From 8e4b86d5e7ea30d40d6e34a9fd6711034757d63a Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Mon, 25 Oct 2021 13:18:06 -0400 Subject: [PATCH 01/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../autopsy/ingest/IngestManager.java | 30 ++++++++++++++----- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index bcc0f2735e..7dc12492d9 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -296,8 +296,8 @@ public class IngestManager implements IngestProgressSnapshotProvider { @Subscribe void handleArtifactsPosted(Blackboard.ArtifactsPostedEvent tskEvent) { /* - * Add any new data artifacts to the source ingest job for possible - * analysis. + * Add any new data artifacts included in the event to the source ingest + * job for possible analysis. */ List newDataArtifacts = new ArrayList<>(); Collection newArtifacts = tskEvent.getArtifacts(); @@ -315,11 +315,27 @@ public class IngestManager implements IngestProgressSnapshotProvider { } } else { /* - * Handle the case where ingest modules may not supply an ingest - * job ID. In such cases, try to identify the ingest job, if - * any, via its data source. There is a slight risk here that - * the wrong ingest job will be selected if multiple ingests of - * the same data source are in progress. + * Cases where the ingest job ID returned by the event will be + * null: + * + * 1. The artifacts are being posted by a data source proccessor + * (DSP) that runs before the ingest job is created, i.e., a DSP + * that does not support streaming ingest. In this use case, the + * event is handled synchronously before the ingest job is + * created, so the code below will not find an ingest job to + * which to add the artifacts. However, the artifacts will be + * analyzed when the ingest job executor, working in batch mode, + * schedules ingest tasks for all of the data artifacts in the + * case database. + * + * 2. The artifacts were posted by a third party ingest module + * that either has not been updated to use the current + * Blackboard.postartifacts() API, or is using it incorrectly. + * In this use case, the code below should be able to find the + * ingest job to which to add the artifacts via their data + * source. However, there is a slight risk here that the wrong + * ingest job will be selected if multiple ingests of the same + * data source are in progress. */ DataArtifact dataArtifact = newDataArtifacts.get(0); try { From 97574463ed7cd604e3406b29f262d53fd79d7536 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Mon, 25 Oct 2021 14:38:07 -0400 Subject: [PATCH 02/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../xry/XRYCallsFileParser.java | 9 +- .../xry/XRYContactsFileParser.java | 7 +- .../xry/XRYMessagesFileParser.java | 4 +- .../autopsy/ingest/IngestManager.java | 30 ++- .../ALeappAnalyzerIngestModule.java | 4 +- .../ILeappAnalyzerIngestModule.java | 4 +- .../leappanalyzers/LeappFileProcessor.java | 213 +++++++++--------- 7 files changed, 140 insertions(+), 131 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java index 58a418e66d..610ef84265 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,6 @@ import java.util.Collection; import java.util.List; import java.util.logging.Level; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.Blackboard.BlackboardException; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -301,7 +300,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser { for (String phone : calleeList) { try { currentCase.getCommunicationsManager().createAccountFileInstance( - Account.Type.PHONE, phone, PARSER_NAME, parent); + Account.Type.PHONE, phone, PARSER_NAME, parent, null); } catch (InvalidAccountIDException ex) { logger.log(Level.WARNING, String.format("Invalid account identifier %s", phone), ex); } @@ -314,13 +313,13 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser { if (!otherAttributes.isEmpty()) { BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG), otherAttributes); - currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME); + currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null); } } else { // Otherwise we can safely use the helper. CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper( - currentCase, PARSER_NAME, parent, Account.Type.PHONE); + currentCase, PARSER_NAME, parent, Account.Type.PHONE, null); helper.addCalllog(direction, callerId, calleeList, startTime, endTime, callType, otherAttributes); diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java index f721479d07..a961abfe21 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,7 +24,6 @@ import java.util.List; import java.util.logging.Level; import org.sleuthkit.autopsy.coreutils.Logger; import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -136,7 +135,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser { // complain about illegal arguments. if (phoneNumber != null || homePhoneNumber != null || mobilePhoneNumber != null || hasAnEmail) { CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper( - currentCase, PARSER_NAME, parent, Account.Type.DEVICE); + currentCase, PARSER_NAME, parent, Account.Type.DEVICE, null); helper.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, additionalAttributes); @@ -145,7 +144,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser { if (!additionalAttributes.isEmpty()) { BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), additionalAttributes); - currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME); + currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME, null); } } } diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java index 6fb7413c8e..9c24a1703b 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java @@ -318,7 +318,7 @@ final class XRYMessagesFileParser implements XRYFileParser { } else { try { currentCase.getCommunicationsManager().createAccountFileInstance( - Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent); + Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent, null); } catch (InvalidAccountIDException ex) { logger.log(Level.WARNING, String.format("Invalid account identifier %s", pair.getValue()), ex); } @@ -437,7 +437,7 @@ final class XRYMessagesFileParser implements XRYFileParser { } CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper( - currentCase, PARSER_NAME, parent, Account.Type.PHONE); + currentCase, PARSER_NAME, parent, Account.Type.PHONE, null); helper.addMessage(messageType, direction, senderId, recipientIdsList, dateTime, readStatus, subject, text, threadId, otherAttributes); diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index 7dc12492d9..f5542a5784 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -34,6 +34,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.Set; import java.util.concurrent.Callable; import java.util.concurrent.ConcurrentHashMap; @@ -308,32 +309,37 @@ public class IngestManager implements IngestProgressSnapshotProvider { } if (!newDataArtifacts.isEmpty()) { IngestJob ingestJob = null; - Long ingestJobId = tskEvent.getIngestJobId(); - if (ingestJobId != null) { + Optional ingestJobId = tskEvent.getIngestJobId(); + if (ingestJobId.isPresent()) { synchronized (ingestJobsById) { - ingestJob = ingestJobsById.get(ingestJobId); + ingestJob = ingestJobsById.get(ingestJobId.get()); } } else { /* - * Cases where the ingest job ID returned by the event will be - * null: + * There are two cases where the ingest job ID returned by the + * event is expected be null: * * 1. The artifacts are being posted by a data source proccessor - * (DSP) that runs before the ingest job is created, i.e., a DSP - * that does not support streaming ingest. In this use case, the - * event is handled synchronously before the ingest job is + * (DSP) module that runs before the ingest job is created, + * i.e., a DSP that does not support streaming ingest and has no + * noton of an ingest job ID. In this use case, the event is + * handled synchronously (the DSP calls + * Blackboard.postArtifacts(), which puts the event on the event + * bus to which this method subscribes) before the ingest job is * created, so the code below will not find an ingest job to * which to add the artifacts. However, the artifacts will be * analyzed when the ingest job executor, working in batch mode, * schedules ingest tasks for all of the data artifacts in the * case database. * - * 2. The artifacts were posted by a third party ingest module - * that either has not been updated to use the current - * Blackboard.postartifacts() API, or is using it incorrectly. + * 2. The artifacts were posted by an ingest module that either + * has not been updated to use the current + * Blackboard.postArtifacts() API, or is using it incorrectly. * In this use case, the code below should be able to find the * ingest job to which to add the artifacts via their data - * source. However, there is a slight risk here that the wrong + * source. + * + * In both use cases, there is a slight risk that the wrong * ingest job will be selected if multiple ingests of the same * data source are in progress. */ diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java index 3409098d95..06f367d691 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -101,7 +101,7 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule { } try { - aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName()); + aLeappFileProcessor = new LeappFileProcessor(XMLFILE, ALeappAnalyzerModuleFactory.getModuleName(), context); } catch (IOException | IngestModuleException | NoCurrentCaseException ex) { throw new IngestModuleException(Bundle.ALeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex); } diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java index 339be316a9..cf89294aff 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -101,7 +101,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule { } try { - iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName()); + iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName(), context); } catch (IOException | IngestModuleException | NoCurrentCaseException ex) { throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex); } diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 9f19f18996..4796272418 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -61,6 +61,7 @@ import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.coreutils.NetworkUtils; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.PlatformUtil; +import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException; import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult; import org.sleuthkit.datamodel.AbstractFile; @@ -108,10 +109,10 @@ public final class LeappFileProcessor { * Main constructor. * * @param attributeType The BlackboardAttribute type or null if not - * used. used. - * @param columnName The name of the column in the tsv file. - * @param required Whether or not this attribute is required to be - * present. + * used. used. + * @param columnName The name of the column in the tsv file. + * @param required Whether or not this attribute is required to be + * present. */ TsvColumn(BlackboardAttribute.Type attributeType, String columnName, boolean required) { this.attributeType = attributeType; @@ -144,6 +145,7 @@ public final class LeappFileProcessor { private static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName()); private final String xmlFile; //NON-NLS private final String moduleName; + private final IngestJobContext context; private final Map tsvFiles; private final Map tsvFileArtifacts; @@ -194,13 +196,14 @@ public final class LeappFileProcessor { Blackboard blkBoard; - public LeappFileProcessor(String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException { + public LeappFileProcessor(String xmlFile, String moduleName, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException { this.tsvFiles = new HashMap<>(); this.tsvFileArtifacts = new HashMap<>(); this.tsvFileArtifactComments = new HashMap<>(); this.tsvFileAttributes = new HashMap<>(); this.xmlFile = xmlFile; this.moduleName = moduleName; + this.context = context; blkBoard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); @@ -249,7 +252,7 @@ public final class LeappFileProcessor { * we know we want to process and return the list to process those files. */ private List findTsvFiles(Path LeappOutputDir) throws IngestModuleException { - List allTsvFiles = new ArrayList<>(); + List allTsvFiles; List foundTsvFiles = new ArrayList<>(); try (Stream walk = Files.walk(LeappOutputDir)) { @@ -275,7 +278,7 @@ public final class LeappFileProcessor { * Process the Leapp files that were found that match the xml mapping file * * @param LeappFilesToProcess List of files to process - * @param LeappImageFile Abstract file to create artifact for + * @param LeappImageFile Abstract file to create artifact for * * @throws FileNotFoundException * @throws IOException @@ -308,7 +311,7 @@ public final class LeappFileProcessor { * Process the Leapp files that were found that match the xml mapping file * * @param LeappFilesToProcess List of files to process - * @param dataSource The data source. + * @param dataSource The data source. * * @throws FileNotFoundException * @throws IOException @@ -318,7 +321,7 @@ public final class LeappFileProcessor { for (String LeappFileName : LeappFilesToProcess) { String fileName = FilenameUtils.getName(LeappFileName); - File LeappFile = new File(LeappFileName); + File LeappFile = new File(LeappFileName); if (tsvFileAttributes.containsKey(fileName)) { List attrList = tsvFileAttributes.get(fileName); BlackboardArtifact.Type artifactType = tsvFileArtifacts.get(fileName); @@ -345,7 +348,7 @@ public final class LeappFileProcessor { String trackpointSegmentName = null; GeoTrackPoints pointList = new GeoTrackPoints(); AbstractFile geoAbstractFile = null; - + if (LeappFile == null || !LeappFile.exists() || fileName == null) { logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "")); return; @@ -405,11 +408,11 @@ public final class LeappFileProcessor { } } } - + try { - if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase() == "trackpoint") { - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile)).addTrack(trackpointSegmentName, pointList, new ArrayList<>()); - + if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase().equals("trackpoint")) { + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile)).addTrack(trackpointSegmentName, pointList, new ArrayList<>()); + } } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS @@ -418,10 +421,9 @@ public final class LeappFileProcessor { } @NbBundle.Messages({ - "LeappFileProcessor.cannot.create.waypoint.relationship=Cannot create TSK_WAYPOINT artifact.", - }) + "LeappFileProcessor.cannot.create.waypoint.relationship=Cannot create TSK_WAYPOINT artifact.",}) - private void createRoute (Collection bbattributes, Content dataSource, String fileName) throws IngestModuleException { + private void createRoute(Collection bbattributes, Content dataSource, String fileName) throws IngestModuleException { Double startLatitude = Double.valueOf(0); Double startLongitude = Double.valueOf(0); @@ -435,7 +437,7 @@ public final class LeappFileProcessor { String sourceFile = null; AbstractFile absFile = null; String comment = ""; - + try { for (BlackboardAttribute bba : bbattributes) { switch (bba.getAttributeType().getTypeName()) { @@ -478,18 +480,16 @@ public final class LeappFileProcessor { GeoWaypoints waypointList = new GeoWaypoints(); waypointList.addPoint(new Waypoint(startLatitude, startLongitude, zeroValue, "")); waypointList.addPoint(new Waypoint(endLatitude, endLongitude, zeroValue, locationName)); - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addRoute(destinationName, dateTime, waypointList, new ArrayList<>()); - + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addRoute(destinationName, dateTime, waypointList, new ArrayList<>()); + } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_waypoint_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS } - - + } - + @NbBundle.Messages({ - "LeappFileProcessor.cannot.create.trackpoint.relationship=Cannot create TSK_TRACK_POINT artifact.", - }) + "LeappFileProcessor.cannot.create.trackpoint.relationship=Cannot create TSK_TRACK_POINT artifact.",}) private AbstractFile createTrackpoint(Collection bbattributes, Content dataSource, String fileName, String trackpointSegmentName, GeoTrackPoints pointList) throws IngestModuleException { @@ -503,7 +503,7 @@ public final class LeappFileProcessor { String sourceFile = null; String comment = null; AbstractFile absFile = null; - + try { for (BlackboardAttribute bba : bbattributes) { switch (bba.getAttributeType().getTypeName()) { @@ -539,28 +539,26 @@ public final class LeappFileProcessor { absFile = (AbstractFile) dataSource; } if ((trackpointSegmentName == null) || (trackpointSegmentName == segmentName)) { - trackpointSegmentName = segmentName; - pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); + trackpointSegmentName = segmentName; + pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); } else { - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addTrack(segmentName, pointList, new ArrayList<>()); - trackpointSegmentName = segmentName; - pointList = new GeoTrackPoints(); - pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); - + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addTrack(segmentName, pointList, new ArrayList<>()); + trackpointSegmentName = segmentName; + pointList = new GeoTrackPoints(); + pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); + } } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_trackpoint_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS } - - return absFile; - + + return absFile; + } - @NbBundle.Messages({ - "LeappFileProcessor.cannot.create.message.relationship=Cannot create TSK_MESSAGE Relationship.", - }) - + "LeappFileProcessor.cannot.create.message.relationship=Cannot create TSK_MESSAGE Relationship.",}) + private void createMessageRelationship(Collection bbattributes, Content dataSource, String fileName) throws IngestModuleException { String messageType = null; @@ -614,7 +612,7 @@ public final class LeappFileProcessor { sourceFile = bba.getValueString(); break; case "TSK_READ_STATUS": - if (bba.getValueInt() == 1 ) { + if (bba.getValueInt() == 1) { messageStatus = MessageReadStatus.READ; } else { messageStatus = MessageReadStatus.UNREAD; @@ -638,19 +636,19 @@ public final class LeappFileProcessor { AbstractFile absFile = findAbstractFile(dataSource, sourceFile); if (absFile == null) { absFile = (AbstractFile) dataSource; - } + } CommunicationArtifactsHelper accountArtifact; - Account.Type accountType = getAccountType(fileName); + Account.Type accountType = getAccountType(fileName); if (alternateId == null) { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + moduleName, absFile, accountType); } else { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + moduleName, absFile, accountType, accountType, alternateId); } BlackboardArtifact messageArtifact = accountArtifact.addMessage(messageType, communicationDirection, senderId, - receipentId, dateTime, messageStatus, subject, - messageText, threadId, otherAttributes); + receipentId, dateTime, messageStatus, subject, + messageText, threadId, otherAttributes); if (!fileAttachments.isEmpty()) { messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>()); accountArtifact.addAttachments(messageArtifact, messageAttachments); @@ -662,8 +660,7 @@ public final class LeappFileProcessor { } @NbBundle.Messages({ - "LeappFileProcessor.cannot.create.contact.relationship=Cannot create TSK_CONTACT Relationship.", - }) + "LeappFileProcessor.cannot.create.contact.relationship=Cannot create TSK_CONTACT Relationship.",}) private void createContactRelationship(Collection bbattributes, Content dataSource, String fileName) throws IngestModuleException { String alternateId = null; @@ -715,14 +712,14 @@ public final class LeappFileProcessor { } Account.Type accountType = getAccountType(fileName); if (accountType != null) { - + CommunicationArtifactsHelper accountArtifact; if (alternateId == null) { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + moduleName, absFile, accountType); } else { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + moduleName, absFile, accountType, accountType, alternateId); } BlackboardArtifact messageArtifact = accountArtifact.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes); } @@ -732,14 +729,13 @@ public final class LeappFileProcessor { } @NbBundle.Messages({ - "LeappFileProcessor.cannot.create.calllog.relationship=Cannot create TSK_CALLLOG Relationship.", - }) + "LeappFileProcessor.cannot.create.calllog.relationship=Cannot create TSK_CALLLOG Relationship.",}) private void createCalllogRelationship(Collection bbattributes, Content dataSource, String fileName) throws IngestModuleException { String callerId = null; String alternateId = null; - List calleeId = Arrays.asList(); + List calleeId = Arrays.asList(); CommunicationDirection communicationDirection = CommunicationDirection.UNKNOWN; Long startDateTime = Long.valueOf(0); Long endDateTime = Long.valueOf(0); @@ -751,14 +747,14 @@ public final class LeappFileProcessor { for (BlackboardAttribute bba : bbattributes) { switch (bba.getAttributeType().getTypeName()) { case "TSK_TEXT_FILE": - sourceFile = bba.getValueString(); - break; + sourceFile = bba.getValueString(); + break; case "TSK_DATETIME_START": - startDateTime = bba.getValueLong(); - break; + startDateTime = bba.getValueLong(); + break; case "TSK_DATETIME_END": - startDateTime = bba.getValueLong(); - break; + startDateTime = bba.getValueLong(); + break; case "TSK_DIRECTION": if (bba.getValueString().toLowerCase().equals("outgoing")) { communicationDirection = CommunicationDirection.OUTGOING; @@ -773,8 +769,8 @@ public final class LeappFileProcessor { break; case "TSK_PHONE_NUMBER_TO": if (!bba.getValueString().isEmpty()) { - String [] calleeTempList = bba.getValueString().split(",", 0); - calleeId = Arrays.asList(calleeTempList); + String[] calleeTempList = bba.getValueString().split(",", 0); + calleeId = Arrays.asList(calleeTempList); } break; case "TSK_ID": @@ -786,12 +782,12 @@ public final class LeappFileProcessor { break; } } - + if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING) { - String [] calleeTempList = callerId.split(",", 0); - calleeId = Arrays.asList(calleeTempList); - callerId = null; - } + String[] calleeTempList = callerId.split(",", 0); + calleeId = Arrays.asList(calleeTempList); + callerId = null; + } AbstractFile absFile = findAbstractFile(dataSource, sourceFile); if (absFile == null) { absFile = (AbstractFile) dataSource; @@ -800,10 +796,10 @@ public final class LeappFileProcessor { CommunicationArtifactsHelper accountArtifact; if (accountType != null) { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + moduleName, absFile, accountType); } else { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + moduleName, absFile, accountType, accountType, alternateId); } BlackboardArtifact callLogArtifact = accountArtifact.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { @@ -811,7 +807,7 @@ public final class LeappFileProcessor { } } - + private Account.Type getAccountType(String AccountTypeName) { switch (AccountTypeName.toLowerCase()) { case "zapya.tsv": @@ -849,7 +845,7 @@ public final class LeappFileProcessor { case "whatsapp - contacts.tsv": return Account.Type.WHATSAPP; case "tangomessages messages.tsv": - return Account.Type.TANGO; + return Account.Type.TANGO; case "shareit file transfer.tsv": return Account.Type.SHAREIT; case "line - calllogs.tsv": @@ -880,20 +876,22 @@ public final class LeappFileProcessor { return Account.Type.PHONE; } } - + /** * Process the line read and create the necessary attributes for it. * - * @param lineValues List of column values. + * @param lineValues List of column values. * @param columnIndexes Mapping of column headers (trimmed; to lower case) - * to column index. All header columns and only all header columns should be - * present. - * @param attrList The list of attributes as specified for the schema of - * this file. - * @param fileName The name of the file being processed. - * @param lineNum The line number in the file. + * to column index. All header columns and only all + * header columns should be present. + * @param attrList The list of attributes as specified for the schema + * of this file. + * @param fileName The name of the file being processed. + * @param lineNum The line number in the file. + * * @return The collection of blackboard attributes for the artifact created - * from this line. + * from this line. + * * @throws IngestModuleException */ private Collection processReadLine(List lineValues, Map columnIndexes, @@ -949,9 +947,10 @@ public final class LeappFileProcessor { * Check type of attribute and possibly format string based on it. * * @param colAttr Column Attribute information - * @param value string to be formatted + * @param value string to be formatted + * * @return formatted string based on attribute type if no attribute type - * found then return original string + * found then return original string */ private String formatValueBasedOnAttrType(TsvColumn colAttr, String value) { if (colAttr.getAttributeType().getTypeName().equals("TSK_DOMAIN")) { @@ -971,9 +970,10 @@ public final class LeappFileProcessor { * value. * * @param attrType The attribute type. - * @param value The string value to be converted to the appropriate data - * type for the attribute type. + * @param value The string value to be converted to the appropriate data + * type for the attribute type. * @param fileName The file name that the value comes from. + * * @return The generated blackboard attribute. */ private BlackboardAttribute getAttribute(BlackboardAttribute.Type attrType, String value, String fileName) { @@ -1022,7 +1022,9 @@ public final class LeappFileProcessor { * Handles converting a string value to a blackboard attribute. * * @param orig The original string value. + * * @return The generated blackboard attribute. + * * @throws ParseException * @throws NumberFormatException */ @@ -1033,13 +1035,15 @@ public final class LeappFileProcessor { * Runs parsing function on string value to convert to right data type and * generates a blackboard attribute for that converted data type. * - * @param value The string value. - * @param attrType The blackboard attribute type. - * @param fileName The name of the file from which the value comes. - * @param blankIsNull If string is blank return null attribute. - * @param zeroIsNull If string is some version of 0, return null attribute. + * @param value The string value. + * @param attrType The blackboard attribute type. + * @param fileName The name of the file from which the value comes. + * @param blankIsNull If string is blank return null attribute. + * @param zeroIsNull If string is some version of 0, return null + * attribute. * @param valueConverter The means of converting the string value to an - * appropriate blackboard attribute. + * appropriate blackboard attribute. + * * @return The generated blackboard attribute or null if not determined. */ private BlackboardAttribute parseAttrValue(String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) { @@ -1157,7 +1161,7 @@ public final class LeappFileProcessor { for (int k = 0; k < attributeNlist.getLength(); k++) { NamedNodeMap nnm = attributeNlist.item(k).getAttributes(); String attributeName = nnm.getNamedItem("attributename").getNodeValue(); - + if (!attributeName.toLowerCase().matches("null")) { String columnName = nnm.getNamedItem("columnName").getNodeValue(); String required = nnm.getNamedItem("required").getNodeValue(); @@ -1209,11 +1213,12 @@ public final class LeappFileProcessor { /** * Generic method for creating a blackboard artifact with attributes * - * @param artType The artifact type. - * @param dataSource is the Content object that needs to have the artifact - * added for it + * @param artType The artifact type. + * @param dataSource is the Content object that needs to have the artifact + * added for it * @param bbattributes is the collection of blackboard attributes that need - * to be added to the artifact after the artifact has been created + * to be added to the artifact after the artifact has + * been created * * @return The newly-created artifact, or null on error */ @@ -1238,7 +1243,7 @@ public final class LeappFileProcessor { * Method to post a list of BlackboardArtifacts to the blackboard. * * @param artifacts A list of artifacts. IF list is empty or null, the - * function will return. + * function will return. */ void postArtifacts(Collection artifacts) { if (artifacts == null || artifacts.isEmpty()) { @@ -1246,7 +1251,7 @@ public final class LeappFileProcessor { } try { - Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName); + Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, moduleName, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, Bundle.LeappFileProcessor_postartifacts_error(), ex); //NON-NLS } @@ -1259,7 +1264,7 @@ public final class LeappFileProcessor { */ private void configExtractor() throws IOException { PlatformUtil.extractResourceToUserConfigDir(LeappFileProcessor.class, - xmlFile, true); + xmlFile, true); } private static final Set ALLOWED_EXTENSIONS = new HashSet<>(Arrays.asList("zip", "tar", "tgz")); @@ -1316,14 +1321,14 @@ public final class LeappFileProcessor { } } - + private AbstractFile findAbstractFile(Content dataSource, String fileNamePath) { if (fileNamePath == null) { return null; } - + List files; - + String fileName = FilenameUtils.getName(fileNamePath); String filePath = FilenameUtils.normalize(FilenameUtils.getPath(fileNamePath), true); @@ -1347,4 +1352,4 @@ public final class LeappFileProcessor { return null; } - } +} From daaa3a9fd576387e343f277a8993e8d3f2abfb88 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 16:36:37 -0400 Subject: [PATCH 03/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../eventlisteners/CaseEventListener.java | 3 +-- .../eventlisteners/IngestEventsListener.java | 3 +-- .../ingestmodule/CentralRepoIngestModule.java | 8 +++++++- .../xry/XRYCallsFileParser.java | 2 +- .../examples/SampleFileIngestModule.java | 13 ++++++++----- .../logicalimager/dsp/AddLogicalImageTask.java | 3 +-- .../DataSourceIntegrityIngestModule.java | 4 ++-- .../autopsy/modules/drones/DATExtractor.java | 4 ++-- .../SevenZipExtractor.java | 4 ++-- ...ryptionDetectionDataSourceIngestModule.java | 2 +- .../EncryptionDetectionFileIngestModule.java | 2 +- .../FileExtMismatchIngestModule.java | 2 +- .../filetypeid/FileTypeIdIngestModule.java | 2 +- .../hashdatabase/HashDbIngestModule.java | 7 ++----- .../FilesIdentifierIngestModule.java | 4 ++-- .../leappanalyzers/LeappFileProcessor.java | 18 +++++++++--------- .../pictureanalyzer/impls/EXIFProcessor.java | 2 +- .../modules/plaso/PlasoIngestModule.java | 4 ++-- .../autopsy/modules/yara/YaraIngestModule.java | 4 ++-- .../portablecase/PortableCaseReportModule.java | 2 +- .../autopsy/test/CustomArtifactType.java | 8 ++++---- ...ArtifactsCreatorDataSourceIngestModule.java | 6 ++++-- ...CustomArtifactsCreatorFileIngestModule.java | 6 ++++-- .../timeline/actions/AddManualEvent.java | 2 +- 24 files changed, 61 insertions(+), 54 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java index 85dc90ea42..b1cac61e4c 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java @@ -761,8 +761,7 @@ public final class CaseEventListener implements PropertyChangeListener { BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, score, null, Bundle.CaseEventsListener_prevExists_text(), justification, attributesForNewArtifact, osAccountInstance.getDataSource().getId()).getAnalysisResult(); try { - // index the artifact for keyword search - blackboard.postArtifact(newAnalysisResult, MODULE_NAME); + blackboard.postArtifact(newAnalysisResult, MODULE_NAME, null); break; } catch (Blackboard.BlackboardException ex) { LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newAnalysisResult.getArtifactID(), ex); //NON-NLS diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java index 68dcb8e456..6af51f69af 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java @@ -351,8 +351,7 @@ public class IngestEventsListener { .getAnalysisResult(); try { - // index the artifact for keyword search - blackboard.postArtifact(newArtifact, MODULE_NAME); + blackboard.postArtifact(newArtifact, MODULE_NAME, null); } catch (Blackboard.BlackboardException ex) { LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + newArtifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java index 26d262b4c6..f4c09a764a 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java @@ -87,6 +87,7 @@ final class CentralRepoIngestModule implements FileIngestModule { private Blackboard blackboard; private final boolean createCorrelationProperties; private final boolean flagUniqueArtifacts; + private long ingestJobId; /** * Instantiate the Central Repository ingest module. @@ -100,6 +101,11 @@ final class CentralRepoIngestModule implements FileIngestModule { flagUniqueArtifacts = settings.isFlagUniqueArtifacts(); } + @Override + public void startUp(IngestJobContext context) throws IngestModuleException { + ingestJobId = context.getJobId(); + } + @Override public ProcessResult process(AbstractFile abstractFile) { if (CentralRepository.isEnabled() == false) { @@ -365,7 +371,7 @@ final class CentralRepoIngestModule implements FileIngestModule { .getAnalysisResult(); try { // index the artifact for keyword search - blackboard.postArtifact(tifArtifact, MODULE_NAME); + blackboard.postArtifact(tifArtifact, MODULE_NAME, ingestJobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java index 610ef84265..2e3bb1d8d7 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java @@ -287,7 +287,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser { if (callerId != null) { try { currentCase.getCommunicationsManager().createAccountFileInstance( - Account.Type.PHONE, callerId, PARSER_NAME, parent); + Account.Type.PHONE, callerId, PARSER_NAME, parent, null); } catch (InvalidAccountIDException ex) { logger.log(Level.WARNING, String.format("Invalid account identifier %s", callerId), ex); } diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java index b3042fb4a5..746b76f61e 100644 --- a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java @@ -73,8 +73,8 @@ class SampleFileIngestModule implements FileIngestModule { // Skip anything other than actual file system files. if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) - || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) - || (file.isFile() == false)) { + || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) + || (file.isFile() == false)) { return IngestModule.ProcessResult.OK; } @@ -111,10 +111,13 @@ class SampleFileIngestModule implements FileIngestModule { addToBlackboardPostCount(context.getJobId(), 1L); /* - * post the artifact which will index the artifact for keyword - * search, and fire an event to notify UI of this new artifact + * Post the artifact to the blackboard. Doing so will cause events + * to be published that will trigger additional analysis, if + * applicable. For example, the creation of timeline events, + * indexing of the artifact for keyword search, and analysis by the + * data artifact ingest modules if the artifact is a data artifact. */ - file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName()); + file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName(), context.getJobId()); return IngestModule.ProcessResult.OK; diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index eb52c88baf..4fca526b7b 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -513,8 +513,7 @@ final class AddLogicalImageTask implements Runnable { private void postArtifacts(List artifacts) { try { - // index the artifact for keyword search - blackboard.postArtifacts(artifacts, MODULE_NAME); + blackboard.postArtifacts(artifacts, MODULE_NAME, null); } catch (Blackboard.BlackboardException ex) { LOGGER.log(Level.SEVERE, "Unable to post artifacts to blackboard", ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java index ec614e56b0..2f83f3d827 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2013-2019 Basis Technology Corp. + * Copyright 2013-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -303,7 +303,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule { .getAnalysisResult(); Case.getCurrentCase().getServices().getArtifactsBlackboard() - .postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName()); + .postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName(), context.getJobId()); } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Error creating verification failed artifact", ex); } catch (Blackboard.BlackboardException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java index 3966317d15..dc468db858 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/drones/DATExtractor.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -114,7 +114,7 @@ final class DATExtractor extends DroneExtractor { GeoTrackPoints trackPoints = processCSVFile(context, DATFile, csvFilePath); if (trackPoints != null && !trackPoints.isEmpty()) { - (new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile)).addTrack(DATFile.getName(), trackPoints, null); + (new GeoArtifactsHelper(getSleuthkitCase(), getName(), "DatCon", DATFile, context.getJobId())).addTrack(DATFile.getName(), trackPoints, null); } else { logger.log(Level.INFO, String.format("No trackpoints with valid longitude or latitude found in %s", DATFile.getName())); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index 75cef1a8f1..574b034ab4 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -341,7 +341,7 @@ class SevenZipExtractor { * keyword search, and fire an event to notify UI of this * new artifact */ - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId()); String msg = NbBundle.getMessage(SevenZipExtractor.class, "EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg", archiveFile.getName(), escapedFilePath);//NON-NLS @@ -870,7 +870,7 @@ class SevenZipExtractor { * keyword search, and fire an event to notify UI of this * new artifact */ - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to post blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error( diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java index 5eb6f91e12..0168632f57 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java @@ -172,7 +172,7 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges * post the artifact which will index the artifact for keyword * search, and fire an event to notify UI of this new artifact */ - blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index 81e7c1877e..e4f6b189a7 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -212,7 +212,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter * post the artifact which will index the artifact for keyword * search, and fire an event to notify UI of this new artifact */ - blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EncryptionDetectionModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index 586543c003..dbf38dc909 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -155,7 +155,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule { * keyword search, and fire an event to notify UI of this * new artifact */ - blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName()); + blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName(), jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bart.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(FileExtMismatchDetectorModuleFactory.getModuleName(), Bundle.FileExtMismatchIngestModule_indexError_message()); diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 0288d5b463..a84bafa8d2 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -206,7 +206,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { * keyword search, and fire an event to notify UI of this * new artifact */ - tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName()); + tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName(), jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 8b6cc47d79..c89e7893c6 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,6 @@ package org.sleuthkit.autopsy.modules.hashdatabase; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.concurrent.atomic.AtomicLong; @@ -43,13 +42,11 @@ import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.HashHitInfo; import org.sleuthkit.datamodel.HashUtility; import org.sleuthkit.datamodel.Score; -import org.sleuthkit.datamodel.Score.Significance; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; @@ -552,7 +549,7 @@ public class HashDbIngestModule implements FileIngestModule { * post the artifact which will index the artifact for keyword * search, and fire an event to notify UI of this new artifact */ - blackboard.postArtifact(badFile, moduleName); + blackboard.postArtifact(badFile, moduleName, jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + badFile.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error( diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java index d447f204d5..ec259e933a 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014-2018 Basis Technology Corp. + * Copyright 2014-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -151,7 +151,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule { try { // Post thet artifact to the blackboard. - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName()); diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 4796272418..103ebb75df 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -411,7 +411,7 @@ public final class LeappFileProcessor { try { if (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName.toLowerCase(), "norelationship").toLowerCase().equals("trackpoint")) { - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile)).addTrack(trackpointSegmentName, pointList, new ArrayList<>()); + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, "", geoAbstractFile, context.getJobId())).addTrack(trackpointSegmentName, pointList, new ArrayList<>()); } } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { @@ -480,7 +480,7 @@ public final class LeappFileProcessor { GeoWaypoints waypointList = new GeoWaypoints(); waypointList.addPoint(new Waypoint(startLatitude, startLongitude, zeroValue, "")); waypointList.addPoint(new Waypoint(endLatitude, endLongitude, zeroValue, locationName)); - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addRoute(destinationName, dateTime, waypointList, new ArrayList<>()); + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addRoute(destinationName, dateTime, waypointList, new ArrayList<>()); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_waypoint_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS @@ -542,7 +542,7 @@ public final class LeappFileProcessor { trackpointSegmentName = segmentName; pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); } else { - (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile)).addTrack(segmentName, pointList, new ArrayList<>()); + (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addTrack(segmentName, pointList, new ArrayList<>()); trackpointSegmentName = segmentName; pointList = new GeoTrackPoints(); pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); @@ -641,10 +641,10 @@ public final class LeappFileProcessor { Account.Type accountType = getAccountType(fileName); if (alternateId == null) { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + moduleName, absFile, accountType, context.getJobId()); } else { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } BlackboardArtifact messageArtifact = accountArtifact.addMessage(messageType, communicationDirection, senderId, receipentId, dateTime, messageStatus, subject, @@ -716,10 +716,10 @@ public final class LeappFileProcessor { CommunicationArtifactsHelper accountArtifact; if (alternateId == null) { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + moduleName, absFile, accountType, context.getJobId()); } else { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } BlackboardArtifact messageArtifact = accountArtifact.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes); } @@ -796,10 +796,10 @@ public final class LeappFileProcessor { CommunicationArtifactsHelper accountArtifact; if (accountType != null) { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType); + moduleName, absFile, accountType, context.getJobId()); } else { accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), - moduleName, absFile, accountType, accountType, alternateId); + moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } BlackboardArtifact callLogArtifact = accountArtifact.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java index cb6e017067..2806931f69 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java @@ -172,7 +172,7 @@ public class EXIFProcessor implements PictureProcessor { artifacts.add(userSuspectedArtifact); try { - blackboard.postArtifacts(artifacts, MODULE_NAME); + blackboard.postArtifacts(artifacts, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Error posting TSK_METADATA_EXIF and TSK_USER_CONTENT_SUSPECTED artifacts for %s (object ID = %d)", file.getName(), file.getId()), ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java index f2b7e5942f..5a7a1646ed 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018-2019 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -352,7 +352,7 @@ public class PlasoIngestModule implements DataSourceIngestModule { * keyword search, and fire an event to notify UI of * this new artifact */ - blackboard.postArtifact(bbart, MODULE_NAME); + blackboard.postArtifact(bbart, MODULE_NAME, context.getJobId()); } catch (BlackboardException ex) { logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java index 40d4c4abb7..b2980ddcbb 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2020 Basis Technology Corp. + * Copyright 2020-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -159,7 +159,7 @@ public class YaraIngestModule extends FileIngestModuleAdapter { if(!artifacts.isEmpty()) { Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); - blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName()); + blackboard.postArtifacts(artifacts, YaraIngestModuleFactory.getModuleName(), context.getJobId()); } } catch (BlackboardException | NoCurrentCaseException | IngestModuleException | TskCoreException | YaraWrapperException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java index 3eb07b45f6..e19d83ee07 100644 --- a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java +++ b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java @@ -1424,7 +1424,7 @@ public class PortableCaseReportModule implements ReportModule { // Add the attachment. The account type specified in the constructor will not be used. CommunicationArtifactsHelper communicationArtifactsHelper = new CommunicationArtifactsHelper(currentCase.getSleuthkitCase(), - newSourceStr, newFile, Account.Type.EMAIL); + newSourceStr, newFile, Account.Type.EMAIL, null); communicationArtifactsHelper.addAttachments(newArtifact, new MessageAttachments(newFileAttachments, msgAttachments.getUrlAttachments())); } catch (BlackboardJsonAttrUtil.InvalidJsonException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java index 834adc0a97..3fb49998a3 100644 --- a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java +++ b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2020 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,7 +23,6 @@ import java.util.List; import javax.xml.bind.DatatypeConverter; import org.joda.time.DateTime; import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.Blackboard.BlackboardException; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -87,6 +86,7 @@ final class CustomArtifactType { * blackboard. * * @param source The artifact source content. + * @param ingestJobId The ingest job ID. * * @return A BlackboardArtifact object. * @@ -95,7 +95,7 @@ final class CustomArtifactType { * @throws Blackboard.BlackboardException If there is an error posting the * artifact to the blackboard. */ - static BlackboardArtifact createAndPostInstance(Content source) throws TskCoreException, Blackboard.BlackboardException { + static BlackboardArtifact createAndPostInstance(Content source, long ingestJobId) throws TskCoreException, Blackboard.BlackboardException { List attributes = new ArrayList<>(); attributes.add(new BlackboardAttribute(intAttrType, MODULE_NAME, 0)); attributes.add(new BlackboardAttribute(doubleAttrType, MODULE_NAME, 0.0)); @@ -131,7 +131,7 @@ final class CustomArtifactType { } Blackboard blackboard = Case.getCurrentCase().getServices().getArtifactsBlackboard(); - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, ingestJobId); return artifact; } diff --git a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java index ffe9b595bf..371e3f0c03 100644 --- a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2020 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -38,7 +38,8 @@ import org.sleuthkit.datamodel.TskCoreException; public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceIngestModuleAdapter { private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorDataSourceIngestModule.class.getName()); - + private IngestJobContext context; + /** * Adds the custom artifact type this module uses to the case database of * the current case. @@ -51,6 +52,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge */ @Override public void startUp(IngestJobContext context) throws IngestModuleException { + this.context = context; try { CustomArtifactType.addToCaseDatabase(); } catch (Blackboard.BlackboardException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java index de015d8a21..235ef1f84b 100644 --- a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2020 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -37,6 +37,7 @@ import org.sleuthkit.datamodel.TskCoreException; final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapter { private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorFileIngestModule.class.getName()); + private IngestJobContext context; /** * Adds the custom artifact type this module uses to the case database of @@ -50,6 +51,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt */ @Override public void startUp(IngestJobContext context) throws IngestModuleException { + this.context = context; try { CustomArtifactType.addToCaseDatabase(); } catch (Blackboard.BlackboardException ex) { @@ -71,7 +73,7 @@ final class CustomArtifactsCreatorFileIngestModule extends FileIngestModuleAdapt return ProcessResult.OK; } try { - CustomArtifactType.createAndPostInstance(file); + CustomArtifactType.createAndPostInstance(file, context.getJobId()); } catch (TskCoreException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex); return ProcessResult.ERROR; diff --git a/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java b/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java index 4b7f43cb8f..acae10c1e0 100755 --- a/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java @@ -157,7 +157,7 @@ public class AddManualEvent extends Action { BlackboardArtifact artifact = eventInfo.datasource.newDataArtifact(new BlackboardArtifact.Type(TSK_TL_EVENT), attributes, null); try { - sleuthkitCase.getBlackboard().postArtifact(artifact, source); + sleuthkitCase.getBlackboard().postArtifact(artifact, source, null); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Error posting artifact to the blackboard.", ex); //NON-NLS new Alert(Alert.AlertType.ERROR, Bundle.AddManualEvent_postArtifactFailed(), ButtonType.OK).showAndWait(); From 87e83579220174292429bd33cf26881c15d9b1be Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 16:55:45 -0400 Subject: [PATCH 04/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../ingestmodule/CentralRepoIngestModule.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java index f4c09a764a..85000953f2 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java @@ -87,7 +87,7 @@ final class CentralRepoIngestModule implements FileIngestModule { private Blackboard blackboard; private final boolean createCorrelationProperties; private final boolean flagUniqueArtifacts; - private long ingestJobId; + private IngestJobContext context; /** * Instantiate the Central Repository ingest module. @@ -103,7 +103,7 @@ final class CentralRepoIngestModule implements FileIngestModule { @Override public void startUp(IngestJobContext context) throws IngestModuleException { - ingestJobId = context.getJobId(); + this.context = context; } @Override @@ -371,7 +371,7 @@ final class CentralRepoIngestModule implements FileIngestModule { .getAnalysisResult(); try { // index the artifact for keyword search - blackboard.postArtifact(tifArtifact, MODULE_NAME, ingestJobId); + blackboard.postArtifact(tifArtifact, MODULE_NAME, context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS } From 35ec6b5da853cb483e73dd5f861c6f22af40c8f2 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 16:58:16 -0400 Subject: [PATCH 05/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java index 9c24a1703b..c51deab219 100755 --- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java +++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); From cb19724ec28c22a8b81387f9b493897748649eb8 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 17:21:13 -0400 Subject: [PATCH 06/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../org/sleuthkit/autopsy/ingest/IngestManager.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index f5542a5784..186051269b 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -323,12 +323,15 @@ public class IngestManager implements IngestProgressSnapshotProvider { * (DSP) module that runs before the ingest job is created, * i.e., a DSP that does not support streaming ingest and has no * noton of an ingest job ID. In this use case, the event is - * handled synchronously (the DSP calls + * handled synchronously. The DSP calls * Blackboard.postArtifacts(), which puts the event on the event - * bus to which this method subscribes) before the ingest job is - * created, so the code below will not find an ingest job to - * which to add the artifacts. However, the artifacts will be - * analyzed when the ingest job executor, working in batch mode, + * bus to which this method subscribes, so the event will be + * handled here before the DSP completes and calls + * DataSourceProcessorCallback.done(). This means the code below + * will execute before the ingest job is created, so it will not + * find an ingest job to which to add the artifacts. However, + * the artifacts WILL be analyzed after the ingest job is + * started, when the ingest job executor, working in batch mode, * schedules ingest tasks for all of the data artifacts in the * case database. * From 20b4ae976674bf4d330e44b59e1af38b413354ef Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 17:24:23 -0400 Subject: [PATCH 07/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../autopsy/logicalimager/dsp/AddLogicalImageTask.java | 2 +- .../EncryptionDetectionDataSourceIngestModule.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java index 4fca526b7b..ceb0ebbde6 100644 --- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java +++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java @@ -1,7 +1,7 @@ /* * Autopsy * - * Copyright 2019 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java index 0168632f57..95b3dc7132 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); From 7a99267e724e34f9367299abbc898817b107fd65 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 17:27:46 -0400 Subject: [PATCH 08/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../EncryptionDetectionFileIngestModule.java | 2 +- .../modules/fileextmismatch/FileExtMismatchIngestModule.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index e4f6b189a7..3d08163c9e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017-2018 Basis Technology Corp. + * Copyright 2017-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index dbf38dc909..0d3f40bd3e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); From 35a7bf64923edf7890d7fbcb96c70e35c8054c2e Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 17:32:55 -0400 Subject: [PATCH 09/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../autopsy/modules/filetypeid/FileTypeIdIngestModule.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index a84bafa8d2..734eedaf35 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2013-2018 Basis Technology Corp. + * Copyright 2013-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); From 3747dba3e25b395505d7ad016b1ed584bf1f24d4 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 18:03:53 -0400 Subject: [PATCH 10/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../autopsy/ingest/IngestManager.java | 21 +++++++++++++++---- .../PortableCaseReportModule.java | 2 +- ...rtifactsCreatorDataSourceIngestModule.java | 2 +- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index 186051269b..f380c12508 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -316,7 +316,7 @@ public class IngestManager implements IngestProgressSnapshotProvider { } } else { /* - * There are two cases where the ingest job ID returned by the + * There are four cases where the ingest job ID returned by the * event is expected be null: * * 1. The artifacts are being posted by a data source proccessor @@ -342,9 +342,22 @@ public class IngestManager implements IngestProgressSnapshotProvider { * ingest job to which to add the artifacts via their data * source. * - * In both use cases, there is a slight risk that the wrong - * ingest job will be selected if multiple ingests of the same - * data source are in progress. + * In both of the use cases above, there is a slight risk that + * the wrong ingest job will be selected if multiple ingests of + * the same data source are in progress. + * + * 3. The portable case generator uses a + * CommunicatonsArtifactHelper constructed with a null ingest + * job ID, and the CommunicatonsArtifactHelper posts artifacts. + * Clearly, no data artifact ingest modules will be running, as + * might not have been so in the original case. This is an + * acceptable edge case, given the goals of portable cases. + * + * 4. The user can manually create timeline events with the + * timeline tool, which posts the TSK_TL_EVENT data artifacts. + * The user selects the data source for these artifacts. INgest + * of that data source might be running. This is an acceptabel + * edge case. */ DataArtifact dataArtifact = newDataArtifacts.get(0); try { diff --git a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java index e19d83ee07..830f706b7d 100644 --- a/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java +++ b/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2019-2020 Basis Technology Corp. + * Copyright 2019-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java index 371e3f0c03..8cbd01ef02 100644 --- a/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/test/CustomArtifactsCreatorDataSourceIngestModule.java @@ -72,7 +72,7 @@ public class CustomArtifactsCreatorDataSourceIngestModule extends DataSourceInge @Override public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) { try { - CustomArtifactType.createAndPostInstance(dataSource); + CustomArtifactType.createAndPostInstance(dataSource, context.getJobId()); } catch (TskCoreException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Failed to process data source (obj_id = %d)", dataSource.getId()), ex); return ProcessResult.ERROR; From 68fd499b81d88fe4ddc451a2280b096ccce48c9f Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 18:09:30 -0400 Subject: [PATCH 11/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../autopsy/ingest/IngestManager.java | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index f380c12508..0d0260d20e 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -333,31 +333,34 @@ public class IngestManager implements IngestProgressSnapshotProvider { * the artifacts WILL be analyzed after the ingest job is * started, when the ingest job executor, working in batch mode, * schedules ingest tasks for all of the data artifacts in the - * case database. + * case database. There is a slight risk that the wrong ingest + * job will be selected if multiple ingests of the same data + * source are in progress. * * 2. The artifacts were posted by an ingest module that either * has not been updated to use the current * Blackboard.postArtifacts() API, or is using it incorrectly. * In this use case, the code below should be able to find the * ingest job to which to add the artifacts via their data - * source. - * - * In both of the use cases above, there is a slight risk that - * the wrong ingest job will be selected if multiple ingests of - * the same data source are in progress. + * source. There is a slight risk that the wrong ingest job will + * be selected if multiple ingests of the same data source are + * in progress. * * 3. The portable case generator uses a - * CommunicatonsArtifactHelper constructed with a null ingest + * CommunicationArtifactsHelper constructed with a null ingest * job ID, and the CommunicatonsArtifactHelper posts artifacts. - * Clearly, no data artifact ingest modules will be running, as - * might not have been so in the original case. This is an - * acceptable edge case, given the goals of portable cases. + * Ingest of that data source might be running, in which case + * the data artifact will be analyzed. It also might be analyzed + * by a suvsequent ingest job for the data source. This is an + * acceptable edge case. * * 4. The user can manually create timeline events with the * timeline tool, which posts the TSK_TL_EVENT data artifacts. - * The user selects the data source for these artifacts. INgest - * of that data source might be running. This is an acceptabel - * edge case. + * The user selects the data source for these artifacts. Ingest + * of that data source might be running, in which case the data + * artifact will be analyzed. It also might be analyzed by a + * suvsequent ingest job for the data source. This is an + * acceptable edge case. */ DataArtifact dataArtifact = newDataArtifacts.get(0); try { From c47acb1fdf6d5bf01622f162efc7789c8a51cfd9 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 18:11:49 -0400 Subject: [PATCH 12/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../ingestmodule/CentralRepoIngestModule.java | 7 ++----- Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java index 85000953f2..df6bd58801 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java @@ -101,11 +101,6 @@ final class CentralRepoIngestModule implements FileIngestModule { flagUniqueArtifacts = settings.isFlagUniqueArtifacts(); } - @Override - public void startUp(IngestJobContext context) throws IngestModuleException { - this.context = context; - } - @Override public ProcessResult process(AbstractFile abstractFile) { if (CentralRepository.isEnabled() == false) { @@ -235,6 +230,8 @@ final class CentralRepoIngestModule implements FileIngestModule { }) @Override public void startUp(IngestJobContext context) throws IngestModuleException { + this.context = context; + IngestEventsListener.incrementCorrelationEngineModuleCount(); /* diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index 0d0260d20e..8b2ac48982 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -316,8 +316,8 @@ public class IngestManager implements IngestProgressSnapshotProvider { } } else { /* - * There are four cases where the ingest job ID returned by the - * event is expected be null: + * There are four use cases where the ingest job ID returned by + * the event is expected be null: * * 1. The artifacts are being posted by a data source proccessor * (DSP) module that runs before the ingest job is created, From ebb759cca769c64e6e3f0105d8588f8b951702f2 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Tue, 26 Oct 2021 18:13:59 -0400 Subject: [PATCH 13/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java index 8b2ac48982..2c87487232 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java @@ -351,7 +351,7 @@ public class IngestManager implements IngestProgressSnapshotProvider { * job ID, and the CommunicatonsArtifactHelper posts artifacts. * Ingest of that data source might be running, in which case * the data artifact will be analyzed. It also might be analyzed - * by a suvsequent ingest job for the data source. This is an + * by a subsequent ingest job for the data source. This is an * acceptable edge case. * * 4. The user can manually create timeline events with the @@ -359,7 +359,7 @@ public class IngestManager implements IngestProgressSnapshotProvider { * The user selects the data source for these artifacts. Ingest * of that data source might be running, in which case the data * artifact will be analyzed. It also might be analyzed by a - * suvsequent ingest job for the data source. This is an + * subsequent ingest job for the data source. This is an * acceptable edge case. */ DataArtifact dataArtifact = newDataArtifacts.get(0); From 356eec1d907b00ab825c0e8c8ee03aed6c25d27e Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Wed, 27 Oct 2021 13:09:08 -0400 Subject: [PATCH 14/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../GPX_Module/GPX_Parser_Module.py | 6 +++--- InternalPythonModules/android/browserlocation.py | 5 ++--- InternalPythonModules/android/cachelocation.py | 5 ++--- InternalPythonModules/android/calllog.py | 6 +++--- InternalPythonModules/android/contact.py | 8 ++++---- InternalPythonModules/android/fbmessenger.py | 10 +++++----- InternalPythonModules/android/googlemaplocation.py | 8 ++++---- InternalPythonModules/android/imo.py | 6 +++--- InternalPythonModules/android/installedapps.py | 4 ++-- InternalPythonModules/android/line.py | 6 +++--- InternalPythonModules/android/operabrowser.py | 10 +++++----- InternalPythonModules/android/oruxmaps.py | 7 +++---- InternalPythonModules/android/sbrowser.py | 14 +++++++------- InternalPythonModules/android/shareit.py | 4 ++-- InternalPythonModules/android/skype.py | 6 +++--- InternalPythonModules/android/tangomessage.py | 8 ++++---- InternalPythonModules/android/textmessage.py | 6 +++--- InternalPythonModules/android/textnow.py | 4 ++-- InternalPythonModules/android/viber.py | 10 ++++------ InternalPythonModules/android/whatsapp.py | 6 +++--- InternalPythonModules/android/wwfmessage.py | 8 ++++---- InternalPythonModules/android/xender.py | 6 +++--- InternalPythonModules/android/zapya.py | 4 ++-- .../Aug2015DataSourceTutorial/FindContactsDb.py | 3 +-- .../Aug2015DataSourceTutorial/FindContactsDb_v2.py | 2 +- .../FindBigRoundFiles.py | 7 +++++-- pythonExamples/Registry_Example.py | 3 +-- pythonExamples/dataSourceIngestModule.py | 3 +-- pythonExamples/fileIngestModule.py | 7 +++++-- 29 files changed, 90 insertions(+), 92 deletions(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index 49e26483d0..375652b6c4 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -134,7 +134,7 @@ class GPXParserFileIngestModule(FileIngestModule): # Create a GeoArtifactsHelper for this file. geoArtifactHelper = GeoArtifactsHelper( - self.skCase, self.moduleName, None, file) + self.skCase, self.moduleName, None, file, context.getJobId()) if self.writeDebugMsgs: self.log(Level.INFO, "Processing " + file.getUniquePath() + @@ -213,7 +213,7 @@ class GPXParserFileIngestModule(FileIngestModule): art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) - self.blackboard.postArtifact(art, self.moduleName) + self.blackboard.postArtifact(art, self.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " + diff --git a/InternalPythonModules/android/browserlocation.py b/InternalPythonModules/android/browserlocation.py index faab73bcfa..ab0d52f709 100644 --- a/InternalPythonModules/android/browserlocation.py +++ b/InternalPythonModules/android/browserlocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -104,9 +104,8 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer): # NOTE: originally commented out try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, general.MODULE_NAME) + blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/cachelocation.py b/InternalPythonModules/android/cachelocation.py index 599eb60ca1..f8e672963a 100644 --- a/InternalPythonModules/android/cachelocation.py +++ b/InternalPythonModules/android/cachelocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -102,9 +102,8 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer): # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy)) # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence)) try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, general.MODULE_NAME) + blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId(), context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/calllog.py b/InternalPythonModules/android/calllog.py index 13775e80f7..2762f0b869 100644 --- a/InternalPythonModules/android/calllog.py +++ b/InternalPythonModules/android/calllog.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -83,12 +83,12 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer): callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, callLogDb.getDBFile(), - Account.Type.PHONE, Account.Type.PHONE, selfAccountId ) + Account.Type.PHONE, Account.Type.PHONE, selfAccountId, context.getJobId()) else: callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, callLogDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) for tableName in CallLogAnalyzer._tableNames: try: diff --git a/InternalPythonModules/android/contact.py b/InternalPythonModules/android/contact.py index 8144890134..2ebd744eb1 100644 --- a/InternalPythonModules/android/contact.py +++ b/InternalPythonModules/android/contact.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -75,7 +75,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): return for contactDb in contactsDbs: try: - self.__findContactsInDB(contactDb, dataSource) + self.__findContactsInDB(contactDb, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Contacts", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -86,7 +86,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): """ Queries the given contact database and adds Contacts to the case. """ - def __findContactsInDB(self, contactDb, dataSource): + def __findContactsInDB(self, contactDb, dataSource, context): if not contactDb: return @@ -97,7 +97,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, contactDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) # get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) # sorted by name, so phonenumber/email would be consecutive for a person if they exist. diff --git a/InternalPythonModules/android/fbmessenger.py b/InternalPythonModules/android/fbmessenger.py index 86dc9cd474..05954e0e9f 100644 --- a/InternalPythonModules/android/fbmessenger.py +++ b/InternalPythonModules/android/fbmessenger.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -148,11 +148,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): if self.selfAccountId is not None: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId()) else: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), - Account.Type.FACEBOOK) + Account.Type.FACEBOOK, context.getJobId()) ## get the other contacts/friends contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0") @@ -492,11 +492,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): if self.selfAccountId is not None: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId()) else: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), - Account.Type.FACEBOOK) + Account.Type.FACEBOOK, context.getJobId()) self.analyzeMessages(threadsDb, threadsDBHelper) self.analyzeCallLogs(threadsDb, threadsDBHelper) diff --git a/InternalPythonModules/android/googlemaplocation.py b/InternalPythonModules/android/googlemaplocation.py index 2c33146b21..277b8ef1f5 100644 --- a/InternalPythonModules/android/googlemaplocation.py +++ b/InternalPythonModules/android/googlemaplocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -76,7 +76,7 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer): try: jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) - self.__findGeoLocationsInDB(jFile.toString(), abstractFile) + self.__findGeoLocationsInDB(jFile.toString(), abstractFile, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -84,13 +84,13 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer): # Error finding Google map locations. pass - def __findGeoLocationsInDB(self, databasePath, abstractFile): + def __findGeoLocationsInDB(self, databasePath, abstractFile, context): if not databasePath: return try: artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(), - general.MODULE_NAME, self.PROGRAM_NAME, abstractFile) + general.MODULE_NAME, self.PROGRAM_NAME, abstractFile, context.getJobId()) Class.forName("org.sqlite.JDBC") # load JDBC driver connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath) statement = connection.createStatement() diff --git a/InternalPythonModules/android/imo.py b/InternalPythonModules/android/imo.py index 6898e3693f..7e308340ad 100644 --- a/InternalPythonModules/android/imo.py +++ b/InternalPythonModules/android/imo.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -109,12 +109,12 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO, Account.Type.IMO, selfAccountId ) + Account.Type.IMO, Account.Type.IMO, selfAccountId, context.getJobId()) else: friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO ) + Account.Type.IMO, context.getJobId()) contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends") if contactsResultSet is not None: while contactsResultSet.next(): diff --git a/InternalPythonModules/android/installedapps.py b/InternalPythonModules/android/installedapps.py index ef09a5b5d0..fe80180522 100644 --- a/InternalPythonModules/android/installedapps.py +++ b/InternalPythonModules/android/installedapps.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -75,7 +75,7 @@ class InstalledApplicationsAnalyzer(general.AndroidComponentAnalyzer): try: current_case = Case.getCurrentCaseThrows() libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(), - self._MODULE_NAME, libraryDb.getDBFile()) + self._MODULE_NAME, libraryDb.getDBFile(), context.getJobId()) queryString = "SELECT doc_id, purchase_time FROM ownership" ownershipResultSet = libraryDb.runQuery(queryString) if ownershipResultSet is not None: diff --git a/InternalPythonModules/android/line.py b/InternalPythonModules/android/line.py index 7409f28945..fe39a434c1 100644 --- a/InternalPythonModules/android/line.py +++ b/InternalPythonModules/android/line.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -117,7 +117,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_and_message_db.getDBFile(), Account.Type.LINE) + contact_and_message_db.getDBFile(), Account.Type.LINE, context.getJobId()) self.parse_contacts(contact_and_message_db, helper) self.parse_messages(contact_and_message_db, helper, current_case) @@ -125,7 +125,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - calllog_db.getDBFile(), Account.Type.LINE) + calllog_db.getDBFile(), Account.Type.LINE, context.getJobId()) self.parse_calllogs(dataSource, calllog_db, helper) except NoCurrentCaseException as ex: diff --git a/InternalPythonModules/android/operabrowser.py b/InternalPythonModules/android/operabrowser.py index f1f90b9f04..04e4c34f10 100644 --- a/InternalPythonModules/android/operabrowser.py +++ b/InternalPythonModules/android/operabrowser.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -119,7 +119,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for historyDb in historyDbs: try: historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, historyDb.getDBFile()) + self._MODULE_NAME, historyDb.getDBFile(), context.getJobId()) historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") if historyResultSet is not None: while historyResultSet.next(): @@ -148,7 +148,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for downloadsDb in downloadsDbs: try: downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, downloadsDb.getDBFile()) + self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId()) queryString = "SELECT target_path, start_time, url FROM downloads"\ " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" downloadsResultSet = downloadsDb.runQuery(queryString) @@ -177,7 +177,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for autofillDb in autofillDbs: try: autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, autofillDb.getDBFile()) + self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId()) autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill") if autofillsResultSet is not None: while autofillsResultSet.next(): @@ -205,7 +205,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for webFormAddressDb in webFormAddressDbs: try: webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, webFormAddressDb.getDBFile()) + self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId()) queryString = """ SELECT street_address, city, state, zipcode, country_code, date_modified, first_name, last_name, number, email diff --git a/InternalPythonModules/android/oruxmaps.py b/InternalPythonModules/android/oruxmaps.py index 677ea26eea..88dcb6f2f9 100644 --- a/InternalPythonModules/android/oruxmaps.py +++ b/InternalPythonModules/android/oruxmaps.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -72,7 +72,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() skCase = Case.getCurrentCase().getSleuthkitCase() - geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile()) + geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile(), context.getJobId()) poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois" poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString) @@ -96,9 +96,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, self._MODULE_NAME) + blackboard.postArtifact(artifact, self._MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/sbrowser.py b/InternalPythonModules/android/sbrowser.py index 41e9790c5b..75b56d5807 100644 --- a/InternalPythonModules/android/sbrowser.py +++ b/InternalPythonModules/android/sbrowser.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -87,7 +87,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for sbrowserDb in sbrowserDbs: try: sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, sbrowserDb.getDBFile()) + self._MODULE_NAME, sbrowserDb.getDBFile(), context.getJobId()) bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL") if bookmarkResultSet is not None: while bookmarkResultSet.next(): @@ -115,7 +115,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for cookiesDb in cookiesDbs: try: cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, cookiesDb.getDBFile()) + self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId()) cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies") if cookiesResultSet is not None: while cookiesResultSet.next(): @@ -145,7 +145,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for historyDb in historyDbs: try: historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, historyDb.getDBFile()) + self._MODULE_NAME, historyDb.getDBFile(), context.getJobId()) historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") if historyResultSet is not None: while historyResultSet.next(): @@ -174,7 +174,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for downloadsDb in downloadsDbs: try: downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, downloadsDb.getDBFile()) + self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId()) queryString = "SELECT target_path, start_time, url FROM downloads"\ " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" downloadsResultSet = downloadsDb.runQuery(queryString) @@ -203,7 +203,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for autofillDb in autofillDbs: try: autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, autofillDb.getDBFile()) + self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId()) queryString = """ SELECT name, value, count, date_created FROM autofill @@ -236,7 +236,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for webFormAddressDb in webFormAddressDbs: try: webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, webFormAddressDb.getDBFile()) + self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId()) """ Autofill form data is split across multiple tables. The quqery below joins the various tables. """ diff --git a/InternalPythonModules/android/shareit.py b/InternalPythonModules/android/shareit.py index dc9c549f23..b1f0af8314 100644 --- a/InternalPythonModules/android/shareit.py +++ b/InternalPythonModules/android/shareit.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -85,7 +85,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, historyDb.getDBFile(), - Account.Type.SHAREIT) + Account.Type.SHAREIT, context.getJobId()) queryString = """ SELECT history_type, device_id, device_name, description, timestamp, file_path diff --git a/InternalPythonModules/android/skype.py b/InternalPythonModules/android/skype.py index 908a7da451..fbf185dfbe 100644 --- a/InternalPythonModules/android/skype.py +++ b/InternalPythonModules/android/skype.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -129,13 +129,13 @@ class SkypeAnalyzer(general.AndroidComponentAnalyzer): if user_account_instance is None: helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - skype_db.getDBFile(), Account.Type.SKYPE + skype_db.getDBFile(), Account.Type.SKYPE, context.getJobId() ) else: helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, skype_db.getDBFile(), Account.Type.SKYPE, - Account.Type.SKYPE, user_account_instance + Account.Type.SKYPE, user_account_instance, context.getJobId() ) self.parse_contacts(skype_db, helper) self.parse_calllogs(skype_db, helper) diff --git a/InternalPythonModules/android/tangomessage.py b/InternalPythonModules/android/tangomessage.py index a7b9cd888d..bb5256781b 100644 --- a/InternalPythonModules/android/tangomessage.py +++ b/InternalPythonModules/android/tangomessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -72,7 +72,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME) for tangoDbFile in tangoDbFiles: try: - self.__findTangoMessagesInDB(tangoDbFile, dataSource) + self.__findTangoMessagesInDB(tangoDbFile, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -80,7 +80,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): # Error finding Tango messages. pass - def __findTangoMessagesInDB(self, tangoDb, dataSource): + def __findTangoMessagesInDB(self, tangoDb, dataSource, context): if not tangoDb: return @@ -91,7 +91,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, tangoDb.getDBFile(), - Account.Type.TANGO ) + Account.Type.TANGO, context.getJobId()) resultSet = tangoDb.runQuery( "SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;") diff --git a/InternalPythonModules/android/textmessage.py b/InternalPythonModules/android/textmessage.py index 3c46ea7d2d..05777d0c69 100644 --- a/InternalPythonModules/android/textmessage.py +++ b/InternalPythonModules/android/textmessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -80,12 +80,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, messageDb.getDBFile(), - Account.Type.PHONE, Account.Type.IMO, selfAccountId ) + Account.Type.PHONE, Account.Type.IMO, selfAccountId, context.getJobId()) else: messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, messageDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) uuid = UUID.randomUUID().toString() messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;") diff --git a/InternalPythonModules/android/textnow.py b/InternalPythonModules/android/textnow.py index 005e1191dd..1043dab1a0 100644 --- a/InternalPythonModules/android/textnow.py +++ b/InternalPythonModules/android/textnow.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,7 +91,7 @@ class TextNowAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - textnow_db.getDBFile(), Account.Type.TEXTNOW + textnow_db.getDBFile(), Account.Type.TEXTNOW, context.getJobId() ) self.parse_contacts(textnow_db, helper) self.parse_calllogs(textnow_db, helper) diff --git a/InternalPythonModules/android/viber.py b/InternalPythonModules/android/viber.py index cd8fed0854..9626f5d285 100644 --- a/InternalPythonModules/android/viber.py +++ b/InternalPythonModules/android/viber.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,7 +91,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_and_calllog_db.getDBFile(), Account.Type.VIBER) + contact_and_calllog_db.getDBFile(), Account.Type.VIBER, context.getJobId()) self.parse_contacts(contact_and_calllog_db, helper) self.parse_calllogs(contact_and_calllog_db, helper) @@ -100,7 +100,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - message_db.getDBFile(), Account.Type.VIBER) + message_db.getDBFile(), Account.Type.VIBER, context.getJobId()) self.parse_messages(message_db, helper, current_case) except NoCurrentCaseException as ex: @@ -131,9 +131,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): attributes = ArrayList() attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name())) artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes) - - # Post the artifact to blackboard - current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME) + current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME, context.getJobId()) contacts_parser.close() except SQLException as ex: diff --git a/InternalPythonModules/android/whatsapp.py b/InternalPythonModules/android/whatsapp.py index e392fdf24c..6d9e0b5ea7 100644 --- a/InternalPythonModules/android/whatsapp.py +++ b/InternalPythonModules/android/whatsapp.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -145,14 +145,14 @@ class WhatsAppAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_db.getDBFile(), Account.Type.WHATSAPP) + contact_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId()) self.parse_contacts(contact_db, helper) for calllog_and_message_db in calllog_and_message_dbs: current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP) + calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId()) self.parse_calllogs(calllog_and_message_db, helper) self.parse_messages(dataSource, calllog_and_message_db, helper, current_case) diff --git a/InternalPythonModules/android/wwfmessage.py b/InternalPythonModules/android/wwfmessage.py index da3d343ad3..9cb95a411a 100644 --- a/InternalPythonModules/android/wwfmessage.py +++ b/InternalPythonModules/android/wwfmessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -78,7 +78,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME) for wwfDbFile in wwfDbFiles: try: - self.__findWWFMessagesInDB(wwfDbFile, dataSource) + self.__findWWFMessagesInDB(wwfDbFile, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -88,7 +88,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) pass - def __findWWFMessagesInDB(self, wwfDb, dataSource): + def __findWWFMessagesInDB(self, wwfDb, dataSource, context): if not wwfDb: return @@ -98,7 +98,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, wwfDb.getDBFile(), - wwfAccountType ) + wwfAccountType, context.getJobId()) uuid = UUID.randomUUID().toString() diff --git a/InternalPythonModules/android/xender.py b/InternalPythonModules/android/xender.py index 2ca86d2045..b1d1dcc8e3 100644 --- a/InternalPythonModules/android/xender.py +++ b/InternalPythonModules/android/xender.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,11 +91,11 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): if selfAccountId is not None: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), - Account.Type.XENDER, Account.Type.XENDER, selfAccountId ) + Account.Type.XENDER, Account.Type.XENDER, selfAccountId, context.getJobId()) else: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), - Account.Type.XENDER) + Account.Type.XENDER, context.getJobId()) queryString = """ SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id, diff --git a/InternalPythonModules/android/zapya.py b/InternalPythonModules/android/zapya.py index 2801b17b68..8f653f2531 100644 --- a/InternalPythonModules/android/zapya.py +++ b/InternalPythonModules/android/zapya.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -81,7 +81,7 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): # transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transferDb.getDBFile(), - Account.Type.ZAPYA) + Account.Type.ZAPYA, context.getJobId()) queryString = "SELECT device, name, direction, createtime, path, title FROM transfer" transfersResultSet = transferDb.runQuery(queryString) diff --git a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py index 27f9be6161..a0ad098623 100644 --- a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py +++ b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py @@ -172,8 +172,7 @@ class ContactsDbIngestModule(DataSourceIngestModule): )) try: - # index the artifact for keyword search - blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName) + blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py index f58a156170..da4c21f560 100644 --- a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py +++ b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py @@ -146,7 +146,7 @@ class ContactsDbIngestModule(DataSourceIngestModule): # Create an instance of the helper class # TODO - Replace with your parser name and Account.Type helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), - ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE) + ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE, context.getJobId()) # Iterate through each row and create artifacts while result_set.next(): diff --git a/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py b/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py index 5bf710e9d5..8dc5a59763 100644 --- a/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py +++ b/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py @@ -92,11 +92,15 @@ class FindBigRoundFilesIngestModule(FileIngestModule): def log(self, level, msg): self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) + def __init__(self): + self.context = None + # Where any setup and configuration is done # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # TODO: Add any setup code that you need here. def startUp(self, context): + self.context = context self.filesFound = 0 # Throw an IngestModule.IngestModuleException exception if there was a problem setting up @@ -130,8 +134,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule): "Big and Round Files"))).getAnalysisResult() try: - # post the artifact for listeners of artifact events - blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName) + blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/Registry_Example.py b/pythonExamples/Registry_Example.py index f99ead8086..94041bf9e7 100644 --- a/pythonExamples/Registry_Example.py +++ b/pythonExamples/Registry_Example.py @@ -207,9 +207,8 @@ class RegistryExampleIngestModule(DataSourceIngestModule): BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3]) )) - # index the artifact for keyword search try: - blackboard.postArtifact(art, moduleName) + blackboard.postArtifact(art, moduleName, context.getJobId()) except Blackboard.BlackboardException as ex: self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex) diff --git a/pythonExamples/dataSourceIngestModule.py b/pythonExamples/dataSourceIngestModule.py index ecb4f01477..502d535b21 100644 --- a/pythonExamples/dataSourceIngestModule.py +++ b/pythonExamples/dataSourceIngestModule.py @@ -146,8 +146,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule): None, "Test file", None, attrs).getAnalysisResult() try: - # post the artifact for listeners of artifact events. - blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName) + blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/fileIngestModule.py b/pythonExamples/fileIngestModule.py index f72f1c4792..50b2478697 100644 --- a/pythonExamples/fileIngestModule.py +++ b/pythonExamples/fileIngestModule.py @@ -94,11 +94,15 @@ class SampleJythonFileIngestModule(FileIngestModule): def log(self, level, msg): self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) + def __init__(self): + self.context = None + # Where any setup and configuration is done # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # TODO: Add any setup code that you need here. def startUp(self, context): + self.context = context self.filesFound = 0 # Throw an IngestModule.IngestModuleException exception if there was a problem setting up @@ -134,8 +138,7 @@ class SampleJythonFileIngestModule(FileIngestModule): None, "Text Files", None, attrs).getAnalysisResult() try: - # post the artifact for listeners of artifact events - blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName) + blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) From 986d0fa0f88edf1a817ce0b8f6b2f69d2c482659 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Thu, 28 Oct 2021 10:18:16 -0400 Subject: [PATCH 15/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- InternalPythonModules/android/cachelocation.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/InternalPythonModules/android/cachelocation.py b/InternalPythonModules/android/cachelocation.py index f8e672963a..15879e99b8 100644 --- a/InternalPythonModules/android/cachelocation.py +++ b/InternalPythonModules/android/cachelocation.py @@ -103,7 +103,7 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer): # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence)) try: blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId(), context.getJobId()) + blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) From c6352732025eae90437192917858552cfdabd84e Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Thu, 28 Oct 2021 12:50:09 -0400 Subject: [PATCH 16/28] 8106 remove deprecated call to getArtifactByArtifactId in message content viewer --- .../contentviewers/artifactviewers/MessageArtifactWorker.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java b/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java index 14d06dd805..e15a9fba4a 100755 --- a/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java +++ b/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java @@ -149,7 +149,8 @@ class MessageArtifactWorker extends SwingWorker getAssociatedArtifact(final BlackboardArtifact artifact) throws TskCoreException { BlackboardAttribute attribute = artifact.getAttribute(TSK_ASSOCIATED_TYPE); if (attribute != null) { - return Optional.of(artifact.getSleuthkitCase().getArtifactByArtifactId(attribute.getValueLong())); + //in the context of the Message content viewer the assoicated artifact will always be a data artifact + return Optional.of(artifact.getSleuthkitCase().getBlackboard().getDataArtifactById(attribute.getValueLong())); } return Optional.empty(); } From 7cb2bbc958d9b0a3eabe975deb79491fe2233e7f Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Thu, 28 Oct 2021 16:34:32 -0400 Subject: [PATCH 17/28] 8106-remove call to deprecated getBlackboardArtifacts from TableReportGenerator --- .../infrastructure/TableReportGenerator.java | 31 +++++++++---------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/infrastructure/TableReportGenerator.java b/Core/src/org/sleuthkit/autopsy/report/infrastructure/TableReportGenerator.java index bdb895bec6..0ab92ddd8c 100644 --- a/Core/src/org/sleuthkit/autopsy/report/infrastructure/TableReportGenerator.java +++ b/Core/src/org/sleuthkit/autopsy/report/infrastructure/TableReportGenerator.java @@ -45,7 +45,6 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.casemodule.services.TagsManager; import org.sleuthkit.autopsy.coreutils.ImageUtils; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.report.ReportProgressPanel; import static org.sleuthkit.autopsy.casemodule.services.TagsManager.getNotableTagLabel; import org.sleuthkit.autopsy.coreutils.TimeZoneUtils; @@ -358,7 +357,7 @@ class TableReportGenerator { // Give the modules the rows for the content tags. for (ContentTag tag : tags) { try { - if(shouldFilterFromReport(tag.getContent())) { + if (shouldFilterFromReport(tag.getContent())) { continue; } } catch (TskCoreException ex) { @@ -366,7 +365,7 @@ class TableReportGenerator { logger.log(Level.SEVERE, "Failed to access content data from the case database.", ex); //NON-NLS return; } - + // skip tags that we are not reporting on String notableString = tag.getName().getKnownStatus() == TskData.FileKnown.BAD ? TagsManager.getNotableTagLabel() : ""; if (passesTagNamesFilter(tag.getName().getDisplayName() + notableString) == false) { @@ -451,15 +450,15 @@ class TableReportGenerator { // Give the modules the rows for the content tags. for (BlackboardArtifactTag tag : tags) { try { - if(shouldFilterFromReport(tag.getContent())) { + if (shouldFilterFromReport(tag.getContent())) { continue; } - } catch (TskCoreException ex) { + } catch (TskCoreException ex) { errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedGetBBArtifactTags")); logger.log(Level.SEVERE, "Failed to access content data from the case database.", ex); //NON-NLS return; } - + String notableString = tag.getName().getKnownStatus() == TskData.FileKnown.BAD ? TagsManager.getNotableTagLabel() : ""; if (passesTagNamesFilter(tag.getName().getDisplayName() + notableString) == false) { continue; @@ -813,7 +812,7 @@ class TableReportGenerator { AbstractFile f = openCase.getSleuthkitCase().getAbstractFileById(objId); if (f != null) { uniquePath = openCase.getSleuthkitCase().getAbstractFileById(objId).getUniquePath(); - if(shouldFilterFromReport(f)) { + if (shouldFilterFromReport(f)) { continue; } } @@ -973,7 +972,7 @@ class TableReportGenerator { AbstractFile f = openCase.getSleuthkitCase().getAbstractFileById(objId); if (f != null) { uniquePath = openCase.getSleuthkitCase().getAbstractFileById(objId).getUniquePath(); - if(shouldFilterFromReport(f)) { + if (shouldFilterFromReport(f)) { continue; } } @@ -1217,11 +1216,11 @@ class TableReportGenerator { private List getFilteredArtifacts(BlackboardArtifact.Type type, HashSet tagNamesFilter) { List artifacts = new ArrayList<>(); try { - for (BlackboardArtifact artifact : Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboardArtifacts(type.getTypeID())) { - if(shouldFilterFromReport(artifact)) { + for (BlackboardArtifact artifact : Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().getArtifacts(Collections.singletonList(type), settings.getSelectedDataSources())) { + if (shouldFilterFromReport(artifact)) { continue; } - + List tags = Case.getCurrentCaseThrows().getServices().getTagsManager().getBlackboardArtifactTagsByArtifact(artifact); HashSet uniqueTagNames = new HashSet<>(); for (BlackboardArtifactTag tag : tags) { @@ -1339,7 +1338,7 @@ class TableReportGenerator { new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH))); columns.add(new AttributeColumn(NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.dateTime"), - new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED ))); + new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED))); attributeTypeSet.remove(new Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID)); } else if (BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG.getTypeID() == artifactTypeId) { @@ -1817,19 +1816,19 @@ class TableReportGenerator { return ""; } - + /** * Indicates if the content should be filtered from the report. */ private boolean shouldFilterFromReport(Content content) throws TskCoreException { - if(this.settings.getSelectedDataSources() == null) { + if (this.settings.getSelectedDataSources() == null) { return false; } - + if (content.getDataSource() == null) { return false; } - + long dataSourceId = content.getDataSource().getId(); return !this.settings.getSelectedDataSources().contains(dataSourceId); } From 581d5fd4bc65320c43b04688fd4aed754904181f Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 29 Oct 2021 11:06:00 -0400 Subject: [PATCH 18/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../casemodule/services/Blackboard.java | 4 +- .../autopsy/ingest/IngestServices.java | 4 +- .../ILeappAnalyzerIngestModule.java | 4 +- .../leappanalyzers/LeappFileProcessor.java | 63 ++++++++++--------- .../ObjectDetectectionFileIngestModule.java | 4 +- .../volatilityDSP/VolatilityProcessor.java | 4 +- InternalPythonModules/android/contact.py | 2 +- .../AdHocSearchChildFactory.java | 4 +- .../keywordsearch/IngestSearchRunner.java | 4 +- .../KeywordSearchIngestModule.java | 2 +- .../autopsy/keywordsearch/QueryResults.java | 20 +++--- .../autopsy/recentactivity/Chromium.java | 4 +- .../ThunderbirdMboxFileIngestModule.java | 6 +- .../thunderbirdparser/VcardParser.java | 2 +- 14 files changed, 64 insertions(+), 63 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java b/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java index 99fbb652c5..28065dacbc 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2015-2019 Basis Technology Corp. + * Copyright 2015-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,7 +56,7 @@ public final class Blackboard implements Closeable { @Deprecated public synchronized void indexArtifact(BlackboardArtifact artifact) throws BlackboardException { try { - Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, ""); + Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifact(artifact, "", null); } catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) { throw new BlackboardException(ex.getMessage(), ex); } diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java index e2dd585582..ede9a6ea83 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java @@ -33,7 +33,7 @@ import org.sleuthkit.datamodel.SleuthkitCase; */ public final class IngestServices { - private static Logger logger = Logger.getLogger(IngestServices.class.getName()); + private final static Logger logger = Logger.getLogger(IngestServices.class.getName()); private static IngestServices instance = null; /** @@ -115,7 +115,7 @@ public final class IngestServices { public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) { try { Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); - blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName()); + blackboard.postArtifacts(moduleDataEvent.getArtifacts(), moduleDataEvent.getModuleName(), null); } catch (NoCurrentCaseException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Failed to post artifacts", ex); } diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java index cf89294aff..c3afd036d8 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ILeappAnalyzerIngestModule.java @@ -333,7 +333,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule { * added to reports */ private void addILeappReportToReports(Path iLeappOutputDir, Case currentCase) { - List allIndexFiles = new ArrayList<>(); + List allIndexFiles; try (Stream walk = Files.walk(iLeappOutputDir)) { @@ -402,7 +402,7 @@ public class ILeappAnalyzerIngestModule implements DataSourceIngestModule { String fileName = FilenameUtils.getName(ffp); String filePath = FilenameUtils.getPath(ffp); - List iLeappFiles = new ArrayList<>(); + List iLeappFiles; try { if (filePath.isEmpty()) { iLeappFiles = fileManager.findFiles(dataSource, fileName); //NON-NLS diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 4015f79dbf..daf554ac5b 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -194,7 +194,7 @@ public final class LeappFileProcessor { .put("call history.tsv", "calllog") .build(); - Blackboard blkBoard; + private final Blackboard blkBoard; public LeappFileProcessor(String xmlFile, String moduleName, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException { this.tsvFiles = new HashMap<>(); @@ -351,10 +351,10 @@ public final class LeappFileProcessor { AbstractFile geoAbstractFile = null; if (LeappFile == null || !LeappFile.exists() || fileName == null) { - logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "")); + logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile != null ? LeappFile.toString() : "")); return; } else if (attrList == null || artifactType == null || dataSource == null) { - logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile == null ? LeappFile.toString() : "")); + logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile.toString())); return; } @@ -435,7 +435,7 @@ public final class LeappFileProcessor { Long dateTime = Long.valueOf(0); Collection otherAttributes = new ArrayList<>(); String sourceFile = null; - AbstractFile absFile = null; + AbstractFile absFile; String comment = ""; try { @@ -538,13 +538,10 @@ public final class LeappFileProcessor { if (absFile == null) { absFile = (AbstractFile) dataSource; } - if ((trackpointSegmentName == null) || (trackpointSegmentName == segmentName)) { - trackpointSegmentName = segmentName; + if ((trackpointSegmentName == null) || (trackpointSegmentName.equals(segmentName))) { pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); } else { (new GeoArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, comment, absFile, context.getJobId())).addTrack(segmentName, pointList, new ArrayList<>()); - trackpointSegmentName = segmentName; - pointList = new GeoTrackPoints(); pointList.addPoint(new TrackPoint(latitude, longitude, altitude, segmentName, zeroValue, zeroValue, zeroValue, dateTime)); } @@ -575,7 +572,7 @@ public final class LeappFileProcessor { List otherAttributes = new ArrayList<>(); List fileAttachments = new ArrayList<>(); String sourceFile = null; - MessageAttachments messageAttachments = null; + MessageAttachments messageAttachments; try { for (BlackboardAttribute bba : bbattributes) { @@ -637,22 +634,23 @@ public final class LeappFileProcessor { if (absFile == null) { absFile = (AbstractFile) dataSource; } - CommunicationArtifactsHelper accountArtifact; + CommunicationArtifactsHelper accountHelper; Account.Type accountType = getAccountType(fileName); if (alternateId == null) { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, absFile, accountType, context.getJobId()); } else { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } - BlackboardArtifact messageArtifact = accountArtifact.addMessage(messageType, communicationDirection, senderId, + BlackboardArtifact messageArtifact = accountHelper.addMessage(messageType, communicationDirection, senderId, receipentId, dateTime, messageStatus, subject, messageText, threadId, otherAttributes); if (!fileAttachments.isEmpty()) { messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>()); - accountArtifact.addAttachments(messageArtifact, messageAttachments); + accountHelper.addAttachments(messageArtifact, messageAttachments); } + blkBoard.postArtifact(messageArtifact, moduleName, context.getJobId()); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS } @@ -714,15 +712,15 @@ public final class LeappFileProcessor { Account.Type accountType = getAccountType(fileName); if (accountType != null) { - CommunicationArtifactsHelper accountArtifact; + CommunicationArtifactsHelper accountHelper; if (alternateId == null) { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, absFile, accountType, context.getJobId()); } else { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } - BlackboardArtifact messageArtifact = accountArtifact.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes); + BlackboardArtifact messageArtifact = accountHelper.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes); } } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_contact_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS @@ -784,7 +782,7 @@ public final class LeappFileProcessor { } } - if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING) { + if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING && callerId != null) { String[] calleeTempList = callerId.split(",", 0); calleeId = Arrays.asList(calleeTempList); callerId = null; @@ -794,15 +792,15 @@ public final class LeappFileProcessor { absFile = (AbstractFile) dataSource; } Account.Type accountType = getAccountType(fileName); - CommunicationArtifactsHelper accountArtifact; + CommunicationArtifactsHelper accountHelper; if (accountType != null) { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, absFile, accountType, context.getJobId()); } else { - accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), + accountHelper = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(), moduleName, absFile, accountType, accountType, alternateId, context.getJobId()); } - BlackboardArtifact callLogArtifact = accountArtifact.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes); + accountHelper.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_calllog_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS } @@ -929,7 +927,7 @@ public final class LeappFileProcessor { String formattedValue = formatValueBasedOnAttrType(colAttr, value); - BlackboardAttribute attr = (value == null) ? null : getAttribute(colAttr.getAttributeType(), formattedValue, fileName); + BlackboardAttribute attr = getAttribute(colAttr.getAttributeType(), formattedValue, fileName); if (attr == null) { logger.log(Level.WARNING, String.format("Blackboard attribute could not be parsed column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName)); return Collections.emptyList(); @@ -999,7 +997,7 @@ public final class LeappFileProcessor { (v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v).longValue())); case DOUBLE: return parseAttrValue(value.trim(), attrType, fileName, true, false, - (v) -> new BlackboardAttribute(attrType, moduleName, (double) Double.valueOf(v))); + (v) -> new BlackboardAttribute(attrType, moduleName, Double.valueOf(v))); case BYTE: return parseAttrValue(value.trim(), attrType, fileName, true, false, (v) -> new BlackboardAttribute(attrType, moduleName, new byte[]{Byte.valueOf(v)})); @@ -1050,20 +1048,20 @@ public final class LeappFileProcessor { private BlackboardAttribute parseAttrValue(String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) { // remove non-printable characters from tsv input // https://stackoverflow.com/a/6199346 - value = value.replaceAll("\\p{C}", ""); + String sanitizedValue = value.replaceAll("\\p{C}", ""); - if (blankIsNull && StringUtils.isBlank(value)) { + if (blankIsNull && StringUtils.isBlank(sanitizedValue)) { return null; } - if (zeroIsNull && value.matches("^\\s*[0\\.]*\\s*$")) { + if (zeroIsNull && sanitizedValue.matches("^\\s*[0\\.]*\\s*$")) { return null; } try { - return valueConverter.apply(value); + return valueConverter.apply(sanitizedValue); } catch (NumberFormatException | ParseException ex) { - logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", value, attrType.getValueType().getLabel(), fileName), ex); + logger.log(Level.WARNING, String.format("Unable to format '%s' as value type %s while converting to attributes from %s.", sanitizedValue, attrType.getValueType().getLabel(), fileName), ex); return null; } } @@ -1185,10 +1183,13 @@ public final class LeappFileProcessor { if (columnName == null) { logger.log(Level.SEVERE, String.format("No column name provided for [%s]", getXmlAttrIdentifier(parentName, attributeName))); + continue; } else if (columnName.trim().length() != columnName.length()) { logger.log(Level.SEVERE, String.format("Column name '%s' starts or ends with whitespace for [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName))); + continue; } else if (columnName.matches("[^ \\S]")) { logger.log(Level.SEVERE, String.format("Column name '%s' contains invalid characters [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName))); + continue; } TsvColumn thisCol = new TsvColumn( @@ -1230,7 +1231,7 @@ public final class LeappFileProcessor { case ANALYSIS_RESULT: return dataSource.newAnalysisResult(artType, Score.SCORE_UNKNOWN, null, null, null, bbattributes).getAnalysisResult(); default: - logger.log(Level.SEVERE, "Unknown category type: " + artType.getCategory().getDisplayName()); + logger.log(Level.SEVERE, String.format("Unknown category type: %s", artType.getCategory().getDisplayName())); return null; } } catch (TskException ex) { diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java index 08a5be91d3..eee83e16ef 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -177,7 +177,7 @@ public class ObjectDetectectionFileIngestModule extends FileIngestModuleAdapter /* * Index the artifact for keyword search. */ - blackboard.postArtifact(artifact, MODULE_NAME); + blackboard.postArtifact(artifact, MODULE_NAME, jobId); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS } diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java index 5cd15156a1..0efa6cbfc4 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java @@ -1,7 +1,7 @@ /* * Autopsy * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -390,7 +390,7 @@ class VolatilityProcessor { try { // index the artifact for keyword search - blackboard.postArtifact(volArtifact, VOLATILITY); + blackboard.postArtifact(volArtifact, VOLATILITY, null); } catch (Blackboard.BlackboardException ex) { errorMsgs.add(Bundle.VolatilityProcessor_errorMessage_failedToIndexArtifact(pluginName)); /* diff --git a/InternalPythonModules/android/contact.py b/InternalPythonModules/android/contact.py index 2ebd744eb1..5d5e181fdd 100644 --- a/InternalPythonModules/android/contact.py +++ b/InternalPythonModules/android/contact.py @@ -158,7 +158,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): phoneNumber, # phoneNumber, None, # homePhoneNumber, None, # mobilePhoneNumber, - emailAddr) # emailAddr + emailAddr, context.getJobId()) # emailAddr except SQLException as ex: self._logger.log(Level.WARNING, "Error processing query result for Android messages.", ex) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java index d01e8837c3..4dfc014598 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AdHocSearchChildFactory.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -426,7 +426,7 @@ class AdHocSearchChildFactory extends ChildFactory { final String queryDisp = queryStr.length() > QUERY_DISPLAY_LEN ? queryStr.substring(0, QUERY_DISPLAY_LEN - 1) + " ..." : queryStr; try { progress = ProgressHandle.createHandle(NbBundle.getMessage(this.getClass(), "KeywordSearchResultFactory.progress.saving", queryDisp), () -> BlackboardResultWriter.this.cancel(true)); - hits.process(progress, null, this, false, saveResults); + hits.process(progress, null, this, false, saveResults, null); } finally { finalizeWorker(); } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java index 937c9567fd..383abbd3af 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IngestSearchRunner.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014 - 2017 Basis Technology Corp. + * Copyright 2014 - 2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -564,7 +564,7 @@ final class IngestSearchRunner { subProgresses[keywordsSearched].progress(keywordList.getName() + ": " + queryDisplayStr, unitProgress); // Create blackboard artifacts - newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true); + newResults.process(null, subProgresses[keywordsSearched], this, keywordList.getIngestMessages(), true, job.getJobId()); } //if has results diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index d350bfea6d..3140916f5e 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -648,7 +648,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule { } if (!bbartifacts.isEmpty()) { try { - Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName); + Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().postArtifacts(bbartifacts, moduleName, jobId); } catch (NoCurrentCaseException | Blackboard.BlackboardException ex) { // Log error and return to continue processing logger.log(Level.WARNING, String.format("Unable to post blackboard artifacts for file $s.", aFile.getParentPath() + aFile.getName()), ex); //NON-NLS diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java index ce72c2cf69..40ed7db43d 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2018 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,7 +35,8 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.coreutils.EscapeUtil; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.ingest.IngestMessage; -import org.sleuthkit.autopsy.ingest.IngestServices;; +import org.sleuthkit.autopsy.ingest.IngestServices; +; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -64,7 +65,7 @@ class QueryResults { * and publishing an event to notify subscribers of the blackboard posts. * * The KeywordSearchQuery is used to do the blackboard posts. - * + * * @param query The query. */ QueryResults(KeywordSearchQuery query) { @@ -141,9 +142,10 @@ class QueryResults { * messages inbox if there is a keyword hit in the text * exrtacted from the text source object. * @param saveResults Flag whether to save search results as KWS artifacts. - * + * @param ingestJobId The numeric identifier of the ingest job within which + * the artifacts are being created, may be null. */ - void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker worker, boolean notifyInbox, boolean saveResults) { + void process(ProgressHandle progress, ProgressContributor subProgress, SwingWorker worker, boolean notifyInbox, boolean saveResults, Long ingestJobId) { /* * Initialize the progress indicator to the number of keywords that will * be processed. @@ -218,15 +220,15 @@ class QueryResults { } catch (TskCoreException | NoCurrentCaseException tskCoreException) { logger.log(Level.SEVERE, "Failed to get text source object for keyword hit", tskCoreException); //NON-NLS } - + if ((content != null) && saveResults) { /* - * Post an artifact for the hit to the blackboard. + * Post an artifact for the hit to the blackboard. */ BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName()); /* - * Send an ingest inbox message for the hit. + * Send an ingest inbox message for the hit. */ if (null != artifact) { hitArtifacts.add(artifact); @@ -253,7 +255,7 @@ class QueryResults { SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase(); Blackboard blackboard = tskCase.getBlackboard(); - blackboard.postArtifacts(hitArtifacts, MODULE_NAME); + blackboard.postArtifacts(hitArtifacts, MODULE_NAME, ingestJobId); } catch (NoCurrentCaseException | Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Failed to post KWH artifact to blackboard.", ex); //NON-NLS } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java index bbbf128c72..357f10b8a7 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java @@ -54,8 +54,6 @@ import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; -import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.Content; @@ -939,7 +937,7 @@ class Chromium extends Extract { WebBrowserArtifactsHelper helper = new WebBrowserArtifactsHelper( Case.getCurrentCaseThrows().getSleuthkitCase(), NbBundle.getMessage(this.getClass(), "Chrome.parentModuleName"), - webDataFile + webDataFile, context.getJobId() ); // Get Web form addresses diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java index ddeb88e7da..516b786c7d 100644 --- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java +++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2020 Basis Technology Corp. + * Copyright 2012-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -255,7 +255,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule { try { // index the artifact for keyword search - blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_processPst_indexError_message(), artifact.getDisplayName()); logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS @@ -786,7 +786,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule { try { // index the artifact for keyword search - blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName()); + blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_addArtifact_indexError_message(), bbart.getDisplayName()); diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java index 845e1f2a1c..f83025cbb8 100755 --- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java +++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java @@ -243,7 +243,7 @@ final class VcardParser { // Index the artifact for keyword search. try { - blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName()); + blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName(), context.getJobId()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(Bundle.VcardParser_addContactArtifact_indexError(), artifact.getDisplayName()); From 3784040408dd047966e3e98fb958e7098b63e8e9 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 29 Oct 2021 11:28:15 -0400 Subject: [PATCH 19/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- .../autopsy/modules/leappanalyzers/LeappFileProcessor.java | 1 - 1 file changed, 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index daf554ac5b..8b500820d2 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -650,7 +650,6 @@ public final class LeappFileProcessor { messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>()); accountHelper.addAttachments(messageArtifact, messageAttachments); } - blkBoard.postArtifact(messageArtifact, moduleName, context.getJobId()); } catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) { throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS } From 9356cc3f7a8d03c23d96726bb8cfdf0116f9c052 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 29 Oct 2021 13:47:59 -0400 Subject: [PATCH 20/28] 7673 Allow helpers to call correct Blackboard.postArtifacts() API --- InternalPythonModules/android/operabrowser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/InternalPythonModules/android/operabrowser.py b/InternalPythonModules/android/operabrowser.py index 04e4c34f10..d9e59defb7 100644 --- a/InternalPythonModules/android/operabrowser.py +++ b/InternalPythonModules/android/operabrowser.py @@ -89,7 +89,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for cookiesDb in cookiesDbs: try: cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, cookiesDb.getDBFile()) + self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId()) cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies") if cookiesResultSet is not None: while cookiesResultSet.next(): From e7697a4dbaeef1ace0aa57fc8ead67edf888d63b Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Fri, 29 Oct 2021 14:07:52 -0400 Subject: [PATCH 21/28] 8106 fix typo in comment --- .../contentviewers/artifactviewers/MessageArtifactWorker.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java b/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java index e15a9fba4a..909d41c08b 100755 --- a/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java +++ b/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/MessageArtifactWorker.java @@ -149,7 +149,7 @@ class MessageArtifactWorker extends SwingWorker getAssociatedArtifact(final BlackboardArtifact artifact) throws TskCoreException { BlackboardAttribute attribute = artifact.getAttribute(TSK_ASSOCIATED_TYPE); if (attribute != null) { - //in the context of the Message content viewer the assoicated artifact will always be a data artifact + //in the context of the Message content viewer the associated artifact will always be a data artifact return Optional.of(artifact.getSleuthkitCase().getBlackboard().getDataArtifactById(attribute.getValueLong())); } return Optional.empty(); From 0e05a288317f2394535b5b798ab4440764ee6186 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Fri, 29 Oct 2021 19:05:45 -0400 Subject: [PATCH 22/28] 8051 adjust display of time in stage --- .../guiutils/DurationCellRenderer.java | 64 +++++++++++-------- .../autoingest/AutoIngestControlPanel.java | 43 +++++++------ .../autoingest/AutoIngestJobsNode.java | 13 ++-- .../autoingest/AutoIngestJobsPanel.java | 13 ++-- .../autoingest/Bundle.properties-MERGED | 6 +- 5 files changed, 80 insertions(+), 59 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java b/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java index 9ab4ec281b..1204ba082e 100644 --- a/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java +++ b/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2015-2017 Basis Technology Corp. + * Copyright 2015-2021 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,68 +19,80 @@ package org.sleuthkit.autopsy.guiutils; import java.awt.Component; +import java.awt.Font; import java.time.Duration; import javax.swing.JTable; -import static javax.swing.SwingConstants.CENTER; /** * A JTable cell renderer that renders a duration represented as a long as a * string with days, hours, minutes, and seconds components. It center-aligns * cell content and grays out the cell if the table is disabled. */ -public class DurationCellRenderer extends GrayableCellRenderer { +public final class DurationCellRenderer extends GrayableCellRenderer { private static final long serialVersionUID = 1L; + private static final char UNIT_SEPARATOR_CHAR = ':'; public DurationCellRenderer() { - setHorizontalAlignment(CENTER); + setHorizontalAlignment(RIGHT); + setFont((new Font("Monospaced", Font.PLAIN, getFont().getSize()))); //display the durations as a monospaced font with the same size as the default font } @Override public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) { if (value instanceof Long) { - { - setText(DurationCellRenderer.longToDurationString((long) value)); - } + setText(DurationCellRenderer.longToDurationString((long) value)); } grayCellIfTableNotEnabled(table, isSelected); return this; } + public static char getUnitSeperator() { + return UNIT_SEPARATOR_CHAR; + } + /** * Convert a duration represented by a long to a human readable string with * with days, hours, minutes, and seconds components. * - * @param duration - the representation of the duration in long form + * @param duration - The representation of the duration in long form. * - * @return - the representation of the duration in String form. + * @return - The representation of the duration in String form. */ public static String longToDurationString(long duration) { Duration d = Duration.ofMillis(duration); if (d.isNegative()) { - d = Duration.ofMillis(-duration); + d = Duration.ofMillis(0); //it being 0 for a few seconds seems preferable to it counting down to 0 then back up from 0 } - - String result; long days = d.toDays(); long hours = d.minusDays(days).toHours(); long minutes = d.minusDays(days).minusHours(hours).toMinutes(); long seconds = d.minusDays(days).minusHours(hours).minusMinutes(minutes).getSeconds(); - - if (minutes > 0) { - if (hours > 0) { - if (days > 0) { - result = days + " d " + hours + " h " + minutes + " m " + seconds + " s"; - } else { - result = hours + " h " + minutes + " m " + seconds + " s"; - } - } else { - result = minutes + " m " + seconds + " s"; - } - } else { - result = seconds + " s"; + if (days < 0) { + days = 0; } - return result; + if (hours < 0) { + hours = 0; + } + if (minutes < 0) { + minutes = 0; + } + if (seconds < 0) { + seconds = 0; + } + StringBuilder results = new StringBuilder(12); + if (days < 99) { + results.append(String.format("%02d", days)); + } else { + results.append(days); //in the off chance something has been running for over 99 days lets allow it to stand out a bit by having as many characters as it needs + } + results.append(UNIT_SEPARATOR_CHAR); + results.append(String.format("%02d", hours)); + results.append(UNIT_SEPARATOR_CHAR); + results.append(String.format("%02d", minutes)); + results.append(UNIT_SEPARATOR_CHAR); + results.append(String.format("%02d", seconds)); + return results.toString(); } } diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestControlPanel.java b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestControlPanel.java index 656b98b278..fdecd191f3 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestControlPanel.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestControlPanel.java @@ -143,7 +143,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { private static final int COMPLETED_TIME_COL_PREFERRED_WIDTH = 280; private static final String UPDATE_TASKS_THREAD_NAME = "AID-update-tasks-%d"; private static final String LOCAL_HOST_NAME = NetworkUtils.getLocalHostName(); - private static final String RUNNING_AS_SERVICE_PROPERTY = "autoingest.runningasservice"; + private static final String RUNNING_AS_SERVICE_PROPERTY = "autoingest.runningasservice"; private static final Logger sysLogger = AutoIngestSystemLogger.getLogger(); private static AutoIngestControlPanel instance; private final DefaultTableModel pendingTableModel; @@ -160,7 +160,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { * Maintain a mapping of each service to it's last status update. */ private final ConcurrentHashMap statusByService; - + /* * The enum is used in conjunction with the DefaultTableModel class to * provide table models for the JTables used to display a view of the @@ -177,7 +177,8 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { "AutoIngestControlPanel.JobsTableModel.ColumnHeader.StartedTime=Stage Started", "AutoIngestControlPanel.JobsTableModel.ColumnHeader.CompletedTime=Job Completed", "AutoIngestControlPanel.JobsTableModel.ColumnHeader.Stage=Stage", - "AutoIngestControlPanel.JobsTableModel.ColumnHeader.StageTime=Time in Stage", + "# {0} - unitSeparator", + "AutoIngestControlPanel.JobsTableModel.ColumnHeader.StageTime=Time in Stage (dd{0}hh{0}mm{0}ss)", "AutoIngestControlPanel.JobsTableModel.ColumnHeader.Status=Status", "AutoIngestControlPanel.JobsTableModel.ColumnHeader.CaseFolder=Case Folder", "AutoIngestControlPanel.JobsTableModel.ColumnHeader.LocalJob= Local Job?", @@ -193,7 +194,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { STARTED_TIME(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.JobsTableModel.ColumnHeader.StartedTime")), COMPLETED_TIME(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.JobsTableModel.ColumnHeader.CompletedTime")), STAGE(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.JobsTableModel.ColumnHeader.Stage")), - STAGE_TIME(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.JobsTableModel.ColumnHeader.StageTime")), + STAGE_TIME(Bundle.AutoIngestControlPanel_JobsTableModel_ColumnHeader_StageTime(DurationCellRenderer.getUnitSeperator())), STATUS(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.JobsTableModel.ColumnHeader.Status")), CASE_DIRECTORY_PATH(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.JobsTableModel.ColumnHeader.CaseFolder")), IS_LOCAL_JOB(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.JobsTableModel.ColumnHeader.LocalJob")), @@ -250,7 +251,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { * controlling automated ingest for a single node within the cluster. */ private AutoIngestControlPanel() { - + this.statusByService = new ConcurrentHashMap<>(); //Disable the main window so they can only use the dashboard (if we used setVisible the taskBar icon would go away) @@ -290,10 +291,10 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { * Update status of the services on the dashboard */ private void displayServicesStatus() { - tbServicesStatusMessage.setText(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.tbServicesStatusMessage.Message", - statusByService.get(ServicesMonitor.Service.REMOTE_CASE_DATABASE.toString()), - statusByService.get(ServicesMonitor.Service.REMOTE_KEYWORD_SEARCH.toString()), - statusByService.get(ServicesMonitor.Service.REMOTE_KEYWORD_SEARCH.toString()), + tbServicesStatusMessage.setText(NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.tbServicesStatusMessage.Message", + statusByService.get(ServicesMonitor.Service.REMOTE_CASE_DATABASE.toString()), + statusByService.get(ServicesMonitor.Service.REMOTE_KEYWORD_SEARCH.toString()), + statusByService.get(ServicesMonitor.Service.REMOTE_KEYWORD_SEARCH.toString()), statusByService.get(ServicesMonitor.Service.MESSAGING.toString()))); String upStatus = NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.tbServicesStatusMessage.Message.Up"); if (statusByService.get(ServicesMonitor.Service.REMOTE_CASE_DATABASE.toString()).compareTo(upStatus) != 0 @@ -304,7 +305,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { tbServicesStatusMessage.setForeground(Color.BLACK); } } - + /** * Queries the services monitor and sets the text for the services status * text box. @@ -411,7 +412,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { column.setMaxWidth(PRIORITY_COLUMN_MAX_WIDTH); column.setPreferredWidth(PRIORITY_COLUMN_PREFERRED_WIDTH); column.setWidth(PRIORITY_COLUMN_PREFERRED_WIDTH); - + column = pendingTable.getColumn(JobsTableModelColumns.OCR.getColumnHeader()); column.setCellRenderer(new OcrIconCellRenderer()); column.setMaxWidth(OCR_COLUMN_MAX_WIDTH); @@ -469,7 +470,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { runningTable.removeColumn(runningTable.getColumn(JobsTableModelColumns.MANIFEST_FILE_PATH.getColumnHeader())); runningTable.removeColumn(runningTable.getColumn(JobsTableModelColumns.PRIORITY.getColumnHeader())); runningTable.removeColumn(runningTable.getColumn(JobsTableModelColumns.OCR.getColumnHeader())); - + /* * Set up a column to display the cases associated with the jobs. */ @@ -566,7 +567,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { completedTable.removeColumn(completedTable.getColumn(JobsTableModelColumns.CASE_DIRECTORY_PATH.getColumnHeader())); completedTable.removeColumn(completedTable.getColumn(JobsTableModelColumns.MANIFEST_FILE_PATH.getColumnHeader())); completedTable.removeColumn(completedTable.getColumn(JobsTableModelColumns.PRIORITY.getColumnHeader())); - + /* * Set up a column to display the cases associated with the jobs. */ @@ -617,7 +618,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { column.setMaxWidth(STATUS_COL_MAX_WIDTH); column.setPreferredWidth(STATUS_COL_PREFERRED_WIDTH); column.setWidth(STATUS_COL_PREFERRED_WIDTH); - + /* * Set up a column to display OCR enabled/disabled flag. */ @@ -732,30 +733,30 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { } PropertyChangeListener propChangeListener = (PropertyChangeEvent evt) -> { - + String serviceDisplayName = ServicesMonitor.Service.valueOf(evt.getPropertyName()).toString(); String status = evt.getNewValue().toString(); - + if (status.equals(ServicesMonitor.ServiceStatus.UP.toString())) { status = NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.tbServicesStatusMessage.Message.Up"); } else if (status.equals(ServicesMonitor.ServiceStatus.DOWN.toString())) { status = NbBundle.getMessage(AutoIngestControlPanel.class, "AutoIngestControlPanel.tbServicesStatusMessage.Message.Down"); sysLogger.log(Level.SEVERE, "Connection to {0} is down", serviceDisplayName); //NON-NLS } - + // if the status update is for an existing service who's status hasn't changed - do nothing. if (statusByService.containsKey(serviceDisplayName) && status.equals(statusByService.get(serviceDisplayName))) { return; } - + statusByService.put(serviceDisplayName, status); displayServicesStatus(); }; - + // Subscribe to all multi-user services in order to display their status Set servicesList = new HashSet<>(); servicesList.add(ServicesMonitor.Service.REMOTE_CASE_DATABASE.toString()); - servicesList.add(ServicesMonitor.Service.REMOTE_KEYWORD_SEARCH.toString()); + servicesList.add(ServicesMonitor.Service.REMOTE_KEYWORD_SEARCH.toString()); servicesList.add(ServicesMonitor.Service.MESSAGING.toString()); ServicesMonitor.getInstance().addSubscriber(servicesList, propChangeListener); @@ -879,7 +880,7 @@ public final class AutoIngestControlPanel extends JPanel implements Observer { case JOB_COMPLETED: case CASE_DELETED: case REPROCESS_JOB: - case OCR_STATE_CHANGE: + case OCR_STATE_CHANGE: updateExecutor.submit(new UpdateAllJobsTablesTask()); break; case PAUSED_BY_USER_REQUEST: diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsNode.java b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsNode.java index 24a1e57fb9..cf982d13a3 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsNode.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsNode.java @@ -53,7 +53,8 @@ final class AutoIngestJobsNode extends AbstractNode { "AutoIngestJobsNode.dataSource.text=Data Source", "AutoIngestJobsNode.hostName.text=Host Name", "AutoIngestJobsNode.stage.text=Stage", - "AutoIngestJobsNode.stageTime.text=Time in Stage", + "# {0} - unitSeparator", + "AutoIngestJobsNode.stageTime.text=Time in Stage (dd{0}hh{0}mm{0}ss)", "AutoIngestJobsNode.jobCreated.text=Job Created", "AutoIngestJobsNode.jobCompleted.text=Job Completed", "AutoIngestJobsNode.priority.text=Prioritized", @@ -345,8 +346,10 @@ final class AutoIngestJobsNode extends AbstractNode { jobWrapper.getProcessingHostName())); ss.put(new NodeProperty<>(Bundle.AutoIngestJobsNode_stage_text(), Bundle.AutoIngestJobsNode_stage_text(), Bundle.AutoIngestJobsNode_stage_text(), status.getDescription())); - ss.put(new NodeProperty<>(Bundle.AutoIngestJobsNode_stageTime_text(), Bundle.AutoIngestJobsNode_stageTime_text(), Bundle.AutoIngestJobsNode_stageTime_text(), - DurationCellRenderer.longToDurationString((Date.from(Instant.now()).getTime()) - (status.getStartDate().getTime())))); + ss.put(new NodeProperty<>(Bundle.AutoIngestJobsNode_stageTime_text(DurationCellRenderer.getUnitSeperator()), + Bundle.AutoIngestJobsNode_stageTime_text(DurationCellRenderer.getUnitSeperator()), + Bundle.AutoIngestJobsNode_stageTime_text(DurationCellRenderer.getUnitSeperator()), + DurationCellRenderer.longToDurationString(Date.from(Instant.now()).getTime() - status.getStartDate().getTime()))); break; case COMPLETED_JOB: ss.put(new NodeProperty<>(Bundle.AutoIngestJobsNode_jobCreated_text(), Bundle.AutoIngestJobsNode_jobCreated_text(), Bundle.AutoIngestJobsNode_jobCreated_text(), @@ -356,7 +359,7 @@ final class AutoIngestJobsNode extends AbstractNode { ss.put(new NodeProperty<>(Bundle.AutoIngestJobsNode_status_text(), Bundle.AutoIngestJobsNode_status_text(), Bundle.AutoIngestJobsNode_status_text(), jobWrapper.getErrorsOccurred() ? StatusIconCellRenderer.Status.WARNING : StatusIconCellRenderer.Status.OK)); ss.put(new NodeProperty<>(Bundle.AutoIngestJobsNode_ocr_text(), Bundle.AutoIngestJobsNode_ocr_text(), Bundle.AutoIngestJobsNode_ocr_text(), - jobWrapper.getOcrEnabled())); + jobWrapper.getOcrEnabled())); break; default: } @@ -377,7 +380,7 @@ final class AutoIngestJobsNode extends AbstractNode { PrioritizationAction.DeprioritizeCaseAction deprioritizeCaseAction = new PrioritizationAction.DeprioritizeCaseAction(jobWrapper.getJob()); deprioritizeCaseAction.setEnabled(jobWrapper.getPriority() > 0); actions.add(deprioritizeCaseAction); - + actions.add(new AutoIngestAdminActions.EnableOCR(jobWrapper.getJob())); AutoIngestAdminActions.DisableOCR disableOCRAction = new AutoIngestAdminActions.DisableOCR(jobWrapper.getJob()); disableOCRAction.setEnabled(jobWrapper.getOcrEnabled() == true); diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsPanel.java b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsPanel.java index d335a35430..12c929d23d 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsPanel.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/AutoIngestJobsPanel.java @@ -31,6 +31,7 @@ import org.sleuthkit.autopsy.datamodel.EmptyNode; import org.sleuthkit.autopsy.experimental.autoingest.AutoIngestJobsNode.AutoIngestJobStatus; import org.sleuthkit.autopsy.experimental.autoingest.AutoIngestJobsNode.JobNode; import org.sleuthkit.autopsy.experimental.autoingest.AutoIngestNodeRefreshEvents.AutoIngestRefreshEvent; +import org.sleuthkit.autopsy.guiutils.DurationCellRenderer; import org.sleuthkit.autopsy.guiutils.StatusIconCellRenderer; /** @@ -64,6 +65,8 @@ final class AutoIngestJobsPanel extends javax.swing.JPanel implements ExplorerMa customize(); } + + /** * Set up the AutoIngestJobsPanel's so that its outlineView is displaying * the correct columns for the specified AutoIngestJobStatus @@ -99,7 +102,8 @@ final class AutoIngestJobsPanel extends javax.swing.JPanel implements ExplorerMa outlineView.setPropertyColumns(Bundle.AutoIngestJobsNode_dataSource_text(), Bundle.AutoIngestJobsNode_dataSource_text(), Bundle.AutoIngestJobsNode_hostName_text(), Bundle.AutoIngestJobsNode_hostName_text(), Bundle.AutoIngestJobsNode_stage_text(), Bundle.AutoIngestJobsNode_stage_text(), - Bundle.AutoIngestJobsNode_stageTime_text(), Bundle.AutoIngestJobsNode_stageTime_text()); + Bundle.AutoIngestJobsNode_stageTime_text(DurationCellRenderer.getUnitSeperator()), + Bundle.AutoIngestJobsNode_stageTime_text(DurationCellRenderer.getUnitSeperator())); indexOfColumn = getColumnIndexByName(Bundle.AutoIngestJobsNode_caseName_text()); if (indexOfColumn != INVALID_INDEX) { outline.setColumnSorted(indexOfColumn, true, 1); @@ -124,7 +128,7 @@ final class AutoIngestJobsPanel extends javax.swing.JPanel implements ExplorerMa if (indexOfColumn != INVALID_INDEX) { outline.getColumnModel().getColumn(indexOfColumn).setPreferredWidth(INITIAL_OCR_WIDTH); outline.getColumnModel().getColumn(indexOfColumn).setCellRenderer(new OcrIconCellRenderer()); - } + } break; default: } @@ -177,8 +181,8 @@ final class AutoIngestJobsPanel extends javax.swing.JPanel implements ExplorerMa * Update the contents of this AutoIngestJobsPanel while retaining currently * selected node. * - * @param refreshEvent - the AutoIngestRefreshEvent which will provide the new - * contents + * @param refreshEvent - the AutoIngestRefreshEvent which will provide the + * new contents */ void refresh(AutoIngestRefreshEvent refreshEvent) { synchronized (this) { @@ -191,7 +195,6 @@ final class AutoIngestJobsPanel extends javax.swing.JPanel implements ExplorerMa } outline.setRowSelectionAllowed(true); outline.setFocusable(true); - } } diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/Bundle.properties-MERGED b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/Bundle.properties-MERGED index 2a1e361537..33de996d54 100755 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/Bundle.properties-MERGED +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/Bundle.properties-MERGED @@ -78,7 +78,8 @@ AutoIngestControlPanel.JobsTableModel.ColumnHeader.ManifestFilePath=\ Manifest F AutoIngestControlPanel.JobsTableModel.ColumnHeader.OCR=OCR AutoIngestControlPanel.JobsTableModel.ColumnHeader.Priority=Prioritized AutoIngestControlPanel.JobsTableModel.ColumnHeader.Stage=Stage -AutoIngestControlPanel.JobsTableModel.ColumnHeader.StageTime=Time in Stage +# {0} - unitSeparator +AutoIngestControlPanel.JobsTableModel.ColumnHeader.StageTime=Time in Stage (dd{0}hh{0}mm{0}ss) AutoIngestControlPanel.JobsTableModel.ColumnHeader.StartedTime=Stage Started AutoIngestControlPanel.JobsTableModel.ColumnHeader.Status=Status AutoIngestControlPanel.OK=OK @@ -140,7 +141,8 @@ AutoIngestJobsNode.prioritized.false=No AutoIngestJobsNode.prioritized.true=Yes AutoIngestJobsNode.priority.text=Prioritized AutoIngestJobsNode.stage.text=Stage -AutoIngestJobsNode.stageTime.text=Time in Stage +# {0} - unitSeparator +AutoIngestJobsNode.stageTime.text=Time in Stage (dd{0}hh{0}mm{0}ss) AutoIngestJobsNode.status.text=Status AutoIngestJobsPanel.waitNode.text=Please Wait... AutoIngestMetricsDialog.initReportText=Select a date above and click the 'Generate Metrics Report' button to generate\na metrics report. From 9e5f229311422fa012f95aa32335882b49b833c8 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Mon, 1 Nov 2021 11:08:17 -0400 Subject: [PATCH 23/28] 8051 changes for consistancy between two Auto Ingest job viewers --- .../org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java b/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java index 1204ba082e..cbc54aadc3 100644 --- a/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java +++ b/Core/src/org/sleuthkit/autopsy/guiutils/DurationCellRenderer.java @@ -19,7 +19,6 @@ package org.sleuthkit.autopsy.guiutils; import java.awt.Component; -import java.awt.Font; import java.time.Duration; import javax.swing.JTable; @@ -34,8 +33,7 @@ public final class DurationCellRenderer extends GrayableCellRenderer { private static final char UNIT_SEPARATOR_CHAR = ':'; public DurationCellRenderer() { - setHorizontalAlignment(RIGHT); - setFont((new Font("Monospaced", Font.PLAIN, getFont().getSize()))); //display the durations as a monospaced font with the same size as the default font + setHorizontalAlignment(LEFT); } @Override From e7d4464614b23907e0c3fb4af2f023974d34da43 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 2 Nov 2021 19:10:53 -0400 Subject: [PATCH 24/28] change query and get common counts --- .../autopsy/datamodel/accounts/Accounts.java | 56 +++++++++---------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java index beac329f52..e16158161f 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java @@ -268,27 +268,8 @@ final public class Accounts implements AutopsyVisitableItem { @Override protected long fetchChildCount(SleuthkitCase skCase) throws TskCoreException { long count = 0; - String dataSourceFilterClause = (filteringDSObjId > 0) - ? " AND " + filteringDSObjId + " IN (SELECT art.data_source_obj_id FROM blackboard_artifacts art WHERE art.artifact_id = attr.artifact_id)" - : ""; - - String accountTypesInUseQuery - = "SELECT COUNT(attr.value_text) AS count" - + " FROM blackboard_attributes attr" - + " WHERE attr.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE.getTypeID() - + " AND attr.artifact_type_id = " + BlackboardArtifact.Type.TSK_ACCOUNT.getTypeID() - + dataSourceFilterClause - + " GROUP BY attr.value_text"; - - try (SleuthkitCase.CaseDbQuery executeQuery = skCase.executeQuery(accountTypesInUseQuery); - ResultSet resultSet = executeQuery.getResultSet()) { - - if (resultSet.next()) { - count = resultSet.getLong("count"); - } - - } catch (TskCoreException | SQLException ex) { - LOGGER.log(Level.SEVERE, "Error querying for count of all account types", ex); + if (Accounts.this.accountTypeResults != null) { + count = Accounts.this.accountTypeResults.getTotal(); } return count; } @@ -329,18 +310,35 @@ final public class Accounts implements AutopsyVisitableItem { return types; } + /** + * Calculates the total count of accounts based on the values in the + * map. + * + * @return The total count. + */ + Long getTotal() { + return counts.values().stream() + .mapToLong(lng -> lng) + .sum(); + } + /** * Queries the database and updates the counts for each account type. */ private void update() { String accountTypesInUseQuery - = "SELECT blackboard_attributes.value_text as account_type, COUNT(*) as count " - + " FROM blackboard_artifacts " //NON-NLS - + " JOIN blackboard_attributes ON blackboard_artifacts.artifact_id = blackboard_attributes.artifact_id " //NON-NLS - + " WHERE blackboard_artifacts.artifact_type_id = " + TSK_ACCOUNT.getTypeID() //NON-NLS - + " AND blackboard_attributes.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE.getTypeID() //NON-NLS - + getFilterByDataSourceClause() - + " GROUP BY blackboard_attributes.value_text "; + = "SELECT res.account_type, COUNT(*) AS count\n" + + "FROM (\n" + + " SELECT MIN(blackboard_attributes.value_text) AS account_type\n" + + " FROM blackboard_artifacts\n" + + " LEFT JOIN blackboard_attributes ON blackboard_artifacts.artifact_id = blackboard_attributes.artifact_id\n" + + " WHERE blackboard_artifacts.artifact_type_id = " + TSK_ACCOUNT.getTypeID() + "\n" + + " AND blackboard_attributes.attribute_type_id = " + BlackboardAttribute.Type.TSK_ACCOUNT_TYPE.getTypeID() + "\n" + + getFilterByDataSourceClause() + "\n" + + " -- group by artifact_id to ensure only one account type per artifact\n" + + " GROUP BY blackboard_artifacts.artifact_id\n" + + ") res\n" + + "GROUP BY res.account_type"; try (SleuthkitCase.CaseDbQuery executeQuery = skCase.executeQuery(accountTypesInUseQuery); ResultSet resultSet = executeQuery.getResultSet()) { @@ -1466,7 +1464,7 @@ final public class Accounts implements AutopsyVisitableItem { @Override public Action[] getActions(boolean context) { Action[] actions = super.getActions(context); - ArrayList arrayList = new ArrayList<>(); + ArrayList arrayList = new ArrayList<>(); try { arrayList.addAll(DataModelActionsFactory.getActions(Accounts.this.skCase.getContentById(fileKey.getObjID()), false)); } catch (TskCoreException ex) { From 5b8707f50c98394603946048466c499ebd267bdd Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 3 Nov 2021 08:39:35 -0400 Subject: [PATCH 25/28] fix for updates --- .../autopsy/datamodel/accounts/Accounts.java | 31 ++++++++++++++++--- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java index e16158161f..ed9801762b 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java @@ -267,11 +267,32 @@ final public class Accounts implements AutopsyVisitableItem { @Override protected long fetchChildCount(SleuthkitCase skCase) throws TskCoreException { - long count = 0; - if (Accounts.this.accountTypeResults != null) { - count = Accounts.this.accountTypeResults.getTotal(); + String accountTypesInUseQuery + = "SELECT COUNT(*) AS count\n" + + "FROM (\n" + + " SELECT MIN(blackboard_attributes.value_text) AS account_type\n" + + " FROM blackboard_artifacts\n" + + " LEFT JOIN blackboard_attributes ON blackboard_artifacts.artifact_id = blackboard_attributes.artifact_id\n" + + " WHERE blackboard_artifacts.artifact_type_id = " + TSK_ACCOUNT.getTypeID() + "\n" + + " AND blackboard_attributes.attribute_type_id = " + BlackboardAttribute.Type.TSK_ACCOUNT_TYPE.getTypeID() + "\n" + + " AND blackboard_attributes.value_text IS NOT NULL\n" + + getFilterByDataSourceClause() + "\n" + + " -- group by artifact_id to ensure only one account type per artifact\n" + + " GROUP BY blackboard_artifacts.artifact_id\n" + + ") res\n"; + + try (SleuthkitCase.CaseDbQuery executeQuery = skCase.executeQuery(accountTypesInUseQuery); + ResultSet resultSet = executeQuery.getResultSet()) { + + if (resultSet.next()) { + return resultSet.getLong("count"); + } + + } catch (TskCoreException | SQLException ex) { + LOGGER.log(Level.SEVERE, "Error querying for count of all account types", ex); } - return count; + + return 0; } } @@ -334,7 +355,7 @@ final public class Accounts implements AutopsyVisitableItem { + " LEFT JOIN blackboard_attributes ON blackboard_artifacts.artifact_id = blackboard_attributes.artifact_id\n" + " WHERE blackboard_artifacts.artifact_type_id = " + TSK_ACCOUNT.getTypeID() + "\n" + " AND blackboard_attributes.attribute_type_id = " + BlackboardAttribute.Type.TSK_ACCOUNT_TYPE.getTypeID() + "\n" - + getFilterByDataSourceClause() + "\n" + + getFilterByDataSourceClause() + "\n" + " -- group by artifact_id to ensure only one account type per artifact\n" + " GROUP BY blackboard_artifacts.artifact_id\n" + ") res\n" From 5d75b4852116de6b44e44fb95ac537e81f64a421 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Fri, 5 Nov 2021 14:06:20 -0400 Subject: [PATCH 26/28] remove unused method --- .../autopsy/datamodel/accounts/Accounts.java | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java index ed9801762b..2d60714cfd 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java @@ -308,18 +308,6 @@ final public class Accounts implements AutopsyVisitableItem { update(); } - /** - * Given the type name of the Account.Type, provides the count of those - * type. - * - * @param accountType The type name of the Account.Type. - * - * @return The number of results found for the given account type. - */ - Long getCount(String accountType) { - return counts.get(accountType); - } - /** * Retrieves an alphabetically organized list of all the account types. * From 4c90f891f05123b72941986991e14d14fab674a3 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Fri, 5 Nov 2021 14:08:37 -0400 Subject: [PATCH 27/28] remove unused method --- .../autopsy/datamodel/accounts/Accounts.java | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java index 2d60714cfd..ede9c3dc22 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java @@ -308,6 +308,18 @@ final public class Accounts implements AutopsyVisitableItem { update(); } + /** + * Given the type name of the Account.Type, provides the count of those + * type. + * + * @param accountType The type name of the Account.Type. + * + * @return The number of results found for the given account type. + */ + Long getCount(String accountType) { + return counts.get(accountType); + } + /** * Retrieves an alphabetically organized list of all the account types. * @@ -319,18 +331,6 @@ final public class Accounts implements AutopsyVisitableItem { return types; } - /** - * Calculates the total count of accounts based on the values in the - * map. - * - * @return The total count. - */ - Long getTotal() { - return counts.values().stream() - .mapToLong(lng -> lng) - .sum(); - } - /** * Queries the database and updates the counts for each account type. */ From ca198a0ebcd2fa72f1edd4b96d1e360276337114 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Fri, 5 Nov 2021 14:26:17 -0400 Subject: [PATCH 28/28] update on ingest finish --- Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java | 1 + 1 file changed, 1 insertion(+) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java index ede9c3dc22..2895402337 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java @@ -411,6 +411,7 @@ final public class Accounts implements AutopsyVisitableItem { */ try { Case.getCurrentCaseThrows(); + accountTypeResults.update(); refresh(true); } catch (NoCurrentCaseException notUsed) { // Case is closed, do nothing.