mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

add file's known status to CR

Browse Source
This commit is contained in:
Brian Carrier 2017-12-06 17:35:49 -05:00
parent b58c91b8bf
commit 8c39e23ec9
2 changed files with 7 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
View File

@ -96,7 +96,7 @@ public class CorrelationAttributeInstance implements Serializable {
this(-1, eamCase, eamDataSource, filePath, comment, knownStatus, globalStatus); this(-1, eamCase, eamDataSource, filePath, comment, knownStatus, globalStatus);
} }
public CorrelationAttributeInstance( CorrelationAttributeInstance(
int ID, int ID,
CorrelationCase eamCase, CorrelationCase eamCase,
CorrelationDataSource eamDataSource, CorrelationDataSource eamDataSource,
@ -198,12 +198,4 @@ public class CorrelationAttributeInstance implements Serializable {
public GlobalStatus getGlobalStatus() { public GlobalStatus getGlobalStatus() {
return globalStatus; return globalStatus;
} }
/**
* @param globalStatus the globalStatus to set
*/
public void setGlobalStatus(GlobalStatus globalStatus) {
this.globalStatus = globalStatus;
}
} }

13
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
View File

@ -105,22 +105,21 @@ class IngestModule implements FileIngestModule {
return ProcessResult.OK; return ProcessResult.OK;
} }
// If unknown to both the hash module and as a globally known artifact in the EAM DB, correlate to other cases /* Search the central repo to see if this file was previously
if (af.getKnown() == TskData.FileKnown.UNKNOWN) { * marked as being bad. Create artifact if it was. */
// query db for artifact instances having this MD5 and knownStatus = "Bad". if (af.getKnown() != TskData.FileKnown.KNOWN) {
try { try {
// if af.getKnown() is "UNKNOWN" and this artifact instance was marked bad in a previous case,
// create TSK_INTERESTING_FILE artifact on BB.
List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5); List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5);
if (!caseDisplayNames.isEmpty()) { if (!caseDisplayNames.isEmpty()) {
postCorrelatedBadFileToBlackboard(af, caseDisplayNames); postCorrelatedBadFileToBlackboard(af, caseDisplayNames);
} }
} catch (EamDbException ex) { } catch (EamDbException ex) {
LOGGER.log(Level.SEVERE, "Error counting notable artifacts.", ex); // NON-NLS LOGGER.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
return ProcessResult.ERROR; return ProcessResult.ERROR;
} }
} }
// insert this file into the central repository
try { try {
CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5); CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5);
CorrelationAttributeInstance cefi = new CorrelationAttributeInstance( CorrelationAttributeInstance cefi = new CorrelationAttributeInstance(
@ -128,7 +127,7 @@ class IngestModule implements FileIngestModule {
eamDataSource, eamDataSource,
af.getParentPath() + af.getName(), af.getParentPath() + af.getName(),
null, null,
TskData.FileKnown.UNKNOWN, af.getKnown(),
CorrelationAttributeInstance.GlobalStatus.LOCAL CorrelationAttributeInstance.GlobalStatus.LOCAL
); );
eamArtifact.addInstance(cefi); eamArtifact.addInstance(cefi);