mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

change case and filemanager initialization; make log entries severe

Browse Source
This commit is contained in:
millmanorama 2019-03-21 17:09:48 +01:00
parent 63772d6bb6
commit f43c968af9
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java
View File

@ -78,15 +78,14 @@ public class PlasoIngestModule implements DataSourceIngestModule {
private static final String LOG2TIMELINE_EXECUTABLE = "Log2timeline.exe"; private static final String LOG2TIMELINE_EXECUTABLE = "Log2timeline.exe";
private static final String PSORT_EXECUTABLE = "psort.exe"; private static final String PSORT_EXECUTABLE = "psort.exe";
private final Case currentCase = Case.getCurrentCase();
private final FileManager fileManager = currentCase.getServices().getFileManager();
private IngestJobContext context; private IngestJobContext context;
private File log2TimeLineExecutable; private File log2TimeLineExecutable;
private File psortExecutable; private File psortExecutable;
private Image image; private Image image;
private AbstractFile previousFile = null; // cache used when looking up files in Autopsy DB private AbstractFile previousFile = null; // cache used when looking up files in Autopsy DB
private Case currentCase;
private FileManager fileManager;
PlasoIngestModule() { PlasoIngestModule() {
} }
@ -98,6 +97,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
@Override @Override
public void startUp(IngestJobContext context) throws IngestModuleException { public void startUp(IngestJobContext context) throws IngestModuleException {
this.context = context; this.context = context;
log2TimeLineExecutable = locateExecutable(LOG2TIMELINE_EXECUTABLE); log2TimeLineExecutable = locateExecutable(LOG2TIMELINE_EXECUTABLE);
if (this.log2TimeLineExecutable == null) { if (this.log2TimeLineExecutable == null) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_log2timeline_executable_not_found()); logger.log(Level.SEVERE, Bundle.PlasoIngestModule_log2timeline_executable_not_found());
@ -127,6 +127,8 @@ public class PlasoIngestModule implements DataSourceIngestModule {
@Override @Override
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) { public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
statusHelper.switchToDeterminate(100); statusHelper.switchToDeterminate(100);
currentCase = Case.getCurrentCase();
fileManager = currentCase.getServices().getFileManager();
if (!(dataSource instanceof Image)) { if (!(dataSource instanceof Image)) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_dataSource_not_an_image()); logger.log(Level.SEVERE, Bundle.PlasoIngestModule_dataSource_not_an_image());
@ -268,9 +270,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
"PlasoIngestModule_error_posting_artifact=Error Posting Artifact ", "PlasoIngestModule_error_posting_artifact=Error Posting Artifact ",
"PlasoIngestModule_create_artifacts_cancelled=Cancelled Plaso Artifact Creation "}) "PlasoIngestModule_create_artifacts_cancelled=Cancelled Plaso Artifact Creation "})
private void createPlasoArtifacts(String plasoDb, DataSourceIngestModuleProgress statusHelper) { private void createPlasoArtifacts(String plasoDb, DataSourceIngestModuleProgress statusHelper) {
Blackboard blackboard = currentCase.getSleuthkitCase().getBlackboard();
SleuthkitCase sleuthkitCase = Case.getCurrentCase().getSleuthkitCase();
Blackboard blackboard = sleuthkitCase.getBlackboard();
String connectionString = "jdbc:sqlite:" + plasoDb; //NON-NLS String connectionString = "jdbc:sqlite:" + plasoDb; //NON-NLS
String sqlStatement = "SELECT substr(filename,1) AS filename, " String sqlStatement = "SELECT substr(filename,1) AS filename, "
+ " strftime('%s', datetime) AS 'epoch_date'," + " strftime('%s', datetime) AS 'epoch_date',"
@ -291,7 +291,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
return; return;
} }
//TODO: Why don't we filter these in the sql? //TODO: Why don't we filter these in the sql? can we disable the parsers/plugins for these events?
// lots of bad dates // lots of bad dates
String sourceType = resultSet.getString("sourcetype"); String sourceType = resultSet.getString("sourcetype");
if (sourceType.equals("PE Import Time")) { if (sourceType.equals("PE Import Time")) {
@ -338,11 +338,10 @@ public class PlasoIngestModule implements DataSourceIngestModule {
*/ */
blackboard.postArtifact(bbart, MODULE_NAME); blackboard.postArtifact(bbart, MODULE_NAME);
} catch (BlackboardException ex) { } catch (BlackboardException ex) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_exception_posting_artifact(), ex); //NON-NLS logger.log(Level.SEVERE, Bundle.PlasoIngestModule_exception_posting_artifact(), ex); //NON-NLS
} }
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_exception_adding_artifact(), ex); logger.log(Level.SEVERE, Bundle.PlasoIngestModule_exception_adding_artifact(), ex);
} }
} }
} catch (SQLException ex) { } catch (SQLException ex) {