mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

domain categorization artifacts

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-03-29 15:40:57 -04:00
parent 7428b06bcc
commit 6802deefe3
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DomainCategoryRunner.java
View File

@ -32,6 +32,7 @@ import java.util.Set;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.openide.util.Lookup; import org.openide.util.Lookup;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
@ -86,6 +87,17 @@ class DomainCategoryRunner extends Extract {
// NOTE: if CustomWebCategorizer ever changes name, this will need to be changed as well. // NOTE: if CustomWebCategorizer ever changes name, this will need to be changed as well.
private static final String CUSTOM_CATEGORIZER_PATH = "org.sleuthkit.autopsy.url.analytics.domaincategorization.CustomWebCategorizer"; private static final String CUSTOM_CATEGORIZER_PATH = "org.sleuthkit.autopsy.url.analytics.domaincategorization.CustomWebCategorizer";
// the artifact types to be searched for domain categories
private static final List<BlackboardArtifact.Type> DOMAIN_CATEGORIZATION_TYPES = Stream.of(
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK,
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE,
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE,
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD,
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY,
BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY)
.map(BlackboardArtifact.Type::new)
.collect(Collectors.toList());
/** /**
* Get seconds from epoch from the mapping for the attribute type id. * Get seconds from epoch from the mapping for the attribute type id.
* *
@ -168,7 +180,7 @@ class DomainCategoryRunner extends Extract {
* Main constructor. * Main constructor.
*/ */
DomainCategoryRunner() { DomainCategoryRunner() {
} }
/** /**
@ -355,7 +367,7 @@ class DomainCategoryRunner extends Extract {
Set<String> hostSuffixesSeen = new HashSet<>(); Set<String> hostSuffixesSeen = new HashSet<>();
try { try {
List<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getBlackboard().getArtifacts( List<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getBlackboard().getArtifacts(
Arrays.asList(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_HISTORY)), DOMAIN_CATEGORIZATION_TYPES,
Arrays.asList(dataSource.getId())); Arrays.asList(dataSource.getId()));
logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS
@ -364,7 +376,8 @@ class DomainCategoryRunner extends Extract {
for (BlackboardArtifact artifact : listArtifacts) { for (BlackboardArtifact artifact : listArtifacts) {
// make sure we haven't cancelled // make sure we haven't cancelled
if (context.dataSourceIngestIsCancelled()) { if (context.dataSourceIngestIsCancelled()) {
break; //User cancelled the process. //User cancelled the process.
break;
} }
// get the pertinent details for this artifact. // get the pertinent details for this artifact.