mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-15 17:27:43 +00:00
Changed web artifact created to data artifacts
This commit is contained in:
Kelly Kelly
parent
b6e421f58a
commit
a3c6d57a4e
@ -55,9 +55,11 @@ import org.sleuthkit.datamodel.AbstractFile;
|
|||||||
import org.sleuthkit.datamodel.Blackboard;
|
import org.sleuthkit.datamodel.Blackboard;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE;
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
import org.sleuthkit.datamodel.DerivedFile;
|
import org.sleuthkit.datamodel.DerivedFile;
|
||||||
|
import org.sleuthkit.datamodel.OsAccount;
|
||||||
import org.sleuthkit.datamodel.TimeUtilities;
|
import org.sleuthkit.datamodel.TimeUtilities;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData;
|
||||||
@ -521,8 +523,6 @@ final class ChromeCacheExtractor {
|
|||||||
private void addArtifacts(CacheEntry cacheEntry, AbstractFile cacheEntryFile, AbstractFile cachedItemFile, Collection<BlackboardArtifact> artifactsAdded) throws TskCoreException {
|
private void addArtifacts(CacheEntry cacheEntry, AbstractFile cacheEntryFile, AbstractFile cachedItemFile, Collection<BlackboardArtifact> artifactsAdded) throws TskCoreException {
|
||||||
|
|
||||||
// Create a TSK_WEB_CACHE entry with the parent as data_X file that had the cache entry
|
// Create a TSK_WEB_CACHE entry with the parent as data_X file that had the cache entry
|
||||||
BlackboardArtifact webCacheArtifact = cacheEntryFile.newArtifact(ARTIFACT_TYPE.TSK_WEB_CACHE);
|
|
||||||
if (webCacheArtifact != null) {
|
|
||||||
Collection<BlackboardAttribute> webAttr = new ArrayList<>();
|
Collection<BlackboardAttribute> webAttr = new ArrayList<>();
|
||||||
String url = cacheEntry.getKey() != null ? cacheEntry.getKey() : "";
|
String url = cacheEntry.getKey() != null ? cacheEntry.getKey() : "";
|
||||||
webAttr.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
|
webAttr.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
|
||||||
@ -537,7 +537,9 @@ final class ChromeCacheExtractor {
|
|||||||
moduleName, cachedItemFile.getUniquePath()));
|
moduleName, cachedItemFile.getUniquePath()));
|
||||||
webAttr.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
|
webAttr.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
|
||||||
moduleName, cachedItemFile.getId()));
|
moduleName, cachedItemFile.getId()));
|
||||||
webCacheArtifact.addAttributes(webAttr);
|
|
||||||
|
Optional<OsAccount> optional = cacheEntryFile.getOsAccount();
|
||||||
|
BlackboardArtifact webCacheArtifact = cacheEntryFile.newDataArtifact(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_CACHE), webAttr, optional.isPresent() ? optional.get() : null);
|
||||||
artifactsAdded.add(webCacheArtifact);
|
artifactsAdded.add(webCacheArtifact);
|
||||||
|
|
||||||
// Create a TSK_ASSOCIATED_OBJECT on the f_XXX or derived file file back to the CACHE entry
|
// Create a TSK_ASSOCIATED_OBJECT on the f_XXX or derived file file back to the CACHE entry
|
||||||
@ -549,7 +551,6 @@ final class ChromeCacheExtractor {
|
|||||||
artifactsAdded.add(associatedObjectArtifact);
|
artifactsAdded.add(associatedObjectArtifact);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Finds all the f_* files in the specified path, and fills them in the
|
* Finds all the f_* files in the specified path, and fills them in the
|
||||||
|
|||||||
@ -41,6 +41,7 @@ import java.util.List;
|
|||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Optional;
|
||||||
import org.apache.commons.io.FilenameUtils;
|
import org.apache.commons.io.FilenameUtils;
|
||||||
import org.openide.util.NbBundle.Messages;
|
import org.openide.util.NbBundle.Messages;
|
||||||
import org.sleuthkit.autopsy.casemodule.Case;
|
import org.sleuthkit.autopsy.casemodule.Case;
|
||||||
@ -54,9 +55,12 @@ import org.sleuthkit.datamodel.AbstractFile;
|
|||||||
import org.sleuthkit.datamodel.Blackboard;
|
import org.sleuthkit.datamodel.Blackboard;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK;
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
|
import org.sleuthkit.datamodel.OsAccount;
|
||||||
import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException;
|
import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
import org.sleuthkit.datamodel.TskData;
|
import org.sleuthkit.datamodel.TskData;
|
||||||
@ -264,7 +268,7 @@ class Chromium extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(),
|
RecentActivityExtracterModuleFactory.getModuleName(),
|
||||||
(NetworkUtils.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
|
(NetworkUtils.extractDomain((result.get("url").toString() != null) ? result.get("url").toString() : "")))); //NON-NLS
|
||||||
|
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
@ -390,8 +394,6 @@ class Chromium extends Extract {
|
|||||||
date = Long.valueOf(0);
|
date = Long.valueOf(0);
|
||||||
}
|
}
|
||||||
String domain = NetworkUtils.extractDomain(url);
|
String domain = NetworkUtils.extractDomain(url);
|
||||||
try {
|
|
||||||
BlackboardArtifact bbart = bookmarkFile.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
|
|
||||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
|
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
|
||||||
//TODO Revisit usage of deprecated constructor as per TSK-583
|
//TODO Revisit usage of deprecated constructor as per TSK-583
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL,
|
||||||
@ -404,15 +406,9 @@ class Chromium extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(), browser));
|
RecentActivityExtracterModuleFactory.getModuleName(), browser));
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
|
||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
||||||
bbart.addAttributes(bbattributes);
|
|
||||||
|
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(createDataArtifactWithAttributes(TSK_WEB_BOOKMARK, bookmarkFile, bbattributes));
|
||||||
} catch (TskCoreException ex) {
|
|
||||||
logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS
|
|
||||||
this.addErrorMessage(
|
|
||||||
NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile4",
|
|
||||||
this.getName(), bookmarkFile.getName()));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!context.dataSourceIngestIsCancelled()) {
|
if(!context.dataSourceIngestIsCancelled()) {
|
||||||
@ -504,7 +500,7 @@ class Chromium extends Extract {
|
|||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
|
||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
||||||
|
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
@ -610,7 +606,7 @@ class Chromium extends Extract {
|
|||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME,
|
||||||
RecentActivityExtracterModuleFactory.getModuleName(), browser));
|
RecentActivityExtracterModuleFactory.getModuleName(), browser));
|
||||||
|
|
||||||
BlackboardArtifact webDownloadArtifact = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadFile, bbattributes);
|
BlackboardArtifact webDownloadArtifact = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadFile, bbattributes);
|
||||||
if (webDownloadArtifact != null) {
|
if (webDownloadArtifact != null) {
|
||||||
bbartifacts.add(webDownloadArtifact);
|
bbartifacts.add(webDownloadArtifact);
|
||||||
|
|
||||||
@ -618,7 +614,8 @@ class Chromium extends Extract {
|
|||||||
try {
|
try {
|
||||||
String normalizedFullPath = FilenameUtils.normalize(fullPath, true);
|
String normalizedFullPath = FilenameUtils.normalize(fullPath, true);
|
||||||
for (AbstractFile downloadedFile : fileManager.findFiles(dataSource, FilenameUtils.getName(normalizedFullPath), FilenameUtils.getPath(normalizedFullPath))) {
|
for (AbstractFile downloadedFile : fileManager.findFiles(dataSource, FilenameUtils.getName(normalizedFullPath), FilenameUtils.getPath(normalizedFullPath))) {
|
||||||
BlackboardArtifact associatedObjectArtifact = downloadedFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT);
|
BlackboardArtifact associatedObjectArtifact =
|
||||||
|
downloadedFile.newArtifact(TSK_ASSOCIATED_OBJECT);
|
||||||
associatedObjectArtifact.addAttribute(
|
associatedObjectArtifact.addAttribute(
|
||||||
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT,
|
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT,
|
||||||
RecentActivityExtracterModuleFactory.getModuleName(), webDownloadArtifact.getArtifactID()));
|
RecentActivityExtracterModuleFactory.getModuleName(), webDownloadArtifact.getArtifactID()));
|
||||||
@ -870,7 +867,7 @@ class Chromium extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(), browser));
|
RecentActivityExtracterModuleFactory.getModuleName(), browser));
|
||||||
|
|
||||||
// Add an artifact
|
// Add an artifact
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_FORM_AUTOFILL, webDataFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_FORM_AUTOFILL, webDataFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -422,7 +422,7 @@ class DomainCategoryRunner extends Extract {
|
|||||||
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HOST, moduleName, artHost.getHost()),
|
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HOST, moduleName, artHost.getHost()),
|
||||||
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, moduleName, domainCategory)
|
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, moduleName, domainCategory)
|
||||||
);
|
);
|
||||||
postArtifact(createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_CATEGORIZATION, artHost.getAbstractFile(), bbattributes));
|
postArtifact(createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_CATEGORIZATION, artHost.getAbstractFile(), bbattributes));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@ -34,6 +34,7 @@ import java.util.Collection;
|
|||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Optional;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import org.openide.util.NbBundle.Messages;
|
import org.openide.util.NbBundle.Messages;
|
||||||
import org.sleuthkit.autopsy.casemodule.Case;
|
import org.sleuthkit.autopsy.casemodule.Case;
|
||||||
@ -49,6 +50,8 @@ import org.sleuthkit.datamodel.Blackboard;
|
|||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
|
import org.sleuthkit.datamodel.DataArtifact;
|
||||||
|
import org.sleuthkit.datamodel.OsAccount;
|
||||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
import org.sleuthkit.datamodel.TskException;
|
import org.sleuthkit.datamodel.TskException;
|
||||||
@ -132,6 +135,17 @@ abstract class Extract {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
DataArtifact createDataArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE type, AbstractFile file, Collection<BlackboardAttribute> attributes) {
|
||||||
|
try {
|
||||||
|
Optional<OsAccount> optional = file.getOsAccount();
|
||||||
|
DataArtifact bbart = file.newDataArtifact(new BlackboardArtifact.Type(type), attributes, optional.isPresent() ? optional.get() : null);
|
||||||
|
return bbart;
|
||||||
|
} catch (TskException ex) {
|
||||||
|
logger.log(Level.WARNING, String.format("Error while trying to add an artifact (%s) for abstractFile %d", type.getDisplayName(), file.getId()), ex); //NON-NLS
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Method to post a blackboard artifact to the blackboard.
|
* Method to post a blackboard artifact to the blackboard.
|
||||||
*
|
*
|
||||||
|
|||||||
@ -53,6 +53,9 @@ import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
|
|||||||
import org.sleuthkit.autopsy.ingest.IngestJobContext;
|
import org.sleuthkit.autopsy.ingest.IngestJobContext;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
|
|
||||||
@ -628,14 +631,10 @@ final class ExtractEdge extends Extract {
|
|||||||
String accessTime = rowSplit[index].trim();
|
String accessTime = rowSplit[index].trim();
|
||||||
Long ftime = parseTimestamp(accessTime);
|
Long ftime = parseTimestamp(accessTime);
|
||||||
|
|
||||||
BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY);
|
return createDataArtifactWithAttributes(TSK_WEB_HISTORY, origFile, createHistoryAttribute(url, ftime,
|
||||||
|
|
||||||
bbart.addAttributes(createHistoryAttribute(url, ftime,
|
|
||||||
null, null,
|
null, null,
|
||||||
this.getName(),
|
this.getName(),
|
||||||
NetworkUtils.extractDomain(url), user));
|
NetworkUtils.extractDomain(url), user));
|
||||||
|
|
||||||
return bbart;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -658,9 +657,7 @@ final class ExtractEdge extends Extract {
|
|||||||
String value = hexToChar(lineSplit[headers.indexOf(EDGE_HEAD_VALUE)].trim());
|
String value = hexToChar(lineSplit[headers.indexOf(EDGE_HEAD_VALUE)].trim());
|
||||||
String url = flipDomain(domain);
|
String url = flipDomain(domain);
|
||||||
|
|
||||||
BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE);
|
return createDataArtifactWithAttributes(TSK_WEB_COOKIE, origFile, createCookieAttributes(url, null, ftime, null, name, value, this.getName(), NetworkUtils.extractDomain(url)));
|
||||||
bbart.addAttributes(createCookieAttributes(url, null, ftime, null, name, value, this.getName(), NetworkUtils.extractDomain(url)));
|
|
||||||
return bbart;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -708,10 +705,8 @@ final class ExtractEdge extends Extract {
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
|
return createDataArtifactWithAttributes(TSK_WEB_BOOKMARK, origFile, createBookmarkAttributes(url, title, null,
|
||||||
bbart.addAttributes(createBookmarkAttributes(url, title, null,
|
|
||||||
this.getName(), NetworkUtils.extractDomain(url)));
|
this.getName(), NetworkUtils.extractDomain(url)));
|
||||||
return bbart;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -56,6 +56,7 @@ import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProcessTerminator;
|
|||||||
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
|
import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestJobContext;
|
import org.sleuthkit.autopsy.ingest.IngestJobContext;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY;
|
||||||
import org.sleuthkit.datamodel.ReadContentInputStream;
|
import org.sleuthkit.datamodel.ReadContentInputStream;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
|
|
||||||
@ -168,7 +169,7 @@ class ExtractIE extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
@ -280,7 +281,7 @@ class ExtractIE extends Extract {
|
|||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
|
||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
||||||
}
|
}
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
@ -558,8 +559,6 @@ class ExtractIE extends Extract {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
|
||||||
BlackboardArtifact bbart = origFile.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
|
|
||||||
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
|
Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL,
|
||||||
RecentActivityExtracterModuleFactory.getModuleName(), realurl));
|
RecentActivityExtracterModuleFactory.getModuleName(), realurl));
|
||||||
@ -580,12 +579,8 @@ class ExtractIE extends Extract {
|
|||||||
}
|
}
|
||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME,
|
||||||
RecentActivityExtracterModuleFactory.getModuleName(), user));
|
RecentActivityExtracterModuleFactory.getModuleName(), user));
|
||||||
bbart.addAttributes(bbattributes);
|
|
||||||
|
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(createDataArtifactWithAttributes(TSK_WEB_HISTORY, origFile, bbattributes));
|
||||||
} catch (TskCoreException ex) {
|
|
||||||
logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard. Pasco results will be incomplete", ex); //NON-NLS
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
fileScanner.close();
|
fileScanner.close();
|
||||||
return bbartifacts;
|
return bbartifacts;
|
||||||
|
|||||||
@ -49,6 +49,10 @@ import org.sleuthkit.autopsy.ingest.IngestServices;
|
|||||||
import org.sleuthkit.autopsy.recentactivity.BinaryCookieReader.Cookie;
|
import org.sleuthkit.autopsy.recentactivity.BinaryCookieReader.Cookie;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD;
|
||||||
|
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY;
|
||||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
@ -430,10 +434,12 @@ final class ExtractSafari extends Extract {
|
|||||||
String title = row.get(HEAD_TITLE).toString();
|
String title = row.get(HEAD_TITLE).toString();
|
||||||
Long time = (Double.valueOf(row.get(HEAD_TIME).toString())).longValue();
|
Long time = (Double.valueOf(row.get(HEAD_TIME).toString())).longValue();
|
||||||
|
|
||||||
BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY);
|
bbartifacts.add(
|
||||||
bbart.addAttributes(createHistoryAttribute(url, time, null, title,
|
createDataArtifactWithAttributes(
|
||||||
this.getName(), NetworkUtils.extractDomain(url), null));
|
TSK_WEB_HISTORY,
|
||||||
bbartifacts.add(bbart);
|
origFile,
|
||||||
|
createHistoryAttribute(url, time, null, title,
|
||||||
|
this.getName(), NetworkUtils.extractDomain(url), null)));
|
||||||
}
|
}
|
||||||
|
|
||||||
return bbartifacts;
|
return bbartifacts;
|
||||||
@ -565,9 +571,18 @@ final class ExtractSafari extends Extract {
|
|||||||
|
|
||||||
Cookie cookie = iter.next();
|
Cookie cookie = iter.next();
|
||||||
|
|
||||||
BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE);
|
bbartifacts.add(
|
||||||
bbart.addAttributes(createCookieAttributes(cookie.getURL(), cookie.getCreationDate(), null, cookie.getExpirationDate(), cookie.getName(), cookie.getValue(), this.getName(), NetworkUtils.extractDomain(cookie.getURL())));
|
createDataArtifactWithAttributes(
|
||||||
bbartifacts.add(bbart);
|
TSK_WEB_COOKIE,
|
||||||
|
origFile,
|
||||||
|
createCookieAttributes(
|
||||||
|
cookie.getURL(),
|
||||||
|
cookie.getCreationDate(),
|
||||||
|
null,
|
||||||
|
cookie.getExpirationDate(),
|
||||||
|
cookie.getName(), cookie.getValue(),
|
||||||
|
this.getName(),
|
||||||
|
NetworkUtils.extractDomain(cookie.getURL()))));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -615,9 +630,12 @@ final class ExtractSafari extends Extract {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (url != null || title != null) {
|
if (url != null || title != null) {
|
||||||
BlackboardArtifact bbart = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
|
bbartifacts.add(createDataArtifactWithAttributes(TSK_WEB_BOOKMARK, origFile,
|
||||||
bbart.addAttributes(createBookmarkAttributes(url, title, null, getName(), NetworkUtils.extractDomain(url)));
|
createBookmarkAttributes(url,
|
||||||
bbartifacts.add(bbart);
|
title,
|
||||||
|
null,
|
||||||
|
getName(),
|
||||||
|
NetworkUtils.extractDomain(url))));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -656,8 +674,7 @@ final class ExtractSafari extends Extract {
|
|||||||
time = date.getDate().getTime();
|
time = date.getDate().getTime();
|
||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact webDownloadArtifact = origFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD);
|
BlackboardArtifact webDownloadArtifact = createDataArtifactWithAttributes(TSK_WEB_DOWNLOAD, origFile, createDownloadAttributes(path, pathID, url, time, NetworkUtils.extractDomain(url), getName()));
|
||||||
webDownloadArtifact.addAttributes(this.createDownloadAttributes(path, pathID, url, time, NetworkUtils.extractDomain(url), getName()));
|
|
||||||
bbartifacts.add(webDownloadArtifact);
|
bbartifacts.add(webDownloadArtifact);
|
||||||
|
|
||||||
// find the downloaded file and create a TSK_ASSOCIATED_OBJECT for it, associating it with the TSK_WEB_DOWNLOAD artifact.
|
// find the downloaded file and create a TSK_ASSOCIATED_OBJECT for it, associating it with the TSK_WEB_DOWNLOAD artifact.
|
||||||
|
|||||||
@ -298,7 +298,7 @@ class ExtractWebAccountType extends Extract {
|
|||||||
NbBundle.getMessage(this.getClass(),
|
NbBundle.getMessage(this.getClass(),
|
||||||
"ExtractWebAccountType.parentModuleName"), role.getUrl()));
|
"ExtractWebAccountType.parentModuleName"), role.getUrl()));
|
||||||
|
|
||||||
artifactList.add(createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_ACCOUNT_TYPE, file, bbattributes));
|
artifactList.add(createDataArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_ACCOUNT_TYPE, file, bbattributes));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!context.dataSourceIngestIsCancelled()) {
|
if (!context.dataSourceIngestIsCancelled()) {
|
||||||
|
|||||||
@ -247,7 +247,7 @@ final class ExtractZoneIdentifier extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(),
|
RecentActivityExtracterModuleFactory.getModuleName(),
|
||||||
zoneInfo.getZoneIdAsString()));
|
zoneInfo.getZoneIdAsString()));
|
||||||
}
|
}
|
||||||
return createArtifactWithAttributes(TSK_WEB_DOWNLOAD, zoneFile, bbattributes);
|
return createDataArtifactWithAttributes(TSK_WEB_DOWNLOAD, zoneFile, bbattributes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -236,7 +236,7 @@ class Firefox extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain)); //NON-NLS
|
RecentActivityExtracterModuleFactory.getModuleName(), domain)); //NON-NLS
|
||||||
|
|
||||||
}
|
}
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
@ -332,7 +332,7 @@ class Firefox extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain)); //NON-NLS
|
RecentActivityExtracterModuleFactory.getModuleName(), domain)); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
@ -448,7 +448,7 @@ class Firefox extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
RecentActivityExtracterModuleFactory.getModuleName(), domain));
|
||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
@ -575,7 +575,7 @@ class Firefox extends Extract {
|
|||||||
domain)); //NON-NLS
|
domain)); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact webDownloadArtifact = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
|
BlackboardArtifact webDownloadArtifact = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
|
||||||
if (webDownloadArtifact != null) {
|
if (webDownloadArtifact != null) {
|
||||||
bbartifacts.add(webDownloadArtifact);
|
bbartifacts.add(webDownloadArtifact);
|
||||||
|
|
||||||
@ -717,7 +717,7 @@ class Firefox extends Extract {
|
|||||||
RecentActivityExtracterModuleFactory.getModuleName(), domain)); //NON-NLS
|
RecentActivityExtracterModuleFactory.getModuleName(), domain)); //NON-NLS
|
||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact webDownloadArtifact = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
|
BlackboardArtifact webDownloadArtifact = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
|
||||||
if (webDownloadArtifact != null) {
|
if (webDownloadArtifact != null) {
|
||||||
bbartifacts.add(webDownloadArtifact);
|
bbartifacts.add(webDownloadArtifact);
|
||||||
|
|
||||||
@ -857,7 +857,7 @@ class Firefox extends Extract {
|
|||||||
|
|
||||||
}
|
}
|
||||||
// Add artifact
|
// Add artifact
|
||||||
BlackboardArtifact bbart = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_FORM_AUTOFILL, formHistoryFile, bbattributes);
|
BlackboardArtifact bbart = createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_FORM_AUTOFILL, formHistoryFile, bbattributes);
|
||||||
if (bbart != null) {
|
if (bbart != null) {
|
||||||
bbartifacts.add(bbart);
|
bbartifacts.add(bbart);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -382,7 +382,7 @@ class SearchEngineURLQueryAnalyzer extends Extract {
|
|||||||
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
|
||||||
NbBundle.getMessage(this.getClass(),
|
NbBundle.getMessage(this.getClass(),
|
||||||
"SearchEngineURLQueryAnalyzer.parentModuleName"), last_accessed));
|
"SearchEngineURLQueryAnalyzer.parentModuleName"), last_accessed));
|
||||||
postArtifact(createArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY, file, bbattributes));
|
postArtifact(createDataArtifactWithAttributes(ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY, file, bbattributes));
|
||||||
++totalQueries;
|
++totalQueries;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user