mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/Devin148/autopsy

Browse Source
This commit is contained in:
adam-m 2012-09-21 12:16:49 -04:00
commit b6630df794
7 changed files with 195 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSimplePanel.form
View File

@ -16,27 +16,31 @@
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jScrollPane1" alignment="1" pref="0" max="32767" attributes="1"/>
<Group type="102" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="calcHashesButton" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="103" alignment="0" groupAlignment="1" max="-2" attributes="0">
<Group type="102" attributes="0">
<Group type="103" groupAlignment="1" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="nsrlDbLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="nsrlDbLabelVal" max="32767" attributes="0"/>
<Component id="nsrlDbLabelVal" min="-2" pref="105" max="-2" attributes="0"/>
</Group>
<Component id="jLabel1" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
<EmptySpace max="32767" attributes="0"/>
<Component id="calcHashesButton" alignment="1" max="32767" attributes="0"/>
<Component id="jScrollPane1" alignment="0" pref="0" max="32767" attributes="1"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="7" max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0">
<Component id="nsrlDbLabel" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="nsrlDbLabelVal" alignment="3" min="-2" max="-2" attributes="0"/>
@ -44,8 +48,8 @@
<EmptySpace max="-2" attributes="0"/>
<Component id="jLabel1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="jScrollPane1" min="-2" pref="68" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="jScrollPane1" pref="73" max="32767" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="calcHashesButton" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
</Group>
@ -56,8 +60,8 @@
<Container class="javax.swing.JScrollPane" name="jScrollPane1">
<Properties>
<Property name="border" type="javax.swing.border.Border" editor="org.netbeans.modules.form.editors2.BorderEditor">
<Border info="org.netbeans.modules.form.compat2.border.EmptyBorderInfo">
<EmptyBorder/>
<Border info="org.netbeans.modules.form.compat2.border.EtchedBorderInfo">
<EtchetBorder/>
</Border>
</Property>
</Properties>

23
HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSimplePanel.java
View File

@ -107,9 +107,9 @@ public class HashDbSimplePanel extends javax.swing.JPanel {
for (int i = 0; i < notableHashTable.getColumnCount(); i++) {
column1 = notableHashTable.getColumnModel().getColumn(i);
if (i == 0) {
column1.setPreferredWidth(((int) (width1 * 0.15)));
column1.setPreferredWidth(((int) (width1 * 0.07)));
} else {
column1.setPreferredWidth(((int) (width1 * 0.84)));
column1.setPreferredWidth(((int) (width1 * 0.92)));
}
}
@ -132,7 +132,7 @@ public class HashDbSimplePanel extends javax.swing.JPanel {
calcHashesButton = new javax.swing.JCheckBox();
nsrlDbLabelVal = new javax.swing.JLabel();
jScrollPane1.setBorder(javax.swing.BorderFactory.createEmptyBorder(1, 1, 1, 1));
jScrollPane1.setBorder(javax.swing.BorderFactory.createEtchedBorder());
notableHashTable.setBackground(new java.awt.Color(240, 240, 240));
notableHashTable.setShowHorizontalLines(false);
@ -151,30 +151,33 @@ public class HashDbSimplePanel extends javax.swing.JPanel {
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jScrollPane1, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(calcHashesButton)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING, false)
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
.addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup()
.addComponent(nsrlDbLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(nsrlDbLabelVal, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addComponent(jLabel1, javax.swing.GroupLayout.Alignment.LEADING)))
.addComponent(nsrlDbLabelVal, javax.swing.GroupLayout.PREFERRED_SIZE, 105, javax.swing.GroupLayout.PREFERRED_SIZE))
.addComponent(jLabel1, javax.swing.GroupLayout.Alignment.LEADING))
.addGap(0, 0, Short.MAX_VALUE))
.addComponent(calcHashesButton, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 0, Short.MAX_VALUE))
.addContainerGap())
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGap(7, 7, 7)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(nsrlDbLabel)
.addComponent(nsrlDbLabelVal))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jLabel1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jScrollPane1, javax.swing.GroupLayout.PREFERRED_SIZE, 68, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jScrollPane1, javax.swing.GroupLayout.DEFAULT_SIZE, 73, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(calcHashesButton)
.addContainerGap())
);

43
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestSimplePanel.form
View File

@ -21,30 +21,26 @@
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="jSeparator2" alignment="0" max="32767" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="10" max="-2" attributes="0"/>
<Component id="languagesValLabel" max="32767" attributes="0"/>
<EmptySpace min="10" pref="10" max="-2" attributes="0"/>
<Component id="languagesValLabel" min="-2" pref="274" max="-2" attributes="0"/>
</Group>
<Group type="102" attributes="0">
<Component id="languagesLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
<Group type="102" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="listsScrollPane" min="-2" pref="296" max="-2" attributes="1"/>
<Component id="jLabel1" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
<Group type="102" alignment="1" attributes="0">
<Group type="103" groupAlignment="1" attributes="0">
<Component id="languagesLabel" alignment="0" max="32767" attributes="0"/>
<Component id="listsScrollPane" max="32767" attributes="1"/>
</Group>
<EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</Group>
</Group>
@ -52,16 +48,15 @@
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="languagesLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="languagesValLabel" max="32767" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="jSeparator2" min="-2" pref="10" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<EmptySpace min="-2" pref="7" max="-2" attributes="0"/>
<Component id="jLabel1" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="listsScrollPane" min="-2" pref="104" max="-2" attributes="0"/>
<EmptySpace min="-2" max="-2" attributes="0"/>
<Component id="listsScrollPane" pref="91" max="32767" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="languagesLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="languagesValLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="7" max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@ -70,8 +65,8 @@
<Container class="javax.swing.JScrollPane" name="listsScrollPane">
<Properties>
<Property name="border" type="javax.swing.border.Border" editor="org.netbeans.modules.form.editors2.BorderEditor">
<Border info="org.netbeans.modules.form.compat2.border.EmptyBorderInfo">
<EmptyBorder/>
<Border info="org.netbeans.modules.form.compat2.border.EtchedBorderInfo">
<EtchetBorder/>
</Border>
</Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
@ -125,7 +120,5 @@
</Property>
</Properties>
</Component>
<Component class="javax.swing.JSeparator" name="jSeparator2">
</Component>
</SubComponents>
</Form>

40
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestSimplePanel.java
View File

@ -57,9 +57,9 @@ public class KeywordSearchIngestSimplePanel extends javax.swing.JPanel {
for (int i = 0; i < listsTable.getColumnCount(); i++) {
column = listsTable.getColumnModel().getColumn(i);
if (i == 0) {
column.setPreferredWidth(((int) (width * 0.15)));
column.setPreferredWidth(((int) (width * 0.07)));
} else {
column.setPreferredWidth(((int) (width * 0.84)));
column.setPreferredWidth(((int) (width * 0.92)));
}
}
@ -80,11 +80,10 @@ public class KeywordSearchIngestSimplePanel extends javax.swing.JPanel {
jLabel1 = new javax.swing.JLabel();
languagesLabel = new javax.swing.JLabel();
languagesValLabel = new javax.swing.JLabel();
jSeparator2 = new javax.swing.JSeparator();
setPreferredSize(new java.awt.Dimension(300, 170));
listsScrollPane.setBorder(javax.swing.BorderFactory.createEmptyBorder(1, 1, 1, 1));
listsScrollPane.setBorder(javax.swing.BorderFactory.createEtchedBorder());
listsScrollPane.setPreferredSize(new java.awt.Dimension(300, 100));
listsTable.setBackground(new java.awt.Color(240, 240, 240));
@ -112,7 +111,6 @@ public class KeywordSearchIngestSimplePanel extends javax.swing.JPanel {
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jSeparator2)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
@ -120,36 +118,32 @@ public class KeywordSearchIngestSimplePanel extends javax.swing.JPanel {
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addGap(10, 10, 10)
.addComponent(languagesValLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addGroup(layout.createSequentialGroup()
.addComponent(languagesLabel)
.addGap(0, 0, Short.MAX_VALUE)))
.addContainerGap())
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(listsScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 296, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(languagesValLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 274, javax.swing.GroupLayout.PREFERRED_SIZE))
.addComponent(jLabel1))
.addGap(0, 0, Short.MAX_VALUE))))
.addGap(0, 0, Short.MAX_VALUE))
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
.addComponent(languagesLabel, javax.swing.GroupLayout.Alignment.LEADING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(listsScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addContainerGap())))
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(languagesLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(languagesValLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jSeparator2, javax.swing.GroupLayout.PREFERRED_SIZE, 10, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGap(7, 7, 7)
.addComponent(jLabel1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(listsScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 104, javax.swing.GroupLayout.PREFERRED_SIZE)
.addContainerGap())
.addComponent(listsScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 91, Short.MAX_VALUE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(languagesLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(languagesValLabel)
.addGap(7, 7, 7))
);
}// </editor-fold>//GEN-END:initComponents
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JLabel jLabel1;
private javax.swing.JSeparator jSeparator2;
private javax.swing.JLabel languagesLabel;
private javax.swing.JLabel languagesValLabel;
private javax.swing.JScrollPane listsScrollPane;

104
docs/doxygen/modDev.dox
View File

@ -4,25 +4,115 @@
\section mod_dev_setup Basic Setup
what do they need to download and configure to develop modules? Refer to BUILDING.txt as much as possible. Do they need to download source to develop modules or can they use a releae version?
To setup a module development environment for Autopsy, you must have either:
\li Autopsy installed on your machine
\li The Autopsy source code, downloaded from GitHub
If you have Autopsy installed on your machine and would like to use that as your development environment, proceed to \ref mod_dev_module. Note that older versions of Autopsy may not have the latest features available for module development.
To use the latest Autopsy source code as your development environment, first follow BUILDING.TXT to properly build and setup Autopsy in NetBeans.
Once Autopsy has been successfully built, right click on the Autopsy project in NetBeans and select Package as > ZIP Distribution. Then extract the ZIP file to any directory of your choosing.
\section mod_dev_module How to Create a Module
Steps to make a module (Netbeans menu options, adding in Autopsy as a platform, etc.
In NetBeans go to File > New Project.
From the categories, choose NetBeans Modules, and then Module under Projects.
Click Next, name the module, and set the project location.
Select Standalone Module, and click the Manage button. Click on Add Platform and either browse to the directory Autopsy is installed or to the directory the ZIP distribution was extracted. Press Finish and then Close.
Autopsy has now been added as a "NetBeans Platform", meaning the development environment for NetBeans has been set to use the code from within Autopsy. This grants access to Autopsy's methods and modules to third party developers, without having to program inside the Autopsy project itself.
Click Next, and fill out the rest of the module-creation wizard. Press Finish when complete, and the module will be added as a standalone project in NetBeans.
See \ref mod_ingest_page for instructions on programming ingest modules for Autopsy.
\section mod_dev_services Getting Access to Services
List the services and how to get access to them. Currently, I can think of Case, Loging, IngestManager.... The class description for each service class should have the details.
In order to use Autopy's services, each module with a desired service has to be added as a dependency to your module. After a dependency is added, you can import Autopsy's packages and utilize it's modules and methods. Some modules include specific services to help with third party module development.
\subsection mod_dev_services_dependency Adding a Dependency
In the NetBeans, right click the module and go to Properties. In the Libraries category, you can see the current dependencies your module has.
To add a dependency to one of Autopsy's modules, click the Add button and either scroll through the list of available modules or filter the modules by class, package name, path, or display name. When the desired module is found, press OK and it will appear in the list of current dependencies.
When a module is added as a dependency, all of it's methods and services become available to the dependant module. You cannot import a package or class from Autopsy without first adding the proper dependency, but after adding the dependency, it is as if your module is inside the original Autopsy source code.
\subsection mod_dev_services_services Module Services
TODO: Add additional info about service classes
\ref IngestModuleServices provides a number of services specifically targeted towards ingest modules.
In general, a handle to any services should be created in the module's \c init() method, by getting a singleton instance of the services. For example:
\code
IngestModuleServices services = IngestModuleServices.getDefault()
\endcode
\section mod_dev_configuration Making a Configuration Panel
Some modules may have advanced configuration settings which you need users to have available. Autopsy provides two centralized locations for users to see these settings: the \ref mod_dev_configuration_ingest, and the \ref mod_dev_configuration_options.
\subsection mod_dev_configuration_ingest Ingest Dialog Panel
The ingest dialog panel (IDP) is shown anytime ingest is to be started/restarted. It provides framework for a "simple panel" as well as an "advanced panel". The simple panel is shown directly in the IDP, while the advanced panel is opened in a new window if the user presses the Advanced button in the IDP. For method specifics, see \ref ingestmodule_making_configuration.
Both of these panels can be created as a standard \c JPanel, and returned by your ingest module using the inherited ingest functions.
It is recommended when making an ingest module to have the advanced panel also be an options panel, allowing the user access to the settings from Tools > Options.
\subsection mod_dev_configuration_options Options Panel
To add panel to the options menu, right click the module and choose New > Other. Under the Module Development category, select Options Panel and press Next.
Select Create Primary Panel, name the panel (preferably with the module's name), select an icon, and add keywords, then click Next and Finish. Note that NetBeans will automatically copy the selected icon to the module's directory if not already there.
NetBeans will generate two Java files for you, the panel and the controller. For now, we only need to focus on the panel.
First, use NetBeans' GUI builder to design the panel. Be sure to include all options, settings, preferences, etc for the module, as this is what the user will see. The recommended size of an options panel is about 675 x 500.
Second, in the source code of the panel, there are two important methods: \c load() and \c store(). When the options panel is opened via Tools > Options in Autopsy, the \c load() method will be called. Conversely, when the user presses OK after editing the options, the \c store() method will be called.
If one wishes to make any additional panels within the original options panel, or panels which the original opens, Autopsy provides the \ref OptionsPanel interface to help. This interface requires the \c store() and \c load() functions also be provided in the separate panels, allowing for easier child storing and loading.
Any storing or loading of settings or properties should be done in the \c store() and \c load() methods. Continue to \ref mod_dev_properties for more details.
\section mod_dev_properties Saving Settings and Properties
If a module needs to have options and properties, how should they store them and get themsevles setup in the options viewer.
If a module needs to have options and properties, how should they store them and get themselves setup in the options viewer.
\section mod_dev_events Registering for events
What events hsould modules register for.. I'm not sure what goes in here with the new design.
- Case Updates?
Module life cycle is managed by ingest manager and module do not need to catch events to keep track of cases or other general system-wide events.
We also need to sync this up with \ref ingestmodule_events.
\section mod_dev_plugin Adding a Module to Autopsy
When the module is created and ready for use, it can be added to Autopsy via the plugins menu.
The plugins menu can be used to add modules (i.e. plugins) to Autopsy in a number of different ways, the simplest of which is through an NBM file.
To generate an NBM file, right click on the module and select Create NBM.
Then, launch Autopsy and choose Plugins under the Tools menu. Open the Downloaded tab and click Add Plugins. Navigate to the NBM file and open it. Next, click Install and follow the wizard. Autopsy may require a restart, depending on the plugin's settings, but afterwards the plugin should be integrated into Autopsy.
The options to uninstall or temporarily disable a plugin are also available under the plugins menu.
*/

43
docs/doxygen/modIngest.dox
View File

@ -40,7 +40,7 @@ Every module should support multiple init() - process() - complete(), and init()
The modules should also support multiple init() - complete() and init() - stop() invocations,
which can occur if ingest pipeline is started but no work is enqueued for the particular module.
Module developers are encouraged to use the standard java.util.logging.Logger infrastructure to log errors to the Autopsy log.
Module developers are encouraged to use Autopsy's org.sleuthkit.autopsy.coreutils.Logger infrastructure to log errors to the Autopsy log.
\subsection ingestmodule_making_process Process Method
The process method is where the work is done in each type of module. Some notes:
@ -50,35 +50,27 @@ The process method is where the work is done in each type of module. Some notes
\subsection ingestmodule_making_registration Module Registration
Ingest modules need to be registered using the Netbeans Lookup infrastructure in package's layer.xml file.
TODO: Add more about the new pipeline xml
An example Image-level module is:
\verbatim
<file name="org-sleuthkit-autopsy-ingest-example-ExampleImageIngestModule.instance">
<attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.ingest.IngestModuleImage"/>
<attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.ingest.example.ExampleImageIngestModule.getDefault"/>
<attr name="position" intvalue="1000"/>
</file>
\endverbatim
Modules are automatically registered when \ref mod_dev_plugin "added as a plugin to Autopsy". Autopsy uses an XML based registration system, similar to the sample below.
An example file-level module is:
\code
<PIPELINE_CONFIG>
<PIPELINE type="FileAnalysis">
<MODULE order="1" type="plugin" location="org.sleuthkit.autopsy.hashdatabase.HashDbIngestModule" arguments="" />
<MODULE order="2" type="plugin" location="org.sleuthkit.autopsy.exifparser.ExifParserFileIngestModule"/>
</PIPELINE>
\verbatim
<file name="org-sleuthkit-autopsy-ingest-example-ExampleAbstractFileIngestModule.instance">
<attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile"/>
<attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.ingest.example.ExampleAbstractFileIngestModule.getDefault"/>
<attr name="position" intvalue="1100"/>
</file>
\endverbatim
<PIPELINE type="ImageAnalysis">
<MODULE order="1" type="plugin" location="org.sleuthkit.autopsy.recentactivity.RAImageIngestModule" arguments=""/>
</PIPELINE>
</PIPELINE_CONFIG>
\endcode
Note the "position" attribute. The attribute determines the ordering of the module in the ingest pipeline.
Modules with lower position attribute will execute earlier.
Use high numbers (higher than 1000) for non-core modules. If your module depends on results from another module, use a higher position attribute to enforce the dependency.
The two types of ingest modules are implemented in the XML above. The order element determines the ordering of the module in the ingest pipeline.
Note: we plan to implement a more flexible and robust module dependency system in future versions of the Autopsy ingest framework.
No developer or user be forced to manually edit the XML registration, but Autopsy does allow manual editing if it's desired.
New modules can be added to the Autopsy ingest pipeline by dropping in jar files into build/cluster/modules.
Dropped in module will be automatically recognized next time Autopsy starts.
\subsection ingestmodule_making_results Posting Results
@ -125,8 +117,7 @@ As an example, the keyword search module uses both configuration methods. The r
to choose which lists of keywords to search for. However, if the user wants to edit the lists or create lists, they
need to do go the general configuration window.
Module configuration is decentralized and module-specific; every module maintains its
own configuration state and is responsible for implementing the graphical interface.
Module configuration is module-specific: every module maintains its own configuration state and is responsible for implementing the graphical interface. However, Autopsy does provide \ref mod_dev_configuration "a centralized location to display your settings to the user".
The run-time configuration (also called simple configuration), is achieved by each
ingest module providing a JPanel. The IngestModuleAbstract.hasSimpleConfiguration(),

10
docs/doxygen/platformConcepts.dox
View File

@ -2,6 +2,16 @@
\section platform_basics Basic Concepts
Autopsy is designed around the Sleuth Kit framework, giving it a central database in which to store artifacts, artifact attributes, and general file information. Everything stored in this database (i.e. the "blackboard") is accessible through Autopsy and thus to module developers.
The most common use of the blackboard is through ingest modules. Autopsy provides a number of ingest modules to analyze data and quickly provide results. Often, these results are saved to blackboard in a generalized format for other modules to use.
The UI of Autopsy contains two main views: a single tree on the left to browse results, and a more complex view on the right for more individual analysis. The single tree shows not only the file structure of the disk image(s) provided, it also generates additional nodes based off the results saved into blackboard.
As for the complex view, frameworks are provided through Autopsy for viewing and analysis. There is a framework to view sets of results in tables, thumbnails, and a few others. Another framework allows the user to view a file as text, a string, in hex, or as a form of media.
All of these robust features in the Autopsy platform are readily available for any and all modules to utilize.
- Central database
- Ingest Modules that analyze data quickly and provide quick results
- Single tree to browse for results