mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7381 from rcordovano/7673-postartifacts-feeds-pipeline-other-apis

Browse Source 
7673 7626 Allow helpers to call correct Blackboard.postArtifacts() API
This commit is contained in:
Richard Cordovano 2021-11-03 11:38:24 -04:00 committed by GitHub
commit 1623a137e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
69 changed files with 292 additions and 249 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2015-2019 Basis Technology Corp.
* Copyright 2015-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -56,7 +56,7 @@ public final class Blackboard implements Closeable {
@Deprecated
public synchronized void indexArtifact(BlackboardArtifact artifact) throws BlackboardException {
try {
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, "");
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, "", null);
} catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) {
throw new BlackboardException(ex.getMessage(), ex);
}

3
Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java
View File

@ -761,8 +761,7 @@ public final class CaseEventListener implements PropertyChangeListener {
BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, score,
null, Bundle.CaseEventsListener_prevExists_text(), justification, attributesForNewArtifact, osAccountInstance.getDataSource().getId()).getAnalysisResult();
try {
// index the artifact for keyword search
blackboard.postArtifact(newAnalysisResult, MODULE_NAME);
blackboard.postArtifact(newAnalysisResult, MODULE_NAME, null);
break;
} catch (Blackboard.BlackboardException ex) {
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newAnalysisResult.getArtifactID(), ex); //NON-NLS

3
Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
View File

@ -351,8 +351,7 @@ public class IngestEventsListener {
.getAnalysisResult();
try {
// index the artifact for keyword search
blackboard.postArtifact(newArtifact, MODULE_NAME);
blackboard.postArtifact(newArtifact, MODULE_NAME, null);
} catch (Blackboard.BlackboardException ex) {
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newArtifact.getArtifactID(), ex); //NON-NLS
}

5
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
View File

@ -87,6 +87,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
private Blackboard blackboard;
private final boolean createCorrelationProperties;
private final boolean flagUniqueArtifacts;
private IngestJobContext context;
/**
* Instantiate the Central Repository ingest module.
@ -229,6 +230,8 @@ final class CentralRepoIngestModule implements FileIngestModule {
})
@Override
public void startUp(IngestJobContext context) throws IngestModuleException {
this.context = context;
IngestEventsListener.incrementCorrelationEngineModuleCount();
/*
@ -365,7 +368,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
.getAnalysisResult();
try {
// index the artifact for keyword search
blackboard.postArtifact(tifArtifact, MODULE_NAME);
blackboard.postArtifact(tifArtifact, MODULE_NAME, context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
}

11
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019-2020 Basis Technology Corp.
* Copyright 2019-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -24,7 +24,6 @@ import java.util.Collection;
import java.util.List;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ -288,7 +287,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
if (callerId != null) {
try {
currentCase.getCommunicationsManager().createAccountFileInstance(
Account.Type.PHONE, callerId, PARSER_NAME, parent);
Account.Type.PHONE, callerId, PARSER_NAME, parent, null);
} catch (InvalidAccountIDException ex) {
logger.log(Level.WARNING, String.format("Invalid account identifier %s", callerId), ex);
}
@ -301,7 +300,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
for (String phone : calleeList) {
try {
currentCase.getCommunicationsManager().createAccountFileInstance(
Account.Type.PHONE, phone, PARSER_NAME, parent);
Account.Type.PHONE, phone, PARSER_NAME, parent, null);
} catch (InvalidAccountIDException ex) {
logger.log(Level.WARNING, String.format("Invalid account identifier %s", phone), ex);
}
@ -314,13 +313,13 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
if (!otherAttributes.isEmpty()) {
BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG), otherAttributes);
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null);
}
} else {
// Otherwise we can safely use the helper.
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
currentCase, PARSER_NAME, parent, Account.Type.PHONE);
currentCase, PARSER_NAME, parent, Account.Type.PHONE, null);
helper.addCalllog(direction, callerId, calleeList, startTime,
endTime, callType, otherAttributes);

7
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019-2020 Basis Technology Corp.
* Copyright 2019-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -24,7 +24,6 @@ import java.util.List;
import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ -136,7 +135,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser {
// complain about illegal arguments.
if (phoneNumber != null || homePhoneNumber != null || mobilePhoneNumber != null || hasAnEmail) {
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
currentCase, PARSER_NAME, parent, Account.Type.DEVICE);
currentCase, PARSER_NAME, parent, Account.Type.DEVICE, null);
helper.addContact(contactName, phoneNumber, homePhoneNumber,
mobilePhoneNumber, emailAddr, additionalAttributes);
@ -145,7 +144,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser {
if (!additionalAttributes.isEmpty()) {
BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), additionalAttributes);
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null);
}
}
}

6
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019-2020 Basis Technology Corp.
* Copyright 2019-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -318,7 +318,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
} else {
try {
currentCase.getCommunicationsManager().createAccountFileInstance(
Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent);
Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent, null);
} catch (InvalidAccountIDException ex) {
logger.log(Level.WARNING, String.format("Invalid account identifier %s", pair.getValue()), ex);
}
@ -437,7 +437,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
}
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
currentCase, PARSER_NAME, parent, Account.Type.PHONE);
currentCase, PARSER_NAME, parent, Account.Type.PHONE, null);
helper.addMessage(messageType, direction, senderId, recipientIdsList,
dateTime, readStatus, subject, text, threadId, otherAttributes);

9
Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java
View File

@ -111,10 +111,13 @@ class SampleFileIngestModule implements FileIngestModule {
addToBlackboardPostCount(context.getJobId(), 1L);
/*
* post the artifact which will index the artifact for keyword
* search, and fire an event to notify UI of this new artifact
* Post the artifact to the blackboard. Doing so will cause events
* to be published that will trigger additional analysis, if
* applicable. For example, the creation of timeline events,
* indexing of the artifact for keyword search, and analysis by the
* data artifact ingest modules if the artifact is a data artifact.
*/
file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName());
file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName(), context.getJobId());
return IngestModule.ProcessResult.OK;

61
Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -34,6 +34,7 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.ConcurrentHashMap;
@ -296,8 +297,8 @@ public class IngestManager implements IngestProgressSnapshotProvider {
@Subscribe
void handleArtifactsPosted(Blackboard.ArtifactsPostedEvent tskEvent) {
/*
* Add any new data artifacts to the source ingest job for possible
* analysis.
* Add any new data artifacts included in the event to the source ingest
* job for possible analysis.
*/
List<DataArtifact> newDataArtifacts = new ArrayList<>();
Collection<BlackboardArtifact> newArtifacts = tskEvent.getArtifacts();
@ -308,18 +309,58 @@ public class IngestManager implements IngestProgressSnapshotProvider {
}
if (!newDataArtifacts.isEmpty()) {
IngestJob ingestJob = null;
Long ingestJobId = tskEvent.getIngestJobId();
if (ingestJobId != null) {
Optional<Long> ingestJobId = tskEvent.getIngestJobId();
if (ingestJobId.isPresent()) {
synchronized (ingestJobsById) {
ingestJob = ingestJobsById.get(ingestJobId);
ingestJob = ingestJobsById.get(ingestJobId.get());
}
} else {
/*
* Handle the case where ingest modules may not supply an ingest
* job ID. In such cases, try to identify the ingest job, if
* any, via its data source. There is a slight risk here that
* the wrong ingest job will be selected if multiple ingests of
* the same data source are in progress.
* There are four use cases where the ingest job ID returned by
* the event is expected be null:
*
* 1. The artifacts are being posted by a data source proccessor
* (DSP) module that runs before the ingest job is created,
* i.e., a DSP that does not support streaming ingest and has no
* noton of an ingest job ID. In this use case, the event is
* handled synchronously. The DSP calls
* Blackboard.postArtifacts(), which puts the event on the event
* bus to which this method subscribes, so the event will be
* handled here before the DSP completes and calls
* DataSourceProcessorCallback.done(). This means the code below
* will execute before the ingest job is created, so it will not
* find an ingest job to which to add the artifacts. However,
* the artifacts WILL be analyzed after the ingest job is
* started, when the ingest job executor, working in batch mode,
* schedules ingest tasks for all of the data artifacts in the
* case database. There is a slight risk that the wrong ingest
* job will be selected if multiple ingests of the same data
* source are in progress.
*
* 2. The artifacts were posted by an ingest module that either
* has not been updated to use the current
* Blackboard.postArtifacts() API, or is using it incorrectly.
* In this use case, the code below should be able to find the
* ingest job to which to add the artifacts via their data
* source. There is a slight risk that the wrong ingest job will
* be selected if multiple ingests of the same data source are
* in progress.
*
* 3. The portable case generator uses a
* CommunicationArtifactsHelper constructed with a null ingest
* job ID, and the CommunicatonsArtifactHelper posts artifacts.
* Ingest of that data source might be running, in which case
* the data artifact will be analyzed. It also might be analyzed
* by a subsequent ingest job for the data source. This is an
* acceptable edge case.
*
* 4. The user can manually create timeline events with the
* timeline tool, which posts the TSK_TL_EVENT data artifacts.
* The user selects the data source for these artifacts. Ingest
* of that data source might be running, in which case the data
* artifact will be analyzed. It also might be analyzed by a
* subsequent ingest job for the data source. This is an
* acceptable edge case.
*/
DataArtifact dataArtifact = newDataArtifacts.get(0);
try {

4
Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java
View File

@ -33,7 +33,7 @@ import org.sleuthkit.datamodel.SleuthkitCase;
*/
public final class IngestServices {
private static Logger logger = Logger.getLogger(IngestServices.class.getName());
private final static Logger logger = Logger.getLogger(IngestServices.class.getName());
private static IngestServices instance = null;
/**
@ -115,7 +115,7 @@ public final class IngestServices {
public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) {
try {
Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName());
blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName(), null);
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Failed to post artifacts", ex);
}

5
Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy
*
* Copyright 2019 Basis Technology Corp.
* Copyright 2019-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -513,8 +513,7 @@ final class AddLogicalImageTask implements Runnable {
private void postArtifacts(List<BlackboardArtifact> artifacts) {
try {
// index the artifact for keyword search
blackboard.postArtifacts(artifacts, MODULE_NAME);
blackboard.postArtifacts(artifacts, MODULE_NAME, null);
} catch (Blackboard.BlackboardException ex) {
LOGGER.log(Level.SEVERE, "Unable to post artifacts to blackboard", ex); //NON-NLS
}

4
Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013-2019 Basis Technology Corp.
* Copyright 2013-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -303,7 +303,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
.getAnalysisResult();
Case.getCurrentCase().getServices().getArtifactsBlackboard()
.postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName());
.postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName(), context.getJobId());
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error creating verification failed artifact", ex);
} catch (Blackboard.BlackboardException ex) {

4
Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2020 Basis Technology Corp.
* Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -114,7 +114,7 @@ final class DATExtractor extends DroneExtractor {
GeoTrackPoints trackPoints = processCSVFile(context, DATFile, csvFilePath);
if (trackPoints != null && !trackPoints.isEmpty()) {
(new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile)).addTrack(DATFile.getName(), trackPoints, null);
(new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile, context.getJobId())).addTrack(DATFile.getName(), trackPoints, null);
} else {
logger.log(Level.INFO, String.format("No trackpoints with valid longitude or latitude found in %s", DATFile.getName())); //NON-NLS
}

4
Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
View File

@ -341,7 +341,7 @@ class SevenZipExtractor {
* keyword search, and fire an event to notify UI of this
* new artifact
*/
blackboard.postArtifact(artifact, MODULE_NAME);
blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId());
String msg = NbBundle.getMessage(SevenZipExtractor.class,
"EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg", archiveFile.getName(), escapedFilePath);//NON-NLS
@ -870,7 +870,7 @@ class SevenZipExtractor {
* keyword search, and fire an event to notify UI of this
* new artifact
*/
blackboard.postArtifact(artifact, MODULE_NAME);
blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to post blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
MessageNotifyUtil.Notify.error(

4
Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2018 Basis Technology Corp.
* Copyright 2018-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -172,7 +172,7 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
* post the artifact which will index the artifact for keyword
* search, and fire an event to notify UI of this new artifact
*/
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName());
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
}

4
Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2017-2018 Basis Technology Corp.
* Copyright 2017-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -212,7 +212,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
* post the artifact which will index the artifact for keyword
* search, and fire an event to notify UI of this new artifact
*/
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName());
blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
}

4
Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2012-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -155,7 +155,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
* keyword search, and fire an event to notify UI of this
* new artifact
*/
blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName());
blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName(), jobId);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bart.getArtifactID(), ex); //NON-NLS
MessageNotifyUtil.Notify.error(FileExtMismatchDetectorModuleFactory.getModuleName(), Bundle.FileExtMismatchIngestModule_indexError_message());

4
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013-2018 Basis Technology Corp.
* Copyright 2013-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -206,7 +206,7 @@ public class FileTypeIdIngestModule implements FileIngestModule {
* keyword search, and fire an event to notify UI of this
* new artifact
*/
tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName());
tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName(), jobId);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
}

7
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2012-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -20,7 +20,6 @@ package org.sleuthkit.autopsy.modules.hashdatabase;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.atomic.AtomicLong;
@ -43,13 +42,11 @@ import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.HashHitInfo;
import org.sleuthkit.datamodel.HashUtility;
import org.sleuthkit.datamodel.Score;
import org.sleuthkit.datamodel.Score.Significance;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;
@ -552,7 +549,7 @@ public class HashDbIngestModule implements FileIngestModule {
* post the artifact which will index the artifact for keyword
* search, and fire an event to notify UI of this new artifact
*/
blackboard.postArtifact(badFile, moduleName);
blackboard.postArtifact(badFile, moduleName, jobId);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + badFile.getArtifactID(), ex); //NON-NLS
MessageNotifyUtil.Notify.error(

4
Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2014-2018 Basis Technology Corp.
* Copyright 2014-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -151,7 +151,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
try {
// Post thet artifact to the blackboard.
blackboard.postArtifact(artifact, MODULE_NAME);
blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());

4
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2020 Basis Technology Corp.
* Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -101,7 +101,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
}
try {
aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName());
aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName(), context);
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
throw new IngestModuleException(Bundle.ALeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
}

8
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2020 Basis Technology Corp.
* Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -101,7 +101,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
}
try {
iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName());
iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName(), context);
} catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
}
@ -333,7 +333,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
* added to reports
*/
private void addILeappReportToReports(Path iLeappOutputDir, Case currentCase) {
List<String> allIndexFiles = new ArrayList<>();
List<String> allIndexFiles;
try (Stream<Path> walk = Files.walk(iLeappOutputDir)) {
@ -402,7 +402,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
String fileName = FilenameUtils.getName(ffp);
String filePath = FilenameUtils.getPath(ffp);
List<AbstractFile> iLeappFiles = new ArrayList<>();
List<AbstractFile> iLeappFiles;
try {
if (filePath.isEmpty()) {
iLeappFiles = fileManager.findFiles(dataSource, fileName); //NON-NLS

94
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2020 Basis Technology Corp.
* Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -61,6 +61,7 @@ import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.NetworkUtils;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
import org.sleuthkit.datamodel.AbstractFile;
@ -144,6 +145,7 @@ public final class LeappFileProcessor {
private static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName());
private final String xmlFile; //NON-NLS
private final String moduleName;
private final IngestJobContext context;
private final Map<String, String> tsvFiles;
private final Map<String, BlackboardArtifact.Type> tsvFileArtifacts;
@ -192,15 +194,16 @@ public final class LeappFileProcessor {
.put("call history.tsv", "calllog")
.build();
Blackboard blkBoard;
private final Blackboard blkBoard;
public LeappFileProcessor(String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException {
public LeappFileProcessor(String xmlFile, String moduleName, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException {
this.tsvFiles = new HashMap<>();
this.tsvFileArtifacts = new HashMap<>();
this.tsvFileArtifactComments = new HashMap<>();
this.tsvFileAttributes = new HashMap<>();
this.xmlFile = xmlFile;
this.moduleName = moduleName;
this.context = context;
blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
@ -250,7 +253,7 @@ public final class LeappFileProcessor {
* we know we want to process and return the list to process those files.
*/
private List<String> findTsvFiles(Path LeappOutputDir) throws IngestModuleException {
List<String> allTsvFiles = new ArrayList<>();
List<String> allTsvFiles;
List<String> foundTsvFiles = new ArrayList<>();
try (Stream<Path> walk = Files.walk(LeappOutputDir)) {
@ -348,10 +351,10 @@ public final class LeappFileProcessor {
AbstractFile geoAbstractFile = null;
if (LeappFile == null || !LeappFile.exists() || fileName == null) {
logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "<null>"));
logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile != null ? LeappFile.toString() : "<null>"));
return;
} else if (attrList == null || artifactType == null || dataSource == null) {
logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile == null ? LeappFile.toString() : "<null>"));
logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile.toString()));
return;
}
@ -408,9 +411,8 @@ public final class LeappFileProcessor {
}
try {
if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase() == "trackpoint") {
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile)).addTrack(trackpointSegmentName, pointList, new ArrayList<>());
if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase().equals("trackpoint")) {
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile, context.getJobId())).addTrack(trackpointSegmentName, pointList, new ArrayList<>());
}
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
@ -433,7 +435,7 @@ public final class LeappFileProcessor {
Long dateTime = Long.valueOf(0);
Collection<BlackboardAttribute> otherAttributes = new ArrayList<>();
String sourceFile = null;
AbstractFile absFile = null;
AbstractFile absFile;
String comment = "";
try {
@ -478,7 +480,7 @@ public final class LeappFileProcessor {
GeoWaypoints waypointList = new GeoWaypoints();
waypointList.addPoint(new Waypoint(startLatitude, startLongitude, zeroValue, ""));
waypointList.addPoint(new Waypoint(endLatitude, endLongitude, zeroValue, locationName));
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addRoute(destinationName, dateTime, waypointList, new ArrayList<>());
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addRoute(destinationName, dateTime, waypointList, new ArrayList<>());
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_waypoint_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
@ -536,13 +538,10 @@ public final class LeappFileProcessor {
if (absFile == null) {
absFile = (AbstractFile) dataSource;
}
if ((trackpointSegmentName == null) || (trackpointSegmentName == segmentName)) {
trackpointSegmentName = segmentName;
if ((trackpointSegmentName == null) || (trackpointSegmentName.equals(segmentName))) {
pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime));
} else {
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addTrack(segmentName, pointList, new ArrayList<>());
trackpointSegmentName = segmentName;
pointList = new GeoTrackPoints();
(new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addTrack(segmentName, pointList, new ArrayList<>());
pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime));
}
@ -573,7 +572,7 @@ public final class LeappFileProcessor {
List<BlackboardAttribute> otherAttributes = new ArrayList<>();
List<FileAttachment> fileAttachments = new ArrayList<>();
String sourceFile = null;
MessageAttachments messageAttachments = null;
MessageAttachments messageAttachments;
try {
for (BlackboardAttribute bba : bbattributes) {
@ -635,21 +634,21 @@ public final class LeappFileProcessor {
if (absFile == null) {
absFile = (AbstractFile) dataSource;
}
CommunicationArtifactsHelper accountArtifact;
CommunicationArtifactsHelper accountHelper;
Account.Type accountType = getAccountType(fileName);
if (alternateId == null) {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType);
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, context.getJobId());
} else {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, accountType, alternateId);
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, accountType, alternateId, context.getJobId());
}
BlackboardArtifact messageArtifact = accountArtifact.addMessage(messageType, communicationDirection, senderId,
BlackboardArtifact messageArtifact = accountHelper.addMessage(messageType, communicationDirection, senderId,
receipentId, dateTime, messageStatus, subject,
messageText, threadId, otherAttributes);
if (!fileAttachments.isEmpty()) {
messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>());
accountArtifact.addAttachments(messageArtifact, messageAttachments);
accountHelper.addAttachments(messageArtifact, messageAttachments);
}
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
@ -712,15 +711,15 @@ public final class LeappFileProcessor {
Account.Type accountType = getAccountType(fileName);
if (accountType != null) {
CommunicationArtifactsHelper accountArtifact;
CommunicationArtifactsHelper accountHelper;
if (alternateId == null) {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType);
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, context.getJobId());
} else {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, accountType, alternateId);
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, accountType, alternateId, context.getJobId());
}
BlackboardArtifact messageArtifact = accountArtifact.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes);
BlackboardArtifact messageArtifact = accountHelper.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes);
}
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_contact_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
@ -782,7 +781,7 @@ public final class LeappFileProcessor {
}
}
if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING) {
if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING && callerId != null) {
String[] calleeTempList = callerId.split(",", 0);
calleeId = Arrays.asList(calleeTempList);
callerId = null;
@ -792,15 +791,15 @@ public final class LeappFileProcessor {
absFile = (AbstractFile) dataSource;
}
Account.Type accountType = getAccountType(fileName);
CommunicationArtifactsHelper accountArtifact;
CommunicationArtifactsHelper accountHelper;
if (accountType != null) {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType);
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, context.getJobId());
} else {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, accountType, alternateId);
accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, accountType, alternateId, context.getJobId());
}
BlackboardArtifact callLogArtifact = accountArtifact.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes);
accountHelper.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes);
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_calllog_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
}
@ -927,7 +926,7 @@ public final class LeappFileProcessor {
String formattedValue = formatValueBasedOnAttrType(colAttr, value);
BlackboardAttribute attr = (value == null) ? null : getAttribute(colAttr.getAttributeType(), formattedValue, fileName);
BlackboardAttribute attr = getAttribute(colAttr.getAttributeType(), formattedValue, fileName);
if (attr == null) {
logger.log(Level.WARNING, String.format("Blackboard attribute could not be parsed column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName));
return Collections.emptyList();
@ -997,7 +996,7 @@ public final class LeappFileProcessor {
(v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v).longValue()));
case DOUBLE:
return parseAttrValue(value.trim(), attrType, fileName, true, false,
(v) -> new BlackboardAttribute(attrType, moduleName, (double) Double.valueOf(v)));
(v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v)));
case BYTE:
return parseAttrValue(value.trim(), attrType, fileName, true, false,
(v) -> new BlackboardAttribute(attrType, moduleName, new byte[]{Byte.valueOf(v)}));
@ -1048,20 +1047,20 @@ public final class LeappFileProcessor {
private BlackboardAttribute parseAttrValue(String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) {
// remove non-printable characters from tsv input
// https://stackoverflow.com/a/6199346
value = value.replaceAll("\\p{C}", "");
String sanitizedValue = value.replaceAll("\\p{C}", "");
if (blankIsNull && StringUtils.isBlank(value)) {
if (blankIsNull && StringUtils.isBlank(sanitizedValue)) {
return null;
}
if (zeroIsNull && value.matches("^\\s*[0\\.]*\\s*$")) {
if (zeroIsNull && sanitizedValue.matches("^\\s*[0\\.]*\\s*$")) {
return null;
}
try {
return valueConverter.apply(value);
return valueConverter.apply(sanitizedValue);
} catch (NumberFormatException | ParseException ex) {
logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", value, attrType.getValueType().getLabel(), fileName), ex);
logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", sanitizedValue, attrType.getValueType().getLabel(), fileName), ex);
return null;
}
}
@ -1183,10 +1182,13 @@ public final class LeappFileProcessor {
if (columnName == null) {
logger.log(Level.SEVERE, String.format("No column name provided for [%s]", getXmlAttrIdentifier(parentName, attributeName)));
continue;
} else if (columnName.trim().length() != columnName.length()) {
logger.log(Level.SEVERE, String.format("Column name '%s' starts or ends with whitespace for [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName)));
continue;
} else if (columnName.matches("[^ \\S]")) {
logger.log(Level.SEVERE, String.format("Column name '%s' contains invalid characters [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName)));
continue;
}
TsvColumn thisCol = new TsvColumn(
@ -1228,7 +1230,7 @@ public final class LeappFileProcessor {
case ANALYSIS_RESULT:
return dataSource.newAnalysisResult(artType, Score.SCORE_UNKNOWN, null, null, null, bbattributes).getAnalysisResult();
default:
logger.log(Level.SEVERE, "Unknown category type: " + artType.getCategory().getDisplayName());
logger.log(Level.SEVERE, String.format("Unknown category type: %s", artType.getCategory().getDisplayName()));
return null;
}
} catch (TskException ex) {
@ -1249,7 +1251,7 @@ public final class LeappFileProcessor {
}
try {
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName);
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName, context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, Bundle.LeappFileProcessor_postartifacts_error(), ex); //NON-NLS
}

2
Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java
View File

@ -172,7 +172,7 @@ public class EXIFProcessor implements PictureProcessor {
artifacts.add(userSuspectedArtifact);
try {
blackboard.postArtifacts(artifacts, MODULE_NAME);
blackboard.postArtifacts(artifacts, MODULE_NAME, context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, String.format("Error posting TSK_METADATA_EXIF and TSK_USER_CONTENT_SUSPECTED artifacts for %s (object ID = %d)", file.getName(), file.getId()), ex); //NON-NLS
}

4
Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2018-2019 Basis Technology Corp.
* Copyright 2018-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -352,7 +352,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
* keyword search, and fire an event to notify UI of
* this new artifact
*/
blackboard.postArtifact(bbart, MODULE_NAME);
blackboard.postArtifact(bbart, MODULE_NAME, context.getJobId());
} catch (BlackboardException ex) {
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
}

4
Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2020 Basis Technology Corp.
* Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -159,7 +159,7 @@ public class YaraIngestModule extends FileIngestModuleAdapter {
if(!artifacts.isEmpty()) {
Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName());
blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName(), context.getJobId());
}
} catch (BlackboardException | NoCurrentCaseException | IngestModuleException | TskCoreException | YaraWrapperException ex) {

4
Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019-2020 Basis Technology Corp.
* Copyright 2019-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -1424,7 +1424,7 @@ public class PortableCaseReportModule implements ReportModule {
// Add the attachment. The account type specified in the constructor will not be used.
CommunicationArtifactsHelper communicationArtifactsHelper = new CommunicationArtifactsHelper(currentCase.getSleuthkitCase(),
newSourceStr, newFile, Account.Type.EMAIL);
newSourceStr, newFile, Account.Type.EMAIL, null);
communicationArtifactsHelper.addAttachments(newArtifact, new MessageAttachments(newFileAttachments, msgAttachments.getUrlAttachments()));
}
catch (BlackboardJsonAttrUtil.InvalidJsonException ex) {

8
Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2017-2020 Basis Technology Corp.
* Copyright 2017-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -23,7 +23,6 @@ import java.util.List;
import javax.xml.bind.DatatypeConverter;
import org.joda.time.DateTime;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ -87,6 +86,7 @@ final class CustomArtifactType {
* blackboard.
*
* @param source The artifact source content.
* @param ingestJobId The ingest job ID.
*
* @return A BlackboardArtifact object.
*
@ -95,7 +95,7 @@ final class CustomArtifactType {
* @throws Blackboard.BlackboardException If there is an error posting the
* artifact to the blackboard.
*/
static BlackboardArtifact createAndPostInstance(Content source) throws TskCoreException, Blackboard.BlackboardException {
static BlackboardArtifact createAndPostInstance(Content source, long ingestJobId) throws TskCoreException, Blackboard.BlackboardException {
List<BlackboardAttribute> attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(intAttrType, MODULE_NAME, 0));
attributes.add(new BlackboardAttribute(doubleAttrType, MODULE_NAME, 0.0));
@ -131,7 +131,7 @@ final class CustomArtifactType {
}
Blackboard blackboard = Case.getCurrentCase().getServices().getArtifactsBlackboard();
blackboard.postArtifact(artifact, MODULE_NAME);
blackboard.postArtifact(artifact, MODULE_NAME, ingestJobId);
return artifact;
}

6
Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2017-2020 Basis Technology Corp.
* Copyright 2017-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -38,6 +38,7 @@ import org.sleuthkit.datamodel.TskCoreException;
public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceIngestModuleAdapter {
private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorDataSourceIngestModule.class.getName());
private IngestJobContext context;
/**
* Adds the custom artifact type this module uses to the case database of
@ -51,6 +52,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge
*/
@Override
public void startUp(IngestJobContext context) throws IngestModuleException {
this.context = context;
try {
CustomArtifactType.addToCaseDatabase();
} catch (Blackboard.BlackboardException ex) {
@ -70,7 +72,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge
@Override
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
try {
CustomArtifactType.createAndPostInstance(dataSource);
CustomArtifactType.createAndPostInstance(dataSource, context.getJobId());
} catch (TskCoreException | Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, String.format("Failed to process data source (obj_id = %d)", dataSource.getId()), ex);
return ProcessResult.ERROR;

6
Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2017-2020 Basis Technology Corp.
* Copyright 2017-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -37,6 +37,7 @@ import org.sleuthkit.datamodel.TskCoreException;
final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapter {
private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorFileIngestModule.class.getName());
private IngestJobContext context;
/**
* Adds the custom artifact type this module uses to the case database of
@ -50,6 +51,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt
*/
@Override
public void startUp(IngestJobContext context) throws IngestModuleException {
this.context = context;
try {
CustomArtifactType.addToCaseDatabase();
} catch (Blackboard.BlackboardException ex) {
@ -71,7 +73,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt
return ProcessResult.OK;
}
try {
CustomArtifactType.createAndPostInstance(file);
CustomArtifactType.createAndPostInstance(file, context.getJobId());
} catch (TskCoreException | Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
return ProcessResult.ERROR;

2
Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java
View File

@ -157,7 +157,7 @@ public class AddManualEvent extends Action {
BlackboardArtifact artifact = eventInfo.datasource.newDataArtifact(new BlackboardArtifact.Type(TSK_TL_EVENT), attributes, null);
try {
sleuthkitCase.getBlackboard().postArtifact(artifact, source);
sleuthkitCase.getBlackboard().postArtifact(artifact, source, null);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Error posting artifact to the blackboard.", ex); //NON-NLS
new Alert(Alert.AlertType.ERROR, Bundle.AddManualEvent_postArtifactFailed(), ButtonType.OK).showAndWait();

4
Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2018 Basis Technology Corp.
* Copyright 2018-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -177,7 +177,7 @@ public class ObjectDetectectionFileIngestModule extends FileIngestModuleAdapter
/*
* Index the artifact for keyword search.
*/
blackboard.postArtifact(artifact, MODULE_NAME);
blackboard.postArtifact(artifact, MODULE_NAME, jobId);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
}

4
Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy
*
* Copyright 2018 Basis Technology Corp.
* Copyright 2018-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -390,7 +390,7 @@ class VolatilityProcessor {
try {
// index the artifact for keyword search
blackboard.postArtifact(volArtifact, VOLATILITY);
blackboard.postArtifact(volArtifact, VOLATILITY, null);
} catch (Blackboard.BlackboardException ex) {
errorMsgs.add(Bundle.VolatilityProcessor_errorMessage_failedToIndexArtifact(pluginName));
/*

6
InternalPythonModules/GPX_Module/GPX_Parser_Module.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -134,7 +134,7 @@ class GPXParserFileIngestModule(FileIngestModule):
# Create a GeoArtifactsHelper for this file.
geoArtifactHelper = GeoArtifactsHelper(
self.skCase, self.moduleName, None, file)
self.skCase, self.moduleName, None, file, context.getJobId())
if self.writeDebugMsgs:
self.log(Level.INFO, "Processing " + file.getUniquePath() +
@ -213,7 +213,7 @@ class GPXParserFileIngestModule(FileIngestModule):
art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
self.blackboard.postArtifact(art, self.moduleName)
self.blackboard.postArtifact(art, self.moduleName, context.getJobId())
except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " +

5
InternalPythonModules/android/browserlocation.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -104,9 +104,8 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
# NOTE: originally commented out
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
blackboard.postArtifact(artifact, general.MODULE_NAME)
blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId())
except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())

5
InternalPythonModules/android/cachelocation.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -102,9 +102,8 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
blackboard.postArtifact(artifact, general.MODULE_NAME)
blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId())
except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())

6
InternalPythonModules/android/calllog.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -83,12 +83,12 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
callLogDb.getDBFile(),
Account.Type.PHONE, Account.Type.PHONE, selfAccountId )
Account.Type.PHONE, Account.Type.PHONE, selfAccountId, context.getJobId())
else:
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
callLogDb.getDBFile(),
Account.Type.PHONE )
Account.Type.PHONE, context.getJobId())
for tableName in CallLogAnalyzer._tableNames:
try:

10
InternalPythonModules/android/contact.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -75,7 +75,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
return
for contactDb in contactsDbs:
try:
self.__findContactsInDB(contactDb, dataSource)
self.__findContactsInDB(contactDb, dataSource, context)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Contacts", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -86,7 +86,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
"""
Queries the given contact database and adds Contacts to the case.
"""
def __findContactsInDB(self, contactDb, dataSource):
def __findContactsInDB(self, contactDb, dataSource, context):
if not contactDb:
return
@ -97,7 +97,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
contactDb.getDBFile(),
Account.Type.PHONE )
Account.Type.PHONE, context.getJobId())
# get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
# sorted by name, so phonenumber/email would be consecutive for a person if they exist.
@ -158,7 +158,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
phoneNumber, # phoneNumber,
None, # homePhoneNumber,
None, # mobilePhoneNumber,
emailAddr) # emailAddr
emailAddr, context.getJobId()) # emailAddr
except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for Android messages.", ex)

10
InternalPythonModules/android/fbmessenger.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -148,11 +148,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
if self.selfAccountId is not None:
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, contactsDb.getDBFile(),
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
else:
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, contactsDb.getDBFile(),
Account.Type.FACEBOOK)
Account.Type.FACEBOOK, context.getJobId())
## get the other contacts/friends
contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0")
@ -492,11 +492,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
if self.selfAccountId is not None:
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, threadsDb.getDBFile(),
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
else:
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, threadsDb.getDBFile(),
Account.Type.FACEBOOK)
Account.Type.FACEBOOK, context.getJobId())
self.analyzeMessages(threadsDb, threadsDBHelper)
self.analyzeCallLogs(threadsDb, threadsDBHelper)

8
InternalPythonModules/android/googlemaplocation.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -76,7 +76,7 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
try:
jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
self.__findGeoLocationsInDB(jFile.toString(), abstractFile)
self.__findGeoLocationsInDB(jFile.toString(), abstractFile, context)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -84,13 +84,13 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
# Error finding Google map locations.
pass
def __findGeoLocationsInDB(self, databasePath, abstractFile):
def __findGeoLocationsInDB(self, databasePath, abstractFile, context):
if not databasePath:
return
try:
artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(),
general.MODULE_NAME, self.PROGRAM_NAME, abstractFile)
general.MODULE_NAME, self.PROGRAM_NAME, abstractFile, context.getJobId())
Class.forName("org.sqlite.JDBC") # load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
statement = connection.createStatement()

6
InternalPythonModules/android/imo.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -109,12 +109,12 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
friendsDb.getDBFile(),
Account.Type.IMO, Account.Type.IMO, selfAccountId )
Account.Type.IMO, Account.Type.IMO, selfAccountId, context.getJobId())
else:
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
friendsDb.getDBFile(),
Account.Type.IMO )
Account.Type.IMO, context.getJobId())
contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends")
if contactsResultSet is not None:
while contactsResultSet.next():

4
InternalPythonModules/android/installedapps.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -75,7 +75,7 @@ class InstalledApplicationsAnalyzer(general.AndroidComponentAnalyzer):
try:
current_case = Case.getCurrentCaseThrows()
libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, libraryDb.getDBFile())
self._MODULE_NAME, libraryDb.getDBFile(), context.getJobId())
queryString = "SELECT doc_id, purchase_time FROM ownership"
ownershipResultSet = libraryDb.runQuery(queryString)
if ownershipResultSet is not None:

6
InternalPythonModules/android/line.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -117,7 +117,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
contact_and_message_db.getDBFile(), Account.Type.LINE)
contact_and_message_db.getDBFile(), Account.Type.LINE, context.getJobId())
self.parse_contacts(contact_and_message_db, helper)
self.parse_messages(contact_and_message_db, helper, current_case)
@ -125,7 +125,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
calllog_db.getDBFile(), Account.Type.LINE)
calllog_db.getDBFile(), Account.Type.LINE, context.getJobId())
self.parse_calllogs(dataSource, calllog_db, helper)
except NoCurrentCaseException as ex:

12
InternalPythonModules/android/operabrowser.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -89,7 +89,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for cookiesDb in cookiesDbs:
try:
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, cookiesDb.getDBFile())
self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId())
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
if cookiesResultSet is not None:
while cookiesResultSet.next():
@ -119,7 +119,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for historyDb in historyDbs:
try:
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile())
self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
if historyResultSet is not None:
while historyResultSet.next():
@ -148,7 +148,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for downloadsDb in downloadsDbs:
try:
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, downloadsDb.getDBFile())
self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
queryString = "SELECT target_path, start_time, url FROM downloads"\
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
downloadsResultSet = downloadsDb.runQuery(queryString)
@ -177,7 +177,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for autofillDb in autofillDbs:
try:
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, autofillDb.getDBFile())
self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill")
if autofillsResultSet is not None:
while autofillsResultSet.next():
@ -205,7 +205,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for webFormAddressDb in webFormAddressDbs:
try:
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, webFormAddressDb.getDBFile())
self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
queryString = """
SELECT street_address, city, state, zipcode, country_code,
date_modified, first_name, last_name, number, email

7
InternalPythonModules/android/oruxmaps.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -72,7 +72,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
skCase = Case.getCurrentCase().getSleuthkitCase()
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile())
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile(), context.getJobId())
poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois"
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
@ -96,9 +96,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
blackboard.postArtifact(artifact, self._MODULE_NAME)
blackboard.postArtifact(artifact, self._MODULE_NAME, context.getJobId())
except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())

14
InternalPythonModules/android/sbrowser.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -87,7 +87,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for sbrowserDb in sbrowserDbs:
try:
sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, sbrowserDb.getDBFile())
self._MODULE_NAME, sbrowserDb.getDBFile(), context.getJobId())
bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL")
if bookmarkResultSet is not None:
while bookmarkResultSet.next():
@ -115,7 +115,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for cookiesDb in cookiesDbs:
try:
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, cookiesDb.getDBFile())
self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId())
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
if cookiesResultSet is not None:
while cookiesResultSet.next():
@ -145,7 +145,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for historyDb in historyDbs:
try:
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile())
self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
if historyResultSet is not None:
while historyResultSet.next():
@ -174,7 +174,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for downloadsDb in downloadsDbs:
try:
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, downloadsDb.getDBFile())
self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
queryString = "SELECT target_path, start_time, url FROM downloads"\
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
downloadsResultSet = downloadsDb.runQuery(queryString)
@ -203,7 +203,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for autofillDb in autofillDbs:
try:
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, autofillDb.getDBFile())
self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
queryString = """
SELECT name, value, count, date_created
FROM autofill
@ -236,7 +236,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for webFormAddressDb in webFormAddressDbs:
try:
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, webFormAddressDb.getDBFile())
self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
"""
Autofill form data is split across multiple tables. The quqery below joins the various tables.
"""

4
InternalPythonModules/android/shareit.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -85,7 +85,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile(),
Account.Type.SHAREIT)
Account.Type.SHAREIT, context.getJobId())
queryString = """
SELECT history_type, device_id, device_name, description, timestamp, file_path

6
InternalPythonModules/android/skype.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -129,13 +129,13 @@ class SkypeAnalyzer(general.AndroidComponentAnalyzer):
if user_account_instance is None:
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
skype_db.getDBFile(), Account.Type.SKYPE
skype_db.getDBFile(), Account.Type.SKYPE, context.getJobId()
)
else:
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
skype_db.getDBFile(), Account.Type.SKYPE,
Account.Type.SKYPE, user_account_instance
Account.Type.SKYPE, user_account_instance, context.getJobId()
)
self.parse_contacts(skype_db, helper)
self.parse_calllogs(skype_db, helper)

8
InternalPythonModules/android/tangomessage.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -72,7 +72,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME)
for tangoDbFile in tangoDbFiles:
try:
self.__findTangoMessagesInDB(tangoDbFile, dataSource)
self.__findTangoMessagesInDB(tangoDbFile, dataSource, context)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -80,7 +80,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
# Error finding Tango messages.
pass
def __findTangoMessagesInDB(self, tangoDb, dataSource):
def __findTangoMessagesInDB(self, tangoDb, dataSource, context):
if not tangoDb:
return
@ -91,7 +91,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
tangoDb.getDBFile(),
Account.Type.TANGO )
Account.Type.TANGO, context.getJobId())
resultSet = tangoDb.runQuery(
"SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")

6
InternalPythonModules/android/textmessage.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -80,12 +80,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
messageDb.getDBFile(),
Account.Type.PHONE, Account.Type.IMO, selfAccountId )
Account.Type.PHONE, Account.Type.IMO, selfAccountId, context.getJobId())
else:
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
messageDb.getDBFile(),
Account.Type.PHONE )
Account.Type.PHONE, context.getJobId())
uuid = UUID.randomUUID().toString()
messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;")

4
InternalPythonModules/android/textnow.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -91,7 +91,7 @@ class TextNowAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
textnow_db.getDBFile(), Account.Type.TEXTNOW
textnow_db.getDBFile(), Account.Type.TEXTNOW, context.getJobId()
)
self.parse_contacts(textnow_db, helper)
self.parse_calllogs(textnow_db, helper)

10
InternalPythonModules/android/viber.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -91,7 +91,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
contact_and_calllog_db.getDBFile(), Account.Type.VIBER)
contact_and_calllog_db.getDBFile(), Account.Type.VIBER, context.getJobId())
self.parse_contacts(contact_and_calllog_db, helper)
self.parse_calllogs(contact_and_calllog_db, helper)
@ -100,7 +100,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
message_db.getDBFile(), Account.Type.VIBER)
message_db.getDBFile(), Account.Type.VIBER, context.getJobId())
self.parse_messages(message_db, helper, current_case)
except NoCurrentCaseException as ex:
@ -131,9 +131,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
attributes = ArrayList()
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
# Post the artifact to blackboard
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME)
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME, context.getJobId())
contacts_parser.close()
except SQLException as ex:

6
InternalPythonModules/android/whatsapp.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -145,14 +145,14 @@ class WhatsAppAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
contact_db.getDBFile(), Account.Type.WHATSAPP)
contact_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
self.parse_contacts(contact_db, helper)
for calllog_and_message_db in calllog_and_message_dbs:
current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME,
calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP)
calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
self.parse_calllogs(calllog_and_message_db, helper)
self.parse_messages(dataSource, calllog_and_message_db, helper, current_case)

8
InternalPythonModules/android/wwfmessage.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp.
Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -78,7 +78,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME)
for wwfDbFile in wwfDbFiles:
try:
self.__findWWFMessagesInDB(wwfDbFile, dataSource)
self.__findWWFMessagesInDB(wwfDbFile, dataSource, context)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -88,7 +88,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, traceback.format_exc())
pass
def __findWWFMessagesInDB(self, wwfDb, dataSource):
def __findWWFMessagesInDB(self, wwfDb, dataSource, context):
if not wwfDb:
return
@ -98,7 +98,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
wwfDb.getDBFile(),
wwfAccountType )
wwfAccountType, context.getJobId())
uuid = UUID.randomUUID().toString()

6
InternalPythonModules/android/xender.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -91,11 +91,11 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
if selfAccountId is not None:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER, Account.Type.XENDER, selfAccountId )
Account.Type.XENDER, Account.Type.XENDER, selfAccountId, context.getJobId())
else:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER)
Account.Type.XENDER, context.getJobId())
queryString = """
SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id,

4
InternalPythonModules/android/zapya.py
View File

@ -1,7 +1,7 @@
"""
Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp.
Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
@ -81,7 +81,7 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
#
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transferDb.getDBFile(),
Account.Type.ZAPYA)
Account.Type.ZAPYA, context.getJobId())
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
transfersResultSet = transferDb.runQuery(queryString)

4
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2012-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -426,7 +426,7 @@ class AdHocSearchChildFactory extends ChildFactory<KeyValue> {
final String queryDisp = queryStr.length() > QUERY_DISPLAY_LEN ? queryStr.substring(0, QUERY_DISPLAY_LEN - 1) + " ..." : queryStr;
try {
progress = ProgressHandle.createHandle(NbBundle.getMessage(this.getClass(), "KeywordSearchResultFactory.progress.saving", queryDisp), () -> BlackboardResultWriter.this.cancel(true));
hits.process(progress, null, this, false, saveResults);
hits.process(progress, null, this, false, saveResults, null);
} finally {
finalizeWorker();
}

4
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2014 - 2017 Basis Technology Corp.
* Copyright 2014 - 2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -564,7 +564,7 @@ final class IngestSearchRunner {
subProgresses[keywordsSearched].progress(keywordList.getName() + ": " + queryDisplayStr, unitProgress);
// Create blackboard artifacts
newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true);
newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true, job.getJobId());
} //if has results

2
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
View File

@ -648,7 +648,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule {
}
if (!bbartifacts.isEmpty()) {
try {
Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName);
Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName, jobId);
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
// Log error and return to continue processing
logger.log(Level.WARNING, String.format("Unable to post blackboard artifacts for file $s.", aFile.getParentPath() + aFile.getName()), ex); //NON-NLS

12
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2018 Basis Technology Corp.
* Copyright 2012-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -35,7 +35,8 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.EscapeUtil;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestServices;;
import org.sleuthkit.autopsy.ingest.IngestServices;
;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ -141,9 +142,10 @@ class QueryResults {
* messages inbox if there is a keyword hit in the text
* exrtacted from the text source object.
* @param saveResults Flag whether to save search results as KWS artifacts.
*
* @param ingestJobId The numeric identifier of the ingest job within which
* the artifacts are being created, may be null.
*/
void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker<?, ?> worker, boolean notifyInbox, boolean saveResults) {
void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker<?, ?> worker, boolean notifyInbox, boolean saveResults, Long ingestJobId) {
/*
* Initialize the progress indicator to the number of keywords that will
* be processed.
@ -253,7 +255,7 @@ class QueryResults {
SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
Blackboard blackboard = tskCase.getBlackboard();
blackboard.postArtifacts(hitArtifacts, MODULE_NAME);
blackboard.postArtifacts(hitArtifacts, MODULE_NAME, ingestJobId);
} catch (NoCurrentCaseException | Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Failed to post KWH artifact to blackboard.", ex); //NON-NLS
}

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
View File

@ -54,8 +54,6 @@ import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
@ -939,7 +937,7 @@ class Chromium extends Extract {
WebBrowserArtifactsHelper helper = new WebBrowserArtifactsHelper(
Case.getCurrentCaseThrows().getSleuthkitCase(),
NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"),
webDataFile
webDataFile, context.getJobId()
);
// Get Web form addresses

3
pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py
View File

@ -172,8 +172,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
))
try:
# index the artifact for keyword search
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName)
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName, context.getJobId())
except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

2
pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py
View File

@ -146,7 +146,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
# Create an instance of the helper class
# TODO - Replace with your parser name and Account.Type
helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE)
ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE, context.getJobId())
# Iterate through each row and create artifacts
while result_set.next():

7
pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py
View File

@ -92,11 +92,15 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
def log(self, level, msg):
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
def __init__(self):
self.context = None
# Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here.
def startUp(self, context):
self.context = context
self.filesFound = 0
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
@ -130,8 +134,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
"Big and Round Files"))).getAnalysisResult()
try:
# post the artifact for listeners of artifact events
blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName)
blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName, context.getJobId())
except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

3
pythonExamples/Registry_Example.py
View File

@ -207,9 +207,8 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3])
))
# index the artifact for keyword search
try:
blackboard.postArtifact(art, moduleName)
blackboard.postArtifact(art, moduleName, context.getJobId())
except Blackboard.BlackboardException as ex:
self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex)

3
pythonExamples/dataSourceIngestModule.py
View File

@ -146,8 +146,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
None, "Test file", None, attrs).getAnalysisResult()
try:
# post the artifact for listeners of artifact events.
blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName)
blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName, context.getJobId())
except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

7
pythonExamples/fileIngestModule.py
View File

@ -94,11 +94,15 @@ class SampleJythonFileIngestModule(FileIngestModule):
def log(self, level, msg):
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
def __init__(self):
self.context = None
# Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here.
def startUp(self, context):
self.context = context
self.filesFound = 0
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
@ -134,8 +138,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
None, "Text Files", None, attrs).getAnalysisResult()
try:
# post the artifact for listeners of artifact events
blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName)
blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName, context.getJobId())
except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

6
thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2020 Basis Technology Corp.
* Copyright 2012-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -255,7 +255,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
try {
// index the artifact for keyword search
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName());
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId());
} catch (Blackboard.BlackboardException ex) {
MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_processPst_indexError_message(), artifact.getDisplayName());
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
@ -786,7 +786,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
try {
// index the artifact for keyword search
blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName());
blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName(), context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getArtifactID(), ex); //NON-NLS
MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_addArtifact_indexError_message(), bbart.getDisplayName());

2
thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java
View File

@ -243,7 +243,7 @@ final class VcardParser {
// Index the artifact for keyword search.
try {
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName());
blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId());
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
MessageNotifyUtil.Notify.error(Bundle.VcardParser_addContactArtifact_indexError(), artifact.getDisplayName());