mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6643 from markmckinnon/7220-Replace-TSK_IP_DHCP-with-a-custom-type

Browse Source 
7220-Replace-TSK_IP_DHCP-with-a-custom-type
This commit is contained in:
Richard Cordovano 2021-01-21 11:28:04 -05:00 committed by GitHub
commit 727a1dee43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.leappanalyzers; package org.sleuthkit.autopsy.modules.leappanalyzers;
import com.google.common.collect.ImmutableMap;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
@ -130,6 +131,10 @@ public final class LeappFileProcessor {
private final Map<String, String> tsvFileArtifactComments; private final Map<String, String> tsvFileArtifactComments;
private final Map<String, List<TsvColumn>> tsvFileAttributes; private final Map<String, List<TsvColumn>> tsvFileAttributes;
private static final Map<String, String> CUSTOM_ARTIFACT_MAP = ImmutableMap.<String, String>builder()
.put("TSK_IP_DHCP", "DHCP Information")
.build();
Blackboard blkBoard; Blackboard blkBoard;
public LeappFileProcessor(String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException { public LeappFileProcessor(String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException {
@ -142,6 +147,7 @@ public final class LeappFileProcessor {
blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
createCustomArtifacts(blkBoard);
configExtractor(); configExtractor();
loadConfigFile(); loadConfigFile();
@ -307,7 +313,7 @@ public final class LeappFileProcessor {
while (line != null) { while (line != null) {
Collection<BlackboardAttribute> bbattributes = processReadLine(line, columnNumberToProcess, fileName); Collection<BlackboardAttribute> bbattributes = processReadLine(line, columnNumberToProcess, fileName);
if (!bbattributes.isEmpty() && !blkBoard.artifactExists(dataSource, BlackboardArtifact.ARTIFACT_TYPE.fromID(artifactType.getTypeID()), bbattributes)) { if (!bbattributes.isEmpty()) {
BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), dataSource, bbattributes); BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), dataSource, bbattributes);
if (bbartifact != null) { if (bbartifact != null) {
bbartifacts.add(bbartifact); bbartifacts.add(bbartifact);
@ -740,4 +746,23 @@ public final class LeappFileProcessor {
return leappFilesToProcess; return leappFilesToProcess;
} }
/**
* Create custom artifacts that are defined in the xLeapp xml file(s).
*
*/
private void createCustomArtifacts(Blackboard blkBoard) {
for (Map.Entry<String, String> customArtifact : CUSTOM_ARTIFACT_MAP.entrySet()) {
String artifactName = customArtifact.getKey();
String artifactDescription = customArtifact.getValue();
try {
BlackboardArtifact.Type customArtifactType = blkBoard.getOrAddArtifactType(artifactName, artifactDescription);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.WARNING, String.format("Failed to create custom artifact type %s.", artifactName), ex);
}
}
}
} }