From d0aebab13a9c20a9ec4a2a2b7847ce3e5b76148c Mon Sep 17 00:00:00 2001
From: Nick Davis <nick.davis@narfindustries.com>
Date: Wed, 31 May 2017 20:36:58 -0400
Subject: [PATCH] create artifacts for USB devices as a ModuleDataEvent.

---
 .../autopsy/recentactivity/ExtractRegistry.java    | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index d924a9cabe..d22ce2ca76 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -51,6 +51,8 @@ import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 import java.nio.file.Path;
 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
+import org.sleuthkit.autopsy.ingest.IngestServices;
+import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
 
 /**
  * Extract windows registry data using regripper. Runs two versions of
@@ -331,6 +333,10 @@ class ExtractRegistry extends Extract {
             Element oroot = doc.getDocumentElement();
             NodeList children = oroot.getChildNodes();
             int len = children.getLength();
+            // Add all "usb" dataType nodes to collection of BlackboardArtifacts 
+            // that we will submit in a ModuleDataEvent for additional processing.
+            Collection<BlackboardArtifact> usbBBartifacts = new ArrayList<>();
+
             for (int i = 0; i < len; i++) {
                 Element tempnode = (Element) children.item(i);
 
@@ -573,6 +579,8 @@ class ExtractRegistry extends Extract {
 
                                             // index the artifact for keyword search
                                             this.indexArtifact(bbart);
+                                            // add to collection for ModuleDataEvent
+                                            usbBBartifacts.add(bbart);
                                         } catch (TskCoreException ex) {
                                             logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); //NON-NLS
                                         }
@@ -683,8 +691,12 @@ class ExtractRegistry extends Extract {
                                         break;
                                 }
                             }
-                        }   break;
+                        }
+                        break;
                 }
+            } // for
+            if (!usbBBartifacts.isEmpty()) {
+                IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED, usbBBartifacts));
             }
             return true;
         } catch (FileNotFoundException ex) {