From c4339f6e2ad0f6b86b10a18dc3565bedfde1baa3 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Wed, 15 Nov 2017 14:07:29 -0500 Subject: [PATCH] Hold off on writing md5, known status, and MIME type until the end of ingest --- .../autopsy/ingest/FileIngestPipeline.java | 11 +++++ .../modules/filetypeid/FileTypeDetector.java | 7 ++-- .../filetypeid/FileTypeIdIngestModule.java | 3 +- .../hashdatabase/HashDbIngestModule.java | 42 ++++++++++--------- 4 files changed, 39 insertions(+), 24 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java index 436418712a..2b5271fc9a 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java @@ -21,10 +21,14 @@ package org.sleuthkit.autopsy.ingest; import java.util.ArrayList; import java.util.Date; import java.util.List; +import java.util.logging.Level; import org.openide.util.NbBundle; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.TskCoreException; /** * This class manages a sequence of file level ingest modules for a data source @@ -136,6 +140,13 @@ final class FileIngestPipeline { break; } } + + try{ + Case.getCurrentCase().getSleuthkitCase().setKnownAndFileTypeAndMD5(file); + } catch (TskCoreException ex){ + Logger.getLogger(FileIngestPipeline.class.getName()).log(Level.SEVERE, "Failed to save data", ex); //NON-NLS + } + file.close(); if (!this.job.isCancelled()) { IngestManager.getInstance().fireFileIngestDone(file); diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index eb1ab33591..c771426109 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -187,7 +187,8 @@ public class FileTypeDetector { * writing the result to the case database. */ public String getFileType(AbstractFile file) throws TskCoreException { - return detect(file, true); + return file.getMIMEType(); + //return detect(file, true); } /** @@ -222,7 +223,7 @@ public class FileTypeDetector { * @throws TskCoreException If there is a problem writing the result to the * case database. */ - private String detect(AbstractFile file, boolean addToCaseDb) throws TskCoreException { + public String detect(AbstractFile file, boolean addToCaseDb) throws TskCoreException { /* * Check to see if the file has already been typed. This is the "check" * part of a check-then-act race condition (see note below). @@ -322,7 +323,7 @@ public class FileTypeDetector { /* * Add the MIME type to the files table in the case database. */ - Case.getCurrentCase().getSleuthkitCase().setFileMIMEType(file, mimeType); + //Case.getCurrentCase().getSleuthkitCase().setFileMIMEType(file, mimeType); } return mimeType; diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index ef4e0add71..4499139d1a 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -91,7 +91,8 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - fileTypeDetector.getFileType(file); + String type = fileTypeDetector.detect(file, false); + file.setMIMEType(type); addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 3dd7416872..b83c91ace5 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -204,20 +204,21 @@ public class HashDbIngestModule implements FileIngestModule { foundBad = true; totals.totalKnownBadCount.incrementAndGet(); - try { - skCase.setKnown(file, TskData.FileKnown.BAD); - } catch (TskException ex) { - logger.log(Level.WARNING, "Couldn't set notable state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS - services.postMessage(IngestMessage.createErrorMessage( - HashLookupModuleFactory.getModuleName(), - NbBundle.getMessage(this.getClass(), - "HashDbIngestModule.hashLookupErrorMsg", - name), - NbBundle.getMessage(this.getClass(), - "HashDbIngestModule.settingKnownBadStateErr", - name))); - ret = ProcessResult.ERROR; - } + //try { + file.setKnown(TskData.FileKnown.BAD); + // skCase.setKnown(file, TskData.FileKnown.BAD); + //} catch (TskException ex) { + // logger.log(Level.WARNING, "Couldn't set notable state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS + // services.postMessage(IngestMessage.createErrorMessage( + // HashLookupModuleFactory.getModuleName(), + // NbBundle.getMessage(this.getClass(), + // "HashDbIngestModule.hashLookupErrorMsg", + // name), + // NbBundle.getMessage(this.getClass(), + // "HashDbIngestModule.settingKnownBadStateErr", + // name))); + // ret = ProcessResult.ERROR; + //} String hashSetName = db.getHashSetName(); String comment = ""; @@ -261,13 +262,14 @@ public class HashDbIngestModule implements FileIngestModule { try { long lookupstart = System.currentTimeMillis(); if (db.lookupMD5Quick(file)) { - try { - skCase.setKnown(file, TskData.FileKnown.KNOWN); + //try { + file.setKnown(TskData.FileKnown.KNOWN); + //skCase.setKnown(file, TskData.FileKnown.KNOWN); break; - } catch (TskException ex) { - logger.log(Level.WARNING, "Couldn't set known state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS - ret = ProcessResult.ERROR; - } + //} catch (TskException ex) { + // logger.log(Level.WARNING, "Couldn't set known state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS + // ret = ProcessResult.ERROR; + //} } long delta = (System.currentTimeMillis() - lookupstart); totals.totalLookuptime.addAndGet(delta);