mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2748 from dgrove727/2573_python_updates

Browse Source 
2573 python updates
This commit is contained in:
esaunders 2017-04-25 11:20:36 -04:00 committed by GitHub
commit 1756a70a26
8 changed files with 57 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py
View File

@ -58,8 +58,7 @@ from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.datamodel import ContentUtils from org.sleuthkit.autopsy.datamodel import ContentUtils
from org.sleuthkit.autopsy.casemodule.services import Services from org.sleuthkit.autopsy.casemodule.services import Services
from org.sleuthkit.autopsy.casemodule.services import FileManager from org.sleuthkit.autopsy.casemodule.services import FileManager
# This will work in 4.0.1 and beyond from org.sleuthkit.autopsy.casemodule.services import Blackboard
# from org.sleuthkit.autopsy.casemodule.services import Blackboard
@ -98,25 +97,22 @@ class ContactsDbIngestModule(DataSourceIngestModule):
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
def startUp(self, context): def startUp(self, context):
self.context = context self.context = context
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
# raise IngestModuleException("Oh No!")
# Where the analysis is done. # Where the analysis is done.
# The 'dataSource' object being passed in is of type org.sleuthkit.datamodel.Content. # The 'dataSource' object being passed in is of type org.sleuthkit.datamodel.Content.
# See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.3/interfaceorg_1_1sleuthkit_1_1datamodel_1_1_content.html # See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.4/interfaceorg_1_1sleuthkit_1_1datamodel_1_1_content.html
# 'progressBar' is of type org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress # 'progressBar' is of type org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_data_source_ingest_module_progress.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_data_source_ingest_module_progress.html
def process(self, dataSource, progressBar): def process(self, dataSource, progressBar):
# we don't know how much work there is yet # we don't know how much work there is yet
progressBar.switchToIndeterminate() progressBar.switchToIndeterminate()
# This will work in 4.0.1 and beyond
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
# blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getServices().getBlackboard()
# Find files named contacts.db, regardless of parent path # Find files named contacts.db, regardless of parent path
fileManager = Case.getCurrentCase().getServices().getFileManager() fileManager = Case.getCurrentCase().getServices().getFileManager()
@ -124,7 +120,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
numFiles = len(files) numFiles = len(files)
progressBar.switchToDeterminate(numFiles) progressBar.switchToDeterminate(numFiles)
fileCount = 0; fileCount = 0
for file in files: for file in files:
# Check if the user pressed cancel while we were busy # Check if the user pressed cancel while we were busy
@ -176,12 +172,12 @@ class ContactsDbIngestModule(DataSourceIngestModule):
art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),
ContactsDbIngestModuleFactory.moduleName, phone)) ContactsDbIngestModuleFactory.moduleName, phone))
# This will work in 4.0.1 and beyond
#try: try:
# # index the artifact for keyword search # index the artifact for keyword search
# blackboard.indexArtifact(art) blackboard.indexArtifact(art)
#except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
# self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
# Fire an event to notify the UI and others that there are new artifacts # Fire an event to notify the UI and others that there are new artifacts
IngestServices.getInstance().fireModuleDataEvent( IngestServices.getInstance().fireModuleDataEvent(

6
pythonExamples/Aug2015DataSourceTutorial/RunExe.py
View File

@ -95,7 +95,7 @@ class RunExeIngestModule(DataSourceIngestModule):
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
def startUp(self, context): def startUp(self, context):
self.context = context self.context = context
@ -108,9 +108,9 @@ class RunExeIngestModule(DataSourceIngestModule):
# Where the analysis is done. # Where the analysis is done.
# The 'dataSource' object being passed in is of type org.sleuthkit.datamodel.Content. # The 'dataSource' object being passed in is of type org.sleuthkit.datamodel.Content.
# See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.3/interfaceorg_1_1sleuthkit_1_1datamodel_1_1_content.html # See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.4/interfaceorg_1_1sleuthkit_1_1datamodel_1_1_content.html
# 'progressBar' is of type org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress # 'progressBar' is of type org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_data_source_ingest_module_progress.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_data_source_ingest_module_progress.html
def process(self, dataSource, progressBar): def process(self, dataSource, progressBar):
# we don't know how much work there will be # we don't know how much work there will be

25
pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py
View File

@ -56,8 +56,7 @@ from org.sleuthkit.autopsy.coreutils import Logger
from org.sleuthkit.autopsy.casemodule import Case from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.casemodule.services import Services from org.sleuthkit.autopsy.casemodule.services import Services
from org.sleuthkit.autopsy.casemodule.services import FileManager from org.sleuthkit.autopsy.casemodule.services import FileManager
# This will work in 4.0.1 and beyond from org.sleuthkit.autopsy.casemodule.services import Blackboard
# from org.sleuthkit.autopsy.casemodule.services import Blackboard
# Factory that defines the name and details of the module and allows Autopsy # Factory that defines the name and details of the module and allows Autopsy
# to create instances of the modules that will do the anlaysis. # to create instances of the modules that will do the anlaysis.
@ -93,7 +92,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here. # TODO: Add any setup code that you need here.
def startUp(self, context): def startUp(self, context):
self.filesFound = 0 self.filesFound = 0
@ -104,12 +103,11 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
# Where the analysis is done. Each file will be passed into here. # Where the analysis is done. Each file will be passed into here.
# The 'file' object being passed in is of type org.sleuthkit.datamodel.AbstractFile. # The 'file' object being passed in is of type org.sleuthkit.datamodel.AbstractFile.
# See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.3/classorg_1_1sleuthkit_1_1datamodel_1_1_abstract_file.html # See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.4/classorg_1_1sleuthkit_1_1datamodel_1_1_abstract_file.html
def process(self, file): def process(self, file):
# This will work in 4.0.1 and beyond
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
# blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getServices().getBlackboard()
# Skip non-files # Skip non-files
if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) or if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) or
@ -127,21 +125,20 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
FindBigRoundFilesIngestModuleFactory.moduleName, "Big and Round Files") FindBigRoundFilesIngestModuleFactory.moduleName, "Big and Round Files")
art.addAttribute(att) art.addAttribute(att)
# This will work in 4.0.1 and beyond try:
#try: # index the artifact for keyword search
# # index the artifact for keyword search blackboard.indexArtifact(art)
# blackboard.indexArtifact(art) except Blackboard.BlackboardException as e:
#except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
# self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
# Fire an event to notify the UI and others that there is a new artifact # Fire an event to notify the UI and others that there is a new artifact
IngestServices.getInstance().fireModuleDataEvent( IngestServices.getInstance().fireModuleDataEvent(
ModuleDataEvent(FindBigRoundFilesIngestModuleFactory.moduleName, ModuleDataEvent(FindBigRoundFilesIngestModuleFactory.moduleName,
BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, None)); BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, None))
return IngestModule.ProcessResult.OK return IngestModule.ProcessResult.OK
# Where any shutdown code is run and resources are freed. # Where any shutdown code is run and resources are freed.
# TODO: Add any shutdown code that you need here. # TODO: Add any shutdown code that you need here.
def shutDown(self): def shutDown(self):
None None

4
pythonExamples/Sept2015ReportTutorial_CSV/CsvReportModule.py
View File

@ -27,7 +27,7 @@
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE. # OTHER DEALINGS IN THE SOFTWARE.
# See http://sleuthkit.org/autopsy/docs/api-docs/3.1/index.html for documentation # See http://sleuthkit.org/autopsy/docs/api-docs/4.4/index.html for documentation
# Simple report module for Autopsy. # Simple report module for Autopsy.
# Used as part of Python tutorials from Basis Technology - September 2015 # Used as part of Python tutorials from Basis Technology - September 2015
@ -71,7 +71,7 @@ class CSVReportModule(GeneralReportModuleAdapter):
# TODO: Update this method to make a report # TODO: Update this method to make a report
# The 'baseReportDir' object being passed in is a string with the directory that reports are being stored in. Report should go into baseReportDir + getRelativeFilePath(). # The 'baseReportDir' object being passed in is a string with the directory that reports are being stored in. Report should go into baseReportDir + getRelativeFilePath().
# The 'progressBar' object is of type ReportProgressPanel. # The 'progressBar' object is of type ReportProgressPanel.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1report_1_1_report_progress_panel.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1report_1_1_report_progress_panel.html
def generateReport(self, baseReportDir, progressBar): def generateReport(self, baseReportDir, progressBar):
# Open the output file. # Open the output file.

32
pythonExamples/dataSourceIngestModule.py
View File

@ -29,7 +29,7 @@
# Simple data source-level ingest module for Autopsy. # Simple data source-level ingest module for Autopsy.
# Search for TODO for the things that you need to change # Search for TODO for the things that you need to change
# See http://sleuthkit.org/autopsy/docs/api-docs/3.1/index.html for documentation # See http://sleuthkit.org/autopsy/docs/api-docs/4.4/index.html for documentation
import jarray import jarray
import inspect import inspect
@ -51,8 +51,7 @@ from org.sleuthkit.autopsy.coreutils import Logger
from org.sleuthkit.autopsy.casemodule import Case from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.casemodule.services import Services from org.sleuthkit.autopsy.casemodule.services import Services
from org.sleuthkit.autopsy.casemodule.services import FileManager from org.sleuthkit.autopsy.casemodule.services import FileManager
# This will work in 4.0.1 and beyond from org.sleuthkit.autopsy.casemodule.services import Blackboard
# from org.sleuthkit.autopsy.casemodule.services import Blackboard
# Factory that defines the name and details of the module and allows Autopsy # Factory that defines the name and details of the module and allows Autopsy
@ -95,32 +94,32 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here. # TODO: Add any setup code that you need here.
def startUp(self, context): def startUp(self, context):
self.context = context
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up # Throw an IngestModule.IngestModuleException exception if there was a problem setting up
# raise IngestModuleException("Oh No!") # raise IngestModuleException("Oh No!")
self.context = context
# Where the analysis is done. # Where the analysis is done.
# The 'dataSource' object being passed in is of type org.sleuthkit.datamodel.Content. # The 'dataSource' object being passed in is of type org.sleuthkit.datamodel.Content.
# See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.3/interfaceorg_1_1sleuthkit_1_1datamodel_1_1_content.html # See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.4/interfaceorg_1_1sleuthkit_1_1datamodel_1_1_content.html
# 'progressBar' is of type org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress # 'progressBar' is of type org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_data_source_ingest_module_progress.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_data_source_ingest_module_progress.html
# TODO: Add your analysis code in here. # TODO: Add your analysis code in here.
def process(self, dataSource, progressBar): def process(self, dataSource, progressBar):
# we don't know how much work there is yet # we don't know how much work there is yet
progressBar.switchToIndeterminate() progressBar.switchToIndeterminate()
# This will work in 4.0.1 and beyond
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
# blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getServices().getBlackboard()
# For our example, we will use FileManager to get all # For our example, we will use FileManager to get all
# files with the word "test" # files with the word "test"
# in the name and then count and read them # in the name and then count and read them
# FileManager API: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1casemodule_1_1services_1_1_file_manager.html # FileManager API: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1casemodule_1_1services_1_1_file_manager.html
fileManager = Case.getCurrentCase().getServices().getFileManager() fileManager = Case.getCurrentCase().getServices().getFileManager()
files = fileManager.findFiles(dataSource, "%test%") files = fileManager.findFiles(dataSource, "%test%")
@ -143,12 +142,11 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file") att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file")
art.addAttribute(att) art.addAttribute(att)
# This will work in 4.0.1 and beyond try:
#try: # index the artifact for keyword search
# # index the artifact for keyword search blackboard.indexArtifact(art)
# blackboard.indexArtifact(art) except Blackboard.BlackboardException as e:
#except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
# self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
# To further the example, this code will read the contents of the file and count the number of bytes # To further the example, this code will read the contents of the file and count the number of bytes
inputStream = ReadContentInputStream(file) inputStream = ReadContentInputStream(file)

25
pythonExamples/fileIngestModule.py
View File

@ -29,7 +29,7 @@
# Simple file-level ingest module for Autopsy. # Simple file-level ingest module for Autopsy.
# Search for TODO for the things that you need to change # Search for TODO for the things that you need to change
# See http://sleuthkit.org/autopsy/docs/api-docs/3.1/index.html for documentation # See http://sleuthkit.org/autopsy/docs/api-docs/4.4/index.html for documentation
import jarray import jarray
import inspect import inspect
@ -53,8 +53,7 @@ from org.sleuthkit.autopsy.coreutils import Logger
from org.sleuthkit.autopsy.casemodule import Case from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.casemodule.services import Services from org.sleuthkit.autopsy.casemodule.services import Services
from org.sleuthkit.autopsy.casemodule.services import FileManager from org.sleuthkit.autopsy.casemodule.services import FileManager
# This will work in 4.0.1 and beyond from org.sleuthkit.autopsy.casemodule.services import Blackboard
# from org.sleuthkit.autopsy.casemodule.services import Blackboard
# Factory that defines the name and details of the module and allows Autopsy # Factory that defines the name and details of the module and allows Autopsy
# to create instances of the modules that will do the anlaysis. # to create instances of the modules that will do the anlaysis.
@ -95,7 +94,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here. # TODO: Add any setup code that you need here.
def startUp(self, context): def startUp(self, context):
self.filesFound = 0 self.filesFound = 0
@ -106,7 +105,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
# Where the analysis is done. Each file will be passed into here. # Where the analysis is done. Each file will be passed into here.
# The 'file' object being passed in is of type org.sleuthkit.datamodel.AbstractFile. # The 'file' object being passed in is of type org.sleuthkit.datamodel.AbstractFile.
# See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.3/classorg_1_1sleuthkit_1_1datamodel_1_1_abstract_file.html # See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/4.4/classorg_1_1sleuthkit_1_1datamodel_1_1_abstract_file.html
# TODO: Add your analysis code in here. # TODO: Add your analysis code in here.
def process(self, file): def process(self, file):
# Skip non-files # Skip non-files
@ -115,9 +114,8 @@ class SampleJythonFileIngestModule(FileIngestModule):
(file.isFile() == False)): (file.isFile() == False)):
return IngestModule.ProcessResult.OK return IngestModule.ProcessResult.OK
# This will work in 4.0.1 and beyond
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
# blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getServices().getBlackboard()
# For an example, we will flag files with .txt in the name and make a blackboard artifact. # For an example, we will flag files with .txt in the name and make a blackboard artifact.
if file.getName().lower().endswith(".txt"): if file.getName().lower().endswith(".txt"):
@ -132,12 +130,11 @@ class SampleJythonFileIngestModule(FileIngestModule):
SampleJythonFileIngestModuleFactory.moduleName, "Text Files") SampleJythonFileIngestModuleFactory.moduleName, "Text Files")
art.addAttribute(att) art.addAttribute(att)
# This will work in 4.0.1 and beyond try:
#try: # index the artifact for keyword search
# # index the artifact for keyword search blackboard.indexArtifact(art)
# blackboard.indexArtifact(art) except Blackboard.BlackboardException as e:
#except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
# self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
# Fire an event to notify the UI and others that there is a new artifact # Fire an event to notify the UI and others that there is a new artifact
IngestServices.getInstance().fireModuleDataEvent( IngestServices.getInstance().fireModuleDataEvent(
@ -171,4 +168,4 @@ class SampleJythonFileIngestModule(FileIngestModule):
message = IngestMessage.createMessage( message = IngestMessage.createMessage(
IngestMessage.MessageType.DATA, SampleJythonFileIngestModuleFactory.moduleName, IngestMessage.MessageType.DATA, SampleJythonFileIngestModuleFactory.moduleName,
str(self.filesFound) + " files found") str(self.filesFound) + " files found")
ingestServices = IngestServices.getInstance().postMessage(message) ingestServices = IngestServices.getInstance().postMessage(message)

3
pythonExamples/fileIngestModuleWithGui.py
View File

@ -35,7 +35,7 @@
# don't need a configuration UI, start with the other sample module. # don't need a configuration UI, start with the other sample module.
# #
# Search for TODO for the things that you need to change # Search for TODO for the things that you need to change
# See http://sleuthkit.org/autopsy/docs/api-docs/3.1/index.html for documentation # See http://sleuthkit.org/autopsy/docs/api-docs/4.4/index.html for documentation
import jarray import jarray
@ -204,4 +204,3 @@ class SampleFileIngestModuleWithUISettingsPanel(IngestModuleIngestJobSettingsPan
# Return the settings used # Return the settings used
def getSettings(self): def getSettings(self):
return self.local_settings return self.local_settings

4
pythonExamples/reportmodule.py
View File

@ -31,7 +31,7 @@
# Sample report module for Autopsy. Use as a starting point for new modules. # Sample report module for Autopsy. Use as a starting point for new modules.
# #
# Search for TODO for the things that you need to change # Search for TODO for the things that you need to change
# See http://sleuthkit.org/autopsy/docs/api-docs/3.1/index.html for documentation # See http://sleuthkit.org/autopsy/docs/api-docs/4.4/index.html for documentation
import os import os
from java.lang import System from java.lang import System
@ -69,7 +69,7 @@ class SampleGeneralReportModule(GeneralReportModuleAdapter):
# TODO: Update this method to make a report # TODO: Update this method to make a report
# The 'baseReportDir' object being passed in is a string with the directory that reports are being stored in. Report should go into baseReportDir + getRelativeFilePath(). # The 'baseReportDir' object being passed in is a string with the directory that reports are being stored in. Report should go into baseReportDir + getRelativeFilePath().
# The 'progressBar' object is of type ReportProgressPanel. # The 'progressBar' object is of type ReportProgressPanel.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1report_1_1_report_progress_panel.html # See: http://sleuthkit.org/autopsy/docs/api-docs/4.4/classorg_1_1sleuthkit_1_1autopsy_1_1report_1_1_report_progress_panel.html
def generateReport(self, baseReportDir, progressBar): def generateReport(self, baseReportDir, progressBar):
# For an example, we write a file with the number of files created in the past 2 weeks # For an example, we write a file with the number of files created in the past 2 weeks