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, general.MODULE_NAME) + blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/calllog.py b/InternalPythonModules/android/calllog.py index 13775e80f7..2762f0b869 100644 --- a/InternalPythonModules/android/calllog.py +++ b/InternalPythonModules/android/calllog.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -83,12 +83,12 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer): callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, callLogDb.getDBFile(), - Account.Type.PHONE, Account.Type.PHONE, selfAccountId ) + Account.Type.PHONE, Account.Type.PHONE, selfAccountId, context.getJobId()) else: callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, callLogDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) for tableName in CallLogAnalyzer._tableNames: try: diff --git a/InternalPythonModules/android/contact.py b/InternalPythonModules/android/contact.py index 8144890134..5d5e181fdd 100644 --- a/InternalPythonModules/android/contact.py +++ b/InternalPythonModules/android/contact.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -75,7 +75,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): return for contactDb in contactsDbs: try: - self.__findContactsInDB(contactDb, dataSource) + self.__findContactsInDB(contactDb, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Contacts", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -86,7 +86,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): """ Queries the given contact database and adds Contacts to the case. """ - def __findContactsInDB(self, contactDb, dataSource): + def __findContactsInDB(self, contactDb, dataSource, context): if not contactDb: return @@ -97,7 +97,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, contactDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) # get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) # sorted by name, so phonenumber/email would be consecutive for a person if they exist. @@ -158,7 +158,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): phoneNumber, # phoneNumber, None, # homePhoneNumber, None, # mobilePhoneNumber, - emailAddr) # emailAddr + emailAddr, context.getJobId()) # emailAddr except SQLException as ex: self._logger.log(Level.WARNING, "Error processing query result for Android messages.", ex) diff --git a/InternalPythonModules/android/fbmessenger.py b/InternalPythonModules/android/fbmessenger.py index 86dc9cd474..05954e0e9f 100644 --- a/InternalPythonModules/android/fbmessenger.py +++ b/InternalPythonModules/android/fbmessenger.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -148,11 +148,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): if self.selfAccountId is not None: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId()) else: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), - Account.Type.FACEBOOK) + Account.Type.FACEBOOK, context.getJobId()) ## get the other contacts/friends contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0") @@ -492,11 +492,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): if self.selfAccountId is not None: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId()) else: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), - Account.Type.FACEBOOK) + Account.Type.FACEBOOK, context.getJobId()) self.analyzeMessages(threadsDb, threadsDBHelper) self.analyzeCallLogs(threadsDb, threadsDBHelper) diff --git a/InternalPythonModules/android/googlemaplocation.py b/InternalPythonModules/android/googlemaplocation.py index 2c33146b21..277b8ef1f5 100644 --- a/InternalPythonModules/android/googlemaplocation.py +++ b/InternalPythonModules/android/googlemaplocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -76,7 +76,7 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer): try: jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) - self.__findGeoLocationsInDB(jFile.toString(), abstractFile) + self.__findGeoLocationsInDB(jFile.toString(), abstractFile, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -84,13 +84,13 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer): # Error finding Google map locations. pass - def __findGeoLocationsInDB(self, databasePath, abstractFile): + def __findGeoLocationsInDB(self, databasePath, abstractFile, context): if not databasePath: return try: artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(), - general.MODULE_NAME, self.PROGRAM_NAME, abstractFile) + general.MODULE_NAME, self.PROGRAM_NAME, abstractFile, context.getJobId()) Class.forName("org.sqlite.JDBC") # load JDBC driver connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath) statement = connection.createStatement() diff --git a/InternalPythonModules/android/imo.py b/InternalPythonModules/android/imo.py index 6898e3693f..7e308340ad 100644 --- a/InternalPythonModules/android/imo.py +++ b/InternalPythonModules/android/imo.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -109,12 +109,12 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO, Account.Type.IMO, selfAccountId ) + Account.Type.IMO, Account.Type.IMO, selfAccountId, context.getJobId()) else: friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO ) + Account.Type.IMO, context.getJobId()) contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends") if contactsResultSet is not None: while contactsResultSet.next(): diff --git a/InternalPythonModules/android/installedapps.py b/InternalPythonModules/android/installedapps.py index ef09a5b5d0..fe80180522 100644 --- a/InternalPythonModules/android/installedapps.py +++ b/InternalPythonModules/android/installedapps.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -75,7 +75,7 @@ class InstalledApplicationsAnalyzer(general.AndroidComponentAnalyzer): try: current_case = Case.getCurrentCaseThrows() libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(), - self._MODULE_NAME, libraryDb.getDBFile()) + self._MODULE_NAME, libraryDb.getDBFile(), context.getJobId()) queryString = "SELECT doc_id, purchase_time FROM ownership" ownershipResultSet = libraryDb.runQuery(queryString) if ownershipResultSet is not None: diff --git a/InternalPythonModules/android/line.py b/InternalPythonModules/android/line.py index 7409f28945..fe39a434c1 100644 --- a/InternalPythonModules/android/line.py +++ b/InternalPythonModules/android/line.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -117,7 +117,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_and_message_db.getDBFile(), Account.Type.LINE) + contact_and_message_db.getDBFile(), Account.Type.LINE, context.getJobId()) self.parse_contacts(contact_and_message_db, helper) self.parse_messages(contact_and_message_db, helper, current_case) @@ -125,7 +125,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - calllog_db.getDBFile(), Account.Type.LINE) + calllog_db.getDBFile(), Account.Type.LINE, context.getJobId()) self.parse_calllogs(dataSource, calllog_db, helper) except NoCurrentCaseException as ex: diff --git a/InternalPythonModules/android/operabrowser.py b/InternalPythonModules/android/operabrowser.py index f1f90b9f04..d9e59defb7 100644 --- a/InternalPythonModules/android/operabrowser.py +++ b/InternalPythonModules/android/operabrowser.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -89,7 +89,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for cookiesDb in cookiesDbs: try: cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, cookiesDb.getDBFile()) + self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId()) cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies") if cookiesResultSet is not None: while cookiesResultSet.next(): @@ -119,7 +119,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for historyDb in historyDbs: try: historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, historyDb.getDBFile()) + self._MODULE_NAME, historyDb.getDBFile(), context.getJobId()) historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") if historyResultSet is not None: while historyResultSet.next(): @@ -148,7 +148,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for downloadsDb in downloadsDbs: try: downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, downloadsDb.getDBFile()) + self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId()) queryString = "SELECT target_path, start_time, url FROM downloads"\ " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" downloadsResultSet = downloadsDb.runQuery(queryString) @@ -177,7 +177,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for autofillDb in autofillDbs: try: autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, autofillDb.getDBFile()) + self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId()) autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill") if autofillsResultSet is not None: while autofillsResultSet.next(): @@ -205,7 +205,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for webFormAddressDb in webFormAddressDbs: try: webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, webFormAddressDb.getDBFile()) + self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId()) queryString = """ SELECT street_address, city, state, zipcode, country_code, date_modified, first_name, last_name, number, email diff --git a/InternalPythonModules/android/oruxmaps.py b/InternalPythonModules/android/oruxmaps.py index 677ea26eea..88dcb6f2f9 100644 --- a/InternalPythonModules/android/oruxmaps.py +++ b/InternalPythonModules/android/oruxmaps.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -72,7 +72,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() skCase = Case.getCurrentCase().getSleuthkitCase() - geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile()) + geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile(), context.getJobId()) poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois" poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString) @@ -96,9 +96,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, self._MODULE_NAME) + blackboard.postArtifact(artifact, self._MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/sbrowser.py b/InternalPythonModules/android/sbrowser.py index 41e9790c5b..75b56d5807 100644 --- a/InternalPythonModules/android/sbrowser.py +++ b/InternalPythonModules/android/sbrowser.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -87,7 +87,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for sbrowserDb in sbrowserDbs: try: sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, sbrowserDb.getDBFile()) + self._MODULE_NAME, sbrowserDb.getDBFile(), context.getJobId()) bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL") if bookmarkResultSet is not None: while bookmarkResultSet.next(): @@ -115,7 +115,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for cookiesDb in cookiesDbs: try: cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, cookiesDb.getDBFile()) + self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId()) cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies") if cookiesResultSet is not None: while cookiesResultSet.next(): @@ -145,7 +145,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for historyDb in historyDbs: try: historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, historyDb.getDBFile()) + self._MODULE_NAME, historyDb.getDBFile(), context.getJobId()) historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") if historyResultSet is not None: while historyResultSet.next(): @@ -174,7 +174,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for downloadsDb in downloadsDbs: try: downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, downloadsDb.getDBFile()) + self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId()) queryString = "SELECT target_path, start_time, url FROM downloads"\ " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" downloadsResultSet = downloadsDb.runQuery(queryString) @@ -203,7 +203,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for autofillDb in autofillDbs: try: autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, autofillDb.getDBFile()) + self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId()) queryString = """ SELECT name, value, count, date_created FROM autofill @@ -236,7 +236,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for webFormAddressDb in webFormAddressDbs: try: webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, webFormAddressDb.getDBFile()) + self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId()) """ Autofill form data is split across multiple tables. The quqery below joins the various tables. """ diff --git a/InternalPythonModules/android/shareit.py b/InternalPythonModules/android/shareit.py index dc9c549f23..b1f0af8314 100644 --- a/InternalPythonModules/android/shareit.py +++ b/InternalPythonModules/android/shareit.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -85,7 +85,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, historyDb.getDBFile(), - Account.Type.SHAREIT) + Account.Type.SHAREIT, context.getJobId()) queryString = """ SELECT history_type, device_id, device_name, description, timestamp, file_path diff --git a/InternalPythonModules/android/skype.py b/InternalPythonModules/android/skype.py index 908a7da451..fbf185dfbe 100644 --- a/InternalPythonModules/android/skype.py +++ b/InternalPythonModules/android/skype.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -129,13 +129,13 @@ class SkypeAnalyzer(general.AndroidComponentAnalyzer): if user_account_instance is None: helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - skype_db.getDBFile(), Account.Type.SKYPE + skype_db.getDBFile(), Account.Type.SKYPE, context.getJobId() ) else: helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, skype_db.getDBFile(), Account.Type.SKYPE, - Account.Type.SKYPE, user_account_instance + Account.Type.SKYPE, user_account_instance, context.getJobId() ) self.parse_contacts(skype_db, helper) self.parse_calllogs(skype_db, helper) diff --git a/InternalPythonModules/android/tangomessage.py b/InternalPythonModules/android/tangomessage.py index a7b9cd888d..bb5256781b 100644 --- a/InternalPythonModules/android/tangomessage.py +++ b/InternalPythonModules/android/tangomessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -72,7 +72,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME) for tangoDbFile in tangoDbFiles: try: - self.__findTangoMessagesInDB(tangoDbFile, dataSource) + self.__findTangoMessagesInDB(tangoDbFile, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -80,7 +80,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): # Error finding Tango messages. pass - def __findTangoMessagesInDB(self, tangoDb, dataSource): + def __findTangoMessagesInDB(self, tangoDb, dataSource, context): if not tangoDb: return @@ -91,7 +91,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, tangoDb.getDBFile(), - Account.Type.TANGO ) + Account.Type.TANGO, context.getJobId()) resultSet = tangoDb.runQuery( "SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;") diff --git a/InternalPythonModules/android/textmessage.py b/InternalPythonModules/android/textmessage.py index 3c46ea7d2d..05777d0c69 100644 --- a/InternalPythonModules/android/textmessage.py +++ b/InternalPythonModules/android/textmessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -80,12 +80,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, messageDb.getDBFile(), - Account.Type.PHONE, Account.Type.IMO, selfAccountId ) + Account.Type.PHONE, Account.Type.IMO, selfAccountId, context.getJobId()) else: messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, messageDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) uuid = UUID.randomUUID().toString() messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;") diff --git a/InternalPythonModules/android/textnow.py b/InternalPythonModules/android/textnow.py index 005e1191dd..1043dab1a0 100644 --- a/InternalPythonModules/android/textnow.py +++ b/InternalPythonModules/android/textnow.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,7 +91,7 @@ class TextNowAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - textnow_db.getDBFile(), Account.Type.TEXTNOW + textnow_db.getDBFile(), Account.Type.TEXTNOW, context.getJobId() ) self.parse_contacts(textnow_db, helper) self.parse_calllogs(textnow_db, helper) diff --git a/InternalPythonModules/android/viber.py b/InternalPythonModules/android/viber.py index cd8fed0854..9626f5d285 100644 --- a/InternalPythonModules/android/viber.py +++ b/InternalPythonModules/android/viber.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,7 +91,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_and_calllog_db.getDBFile(), Account.Type.VIBER) + contact_and_calllog_db.getDBFile(), Account.Type.VIBER, context.getJobId()) self.parse_contacts(contact_and_calllog_db, helper) self.parse_calllogs(contact_and_calllog_db, helper) @@ -100,7 +100,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - message_db.getDBFile(), Account.Type.VIBER) + message_db.getDBFile(), Account.Type.VIBER, context.getJobId()) self.parse_messages(message_db, helper, current_case) except NoCurrentCaseException as ex: @@ -131,9 +131,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): attributes = ArrayList() attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name())) artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes) - - # Post the artifact to blackboard - current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME) + current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME, context.getJobId()) contacts_parser.close() except SQLException as ex: diff --git a/InternalPythonModules/android/whatsapp.py b/InternalPythonModules/android/whatsapp.py index e392fdf24c..6d9e0b5ea7 100644 --- a/InternalPythonModules/android/whatsapp.py +++ b/InternalPythonModules/android/whatsapp.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -145,14 +145,14 @@ class WhatsAppAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_db.getDBFile(), Account.Type.WHATSAPP) + contact_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId()) self.parse_contacts(contact_db, helper) for calllog_and_message_db in calllog_and_message_dbs: current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP) + calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId()) self.parse_calllogs(calllog_and_message_db, helper) self.parse_messages(dataSource, calllog_and_message_db, helper, current_case) diff --git a/InternalPythonModules/android/wwfmessage.py b/InternalPythonModules/android/wwfmessage.py index da3d343ad3..9cb95a411a 100644 --- a/InternalPythonModules/android/wwfmessage.py +++ b/InternalPythonModules/android/wwfmessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -78,7 +78,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME) for wwfDbFile in wwfDbFiles: try: - self.__findWWFMessagesInDB(wwfDbFile, dataSource) + self.__findWWFMessagesInDB(wwfDbFile, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -88,7 +88,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) pass - def __findWWFMessagesInDB(self, wwfDb, dataSource): + def __findWWFMessagesInDB(self, wwfDb, dataSource, context): if not wwfDb: return @@ -98,7 +98,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, wwfDb.getDBFile(), - wwfAccountType ) + wwfAccountType, context.getJobId()) uuid = UUID.randomUUID().toString() diff --git a/InternalPythonModules/android/xender.py b/InternalPythonModules/android/xender.py index 2ca86d2045..b1d1dcc8e3 100644 --- a/InternalPythonModules/android/xender.py +++ b/InternalPythonModules/android/xender.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,11 +91,11 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): if selfAccountId is not None: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), - Account.Type.XENDER, Account.Type.XENDER, selfAccountId ) + Account.Type.XENDER, Account.Type.XENDER, selfAccountId, context.getJobId()) else: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), - Account.Type.XENDER) + Account.Type.XENDER, context.getJobId()) queryString = """ SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id, diff --git a/InternalPythonModules/android/zapya.py b/InternalPythonModules/android/zapya.py index 2801b17b68..8f653f2531 100644 --- a/InternalPythonModules/android/zapya.py +++ b/InternalPythonModules/android/zapya.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -81,7 +81,7 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): # transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transferDb.getDBFile(), - Account.Type.ZAPYA) + Account.Type.ZAPYA, context.getJobId()) queryString = "SELECT device, name, direction, createtime, path, title FROM transfer" transfersResultSet = transferDb.runQuery(queryString) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java index d01e8837c3..4dfc014598 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -426,7 +426,7 @@ class AdHocSearchChildFactory extends ChildFactory { final String queryDisp = queryStr.length() > QUERY_DISPLAY_LEN ? queryStr.substring(0, QUERY_DISPLAY_LEN - 1) + " ..." : queryStr; try { progress = ProgressHandle.createHandle(NbBundle.getMessage(this.getClass(), "KeywordSearchResultFactory.progress.saving", queryDisp), () -> BlackboardResultWriter.this.cancel(true)); - hits.process(progress, null, this, false, saveResults); + hits.process(progress, null, this, false, saveResults, null); } finally { finalizeWorker(); } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java index 937c9567fd..383abbd3af 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014 - 2017 Basis Technology Corp. + * Copyright 2014 - 2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -564,7 +564,7 @@ final class IngestSearchRunner { subProgresses[keywordsSearched].progress(keywordList.getName() + ": " + queryDisplayStr, unitProgress); // Create blackboard artifacts - newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true); + newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true, job.getJobId()); } //if has results diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index d350bfea6d..3140916f5e 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -648,7 +648,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule { } if (!bbartifacts.isEmpty()) { try { - Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName); + Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName, jobId); } catch (NoCurrentCaseException | Blackboard.BlackboardException ex) { // Log error and return to continue processing logger.log(Level.WARNING, String.format("Unable to post blackboard artifacts for file $s.", aFile.getParentPath() + aFile.getName()), ex); //NON-NLS diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java index ce72c2cf69..40ed7db43d 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,7 +35,8 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.coreutils.EscapeUtil; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.ingest.IngestMessage; -import org.sleuthkit.autopsy.ingest.IngestServices;; +import org.sleuthkit.autopsy.ingest.IngestServices; +; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -64,7 +65,7 @@ class QueryResults { * and publishing an event to notify subscribers of the blackboard posts. * * The KeywordSearchQuery is used to do the blackboard posts. - * + * * @param query The query. */ QueryResults(KeywordSearchQuery query) { @@ -141,9 +142,10 @@ class QueryResults { * messages inbox if there is a keyword hit in the text * exrtacted from the text source object. * @param saveResults Flag whether to save search results as KWS artifacts. - * + * @param ingestJobId The numeric identifier of the ingest job within which + * the artifacts are being created, may be null. */ - void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker worker, boolean notifyInbox, boolean saveResults) { + void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker worker, boolean notifyInbox, boolean saveResults, Long ingestJobId) { /* * Initialize the progress indicator to the number of keywords that will * be processed. @@ -218,15 +220,15 @@ class QueryResults { } catch (TskCoreException | NoCurrentCaseException tskCoreException) { logger.log(Level.SEVERE, "Failed to get text source object for keyword hit", tskCoreException); //NON-NLS } - + if ((content != null) && saveResults) { /* - * Post an artifact for the hit to the blackboard. + * Post an artifact for the hit to the blackboard. */ BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName()); /* - * Send an ingest inbox message for the hit. + * Send an ingest inbox message for the hit. */ if (null != artifact) { hitArtifacts.add(artifact); @@ -253,7 +255,7 @@ class QueryResults { SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase(); Blackboard blackboard = tskCase.getBlackboard(); - blackboard.postArtifacts(hitArtifacts, MODULE_NAME); + blackboard.postArtifacts(hitArtifacts, MODULE_NAME, ingestJobId); } catch (NoCurrentCaseException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Failed to post KWH artifact to blackboard.", ex); //NON-NLS } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java index bbbf128c72..357f10b8a7 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java @@ -54,8 +54,6 @@ import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; -import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.Content; @@ -939,7 +937,7 @@ class Chromium extends Extract { WebBrowserArtifactsHelper helper = new WebBrowserArtifactsHelper( Case.getCurrentCaseThrows().getSleuthkitCase(), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), - webDataFile + webDataFile, context.getJobId() ); // Get Web form addresses diff --git a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py index 27f9be6161..a0ad098623 100644 --- a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py +++ b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py @@ -172,8 +172,7 @@ class ContactsDbIngestModule(DataSourceIngestModule): )) try: - # index the artifact for keyword search - blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName) + blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py index f58a156170..da4c21f560 100644 --- a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py +++ b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py @@ -146,7 +146,7 @@ class ContactsDbIngestModule(DataSourceIngestModule): # Create an instance of the helper class # TODO - Replace with your parser name and Account.Type helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), - ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE) + ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE, context.getJobId()) # Iterate through each row and create artifacts while result_set.next(): diff --git a/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py b/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py index 5bf710e9d5..8dc5a59763 100644 --- a/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py +++ b/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py @@ -92,11 +92,15 @@ class FindBigRoundFilesIngestModule(FileIngestModule): def log(self, level, msg): self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) + def __init__(self): + self.context = None + # Where any setup and configuration is done # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # TODO: Add any setup code that you need here. def startUp(self, context): + self.context = context self.filesFound = 0 # Throw an IngestModule.IngestModuleException exception if there was a problem setting up @@ -130,8 +134,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule): "Big and Round Files"))).getAnalysisResult() try: - # post the artifact for listeners of artifact events - blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName) + blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/Registry_Example.py b/pythonExamples/Registry_Example.py index f99ead8086..94041bf9e7 100644 --- a/pythonExamples/Registry_Example.py +++ b/pythonExamples/Registry_Example.py @@ -207,9 +207,8 @@ class RegistryExampleIngestModule(DataSourceIngestModule): BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3]) )) - # index the artifact for keyword search try: - blackboard.postArtifact(art, moduleName) + blackboard.postArtifact(art, moduleName, context.getJobId()) except Blackboard.BlackboardException as ex: self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex) diff --git a/pythonExamples/dataSourceIngestModule.py b/pythonExamples/dataSourceIngestModule.py index ecb4f01477..502d535b21 100644 --- a/pythonExamples/dataSourceIngestModule.py +++ b/pythonExamples/dataSourceIngestModule.py @@ -146,8 +146,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule): None, "Test file", None, attrs).getAnalysisResult() try: - # post the artifact for listeners of artifact events. - blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName) + blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/fileIngestModule.py b/pythonExamples/fileIngestModule.py index f72f1c4792..50b2478697 100644 --- a/pythonExamples/fileIngestModule.py +++ b/pythonExamples/fileIngestModule.py @@ -94,11 +94,15 @@ class SampleJythonFileIngestModule(FileIngestModule): def log(self, level, msg): self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) + def __init__(self): + self.context = None + # Where any setup and configuration is done # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # TODO: Add any setup code that you need here. def startUp(self, context): + self.context = context self.filesFound = 0 # Throw an IngestModule.IngestModuleException exception if there was a problem setting up @@ -134,8 +138,7 @@ class SampleJythonFileIngestModule(FileIngestModule): None, "Text Files", None, attrs).getAnalysisResult() try: - # post the artifact for listeners of artifact events - blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName) + blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java index ddeb88e7da..516b786c7d 100644 --- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java +++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2020 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -255,7 +255,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule { try { // index the artifact for keyword search - blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_processPst_indexError_message(), artifact.getDisplayName()); logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS @@ -786,7 +786,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule { try { // index the artifact for keyword search - blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName()); + blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_addArtifact_indexError_message(), bbart.getDisplayName()); diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java index 845e1f2a1c..f83025cbb8 100755 --- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java +++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java @@ -243,7 +243,7 @@ final class VcardParser { // Index the artifact for keyword search. try { - blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(Bundle.VcardParser_addContactArtifact_indexError(), artifact.getDisplayName());