mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added logic for comparing previous instances.

Browse Source
This commit is contained in:
U-BASIS\dgrove 2018-03-06 11:06:02 -05:00
parent bd6fcd0eef
commit b9255ff9c6
3 changed files with 30 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
View File

@ -23,6 +23,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import java.util.List;
import java.util.logging.Level;
import java.util.stream.Collectors;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
@ -120,14 +121,36 @@ final class IngestModule implements FileIngestModule {
* Search the central repo to see if this file was previously marked as
* being bad. Create artifact if it was.
*/
if (abstractFile.getKnown() != TskData.FileKnown.KNOWN && flagTaggedNotableItems) {
if (abstractFile.getKnown() != TskData.FileKnown.KNOWN) {
CorrelationAttribute contentCorrelationAttribute = EamArtifactUtil.getCorrelationAttributeFromContent(abstractFile, TskData.FileKnown.BAD, null);
try {
List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5);
if (!caseDisplayNames.isEmpty()) {
postCorrelatedBadFileToBlackboard(abstractFile, caseDisplayNames);
List<String> caseDisplayNamesList = EamDb.getInstance().getListCasesHavingArtifactInstancesKnownBad(
contentCorrelationAttribute.getCorrelationType(), contentCorrelationAttribute.getCorrelationValue());
String currentCaseDisplayName = Case.getCurrentCase().getDisplayName();
boolean taggedOutsideCurrentCase = false;
if (!caseDisplayNamesList.isEmpty()) {
for (String name : caseDisplayNamesList) {
if (!name.equals(currentCaseDisplayName)) {
taggedOutsideCurrentCase = true;
break;
}
}
}
if(flagTaggedNotableItems || !taggedOutsideCurrentCase) {
try {
caseDisplayNamesList = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5);
if (!caseDisplayNamesList.isEmpty()) {
postCorrelatedBadFileToBlackboard(abstractFile, caseDisplayNamesList);
}
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
return ProcessResult.ERROR;
}
}
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
logger.log(Level.SEVERE, "Error searching database for content.", ex); // NON-NLS
return ProcessResult.ERROR;
}
}

2
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.form
View File

@ -25,7 +25,7 @@
</Group>
<Component id="ingestSettingsLabel" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace pref="75" max="32767" attributes="0"/>
<EmptySpace pref="65" max="32767" attributes="0"/>
</Group>
</Group>
</DimensionLayout>

2
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.java
View File

@ -76,7 +76,7 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
.addGap(10, 10, 10)
.addComponent(flagTaggedNotableItemsCheckbox))
.addComponent(ingestSettingsLabel))
.addContainerGap(75, Short.MAX_VALUE))
.addContainerGap(65, Short.MAX_VALUE))
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)