mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6675 from kellykelly3/cleanup-recent-activity-cancel

Browse Source 
6736 - Add more cancellation to RA
This commit is contained in:
Richard Cordovano 2021-01-27 06:21:16 -05:00 committed by GitHub
commit 79256fd853
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 190 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
View File

@ -32,11 +32,15 @@ import com.google.gson.JsonSyntaxException;
import org.openide.util.NbBundle; import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.*;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.FileReader; import java.io.FileReader;
import java.io.IOException; import java.io.IOException;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.HashMap;
import java.util.ArrayList;
import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.FilenameUtils;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
@ -268,7 +272,7 @@ class Chromium extends Extract {
dbFile.delete(); dbFile.delete();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -410,7 +414,10 @@ class Chromium extends Extract {
this.getName(), bookmarkFile.getName())); this.getName(), bookmarkFile.getName()));
} }
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
}
bbartifacts.clear(); bbartifacts.clear();
dbFile.delete(); dbFile.delete();
} }
@ -506,7 +513,7 @@ class Chromium extends Extract {
dbFile.delete(); dbFile.delete();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -628,7 +635,7 @@ class Chromium extends Extract {
dbFile.delete(); dbFile.delete();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -729,7 +736,7 @@ class Chromium extends Extract {
dbFile.delete(); dbFile.delete();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -807,7 +814,7 @@ class Chromium extends Extract {
dbFile.delete(); dbFile.delete();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DataSourceUsageAnalyzer.java
View File

@ -66,17 +66,27 @@ class DataSourceUsageAnalyzer extends Extract {
this.dataSource = dataSource; this.dataSource = dataSource;
try { try {
progressBar.progress(Bundle.Progress_Message_Analyze_Usage()); progressBar.progress(Bundle.Progress_Message_Analyze_Usage());
createDataSourceUsageArtifacts(); createDataSourceUsageArtifacts(context);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Failed to check if datasource contained a volume with operating system specific files", ex); logger.log(Level.WARNING, "Failed to check if datasource contained a volume with operating system specific files", ex);
} }
} }
private void createDataSourceUsageArtifacts() throws TskCoreException { private void createDataSourceUsageArtifacts(IngestJobContext context) throws TskCoreException {
createOSInfoDataSourceUsageArtifacts(); createOSInfoDataSourceUsageArtifacts();
if (context.dataSourceIngestIsCancelled()) {
return;
}
createAndroidMediaCardArtifacts(); createAndroidMediaCardArtifacts();
if (context.dataSourceIngestIsCancelled()) {
return;
}
createDJIDroneDATArtitifacts(); createDJIDroneDATArtitifacts();
} }

16
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java
View File

@ -148,6 +148,10 @@ final class ExtractEdge extends Extract {
LOG.log(Level.SEVERE, "Error fetching 'WebCacheV01.dat' files for Microsoft Edge", ex); //NON-NLS LOG.log(Level.SEVERE, "Error fetching 'WebCacheV01.dat' files for Microsoft Edge", ex); //NON-NLS
} }
if (context.dataSourceIngestIsCancelled()) {
return;
}
try { try {
spartanFiles = fetchSpartanDBFiles(); // For later use with bookmarks spartanFiles = fetchSpartanDBFiles(); // For later use with bookmarks
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
@ -167,6 +171,10 @@ final class ExtractEdge extends Extract {
return; return;
} }
if (context.dataSourceIngestIsCancelled()) {
return;
}
final String esedumper = getPathForESEDumper(); final String esedumper = getPathForESEDumper();
if (esedumper == null) { if (esedumper == null) {
LOG.log(Level.SEVERE, "Error finding ESEDatabaseViewer program"); //NON-NLS LOG.log(Level.SEVERE, "Error finding ESEDatabaseViewer program"); //NON-NLS
@ -353,7 +361,7 @@ final class ExtractEdge extends Extract {
fileScanner.close(); fileScanner.close();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -399,7 +407,7 @@ final class ExtractEdge extends Extract {
fileScanner.close(); fileScanner.close();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -455,7 +463,7 @@ final class ExtractEdge extends Extract {
fileScanner.close(); fileScanner.close();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -517,9 +525,11 @@ final class ExtractEdge extends Extract {
fileScanner.close(); fileScanner.close();
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
}
/** /**
* Find the location of ESEDatabaseViewer.exe * Find the location of ESEDatabaseViewer.exe

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -98,9 +98,17 @@ class ExtractIE extends Extract {
progressBar.progress(Bundle.Progress_Message_IE_Bookmarks()); progressBar.progress(Bundle.Progress_Message_IE_Bookmarks());
this.getBookmark(); this.getBookmark();
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_IE_Cookies()); progressBar.progress(Bundle.Progress_Message_IE_Cookies());
this.getCookie(); this.getCookie();
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_IE_History()); progressBar.progress(Bundle.Progress_Message_IE_History());
this.getHistory(); this.getHistory();
} }
@ -166,8 +174,10 @@ class ExtractIE extends Extract {
} }
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
private String getURLFromIEBookmarkFile(AbstractFile fav) { private String getURLFromIEBookmarkFile(AbstractFile fav) {
BufferedReader reader = new BufferedReader(new InputStreamReader(new ReadContentInputStream(fav))); BufferedReader reader = new BufferedReader(new InputStreamReader(new ReadContentInputStream(fav)));
@ -276,8 +286,10 @@ class ExtractIE extends Extract {
} }
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Locates index.dat files, runs Pasco on them, and creates artifacts. * Locates index.dat files, runs Pasco on them, and creates artifacts.
@ -376,8 +388,10 @@ class ExtractIE extends Extract {
} }
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Execute pasco on a single file that has been saved to disk. * Execute pasco on a single file that has been saved to disk.

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractOs.java
View File

@ -71,6 +71,10 @@ class ExtractOs extends Extract {
try { try {
progressBar.progress(Bundle.ExtractOS_progressMessage()); progressBar.progress(Bundle.ExtractOS_progressMessage());
for (OS_TYPE value : OS_TYPE.values()) { for (OS_TYPE value : OS_TYPE.values()) {
if (context.dataSourceIngestIsCancelled()) {
return;
}
checkForOSFiles(value); checkForOSFiles(value);
} }
} catch (TskCoreException ex) { } catch (TskCoreException ex) {

9
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java
View File

@ -36,7 +36,6 @@ import java.util.logging.Level;
import org.openide.modules.InstalledFileLocator; import org.openide.modules.InstalledFileLocator;
import org.openide.util.NbBundle.Messages; import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.ExecUtil; import org.sleuthkit.autopsy.coreutils.ExecUtil;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
@ -306,12 +305,8 @@ final class ExtractPrefetch extends Extract {
logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS
} }
if (!blkBrdArtList.isEmpty()) { if (!blkBrdArtList.isEmpty() && !context.dataSourceIngestIsCancelled()) {
try { postArtifacts(blkBrdArtList);
blackboard.postArtifacts(blkBrdArtList, MODULE_NAME);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
}
} }
} }

1
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRecycleBin.java
View File

@ -58,7 +58,6 @@ import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.TskDataException;
/** /**
* This module is based on the RecycleBin python module from Mark McKinnon. * This module is based on the RecycleBin python module from Mark McKinnon.

38
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -292,6 +292,10 @@ class ExtractRegistry extends Extract {
} }
for (AbstractFile regFile : allRegistryFiles) { for (AbstractFile regFile : allRegistryFiles) {
if (context.dataSourceIngestIsCancelled()) {
return;
}
String regFileName = regFile.getName(); String regFileName = regFile.getName();
long regFileId = regFile.getId(); long regFileId = regFile.getId();
String regFileNameLocal = RAImageIngestModule.getRATempPath(currentCase, "reg") + File.separator + regFileName; String regFileNameLocal = RAImageIngestModule.getRATempPath(currentCase, "reg") + File.separator + regFileName;
@ -340,6 +344,10 @@ class ExtractRegistry extends Extract {
this.getName(), regFileName)); this.getName(), regFileName));
} }
if (context.dataSourceIngestIsCancelled()) {
return;
}
// create a report for the full output // create a report for the full output
if (!regOutputFiles.fullPlugins.isEmpty()) { if (!regOutputFiles.fullPlugins.isEmpty()) {
//parse the full regripper output from SAM hive files //parse the full regripper output from SAM hive files
@ -360,6 +368,11 @@ class ExtractRegistry extends Extract {
NbBundle.getMessage(this.getClass(), "ExtractRegistry.analyzeRegFiles.failedParsingResults", NbBundle.getMessage(this.getClass(), "ExtractRegistry.analyzeRegFiles.failedParsingResults",
this.getName(), regFileName)); this.getName(), regFileName));
} }
if (context.dataSourceIngestIsCancelled()) {
return;
}
try { try {
Report report = currentCase.addReport(regOutputFiles.fullPlugins, Report report = currentCase.addReport(regOutputFiles.fullPlugins,
NbBundle.getMessage(this.getClass(), "ExtractRegistry.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "ExtractRegistry.parentModuleName.noSpace"),
@ -949,8 +962,10 @@ class ExtractRegistry extends Extract {
} catch (IOException ex) { } catch (IOException ex) {
} }
if (!context.dataSourceIngestIsCancelled()) {
postArtifacts(newArtifacts); postArtifacts(newArtifacts);
} }
}
return false; return false;
} }
@ -1031,7 +1046,8 @@ class ExtractRegistry extends Extract {
} }
} }
} }
if (!bbartifacts.isEmpty()) {
if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1144,8 +1160,10 @@ class ExtractRegistry extends Extract {
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error updating TSK_OS_ACCOUNT artifacts to include newly parsed data.", ex); //NON-NLS logger.log(Level.WARNING, "Error updating TSK_OS_ACCOUNT artifacts to include newly parsed data.", ex); //NON-NLS
} finally { } finally {
if (!context.dataSourceIngestIsCancelled()) {
postArtifacts(newArtifacts); postArtifacts(newArtifacts);
} }
}
return false; return false;
} }
@ -1448,7 +1466,7 @@ class ExtractRegistry extends Extract {
} }
line = reader.readLine(); line = reader.readLine();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1517,7 +1535,7 @@ class ExtractRegistry extends Extract {
line = line.trim(); line = line.trim();
} }
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1568,7 +1586,7 @@ class ExtractRegistry extends Extract {
line = line.trim(); line = line.trim();
} }
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty()&& !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1616,7 +1634,7 @@ class ExtractRegistry extends Extract {
line = line.trim(); line = line.trim();
} }
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1665,7 +1683,7 @@ class ExtractRegistry extends Extract {
line = line.trim(); line = line.trim();
} }
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1706,7 +1724,7 @@ class ExtractRegistry extends Extract {
line = line.trim(); line = line.trim();
} }
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1755,7 +1773,7 @@ class ExtractRegistry extends Extract {
line = reader.readLine(); line = reader.readLine();
line = line.trim(); line = line.trim();
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1818,7 +1836,7 @@ class ExtractRegistry extends Extract {
line = line.trim(); line = line.trim();
} }
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty() && !context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
@ -1950,9 +1968,11 @@ class ExtractRegistry extends Extract {
artifacts.add(artifact); artifacts.add(artifact);
} }
} finally { } finally {
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(artifacts); postArtifacts(artifacts);
} }
} }
}
/** /**
* Returns the custom Shellbag artifact type or creates it if it does not * Returns the custom Shellbag artifact type or creates it if it does not

22
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSafari.java
View File

@ -46,7 +46,6 @@ import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress; import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.autopsy.recentactivity.BinaryCookieReader.Cookie; import org.sleuthkit.autopsy.recentactivity.BinaryCookieReader.Cookie;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
@ -125,6 +124,10 @@ final class ExtractSafari extends Extract {
LOG.log(Level.SEVERE, "Exception thrown while processing history file.", ex); //NON-NLS LOG.log(Level.SEVERE, "Exception thrown while processing history file.", ex); //NON-NLS
} }
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Safari_Bookmarks()); progressBar.progress(Bundle.Progress_Message_Safari_Bookmarks());
try { try {
processBookmarkPList(dataSource, context); processBookmarkPList(dataSource, context);
@ -133,6 +136,10 @@ final class ExtractSafari extends Extract {
LOG.log(Level.SEVERE, "Exception thrown while parsing Safari Bookmarks file.", ex); //NON-NLS LOG.log(Level.SEVERE, "Exception thrown while parsing Safari Bookmarks file.", ex); //NON-NLS
} }
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Safari_Downloads()); progressBar.progress(Bundle.Progress_Message_Safari_Downloads());
try { try {
processDownloadsPList(dataSource, context); processDownloadsPList(dataSource, context);
@ -141,6 +148,10 @@ final class ExtractSafari extends Extract {
LOG.log(Level.SEVERE, "Exception thrown while parsing Safari Download.plist file.", ex); //NON-NLS LOG.log(Level.SEVERE, "Exception thrown while parsing Safari Download.plist file.", ex); //NON-NLS
} }
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Safari_Cookies()); progressBar.progress(Bundle.Progress_Message_Safari_Cookies());
try { try {
processBinaryCookieFile(dataSource, context); processBinaryCookieFile(dataSource, context);
@ -292,7 +303,9 @@ final class ExtractSafari extends Extract {
} }
try { try {
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(getHistoryArtifacts(historyFile, tempHistoryFile.toPath(), context)); postArtifacts(getHistoryArtifacts(historyFile, tempHistoryFile.toPath(), context));
}
} finally { } finally {
tempHistoryFile.delete(); tempHistoryFile.delete();
} }
@ -319,7 +332,9 @@ final class ExtractSafari extends Extract {
File tempFile = createTemporaryFile(context, file); File tempFile = createTemporaryFile(context, file);
try { try {
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(getBookmarkArtifacts(file, tempFile, context)); postArtifacts(getBookmarkArtifacts(file, tempFile, context));
}
} finally { } finally {
tempFile.delete(); tempFile.delete();
} }
@ -347,8 +362,9 @@ final class ExtractSafari extends Extract {
File tempFile = createTemporaryFile(context, file); File tempFile = createTemporaryFile(context, file);
try { try {
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(getDownloadArtifacts(dataSource, file, tempFile)); postArtifacts(getDownloadArtifacts(dataSource, file, tempFile));
}
} finally { } finally {
if (tempFile != null) { if (tempFile != null) {
tempFile.delete(); tempFile.delete();
@ -376,7 +392,9 @@ final class ExtractSafari extends Extract {
try { try {
tempFile = createTemporaryFile(context, file); tempFile = createTemporaryFile(context, file);
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(getCookieArtifacts(file, tempFile, context)); postArtifacts(getCookieArtifacts(file, tempFile, context));
}
} finally { } finally {
if (tempFile != null) { if (tempFile != null) {

13
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractSru.java
View File

@ -386,10 +386,8 @@ final class ExtractSru extends Extract {
logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS
} }
try { if(!context.dataSourceIngestIsCancelled()) {
blackboard.postArtifacts(bba, MODULE_NAME); postArtifacts(bba);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
} }
} }
@ -445,11 +443,10 @@ final class ExtractSru extends Extract {
logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS
} }
try { if(!context.dataSourceIngestIsCancelled()) {
blackboard.postArtifacts(bba, MODULE_NAME); postArtifacts(bba);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
} }
} }
/** /**

7
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractWebAccountType.java
View File

@ -272,6 +272,7 @@ class ExtractWebAccountType extends Extract {
} }
try { try {
List<BlackboardArtifact> artifactList = new ArrayList<>();
for (RoleKey key : roles.keySet()) { for (RoleKey key : roles.keySet()) {
if (context.dataSourceIngestIsCancelled()) { if (context.dataSourceIngestIsCancelled()) {
return; return;
@ -297,7 +298,11 @@ class ExtractWebAccountType extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractWebAccountType.parentModuleName"), role.getUrl())); "ExtractWebAccountType.parentModuleName"), role.getUrl()));
postArtifact(createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_ACCOUNT_TYPE, file, bbattributes)); artifactList.add(createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_ACCOUNT_TYPE, file, bbattributes));
}
if (!context.dataSourceIngestIsCancelled()) {
postArtifacts(artifactList);
} }
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error creating web accounts", ex); logger.log(Level.SEVERE, "Error creating web accounts", ex);

2
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractZoneIdentifier.java
View File

@ -109,9 +109,11 @@ final class ExtractZoneIdentifier extends Extract {
} }
} }
if (!context.dataSourceIngestIsCancelled()) {
postArtifacts(associatedObjectArtifacts); postArtifacts(associatedObjectArtifacts);
postArtifacts(downloadArtifacts); postArtifacts(downloadArtifacts);
} }
}
/** /**
* Process a single Zone Identifier file. * Process a single Zone Identifier file.

36
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -112,18 +112,38 @@ class Firefox extends Extract {
progressBar.progress(Bundle.Progress_Message_Firefox_History()); progressBar.progress(Bundle.Progress_Message_Firefox_History());
this.getHistory(); this.getHistory();
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Firefox_Bookmarks()); progressBar.progress(Bundle.Progress_Message_Firefox_Bookmarks());
this.getBookmark(); this.getBookmark();
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Firefox_Downloads()); progressBar.progress(Bundle.Progress_Message_Firefox_Downloads());
this.getDownload(); this.getDownload();
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Firefox_Cookies()); progressBar.progress(Bundle.Progress_Message_Firefox_Cookies());
this.getCookie(); this.getCookie();
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Firefox_FormHistory()); progressBar.progress(Bundle.Progress_Message_Firefox_FormHistory());
this.getFormsHistory(); this.getFormsHistory();
if (context.dataSourceIngestIsCancelled()) {
return;
}
progressBar.progress(Bundle.Progress_Message_Firefox_AutoFill()); progressBar.progress(Bundle.Progress_Message_Firefox_AutoFill());
this.getAutofillProfiles(); this.getAutofillProfiles();
} }
@ -225,8 +245,10 @@ class Firefox extends Extract {
dbFile.delete(); dbFile.delete();
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Queries for bookmark files and adds artifacts * Queries for bookmark files and adds artifacts
@ -319,8 +341,10 @@ class Firefox extends Extract {
dbFile.delete(); dbFile.delete();
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Queries for cookies file and adds artifacts * Queries for cookies file and adds artifacts
@ -346,6 +370,10 @@ class Firefox extends Extract {
Collection<BlackboardArtifact> bbartifacts = new ArrayList<>(); Collection<BlackboardArtifact> bbartifacts = new ArrayList<>();
int j = 0; int j = 0;
for (AbstractFile cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
if (context.dataSourceIngestIsCancelled()) {
return;
}
if (cookiesFile.getSize() == 0) { if (cookiesFile.getSize() == 0) {
continue; continue;
} }
@ -429,8 +457,10 @@ class Firefox extends Extract {
dbFile.delete(); dbFile.delete();
} }
if (!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Queries for downloads files and adds artifacts * Queries for downloads files and adds artifacts
@ -576,8 +606,10 @@ class Firefox extends Extract {
break; break;
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Gets download artifacts from Firefox data from version 24. * Gets download artifacts from Firefox data from version 24.
@ -714,8 +746,10 @@ class Firefox extends Extract {
break; break;
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Gets data from formshistory.sqlite database. * Gets data from formshistory.sqlite database.
@ -832,8 +866,10 @@ class Firefox extends Extract {
dbFile.delete(); dbFile.delete();
} }
if(!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**

4
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -48,9 +48,9 @@ public final class RAImageIngestModule implements DataSourceIngestModule {
private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName()); private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
private final List<Extract> extractors = new ArrayList<>(); private final List<Extract> extractors = new ArrayList<>();
private final List<Extract> browserExtractors = new ArrayList<>(); private final List<Extract> browserExtractors = new ArrayList<>();
private IngestServices services = IngestServices.getInstance(); private final IngestServices services = IngestServices.getInstance();
private IngestJobContext context; private IngestJobContext context;
private StringBuilder subCompleted = new StringBuilder(); private final StringBuilder subCompleted = new StringBuilder();
RAImageIngestModule() { RAImageIngestModule() {
} }

7
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RecentDocumentsByLnk.java
View File

@ -41,9 +41,12 @@ import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.ReadContentInputStream;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT; import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT; import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT;
import org.sleuthkit.datamodel.TskData;
/** /**
* Recent documents class that will extract recent documents in the form of .lnk * Recent documents class that will extract recent documents in the form of .lnk
@ -133,8 +136,10 @@ class RecentDocumentsByLnk extends Extract {
} }
} }
if (!context.dataSourceIngestIsCancelled()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
}
/** /**
* Create associated artifacts using file name and path and the artifact it associates with * Create associated artifacts using file name and path and the artifact it associates with