mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added comments to python scripts

Browse Source
This commit is contained in:
Brian Carrier 2015-06-05 10:23:10 -04:00
parent 4b2f704738
commit b5211b3f28
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pythonExamples/dataSourceIngestModule.py
View File

@ -86,13 +86,20 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
self.context = None self.context = None
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here. # TODO: Add any setup code that you need here.
def startUp(self, context): def startUp(self, context):
self.context = context self.context = context
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up # Throw an IngestModule.IngestModuleException exception if there was a problem setting up
# raise IngestModuleException(IngestModule(), "Oh No!") # raise IngestModuleException(IngestModule(), "Oh No!")
# Where the analysis is done. # Where the analysis is done.
# The 'dataSource' object being passed in is of type org.sleuthkit.datamodel.Content.
# See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/interfaceorg_1_1sleuthkit_1_1datamodel_1_1_content.html
# 'progressBar' is of type org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_data_source_ingest_module_progress.html
# TODO: Add your analysis code in here. # TODO: Add your analysis code in here.
def process(self, dataSource, progressBar): def process(self, dataSource, progressBar):
if self.context.isJobCancelled(): if self.context.isJobCancelled():

20
pythonExamples/fileIngestModule.py
View File

@ -39,6 +39,7 @@ from org.sleuthkit.datamodel import AbstractFile
from org.sleuthkit.datamodel import ReadContentInputStream from org.sleuthkit.datamodel import ReadContentInputStream
from org.sleuthkit.datamodel import BlackboardArtifact from org.sleuthkit.datamodel import BlackboardArtifact
from org.sleuthkit.datamodel import BlackboardAttribute from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.datamodel import TskData
from org.sleuthkit.autopsy.ingest import IngestModule from org.sleuthkit.autopsy.ingest import IngestModule
from org.sleuthkit.autopsy.ingest.IngestModule import IngestModuleException from org.sleuthkit.autopsy.ingest.IngestModule import IngestModuleException
from org.sleuthkit.autopsy.ingest import DataSourceIngestModule from org.sleuthkit.autopsy.ingest import DataSourceIngestModule
@ -84,6 +85,8 @@ class SampleJythonFileIngestModuleFactory(IngestModuleFactoryAdapter):
class SampleJythonFileIngestModule(FileIngestModule): class SampleJythonFileIngestModule(FileIngestModule):
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/3.1/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here. # TODO: Add any setup code that you need here.
def startUp(self, context): def startUp(self, context):
self.logger = Logger.getLogger(SampleJythonFileIngestModuleFactory.moduleName) self.logger = Logger.getLogger(SampleJythonFileIngestModuleFactory.moduleName)
@ -94,8 +97,14 @@ class SampleJythonFileIngestModule(FileIngestModule):
pass pass
# Where the analysis is done. Each file will be passed into here. # Where the analysis is done. Each file will be passed into here.
# The 'file' object being passed in is of type org.sleuthkit.datamodel.AbstractFile.
# See: http://www.sleuthkit.org/sleuthkit/docs/jni-docs/classorg_1_1sleuthkit_1_1datamodel_1_1_abstract_file.html
# TODO: Add your analysis code in here. # TODO: Add your analysis code in here.
def process(self, file): def process(self, file):
# Skip non-files
if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) or (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) or (file.isFile() == False)):
return IngestModule.ProcessResult.OK
# For an example, we will flag files with .txt in the name and make a blackboard artifact. # For an example, we will flag files with .txt in the name and make a blackboard artifact.
if file.getName().find(".txt") != -1: if file.getName().find(".txt") != -1:
@ -109,14 +118,9 @@ class SampleJythonFileIngestModule(FileIngestModule):
att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), SampleJythonFileIngestModuleFactory.moduleName, "Text Files") att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), SampleJythonFileIngestModuleFactory.moduleName, "Text Files")
art.addAttribute(att) art.addAttribute(att)
# For the current file, we get all the artifacts. The artifactList should not be empty since we have added # For the example (this wouldn't be needed normally), we'll query the blackboard for data that was added
# a new artifact - TSK_INTERESTING_FILE_HIT - (Line 110). # by other modules. We then iterate over its attributes. We'll just print them, but you would probably
# We iterate through the artifactList(other modules might have added artifacts for the same file) and get # want to do something with them.
# attributes for that artifact. Again, the attributeList should not be empty since we have added a new
# attribute - "Text Files" - (Line 111, 112).
# We iterate through the attributeList and log every attribute.
# NOTE: Empty list (which may be returned by getArtifacts()/getAttributes()) is not coerced into non-iterable
# NoneType. Hence null check is not necessary.
artifactList = file.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT) artifactList = file.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
for artifact in artifactList: for artifact in artifactList:
attributeList = artifact.getAttributes(); attributeList = artifact.getAttributes();