mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ingest API changes: add IngestModuleInit context to init(), change IngestManagerProxy into IngestServices singleton

Browse Source
This commit is contained in:
adam-m 2012-08-30 12:47:15 -04:00
parent 01f535b3c6
commit 4d73386d96
18 changed files with 185 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java
View File

@ -32,11 +32,12 @@ import java.util.Collection;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstract;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
@ -53,10 +54,11 @@ import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
*/
public final class ExifParserFileIngestModule implements IngestModuleAbstractFile {
private static final IngestServices services = IngestServices.getDefault();
final String MODULE_NAME = "Exif Parser";
private static final Logger logger = Logger.getLogger(ExifParserFileIngestModule.class.getName());
private static ExifParserFileIngestModule defaultInstance = null;
private IngestManagerProxy managerProxy;
private static int messageId = 0;
//file ingest modules require a private constructor
@ -185,7 +187,7 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil
logger.log(Level.INFO, "completed exif parsing " + this.toString());
final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete");
managerProxy.postMessage(msg);
services.postMessage(msg);
//module specific cleanup due to completion here
}
@ -201,16 +203,15 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
logger.log(Level.INFO, "init() " + this.toString());
this.managerProxy = managerProxy;
}
@Override
public void stop() {
logger.log(Level.INFO, "stop()");
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped"));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped"));
//module specific cleanup due to interruption here
}

29
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java
View File

@ -25,10 +25,10 @@ import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
@ -51,7 +51,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
public final static String MODULE_DESCRIPTION = "Identifies known and notables files using supplied hash databases, such as a standard NSRL database.";
private static final Logger logger = Logger.getLogger(HashDbIngestModule.class.getName());
private Processor processor = new Processor();
private IngestManagerProxy managerProxy;
private static final IngestServices services = IngestServices.getDefault();
private SleuthkitCase skCase;
private static int messageId = 0;
private int count;
@ -81,14 +81,13 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
* notification from manager that brand new processing should be initiated.
* Module loads its configuration and performs initialization
*
* @param managerProxy handle to the manager to postMessage() to
* @param services handle to the manager to postMessage() to
*/
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
HashDbManagementPanel.getDefault().setIngestRunning(true);
HashDbSimplePanel.setIngestRunning(true);
this.managerProxy = managerProxy;
this.managerProxy.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Started"));
this.services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Started"));
this.skCase = Case.getCurrentCase().getSleuthkitCase();
try {
HashDbXML hdbxml = HashDbXML.getCurrent();
@ -116,10 +115,10 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
}
if (!nsrlIsSet) {
this.managerProxy.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No NSRL database set", "Known file search will not be executed."));
this.services.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No NSRL database set", "Known file search will not be executed."));
}
if (!knownBadIsSet) {
this.managerProxy.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No known bad database set", "Known bad file search will not be executed."));
this.services.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No known bad database set", "Known bad file search will not be executed."));
}
} catch (TskException ex) {
@ -156,7 +155,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
}
detailsSb.append("</table>");
managerProxy.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Hash Ingest Complete", detailsSb.toString()));
services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Hash Ingest Complete", detailsSb.toString()));
HashDbManagementPanel.getDefault().setIngestRunning(false);
HashDbSimplePanel.setIngestRunning(false);
@ -266,13 +265,13 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
detailsSb.append("</table>");
managerProxy.postMessage(IngestMessage.createDataMessage(++messageId, this,
services.postMessage(IngestMessage.createDataMessage(++messageId, this,
"Notable: " + abstractFile.getName(),
detailsSb.toString(),
abstractFile.getName() + md5Hash,
badFile));
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_HASHSET_HIT, Collections.singletonList(badFile)));
services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_HASHSET_HIT, Collections.singletonList(badFile)));
} catch (TskException ex) {
logger.log(Level.WARNING, "Error creating blackboard artifact", ex);
}
@ -332,12 +331,12 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
}
} catch (TskException ex) {
logger.log(Level.WARNING, "Couldn't analyze file " + name + " - see sleuthkit log for details", ex);
managerProxy.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name,
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Hash Lookup Error: " + name,
"Error encountered while updating the hash values for " + name + "."));
ret = ProcessResult.ERROR;
} catch (IOException ex) {
logger.log(Level.WARNING, "Error reading file " + name, ex);
managerProxy.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name,
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name,
"Error encountered while calculating the hash value for " + name + "."));
ret = ProcessResult.ERROR;
}
@ -354,7 +353,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile {
}
catch (IOException ex) {
logger.log(Level.WARNING, "Error reading file " + name, ex);
managerProxy.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name,
services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name,
"Error encountered while calculating the hash value for " + name + " without databases."));
}
}

6
Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -100,8 +100,6 @@ public class IngestManager {
private final List<IngestModuleAbstractFile> abstractFileModules = enumerateAbstractFileModules();
// module return values
private final Map<String, IngestModuleAbstractFile.ProcessResult> abstractFileModulesRetValues = new HashMap<String, IngestModuleAbstractFile.ProcessResult>();
//manager proxy
final IngestManagerProxy managerProxy = new IngestManagerProxy(this);
//notifications
private final static PropertyChangeSupport pcs = new PropertyChangeSupport(IngestManager.class);
//monitor
@ -293,7 +291,7 @@ public class IngestManager {
imageIngesters.add(newImageWorker);
//image modules are now initialized per instance
quModule.init(managerProxy);
quModule.init(new IngestModuleInit() );
newImageWorker.execute();
IngestManager.fireModuleEvent(IngestModuleEvent.STARTED.toString(), quModule.getName());
}
@ -323,7 +321,7 @@ public class IngestManager {
abstractFileIngester = new IngestAbstractFileThread();
//init all fs modules, everytime new worker starts
for (IngestModuleAbstractFile s : abstractFileModules) {
s.init(managerProxy);
s.init(new IngestModuleInit() );
}
abstractFileIngester.execute();
}

6
Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java
View File

@ -44,11 +44,9 @@ public interface IngestModuleAbstract {
* Notification from manager that brand new ingest should be initiated.
* Module loads its configuration and performs initialization
* Invoked once per new worker thread, per ingest
*
* @param managerProxy modules available to the module by the ingest manager, e.g.
* for posting messages, getting configurations, firing events
* @param initContext context used to initialize some modules
*/
public void init(IngestManagerProxy managerProxy);
public void init(IngestModuleInit initContext);
/**
* Notification from manager that there is no more content to process and all work is done.

49
Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleInit.java Normal file
View File

@ -0,0 +1,49 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2012 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.ingest;
/**
*
* Context passed to a module at initialization time.
* It may contain module configuration required to initialize some modules.
*/
public class IngestModuleInit {
private String moduleArgs;
/**
* Get module arguments
* @return module args string, used by some modules
*/
public String getModuleArgs() {
return moduleArgs;
}
/**
* Sets module args. string (only used by module pipeline)
* @param moduleArgs arguments to set for the module
*/
void setModuleArgs(String moduleArgs) {
this.moduleArgs = moduleArgs;
}
}

31
Ingest/src/org/sleuthkit/autopsy/ingest/IngestManagerProxy.java → Ingest/src/org/sleuthkit/autopsy/ingest/IngestServices.java
View File

@ -22,19 +22,30 @@ package org.sleuthkit.autopsy.ingest;
/**
* Services available to ingest modules
*
* Facility for modules to interact with the ingest manager
* for sending data events, ingest messages, getting configuration, such as
* update frequency configuration
* Services available to ingest modules via singleton instance,
* e.g. for interacting with the ingest manager
* for sending data events, ingest messages, getting configurations, etc.
*
*/
public class IngestManagerProxy {
public class IngestServices {
private IngestManager manager;
IngestManagerProxy(IngestManager manager) {
this.manager = manager;
private static IngestServices instance;
private IngestServices() {
this.manager = IngestManager.getDefault();
}
/**
* Get handle to module services
* @return the services handle
*/
public static synchronized IngestServices getDefault() {
if (instance == null) {
instance = new IngestServices();
}
return instance;
}
/**
@ -50,7 +61,7 @@ public class IngestManagerProxy {
* @param eventType the event type, defined in IngestManager.IngestManagerEvents
* @param moduleName the module name
*/
public static void fireModuleEvent(String eventType, String moduleName) {
public void fireModuleEvent(String eventType, String moduleName) {
IngestManager.fireModuleEvent(eventType, moduleName);
}
@ -59,7 +70,7 @@ public class IngestManagerProxy {
* Fire module data event to notify registered module data event listeners
* @param moduleDataEvent module data event, encapsulating blackboard artifact data
*/
public static void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) {
public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) {
IngestManager.fireModuleDataEvent(moduleDataEvent);
}

15
Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java
View File

@ -18,14 +18,14 @@
*/
package org.sleuthkit.autopsy.ingest.example;
import java.beans.PropertyChangeListener;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstract.ModuleType;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.AbstractFile;
/**
@ -36,7 +36,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile
private static final Logger logger = Logger.getLogger(ExampleAbstractFileIngestModule.class.getName());
private static ExampleAbstractFileIngestModule instance = null;
private IngestManagerProxy managerProxy;
private static final IngestServices services = IngestServices.getDefault();
private static int messageId = 0;
//file ingest modules require a private constructor
@ -54,7 +54,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile
@Override
public ProcessResult process(AbstractFile fsContent) {
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + fsContent.getName()));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + fsContent.getName()));
//module specific AbstractFile processing code here
try {
@ -68,7 +68,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile
@Override
public void complete() {
logger.log(Level.INFO, "complete()");
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete"));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete"));
//module specific cleanup due completion here
}
@ -86,9 +86,8 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
logger.log(Level.INFO, "init()");
this.managerProxy = managerProxy;
//module specific initialization here
}
@ -96,7 +95,7 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile
@Override
public void stop() {
logger.log(Level.INFO, "stop()");
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped"));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped"));
//module specific cleanup due interruption here
}

17
Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java
View File

@ -18,14 +18,14 @@
*/
package org.sleuthkit.autopsy.ingest.example;
import java.beans.PropertyChangeListener;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.Image;
/**
@ -36,7 +36,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage {
private static final Logger logger = Logger.getLogger(ExampleImageIngestModule.class.getName());
private static ExampleImageIngestModule defaultInstance = null;
private IngestManagerProxy managerProxy;
private static final IngestServices services = IngestServices.getDefault();
private static int messageId = 0;
//public constructor is required
@ -56,7 +56,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage {
public void process(Image image, IngestImageWorkerController controller) {
logger.log(Level.INFO, "process() " + this.toString());
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + image.getName()));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + image.getName()));
//service specific Image processing code here
//example:
@ -76,7 +76,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage {
//do the work
Thread.sleep(500);
//post message to user if found something interesting
managerProxy.postMessage(IngestMessage.createMessage(processedFiles, MessageType.INFO, this, "Processed " + image.getName() + ": " + Integer.toString(processedFiles)));
services.postMessage(IngestMessage.createMessage(processedFiles, MessageType.INFO, this, "Processed " + image.getName() + ": " + Integer.toString(processedFiles)));
//update progress
controller.progress(++processedFiles);
@ -92,7 +92,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage {
logger.log(Level.INFO, "complete() " + this.toString());
final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Complete");
managerProxy.postMessage(msg);
services.postMessage(msg);
//service specific cleanup due to completion here
}
@ -108,9 +108,8 @@ public final class ExampleImageIngestModule implements IngestModuleImage {
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
logger.log(Level.INFO, "init() " + this.toString());
this.managerProxy = managerProxy;
//service specific initialization here
@ -119,7 +118,7 @@ public final class ExampleImageIngestModule implements IngestModuleImage {
@Override
public void stop() {
logger.log(Level.INFO, "stop()");
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped"));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Stopped"));
//service specific cleanup due to interruption here
}

8
Ingest/src/org/sleuthkit/autopsy/ingest/package.dox
View File

@ -55,7 +55,7 @@ Module developers are encouraged to use the standard java.util.logging.Logger in
\subsection ingestmodule_making_process Process Method
The process method is where the work is done in each type of module. Some notes:
- File-level modules will be called on each file in an order determined by the IngestManager. Each module is free to quickly ignore a file based on name, signature, etc. If a module wants to know the return value from a previously run module, it should use the IngestManagerProxy.getAbstractFileModuleResult() method.
- File-level modules will be called on each file in an order determined by the IngestManager. Each module is free to quickly ignore a file based on name, signature, etc. If a module wants to know the return value from a previously run module, it should use the IngestServices.getAbstractFileModuleResult() method.
- Image-level modules are expected not passed in specific files and are expected to query the database to find the files that they are interested in.
@ -97,11 +97,11 @@ Users will see the results from ingest modules in one of two ways:
- Results are posted to the blackboard and will be displayed in the navigation tree
- Messages are sent to the Ingest Inbox to notify a user of what has recently been found.
See the Blackboard (REFERENCE) documentation for posting results to it. Modules are free to immediately post results when they find them or they can wait. The IngestManagerProxy.getUpdateFrequency() method returns the maximum amount of time that a module can wait before it posts its results.
See the Blackboard (REFERENCE) documentation for posting results to it. Modules are free to immediately post results when they find them or they can wait. The IngestServices.getUpdateFrequency() method returns the maximum amount of time that a module can wait before it posts its results.
An example of waiting to post results is the keyword search module. It is resource intensive to commit the keyword index and do a keyword search. Therefore, when its process() method is invoked, it checks if it is close to the getUpdateFrequency() since the last time it did a keyword search. If it is, then it commits the index and performs the search.
When they add data to the blackboard, modules should notify listeners of the new data by periodically invoking IngestManagerProxy.fireModuleDataEvent() method. This allows other modules (and the main UI) to know when to query the blackboard for the latest data.
When they add data to the blackboard, modules should notify listeners of the new data by periodically invoking IngestServices.fireModuleDataEvent() method. This allows other modules (and the main UI) to know when to query the blackboard for the latest data.
Modules should post messages to the inbox when interesting data is found. The messages includes the module name, message subject, message details, a unique message id (in the context of the originating module), and a uniqueness attribute. The uniqueness attribute is used to group similar messages together and to determine the overall importance priority of the message (if the same message is seen repeatedly, it is considered lower priority).
@ -111,7 +111,7 @@ Ingest messages have different types: there are info messages, warning messages,
The data messages contain encapsulated blackboard artifacts and attributes. The passed in data is used by the ingest inbox GUI widget to navigate to the artifact view in the directory tree, if requested by the user.
Ingest message API is defined in IngestMessage class. The class also contains factory methods to create new messages.
Messages are posted using IngestManagerProxy.postMessage() method, which accepts a message object created using one of the factory methods.
Messages are posted using IngestServices.postMessage() method, which accepts a message object created using one of the factory methods.
Modules should post inbox messages to the user when stop() or complete() is invoked (refer to the examples).
It is recommended to populate the description field of the complete inbox message to provide feedback to the user

29
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
View File

@ -41,10 +41,11 @@ import org.openide.util.Cancellable;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.StopWatch;
import org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.SCRIPT;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.autopsy.keywordsearch.Ingester.IngesterException;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ -75,7 +76,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
public static final String MODULE_NAME = "Keyword Search";
public static final String MODULE_DESCRIPTION = "Performs file indexing and periodic search using keywords and regular expressions in lists.";
private static KeywordSearchIngestModule instance = null;
private IngestManagerProxy managerProxy;
private static final IngestServices services = IngestServices.getDefault();
private Ingester ingester = null;
private volatile boolean commitIndex = false; //whether to commit index next time
private volatile boolean runSearcher = false; //whether to run searcher next time
@ -146,7 +147,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
}
//check if we should index meta-data only when 1) it is known 2) HashDb module errored on it
IngestModuleAbstractFile.ProcessResult hashDBResult = managerProxy.getAbstractFileModuleResult(hashDBModuleName);
IngestModuleAbstractFile.ProcessResult hashDBResult = services.getAbstractFileModuleResult(hashDBModuleName);
//logger.log(Level.INFO, "hashdb result: " + hashDBResult + "file: " + AbstractFile.getName());
if (hashDBResult == IngestModuleAbstractFile.ProcessResult.ERROR) {
//index meta-data only
@ -230,7 +231,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
finalSearcher.execute();
} else {
finalSearcherDone = true;
managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Completed"));
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Completed"));
}
//log number of files / chunks in index
@ -292,17 +293,15 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
* Initializes the module for new ingest run Sets up threads, timers,
* retrieves settings, keyword lists to run on
*
* @param managerProxy
* @param services
*/
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
logger.log(Level.INFO, "init()");
initialized = false;
caseHandle = Case.getCurrentCase().getSleuthkitCase();
this.managerProxy = managerProxy;
ingester = Server.getIngester();
//initialize extractors
@ -330,7 +329,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
initKeywords();
if (keywords.isEmpty() || keywordLists.isEmpty()) {
managerProxy.postMessage(IngestMessage.createWarningMessage(++messageID, instance, "No keywords in keyword list.", "Only indexing will be done and and keyword search will be skipped (it can be executed later again as ingest or using toolbar search feature)."));
services.postMessage(IngestMessage.createWarningMessage(++messageID, instance, "No keywords in keyword list.", "Only indexing will be done and and keyword search will be skipped (it can be executed later again as ingest or using toolbar search feature)."));
}
processedFiles = false;
@ -341,7 +340,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
indexer = new Indexer();
final int updateIntervalMs = managerProxy.getUpdateFrequency() * 60 * 1000;
final int updateIntervalMs = services.getUpdateFrequency() * 60 * 1000;
logger.log(Level.INFO, "Using commit interval (ms): " + updateIntervalMs);
logger.log(Level.INFO, "Using searcher interval (ms): " + updateIntervalMs);
@ -353,7 +352,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
commitTimer.start();
searchTimer.start();
managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Started"));
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Started"));
}
@Override
@ -453,7 +452,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
msg.append("<br />Skipped files: ").append(skipped).append("<br />");
String indexStats = msg.toString();
logger.log(Level.INFO, "Keyword Indexing Completed: " + indexStats);
managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Keyword Indexing Completed", indexStats));
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, this, "Keyword Indexing Completed", indexStats));
}
@ -910,7 +909,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
//check if should send messages on hits on this list
if (list.getIngestMessages()) //post ingest inbox msg
{
managerProxy.postMessage(IngestMessage.createDataMessage(++messageID, instance, subjectSb.toString(), detailsSb.toString(), uniqueKey, written.getArtifact()));
services.postMessage(IngestMessage.createDataMessage(++messageID, instance, subjectSb.toString(), detailsSb.toString(), uniqueKey, written.getArtifact()));
}
@ -919,7 +918,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
//update artifact browser
if (!newArtifacts.isEmpty()) {
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, newArtifacts));
services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, newArtifacts));
}
}
progress.progress(queryStr, ++numSearched);
@ -987,7 +986,7 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
//reset current resuls earlier to potentially garbage collect sooner
currentResults = new HashMap<Keyword, List<Long>>();
managerProxy.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, KeywordSearchIngestModule.instance, "Completed"));
services.postMessage(IngestMessage.createMessage(++messageID, MessageType.INFO, KeywordSearchIngestModule.instance, "Completed"));
} else {
//start counting time for a new searcher to start
//unless final searcher is pending

4
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java
View File

@ -42,7 +42,7 @@ import org.sleuthkit.autopsy.corecomponentinterfaces.DataResultViewer;
import org.sleuthkit.autopsy.datamodel.AbstractFsContentNode;
import org.sleuthkit.autopsy.datamodel.AbstractFsContentNode.FsContentPropertyType;
import org.sleuthkit.autopsy.datamodel.KeyValueNode;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.autopsy.keywordsearch.KeywordSearchQueryManager.Presentation;
import org.sleuthkit.datamodel.AbstractFile;
@ -536,7 +536,7 @@ public class KeywordSearchResultFactory extends ChildFactory<KeyValueQuery> {
if (!this.isCancelled() && !na.isEmpty()) {
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(KeywordSearchIngestModule.MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, na));
IngestServices.getDefault().fireModuleDataEvent(new ModuleDataEvent(KeywordSearchIngestModule.MODULE_NAME, ARTIFACT_TYPE.TSK_KEYWORD_HIT, na));
}
}

22
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -24,8 +24,7 @@ import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import javax.swing.JPanel;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import java.util.logging.Level;
@ -35,8 +34,8 @@ import java.io.File;
import java.io.FileReader;
import org.sleuthkit.autopsy.coreutils.DecodeUtil;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
@ -45,11 +44,12 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Image;
/**
*
* @author Alex
* Chrome recent activity extraction
*/
public class Chrome extends Extract implements IngestModuleImage {
private static final IngestServices services = IngestServices.getDefault();
private static final String chquery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, "
+ "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url";
private static final String chcookiequery = "select name, value, host_key, expires_utc,last_access_utc, creation_utc from cookies";
@ -114,7 +114,7 @@ public class Chrome extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
}
}
@ -174,7 +174,7 @@ public class Chrome extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
}
}
@ -223,7 +223,7 @@ public class Chrome extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
}
}
@ -274,7 +274,7 @@ public class Chrome extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
}
}
@ -321,12 +321,12 @@ public class Chrome extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
}
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
throw new UnsupportedOperationException("Not supported yet.");
}

16
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -50,11 +50,9 @@ import org.sleuthkit.autopsy.coreutils.DecodeUtil;
import org.sleuthkit.autopsy.coreutils.JLNK;
import org.sleuthkit.autopsy.coreutils.JLnkParser;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.datamodel.DataConversion;
import org.sleuthkit.autopsy.datamodel.KeyValue;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
@ -65,11 +63,13 @@ import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.*;
public class ExtractIE extends Extract implements IngestModuleImage {
private static final Logger logger = Logger.getLogger(ExtractIE.class.getName());
private static final IngestServices services = IngestServices.getDefault();
private String indexDatQueryStr = "select * from tsk_files where name LIKE '%index.dat%'";
private String favoriteQuery = "select * from `tsk_files` where parent_path LIKE '%/Favorites%' and name LIKE '%.url'";
private String cookiesQuery = "select * from `tsk_files` where parent_path LIKE '%/Cookies%' and name LIKE '%.txt'";
@ -142,7 +142,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "Internet Explorer"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", domain));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, Favorite, bbattributes);
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
} catch (Exception ex) {
logger.log(Level.WARNING, "Error while trying to read into a sqlite db.{0}", ex);
this.addErrorMessage(this.getName() + ": Error while trying to analyze file:" + Favorite.getName());
@ -195,7 +195,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
}
//Recent Documents section
@ -225,7 +225,7 @@ public class ExtractIE extends Extract implements IngestModuleImage {
}
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT));
}
@ -488,11 +488,11 @@ public class ExtractIE extends Extract implements IngestModuleImage {
}
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
throw new UnsupportedOperationException("Not supported yet.");
}

8
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -28,7 +28,6 @@ import java.text.SimpleDateFormat;
import java.util.*;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JPanel;
import org.jdom.Document;
import org.jdom.Element;
import org.jdom.input.SAXBuilder;
@ -36,8 +35,9 @@ import org.openide.modules.InstalledFileLocator;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.*;
@ -47,6 +47,8 @@ import org.sleuthkit.datamodel.*;
*/
public class ExtractRegistry extends Extract implements IngestModuleImage {
private static final IngestServices services = IngestServices.getDefault();
public Logger logger = Logger.getLogger(this.getClass().getName());
private String RR_PATH;
boolean rrFound = false;
@ -328,7 +330,7 @@ public class ExtractRegistry extends Extract implements IngestModuleImage {
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
throw new UnsupportedOperationException("Not supported yet.");
}

20
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -27,13 +27,12 @@ import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.logging.Level;
import javax.swing.JPanel;
import org.sleuthkit.autopsy.coreutils.DecodeUtil;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
@ -43,11 +42,12 @@ import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.Image;
/**
*
* @author Alex
* Firefox recent activity extraction
*/
public class Firefox extends Extract implements IngestModuleImage {
private static final IngestServices services = IngestServices.getDefault();
private static final String ffquery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String ffcookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed,(creationTime/1000000) as creationTime FROM moz_cookies";
private static final String ff3cookiequery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed FROM moz_cookies";
@ -108,7 +108,7 @@ public class Firefox extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
}
}
@ -151,7 +151,7 @@ public class Firefox extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK));
}
}
@ -211,7 +211,7 @@ public class Firefox extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE));
}
}
@ -259,12 +259,12 @@ public class Firefox extends Extract implements IngestModuleImage {
j++;
dbFile.delete();
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD));
}
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
throw new UnsupportedOperationException("Not supported yet.");
}

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -25,10 +25,11 @@ import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.Image;
/**
@ -39,7 +40,7 @@ public final class RAImageIngestModule implements IngestModuleImage {
private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
private static RAImageIngestModule defaultInstance = null;
private IngestManagerProxy managerProxy;
private static final IngestServices services = IngestServices.getDefault();
private static int messageId = 0;
private ArrayList<String> errors = new ArrayList<String>();
private StringBuilder subCompleted = new StringBuilder();
@ -71,7 +72,7 @@ public final class RAImageIngestModule implements IngestModuleImage {
modules.add(chre);
modules.add(eere);
modules.add(usq);
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Started " + image.getName()));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Started " + image.getName()));
controller.switchToDeterminate(modules.size());
controller.progress(0);
@ -101,7 +102,7 @@ public final class RAImageIngestModule implements IngestModuleImage {
for (String msg : errors) {
i++;
final IngestMessage error = IngestMessage.createMessage(++messageId, MessageType.INFO, this, msg + "<br>");
managerProxy.postMessage(error);
services.postMessage(error);
}
errorsFound = i + " errors found!";
}else
@ -110,7 +111,7 @@ public final class RAImageIngestModule implements IngestModuleImage {
errorsFound = "No errors reported";
}
final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Completed - " + errorsFound, errorMessage.toString());
managerProxy.postMessage(msg);
services.postMessage(msg);
//module specific cleanup due to completion here
}
@ -126,9 +127,8 @@ public final class RAImageIngestModule implements IngestModuleImage {
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
logger.log(Level.INFO, "init() " + this.toString());
this.managerProxy = managerProxy;
this.eere = new ExtractIE();
this.chre = new Chrome();
this.eree = new ExtractRegistry();

10
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
View File

@ -24,11 +24,11 @@ import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.JPanel;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
@ -49,6 +49,8 @@ import org.sleuthkit.datamodel.Image;
*/
public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModuleImage {
private static final IngestServices services = IngestServices.getDefault();
static final String MODULE_NAME = "Search Engine Query Analyzer";
/**
@ -336,7 +338,7 @@ public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModul
logger.log(Level.SEVERE, "Error while add artifact.", e + " from " + fs.toString());
this.addErrorMessage(this.getName() + ": Error while adding artifact");
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent("RecentActivity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY));
services.fireModuleDataEvent(new ModuleDataEvent("RecentActivity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY));
}
@ -368,7 +370,7 @@ public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModul
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
logger.info("running init()");
}

16
thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
View File

@ -33,7 +33,7 @@ import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.tika.exception.TikaException;
import org.apache.tika.metadata.Metadata;
import org.sleuthkit.autopsy.ingest.IngestManagerProxy;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstract.*;
@ -50,6 +50,7 @@ import org.xml.sax.SAXException;
import org.apache.commons.lang.StringEscapeUtils;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.SleuthkitCase;
@ -60,7 +61,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
private static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName());
private static ThunderbirdMboxFileIngestModule instance = null;
private IngestManagerProxy managerProxy;
private static final IngestServices services = IngestServices.getDefault();
private static int messageId = 0;
private static final String classname = "Thunderbird Parser";
private final String hashDBModuleName = "Hash Lookup";
@ -79,7 +80,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
boolean isMbox = false;
IngestModuleAbstractFile.ProcessResult hashDBResult =
managerProxy.getAbstractFileModuleResult(hashDBModuleName);
services.getAbstractFileModuleResult(hashDBModuleName);
if (abstractFile.accept(getIsFileKnown) == true) {
return ProcessResult.OK; //file is known, stop processing it
@ -99,7 +100,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
if (isMbox) {
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + abstractFile.getName()));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Processing " + abstractFile.getName()));
String mboxName = abstractFile.getName();
String msfName = mboxName + ".msf";
Long mboxId = abstractFile.getId();
@ -219,7 +220,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
} catch (TskCoreException ex) {
Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex);
}
IngestManagerProxy.fireModuleDataEvent(new ModuleDataEvent(classname, BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG));
services.fireModuleDataEvent(new ModuleDataEvent(classname, BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG));
}
} catch (FileNotFoundException ex) {
Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex);
@ -238,7 +239,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
@Override
public void complete() {
logger.log(Level.INFO, "complete()");
managerProxy.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "COMPLETE"));
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "COMPLETE"));
//module specific cleanup due completion here
}
@ -254,9 +255,8 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
}
@Override
public void init(IngestManagerProxy managerProxy) {
public void init(IngestModuleInit initContext) {
logger.log(Level.INFO, "init()");
this.managerProxy = managerProxy;
//module specific initialization here
}