domain categorization artifacts

2025-07-17 18:17:43 +00:00 · 2021-03-29 15:40:57 -04:00 · 2021-03-29 15:40:57 -04:00 · 6802deefe3
commit 6802deefe3
parent 7428b06bcc
1 changed files with 16 additions and 3 deletions
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DomainCategoryRunner.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DomainCategoryRunner.java
@ -32,6 +32,7 @@ import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import org.apache.commons.lang.StringUtils;
 import org.openide.util.Lookup;
 import org.openide.util.NbBundle.Messages;
@ -86,6 +87,17 @@ class DomainCategoryRunner extends Extract {
    // NOTE: if CustomWebCategorizer ever changes name, this will need to be changed as well.
    private static final String CUSTOM_CATEGORIZER_PATH = "org.sleuthkit.autopsy.url.analytics.domaincategorization.CustomWebCategorizer";

+    // the artifact types to be searched for domain categories
+    private static final List<BlackboardArtifact.Type> DOMAIN_CATEGORIZATION_TYPES = Stream.of(
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY)
+            .map(BlackboardArtifact.Type::new)
+            .collect(Collectors.toList());
+
    /**
     * Get seconds from epoch from the mapping for the attribute type id.
     *
@ -355,7 +367,7 @@ class DomainCategoryRunner extends Extract {
        Set<String> hostSuffixesSeen = new HashSet<>();
        try {
            List<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getBlackboard().getArtifacts(
-                    Arrays.asList(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_HISTORY)),
+                    DOMAIN_CATEGORIZATION_TYPES,
                    Arrays.asList(dataSource.getId()));

            logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS
@ -364,7 +376,8 @@ class DomainCategoryRunner extends Extract {
            for (BlackboardArtifact artifact : listArtifacts) {
                // make sure we haven't cancelled
                if (context.dataSourceIngestIsCancelled()) {
-                    break;       //User cancelled the process.
+                    //User cancelled the process.
+                    break;
                }

                // get the pertinent details for this artifact.