mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 14:19:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

create artifacts for USB devices as a ModuleDataEvent.

Browse Source
This commit is contained in:
Nick Davis 2017-05-31 20:36:58 -04:00
parent aa345e0e2b
commit d0aebab13a
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -51,6 +51,8 @@ import org.xml.sax.InputSource;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
import java.nio.file.Path; import java.nio.file.Path;
import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException; import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
/** /**
* Extract windows registry data using regripper. Runs two versions of * Extract windows registry data using regripper. Runs two versions of
@ -331,6 +333,10 @@ class ExtractRegistry extends Extract {
Element oroot = doc.getDocumentElement(); Element oroot = doc.getDocumentElement();
NodeList children = oroot.getChildNodes(); NodeList children = oroot.getChildNodes();
int len = children.getLength(); int len = children.getLength();
// Add all "usb" dataType nodes to collection of BlackboardArtifacts
// that we will submit in a ModuleDataEvent for additional processing.
Collection<BlackboardArtifact> usbBBartifacts = new ArrayList<>();
for (int i = 0; i < len; i++) { for (int i = 0; i < len; i++) {
Element tempnode = (Element) children.item(i); Element tempnode = (Element) children.item(i);
@ -573,6 +579,8 @@ class ExtractRegistry extends Extract {
// index the artifact for keyword search // index the artifact for keyword search
this.indexArtifact(bbart); this.indexArtifact(bbart);
// add to collection for ModuleDataEvent
usbBBartifacts.add(bbart);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); //NON-NLS logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); //NON-NLS
} }
@ -683,8 +691,12 @@ class ExtractRegistry extends Extract {
break; break;
} }
} }
} break;
} }
break;
}
} // for
if (!usbBBartifacts.isEmpty()) {
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED, usbBBartifacts));
} }
return true; return true;
} catch (FileNotFoundException ex) { } catch (FileNotFoundException ex) {