From 881d2864e0fa9c060df6f9f9c67ea006e43e12f4 Mon Sep 17 00:00:00 2001 From: Eugene Livis Date: Tue, 13 Jun 2017 17:27:04 -0400 Subject: [PATCH 1/5] Added eception firewall for input directory scanner --- .../autopsy/experimental/autoingest/AutoIngestManager.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java index 79566add62..23778ecaa7 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java @@ -914,7 +914,10 @@ public final class AutoIngestManager extends Observable implements PropertyChang AutoIngestManager.this.pendingJobs = newPendingJobsList; AutoIngestManager.this.completedJobs = newCompletedJobsList; - } catch (IOException ex) { + } catch (Exception ex) { + /* NOTE: Need to catch all exceptions here. Otherwise uncaught exceptions will + propagate up to the calling thread and may stop it from running. + */ SYS_LOGGER.log(Level.SEVERE, String.format("Error scanning the input directory %s", rootInputDirectory), ex); } } From 39eeffa1d1cc403f98aa2b515d19dbdc337ade23 Mon Sep 17 00:00:00 2001 From: Eugene Livis Date: Tue, 13 Jun 2017 17:29:23 -0400 Subject: [PATCH 2/5] Fixed spelling --- .../autopsy/experimental/autoingest/AutoIngestManager.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java index 23778ecaa7..4c1cea69b8 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestManager.java @@ -889,7 +889,7 @@ public final class AutoIngestManager extends Observable implements PropertyChang /** * A FileVisitor that searches the input directories for manifest files. The * search results are used to refresh the pending jobs queue and the - * completed jobs list. Crashed job recovery is perfomed as needed. + * completed jobs list. Crashed job recovery is performed as needed. */ private final class InputDirScanner implements FileVisitor { @@ -916,8 +916,7 @@ public final class AutoIngestManager extends Observable implements PropertyChang } catch (Exception ex) { /* NOTE: Need to catch all exceptions here. Otherwise uncaught exceptions will - propagate up to the calling thread and may stop it from running. - */ + propagate up to the calling thread and may stop it from running.*/ SYS_LOGGER.log(Level.SEVERE, String.format("Error scanning the input directory %s", rootInputDirectory), ex); } } From 5c45fc6bf797c0ebb9b5b0339691ec2c8d4907bb Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Wed, 14 Jun 2017 12:22:05 -0400 Subject: [PATCH 3/5] Change performance guidance for periodic search --- .../org/sleuthkit/autopsy/keywordsearch/Bundle.properties | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties index 99d88938ce..1a14ddf308 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties @@ -236,10 +236,10 @@ KeywordSearchGlobalLanguageSettingsPanel.ingestSettingsLabel.text=Ingest setting KeywordSearchGlobalLanguageSettingsPanel.enableUTF16Checkbox.text=Enable UTF16LE and UTF16BE string extraction KeywordSearchGlobalLanguageSettingsPanel.languagesLabel.text=Enabled scripts (languages): KeywordSearchGlobalSearchSettingsPanel.timeRadioButton1.toolTipText=20 mins. (fastest ingest time) -KeywordSearchGlobalSearchSettingsPanel.timeRadioButton1.text=20 minutes (slowest feedback, fastest ingest) +KeywordSearchGlobalSearchSettingsPanel.timeRadioButton1.text=20 minutes KeywordSearchGlobalSearchSettingsPanel.timeRadioButton2.toolTipText=10 minutes (faster overall ingest time than default) -KeywordSearchGlobalSearchSettingsPanel.timeRadioButton2.text=10 minutes (slower feedback, faster ingest) -KeywordSearchGlobalSearchSettingsPanel.frequencyLabel.text=Results update frequency during ingest: +KeywordSearchGlobalSearchSettingsPanel.timeRadioButton2.text=10 minutes +KeywordSearchGlobalSearchSettingsPanel.frequencyLabel.text=Results update frequency during ingest (we have not seen significant performance differences between 5, 10, or 20 minute intervals): KeywordSearchGlobalSearchSettingsPanel.skipNSRLCheckBox.toolTipText=Requires Hash DB service to had run previously, or be selected for next ingest. KeywordSearchGlobalSearchSettingsPanel.skipNSRLCheckBox.text=Do not add files in NSRL (known files) to keyword index during ingest KeywordSearchGlobalSearchSettingsPanel.informationLabel.text=Information @@ -249,7 +249,7 @@ KeywordSearchGlobalSearchSettingsPanel.filesIndexedLabel.text=Files in keyword i KeywordSearchGlobalSearchSettingsPanel.showSnippetsCB.text=Show Keyword Preview in Keyword Search Results (will result in longer search times) KeywordSearchGlobalSearchSettingsPanel.chunksValLabel.text=0 KeywordSearchGlobalSearchSettingsPanel.timeRadioButton4.toolTipText=1 minute (overall ingest time will be longest) -KeywordSearchGlobalSearchSettingsPanel.timeRadioButton4.text_1=1 minute (faster feedback, longest ingest) +KeywordSearchGlobalSearchSettingsPanel.timeRadioButton4.text_1=1 minute KeywordSearchGlobalSearchSettingsPanel.chunksLabel.text=Chunks in keyword index: KeywordSearchGlobalSearchSettingsPanel.timeRadioButton3.toolTipText=5 minutes (overall ingest time will be longer) KeywordSearchGlobalSearchSettingsPanel.timeRadioButton3.text=5 minutes (default) From 9c09bba6e6ff098c7c78bd1c618c1cde8bad9813 Mon Sep 17 00:00:00 2001 From: esaunders Date: Wed, 14 Jun 2017 13:54:14 -0400 Subject: [PATCH 4/5] Added isEnabled workaround to shutdown() method so that it doesn't attempt to interact with the database if the module is not run. --- .../ingestmodule/IngestModule.java | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/ingestmodule/IngestModule.java b/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/ingestmodule/IngestModule.java index 04ace8dbb3..8a5b74bd46 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/ingestmodule/IngestModule.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/ingestmodule/IngestModule.java @@ -152,6 +152,17 @@ class IngestModule implements FileIngestModule { @Override public void shutDown() { + if (Boolean.parseBoolean(ModuleSettings.getConfigSetting("EnterpriseArtifactManager", "db.enabled")) == false + || EamDb.getInstance().isEnabled() == false) { + /* + * Not signaling an error for now. This is a workaround for the way + * all newly didscovered ingest modules are automatically anabled. + * + * TODO (JIRA-2731): Add isEnabled API for ingest modules. + */ + return; + } + EamDb dbManager = EamDb.getInstance(); try { dbManager.bulkInsertArtifacts(); From 33e9dce9bdb5fb7f55aaf8af198329bc949e3cd1 Mon Sep 17 00:00:00 2001 From: Nick Davis Date: Wed, 14 Jun 2017 14:14:13 -0400 Subject: [PATCH 5/5] fixed sql syntax so it correctly matches the device. --- .../enterpriseartifactmanager/datamodel/AbstractSqlEamDb.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/datamodel/AbstractSqlEamDb.java b/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/datamodel/AbstractSqlEamDb.java index 07e579b43f..ef5dcd34b1 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/datamodel/AbstractSqlEamDb.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/enterpriseartifactmanager/datamodel/AbstractSqlEamDb.java @@ -1005,7 +1005,7 @@ public abstract class AbstractSqlEamDb implements EamDb { sql.append(tableName); sql.append(" (case_id, data_source_id, value, file_path, known_status, comment) "); sql.append("VALUES ((SELECT id FROM cases WHERE case_uid=? LIMIT 1), "); - sql.append("(SELECT id FROM data_sources WHERE name=? LIMIT 1), ?, ?, ?, ?)"); + sql.append("(SELECT id FROM data_sources WHERE device_id=? LIMIT 1), ?, ?, ?, ?)"); bulkPs = conn.prepareStatement(sql.toString()); @@ -1015,7 +1015,7 @@ public abstract class AbstractSqlEamDb implements EamDb { for (EamArtifactInstance eamInstance : eamInstances) { bulkPs.setString(1, eamInstance.getEamCase().getCaseUUID()); - bulkPs.setString(2, eamInstance.getEamDataSource().getName()); + bulkPs.setString(2, eamInstance.getEamDataSource().getDeviceID()); bulkPs.setString(3, eamArtifact.getArtifactValue()); bulkPs.setString(4, eamInstance.getFilePath()); bulkPs.setString(5, eamInstance.getKnownStatus().name());