From 8c39e23ec9f07b623d96a492ee64591e83d7dbb0 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Wed, 6 Dec 2017 17:35:49 -0500 Subject: [PATCH] add file's known status to CR --- .../datamodel/CorrelationAttributeInstance.java | 10 +--------- .../ingestmodule/IngestModule.java | 13 ++++++------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java index 7db48d28db..927b9a3c8f 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java @@ -96,7 +96,7 @@ public class CorrelationAttributeInstance implements Serializable { this(-1, eamCase, eamDataSource, filePath, comment, knownStatus, globalStatus); } - public CorrelationAttributeInstance( + CorrelationAttributeInstance( int ID, CorrelationCase eamCase, CorrelationDataSource eamDataSource, @@ -198,12 +198,4 @@ public class CorrelationAttributeInstance implements Serializable { public GlobalStatus getGlobalStatus() { return globalStatus; } - - /** - * @param globalStatus the globalStatus to set - */ - public void setGlobalStatus(GlobalStatus globalStatus) { - this.globalStatus = globalStatus; - } - } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java index 9e1e36cb8a..10f3ca9051 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java @@ -105,22 +105,21 @@ class IngestModule implements FileIngestModule { return ProcessResult.OK; } - // If unknown to both the hash module and as a globally known artifact in the EAM DB, correlate to other cases - if (af.getKnown() == TskData.FileKnown.UNKNOWN) { - // query db for artifact instances having this MD5 and knownStatus = "Bad". + /* Search the central repo to see if this file was previously + * marked as being bad. Create artifact if it was. */ + if (af.getKnown() != TskData.FileKnown.KNOWN) { try { - // if af.getKnown() is "UNKNOWN" and this artifact instance was marked bad in a previous case, - // create TSK_INTERESTING_FILE artifact on BB. List caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5); if (!caseDisplayNames.isEmpty()) { postCorrelatedBadFileToBlackboard(af, caseDisplayNames); } } catch (EamDbException ex) { - LOGGER.log(Level.SEVERE, "Error counting notable artifacts.", ex); // NON-NLS + LOGGER.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS return ProcessResult.ERROR; } } + // insert this file into the central repository try { CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5); CorrelationAttributeInstance cefi = new CorrelationAttributeInstance( @@ -128,7 +127,7 @@ class IngestModule implements FileIngestModule { eamDataSource, af.getParentPath() + af.getName(), null, - TskData.FileKnown.UNKNOWN, + af.getKnown(), CorrelationAttributeInstance.GlobalStatus.LOCAL ); eamArtifact.addInstance(cefi);