diff --git a/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java b/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java index 33aa0a9a8a..359bd24da9 100644 --- a/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java +++ b/ExifParser/src/org/sleuthkit/autopsy/exifparser/ExifParserFileIngestModule.java @@ -57,7 +57,11 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil private IngestServices services; - final String MODULE_NAME = "Exif Parser"; + final public static String MODULE_NAME = "Exif Parser"; + final public static String MODULE_VERSION = "1.0"; + + private String args; + private static final Logger logger = Logger.getLogger(ExifParserFileIngestModule.class.getName()); private static ExifParserFileIngestModule defaultInstance = null; private static int messageId = 0; @@ -194,6 +198,23 @@ public final class ExifParserFileIngestModule implements IngestModuleAbstractFil //module specific cleanup due to completion here } + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + + + @Override public String getName() { return "Exif Image Parser"; diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java index fe5d137a67..ee8e456910 100644 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java @@ -51,6 +51,8 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { private static HashDbIngestModule instance = null; public final static String MODULE_NAME = "Hash Lookup"; public final static String MODULE_DESCRIPTION = "Identifies known and notables files using supplied hash databases, such as a standard NSRL database."; + final public static String MODULE_VERSION = "1.0"; + private String args; private static final Logger logger = Logger.getLogger(HashDbIngestModule.class.getName()); private Processor processor = new Processor(); private IngestServices services; @@ -67,7 +69,6 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { static long lookuptime = 0; private Map knownBadSets = new HashMap(); private HashDbManagementPanel panel; - private HashDbIngestModule() { count = 0; @@ -80,7 +81,6 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { return instance; } - @Override public void init(IngestModuleInit initContext) { services = IngestServices.getDefault(); @@ -97,15 +97,15 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { nsrlIsSet = false; knownBadIsSet = false; calcHashesIsSet = hdbxml.getCalculate(); - + HashDb nsrl = hdbxml.getNSRLSet(); - if(nsrl != null && IndexStatus.isIngestible(nsrl.status())) { + if (nsrl != null && IndexStatus.isIngestible(nsrl.status())) { nsrlIsSet = true; this.nsrlSet = nsrl; nsrlPointer = skCase.setNSRLDatabase(nsrl.getDatabasePaths().get(0)); } - for(HashDb db : hdbxml.getKnownBadSets()) { + for (HashDb db : hdbxml.getKnownBadSets()) { IndexStatus status = db.status(); if (db.getUseForIngest() && IndexStatus.isIngestible(status)) { knownBadIsSet = true; @@ -113,7 +113,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { knownBadSets.put(ret, db); } } - + if (!nsrlIsSet) { this.services.postMessage(IngestMessage.createWarningMessage(++messageId, this, "No NSRL database set", "Known file search will not be executed.")); } @@ -126,13 +126,12 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } } - @Override public void complete() { StringBuilder detailsSb = new StringBuilder(); //details detailsSb.append(""); - + detailsSb.append(""); detailsSb.append(""); detailsSb.append(""); @@ -140,27 +139,28 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { detailsSb.append(""); detailsSb.append(""); - detailsSb.append(""); + detailsSb.append(""); detailsSb.append(""); - - for(HashDb db : knownBadSets.values()) { + + for (HashDb db : knownBadSets.values()) { detailsSb.append(""); } - + detailsSb.append("
Number of notable files found:").append(count).append("
Notable databases used:Calc Time: ").append(calctime).append(" Lookup Time: " ).append(lookuptime).append("Calc Time: ").append(calctime).append(" Lookup Time: ").append(lookuptime).append("
"); detailsSb.append(db.getName()); detailsSb.append(""); detailsSb.append(db.getDatabasePaths().get(0)); // TODO: support multiple database paths detailsSb.append("
"); services.postMessage(IngestMessage.createMessage(++messageId, IngestMessage.MessageType.INFO, this, "Hash Ingest Complete", detailsSb.toString())); - + getPanel().setIngestRunning(false); HashDbSimplePanel.setIngestRunning(false); HashDbSearchPanel.getDefault().setIngestRunning(false); } /** - * notification from manager to stop processing due to some interruption (user, error, exception) + * notification from manager to stop processing due to some interruption + * (user, error, exception) */ @Override public void stop() { @@ -171,25 +171,42 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } /** - * get specific name of the module - * should be unique across modules, a user-friendly name of the module shown in GUI - * @return The name of this Ingest Module + * get specific name of the module should be unique across modules, a + * user-friendly name of the module shown in GUI + * + * @return The name of this Ingest Module */ @Override public String getName() { return MODULE_NAME; } - + @Override public String getDescription() { return MODULE_DESCRIPTION; } + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + /** * Process the given AbstractFile object - * + * * @param abstractFile the object to be processed - * @return ProcessResult OK if file is unknown and should be processed further, otherwise STOP_COND if file is known + * @return ProcessResult OK if file is unknown and should be processed + * further, otherwise STOP_COND if file is known */ @Override public ProcessResult process(AbstractFile abstractFile) { @@ -200,13 +217,12 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { public ModuleType getType() { return ModuleType.AbstractFile; } - + @Override public boolean hasBackgroundJobsRunning() { return false; } - - + @Override public boolean hasSimpleConfiguration() { return true; @@ -229,7 +245,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { getPanel().load(); return getPanel(); } - + @Override public void saveAdvancedConfiguration() { getPanel().store(); @@ -241,12 +257,12 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } return panel; } - + @Override public void saveSimpleConfiguration() { - HashDbXML.getCurrent().save(); + HashDbXML.getCurrent().save(); } - + private void processBadFile(AbstractFile abstractFile, String md5Hash, String hashSetName, boolean showInboxMessage) { try { BlackboardArtifact badFile = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_HASHSET_HIT); @@ -290,14 +306,14 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } } - + private class Processor extends ContentVisitor.Default { @Override protected ProcessResult defaultVisit(Content cntnt) { return ProcessResult.OK; } - + @Override public ProcessResult visit(File f) { return process(f); @@ -307,7 +323,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { ProcessResult ret = ProcessResult.OK; boolean processFile = true; - if (fsContent.getSize() == 0 + if (fsContent.getSize() == 0 || fsContent.getKnown().equals(TskData.FileKnown.BAD)) { processFile = false; } @@ -318,14 +334,14 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { if (md5Hash == null || md5Hash.isEmpty()) { long calcstart = System.currentTimeMillis(); md5Hash = Hash.calculateMd5(fsContent); - calctime += (System.currentTimeMillis()-calcstart); + calctime += (System.currentTimeMillis() - calcstart); } TskData.FileKnown status = TskData.FileKnown.UKNOWN; boolean foundBad = false; for (Map.Entry entry : knownBadSets.entrySet()) { long lookupstart = System.currentTimeMillis(); status = skCase.knownBadLookupMd5(md5Hash, entry.getKey()); - lookuptime += (System.currentTimeMillis()-lookupstart); + lookuptime += (System.currentTimeMillis() - lookupstart); if (status.equals(TskData.FileKnown.BAD)) { foundBad = true; count += 1; @@ -337,7 +353,7 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { if (!foundBad && nsrlIsSet) { long lookupstart = System.currentTimeMillis(); status = skCase.nsrlLookupMd5(md5Hash); - lookuptime += (System.currentTimeMillis()-lookupstart); + lookuptime += (System.currentTimeMillis() - lookupstart); if (status.equals(TskData.FileKnown.KNOWN)) { skCase.setKnown(fsContent, status); } @@ -353,18 +369,17 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { "Error encountered while calculating the hash value for " + name + ".")); ret = ProcessResult.ERROR; } - } else if(processFile && calcHashesIsSet) { + } else if (processFile && calcHashesIsSet) { String name = fsContent.getName(); try { String md5Hash = fsContent.getMd5Hash(); if (md5Hash == null || md5Hash.isEmpty()) { long calcstart = System.currentTimeMillis(); Hash.calculateMd5(fsContent); - calctime += (System.currentTimeMillis()-calcstart); + calctime += (System.currentTimeMillis() - calcstart); } ret = ProcessResult.OK; - } - catch (IOException ex) { + } catch (IOException ex) { logger.log(Level.WARNING, "Error reading file " + name, ex); services.postMessage(IngestMessage.createErrorMessage(++messageId, HashDbIngestModule.this, "Read Error: " + name, "Error encountered while calculating the hash value for " + name + " without databases.")); @@ -372,7 +387,5 @@ public class HashDbIngestModule implements IngestModuleAbstractFile { } return ret; } - } - } diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java index 3d028f02a5..1bb27135ad 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java @@ -73,6 +73,12 @@ public interface IngestModuleAbstract { */ public String getName(); + /** + * Gets the module version + * @return module version string + */ + public String getVersion(); + /** * Gets user-friendly description of the module * @return module description @@ -85,6 +91,19 @@ public interface IngestModuleAbstract { */ public ModuleType getType(); + + /** + * Gets the arguments as set in XML + * @return arguments string + */ + public String getArguments(); + + /** + * Sets the arguments from XML + * @param args arguments string in XML + */ + public void setArguments(String args); + /** * A module can manage and use additional threads to perform some work in the background. * This method provides insight to the manager if the module has truly completed its work or not. diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java index e53a277921..0e5b80fdcf 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleAbstractFileIngestModule.java @@ -29,8 +29,8 @@ import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.AbstractFile; /** - * Example implementation of a file ingest module - * + * Example implementation of a file ingest module + * */ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile { @@ -38,13 +38,16 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile private static ExampleAbstractFileIngestModule instance = null; private IngestServices services; private static int messageId = 0; + public static final String MODULE_NAME = "Example AbstractFile Module"; + public static final String MODULE_DESC = "Example AbstractFile Module description"; + public static final String MODULE_VERSION = "1.0"; + private String args; //file ingest modules require a private constructor //to ensure singleton instances private ExampleAbstractFileIngestModule() { - } - + public static synchronized ExampleAbstractFileIngestModule getDefault() { if (instance == null) { instance = new ExampleAbstractFileIngestModule(); @@ -75,15 +78,28 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile @Override public String getName() { - return "Example AbstractFile Module"; + return MODULE_NAME; } @Override public String getDescription() { - return "Example AbstractFile Module description"; + return MODULE_DESC; + } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; } - - @Override public void init(IngestModuleInit initContext) { @@ -105,12 +121,12 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile public ModuleType getType() { return ModuleType.AbstractFile; } - + @Override public boolean hasSimpleConfiguration() { return false; } - + @Override public boolean hasAdvancedConfiguration() { return false; @@ -120,22 +136,21 @@ public class ExampleAbstractFileIngestModule implements IngestModuleAbstractFile public javax.swing.JPanel getSimpleConfiguration() { return null; } - + @Override public javax.swing.JPanel getAdvancedConfiguration() { return null; } - + @Override public boolean hasBackgroundJobsRunning() { return false; } - - + @Override public void saveAdvancedConfiguration() { } - + @Override public void saveSimpleConfiguration() { } diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java index b22ed52442..b39c1d9390 100644 --- a/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java +++ b/Ingest/src/org/sleuthkit/autopsy/ingest/example/ExampleImageIngestModule.java @@ -29,8 +29,8 @@ import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.Image; /** - * Example implementation of an image ingest service - * + * Example implementation of an image ingest service + * */ public final class ExampleImageIngestModule implements IngestModuleImage { @@ -38,6 +38,10 @@ public final class ExampleImageIngestModule implements IngestModuleImage { private static ExampleImageIngestModule defaultInstance = null; private IngestServices services; private static int messageId = 0; + public static final String MODULE_NAME = "Example Image Module"; + public static final String MODULE_DESC = "Example Image Module description"; + public static final String MODULE_VERSION = "1.0"; + private String args; //public constructor is required //as multiple instances are created for processing multiple images simultenously @@ -99,12 +103,27 @@ public final class ExampleImageIngestModule implements IngestModuleImage { @Override public String getName() { - return "Example Image Service"; + return MODULE_NAME; } - + @Override public String getDescription() { - return "Example Image Service description"; + return MODULE_DESC; + } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; } @Override @@ -129,11 +148,11 @@ public final class ExampleImageIngestModule implements IngestModuleImage { return ModuleType.Image; } - @Override + @Override public boolean hasSimpleConfiguration() { return false; } - + @Override public boolean hasAdvancedConfiguration() { return false; @@ -143,22 +162,21 @@ public final class ExampleImageIngestModule implements IngestModuleImage { public javax.swing.JPanel getSimpleConfiguration() { return null; } - + @Override public javax.swing.JPanel getAdvancedConfiguration() { return null; } - + @Override public boolean hasBackgroundJobsRunning() { return false; } - - + @Override public void saveAdvancedConfiguration() { } - + @Override public void saveSimpleConfiguration() { } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 8828dc55a3..d4f98cf5a4 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -91,7 +91,8 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile private static final Logger logger = Logger.getLogger(KeywordSearchIngestModule.class.getName()); public static final String MODULE_NAME = "Keyword Search"; - public static final String MODULE_DESCRIPTION = "Performs file indexing and periodic search using keywords and regular expressions in lists."; + public static final String MODULE_DESCRIPTION = "Performs file indexing and periodic search using keywords and regular expressions in lists."; final public static String MODULE_VERSION = "1.0"; + private String args; private static KeywordSearchIngestModule instance = null; private IngestServices services; private Ingester ingester = null; @@ -325,6 +326,22 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile public String getDescription() { return MODULE_DESCRIPTION; } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + /** * Initializes the module for new ingest run Sets up threads, timers, diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java index be03bd55fa..edaae05cf9 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java @@ -57,11 +57,31 @@ public class Chrome extends Extract implements IngestModuleImage { private final Logger logger = Logger.getLogger(this.getClass().getName()); public int ChromeCount = 0; + final public static String MODULE_VERSION = "1.0"; + + private String args; + private IngestServices services; public Chrome() { moduleName = "Chrome"; } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + @Override public void process(Image image, IngestImageWorkerController controller) { diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java index 5e6fc97d5d..684b1206b0 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java @@ -89,10 +89,31 @@ public class ExtractIE extends Extract implements IngestModuleImage { private KeyValue IE_PASCO_LUT = new KeyValue(BrowserType.IE.name(), BrowserType.IE.getType()); public LinkedHashMap IE_OBJ; boolean pascoFound = false; + + final public static String MODULE_VERSION = "1.0"; + + private String args; public ExtractIE() { moduleName = "Internet Explorer"; } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + + @Override public void process(Image image, IngestImageWorkerController controller) { diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 453154c217..ff73ce3aa2 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -46,12 +46,14 @@ import org.sleuthkit.datamodel.*; * Extracting windows registry data using regripper */ public class ExtractRegistry extends Extract implements IngestModuleImage { - + public Logger logger = Logger.getLogger(this.getClass().getName()); private String RR_PATH; boolean rrFound = false; private int sysid; private IngestServices services; + final public static String MODULE_VERSION = "1.0"; + private String args; ExtractRegistry() { final File rrRoot = InstalledFileLocator.getDefault().locate("rr", ExtractRegistry.class.getPackage().getName(), false); @@ -78,6 +80,21 @@ public class ExtractRegistry extends Extract implements IngestModuleImage { RR_PATH = rrHome + File.separator + "rip.exe"; } + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + private void getregistryfiles(Image image, IngestImageWorkerController controller) { try { Case currentCase = Case.getCurrentCase(); // get the most updated case @@ -313,7 +330,7 @@ public class ExtractRegistry extends Extract implements IngestModuleImage { bbart.addAttributes(bbattributes); } } else if ("office".equals(context)) { - + BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT); //TODO Revisit usage of deprecated constructor as per TSK-583 // bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time)); diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index 2dee6135cb..afd082f11a 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -54,11 +54,31 @@ public class Firefox extends Extract implements IngestModuleImage { private static final String ffdownloadquery = "select target, source,(startTime/1000000) as startTime, maxBytes from moz_downloads"; public int FireFoxCount = 0; + final public static String MODULE_VERSION = "1.0"; + + private String args; + private IngestServices services; public Firefox() { moduleName = "FireFox"; } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + @Override public void process(Image image, IngestImageWorkerController controller) { diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java index e28c58014e..f6eab74532 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java @@ -49,6 +49,10 @@ public final class RAImageIngestModule implements IngestModuleImage { private Chrome chre = null; private ExtractIE eere = null; private SearchEngineURLQueryAnalyzer usq = null; + + final public static String MODULE_VERSION = "1.0"; + + private String args; //public constructor is required //as multiple instances are created for processing multiple images simultenously @@ -162,6 +166,22 @@ public final class RAImageIngestModule implements IngestModuleImage { public ModuleType getType() { return ModuleType.Image; } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + @Override public boolean hasSimpleConfiguration() { diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java index cc8f5af26b..d1d4cf2fad 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java @@ -65,8 +65,13 @@ import org.w3c.dom.NodeList; public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModuleImage { private IngestServices services; - static final String MODULE_NAME = "Search Engine URL Query Analyzer"; - public static final String XMLFile = "SEUQAMappings.xml"; + + public static final String MODULE_NAME = "Search Engine URL Query Analyzer"; + public final static String MODULE_VERSION = "1.0"; + private String args; + + public static final String XMLFile = "SEQUAMappings.xml"; + private static String[] searchEngineNames; private static SearchEngine[] engines; @@ -380,7 +385,7 @@ public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModul @Override public String getName() { - return this.moduleName; + return MODULE_NAME; } @Override @@ -392,6 +397,21 @@ public class SearchEngineURLQueryAnalyzer extends Extract implements IngestModul return "Extracts search queries on the following search engines: \n" + total; } + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + @Override public ModuleType getType() { return ModuleType.Image; diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java index 5b9e9dbc45..97e13e43bc 100644 --- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java +++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java @@ -63,8 +63,13 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile private static ThunderbirdMboxFileIngestModule instance = null; private IngestServices services; private static int messageId = 0; - private static final String classname = "Thunderbird Parser"; + private static final String MODULE_NAME = "Thunderbird Parser"; private final String hashDBModuleName = "Hash Lookup"; + + final public static String MODULE_VERSION = "1.0"; + + private String args; + private final GetIsFileKnownVisitor getIsFileKnown = new GetIsFileKnownVisitor(); public static synchronized ThunderbirdMboxFileIngestModule getDefault() { @@ -201,18 +206,18 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile bcc = ((propertyMap.get(Metadata.MESSAGE_BCC) != null) ? propertyMap.get(Metadata.MESSAGE_BCC) : ""); Collection bbattributes = new ArrayList(); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_TO.getTypeID(), classname, to)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_CC.getTypeID(), classname, cc)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_BCC.getTypeID(), classname, bcc)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_FROM.getTypeID(), classname, from)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN.getTypeID(), classname, content.replaceAll("\\<[^>]*>", ""))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_HTML.getTypeID(), classname, content)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_MSG_ID.getTypeID(), classname, StringEscapeUtils.escapeHtml(emailId))); - //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_MSG_REPLY_ID.getTypeID(), classname, "",)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_RCVD.getTypeID(), classname, date)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_SENT.getTypeID(), classname, date)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), classname, subject)); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), classname, folderPath)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_TO.getTypeID(), MODULE_NAME, to)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_CC.getTypeID(), MODULE_NAME, cc)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_BCC.getTypeID(), MODULE_NAME, bcc)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_FROM.getTypeID(), MODULE_NAME, from)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN.getTypeID(), MODULE_NAME, content.replaceAll("\\<[^>]*>", ""))); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_HTML.getTypeID(), MODULE_NAME, content)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_MSG_ID.getTypeID(), MODULE_NAME, StringEscapeUtils.escapeHtml(emailId))); + //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_MSG_REPLY_ID.getTypeID(), MODULE_NAME, "",)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_RCVD.getTypeID(), MODULE_NAME, date)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_SENT.getTypeID(), MODULE_NAME, date)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), MODULE_NAME, subject)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), MODULE_NAME, folderPath)); BlackboardArtifact bbart; try { bbart = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG); @@ -220,7 +225,7 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile } catch (TskCoreException ex) { Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex); } - services.fireModuleDataEvent(new ModuleDataEvent(classname, BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG)); + services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG)); } } catch (FileNotFoundException ex) { Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex); @@ -246,13 +251,29 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile @Override public String getName() { - return "Thunderbird Parser"; + return MODULE_NAME; } @Override public String getDescription() { - return "This class parses through a file to determine if it is an mbox file and if so, populates an email artifact for it in the blackboard."; + return "This module detects and parses mbox Thunderbird files and populates email artifacts in the blackboard."; } + + @Override + public String getVersion() { + return MODULE_VERSION; + } + + @Override + public String getArguments() { + return args; + } + + @Override + public void setArguments(String args) { + this.args = args; + } + @Override public void init(IngestModuleInit initContext) {