add file's known status to CR

2025-07-17 02:07:42 +00:00 · 2017-12-06 17:35:49 -05:00 · 2017-12-06 17:35:49 -05:00 · 8c39e23ec9
commit 8c39e23ec9
parent b58c91b8bf
2 changed files with 7 additions and 16 deletions
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
@ -96,7 +96,7 @@ public class CorrelationAttributeInstance implements Serializable {
        this(-1, eamCase, eamDataSource, filePath, comment, knownStatus, globalStatus);
    }

-    public CorrelationAttributeInstance(
+    CorrelationAttributeInstance(
            int ID,
            CorrelationCase eamCase,
            CorrelationDataSource eamDataSource,
@ -198,12 +198,4 @@ public class CorrelationAttributeInstance implements Serializable {
    public GlobalStatus getGlobalStatus() {
        return globalStatus;
    }
-
-    /**
-     * @param globalStatus the globalStatus to set
-     */
-    public void setGlobalStatus(GlobalStatus globalStatus) {
-        this.globalStatus = globalStatus;
-    }
-
 }
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
@ -105,22 +105,21 @@ class IngestModule implements FileIngestModule {
            return ProcessResult.OK;
        }

-        // If unknown to both the hash module and as a globally known artifact in the EAM DB, correlate to other cases
-        if (af.getKnown() == TskData.FileKnown.UNKNOWN) {
-            // query db for artifact instances having this MD5 and knownStatus = "Bad".
+        /* Search the central repo to see if this file was previously 
+         * marked as being bad.  Create artifact if it was.  */
+        if (af.getKnown() != TskData.FileKnown.KNOWN) {
            try {
-                // if af.getKnown() is "UNKNOWN" and this artifact instance was marked bad in a previous case, 
-                // create TSK_INTERESTING_FILE artifact on BB.
                List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5);
                if (!caseDisplayNames.isEmpty()) {
                    postCorrelatedBadFileToBlackboard(af, caseDisplayNames);
                }
            } catch (EamDbException ex) {
-                LOGGER.log(Level.SEVERE, "Error counting notable artifacts.", ex); // NON-NLS
+                LOGGER.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
                return ProcessResult.ERROR;
            }
        }

+        // insert this file into the central repository
        try {
            CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5);
            CorrelationAttributeInstance cefi = new CorrelationAttributeInstance(
@ -128,7 +127,7 @@ class IngestModule implements FileIngestModule {
                    eamDataSource,
                    af.getParentPath() + af.getName(),
                    null,
-                    TskData.FileKnown.UNKNOWN,
+                    af.getKnown(),
                    CorrelationAttributeInstance.GlobalStatus.LOCAL
            );
            eamArtifact.addInstance(cefi);