7673 Add ingest job IDs to artifact posts

2025-07-12 16:06:15 +00:00 · 2021-10-21 15:44:07 -04:00 · 2021-10-21 15:44:07 -04:00 · 4f8e42df43
commit 4f8e42df43
parent 84fa20b8e3
4 changed files with 128 additions and 133 deletions
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties
@ -35,7 +35,7 @@ ExtractIE.getHistory.errMsg.errProcHist={0}: Error processing Internet Explorer
 ExtractIE.parsePascoOutput.errMsg.notFound={0}: Pasco output not found: {1}
 ExtractIE.parsePascoOutput.errMsg.errParsing={0}: Error parsing IE history entry {1}
 ExtractIE.parsePascoOutput.errMsg.errParsingEntry={0}: Error parsing Internet Explorer History entry.
-ExtractRegistry.moduleName.text=Registry
+ExtractRegistry.moduleName.text=Registry Analyzer
 ExtractRegistry.findRegFiles.errMsg.errReadingFile=Error fetching registry file: {0}
 ExtractRegistry.analyzeRegFiles.errMsg.errWritingTemp={0}: Error analyzing registry file {1}
 ExtractRegistry.analyzeRegFiles.failedParsingResults={0}: Failed parsing registry file results {1}
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
@ -9,7 +9,6 @@ ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries
 DataSourceUsage_AndroidMedia=Android Media Card
 DataSourceUsage_DJU_Drone_DAT=DJI Internal SD Card
 DataSourceUsage_FlashDrive=Flash Drive
-# {0} - OS name
 DataSourceUsageAnalyzer.customVolume.label=OS Drive ({0})
 DataSourceUsageAnalyzer.displayName=Data Source Usage Analyzer
 DataSourceUsageAnalyzer.parentModuleName=Recent Activity
@ -56,10 +55,9 @@ ExtractOs.windowsVolume.label=OS Drive (Windows)
 ExtractOs.yellowDogLinuxOs.label=Linux (Yellow Dog)
 ExtractOs.yellowDogLinuxVolume.label=OS Drive (Linux Yellow Dog)
 ExtractOS_progressMessage=Checking for OS
-# {0} - sub module name
 ExtractPrefetch_errMsg_prefetchParsingFailed={0}: Error analyzing prefetch files
 ExtractPrefetch_module_name=Windows Prefetch Extractor
-ExtractRecycleBin_module_name=Recycle Bin
+ExtractRecycleBin_module_name=Recycle Bin Analyzer
 ExtractRecycleBin_Recyle_Bin_Display_Name=Recycle Bin
 ExtractSafari_Error_Getting_History=An error occurred while processing Safari history files.
 ExtractSafari_Error_Parsing_Bookmark=An error occured while processing Safari Bookmark files
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRecycleBin.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRecycleBin.java
@ -2,7 +2,7 @@
 *
 * Autopsy Forensic Browser
 *
- * Copyright 2019 Basis Technology Corp.
+ * Copyright 2019-2021 Basis Technology Corp.
 *
 * Copyright 2012 42six Solutions.
 * Contact: aebadirad <at> 42six <dot> com
@ -79,7 +79,7 @@ final class ExtractRecycleBin extends Extract {
    private static final int V2_FILE_NAME_OFFSET = 28;

    @Messages({
-        "ExtractRecycleBin_module_name=Recycle Bin"
+        "ExtractRecycleBin_module_name=Recycle Bin Analyzer"
    })
    ExtractRecycleBin(IngestJobContext context) {
        super(Bundle.ExtractRecycleBin_module_name(), context);
@ -136,10 +136,10 @@ final class ExtractRecycleBin extends Extract {
            return;  // No need to continue
        }

-        String tempRARecycleBinPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), "recyclebin", getIngestJobContext().getJobId()); //NON-NLS
+        IngestJobContext context = getIngestJobContext();
+        String tempRARecycleBinPath = RAImageIngestModule.getRATempPath(Case.getCurrentCase(), "recyclebin", context.getJobId()); //NON-NLS

        // cycle through the $I files and process each. 
-        IngestJobContext context = getIngestJobContext();
        for (AbstractFile iFile : iFiles) {

            if (context.dataSourceIngestIsCancelled()) {
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@ -61,7 +61,6 @@ import java.util.AbstractMap;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
@ -92,7 +91,6 @@ import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAM
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HOME_DIR;
 import org.sleuthkit.datamodel.Content;
-import org.sleuthkit.datamodel.DataArtifact;
 import org.sleuthkit.datamodel.DataSource;
 import org.sleuthkit.datamodel.Host;
 import org.sleuthkit.datamodel.HostManager;
@ -197,7 +195,7 @@ class ExtractRegistry extends Extract {
    }

    ExtractRegistry(IngestJobContext context) throws IngestModuleException {
-        super(NbBundle.getMessage(ExtractIE.class, "ExtractRegistry.moduleName.text"), context);
+        super(NbBundle.getMessage(ExtractRegistry.class, "ExtractRegistry.moduleName.text"), context);

        final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); //NON-NLS
        if (rrRoot == null) {
@ -298,6 +296,7 @@ class ExtractRegistry extends Extract {
    /**
     * Identifies registry files in the database by mtimeItem, runs regripper on
     * them, and parses the output.
+     *
     * @param ingestJobId The ingest job id.
     */
    private void analyzeRegistryFiles(long ingestJobId) {
@ -531,6 +530,7 @@ class ExtractRegistry extends Extract {
     * @return
     */
    private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFile) {
+        IngestJobContext context = getIngestJobContext();
        FileInputStream fstream = null;
        List<BlackboardArtifact> newArtifacts = new ArrayList<>();
        try {
@ -556,7 +556,7 @@ class ExtractRegistry extends Extract {
            int len = children.getLength();
            for (int i = 0; i < len; i++) {

-                if (getIngestJobContext().dataSourceIngestIsCancelled()) {
+                if (context.dataSourceIngestIsCancelled()) {
                    return false;
                }

@ -943,7 +943,7 @@ class ExtractRegistry extends Extract {
            } catch (IOException ex) {
            }

-            if (!getIngestJobContext().dataSourceIngestIsCancelled()) {
+            if (!context.dataSourceIngestIsCancelled()) {
                postArtifacts(newArtifacts);
            }
        }
@ -1139,8 +1139,7 @@ class ExtractRegistry extends Extract {
            logger.log(Level.WARNING, "Error updating TSK_OS_ACCOUNT artifacts to include newly parsed data.", ex); //NON-NLS
        } catch (OsAccountManager.NotUserSIDException ex) {
            logger.log(Level.WARNING, "Error creating OS Account, input SID is not a user SID.", ex); //NON-NLS
-        } 
-        finally {
+        } finally {
            if (!getIngestJobContext().dataSourceIngestIsCancelled()) {
                postArtifacts(newArtifacts);
            }
@ -1720,8 +1719,8 @@ class ExtractRegistry extends Extract {
    }

    /**
-     * Create a map of userids to usernames for all OS Accounts associated with the current 
-     * host in OsAccountManager.
+     * Create a map of userids to usernames for all OS Accounts associated with
+     * the current host in OsAccountManager.
     *
     * @param dataSource
     *
@ -1747,15 +1746,13 @@ class ExtractRegistry extends Extract {
     * Strip the machine sid off of the osAccountSID. The returned string will
     * include everything in the osAccountSID up to the last -.
     *
-     * There must be at least three dashes in the SID for it to be useful.
-     * The sid is of a format S-R-X-Y1 where Y1 is the domain identifier which
-     * may contain multiple dashes. Everything after the final dash is the
-     * relative identifier. For example
-     * S-1-5-21-1004336348-1177238915-682003330-512
+     * There must be at least three dashes in the SID for it to be useful. The
+     * sid is of a format S-R-X-Y1 where Y1 is the domain identifier which may
+     * contain multiple dashes. Everything after the final dash is the relative
+     * identifier. For example S-1-5-21-1004336348-1177238915-682003330-512
     *
     * In this example the domain identifier is
-     * 21-1004336348-1177238915-682003330
-     * The relative identifier is 512.
+     * 21-1004336348-1177238915-682003330 The relative identifier is 512.
     *
     * In other words everything between the third and last dash is the domain
     * identifier.
@ -2244,7 +2241,6 @@ class ExtractRegistry extends Extract {
        // update other standard attributes  -  fullname, creationdate
        accountMgr.updateStandardOsAccountAttributes(osAccount, fullName, null, null, creationTime);

-        
    }

    /**
@ -2318,12 +2314,13 @@ class ExtractRegistry extends Extract {
    }

    /**
-     * Adds an account instance for the given data source if one does not already
-     * exist.
+     * Adds an account instance for the given data source if one does not
+     * already exist.
     *
     * @param accountMgr
     * @param osAccount
     * @param dataSource
+     *
     * @throws TskCoreException
     */
    private void addAccountInstance(OsAccountManager accountMgr, OsAccount osAccount, DataSource dataSource) throws TskCoreException {
@ -2343,8 +2340,8 @@ class ExtractRegistry extends Extract {
    }

    /**
-     * Returns true if the domain id of the os account sid is in the list
-     * of domain ids seen when parsing the sam file.
+     * Returns true if the domain id of the os account sid is in the list of
+     * domain ids seen when parsing the sam file.
     *
     * @param osAccountSID
     *