mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

updates for cli ingest

Browse Source
This commit is contained in:
Greg DiCristofaro 2025-01-16 12:34:11 -05:00
parent ab5e8e1cfd
commit db8a613d28
No known key found for this signature in database
3 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/src/org/sleuthkit/autopsy/commandlineingest/CommandLineOptionProcessor.java
View File

@ -53,7 +53,7 @@ public class CommandLineOptionProcessor extends OptionProcessor {
private final Option dataSourcePathOption = Option.requiredArgument('s', "dataSourcePath"); private final Option dataSourcePathOption = Option.requiredArgument('s', "dataSourcePath");
private final Option dataSourceObjectIdOption = Option.requiredArgument('i', "dataSourceObjectId"); private final Option dataSourceObjectIdOption = Option.requiredArgument('i', "dataSourceObjectId");
private final Option addDataSourceCommandOption = Option.withoutArgument('a', "addDataSource"); private final Option addDataSourceCommandOption = Option.withoutArgument('a', "addDataSource");
private final Option bitlockerKeyCommandOption = Option.withoutArgument('k', "key"); private final Option bitlockerKeyCommandOption = Option.requiredArgument('k', "key");
private final Option runIngestCommandOption = Option.optionalArgument('r', "runIngest"); private final Option runIngestCommandOption = Option.optionalArgument('r', "runIngest");
private final Option listAllDataSourcesCommandOption = Option.withoutArgument('l', "listAllDataSources"); private final Option listAllDataSourcesCommandOption = Option.withoutArgument('l', "listAllDataSources");
private final Option generateReportsOption = Option.optionalArgument('g', "generateReports"); private final Option generateReportsOption = Option.optionalArgument('g', "generateReports");

23
Core/src/org/sleuthkit/autopsy/coreutils/DataSourceUtils.java
View File

@ -22,12 +22,14 @@ import org.sleuthkit.datamodel.SleuthkitJNI;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Path; import java.nio.file.Path;
import java.text.MessageFormat; import java.text.MessageFormat;
import java.util.logging.Level;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
/** /**
* Utility methods for working with data sources. * Utility methods for working with data sources.
*/ */
public class DataSourceUtils { public class DataSourceUtils {
private static final Logger logger = Logger.getLogger(DataSourceUtils.class.getName());
/** /**
* Calls TSK to determine whether a * Calls TSK to determine whether a
@ -44,24 +46,37 @@ public class DataSourceUtils {
return SleuthkitJNI.isImageSupported(dataSourcePath.toString()); return SleuthkitJNI.isImageSupported(dataSourcePath.toString());
} }
/**
* Calls TSK to determine whether a
* potential data source has a file system.
*
* @param dataSourcePath The path to the data source.
* @param password The password to decrypt the image.
*
* @return True or false.
*
* @throws IOException if an error occurs while trying to determine if the
* data source has a file system.
*/
public static boolean imageHasFileSystem(Path dataSourcePath, String password) throws IOException { public static boolean imageHasFileSystem(Path dataSourcePath, String password) throws IOException {
try { try {
// LOGGER.info("Testing if disk image {} can be opened", hostPath);
SleuthkitJNI.TestOpenImageResult openImageResult = SleuthkitJNI.testOpenImage(dataSourcePath.toString(), password); SleuthkitJNI.TestOpenImageResult openImageResult = SleuthkitJNI.testOpenImage(dataSourcePath.toString(), password);
if (!openImageResult.wasSuccessful()) { if (openImageResult.wasSuccessful()) {
return true;
} else {
String message = MessageFormat.format("An error occurred while opening {0}: {1}", String message = MessageFormat.format("An error occurred while opening {0}: {1}",
dataSourcePath.toString(), dataSourcePath.toString(),
openImageResult == null || StringUtils.isBlank(openImageResult.getMessage()) openImageResult == null || StringUtils.isBlank(openImageResult.getMessage())
? "<unknown>" ? "<unknown>"
: openImageResult.getMessage()); : openImageResult.getMessage());
logger.log(Level.INFO, message);
return false; return false;
} }
} catch (Throwable ex) { } catch (Throwable ex) {
String message = "An error occurred while opening " + dataSourcePath.toString(); String message = "An error occurred while opening " + dataSourcePath.toString();
logger.log(Level.WARNING, message);
return false; return false;
} }
return SleuthkitJNI.isImageSupported(dataSourcePath.toString());
} }
} }

2
Core/src/org/sleuthkit/autopsy/datasourceprocessors/DataSourceProcessorUtility.java
View File

@ -157,7 +157,7 @@ public class DataSourceProcessorUtility {
* org.sleuthkit.autopsy.datasourceprocessors.AutoIngestDataSourceProcessor.AutoIngestDataSourceProcessorException * org.sleuthkit.autopsy.datasourceprocessors.AutoIngestDataSourceProcessor.AutoIngestDataSourceProcessorException
*/ */
public static List<AutoIngestDataSourceProcessor> getOrderedListOfDataSourceProcessors(Path dataSourcePath, String password, Collection<? extends AutoIngestDataSourceProcessor> processorCandidates) throws AutoIngestDataSourceProcessorException { public static List<AutoIngestDataSourceProcessor> getOrderedListOfDataSourceProcessors(Path dataSourcePath, String password, Collection<? extends AutoIngestDataSourceProcessor> processorCandidates) throws AutoIngestDataSourceProcessorException {
Map<AutoIngestDataSourceProcessor, Integer> validDataSourceProcessorsMap = getDataSourceProcessorForFile(dataSourcePath, processorCandidates); Map<AutoIngestDataSourceProcessor, Integer> validDataSourceProcessorsMap = getDataSourceProcessorForFile(dataSourcePath, password, processorCandidates);
return orderDataSourceProcessorsByConfidence(validDataSourceProcessorsMap); return orderDataSourceProcessorsByConfidence(validDataSourceProcessorsMap);
} }