mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

bug fixes

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-07-20 13:09:53 -04:00
parent 8279df1a3b
commit c32ab89922
6 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py
View File

@ -113,7 +113,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
progressBar.switchToIndeterminate() progressBar.switchToIndeterminate()
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
# Find files named contacts.db, regardless of parent path # Find files named contacts.db, regardless of parent path
fileManager = Case.getCurrentCase().getServices().getFileManager() fileManager = Case.getCurrentCase().getServices().getFileManager()

2
pythonExamples/Aug2015DataSourceTutorial/RunExe.py
View File

@ -145,7 +145,7 @@ class RunExeIngestModule(DataSourceIngestModule):
# Add each argument in its own line. I.e. "-f foo" would be two calls to .add() # Add each argument in its own line. I.e. "-f foo" would be two calls to .add()
cmd.add(imagePaths[0]) cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd); processBuilder = ProcessBuilder(cmd)
processBuilder.redirectOutput(reportFile) processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder, DataSourceIngestModuleProcessTerminator(self.context)) ExecUtil.execute(processBuilder, DataSourceIngestModuleProcessTerminator(self.context))

4
pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py
View File

@ -109,7 +109,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
def process(self, file): def process(self, file):
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
# Skip non-files # Skip non-files
if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) or if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) or
@ -131,7 +131,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
try: try:
# post the artifact for listeners of artifact events # post the artifact for listeners of artifact events
blackboard.postArtifact(art) blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName)
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

6
pythonExamples/Registry_Example.py
View File

@ -179,6 +179,10 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
artType = skCase.getArtifactType("TSK_REGISTRY_RUN_KEYS") artType = skCase.getArtifactType("TSK_REGISTRY_RUN_KEYS")
try: try:
addArtifactAttributeType(String
attrTypeString, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE
valueType, String
displayName)
attributeIdRunKeyName = skCase.addArtifactAttributeType("TSK_REG_RUN_KEY_NAME", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Run Key Name") attributeIdRunKeyName = skCase.addArtifactAttributeType("TSK_REG_RUN_KEY_NAME", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Run Key Name")
except: except:
self.log(Level.INFO, "Attributes Creation Error, TSK_REG_RUN_KEY_NAME, May already exist. ") self.log(Level.INFO, "Attributes Creation Error, TSK_REG_RUN_KEY_NAME, May already exist. ")
@ -207,7 +211,7 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
# post the artifact for listeners of artifact events # post the artifact for listeners of artifact events
try: try:
skCase.getBlackboard().postArtifact(art) skCase.getBlackboard().postArtifact(art, moduleName)
except: except:
self._logger.log(Level.WARNING, "Error indexing artifact " + art.getDisplayName()) self._logger.log(Level.WARNING, "Error indexing artifact " + art.getDisplayName())

4
pythonExamples/dataSourceIngestModule.py
View File

@ -115,7 +115,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
progressBar.switchToIndeterminate() progressBar.switchToIndeterminate()
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
# For our example, we will use FileManager to get all # For our example, we will use FileManager to get all
# files with the word "test" # files with the word "test"
@ -147,7 +147,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
try: try:
# post the artifact for listeners of artifact events. # post the artifact for listeners of artifact events.
blackboard.postArtifact(art) blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName)
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

4
pythonExamples/fileIngestModule.py
View File

@ -117,7 +117,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
return IngestModule.ProcessResult.OK return IngestModule.ProcessResult.OK
# Use blackboard class to index blackboard artifacts for keyword search # Use blackboard class to index blackboard artifacts for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard() blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
# For an example, we will flag files with .txt in the name and make a blackboard artifact. # For an example, we will flag files with .txt in the name and make a blackboard artifact.
if file.getName().lower().endswith(".txt"): if file.getName().lower().endswith(".txt"):
@ -135,7 +135,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
try: try:
# post the artifact for listeners of artifact events # post the artifact for listeners of artifact events
blackboard.postArtifact(art) blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName)
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())