mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
Merge pull request #7381 from rcordovano/7673-postartifacts-feeds-pipeline-other-apis
7673 7626 Allow helpers to call correct Blackboard.postArtifacts() API
This commit is contained in:
Richard Cordovano
GitHub
commit
1623a137e2
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2015-2019 Basis Technology Corp.
|
* Copyright 2015-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -56,7 +56,7 @@ public final class Blackboard implements Closeable {
|
|||||||
@Deprecated
|
@Deprecated
|
||||||
public synchronized void indexArtifact(BlackboardArtifact artifact) throws BlackboardException {
|
public synchronized void indexArtifact(BlackboardArtifact artifact) throws BlackboardException {
|
||||||
try {
|
try {
|
||||||
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, "");
|
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, "", null);
|
||||||
} catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) {
|
} catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) {
|
||||||
throw new BlackboardException(ex.getMessage(), ex);
|
throw new BlackboardException(ex.getMessage(), ex);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -761,8 +761,7 @@ public final class CaseEventListener implements PropertyChangeListener {
|
|||||||
BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, score,
|
BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, score,
|
||||||
null, Bundle.CaseEventsListener_prevExists_text(), justification, attributesForNewArtifact, osAccountInstance.getDataSource().getId()).getAnalysisResult();
|
null, Bundle.CaseEventsListener_prevExists_text(), justification, attributesForNewArtifact, osAccountInstance.getDataSource().getId()).getAnalysisResult();
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
blackboard.postArtifact(newAnalysisResult, MODULE_NAME, null);
|
||||||
blackboard.postArtifact(newAnalysisResult, MODULE_NAME);
|
|
||||||
break;
|
break;
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newAnalysisResult.getArtifactID(), ex); //NON-NLS
|
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newAnalysisResult.getArtifactID(), ex); //NON-NLS
|
||||||
|
|||||||
@ -351,8 +351,7 @@ public class IngestEventsListener {
|
|||||||
.getAnalysisResult();
|
.getAnalysisResult();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
blackboard.postArtifact(newArtifact, MODULE_NAME, null);
|
||||||
blackboard.postArtifact(newArtifact, MODULE_NAME);
|
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newArtifact.getArtifactID(), ex); //NON-NLS
|
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newArtifact.getArtifactID(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -87,6 +87,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
|
|||||||
private Blackboard blackboard;
|
private Blackboard blackboard;
|
||||||
private final boolean createCorrelationProperties;
|
private final boolean createCorrelationProperties;
|
||||||
private final boolean flagUniqueArtifacts;
|
private final boolean flagUniqueArtifacts;
|
||||||
|
private IngestJobContext context;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Instantiate the Central Repository ingest module.
|
* Instantiate the Central Repository ingest module.
|
||||||
@ -229,6 +230,8 @@ final class CentralRepoIngestModule implements FileIngestModule {
|
|||||||
})
|
})
|
||||||
@Override
|
@Override
|
||||||
public void startUp(IngestJobContext context) throws IngestModuleException {
|
public void startUp(IngestJobContext context) throws IngestModuleException {
|
||||||
|
this.context = context;
|
||||||
|
|
||||||
IngestEventsListener.incrementCorrelationEngineModuleCount();
|
IngestEventsListener.incrementCorrelationEngineModuleCount();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -365,7 +368,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
|
|||||||
.getAnalysisResult();
|
.getAnalysisResult();
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.postArtifact(tifArtifact, MODULE_NAME);
|
blackboard.postArtifact(tifArtifact, MODULE_NAME, context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2019-2020 Basis Technology Corp.
|
* Copyright 2019-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -24,7 +24,6 @@ import java.util.Collection;
|
|||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
|
||||||
import org.sleuthkit.datamodel.Account;
|
import org.sleuthkit.datamodel.Account;
|
||||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
@ -288,7 +287,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
|
|||||||
if (callerId != null) {
|
if (callerId != null) {
|
||||||
try {
|
try {
|
||||||
currentCase.getCommunicationsManager().createAccountFileInstance(
|
currentCase.getCommunicationsManager().createAccountFileInstance(
|
||||||
Account.Type.PHONE, callerId, PARSER_NAME, parent);
|
Account.Type.PHONE, callerId, PARSER_NAME, parent, null);
|
||||||
} catch (InvalidAccountIDException ex) {
|
} catch (InvalidAccountIDException ex) {
|
||||||
logger.log(Level.WARNING, String.format("Invalid account identifier %s", callerId), ex);
|
logger.log(Level.WARNING, String.format("Invalid account identifier %s", callerId), ex);
|
||||||
}
|
}
|
||||||
@ -301,7 +300,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
|
|||||||
for (String phone : calleeList) {
|
for (String phone : calleeList) {
|
||||||
try {
|
try {
|
||||||
currentCase.getCommunicationsManager().createAccountFileInstance(
|
currentCase.getCommunicationsManager().createAccountFileInstance(
|
||||||
Account.Type.PHONE, phone, PARSER_NAME, parent);
|
Account.Type.PHONE, phone, PARSER_NAME, parent, null);
|
||||||
} catch (InvalidAccountIDException ex) {
|
} catch (InvalidAccountIDException ex) {
|
||||||
logger.log(Level.WARNING, String.format("Invalid account identifier %s", phone), ex);
|
logger.log(Level.WARNING, String.format("Invalid account identifier %s", phone), ex);
|
||||||
}
|
}
|
||||||
@ -314,13 +313,13 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
|
|||||||
if (!otherAttributes.isEmpty()) {
|
if (!otherAttributes.isEmpty()) {
|
||||||
BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG), otherAttributes);
|
BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG), otherAttributes);
|
||||||
|
|
||||||
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
|
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// Otherwise we can safely use the helper.
|
// Otherwise we can safely use the helper.
|
||||||
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
|
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
|
||||||
currentCase, PARSER_NAME, parent, Account.Type.PHONE);
|
currentCase, PARSER_NAME, parent, Account.Type.PHONE, null);
|
||||||
|
|
||||||
helper.addCalllog(direction, callerId, calleeList, startTime,
|
helper.addCalllog(direction, callerId, calleeList, startTime,
|
||||||
endTime, callType, otherAttributes);
|
endTime, callType, otherAttributes);
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2019-2020 Basis Technology Corp.
|
* Copyright 2019-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -24,7 +24,6 @@ import java.util.List;
|
|||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||||
import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
|
import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
|
||||||
import org.sleuthkit.datamodel.Account;
|
import org.sleuthkit.datamodel.Account;
|
||||||
import org.sleuthkit.datamodel.Blackboard;
|
import org.sleuthkit.datamodel.Blackboard;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
@ -136,7 +135,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser {
|
|||||||
// complain about illegal arguments.
|
// complain about illegal arguments.
|
||||||
if (phoneNumber != null || homePhoneNumber != null || mobilePhoneNumber != null || hasAnEmail) {
|
if (phoneNumber != null || homePhoneNumber != null || mobilePhoneNumber != null || hasAnEmail) {
|
||||||
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
|
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
|
||||||
currentCase, PARSER_NAME, parent, Account.Type.DEVICE);
|
currentCase, PARSER_NAME, parent, Account.Type.DEVICE, null);
|
||||||
|
|
||||||
helper.addContact(contactName, phoneNumber, homePhoneNumber,
|
helper.addContact(contactName, phoneNumber, homePhoneNumber,
|
||||||
mobilePhoneNumber, emailAddr, additionalAttributes);
|
mobilePhoneNumber, emailAddr, additionalAttributes);
|
||||||
@ -145,7 +144,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser {
|
|||||||
if (!additionalAttributes.isEmpty()) {
|
if (!additionalAttributes.isEmpty()) {
|
||||||
BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), additionalAttributes);
|
BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), additionalAttributes);
|
||||||
|
|
||||||
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
|
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2019-2020 Basis Technology Corp.
|
* Copyright 2019-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -318,7 +318,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
|
|||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
currentCase.getCommunicationsManager().createAccountFileInstance(
|
currentCase.getCommunicationsManager().createAccountFileInstance(
|
||||||
Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent);
|
Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent, null);
|
||||||
} catch (InvalidAccountIDException ex) {
|
} catch (InvalidAccountIDException ex) {
|
||||||
logger.log(Level.WARNING, String.format("Invalid account identifier %s", pair.getValue()), ex);
|
logger.log(Level.WARNING, String.format("Invalid account identifier %s", pair.getValue()), ex);
|
||||||
}
|
}
|
||||||
@ -437,7 +437,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
|
|||||||
}
|
}
|
||||||
|
|
||||||
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
|
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
|
||||||
currentCase, PARSER_NAME, parent, Account.Type.PHONE);
|
currentCase, PARSER_NAME, parent, Account.Type.PHONE, null);
|
||||||
|
|
||||||
helper.addMessage(messageType, direction, senderId, recipientIdsList,
|
helper.addMessage(messageType, direction, senderId, recipientIdsList,
|
||||||
dateTime, readStatus, subject, text, threadId, otherAttributes);
|
dateTime, readStatus, subject, text, threadId, otherAttributes);
|
||||||
|
|||||||
@ -73,8 +73,8 @@ class SampleFileIngestModule implements FileIngestModule {
|
|||||||
|
|
||||||
// Skip anything other than actual file system files.
|
// Skip anything other than actual file system files.
|
||||||
if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)
|
if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)
|
||||||
|| (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)
|
|| (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)
|
||||||
|| (file.isFile() == false)) {
|
|| (file.isFile() == false)) {
|
||||||
return IngestModule.ProcessResult.OK;
|
return IngestModule.ProcessResult.OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -111,10 +111,13 @@ class SampleFileIngestModule implements FileIngestModule {
|
|||||||
addToBlackboardPostCount(context.getJobId(), 1L);
|
addToBlackboardPostCount(context.getJobId(), 1L);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* post the artifact which will index the artifact for keyword
|
* Post the artifact to the blackboard. Doing so will cause events
|
||||||
* search, and fire an event to notify UI of this new artifact
|
* to be published that will trigger additional analysis, if
|
||||||
|
* applicable. For example, the creation of timeline events,
|
||||||
|
* indexing of the artifact for keyword search, and analysis by the
|
||||||
|
* data artifact ingest modules if the artifact is a data artifact.
|
||||||
*/
|
*/
|
||||||
file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName());
|
file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName(), context.getJobId());
|
||||||
|
|
||||||
return IngestModule.ProcessResult.OK;
|
return IngestModule.ProcessResult.OK;
|
||||||
|
|
||||||
|
|||||||
@ -34,6 +34,7 @@ import java.util.HashMap;
|
|||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
import java.util.Optional;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.concurrent.Callable;
|
import java.util.concurrent.Callable;
|
||||||
import java.util.concurrent.ConcurrentHashMap;
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
@ -296,8 +297,8 @@ public class IngestManager implements IngestProgressSnapshotProvider {
|
|||||||
@Subscribe
|
@Subscribe
|
||||||
void handleArtifactsPosted(Blackboard.ArtifactsPostedEvent tskEvent) {
|
void handleArtifactsPosted(Blackboard.ArtifactsPostedEvent tskEvent) {
|
||||||
/*
|
/*
|
||||||
* Add any new data artifacts to the source ingest job for possible
|
* Add any new data artifacts included in the event to the source ingest
|
||||||
* analysis.
|
* job for possible analysis.
|
||||||
*/
|
*/
|
||||||
List<DataArtifact> newDataArtifacts = new ArrayList<>();
|
List<DataArtifact> newDataArtifacts = new ArrayList<>();
|
||||||
Collection<BlackboardArtifact> newArtifacts = tskEvent.getArtifacts();
|
Collection<BlackboardArtifact> newArtifacts = tskEvent.getArtifacts();
|
||||||
@ -308,18 +309,58 @@ public class IngestManager implements IngestProgressSnapshotProvider {
|
|||||||
}
|
}
|
||||||
if (!newDataArtifacts.isEmpty()) {
|
if (!newDataArtifacts.isEmpty()) {
|
||||||
IngestJob ingestJob = null;
|
IngestJob ingestJob = null;
|
||||||
Long ingestJobId = tskEvent.getIngestJobId();
|
Optional<Long> ingestJobId = tskEvent.getIngestJobId();
|
||||||
if (ingestJobId != null) {
|
if (ingestJobId.isPresent()) {
|
||||||
synchronized (ingestJobsById) {
|
synchronized (ingestJobsById) {
|
||||||
ingestJob = ingestJobsById.get(ingestJobId);
|
ingestJob = ingestJobsById.get(ingestJobId.get());
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
* Handle the case where ingest modules may not supply an ingest
|
* There are four use cases where the ingest job ID returned by
|
||||||
* job ID. In such cases, try to identify the ingest job, if
|
* the event is expected be null:
|
||||||
* any, via its data source. There is a slight risk here that
|
*
|
||||||
* the wrong ingest job will be selected if multiple ingests of
|
* 1. The artifacts are being posted by a data source proccessor
|
||||||
* the same data source are in progress.
|
* (DSP) module that runs before the ingest job is created,
|
||||||
|
* i.e., a DSP that does not support streaming ingest and has no
|
||||||
|
* noton of an ingest job ID. In this use case, the event is
|
||||||
|
* handled synchronously. The DSP calls
|
||||||
|
* Blackboard.postArtifacts(), which puts the event on the event
|
||||||
|
* bus to which this method subscribes, so the event will be
|
||||||
|
* handled here before the DSP completes and calls
|
||||||
|
* DataSourceProcessorCallback.done(). This means the code below
|
||||||
|
* will execute before the ingest job is created, so it will not
|
||||||
|
* find an ingest job to which to add the artifacts. However,
|
||||||
|
* the artifacts WILL be analyzed after the ingest job is
|
||||||
|
* started, when the ingest job executor, working in batch mode,
|
||||||
|
* schedules ingest tasks for all of the data artifacts in the
|
||||||
|
* case database. There is a slight risk that the wrong ingest
|
||||||
|
* job will be selected if multiple ingests of the same data
|
||||||
|
* source are in progress.
|
||||||
|
*
|
||||||
|
* 2. The artifacts were posted by an ingest module that either
|
||||||
|
* has not been updated to use the current
|
||||||
|
* Blackboard.postArtifacts() API, or is using it incorrectly.
|
||||||
|
* In this use case, the code below should be able to find the
|
||||||
|
* ingest job to which to add the artifacts via their data
|
||||||
|
* source. There is a slight risk that the wrong ingest job will
|
||||||
|
* be selected if multiple ingests of the same data source are
|
||||||
|
* in progress.
|
||||||
|
*
|
||||||
|
* 3. The portable case generator uses a
|
||||||
|
* CommunicationArtifactsHelper constructed with a null ingest
|
||||||
|
* job ID, and the CommunicatonsArtifactHelper posts artifacts.
|
||||||
|
* Ingest of that data source might be running, in which case
|
||||||
|
* the data artifact will be analyzed. It also might be analyzed
|
||||||
|
* by a subsequent ingest job for the data source. This is an
|
||||||
|
* acceptable edge case.
|
||||||
|
*
|
||||||
|
* 4. The user can manually create timeline events with the
|
||||||
|
* timeline tool, which posts the TSK_TL_EVENT data artifacts.
|
||||||
|
* The user selects the data source for these artifacts. Ingest
|
||||||
|
* of that data source might be running, in which case the data
|
||||||
|
* artifact will be analyzed. It also might be analyzed by a
|
||||||
|
* subsequent ingest job for the data source. This is an
|
||||||
|
* acceptable edge case.
|
||||||
*/
|
*/
|
||||||
DataArtifact dataArtifact = newDataArtifacts.get(0);
|
DataArtifact dataArtifact = newDataArtifacts.get(0);
|
||||||
try {
|
try {
|
||||||
|
|||||||
@ -33,7 +33,7 @@ import org.sleuthkit.datamodel.SleuthkitCase;
|
|||||||
*/
|
*/
|
||||||
public final class IngestServices {
|
public final class IngestServices {
|
||||||
|
|
||||||
private static Logger logger = Logger.getLogger(IngestServices.class.getName());
|
private final static Logger logger = Logger.getLogger(IngestServices.class.getName());
|
||||||
private static IngestServices instance = null;
|
private static IngestServices instance = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -115,7 +115,7 @@ public final class IngestServices {
|
|||||||
public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) {
|
public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) {
|
||||||
try {
|
try {
|
||||||
Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
|
Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
|
||||||
blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName());
|
blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName(), null);
|
||||||
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
|
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Failed to post artifacts", ex);
|
logger.log(Level.SEVERE, "Failed to post artifacts", ex);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy
|
* Autopsy
|
||||||
*
|
*
|
||||||
* Copyright 2019 Basis Technology Corp.
|
* Copyright 2019-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -513,8 +513,7 @@ final class AddLogicalImageTask implements Runnable {
|
|||||||
|
|
||||||
private void postArtifacts(List<BlackboardArtifact> artifacts) {
|
private void postArtifacts(List<BlackboardArtifact> artifacts) {
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
blackboard.postArtifacts(artifacts, MODULE_NAME, null);
|
||||||
blackboard.postArtifacts(artifacts, MODULE_NAME);
|
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
LOGGER.log(Level.SEVERE, "Unable to post artifacts to blackboard", ex); //NON-NLS
|
LOGGER.log(Level.SEVERE, "Unable to post artifacts to blackboard", ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2013-2019 Basis Technology Corp.
|
* Copyright 2013-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -303,7 +303,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
|
|||||||
.getAnalysisResult();
|
.getAnalysisResult();
|
||||||
|
|
||||||
Case.getCurrentCase().getServices().getArtifactsBlackboard()
|
Case.getCurrentCase().getServices().getArtifactsBlackboard()
|
||||||
.postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName());
|
.postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName(), context.getJobId());
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
logger.log(Level.SEVERE, "Error creating verification failed artifact", ex);
|
logger.log(Level.SEVERE, "Error creating verification failed artifact", ex);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2020 Basis Technology Corp.
|
* Copyright 2020-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -114,7 +114,7 @@ final class DATExtractor extends DroneExtractor {
|
|||||||
GeoTrackPoints trackPoints = processCSVFile(context, DATFile, csvFilePath);
|
GeoTrackPoints trackPoints = processCSVFile(context, DATFile, csvFilePath);
|
||||||
|
|
||||||
if (trackPoints != null && !trackPoints.isEmpty()) {
|
if (trackPoints != null && !trackPoints.isEmpty()) {
|
||||||
(new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile)).addTrack(DATFile.getName(), trackPoints, null);
|
(new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile, context.getJobId())).addTrack(DATFile.getName(), trackPoints, null);
|
||||||
} else {
|
} else {
|
||||||
logger.log(Level.INFO, String.format("No trackpoints with valid longitude or latitude found in %s", DATFile.getName())); //NON-NLS
|
logger.log(Level.INFO, String.format("No trackpoints with valid longitude or latitude found in %s", DATFile.getName())); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -341,7 +341,7 @@ class SevenZipExtractor {
|
|||||||
* keyword search, and fire an event to notify UI of this
|
* keyword search, and fire an event to notify UI of this
|
||||||
* new artifact
|
* new artifact
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(artifact, MODULE_NAME);
|
blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId());
|
||||||
|
|
||||||
String msg = NbBundle.getMessage(SevenZipExtractor.class,
|
String msg = NbBundle.getMessage(SevenZipExtractor.class,
|
||||||
"EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg", archiveFile.getName(), escapedFilePath);//NON-NLS
|
"EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg", archiveFile.getName(), escapedFilePath);//NON-NLS
|
||||||
@ -870,7 +870,7 @@ class SevenZipExtractor {
|
|||||||
* keyword search, and fire an event to notify UI of this
|
* keyword search, and fire an event to notify UI of this
|
||||||
* new artifact
|
* new artifact
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(artifact, MODULE_NAME);
|
blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to post blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to post blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
MessageNotifyUtil.Notify.error(
|
MessageNotifyUtil.Notify.error(
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2018 Basis Technology Corp.
|
* Copyright 2018-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -172,7 +172,7 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
|
|||||||
* post the artifact which will index the artifact for keyword
|
* post the artifact which will index the artifact for keyword
|
||||||
* search, and fire an event to notify UI of this new artifact
|
* search, and fire an event to notify UI of this new artifact
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName());
|
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2017-2018 Basis Technology Corp.
|
* Copyright 2017-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -212,7 +212,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
|
|||||||
* post the artifact which will index the artifact for keyword
|
* post the artifact which will index the artifact for keyword
|
||||||
* search, and fire an event to notify UI of this new artifact
|
* search, and fire an event to notify UI of this new artifact
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName());
|
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2011-2018 Basis Technology Corp.
|
* Copyright 2012-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -155,7 +155,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
|
|||||||
* keyword search, and fire an event to notify UI of this
|
* keyword search, and fire an event to notify UI of this
|
||||||
* new artifact
|
* new artifact
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName());
|
blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName(), jobId);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bart.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bart.getArtifactID(), ex); //NON-NLS
|
||||||
MessageNotifyUtil.Notify.error(FileExtMismatchDetectorModuleFactory.getModuleName(), Bundle.FileExtMismatchIngestModule_indexError_message());
|
MessageNotifyUtil.Notify.error(FileExtMismatchDetectorModuleFactory.getModuleName(), Bundle.FileExtMismatchIngestModule_indexError_message());
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2013-2018 Basis Technology Corp.
|
* Copyright 2013-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -206,7 +206,7 @@ public class FileTypeIdIngestModule implements FileIngestModule {
|
|||||||
* keyword search, and fire an event to notify UI of this
|
* keyword search, and fire an event to notify UI of this
|
||||||
* new artifact
|
* new artifact
|
||||||
*/
|
*/
|
||||||
tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName());
|
tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName(), jobId);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
|
logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2011-2018 Basis Technology Corp.
|
* Copyright 2012-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -20,7 +20,6 @@ package org.sleuthkit.autopsy.modules.hashdatabase;
|
|||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.concurrent.atomic.AtomicLong;
|
import java.util.concurrent.atomic.AtomicLong;
|
||||||
@ -43,13 +42,11 @@ import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb;
|
|||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.Blackboard;
|
import org.sleuthkit.datamodel.Blackboard;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||||
import org.sleuthkit.datamodel.HashHitInfo;
|
import org.sleuthkit.datamodel.HashHitInfo;
|
||||||
import org.sleuthkit.datamodel.HashUtility;
|
import org.sleuthkit.datamodel.HashUtility;
|
||||||
import org.sleuthkit.datamodel.Score;
|
import org.sleuthkit.datamodel.Score;
|
||||||
import org.sleuthkit.datamodel.Score.Significance;
|
|
||||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData;
|
||||||
@ -552,7 +549,7 @@ public class HashDbIngestModule implements FileIngestModule {
|
|||||||
* post the artifact which will index the artifact for keyword
|
* post the artifact which will index the artifact for keyword
|
||||||
* search, and fire an event to notify UI of this new artifact
|
* search, and fire an event to notify UI of this new artifact
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(badFile, moduleName);
|
blackboard.postArtifact(badFile, moduleName, jobId);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + badFile.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + badFile.getArtifactID(), ex); //NON-NLS
|
||||||
MessageNotifyUtil.Notify.error(
|
MessageNotifyUtil.Notify.error(
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2014-2018 Basis Technology Corp.
|
* Copyright 2014-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -151,7 +151,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
|
|||||||
try {
|
try {
|
||||||
|
|
||||||
// Post thet artifact to the blackboard.
|
// Post thet artifact to the blackboard.
|
||||||
blackboard.postArtifact(artifact, MODULE_NAME);
|
blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());
|
MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2020 Basis Technology Corp.
|
* Copyright 2020-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -101,7 +101,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName());
|
aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName(), context);
|
||||||
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
|
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
|
||||||
throw new IngestModuleException(Bundle.ALeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
|
throw new IngestModuleException(Bundle.ALeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2020 Basis Technology Corp.
|
* Copyright 2020-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -101,7 +101,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName());
|
iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName(), context);
|
||||||
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
|
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
|
||||||
throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
|
throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
|
||||||
}
|
}
|
||||||
@ -333,7 +333,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
|
|||||||
* added to reports
|
* added to reports
|
||||||
*/
|
*/
|
||||||
private void addILeappReportToReports(Path iLeappOutputDir, Case currentCase) {
|
private void addILeappReportToReports(Path iLeappOutputDir, Case currentCase) {
|
||||||
List<String> allIndexFiles = new ArrayList<>();
|
List<String> allIndexFiles;
|
||||||
|
|
||||||
try (Stream<Path> walk = Files.walk(iLeappOutputDir)) {
|
try (Stream<Path> walk = Files.walk(iLeappOutputDir)) {
|
||||||
|
|
||||||
@ -402,7 +402,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
|
|||||||
String fileName = FilenameUtils.getName(ffp);
|
String fileName = FilenameUtils.getName(ffp);
|
||||||
String filePath = FilenameUtils.getPath(ffp);
|
String filePath = FilenameUtils.getPath(ffp);
|
||||||
|
|
||||||
List<AbstractFile> iLeappFiles = new ArrayList<>();
|
List<AbstractFile> iLeappFiles;
|
||||||
try {
|
try {
|
||||||
if (filePath.isEmpty()) {
|
if (filePath.isEmpty()) {
|
||||||
iLeappFiles = fileManager.findFiles(dataSource, fileName); //NON-NLS
|
iLeappFiles = fileManager.findFiles(dataSource, fileName); //NON-NLS
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2020 Basis Technology Corp.
|
* Copyright 2020-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -61,6 +61,7 @@ import org.sleuthkit.autopsy.casemodule.services.FileManager;
|
|||||||
import org.sleuthkit.autopsy.coreutils.NetworkUtils;
|
import org.sleuthkit.autopsy.coreutils.NetworkUtils;
|
||||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||||
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
|
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
|
||||||
|
import org.sleuthkit.autopsy.ingest.IngestJobContext;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
|
import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
|
import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
@ -144,6 +145,7 @@ public final class LeappFileProcessor {
|
|||||||
private static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName());
|
private static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName());
|
||||||
private final String xmlFile; //NON-NLS
|
private final String xmlFile; //NON-NLS
|
||||||
private final String moduleName;
|
private final String moduleName;
|
||||||
|
private final IngestJobContext context;
|
||||||
|
|
||||||
private final Map<String, String> tsvFiles;
|
private final Map<String, String> tsvFiles;
|
||||||
private final Map<String, BlackboardArtifact.Type> tsvFileArtifacts;
|
private final Map<String, BlackboardArtifact.Type> tsvFileArtifacts;
|
||||||
@ -192,15 +194,16 @@ public final class LeappFileProcessor {
|
|||||||
.put("call history.tsv", "calllog")
|
.put("call history.tsv", "calllog")
|
||||||
.build();
|
.build();
|
||||||
|
|
||||||
Blackboard blkBoard;
|
private final Blackboard blkBoard;
|
||||||
|
|
||||||
public LeappFileProcessor(String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException {
|
public LeappFileProcessor(String xmlFile, String moduleName, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException {
|
||||||
this.tsvFiles = new HashMap<>();
|
this.tsvFiles = new HashMap<>();
|
||||||
this.tsvFileArtifacts = new HashMap<>();
|
this.tsvFileArtifacts = new HashMap<>();
|
||||||
this.tsvFileArtifactComments = new HashMap<>();
|
this.tsvFileArtifactComments = new HashMap<>();
|
||||||
this.tsvFileAttributes = new HashMap<>();
|
this.tsvFileAttributes = new HashMap<>();
|
||||||
this.xmlFile = xmlFile;
|
this.xmlFile = xmlFile;
|
||||||
this.moduleName = moduleName;
|
this.moduleName = moduleName;
|
||||||
|
this.context = context;
|
||||||
|
|
||||||
blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
|
blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
|
||||||
|
|
||||||
@ -250,7 +253,7 @@ public final class LeappFileProcessor {
|
|||||||
* we know we want to process and return the list to process those files.
|
* we know we want to process and return the list to process those files.
|
||||||
*/
|
*/
|
||||||
private List<String> findTsvFiles(Path LeappOutputDir) throws IngestModuleException {
|
private List<String> findTsvFiles(Path LeappOutputDir) throws IngestModuleException {
|
||||||
List<String> allTsvFiles = new ArrayList<>();
|
List<String> allTsvFiles;
|
||||||
List<String> foundTsvFiles = new ArrayList<>();
|
List<String> foundTsvFiles = new ArrayList<>();
|
||||||
|
|
||||||
try (Stream<Path> walk = Files.walk(LeappOutputDir)) {
|
try (Stream<Path> walk = Files.walk(LeappOutputDir)) {
|
||||||
@ -348,10 +351,10 @@ public final class LeappFileProcessor {
|
|||||||
AbstractFile geoAbstractFile = null;
|
AbstractFile geoAbstractFile = null;
|
||||||
|
|
||||||
if (LeappFile == null || !LeappFile.exists() || fileName == null) {
|
if (LeappFile == null || !LeappFile.exists() || fileName == null) {
|
||||||
logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "<null>"));
|
logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile != null ? LeappFile.toString() : "<null>"));
|
||||||
return;
|
return;
|
||||||
} else if (attrList == null || artifactType == null || dataSource == null) {
|
} else if (attrList == null || artifactType == null || dataSource == null) {
|
||||||
logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile == null ? LeappFile.toString() : "<null>"));
|
logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile.toString()));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -408,9 +411,8 @@ public final class LeappFileProcessor {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase() == "trackpoint") {
|
if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase().equals("trackpoint")) {
|
||||||
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile)).addTrack(trackpointSegmentName, pointList, new ArrayList<>());
|
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile, context.getJobId())).addTrack(trackpointSegmentName, pointList, new ArrayList<>());
|
||||||
|
|
||||||
}
|
}
|
||||||
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
||||||
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
||||||
@ -433,7 +435,7 @@ public final class LeappFileProcessor {
|
|||||||
Long dateTime = Long.valueOf(0);
|
Long dateTime = Long.valueOf(0);
|
||||||
Collection<BlackboardAttribute> otherAttributes = new ArrayList<>();
|
Collection<BlackboardAttribute> otherAttributes = new ArrayList<>();
|
||||||
String sourceFile = null;
|
String sourceFile = null;
|
||||||
AbstractFile absFile = null;
|
AbstractFile absFile;
|
||||||
String comment = "";
|
String comment = "";
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -478,7 +480,7 @@ public final class LeappFileProcessor {
|
|||||||
GeoWaypoints waypointList = new GeoWaypoints();
|
GeoWaypoints waypointList = new GeoWaypoints();
|
||||||
waypointList.addPoint(new Waypoint(startLatitude, startLongitude, zeroValue, ""));
|
waypointList.addPoint(new Waypoint(startLatitude, startLongitude, zeroValue, ""));
|
||||||
waypointList.addPoint(new Waypoint(endLatitude, endLongitude, zeroValue, locationName));
|
waypointList.addPoint(new Waypoint(endLatitude, endLongitude, zeroValue, locationName));
|
||||||
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addRoute(destinationName, dateTime, waypointList, new ArrayList<>());
|
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addRoute(destinationName, dateTime, waypointList, new ArrayList<>());
|
||||||
|
|
||||||
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
||||||
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_waypoint_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_waypoint_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
||||||
@ -536,13 +538,10 @@ public final class LeappFileProcessor {
|
|||||||
if (absFile == null) {
|
if (absFile == null) {
|
||||||
absFile = (AbstractFile) dataSource;
|
absFile = (AbstractFile) dataSource;
|
||||||
}
|
}
|
||||||
if ((trackpointSegmentName == null) || (trackpointSegmentName == segmentName)) {
|
if ((trackpointSegmentName == null) || (trackpointSegmentName.equals(segmentName))) {
|
||||||
trackpointSegmentName = segmentName;
|
|
||||||
pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime));
|
pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime));
|
||||||
} else {
|
} else {
|
||||||
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addTrack(segmentName, pointList, new ArrayList<>());
|
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addTrack(segmentName, pointList, new ArrayList<>());
|
||||||
trackpointSegmentName = segmentName;
|
|
||||||
pointList = new GeoTrackPoints();
|
|
||||||
pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime));
|
pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime));
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -573,7 +572,7 @@ public final class LeappFileProcessor {
|
|||||||
List<BlackboardAttribute> otherAttributes = new ArrayList<>();
|
List<BlackboardAttribute> otherAttributes = new ArrayList<>();
|
||||||
List<FileAttachment> fileAttachments = new ArrayList<>();
|
List<FileAttachment> fileAttachments = new ArrayList<>();
|
||||||
String sourceFile = null;
|
String sourceFile = null;
|
||||||
MessageAttachments messageAttachments = null;
|
MessageAttachments messageAttachments;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
for (BlackboardAttribute bba : bbattributes) {
|
for (BlackboardAttribute bba : bbattributes) {
|
||||||
@ -635,21 +634,21 @@ public final class LeappFileProcessor {
|
|||||||
if (absFile == null) {
|
if (absFile == null) {
|
||||||
absFile = (AbstractFile) dataSource;
|
absFile = (AbstractFile) dataSource;
|
||||||
}
|
}
|
||||||
CommunicationArtifactsHelper accountArtifact;
|
CommunicationArtifactsHelper accountHelper;
|
||||||
Account.Type accountType = getAccountType(fileName);
|
Account.Type accountType = getAccountType(fileName);
|
||||||
if (alternateId == null) {
|
if (alternateId == null) {
|
||||||
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
||||||
moduleName, absFile, accountType);
|
moduleName, absFile, accountType, context.getJobId());
|
||||||
} else {
|
} else {
|
||||||
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
||||||
moduleName, absFile, accountType, accountType, alternateId);
|
moduleName, absFile, accountType, accountType, alternateId, context.getJobId());
|
||||||
}
|
}
|
||||||
BlackboardArtifact messageArtifact = accountArtifact.addMessage(messageType, communicationDirection, senderId,
|
BlackboardArtifact messageArtifact = accountHelper.addMessage(messageType, communicationDirection, senderId,
|
||||||
receipentId, dateTime, messageStatus, subject,
|
receipentId, dateTime, messageStatus, subject,
|
||||||
messageText, threadId, otherAttributes);
|
messageText, threadId, otherAttributes);
|
||||||
if (!fileAttachments.isEmpty()) {
|
if (!fileAttachments.isEmpty()) {
|
||||||
messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>());
|
messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>());
|
||||||
accountArtifact.addAttachments(messageArtifact, messageAttachments);
|
accountHelper.addAttachments(messageArtifact, messageAttachments);
|
||||||
}
|
}
|
||||||
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
||||||
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
||||||
@ -712,15 +711,15 @@ public final class LeappFileProcessor {
|
|||||||
Account.Type accountType = getAccountType(fileName);
|
Account.Type accountType = getAccountType(fileName);
|
||||||
if (accountType != null) {
|
if (accountType != null) {
|
||||||
|
|
||||||
CommunicationArtifactsHelper accountArtifact;
|
CommunicationArtifactsHelper accountHelper;
|
||||||
if (alternateId == null) {
|
if (alternateId == null) {
|
||||||
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
||||||
moduleName, absFile, accountType);
|
moduleName, absFile, accountType, context.getJobId());
|
||||||
} else {
|
} else {
|
||||||
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
||||||
moduleName, absFile, accountType, accountType, alternateId);
|
moduleName, absFile, accountType, accountType, alternateId, context.getJobId());
|
||||||
}
|
}
|
||||||
BlackboardArtifact messageArtifact = accountArtifact.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes);
|
BlackboardArtifact messageArtifact = accountHelper.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes);
|
||||||
}
|
}
|
||||||
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
||||||
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_contact_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_contact_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
||||||
@ -782,7 +781,7 @@ public final class LeappFileProcessor {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING) {
|
if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING && callerId != null) {
|
||||||
String[] calleeTempList = callerId.split(",", 0);
|
String[] calleeTempList = callerId.split(",", 0);
|
||||||
calleeId = Arrays.asList(calleeTempList);
|
calleeId = Arrays.asList(calleeTempList);
|
||||||
callerId = null;
|
callerId = null;
|
||||||
@ -792,15 +791,15 @@ public final class LeappFileProcessor {
|
|||||||
absFile = (AbstractFile) dataSource;
|
absFile = (AbstractFile) dataSource;
|
||||||
}
|
}
|
||||||
Account.Type accountType = getAccountType(fileName);
|
Account.Type accountType = getAccountType(fileName);
|
||||||
CommunicationArtifactsHelper accountArtifact;
|
CommunicationArtifactsHelper accountHelper;
|
||||||
if (accountType != null) {
|
if (accountType != null) {
|
||||||
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
||||||
moduleName, absFile, accountType);
|
moduleName, absFile, accountType, context.getJobId());
|
||||||
} else {
|
} else {
|
||||||
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
|
||||||
moduleName, absFile, accountType, accountType, alternateId);
|
moduleName, absFile, accountType, accountType, alternateId, context.getJobId());
|
||||||
}
|
}
|
||||||
BlackboardArtifact callLogArtifact = accountArtifact.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes);
|
accountHelper.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes);
|
||||||
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
|
||||||
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_calllog_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_calllog_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
@ -927,7 +926,7 @@ public final class LeappFileProcessor {
|
|||||||
|
|
||||||
String formattedValue = formatValueBasedOnAttrType(colAttr, value);
|
String formattedValue = formatValueBasedOnAttrType(colAttr, value);
|
||||||
|
|
||||||
BlackboardAttribute attr = (value == null) ? null : getAttribute(colAttr.getAttributeType(), formattedValue, fileName);
|
BlackboardAttribute attr = getAttribute(colAttr.getAttributeType(), formattedValue, fileName);
|
||||||
if (attr == null) {
|
if (attr == null) {
|
||||||
logger.log(Level.WARNING, String.format("Blackboard attribute could not be parsed column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName));
|
logger.log(Level.WARNING, String.format("Blackboard attribute could not be parsed column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName));
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
@ -997,7 +996,7 @@ public final class LeappFileProcessor {
|
|||||||
(v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v).longValue()));
|
(v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v).longValue()));
|
||||||
case DOUBLE:
|
case DOUBLE:
|
||||||
return parseAttrValue(value.trim(), attrType, fileName, true, false,
|
return parseAttrValue(value.trim(), attrType, fileName, true, false,
|
||||||
(v) -> new BlackboardAttribute(attrType, moduleName, (double) Double.valueOf(v)));
|
(v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v)));
|
||||||
case BYTE:
|
case BYTE:
|
||||||
return parseAttrValue(value.trim(), attrType, fileName, true, false,
|
return parseAttrValue(value.trim(), attrType, fileName, true, false,
|
||||||
(v) -> new BlackboardAttribute(attrType, moduleName, new byte[]{Byte.valueOf(v)}));
|
(v) -> new BlackboardAttribute(attrType, moduleName, new byte[]{Byte.valueOf(v)}));
|
||||||
@ -1048,20 +1047,20 @@ public final class LeappFileProcessor {
|
|||||||
private BlackboardAttribute parseAttrValue(String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) {
|
private BlackboardAttribute parseAttrValue(String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) {
|
||||||
// remove non-printable characters from tsv input
|
// remove non-printable characters from tsv input
|
||||||
// https://stackoverflow.com/a/6199346
|
// https://stackoverflow.com/a/6199346
|
||||||
value = value.replaceAll("\\p{C}", "");
|
String sanitizedValue = value.replaceAll("\\p{C}", "");
|
||||||
|
|
||||||
if (blankIsNull && StringUtils.isBlank(value)) {
|
if (blankIsNull && StringUtils.isBlank(sanitizedValue)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (zeroIsNull && value.matches("^\\s*[0\\.]*\\s*$")) {
|
if (zeroIsNull && sanitizedValue.matches("^\\s*[0\\.]*\\s*$")) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return valueConverter.apply(value);
|
return valueConverter.apply(sanitizedValue);
|
||||||
} catch (NumberFormatException | ParseException ex) {
|
} catch (NumberFormatException | ParseException ex) {
|
||||||
logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", value, attrType.getValueType().getLabel(), fileName), ex);
|
logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", sanitizedValue, attrType.getValueType().getLabel(), fileName), ex);
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1183,10 +1182,13 @@ public final class LeappFileProcessor {
|
|||||||
|
|
||||||
if (columnName == null) {
|
if (columnName == null) {
|
||||||
logger.log(Level.SEVERE, String.format("No column name provided for [%s]", getXmlAttrIdentifier(parentName, attributeName)));
|
logger.log(Level.SEVERE, String.format("No column name provided for [%s]", getXmlAttrIdentifier(parentName, attributeName)));
|
||||||
|
continue;
|
||||||
} else if (columnName.trim().length() != columnName.length()) {
|
} else if (columnName.trim().length() != columnName.length()) {
|
||||||
logger.log(Level.SEVERE, String.format("Column name '%s' starts or ends with whitespace for [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName)));
|
logger.log(Level.SEVERE, String.format("Column name '%s' starts or ends with whitespace for [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName)));
|
||||||
|
continue;
|
||||||
} else if (columnName.matches("[^ \\S]")) {
|
} else if (columnName.matches("[^ \\S]")) {
|
||||||
logger.log(Level.SEVERE, String.format("Column name '%s' contains invalid characters [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName)));
|
logger.log(Level.SEVERE, String.format("Column name '%s' contains invalid characters [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName)));
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
TsvColumn thisCol = new TsvColumn(
|
TsvColumn thisCol = new TsvColumn(
|
||||||
@ -1228,7 +1230,7 @@ public final class LeappFileProcessor {
|
|||||||
case ANALYSIS_RESULT:
|
case ANALYSIS_RESULT:
|
||||||
return dataSource.newAnalysisResult(artType, Score.SCORE_UNKNOWN, null, null, null, bbattributes).getAnalysisResult();
|
return dataSource.newAnalysisResult(artType, Score.SCORE_UNKNOWN, null, null, null, bbattributes).getAnalysisResult();
|
||||||
default:
|
default:
|
||||||
logger.log(Level.SEVERE, "Unknown category type: " + artType.getCategory().getDisplayName());
|
logger.log(Level.SEVERE, String.format("Unknown category type: %s", artType.getCategory().getDisplayName()));
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
} catch (TskException ex) {
|
} catch (TskException ex) {
|
||||||
@ -1249,7 +1251,7 @@ public final class LeappFileProcessor {
|
|||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName);
|
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName, context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, Bundle.LeappFileProcessor_postartifacts_error(), ex); //NON-NLS
|
logger.log(Level.SEVERE, Bundle.LeappFileProcessor_postartifacts_error(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -172,7 +172,7 @@ public class EXIFProcessor implements PictureProcessor {
|
|||||||
artifacts.add(userSuspectedArtifact);
|
artifacts.add(userSuspectedArtifact);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
blackboard.postArtifacts(artifacts, MODULE_NAME);
|
blackboard.postArtifacts(artifacts, MODULE_NAME, context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, String.format("Error posting TSK_METADATA_EXIF and TSK_USER_CONTENT_SUSPECTED artifacts for %s (object ID = %d)", file.getName(), file.getId()), ex); //NON-NLS
|
logger.log(Level.SEVERE, String.format("Error posting TSK_METADATA_EXIF and TSK_USER_CONTENT_SUSPECTED artifacts for %s (object ID = %d)", file.getName(), file.getId()), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2018-2019 Basis Technology Corp.
|
* Copyright 2018-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -352,7 +352,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
|||||||
* keyword search, and fire an event to notify UI of
|
* keyword search, and fire an event to notify UI of
|
||||||
* this new artifact
|
* this new artifact
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(bbart, MODULE_NAME);
|
blackboard.postArtifact(bbart, MODULE_NAME, context.getJobId());
|
||||||
} catch (BlackboardException ex) {
|
} catch (BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
|
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2020 Basis Technology Corp.
|
* Copyright 2020-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -159,7 +159,7 @@ public class YaraIngestModule extends FileIngestModuleAdapter {
|
|||||||
|
|
||||||
if(!artifacts.isEmpty()) {
|
if(!artifacts.isEmpty()) {
|
||||||
Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
|
Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
|
||||||
blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName());
|
blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName(), context.getJobId());
|
||||||
}
|
}
|
||||||
|
|
||||||
} catch (BlackboardException | NoCurrentCaseException | IngestModuleException | TskCoreException | YaraWrapperException ex) {
|
} catch (BlackboardException | NoCurrentCaseException | IngestModuleException | TskCoreException | YaraWrapperException ex) {
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2019-2020 Basis Technology Corp.
|
* Copyright 2019-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -1424,7 +1424,7 @@ public class PortableCaseReportModule implements ReportModule {
|
|||||||
|
|
||||||
// Add the attachment. The account type specified in the constructor will not be used.
|
// Add the attachment. The account type specified in the constructor will not be used.
|
||||||
CommunicationArtifactsHelper communicationArtifactsHelper = new CommunicationArtifactsHelper(currentCase.getSleuthkitCase(),
|
CommunicationArtifactsHelper communicationArtifactsHelper = new CommunicationArtifactsHelper(currentCase.getSleuthkitCase(),
|
||||||
newSourceStr, newFile, Account.Type.EMAIL);
|
newSourceStr, newFile, Account.Type.EMAIL, null);
|
||||||
communicationArtifactsHelper.addAttachments(newArtifact, new MessageAttachments(newFileAttachments, msgAttachments.getUrlAttachments()));
|
communicationArtifactsHelper.addAttachments(newArtifact, new MessageAttachments(newFileAttachments, msgAttachments.getUrlAttachments()));
|
||||||
}
|
}
|
||||||
catch (BlackboardJsonAttrUtil.InvalidJsonException ex) {
|
catch (BlackboardJsonAttrUtil.InvalidJsonException ex) {
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2017-2020 Basis Technology Corp.
|
* Copyright 2017-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -23,7 +23,6 @@ import java.util.List;
|
|||||||
import javax.xml.bind.DatatypeConverter;
|
import javax.xml.bind.DatatypeConverter;
|
||||||
import org.joda.time.DateTime;
|
import org.joda.time.DateTime;
|
||||||
import org.sleuthkit.autopsy.casemodule.Case;
|
import org.sleuthkit.autopsy.casemodule.Case;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
|
||||||
import org.sleuthkit.datamodel.Blackboard;
|
import org.sleuthkit.datamodel.Blackboard;
|
||||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
@ -87,6 +86,7 @@ final class CustomArtifactType {
|
|||||||
* blackboard.
|
* blackboard.
|
||||||
*
|
*
|
||||||
* @param source The artifact source content.
|
* @param source The artifact source content.
|
||||||
|
* @param ingestJobId The ingest job ID.
|
||||||
*
|
*
|
||||||
* @return A BlackboardArtifact object.
|
* @return A BlackboardArtifact object.
|
||||||
*
|
*
|
||||||
@ -95,7 +95,7 @@ final class CustomArtifactType {
|
|||||||
* @throws Blackboard.BlackboardException If there is an error posting the
|
* @throws Blackboard.BlackboardException If there is an error posting the
|
||||||
* artifact to the blackboard.
|
* artifact to the blackboard.
|
||||||
*/
|
*/
|
||||||
static BlackboardArtifact createAndPostInstance(Content source) throws TskCoreException, Blackboard.BlackboardException {
|
static BlackboardArtifact createAndPostInstance(Content source, long ingestJobId) throws TskCoreException, Blackboard.BlackboardException {
|
||||||
List<BlackboardAttribute> attributes = new ArrayList<>();
|
List<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
attributes.add(new BlackboardAttribute(intAttrType, MODULE_NAME, 0));
|
attributes.add(new BlackboardAttribute(intAttrType, MODULE_NAME, 0));
|
||||||
attributes.add(new BlackboardAttribute(doubleAttrType, MODULE_NAME, 0.0));
|
attributes.add(new BlackboardAttribute(doubleAttrType, MODULE_NAME, 0.0));
|
||||||
@ -131,7 +131,7 @@ final class CustomArtifactType {
|
|||||||
}
|
}
|
||||||
|
|
||||||
Blackboard blackboard = Case.getCurrentCase().getServices().getArtifactsBlackboard();
|
Blackboard blackboard = Case.getCurrentCase().getServices().getArtifactsBlackboard();
|
||||||
blackboard.postArtifact(artifact, MODULE_NAME);
|
blackboard.postArtifact(artifact, MODULE_NAME, ingestJobId);
|
||||||
|
|
||||||
return artifact;
|
return artifact;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2017-2020 Basis Technology Corp.
|
* Copyright 2017-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -38,7 +38,8 @@ import org.sleuthkit.datamodel.TskCoreException;
|
|||||||
public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceIngestModuleAdapter {
|
public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceIngestModuleAdapter {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorDataSourceIngestModule.class.getName());
|
private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorDataSourceIngestModule.class.getName());
|
||||||
|
private IngestJobContext context;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds the custom artifact type this module uses to the case database of
|
* Adds the custom artifact type this module uses to the case database of
|
||||||
* the current case.
|
* the current case.
|
||||||
@ -51,6 +52,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void startUp(IngestJobContext context) throws IngestModuleException {
|
public void startUp(IngestJobContext context) throws IngestModuleException {
|
||||||
|
this.context = context;
|
||||||
try {
|
try {
|
||||||
CustomArtifactType.addToCaseDatabase();
|
CustomArtifactType.addToCaseDatabase();
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
@ -70,7 +72,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge
|
|||||||
@Override
|
@Override
|
||||||
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
|
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
|
||||||
try {
|
try {
|
||||||
CustomArtifactType.createAndPostInstance(dataSource);
|
CustomArtifactType.createAndPostInstance(dataSource, context.getJobId());
|
||||||
} catch (TskCoreException | Blackboard.BlackboardException ex) {
|
} catch (TskCoreException | Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, String.format("Failed to process data source (obj_id = %d)", dataSource.getId()), ex);
|
logger.log(Level.SEVERE, String.format("Failed to process data source (obj_id = %d)", dataSource.getId()), ex);
|
||||||
return ProcessResult.ERROR;
|
return ProcessResult.ERROR;
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2017-2020 Basis Technology Corp.
|
* Copyright 2017-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -37,6 +37,7 @@ import org.sleuthkit.datamodel.TskCoreException;
|
|||||||
final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapter {
|
final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapter {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorFileIngestModule.class.getName());
|
private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorFileIngestModule.class.getName());
|
||||||
|
private IngestJobContext context;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Adds the custom artifact type this module uses to the case database of
|
* Adds the custom artifact type this module uses to the case database of
|
||||||
@ -50,6 +51,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void startUp(IngestJobContext context) throws IngestModuleException {
|
public void startUp(IngestJobContext context) throws IngestModuleException {
|
||||||
|
this.context = context;
|
||||||
try {
|
try {
|
||||||
CustomArtifactType.addToCaseDatabase();
|
CustomArtifactType.addToCaseDatabase();
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
@ -71,7 +73,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt
|
|||||||
return ProcessResult.OK;
|
return ProcessResult.OK;
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
CustomArtifactType.createAndPostInstance(file);
|
CustomArtifactType.createAndPostInstance(file, context.getJobId());
|
||||||
} catch (TskCoreException | Blackboard.BlackboardException ex) {
|
} catch (TskCoreException | Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
|
logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
|
||||||
return ProcessResult.ERROR;
|
return ProcessResult.ERROR;
|
||||||
|
|||||||
@ -157,7 +157,7 @@ public class AddManualEvent extends Action {
|
|||||||
BlackboardArtifact artifact = eventInfo.datasource.newDataArtifact(new BlackboardArtifact.Type(TSK_TL_EVENT), attributes, null);
|
BlackboardArtifact artifact = eventInfo.datasource.newDataArtifact(new BlackboardArtifact.Type(TSK_TL_EVENT), attributes, null);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
sleuthkitCase.getBlackboard().postArtifact(artifact, source);
|
sleuthkitCase.getBlackboard().postArtifact(artifact, source, null);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Error posting artifact to the blackboard.", ex); //NON-NLS
|
logger.log(Level.SEVERE, "Error posting artifact to the blackboard.", ex); //NON-NLS
|
||||||
new Alert(Alert.AlertType.ERROR, Bundle.AddManualEvent_postArtifactFailed(), ButtonType.OK).showAndWait();
|
new Alert(Alert.AlertType.ERROR, Bundle.AddManualEvent_postArtifactFailed(), ButtonType.OK).showAndWait();
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2018 Basis Technology Corp.
|
* Copyright 2018-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -177,7 +177,7 @@ public class ObjectDetectectionFileIngestModule extends FileIngestModuleAdapter
|
|||||||
/*
|
/*
|
||||||
* Index the artifact for keyword search.
|
* Index the artifact for keyword search.
|
||||||
*/
|
*/
|
||||||
blackboard.postArtifact(artifact, MODULE_NAME);
|
blackboard.postArtifact(artifact, MODULE_NAME, jobId);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy
|
* Autopsy
|
||||||
*
|
*
|
||||||
* Copyright 2018 Basis Technology Corp.
|
* Copyright 2018-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -390,7 +390,7 @@ class VolatilityProcessor {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.postArtifact(volArtifact, VOLATILITY);
|
blackboard.postArtifact(volArtifact, VOLATILITY, null);
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
errorMsgs.add(Bundle.VolatilityProcessor_errorMessage_failedToIndexArtifact(pluginName));
|
errorMsgs.add(Bundle.VolatilityProcessor_errorMessage_failedToIndexArtifact(pluginName));
|
||||||
/*
|
/*
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -134,7 +134,7 @@ class GPXParserFileIngestModule(FileIngestModule):
|
|||||||
|
|
||||||
# Create a GeoArtifactsHelper for this file.
|
# Create a GeoArtifactsHelper for this file.
|
||||||
geoArtifactHelper = GeoArtifactsHelper(
|
geoArtifactHelper = GeoArtifactsHelper(
|
||||||
self.skCase, self.moduleName, None, file)
|
self.skCase, self.moduleName, None, file, context.getJobId())
|
||||||
|
|
||||||
if self.writeDebugMsgs:
|
if self.writeDebugMsgs:
|
||||||
self.log(Level.INFO, "Processing " + file.getUniquePath() +
|
self.log(Level.INFO, "Processing " + file.getUniquePath() +
|
||||||
@ -213,7 +213,7 @@ class GPXParserFileIngestModule(FileIngestModule):
|
|||||||
|
|
||||||
art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
|
art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
|
||||||
|
|
||||||
self.blackboard.postArtifact(art, self.moduleName)
|
self.blackboard.postArtifact(art, self.moduleName, context.getJobId())
|
||||||
|
|
||||||
except Blackboard.BlackboardException as e:
|
except Blackboard.BlackboardException as e:
|
||||||
self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " +
|
self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " +
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2018 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -104,9 +104,8 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
# NOTE: originally commented out
|
# NOTE: originally commented out
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
|
||||||
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
||||||
blackboard.postArtifact(artifact, general.MODULE_NAME)
|
blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId())
|
||||||
except Blackboard.BlackboardException as ex:
|
except Blackboard.BlackboardException as ex:
|
||||||
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex)
|
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2018 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -102,9 +102,8 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
|
||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
|
||||||
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
||||||
blackboard.postArtifact(artifact, general.MODULE_NAME)
|
blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId())
|
||||||
except Blackboard.BlackboardException as ex:
|
except Blackboard.BlackboardException as ex:
|
||||||
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
|
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2020 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -83,12 +83,12 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
callLogDb.getDBFile(),
|
callLogDb.getDBFile(),
|
||||||
Account.Type.PHONE, Account.Type.PHONE, selfAccountId )
|
Account.Type.PHONE, Account.Type.PHONE, selfAccountId, context.getJobId())
|
||||||
else:
|
else:
|
||||||
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
callLogDb.getDBFile(),
|
callLogDb.getDBFile(),
|
||||||
Account.Type.PHONE )
|
Account.Type.PHONE, context.getJobId())
|
||||||
|
|
||||||
for tableName in CallLogAnalyzer._tableNames:
|
for tableName in CallLogAnalyzer._tableNames:
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2020 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -75,7 +75,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
return
|
return
|
||||||
for contactDb in contactsDbs:
|
for contactDb in contactsDbs:
|
||||||
try:
|
try:
|
||||||
self.__findContactsInDB(contactDb, dataSource)
|
self.__findContactsInDB(contactDb, dataSource, context)
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
self._logger.log(Level.SEVERE, "Error parsing Contacts", ex)
|
self._logger.log(Level.SEVERE, "Error parsing Contacts", ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
@ -86,7 +86,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
"""
|
"""
|
||||||
Queries the given contact database and adds Contacts to the case.
|
Queries the given contact database and adds Contacts to the case.
|
||||||
"""
|
"""
|
||||||
def __findContactsInDB(self, contactDb, dataSource):
|
def __findContactsInDB(self, contactDb, dataSource, context):
|
||||||
if not contactDb:
|
if not contactDb:
|
||||||
return
|
return
|
||||||
|
|
||||||
@ -97,7 +97,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
contactDb.getDBFile(),
|
contactDb.getDBFile(),
|
||||||
Account.Type.PHONE )
|
Account.Type.PHONE, context.getJobId())
|
||||||
|
|
||||||
# get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
|
# get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
|
||||||
# sorted by name, so phonenumber/email would be consecutive for a person if they exist.
|
# sorted by name, so phonenumber/email would be consecutive for a person if they exist.
|
||||||
@ -158,7 +158,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
phoneNumber, # phoneNumber,
|
phoneNumber, # phoneNumber,
|
||||||
None, # homePhoneNumber,
|
None, # homePhoneNumber,
|
||||||
None, # mobilePhoneNumber,
|
None, # mobilePhoneNumber,
|
||||||
emailAddr) # emailAddr
|
emailAddr, context.getJobId()) # emailAddr
|
||||||
|
|
||||||
except SQLException as ex:
|
except SQLException as ex:
|
||||||
self._logger.log(Level.WARNING, "Error processing query result for Android messages.", ex)
|
self._logger.log(Level.WARNING, "Error processing query result for Android messages.", ex)
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -148,11 +148,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
if self.selfAccountId is not None:
|
if self.selfAccountId is not None:
|
||||||
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, contactsDb.getDBFile(),
|
self._MODULE_NAME, contactsDb.getDBFile(),
|
||||||
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
|
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
|
||||||
else:
|
else:
|
||||||
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, contactsDb.getDBFile(),
|
self._MODULE_NAME, contactsDb.getDBFile(),
|
||||||
Account.Type.FACEBOOK)
|
Account.Type.FACEBOOK, context.getJobId())
|
||||||
|
|
||||||
## get the other contacts/friends
|
## get the other contacts/friends
|
||||||
contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0")
|
contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0")
|
||||||
@ -492,11 +492,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
if self.selfAccountId is not None:
|
if self.selfAccountId is not None:
|
||||||
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, threadsDb.getDBFile(),
|
self._MODULE_NAME, threadsDb.getDBFile(),
|
||||||
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
|
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
|
||||||
else:
|
else:
|
||||||
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, threadsDb.getDBFile(),
|
self._MODULE_NAME, threadsDb.getDBFile(),
|
||||||
Account.Type.FACEBOOK)
|
Account.Type.FACEBOOK, context.getJobId())
|
||||||
|
|
||||||
self.analyzeMessages(threadsDb, threadsDBHelper)
|
self.analyzeMessages(threadsDb, threadsDBHelper)
|
||||||
self.analyzeCallLogs(threadsDb, threadsDBHelper)
|
self.analyzeCallLogs(threadsDb, threadsDBHelper)
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2018 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -76,7 +76,7 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
try:
|
try:
|
||||||
jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
|
jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
|
||||||
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
|
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
|
||||||
self.__findGeoLocationsInDB(jFile.toString(), abstractFile)
|
self.__findGeoLocationsInDB(jFile.toString(), abstractFile, context)
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex)
|
self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
@ -84,13 +84,13 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
# Error finding Google map locations.
|
# Error finding Google map locations.
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def __findGeoLocationsInDB(self, databasePath, abstractFile):
|
def __findGeoLocationsInDB(self, databasePath, abstractFile, context):
|
||||||
if not databasePath:
|
if not databasePath:
|
||||||
return
|
return
|
||||||
|
|
||||||
try:
|
try:
|
||||||
artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(),
|
artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
general.MODULE_NAME, self.PROGRAM_NAME, abstractFile)
|
general.MODULE_NAME, self.PROGRAM_NAME, abstractFile, context.getJobId())
|
||||||
Class.forName("org.sqlite.JDBC") # load JDBC driver
|
Class.forName("org.sqlite.JDBC") # load JDBC driver
|
||||||
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
|
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
|
||||||
statement = connection.createStatement()
|
statement = connection.createStatement()
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -109,12 +109,12 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
friendsDb.getDBFile(),
|
friendsDb.getDBFile(),
|
||||||
Account.Type.IMO, Account.Type.IMO, selfAccountId )
|
Account.Type.IMO, Account.Type.IMO, selfAccountId, context.getJobId())
|
||||||
else:
|
else:
|
||||||
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
friendsDb.getDBFile(),
|
friendsDb.getDBFile(),
|
||||||
Account.Type.IMO )
|
Account.Type.IMO, context.getJobId())
|
||||||
contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends")
|
contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends")
|
||||||
if contactsResultSet is not None:
|
if contactsResultSet is not None:
|
||||||
while contactsResultSet.next():
|
while contactsResultSet.next():
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -75,7 +75,7 @@ class InstalledApplicationsAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
try:
|
try:
|
||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(),
|
libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, libraryDb.getDBFile())
|
self._MODULE_NAME, libraryDb.getDBFile(), context.getJobId())
|
||||||
queryString = "SELECT doc_id, purchase_time FROM ownership"
|
queryString = "SELECT doc_id, purchase_time FROM ownership"
|
||||||
ownershipResultSet = libraryDb.runQuery(queryString)
|
ownershipResultSet = libraryDb.runQuery(queryString)
|
||||||
if ownershipResultSet is not None:
|
if ownershipResultSet is not None:
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -117,7 +117,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
contact_and_message_db.getDBFile(), Account.Type.LINE)
|
contact_and_message_db.getDBFile(), Account.Type.LINE, context.getJobId())
|
||||||
self.parse_contacts(contact_and_message_db, helper)
|
self.parse_contacts(contact_and_message_db, helper)
|
||||||
self.parse_messages(contact_and_message_db, helper, current_case)
|
self.parse_messages(contact_and_message_db, helper, current_case)
|
||||||
|
|
||||||
@ -125,7 +125,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
calllog_db.getDBFile(), Account.Type.LINE)
|
calllog_db.getDBFile(), Account.Type.LINE, context.getJobId())
|
||||||
self.parse_calllogs(dataSource, calllog_db, helper)
|
self.parse_calllogs(dataSource, calllog_db, helper)
|
||||||
|
|
||||||
except NoCurrentCaseException as ex:
|
except NoCurrentCaseException as ex:
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -89,7 +89,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for cookiesDb in cookiesDbs:
|
for cookiesDb in cookiesDbs:
|
||||||
try:
|
try:
|
||||||
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, cookiesDb.getDBFile())
|
self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId())
|
||||||
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
|
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
|
||||||
if cookiesResultSet is not None:
|
if cookiesResultSet is not None:
|
||||||
while cookiesResultSet.next():
|
while cookiesResultSet.next():
|
||||||
@ -119,7 +119,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for historyDb in historyDbs:
|
for historyDb in historyDbs:
|
||||||
try:
|
try:
|
||||||
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, historyDb.getDBFile())
|
self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
|
||||||
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
|
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
|
||||||
if historyResultSet is not None:
|
if historyResultSet is not None:
|
||||||
while historyResultSet.next():
|
while historyResultSet.next():
|
||||||
@ -148,7 +148,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for downloadsDb in downloadsDbs:
|
for downloadsDb in downloadsDbs:
|
||||||
try:
|
try:
|
||||||
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, downloadsDb.getDBFile())
|
self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
|
||||||
queryString = "SELECT target_path, start_time, url FROM downloads"\
|
queryString = "SELECT target_path, start_time, url FROM downloads"\
|
||||||
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
|
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
|
||||||
downloadsResultSet = downloadsDb.runQuery(queryString)
|
downloadsResultSet = downloadsDb.runQuery(queryString)
|
||||||
@ -177,7 +177,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for autofillDb in autofillDbs:
|
for autofillDb in autofillDbs:
|
||||||
try:
|
try:
|
||||||
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, autofillDb.getDBFile())
|
self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
|
||||||
autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill")
|
autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill")
|
||||||
if autofillsResultSet is not None:
|
if autofillsResultSet is not None:
|
||||||
while autofillsResultSet.next():
|
while autofillsResultSet.next():
|
||||||
@ -205,7 +205,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for webFormAddressDb in webFormAddressDbs:
|
for webFormAddressDb in webFormAddressDbs:
|
||||||
try:
|
try:
|
||||||
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, webFormAddressDb.getDBFile())
|
self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
|
||||||
queryString = """
|
queryString = """
|
||||||
SELECT street_address, city, state, zipcode, country_code,
|
SELECT street_address, city, state, zipcode, country_code,
|
||||||
date_modified, first_name, last_name, number, email
|
date_modified, first_name, last_name, number, email
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2018 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -72,7 +72,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
|
|
||||||
skCase = Case.getCurrentCase().getSleuthkitCase()
|
skCase = Case.getCurrentCase().getSleuthkitCase()
|
||||||
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile())
|
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile(), context.getJobId())
|
||||||
|
|
||||||
poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois"
|
poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois"
|
||||||
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
|
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
|
||||||
@ -96,9 +96,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
|
artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
|
||||||
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
||||||
blackboard.postArtifact(artifact, self._MODULE_NAME)
|
blackboard.postArtifact(artifact, self._MODULE_NAME, context.getJobId())
|
||||||
except Blackboard.BlackboardException as ex:
|
except Blackboard.BlackboardException as ex:
|
||||||
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
|
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -87,7 +87,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for sbrowserDb in sbrowserDbs:
|
for sbrowserDb in sbrowserDbs:
|
||||||
try:
|
try:
|
||||||
sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, sbrowserDb.getDBFile())
|
self._MODULE_NAME, sbrowserDb.getDBFile(), context.getJobId())
|
||||||
bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL")
|
bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL")
|
||||||
if bookmarkResultSet is not None:
|
if bookmarkResultSet is not None:
|
||||||
while bookmarkResultSet.next():
|
while bookmarkResultSet.next():
|
||||||
@ -115,7 +115,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for cookiesDb in cookiesDbs:
|
for cookiesDb in cookiesDbs:
|
||||||
try:
|
try:
|
||||||
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, cookiesDb.getDBFile())
|
self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId())
|
||||||
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
|
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
|
||||||
if cookiesResultSet is not None:
|
if cookiesResultSet is not None:
|
||||||
while cookiesResultSet.next():
|
while cookiesResultSet.next():
|
||||||
@ -145,7 +145,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for historyDb in historyDbs:
|
for historyDb in historyDbs:
|
||||||
try:
|
try:
|
||||||
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, historyDb.getDBFile())
|
self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
|
||||||
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
|
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
|
||||||
if historyResultSet is not None:
|
if historyResultSet is not None:
|
||||||
while historyResultSet.next():
|
while historyResultSet.next():
|
||||||
@ -174,7 +174,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for downloadsDb in downloadsDbs:
|
for downloadsDb in downloadsDbs:
|
||||||
try:
|
try:
|
||||||
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, downloadsDb.getDBFile())
|
self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
|
||||||
queryString = "SELECT target_path, start_time, url FROM downloads"\
|
queryString = "SELECT target_path, start_time, url FROM downloads"\
|
||||||
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
|
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
|
||||||
downloadsResultSet = downloadsDb.runQuery(queryString)
|
downloadsResultSet = downloadsDb.runQuery(queryString)
|
||||||
@ -203,7 +203,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for autofillDb in autofillDbs:
|
for autofillDb in autofillDbs:
|
||||||
try:
|
try:
|
||||||
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, autofillDb.getDBFile())
|
self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
|
||||||
queryString = """
|
queryString = """
|
||||||
SELECT name, value, count, date_created
|
SELECT name, value, count, date_created
|
||||||
FROM autofill
|
FROM autofill
|
||||||
@ -236,7 +236,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
for webFormAddressDb in webFormAddressDbs:
|
for webFormAddressDb in webFormAddressDbs:
|
||||||
try:
|
try:
|
||||||
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, webFormAddressDb.getDBFile())
|
self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
|
||||||
"""
|
"""
|
||||||
Autofill form data is split across multiple tables. The quqery below joins the various tables.
|
Autofill form data is split across multiple tables. The quqery below joins the various tables.
|
||||||
"""
|
"""
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -85,7 +85,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, historyDb.getDBFile(),
|
self._MODULE_NAME, historyDb.getDBFile(),
|
||||||
Account.Type.SHAREIT)
|
Account.Type.SHAREIT, context.getJobId())
|
||||||
|
|
||||||
queryString = """
|
queryString = """
|
||||||
SELECT history_type, device_id, device_name, description, timestamp, file_path
|
SELECT history_type, device_id, device_name, description, timestamp, file_path
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -129,13 +129,13 @@ class SkypeAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
if user_account_instance is None:
|
if user_account_instance is None:
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
skype_db.getDBFile(), Account.Type.SKYPE
|
skype_db.getDBFile(), Account.Type.SKYPE, context.getJobId()
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
skype_db.getDBFile(), Account.Type.SKYPE,
|
skype_db.getDBFile(), Account.Type.SKYPE,
|
||||||
Account.Type.SKYPE, user_account_instance
|
Account.Type.SKYPE, user_account_instance, context.getJobId()
|
||||||
)
|
)
|
||||||
self.parse_contacts(skype_db, helper)
|
self.parse_contacts(skype_db, helper)
|
||||||
self.parse_calllogs(skype_db, helper)
|
self.parse_calllogs(skype_db, helper)
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2020 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -72,7 +72,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME)
|
tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME)
|
||||||
for tangoDbFile in tangoDbFiles:
|
for tangoDbFile in tangoDbFiles:
|
||||||
try:
|
try:
|
||||||
self.__findTangoMessagesInDB(tangoDbFile, dataSource)
|
self.__findTangoMessagesInDB(tangoDbFile, dataSource, context)
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex)
|
self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
@ -80,7 +80,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
# Error finding Tango messages.
|
# Error finding Tango messages.
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def __findTangoMessagesInDB(self, tangoDb, dataSource):
|
def __findTangoMessagesInDB(self, tangoDb, dataSource, context):
|
||||||
if not tangoDb:
|
if not tangoDb:
|
||||||
return
|
return
|
||||||
|
|
||||||
@ -91,7 +91,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
tangoDb.getDBFile(),
|
tangoDb.getDBFile(),
|
||||||
Account.Type.TANGO )
|
Account.Type.TANGO, context.getJobId())
|
||||||
|
|
||||||
resultSet = tangoDb.runQuery(
|
resultSet = tangoDb.runQuery(
|
||||||
"SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")
|
"SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2020 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -80,12 +80,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
messageDb.getDBFile(),
|
messageDb.getDBFile(),
|
||||||
Account.Type.PHONE, Account.Type.IMO, selfAccountId )
|
Account.Type.PHONE, Account.Type.IMO, selfAccountId, context.getJobId())
|
||||||
else:
|
else:
|
||||||
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
messageDb.getDBFile(),
|
messageDb.getDBFile(),
|
||||||
Account.Type.PHONE )
|
Account.Type.PHONE, context.getJobId())
|
||||||
|
|
||||||
uuid = UUID.randomUUID().toString()
|
uuid = UUID.randomUUID().toString()
|
||||||
messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;")
|
messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;")
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -91,7 +91,7 @@ class TextNowAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
textnow_db.getDBFile(), Account.Type.TEXTNOW
|
textnow_db.getDBFile(), Account.Type.TEXTNOW, context.getJobId()
|
||||||
)
|
)
|
||||||
self.parse_contacts(textnow_db, helper)
|
self.parse_contacts(textnow_db, helper)
|
||||||
self.parse_calllogs(textnow_db, helper)
|
self.parse_calllogs(textnow_db, helper)
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -91,7 +91,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
contact_and_calllog_db.getDBFile(), Account.Type.VIBER)
|
contact_and_calllog_db.getDBFile(), Account.Type.VIBER, context.getJobId())
|
||||||
self.parse_contacts(contact_and_calllog_db, helper)
|
self.parse_contacts(contact_and_calllog_db, helper)
|
||||||
self.parse_calllogs(contact_and_calllog_db, helper)
|
self.parse_calllogs(contact_and_calllog_db, helper)
|
||||||
|
|
||||||
@ -100,7 +100,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
message_db.getDBFile(), Account.Type.VIBER)
|
message_db.getDBFile(), Account.Type.VIBER, context.getJobId())
|
||||||
self.parse_messages(message_db, helper, current_case)
|
self.parse_messages(message_db, helper, current_case)
|
||||||
|
|
||||||
except NoCurrentCaseException as ex:
|
except NoCurrentCaseException as ex:
|
||||||
@ -131,9 +131,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
attributes = ArrayList()
|
attributes = ArrayList()
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
|
||||||
artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
|
artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
|
||||||
|
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME, context.getJobId())
|
||||||
# Post the artifact to blackboard
|
|
||||||
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME)
|
|
||||||
|
|
||||||
contacts_parser.close()
|
contacts_parser.close()
|
||||||
except SQLException as ex:
|
except SQLException as ex:
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -145,14 +145,14 @@ class WhatsAppAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
contact_db.getDBFile(), Account.Type.WHATSAPP)
|
contact_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
|
||||||
self.parse_contacts(contact_db, helper)
|
self.parse_contacts(contact_db, helper)
|
||||||
|
|
||||||
for calllog_and_message_db in calllog_and_message_dbs:
|
for calllog_and_message_db in calllog_and_message_dbs:
|
||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
helper = CommunicationArtifactsHelper(
|
helper = CommunicationArtifactsHelper(
|
||||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||||
calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP)
|
calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
|
||||||
self.parse_calllogs(calllog_and_message_db, helper)
|
self.parse_calllogs(calllog_and_message_db, helper)
|
||||||
self.parse_messages(dataSource, calllog_and_message_db, helper, current_case)
|
self.parse_messages(dataSource, calllog_and_message_db, helper, current_case)
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2016-2020 Basis Technology Corp.
|
Copyright 2016-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -78,7 +78,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME)
|
wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME)
|
||||||
for wwfDbFile in wwfDbFiles:
|
for wwfDbFile in wwfDbFiles:
|
||||||
try:
|
try:
|
||||||
self.__findWWFMessagesInDB(wwfDbFile, dataSource)
|
self.__findWWFMessagesInDB(wwfDbFile, dataSource, context)
|
||||||
except Exception as ex:
|
except Exception as ex:
|
||||||
self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex)
|
self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
@ -88,7 +88,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
pass
|
pass
|
||||||
|
|
||||||
def __findWWFMessagesInDB(self, wwfDb, dataSource):
|
def __findWWFMessagesInDB(self, wwfDb, dataSource, context):
|
||||||
if not wwfDb:
|
if not wwfDb:
|
||||||
return
|
return
|
||||||
|
|
||||||
@ -98,7 +98,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._PARSER_NAME,
|
self._PARSER_NAME,
|
||||||
wwfDb.getDBFile(),
|
wwfDb.getDBFile(),
|
||||||
wwfAccountType )
|
wwfAccountType, context.getJobId())
|
||||||
|
|
||||||
uuid = UUID.randomUUID().toString()
|
uuid = UUID.randomUUID().toString()
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -91,11 +91,11 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
if selfAccountId is not None:
|
if selfAccountId is not None:
|
||||||
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, transactionDb.getDBFile(),
|
self._MODULE_NAME, transactionDb.getDBFile(),
|
||||||
Account.Type.XENDER, Account.Type.XENDER, selfAccountId )
|
Account.Type.XENDER, Account.Type.XENDER, selfAccountId, context.getJobId())
|
||||||
else:
|
else:
|
||||||
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, transactionDb.getDBFile(),
|
self._MODULE_NAME, transactionDb.getDBFile(),
|
||||||
Account.Type.XENDER)
|
Account.Type.XENDER, context.getJobId())
|
||||||
|
|
||||||
queryString = """
|
queryString = """
|
||||||
SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id,
|
SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id,
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
"""
|
"""
|
||||||
Autopsy Forensic Browser
|
Autopsy Forensic Browser
|
||||||
|
|
||||||
Copyright 2019-2020 Basis Technology Corp.
|
Copyright 2019-2021 Basis Technology Corp.
|
||||||
Contact: carrier <at> sleuthkit <dot> org
|
Contact: carrier <at> sleuthkit <dot> org
|
||||||
|
|
||||||
Licensed under the Apache License, Version 2.0 (the "License");
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -81,7 +81,7 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
#
|
#
|
||||||
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
self._MODULE_NAME, transferDb.getDBFile(),
|
self._MODULE_NAME, transferDb.getDBFile(),
|
||||||
Account.Type.ZAPYA)
|
Account.Type.ZAPYA, context.getJobId())
|
||||||
|
|
||||||
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
|
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
|
||||||
transfersResultSet = transferDb.runQuery(queryString)
|
transfersResultSet = transferDb.runQuery(queryString)
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2011-2018 Basis Technology Corp.
|
* Copyright 2012-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -426,7 +426,7 @@ class AdHocSearchChildFactory extends ChildFactory<KeyValue> {
|
|||||||
final String queryDisp = queryStr.length() > QUERY_DISPLAY_LEN ? queryStr.substring(0, QUERY_DISPLAY_LEN - 1) + " ..." : queryStr;
|
final String queryDisp = queryStr.length() > QUERY_DISPLAY_LEN ? queryStr.substring(0, QUERY_DISPLAY_LEN - 1) + " ..." : queryStr;
|
||||||
try {
|
try {
|
||||||
progress = ProgressHandle.createHandle(NbBundle.getMessage(this.getClass(), "KeywordSearchResultFactory.progress.saving", queryDisp), () -> BlackboardResultWriter.this.cancel(true));
|
progress = ProgressHandle.createHandle(NbBundle.getMessage(this.getClass(), "KeywordSearchResultFactory.progress.saving", queryDisp), () -> BlackboardResultWriter.this.cancel(true));
|
||||||
hits.process(progress, null, this, false, saveResults);
|
hits.process(progress, null, this, false, saveResults, null);
|
||||||
} finally {
|
} finally {
|
||||||
finalizeWorker();
|
finalizeWorker();
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2014 - 2017 Basis Technology Corp.
|
* Copyright 2014 - 2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -564,7 +564,7 @@ final class IngestSearchRunner {
|
|||||||
subProgresses[keywordsSearched].progress(keywordList.getName() + ": " + queryDisplayStr, unitProgress);
|
subProgresses[keywordsSearched].progress(keywordList.getName() + ": " + queryDisplayStr, unitProgress);
|
||||||
|
|
||||||
// Create blackboard artifacts
|
// Create blackboard artifacts
|
||||||
newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true);
|
newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true, job.getJobId());
|
||||||
|
|
||||||
} //if has results
|
} //if has results
|
||||||
|
|
||||||
|
|||||||
@ -648,7 +648,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule {
|
|||||||
}
|
}
|
||||||
if (!bbartifacts.isEmpty()) {
|
if (!bbartifacts.isEmpty()) {
|
||||||
try {
|
try {
|
||||||
Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName);
|
Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName, jobId);
|
||||||
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
|
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
|
||||||
// Log error and return to continue processing
|
// Log error and return to continue processing
|
||||||
logger.log(Level.WARNING, String.format("Unable to post blackboard artifacts for file $s.", aFile.getParentPath() + aFile.getName()), ex); //NON-NLS
|
logger.log(Level.WARNING, String.format("Unable to post blackboard artifacts for file $s.", aFile.getParentPath() + aFile.getName()), ex); //NON-NLS
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2011-2018 Basis Technology Corp.
|
* Copyright 2012-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -35,7 +35,8 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
|
|||||||
import org.sleuthkit.autopsy.coreutils.EscapeUtil;
|
import org.sleuthkit.autopsy.coreutils.EscapeUtil;
|
||||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestMessage;
|
import org.sleuthkit.autopsy.ingest.IngestMessage;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestServices;;
|
import org.sleuthkit.autopsy.ingest.IngestServices;
|
||||||
|
;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.Blackboard;
|
import org.sleuthkit.datamodel.Blackboard;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
@ -64,7 +65,7 @@ class QueryResults {
|
|||||||
* and publishing an event to notify subscribers of the blackboard posts.
|
* and publishing an event to notify subscribers of the blackboard posts.
|
||||||
*
|
*
|
||||||
* The KeywordSearchQuery is used to do the blackboard posts.
|
* The KeywordSearchQuery is used to do the blackboard posts.
|
||||||
*
|
*
|
||||||
* @param query The query.
|
* @param query The query.
|
||||||
*/
|
*/
|
||||||
QueryResults(KeywordSearchQuery query) {
|
QueryResults(KeywordSearchQuery query) {
|
||||||
@ -141,9 +142,10 @@ class QueryResults {
|
|||||||
* messages inbox if there is a keyword hit in the text
|
* messages inbox if there is a keyword hit in the text
|
||||||
* exrtacted from the text source object.
|
* exrtacted from the text source object.
|
||||||
* @param saveResults Flag whether to save search results as KWS artifacts.
|
* @param saveResults Flag whether to save search results as KWS artifacts.
|
||||||
*
|
* @param ingestJobId The numeric identifier of the ingest job within which
|
||||||
|
* the artifacts are being created, may be null.
|
||||||
*/
|
*/
|
||||||
void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker<?, ?> worker, boolean notifyInbox, boolean saveResults) {
|
void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker<?, ?> worker, boolean notifyInbox, boolean saveResults, Long ingestJobId) {
|
||||||
/*
|
/*
|
||||||
* Initialize the progress indicator to the number of keywords that will
|
* Initialize the progress indicator to the number of keywords that will
|
||||||
* be processed.
|
* be processed.
|
||||||
@ -218,15 +220,15 @@ class QueryResults {
|
|||||||
} catch (TskCoreException | NoCurrentCaseException tskCoreException) {
|
} catch (TskCoreException | NoCurrentCaseException tskCoreException) {
|
||||||
logger.log(Level.SEVERE, "Failed to get text source object for keyword hit", tskCoreException); //NON-NLS
|
logger.log(Level.SEVERE, "Failed to get text source object for keyword hit", tskCoreException); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((content != null) && saveResults) {
|
if ((content != null) && saveResults) {
|
||||||
/*
|
/*
|
||||||
* Post an artifact for the hit to the blackboard.
|
* Post an artifact for the hit to the blackboard.
|
||||||
*/
|
*/
|
||||||
BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName());
|
BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName());
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Send an ingest inbox message for the hit.
|
* Send an ingest inbox message for the hit.
|
||||||
*/
|
*/
|
||||||
if (null != artifact) {
|
if (null != artifact) {
|
||||||
hitArtifacts.add(artifact);
|
hitArtifacts.add(artifact);
|
||||||
@ -253,7 +255,7 @@ class QueryResults {
|
|||||||
SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
|
SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
|
||||||
Blackboard blackboard = tskCase.getBlackboard();
|
Blackboard blackboard = tskCase.getBlackboard();
|
||||||
|
|
||||||
blackboard.postArtifacts(hitArtifacts, MODULE_NAME);
|
blackboard.postArtifacts(hitArtifacts, MODULE_NAME, ingestJobId);
|
||||||
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
|
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Failed to post KWH artifact to blackboard.", ex); //NON-NLS
|
logger.log(Level.SEVERE, "Failed to post KWH artifact to blackboard.", ex); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|||||||
@ -54,8 +54,6 @@ import org.sleuthkit.autopsy.ingest.IngestJobContext;
|
|||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.Blackboard;
|
import org.sleuthkit.datamodel.Blackboard;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
|
||||||
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK;
|
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
@ -939,7 +937,7 @@ class Chromium extends Extract {
|
|||||||
WebBrowserArtifactsHelper helper = new WebBrowserArtifactsHelper(
|
WebBrowserArtifactsHelper helper = new WebBrowserArtifactsHelper(
|
||||||
Case.getCurrentCaseThrows().getSleuthkitCase(),
|
Case.getCurrentCaseThrows().getSleuthkitCase(),
|
||||||
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
|
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
|
||||||
webDataFile
|
webDataFile, context.getJobId()
|
||||||
);
|
);
|
||||||
|
|
||||||
// Get Web form addresses
|
// Get Web form addresses
|
||||||
|
|||||||
@ -172,8 +172,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
|||||||
))
|
))
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName, context.getJobId())
|
||||||
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName)
|
|
||||||
except Blackboard.BlackboardException as e:
|
except Blackboard.BlackboardException as e:
|
||||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||||
|
|
||||||
|
|||||||
@ -146,7 +146,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
|||||||
# Create an instance of the helper class
|
# Create an instance of the helper class
|
||||||
# TODO - Replace with your parser name and Account.Type
|
# TODO - Replace with your parser name and Account.Type
|
||||||
helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||||
ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE)
|
ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE, context.getJobId())
|
||||||
|
|
||||||
# Iterate through each row and create artifacts
|
# Iterate through each row and create artifacts
|
||||||
while result_set.next():
|
while result_set.next():
|
||||||
|
|||||||
@ -92,11 +92,15 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
|
|||||||
def log(self, level, msg):
|
def log(self, level, msg):
|
||||||
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
|
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self.context = None
|
||||||
|
|
||||||
# Where any setup and configuration is done
|
# Where any setup and configuration is done
|
||||||
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
|
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
|
||||||
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
|
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
|
||||||
# TODO: Add any setup code that you need here.
|
# TODO: Add any setup code that you need here.
|
||||||
def startUp(self, context):
|
def startUp(self, context):
|
||||||
|
self.context = context
|
||||||
self.filesFound = 0
|
self.filesFound = 0
|
||||||
|
|
||||||
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
|
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
|
||||||
@ -130,8 +134,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
|
|||||||
"Big and Round Files"))).getAnalysisResult()
|
"Big and Round Files"))).getAnalysisResult()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# post the artifact for listeners of artifact events
|
blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName, context.getJobId())
|
||||||
blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName)
|
|
||||||
except Blackboard.BlackboardException as e:
|
except Blackboard.BlackboardException as e:
|
||||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||||
|
|
||||||
|
|||||||
@ -207,9 +207,8 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
|
|||||||
BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3])
|
BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3])
|
||||||
))
|
))
|
||||||
|
|
||||||
# index the artifact for keyword search
|
|
||||||
try:
|
try:
|
||||||
blackboard.postArtifact(art, moduleName)
|
blackboard.postArtifact(art, moduleName, context.getJobId())
|
||||||
except Blackboard.BlackboardException as ex:
|
except Blackboard.BlackboardException as ex:
|
||||||
self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex)
|
self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex)
|
||||||
|
|
||||||
|
|||||||
@ -146,8 +146,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
|
|||||||
None, "Test file", None, attrs).getAnalysisResult()
|
None, "Test file", None, attrs).getAnalysisResult()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# post the artifact for listeners of artifact events.
|
blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName, context.getJobId())
|
||||||
blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName)
|
|
||||||
except Blackboard.BlackboardException as e:
|
except Blackboard.BlackboardException as e:
|
||||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||||
|
|
||||||
|
|||||||
@ -94,11 +94,15 @@ class SampleJythonFileIngestModule(FileIngestModule):
|
|||||||
def log(self, level, msg):
|
def log(self, level, msg):
|
||||||
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
|
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self.context = None
|
||||||
|
|
||||||
# Where any setup and configuration is done
|
# Where any setup and configuration is done
|
||||||
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
|
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
|
||||||
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
|
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
|
||||||
# TODO: Add any setup code that you need here.
|
# TODO: Add any setup code that you need here.
|
||||||
def startUp(self, context):
|
def startUp(self, context):
|
||||||
|
self.context = context
|
||||||
self.filesFound = 0
|
self.filesFound = 0
|
||||||
|
|
||||||
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
|
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
|
||||||
@ -134,8 +138,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
|
|||||||
None, "Text Files", None, attrs).getAnalysisResult()
|
None, "Text Files", None, attrs).getAnalysisResult()
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# post the artifact for listeners of artifact events
|
blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName, context.getJobId())
|
||||||
blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName)
|
|
||||||
except Blackboard.BlackboardException as e:
|
except Blackboard.BlackboardException as e:
|
||||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
/*
|
/*
|
||||||
* Autopsy Forensic Browser
|
* Autopsy Forensic Browser
|
||||||
*
|
*
|
||||||
* Copyright 2011-2020 Basis Technology Corp.
|
* Copyright 2012-2021 Basis Technology Corp.
|
||||||
* Contact: carrier <at> sleuthkit <dot> org
|
* Contact: carrier <at> sleuthkit <dot> org
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
@ -255,7 +255,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName());
|
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_processPst_indexError_message(), artifact.getDisplayName());
|
MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_processPst_indexError_message(), artifact.getDisplayName());
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
@ -786,7 +786,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName());
|
blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName(), context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getArtifactID(), ex); //NON-NLS
|
||||||
MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_addArtifact_indexError_message(), bbart.getDisplayName());
|
MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_addArtifact_indexError_message(), bbart.getDisplayName());
|
||||||
|
|||||||
@ -243,7 +243,7 @@ final class VcardParser {
|
|||||||
|
|
||||||
// Index the artifact for keyword search.
|
// Index the artifact for keyword search.
|
||||||
try {
|
try {
|
||||||
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName());
|
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId());
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
||||||
MessageNotifyUtil.Notify.error(Bundle.VcardParser_addContactArtifact_indexError(), artifact.getDisplayName());
|
MessageNotifyUtil.Notify.error(Bundle.VcardParser_addContactArtifact_indexError(), artifact.getDisplayName());
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user