Merge pull request #4340 from APriestman/4453_verificationFailedArtifact

4453 Add validation failed artifact
2025-07-17 10:17:41 +00:00 · 2018-12-07 16:31:01 -05:00 · 2018-12-07 16:31:01 -05:00 · ce9b34a2b4
commit ce9b34a2b4
parent f914bb8c03 539f878825
4 changed files with 26 additions and 1 deletions
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
@ -166,6 +166,8 @@ public class ExtractedContent implements AutopsyVisitableItem {
            return filePath + "Bluetooth.png"; //NON-NLS
        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID()) {
            return filePath + "devices.png"; //NON-NLS
+        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_VERIFICATION_FAILED.getTypeID()) {
+            return filePath + "validationFailed.png"; //NON-NLS
        }
        return filePath + "artifact-icon.png"; //NON-NLS
    }
--- a/Core/src/org/sleuthkit/autopsy/images/validationFailed.png
+++ b/Core/src/org/sleuthkit/autopsy/images/validationFailed.png
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
@ -37,6 +37,9 @@ import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.openide.util.NbBundle;
+import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.datamodel.BlackboardArtifact;
+import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.TskDataException;

 /**
@ -100,6 +103,10 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
        "DataSourceIntegrityIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 
        "# {0} - imageName",
        "DataSourceIntegrityIngestModule.process.errorLoadingHashes= Error loading hashes for image {0} from the database", 
+        "# {0} - hashAlgorithm",
+        "# {1} - calculatedHashValue",
+        "# {2} - storedHashValue",
+        "DataSourceIntegrityIngestModule.process.hashFailedForArtifact={0} hash verification failed:\n  Calculated hash: {1}\n  Stored hash: {2}\n",        
    })
    @Override
    public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@ -255,6 +262,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
            String detailedResults = NbBundle
                .getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.verifyResultsHeader", imgName);
            String hashResults = "";
+            String artifactComment = "";
            
            for (HashData hashData:hashDataList) {
                if (hashData.storedHash.equals(hashData.calculatedHash)) {
@ -262,7 +270,9 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
                } else {
                    verified = false;
                    hashResults += Bundle.DataSourceIntegrityIngestModule_process_hashNonMatch(hashData.type.name);
-                }
+                    artifactComment += Bundle.DataSourceIntegrityIngestModule_process_hashFailedForArtifact(hashData.type.name,
+                            hashData.calculatedHash, hashData.storedHash);
+               }
                hashResults += Bundle.DataSourceIntegrityIngestModule_process_hashList(hashData.calculatedHash, hashData.storedHash);
            }
            
@ -278,6 +288,16 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
            
            detailedResults += NbBundle.getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.resultLi", verificationResultStr);
            detailedResults += hashResults;
+            
+            if (!verified) {
+                try {
+                    BlackboardArtifact verificationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().newBlackboardArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_VERIFICATION_FAILED, img.getId());
+                    verificationFailedArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                        DataSourceIntegrityModuleFactory.getModuleName(), artifactComment));
+                } catch (TskCoreException ex) {
+                    logger.log(Level.SEVERE, "Error creating verification failed artifact", ex);
+                }
+            }

            services.postMessage(IngestMessage.createMessage(messageType, DataSourceIntegrityModuleFactory.getModuleName(), 
                    imgName + verificationResultStr, detailedResults));
--- a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
@ -299,6 +299,9 @@ class ReportHTML implements TableReportModule {
                case TSK_DEVICE_INFO:
                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/devices.png"); //NON-NLS
                    break;
+                case TSK_VERIFICATION_FAILED:
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/validationFailed.png"); //NON-NLS
+                    break;    
                default:
                    logger.log(Level.WARNING, "useDataTypeIcon: unhandled artifact type = {0}", dataType); //NON-NLS
                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/star.png"); //NON-NLS