From 4d73386d960786abcd5ab8a7c6da32b93e91bb6d Mon Sep 17 00:00:00 2001 From: adam-m Date: Thu, 30 Aug 2012 12:47:15 -0400 Subject: [PATCH] Ingest API changes: add IngestModuleInit context to init(), change IngestManagerProxy into IngestServices singleton --- .../ExifParserFileIngestModule.java | 13 ++--- .../hashdatabase/HashDbIngestModule.java | 29 ++++++----- .../autopsy/ingest/IngestManager.java | 6 +-- .../autopsy/ingest/IngestModuleAbstract.java | 6 +-- .../autopsy/ingest/IngestModuleInit.java | 49 +++++++++++++++++++ ...tManagerProxy.java => IngestServices.java} | 31 ++++++++---- .../ExampleAbstractFileIngestModule.java | 15 +++--- .../example/ExampleImageIngestModule.java | 17 +++---- .../org/sleuthkit/autopsy/ingest/package.dox | 8 +-- .../KeywordSearchIngestModule.java | 29 ++++++----- .../KeywordSearchResultFactory.java | 4 +- .../autopsy/recentactivity/Chrome.java | 22 ++++----- .../autopsy/recentactivity/ExtractIE.java | 16 +++--- .../recentactivity/ExtractRegistry.java | 8 +-- .../autopsy/recentactivity/Firefox.java | 20 ++++---- .../recentactivity/RAImageIngestModule.java | 14 +++--- .../SearchEngineURLQueryAnalyzer.java | 10 ++-- .../ThunderbirdMboxFileIngestModule.java | 16 +++--- 18 files changed, 185 insertions(+), 128 deletions(-) create mode 100644 Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleInit.java rename Ingest/src/org/sleuthkit/autopsy/ingest/{IngestManagerProxy.java => IngestServices.java} (80%) diff --git a/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java b/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java index c224f00aa4..22471520a6 100644 --- a/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java +++ b/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java @@ -32,11 +32,12 @@ import java.util.Collection; import java.util.Date; import java.util.logging.Level; import java.util.logging.Logger; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestModuleAbstract; import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; @@ -53,10 +54,11 @@ import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM; */ public final class ExifParserFileIngestModule implements IngestModuleAbstractFile { + private static final IngestServices services = IngestServices.getDefault(); + final String MODULE_NAME = "Exif Parser"; private static final Logger logger = Logger.getLogger(ExifParserFileIngestModule.class.getName()); private static ExifParserFileIngestModule defaultInstance = null; - private IngestManagerProxy managerProxy; private static int messageId = 0; //file ingest modules require a private constructor @@ -185,7 +187,7 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil logger.log(Level.INFO, "completed exif parsing " + this.toString()); final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete"); - managerProxy.postMessage(msg); + services.postMessage(msg); //module specific cleanup due to completion here } @@ -201,16 +203,15 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { logger.log(Level.INFO, "init() " + this.toString()); - this.managerProxy = managerProxy; } @Override public void stop() { logger.log(Level.INFO, "stop()"); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped")); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped")); //module specific cleanup due to interruption here } diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java index 83818159f8..4e611c1bae 100644 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java @@ -25,10 +25,10 @@ import java.util.Map; import java.util.logging.Level; import java.util.logging.Logger; import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.ingest.IngestManager; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; @@ -51,7 +51,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { public final static String MODULE_DESCRIPTION = "Identifies known and notables files using supplied hash databases, such as a standard NSRL database."; private static final Logger logger = Logger.getLogger(HashDbIngestModule.class.getName()); private Processor processor = new Processor(); - private IngestManagerProxy managerProxy; + private static final IngestServices services = IngestServices.getDefault(); private SleuthkitCase skCase; private static int messageId = 0; private int count; @@ -81,14 +81,13 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { * notification from manager that brand new processing should be initiated. * Module loads its configuration and performs initialization * - * @param managerProxy handle to the manager to postMessage() to + * @param services handle to the manager to postMessage() to */ @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { HashDbManagementPanel.getDefault().setIngestRunning(true); HashDbSimplePanel.setIngestRunning(true); - this.managerProxy = managerProxy; - this.managerProxy.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Started")); + this.services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Started")); this.skCase = Case.getCurrentCase().getSleuthkitCase(); try { HashDbXML hdbxml = HashDbXML.getCurrent(); @@ -116,10 +115,10 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } if (!nsrlIsSet) { - this.managerProxy.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No NSRL database set", "Known file search will not be executed.")); + this.services.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No NSRL database set", "Known file search will not be executed.")); } if (!knownBadIsSet) { - this.managerProxy.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No known bad database set", "Known bad file search will not be executed.")); + this.services.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No known bad database set", "Known bad file search will not be executed.")); } } catch (TskException ex) { @@ -156,7 +155,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } detailsSb.append(""); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Hash Ingest Complete", detailsSb.toString())); + services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Hash Ingest Complete", detailsSb.toString())); HashDbManagementPanel.getDefault().setIngestRunning(false); HashDbSimplePanel.setIngestRunning(false); @@ -266,13 +265,13 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { detailsSb.append(""); - managerProxy.postMessage(IngestMessage.createDataMessage(++messageId, this, + services.postMessage(IngestMessage.createDataMessage(++messageId, this, "Notable: " + abstractFile.getName(), detailsSb.toString(), abstractFile.getName() + md5Hash, badFile)); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_HASHSET_HIT, Collections.singletonList(badFile))); + services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_HASHSET_HIT, Collections.singletonList(badFile))); } catch (TskException ex) { logger.log(Level.WARNING, "Error creating blackboard artifact", ex); } @@ -332,12 +331,12 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } } catch (TskException ex) { logger.log(Level.WARNING, "Couldn't analyze file " + name + " - see sleuthkit log for details", ex); - managerProxy.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name, + services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name, "Error encountered while updating the hash values for " + name + ".")); ret = ProcessResult.ERROR; } catch (IOException ex) { logger.log(Level.WARNING, "Error reading file " + name, ex); - managerProxy.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name, + services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name, "Error encountered while calculating the hash value for " + name + ".")); ret = ProcessResult.ERROR; } @@ -354,7 +353,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } catch (IOException ex) { logger.log(Level.WARNING, "Error reading file " + name, ex); - managerProxy.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name, + services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name, "Error encountered while calculating the hash value for " + name + " without databases.")); } } diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java index 892ee82708..db51dcf19b 100755 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -100,8 +100,6 @@ public class IngestManager { private final List abstractFileModules = enumerateAbstractFileModules(); // module return values private final Map abstractFileModulesRetValues = new HashMap(); - //manager proxy - final IngestManagerProxy managerProxy = new IngestManagerProxy(this); //notifications private final static PropertyChangeSupport pcs = new PropertyChangeSupport(IngestManager.class); //monitor @@ -293,7 +291,7 @@ public class IngestManager { imageIngesters.add(newImageWorker); //image modules are now initialized per instance - quModule.init(managerProxy); + quModule.init(new IngestModuleInit() ); newImageWorker.execute(); IngestManager.fireModuleEvent(IngestModuleEvent.STARTED.toString(), quModule.getName()); } @@ -323,7 +321,7 @@ public class IngestManager { abstractFileIngester = new IngestAbstractFileThread(); //init all fs modules, everytime new worker starts for (IngestModuleAbstractFile s : abstractFileModules) { - s.init(managerProxy); + s.init(new IngestModuleInit() ); } abstractFileIngester.execute(); } diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java index 8e20edd8ae..c98c445d91 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java @@ -44,11 +44,9 @@ public interface IngestModuleAbstract { * Notification from manager that brand new ingest should be initiated. * Module loads its configuration and performs initialization * Invoked once per new worker thread, per ingest - * - * @param managerProxy modules available to the module by the ingest manager, e.g. - * for posting messages, getting configurations, firing events + * @param initContext context used to initialize some modules */ - public void init(IngestManagerProxy managerProxy); + public void init(IngestModuleInit initContext); /** * Notification from manager that there is no more content to process and all work is done. diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleInit.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleInit.java new file mode 100644 index 0000000000..e4dd6aee71 --- /dev/null +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleInit.java @@ -0,0 +1,49 @@ +/* + * Autopsy Forensic Browser + * + * Copyright 2012 Basis Technology Corp. + * Contact: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.ingest; + +/** + * + * Context passed to a module at initialization time. + * It may contain module configuration required to initialize some modules. + */ +public class IngestModuleInit { + + private String moduleArgs; + + /** + * Get module arguments + * @return module args string, used by some modules + */ + public String getModuleArgs() { + return moduleArgs; + } + + /** + * Sets module args. string (only used by module pipeline) + * @param moduleArgs arguments to set for the module + */ + void setModuleArgs(String moduleArgs) { + this.moduleArgs = moduleArgs; + } + + + + +} diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManagerProxy.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestServices.java similarity index 80% rename from Ingest/src/org/sleuthkit/autopsy/ingest/IngestManagerProxy.java rename to Ingest/src/org/sleuthkit/autopsy/ingest/IngestServices.java index 5164028b5a..85e6cf58a1 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManagerProxy.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestServices.java @@ -22,19 +22,30 @@ package org.sleuthkit.autopsy.ingest; /** - * Services available to ingest modules - * - * Facility for modules to interact with the ingest manager - * for sending data events, ingest messages, getting configuration, such as - * update frequency configuration + * Services available to ingest modules via singleton instance, + * e.g. for interacting with the ingest manager + * for sending data events, ingest messages, getting configurations, etc. * */ -public class IngestManagerProxy { +public class IngestServices { private IngestManager manager; - IngestManagerProxy(IngestManager manager) { - this.manager = manager; + private static IngestServices instance; + + private IngestServices() { + this.manager = IngestManager.getDefault(); + } + + /** + * Get handle to module services + * @return the services handle + */ + public static synchronized IngestServices getDefault() { + if (instance == null) { + instance = new IngestServices(); + } + return instance; } /** @@ -50,7 +61,7 @@ public class IngestManagerProxy { * @param eventType the event type, defined in IngestManager.IngestManagerEvents * @param moduleName the module name */ - public static void fireModuleEvent(String eventType, String moduleName) { + public void fireModuleEvent(String eventType, String moduleName) { IngestManager.fireModuleEvent(eventType, moduleName); } @@ -59,7 +70,7 @@ public class IngestManagerProxy { * Fire module data event to notify registered module data event listeners * @param moduleDataEvent module data event, encapsulating blackboard artifact data */ - public static void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) { + public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) { IngestManager.fireModuleDataEvent(moduleDataEvent); } diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java index 8cb831d545..6b97244b67 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java @@ -18,14 +18,14 @@ */ package org.sleuthkit.autopsy.ingest.example; -import java.beans.PropertyChangeListener; import java.util.logging.Level; import java.util.logging.Logger; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestModuleAbstract.ModuleType; import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.AbstractFile; /** @@ -36,7 +36,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile private static final Logger logger = Logger.getLogger(ExampleAbstractFileIngestModule.class.getName()); private static ExampleAbstractFileIngestModule instance = null; - private IngestManagerProxy managerProxy; + private static final IngestServices services = IngestServices.getDefault(); private static int messageId = 0; //file ingest modules require a private constructor @@ -54,7 +54,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile @Override public ProcessResult process(AbstractFile fsContent) { - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + fsContent.getName())); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + fsContent.getName())); //module specific AbstractFile processing code here try { @@ -68,7 +68,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile @Override public void complete() { logger.log(Level.INFO, "complete()"); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete")); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete")); //module specific cleanup due completion here } @@ -86,9 +86,8 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { logger.log(Level.INFO, "init()"); - this.managerProxy = managerProxy; //module specific initialization here } @@ -96,7 +95,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile @Override public void stop() { logger.log(Level.INFO, "stop()"); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped")); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped")); //module specific cleanup due interruption here } diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java index 89de129e55..5147343e70 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java @@ -18,14 +18,14 @@ */ package org.sleuthkit.autopsy.ingest.example; -import java.beans.PropertyChangeListener; import java.util.logging.Level; import java.util.logging.Logger; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestModuleImage; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.Image; /** @@ -36,7 +36,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage { private static final Logger logger = Logger.getLogger(ExampleImageIngestModule.class.getName()); private static ExampleImageIngestModule defaultInstance = null; - private IngestManagerProxy managerProxy; + private static final IngestServices services = IngestServices.getDefault(); private static int messageId = 0; //public constructor is required @@ -56,7 +56,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage { public void process(Image image, IngestImageWorkerController controller) { logger.log(Level.INFO, "process() " + this.toString()); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + image.getName())); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + image.getName())); //service specific Image processing code here //example: @@ -76,7 +76,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage { //do the work Thread.sleep(500); //post message to user if found something interesting - managerProxy.postMessage(IngestMessage.createMessage(processedFiles, MessageType.INFO, this, "Processed " + image.getName() + ": " + Integer.toString(processedFiles))); + services.postMessage(IngestMessage.createMessage(processedFiles, MessageType.INFO, this, "Processed " + image.getName() + ": " + Integer.toString(processedFiles))); //update progress controller.progress(++processedFiles); @@ -92,7 +92,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage { logger.log(Level.INFO, "complete() " + this.toString()); final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete"); - managerProxy.postMessage(msg); + services.postMessage(msg); //service specific cleanup due to completion here } @@ -108,9 +108,8 @@ public final class ExampleImageIngestModule implements IngestModuleImage { } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { logger.log(Level.INFO, "init() " + this.toString()); - this.managerProxy = managerProxy; //service specific initialization here @@ -119,7 +118,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage { @Override public void stop() { logger.log(Level.INFO, "stop()"); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped")); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped")); //service specific cleanup due to interruption here } diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/package.dox b/Ingest/src/org/sleuthkit/autopsy/ingest/package.dox index 530de4022c..d31618364d 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/package.dox +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/package.dox @@ -55,7 +55,7 @@ Module developers are encouraged to use the standard java.util.logging.Logger in \subsection ingestmodule_making_process Process Method The process method is where the work is done in each type of module. Some notes: -- File-level modules will be called on each file in an order determined by the IngestManager. Each module is free to quickly ignore a file based on name, signature, etc. If a module wants to know the return value from a previously run module, it should use the IngestManagerProxy.getAbstractFileModuleResult() method. +- File-level modules will be called on each file in an order determined by the IngestManager. Each module is free to quickly ignore a file based on name, signature, etc. If a module wants to know the return value from a previously run module, it should use the IngestServices.getAbstractFileModuleResult() method. - Image-level modules are expected not passed in specific files and are expected to query the database to find the files that they are interested in. @@ -97,11 +97,11 @@ Users will see the results from ingest modules in one of two ways: - Results are posted to the blackboard and will be displayed in the navigation tree - Messages are sent to the Ingest Inbox to notify a user of what has recently been found. -See the Blackboard (REFERENCE) documentation for posting results to it. Modules are free to immediately post results when they find them or they can wait. The IngestManagerProxy.getUpdateFrequency() method returns the maximum amount of time that a module can wait before it posts its results. +See the Blackboard (REFERENCE) documentation for posting results to it. Modules are free to immediately post results when they find them or they can wait. The IngestServices.getUpdateFrequency() method returns the maximum amount of time that a module can wait before it posts its results. An example of waiting to post results is the keyword search module. It is resource intensive to commit the keyword index and do a keyword search. Therefore, when its process() method is invoked, it checks if it is close to the getUpdateFrequency() since the last time it did a keyword search. If it is, then it commits the index and performs the search. -When they add data to the blackboard, modules should notify listeners of the new data by periodically invoking IngestManagerProxy.fireModuleDataEvent() method. This allows other modules (and the main UI) to know when to query the blackboard for the latest data. +When they add data to the blackboard, modules should notify listeners of the new data by periodically invoking IngestServices.fireModuleDataEvent() method. This allows other modules (and the main UI) to know when to query the blackboard for the latest data. Modules should post messages to the inbox when interesting data is found. The messages includes the module name, message subject, message details, a unique message id (in the context of the originating module), and a uniqueness attribute. The uniqueness attribute is used to group similar messages together and to determine the overall importance priority of the message (if the same message is seen repeatedly, it is considered lower priority). @@ -111,7 +111,7 @@ Ingest messages have different types: there are info messages, warning messages, The data messages contain encapsulated blackboard artifacts and attributes. The passed in data is used by the ingest inbox GUI widget to navigate to the artifact view in the directory tree, if requested by the user. Ingest message API is defined in IngestMessage class. The class also contains factory methods to create new messages. -Messages are posted using IngestManagerProxy.postMessage() method, which accepts a message object created using one of the factory methods. +Messages are posted using IngestServices.postMessage() method, which accepts a message object created using one of the factory methods. Modules should post inbox messages to the user when stop() or complete() is invoked (refer to the examples). It is recommended to populate the description field of the complete inbox message to provide feedback to the user diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 47a91402c5..c043aecba7 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -41,10 +41,11 @@ import org.openide.util.Cancellable; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.coreutils.StopWatch; import org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.SCRIPT; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.keywordsearch.Ingester.IngesterException; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -75,7 +76,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile public static final String MODULE_NAME = "Keyword Search"; public static final String MODULE_DESCRIPTION = "Performs file indexing and periodic search using keywords and regular expressions in lists."; private static KeywordSearchIngestModule instance = null; - private IngestManagerProxy managerProxy; + private static final IngestServices services = IngestServices.getDefault(); private Ingester ingester = null; private volatile boolean commitIndex = false; //whether to commit index next time private volatile boolean runSearcher = false; //whether to run searcher next time @@ -146,7 +147,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile } //check if we should index meta-data only when 1) it is known 2) HashDb module errored on it - IngestModuleAbstractFile.ProcessResult hashDBResult = managerProxy.getAbstractFileModuleResult(hashDBModuleName); + IngestModuleAbstractFile.ProcessResult hashDBResult = services.getAbstractFileModuleResult(hashDBModuleName); //logger.log(Level.INFO, "hashdb result: " + hashDBResult + "file: " + AbstractFile.getName()); if (hashDBResult == IngestModuleAbstractFile.ProcessResult.ERROR) { //index meta-data only @@ -230,7 +231,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile finalSearcher.execute(); } else { finalSearcherDone = true; - managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Completed")); + services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Completed")); } //log number of files / chunks in index @@ -292,17 +293,15 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile * Initializes the module for new ingest run Sets up threads, timers, * retrieves settings, keyword lists to run on * - * @param managerProxy + * @param services */ @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { logger.log(Level.INFO, "init()"); initialized = false; caseHandle = Case.getCurrentCase().getSleuthkitCase(); - this.managerProxy = managerProxy; - ingester = Server.getIngester(); //initialize extractors @@ -330,7 +329,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile initKeywords(); if (keywords.isEmpty() || keywordLists.isEmpty()) { - managerProxy.postMessage(IngestMessage.createWarningMessage(++messageID, instance, "No keywords in keyword list.", "Only indexing will be done and and keyword search will be skipped (it can be executed later again as ingest or using toolbar search feature).")); + services.postMessage(IngestMessage.createWarningMessage(++messageID, instance, "No keywords in keyword list.", "Only indexing will be done and and keyword search will be skipped (it can be executed later again as ingest or using toolbar search feature).")); } processedFiles = false; @@ -341,7 +340,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile indexer = new Indexer(); - final int updateIntervalMs = managerProxy.getUpdateFrequency() * 60 * 1000; + final int updateIntervalMs = services.getUpdateFrequency() * 60 * 1000; logger.log(Level.INFO, "Using commit interval (ms): " + updateIntervalMs); logger.log(Level.INFO, "Using searcher interval (ms): " + updateIntervalMs); @@ -353,7 +352,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile commitTimer.start(); searchTimer.start(); - managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Started")); + services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Started")); } @Override @@ -453,7 +452,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile msg.append("
Skipped files: ").append(skipped).append("
"); String indexStats = msg.toString(); logger.log(Level.INFO, "Keyword Indexing Completed: " + indexStats); - managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Keyword Indexing Completed", indexStats)); + services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Keyword Indexing Completed", indexStats)); } @@ -910,7 +909,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile //check if should send messages on hits on this list if (list.getIngestMessages()) //post ingest inbox msg { - managerProxy.postMessage(IngestMessage.createDataMessage(++messageID, instance, subjectSb.toString(), detailsSb.toString(), uniqueKey, written.getArtifact())); + services.postMessage(IngestMessage.createDataMessage(++messageID, instance, subjectSb.toString(), detailsSb.toString(), uniqueKey, written.getArtifact())); } @@ -919,7 +918,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile //update artifact browser if (!newArtifacts.isEmpty()) { - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, newArtifacts)); + services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, newArtifacts)); } } progress.progress(queryStr, ++numSearched); @@ -987,7 +986,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile //reset current resuls earlier to potentially garbage collect sooner currentResults = new HashMap>(); - managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, KeywordSearchIngestModule.instance, "Completed")); + services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, KeywordSearchIngestModule.instance, "Completed")); } else { //start counting time for a new searcher to start //unless final searcher is pending diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java index b0ae0cea15..41c9418efd 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java @@ -42,7 +42,7 @@ import org.sleuthkit.autopsy.corecomponentinterfaces.DataResultViewer; import org.sleuthkit.autopsy.datamodel.AbstractFsContentNode; import org.sleuthkit.autopsy.datamodel.AbstractFsContentNode.FsContentPropertyType; import org.sleuthkit.autopsy.datamodel.KeyValueNode; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.keywordsearch.KeywordSearchQueryManager.Presentation; import org.sleuthkit.datamodel.AbstractFile; @@ -536,7 +536,7 @@ public class KeywordSearchResultFactory extends ChildFactory { if (!this.isCancelled() && !na.isEmpty()) { - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(KeywordSearchIngestModule.MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, na)); + IngestServices.getDefault().fireModuleDataEvent(new ModuleDataEvent(KeywordSearchIngestModule.MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, na)); } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index faad0f01e7..18596ab582 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -24,8 +24,7 @@ import com.google.gson.JsonArray; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import javax.swing.JPanel; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.autopsy.datamodel.ContentUtils; import java.util.logging.Level; @@ -35,8 +34,8 @@ import java.io.File; import java.io.FileReader; import org.sleuthkit.autopsy.coreutils.DecodeUtil; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.IngestModuleImage; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; @@ -45,11 +44,12 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.Image; /** - * - * @author Alex + * Chrome recent activity extraction */ public class Chrome extends Extract implements IngestModuleImage { + private static final IngestServices services = IngestServices.getDefault(); + private static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; private static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies"; @@ -114,7 +114,7 @@ public class Chrome extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); } } @@ -174,7 +174,7 @@ public class Chrome extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); } } @@ -223,7 +223,7 @@ public class Chrome extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); } } @@ -274,7 +274,7 @@ public class Chrome extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); } } @@ -321,12 +321,12 @@ public class Chrome extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); } } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { throw new UnsupportedOperationException("Not supported yet."); } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java index 47b9019148..2386f7337f 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java @@ -50,11 +50,9 @@ import org.sleuthkit.autopsy.coreutils.DecodeUtil; import org.sleuthkit.autopsy.coreutils.JLNK; import org.sleuthkit.autopsy.coreutils.JLnkParser; import org.sleuthkit.autopsy.datamodel.ContentUtils; -import org.sleuthkit.autopsy.datamodel.DataConversion; import org.sleuthkit.autopsy.datamodel.KeyValue; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.autopsy.ingest.IngestManager; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; @@ -65,11 +63,13 @@ import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.ingest.IngestModuleImage; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.*; public class ExtractIE extends Extract implements IngestModuleImage { private static final Logger logger = Logger.getLogger(ExtractIE.class.getName()); + private static final IngestServices services = IngestServices.getDefault(); private String indexDatQueryStr = "select * from tsk_files where name LIKE '%index.dat%'"; private String favoriteQuery = "select * from `tsk_files` where parent_path LIKE '%/Favorites%' and name LIKE '%.url'"; private String cookiesQuery = "select * from `tsk_files` where parent_path LIKE '%/Cookies%' and name LIKE '%.txt'"; @@ -142,7 +142,7 @@ public class ExtractIE extends Extract implements IngestModuleImage { bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "Internet Explorer")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", domain)); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, Favorite, bbattributes); - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); } catch (Exception ex) { logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex); this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + Favorite.getName()); @@ -195,7 +195,7 @@ public class ExtractIE extends Extract implements IngestModuleImage { } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); } //Recent Documents section @@ -225,7 +225,7 @@ public class ExtractIE extends Extract implements IngestModuleImage { } } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT)); } @@ -488,11 +488,11 @@ public class ExtractIE extends Extract implements IngestModuleImage { } } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { throw new UnsupportedOperationException("Not supported yet."); } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 29bf99189b..95aec3f90a 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -28,7 +28,6 @@ import java.text.SimpleDateFormat; import java.util.*; import java.util.logging.Level; import java.util.logging.Logger; -import javax.swing.JPanel; import org.jdom.Document; import org.jdom.Element; import org.jdom.input.SAXBuilder; @@ -36,8 +35,9 @@ import org.openide.modules.InstalledFileLocator; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestModuleImage; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.*; @@ -47,6 +47,8 @@ import org.sleuthkit.datamodel.*; */ public class ExtractRegistry extends Extract implements IngestModuleImage { + private static final IngestServices services = IngestServices.getDefault(); + public Logger logger = Logger.getLogger(this.getClass().getName()); private String RR_PATH; boolean rrFound = false; @@ -328,7 +330,7 @@ public class ExtractRegistry extends Extract implements IngestModuleImage { } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { throw new UnsupportedOperationException("Not supported yet."); } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index 2cfe2bdf21..f8827290b6 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -27,13 +27,12 @@ import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.logging.Level; -import javax.swing.JPanel; import org.sleuthkit.autopsy.coreutils.DecodeUtil; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.autopsy.ingest.IngestManager; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestModuleImage; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; @@ -43,11 +42,12 @@ import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.Image; /** - * - * @author Alex + * Firefox recent activity extraction */ public class Firefox extends Extract implements IngestModuleImage { + private static final IngestServices services = IngestServices.getDefault(); + private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0"; private static final String ffcookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed,(creationTime/1000000) as creationTime FROM moz_cookies"; private static final String ff3cookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed FROM moz_cookies"; @@ -108,7 +108,7 @@ public class Firefox extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); } } @@ -151,7 +151,7 @@ public class Firefox extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK)); } } @@ -211,7 +211,7 @@ public class Firefox extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE)); } } @@ -259,12 +259,12 @@ public class Firefox extends Extract implements IngestModuleImage { j++; dbFile.delete(); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); + services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD)); } } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { throw new UnsupportedOperationException("Not supported yet."); } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java index 89a0794f47..8b574bfac5 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java @@ -25,10 +25,11 @@ import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestModuleImage; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.Image; /** @@ -39,7 +40,7 @@ public final class RAImageIngestModule implements IngestModuleImage { private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName()); private static RAImageIngestModule defaultInstance = null; - private IngestManagerProxy managerProxy; + private static final IngestServices services = IngestServices.getDefault(); private static int messageId = 0; private ArrayList errors = new ArrayList(); private StringBuilder subCompleted = new StringBuilder(); @@ -71,7 +72,7 @@ public final class RAImageIngestModule implements IngestModuleImage { modules.add(chre); modules.add(eere); modules.add(usq); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Started " + image.getName())); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Started " + image.getName())); controller.switchToDeterminate(modules.size()); controller.progress(0); @@ -101,7 +102,7 @@ public final class RAImageIngestModule implements IngestModuleImage { for (String msg : errors) { i++; final IngestMessage error = IngestMessage.createMessage(++messageId, MessageType.INFO, this, msg + "
"); - managerProxy.postMessage(error); + services.postMessage(error); } errorsFound = i + " errors found!"; }else @@ -110,7 +111,7 @@ public final class RAImageIngestModule implements IngestModuleImage { errorsFound = "No errors reported"; } final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Completed - " + errorsFound, errorMessage.toString()); - managerProxy.postMessage(msg); + services.postMessage(msg); //module specific cleanup due to completion here } @@ -126,9 +127,8 @@ public final class RAImageIngestModule implements IngestModuleImage { } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { logger.log(Level.INFO, "init() " + this.toString()); - this.managerProxy = managerProxy; this.eere = new ExtractIE(); this.chre = new Chrome(); this.eree = new ExtractRegistry(); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java index fc7fe8ec76..aed0f68c55 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java @@ -24,11 +24,11 @@ import java.net.URLDecoder; import java.util.ArrayList; import java.util.Collection; import java.util.logging.Level; -import java.util.logging.Logger; import javax.swing.JPanel; import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestModuleImage; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; @@ -49,6 +49,8 @@ import org.sleuthkit.datamodel.Image; */ public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModuleImage { + private static final IngestServices services = IngestServices.getDefault(); + static final String MODULE_NAME = "Search Engine Query Analyzer"; /** @@ -336,7 +338,7 @@ public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModul logger.log(Level.SEVERE, "Error while add artifact.", e + " from " + fs.toString()); this.addErrorMessage(this.getName() + ": Error while adding artifact"); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("RecentActivity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY)); + services.fireModuleDataEvent(new ModuleDataEvent("RecentActivity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY)); } @@ -368,7 +370,7 @@ public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModul } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { logger.info("running init()"); } diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java index 06b52d8ccf..5d3255685e 100644 --- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java +++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java @@ -33,7 +33,7 @@ import java.util.logging.Level; import java.util.logging.Logger; import org.apache.tika.exception.TikaException; import org.apache.tika.metadata.Metadata; -import org.sleuthkit.autopsy.ingest.IngestManagerProxy; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestModuleAbstract.*; @@ -50,6 +50,7 @@ import org.xml.sax.SAXException; import org.apache.commons.lang.StringEscapeUtils; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.datamodel.ContentUtils; +import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.ContentVisitor; import org.sleuthkit.datamodel.SleuthkitCase; @@ -60,7 +61,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile private static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()); private static ThunderbirdMboxFileIngestModule instance = null; - private IngestManagerProxy managerProxy; + private static final IngestServices services = IngestServices.getDefault(); private static int messageId = 0; private static final String classname = "Thunderbird Parser"; private final String hashDBModuleName = "Hash Lookup"; @@ -79,7 +80,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile boolean isMbox = false; IngestModuleAbstractFile.ProcessResult hashDBResult = - managerProxy.getAbstractFileModuleResult(hashDBModuleName); + services.getAbstractFileModuleResult(hashDBModuleName); if (abstractFile.accept(getIsFileKnown) == true) { return ProcessResult.OK; //file is known, stop processing it @@ -99,7 +100,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile if (isMbox) { - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + abstractFile.getName())); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + abstractFile.getName())); String mboxName = abstractFile.getName(); String msfName = mboxName + ".msf"; Long mboxId = abstractFile.getId(); @@ -219,7 +220,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile } catch (TskCoreException ex) { Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex); } - IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(classname, BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG)); + services.fireModuleDataEvent(new ModuleDataEvent(classname, BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG)); } } catch (FileNotFoundException ex) { Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex); @@ -238,7 +239,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile @Override public void complete() { logger.log(Level.INFO, "complete()"); - managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "COMPLETE")); + services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "COMPLETE")); //module specific cleanup due completion here } @@ -254,9 +255,8 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile } @Override - public void init(IngestManagerProxy managerProxy) { + public void init(IngestModuleInit initContext) { logger.log(Level.INFO, "init()"); - this.managerProxy = managerProxy; //module specific initialization here }