mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
updates to sample code
This commit is contained in:
Greg DiCristofaro
parent
48ec3d7aa7
commit
8279df1a3b
@ -40,7 +40,7 @@ from java.lang import Class
|
||||
from java.lang import System
|
||||
from java.sql import DriverManager, SQLException
|
||||
from java.util.logging import Level
|
||||
from java.util import ArrayList
|
||||
from java.util import Arrays
|
||||
from java.io import File
|
||||
from org.sleuthkit.datamodel import SleuthkitCase
|
||||
from org.sleuthkit.datamodel import AbstractFile
|
||||
@ -162,30 +162,21 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
||||
|
||||
|
||||
# Make an artifact on the blackboard, TSK_CONTACT and give it attributes for each of the fields
|
||||
art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
||||
attributes = ArrayList()
|
||||
art = file.newDataArtifact(BlackboardArtifact.Type.TSK_CONTACT, Arrays.asList(
|
||||
BlackboardAttribute(BlackboardAttribute.Type.TSK_NAME_PERSON,
|
||||
ContactsDbIngestModuleFactory.moduleName, name),
|
||||
BlackboardAttribute(BlackboardAttribute.Type.TSK_EMAIL,
|
||||
ContactsDbIngestModuleFactory.moduleName, email),
|
||||
BlackboardAttribute(BlackboardAttribute.Type.TSK_PHONE_NUMBER,
|
||||
ContactsDbIngestModuleFactory.moduleName, phone)
|
||||
))
|
||||
|
||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID(),
|
||||
ContactsDbIngestModuleFactory.moduleName, name))
|
||||
|
||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(),
|
||||
ContactsDbIngestModuleFactory.moduleName, email))
|
||||
|
||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),
|
||||
ContactsDbIngestModuleFactory.moduleName, phone))
|
||||
|
||||
art.addAttributes(attributes)
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard.indexArtifact(art)
|
||||
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName)
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
# Fire an event to notify the UI and others that there are new artifacts
|
||||
IngestServices.getInstance().fireModuleDataEvent(
|
||||
ModuleDataEvent(ContactsDbIngestModuleFactory.moduleName,
|
||||
BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT, None))
|
||||
|
||||
|
||||
# Clean up
|
||||
stmt.close()
|
||||
dbConn.close()
|
||||
|
||||
@ -57,6 +57,8 @@ from org.sleuthkit.autopsy.casemodule import Case
|
||||
from org.sleuthkit.autopsy.casemodule.services import Services
|
||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||
from org.sleuthkit.datamodel import Score
|
||||
from java.util import Arrays
|
||||
|
||||
# Factory that defines the name and details of the module and allows Autopsy
|
||||
# to create instances of the modules that will do the anlaysis.
|
||||
@ -120,22 +122,19 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
|
||||
|
||||
# Make an artifact on the blackboard. TSK_INTERESTING_FILE_HIT is a generic type of
|
||||
# artifact. Refer to the developer docs for other examples.
|
||||
art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
|
||||
att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(),
|
||||
FindBigRoundFilesIngestModuleFactory.moduleName, "Big and Round Files")
|
||||
art.addAttribute(att)
|
||||
art = file.newAnalysisResult(BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
|
||||
None, "Big and Round Files", None,
|
||||
Arrays.asList(
|
||||
BlackboardAttribute(BlackboardAttribute.Type.TSK_SET_NAME,
|
||||
FindBigRoundFilesIngestModuleFactory.moduleName,
|
||||
"Big and Round Files"))).getAnalysisResult()
|
||||
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard.indexArtifact(art)
|
||||
# post the artifact for listeners of artifact events
|
||||
blackboard.postArtifact(art)
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
# Fire an event to notify the UI and others that there is a new artifact
|
||||
IngestServices.getInstance().fireModuleDataEvent(
|
||||
ModuleDataEvent(FindBigRoundFilesIngestModuleFactory.moduleName,
|
||||
BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, None))
|
||||
|
||||
return IngestModule.ProcessResult.OK
|
||||
|
||||
# Where any shutdown code is run and resources are freed.
|
||||
|
||||
@ -45,7 +45,7 @@ from java.lang import Class
|
||||
from java.lang import System
|
||||
from java.sql import DriverManager, SQLException
|
||||
from java.util.logging import Level
|
||||
from java.util import ArrayList
|
||||
from java.util import Arrays
|
||||
from org.sleuthkit.datamodel import SleuthkitCase
|
||||
from org.sleuthkit.datamodel import AbstractFile
|
||||
from org.sleuthkit.datamodel import ReadContentInputStream
|
||||
@ -171,11 +171,12 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
|
||||
|
||||
# Setup Artifact and Attributes
|
||||
try:
|
||||
artID = skCase.addArtifactType( "TSK_REGISTRY_RUN_KEYS", "Registry Run Keys")
|
||||
skCase.addBlackboardArtifactType("TSK_REGISTRY_RUN_KEYS", "Registry Run Keys",
|
||||
BlackboardArtifact.Category.DATA_ARTIFACT)
|
||||
except:
|
||||
self.log(Level.INFO, "Artifacts Creation Error, some artifacts may not exist now. ==> ")
|
||||
|
||||
artId = skCase.getArtifactTypeID("TSK_REGISTRY_RUN_KEYS")
|
||||
artType = skCase.getArtifactType("TSK_REGISTRY_RUN_KEYS")
|
||||
|
||||
try:
|
||||
attributeIdRunKeyName = skCase.addArtifactAttributeType("TSK_REG_RUN_KEY_NAME", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Run Key Name")
|
||||
@ -198,17 +199,15 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
|
||||
|
||||
# RefistryKeysFound is a list that contains a list with the following records abstractFile, Registry Key Location, Key Name, Key value
|
||||
for registryKey in self.registryKeysFound:
|
||||
attributes = ArrayList()
|
||||
art = registryKey[0].newArtifact(artId)
|
||||
|
||||
attributes.add(BlackboardAttribute(attributeIdRegKeyLoc, moduleName, registryKey[1]))
|
||||
attributes.add(BlackboardAttribute(attributeIdRunKeyName, moduleName, registryKey[2]))
|
||||
attributes.add(BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3]))
|
||||
art.addAttributes(attributes)
|
||||
art = registryKey[0].newDataArtifact(artType, Arrays.asList(
|
||||
BlackboardAttribute(attributeIdRegKeyLoc, moduleName, registryKey[1]),
|
||||
BlackboardAttribute(attributeIdRunKeyName, moduleName, registryKey[2]),
|
||||
BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3])
|
||||
))
|
||||
|
||||
# index the artifact for keyword search
|
||||
# post the artifact for listeners of artifact events
|
||||
try:
|
||||
blackboard.indexArtifact(art)
|
||||
skCase.getBlackboard().postArtifact(art)
|
||||
except:
|
||||
self._logger.log(Level.WARNING, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
@ -278,7 +277,7 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
|
||||
return currentKey
|
||||
except:
|
||||
# Key not found
|
||||
return null
|
||||
return None
|
||||
|
||||
|
||||
|
||||
|
||||
@ -53,9 +53,8 @@ from org.sleuthkit.autopsy.casemodule import Case
|
||||
from org.sleuthkit.autopsy.casemodule.services import Services
|
||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||
from org.sleuthkit.datamodel import Score
|
||||
from java.util import ArrayList
|
||||
from java.util import Arrays
|
||||
|
||||
# Factory that defines the name and details of the module and allows Autopsy
|
||||
# to create instances of the modules that will do the analysis.
|
||||
@ -140,13 +139,15 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
|
||||
|
||||
# Make an artifact on the blackboard. TSK_INTERESTING_FILE_HIT is a generic type of
|
||||
# artfiact. Refer to the developer docs for other examples.
|
||||
attrs = ArrayList()
|
||||
attrs.add(BlackboardAttribute(BlackboardAttribute.Type.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file"))
|
||||
art = file.newAnalysisResult(BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE, None, "Test file", None, attrs).getAnalysisResult()
|
||||
attrs = Arrays.asList(BlackboardAttribute(BlackboardAttribute.Type.TSK_SET_NAME,
|
||||
SampleJythonDataSourceIngestModuleFactory.moduleName,
|
||||
"Test file"))
|
||||
art = file.newAnalysisResult(BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
|
||||
None, "Test file", None, attrs).getAnalysisResult()
|
||||
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard.indexArtifact(art)
|
||||
# post the artifact for listeners of artifact events.
|
||||
blackboard.postArtifact(art)
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
|
||||
@ -55,8 +55,7 @@ from org.sleuthkit.autopsy.casemodule import Case
|
||||
from org.sleuthkit.autopsy.casemodule.services import Services
|
||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||
from org.sleuthkit.datamodel import Score
|
||||
from java.util import ArrayList
|
||||
from java.util import Arrays
|
||||
|
||||
# Factory that defines the name and details of the module and allows Autopsy
|
||||
# to create instances of the modules that will do the anlaysis.
|
||||
@ -128,23 +127,18 @@ class SampleJythonFileIngestModule(FileIngestModule):
|
||||
|
||||
# Make an artifact on the blackboard. TSK_INTERESTING_FILE_HIT is a generic type of
|
||||
# artifact. Refer to the developer docs for other examples.
|
||||
attrs = ArrayList()
|
||||
attrs.add(BlackboardAttribute(BlackboardAttribute.Type.TSK_SET_NAME,
|
||||
attrs = Arrays.asList(BlackboardAttribute(BlackboardAttribute.Type.TSK_SET_NAME,
|
||||
SampleJythonFileIngestModuleFactory.moduleName, "Text Files"))
|
||||
art = file.newAnalysisResult(BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE, None, "Text Files", None, attrs).getAnalysisResult()
|
||||
|
||||
art = file.newAnalysisResult(BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
|
||||
None, "Text Files", None, attrs).getAnalysisResult()
|
||||
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard.indexArtifact(art)
|
||||
# post the artifact for listeners of artifact events
|
||||
blackboard.postArtifact(art)
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
# Fire an event to notify the UI and others that there is a new artifact
|
||||
IngestServices.getInstance().fireModuleDataEvent(
|
||||
ModuleDataEvent(SampleJythonFileIngestModuleFactory.moduleName,
|
||||
BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, None))
|
||||
|
||||
# For the example (this wouldn't be needed normally), we'll query the blackboard for data that was added
|
||||
# by other modules. We then iterate over its attributes. We'll just print them, but you would probably
|
||||
# want to do something with them.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user