mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6900 from APriestman/changePrefetchAssociatedArtifactBack

Browse Source 
Restore lookup of associated prefetch file
This commit is contained in:
Ann Priestman 2021-04-11 18:37:58 -04:00 committed by GitHub
commit f02a96bbcc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractPrefetch.java
View File

@ -313,7 +313,7 @@ final class ExtractPrefetch extends Extract {
try { try {
BlackboardArtifact blkBrdArt = createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE.TSK_PROG_RUN, pfAbstractFile, blkBrdAttributes); BlackboardArtifact blkBrdArt = createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE.TSK_PROG_RUN, pfAbstractFile, blkBrdAttributes);
blkBrdArtList.add(blkBrdArt); blkBrdArtList.add(blkBrdArt);
BlackboardArtifact associatedBbArtifact = createAssociatedArtifact(pfAbstractFile, blkBrdArt); BlackboardArtifact associatedBbArtifact = createAssociatedArtifact(applicationName.toLowerCase(), filePath, blkBrdArt, dataSource);
if (associatedBbArtifact != null) { if (associatedBbArtifact != null) {
blkBrdArtList.add(associatedBbArtifact); blkBrdArtList.add(associatedBbArtifact);
} }
@ -335,6 +335,58 @@ final class ExtractPrefetch extends Extract {
} }
} }
/**
* Create associated artifacts using file path name and the artifact it
* associates with
*
* @param fileName the filename to search for
* @param filePathName file and path of object being associated with
* @param bba blackboard artifact to associate with
* @param dataSource - The datasource to search in
*
* @returnv BlackboardArtifact or a null value
*/
private BlackboardArtifact createAssociatedArtifact(String fileName, String filePathName, BlackboardArtifact bba, Content dataSource) throws TskCoreException {
AbstractFile sourceFile = getAbstractFile(fileName, filePathName, dataSource);
if (sourceFile != null) {
return createAssociatedArtifact(sourceFile, bba);
}
return null;
}
/**
* Get the abstract file for the prefetch file.
*
* @param fileName - File name of the prefetch file to find.
* @param filePath - Path where the prefetch file is located.
* @param dataSource - The datasource to search in
*
* @return Abstract file of the prefetch file.
*
*/
AbstractFile getAbstractFile(String fileName, String filePath, Content dataSource) {
List<AbstractFile> files;
FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
try {
files = fileManager.findFiles(dataSource, fileName); //NON-NLS
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Unable to find prefetch files.", ex); //NON-NLS
return null; // No need to continue
}
for (AbstractFile pFile : files) {
if (pFile.getParentPath().toLowerCase().endsWith(filePath.toLowerCase() + '/')) {
return pFile;
}
}
return null;
}
/** /**
* Cycle thru the execution times list and only return a new list of times * Cycle thru the execution times list and only return a new list of times
* that are greater than zero. * that are greater than zero.