mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changed image-level ingest to data-source Content-level ingest.

Browse Source 
Related changes, such as FileManager API adjustments and fixes in client code.
Simplifications in RecentActivity logic to get files per current data source (no need to use deprecated method)
This commit is contained in:
adam-m 2013-06-07 18:49:59 -04:00
parent 10d2897a23
commit fbe2dd76eb
23 changed files with 375 additions and 434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
Core/src/org/sleuthkit/autopsy/casemodule/services/FileManager.java
View File

@ -27,7 +27,6 @@ import java.io.IOException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import org.openide.util.Exceptions;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode; import org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
@ -35,10 +34,7 @@ import org.sleuthkit.autopsy.ingest.ModuleContentEvent;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.DerivedFile; import org.sleuthkit.datamodel.DerivedFile;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.LocalFile; import org.sleuthkit.datamodel.LocalFile;
import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
import org.sleuthkit.datamodel.VirtualDirectory; import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile; import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
@ -81,57 +77,57 @@ public class FileManager implements Closeable {
} }
/** /**
* @param image image where to find files * @param dataSource data source Content (Image, parent-less VirtualDirectory) where to find files
* @param fileName the name of the file or directory to match * @param fileName the name of the file or directory to match
* @return a list of FsContent for files/directories whose name matches the * @return a list of AbstractFile for files/directories whose name matches the
* given fileName * given fileName
*/ */
public synchronized List<FsContent> findFiles(Image image, String fileName) throws TskCoreException { public synchronized List<AbstractFile> findFiles(Content dataSource, String fileName) throws TskCoreException {
if (tskCase == null) { if (tskCase == null) {
throw new TskCoreException("Attempted to use FileManager after it was closed."); throw new TskCoreException("Attempted to use FileManager after it was closed.");
} }
return tskCase.findFiles(image, fileName); return tskCase.findFiles(dataSource, fileName);
} }
/** /**
* @param image image where to find files * @param dataSource data source Content (Image, parent-less VirtualDirectory) where to find files
* @param fileName the name of the file or directory to match * @param fileName the name of the file or directory to match
* @param dirName the name of a parent directory of fileName * @param dirName the name of a parent directory of fileName
* @return a list of FsContent for files/directories whose name matches * @return a list of AbstractFile for files/directories whose name matches
* fileName and whose parent directory contains dirName. * fileName and whose parent directory contains dirName.
*/ */
public synchronized List<FsContent> findFiles(Image image, String fileName, String dirName) throws TskCoreException { public synchronized List<AbstractFile> findFiles(Content dataSource, String fileName, String dirName) throws TskCoreException {
if (tskCase == null) { if (tskCase == null) {
throw new TskCoreException("Attempted to use FileManager after it was closed."); throw new TskCoreException("Attempted to use FileManager after it was closed.");
} }
return tskCase.findFiles(image, fileName, dirName); return tskCase.findFiles(dataSource, fileName, dirName);
} }
/** /**
* @param image image where to find files * @param dataSource data source Content (Image, parent-less VirtualDirectory) where to find files
* @param fileName the name of the file or directory to match * @param fileName the name of the file or directory to match
* @param parentFsContent * @param parentFile parent file/dir of the file to find
* @return a list of FsContent for files/directories whose name matches * @return a list of AbstractFile for files/directories whose name matches
* fileName and that were inside a directory described by parentFsContent. * fileName and that were inside a directory described by parentFsContent.
*/ */
public synchronized List<FsContent> findFiles(Image image, String fileName, FsContent parentFsContent) throws TskCoreException { public synchronized List<AbstractFile> findFiles(Content dataSource, String fileName, AbstractFile parentFile) throws TskCoreException {
if (tskCase == null) { if (tskCase == null) {
throw new TskCoreException("Attempted to use FileManager after it was closed."); throw new TskCoreException("Attempted to use FileManager after it was closed.");
} }
return findFiles(image, fileName, parentFsContent.getName()); return findFiles(dataSource, fileName, parentFile.getName());
} }
/** /**
* @param image image where to find files * @param dataSource data source Content (Image, parent-less VirtualDirectory) where to find files
* @param filePath The full path to the file(s) of interest. This can * @param filePath The full path to the file(s) of interest. This can
* optionally include the image and volume names. * optionally include the image and volume names.
* @return a list of FsContent that have the given file path. * @return a list of AbstractFile that have the given file path.
*/ */
public synchronized List<FsContent> openFiles(Image image, String filePath) throws TskCoreException { public synchronized List<AbstractFile> openFiles(Content dataSource, String filePath) throws TskCoreException {
if (tskCase == null) { if (tskCase == null) {
throw new TskCoreException("Attempted to use FileManager after it was closed."); throw new TskCoreException("Attempted to use FileManager after it was closed.");
} }
return tskCase.openFiles(image, filePath); return tskCase.openFiles(dataSource, filePath);
} }
/** /**

55
Core/src/org/sleuthkit/autopsy/ingest/IngestImageThread.java → Core/src/org/sleuthkit/autopsy/ingest/IngestDataSourceThread.java
View File

@ -18,7 +18,7 @@
*/ */
package org.sleuthkit.autopsy.ingest; package org.sleuthkit.autopsy.ingest;
//ingester worker for image queue //ingester worker for DataSource queue
import java.awt.EventQueue; import java.awt.EventQueue;
import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock;
@ -32,37 +32,36 @@ import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.coreutils.StopWatch; import org.sleuthkit.autopsy.coreutils.StopWatch;
import org.sleuthkit.autopsy.ingest.IngestManager.IngestModuleEvent; import org.sleuthkit.autopsy.ingest.IngestManager.IngestModuleEvent;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.Image;
/** /**
* Worker thread that runs an image-level ingest module. * Worker thread that runs a data source-level ingest module (image, file set virt dir, etc).
* Used to process only a single image and single module. * Used to process only a single data-source and single module.
*/ */
public class IngestImageThread extends SwingWorker<Void, Void> { public class IngestDataSourceThread extends SwingWorker<Void, Void> {
private final Logger logger = Logger.getLogger(IngestImageThread.class.getName()); private final Logger logger = Logger.getLogger(IngestDataSourceThread.class.getName());
private ProgressHandle progress; private ProgressHandle progress;
private final PipelineContext<IngestModuleImage>pipelineContext; private final PipelineContext<IngestModuleDataSource>pipelineContext;
private final Image image; private final Content dataSource;
private final IngestModuleImage module; private final IngestModuleDataSource module;
private IngestImageWorkerController controller; private IngestDataSourceWorkerController controller;
private final IngestManager manager; private final IngestManager manager;
private final IngestModuleInit init; private final IngestModuleInit init;
//current method of enqueuing image ingest modules with locks and internal lock queue //current method of enqueuing data source ingest modules with locks and internal lock queue
//allows to init, run and complete a single image ingest module at time //ensures that we init, run and complete a single data source ingest module at a time
//uses fairness policy to run them in order enqueued //uses fairness policy to run them in order enqueued
//TODO use a real queue and manager to allow multiple different modules to run in parallel //TODO use a real queue and manager to allow multiple different modules to run in parallel
private static final Lock imageIngestModuleLock = new ReentrantReadWriteLock(true).writeLock(); private static final Lock dataSourceIngestModuleLock = new ReentrantReadWriteLock(true).writeLock();
IngestImageThread(IngestManager manager, PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestModuleImage module, IngestModuleInit init) { IngestDataSourceThread(IngestManager manager, PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestModuleDataSource module, IngestModuleInit init) {
this.manager = manager; this.manager = manager;
this.pipelineContext = pipelineContext; this.pipelineContext = pipelineContext;
this.image = image; this.dataSource = dataSource;
this.module = module; this.module = module;
this.init = init; this.init = init;
} }
PipelineContext<IngestModuleImage>getContext() { PipelineContext<IngestModuleDataSource>getContext() {
return pipelineContext; return pipelineContext;
} }
@ -70,7 +69,7 @@ public class IngestImageThread extends SwingWorker<Void, Void> {
return pipelineContext.getScheduledTask().getContent(); return pipelineContext.getScheduledTask().getContent();
} }
IngestModuleImage getModule() { IngestModuleDataSource getModule() {
return module; return module;
} }
@ -79,21 +78,21 @@ public class IngestImageThread extends SwingWorker<Void, Void> {
logger.log(Level.INFO, "Pending module: " + module.getName()); logger.log(Level.INFO, "Pending module: " + module.getName());
final String displayName = module.getName() + " image id:" + image.getId(); final String displayName = module.getName() + " dataSource id:" + dataSource.getId();
progress = ProgressHandleFactory.createHandle(displayName + " (Pending...)", new Cancellable() { progress = ProgressHandleFactory.createHandle(displayName + " (Pending...)", new Cancellable() {
@Override @Override
public boolean cancel() { public boolean cancel() {
logger.log(Level.INFO, "Image ingest module " + module.getName() + " cancelled by user."); logger.log(Level.INFO, "DataSource ingest module " + module.getName() + " cancelled by user.");
if (progress != null) { if (progress != null) {
progress.setDisplayName(displayName + " (Cancelling...)"); progress.setDisplayName(displayName + " (Cancelling...)");
} }
return IngestImageThread.this.cancel(true); return IngestDataSourceThread.this.cancel(true);
} }
}); });
progress.start(); progress.start();
progress.switchToIndeterminate(); progress.switchToIndeterminate();
imageIngestModuleLock.lock(); dataSourceIngestModuleLock.lock();
try { try {
if (this.isCancelled()) { if (this.isCancelled()) {
logger.log(Level.INFO, "Cancelled while pending, module: " + module.getName()); logger.log(Level.INFO, "Cancelled while pending, module: " + module.getName());
@ -114,26 +113,26 @@ public class IngestImageThread extends SwingWorker<Void, Void> {
logger.log(Level.INFO, "Starting processing of module: " + module.getName()); logger.log(Level.INFO, "Starting processing of module: " + module.getName());
controller = new IngestImageWorkerController(this, progress); controller = new IngestDataSourceWorkerController(this, progress);
if (isCancelled()) { if (isCancelled()) {
logger.log(Level.INFO, "Terminating image ingest module " + module.getName() + " due to cancellation."); logger.log(Level.INFO, "Terminating DataSource ingest module " + module.getName() + " due to cancellation.");
return Void.TYPE.newInstance(); return Void.TYPE.newInstance();
} }
final StopWatch timer = new StopWatch(); final StopWatch timer = new StopWatch();
timer.start(); timer.start();
try { try {
module.process(pipelineContext, image, controller); module.process(pipelineContext, dataSource, controller);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.WARNING, "Exception in module: " + module.getName() + " image: " + image.getName(), e); logger.log(Level.WARNING, "Exception in module: " + module.getName() + " DataSource: " + dataSource.getName(), e);
} finally { } finally {
timer.stop(); timer.stop();
logger.log(Level.INFO, "Done processing of module: " + module.getName() logger.log(Level.INFO, "Done processing of module: " + module.getName()
+ " took " + timer.getElapsedTimeSecs() + " secs. to process()"); + " took " + timer.getElapsedTimeSecs() + " secs. to process()");
//cleanup queues (worker and image/module) //cleanup queues (worker and DataSource/module)
manager.removeImageIngestWorker(this); manager.removeDataSourceIngestWorker(this);
if (!this.isCancelled()) { if (!this.isCancelled()) {
logger.log(Level.INFO, "Module " + module.getName() + " completed"); logger.log(Level.INFO, "Module " + module.getName() + " completed");
@ -157,7 +156,7 @@ public class IngestImageThread extends SwingWorker<Void, Void> {
return Void.TYPE.newInstance(); return Void.TYPE.newInstance();
} finally { } finally {
//release the lock so next module can run //release the lock so next module can run
imageIngestModuleLock.unlock(); dataSourceIngestModuleLock.unlock();
EventQueue.invokeLater(new Runnable() { EventQueue.invokeLater(new Runnable() {
@Override @Override
public void run() { public void run() {

12
Core/src/org/sleuthkit/autopsy/ingest/IngestImageWorkerController.java → Core/src/org/sleuthkit/autopsy/ingest/IngestDataSourceWorkerController.java
View File

@ -21,20 +21,20 @@ package org.sleuthkit.autopsy.ingest;
import org.netbeans.api.progress.ProgressHandle; import org.netbeans.api.progress.ProgressHandle;
/** /**
* Controller for image level ingest modules * Controller for DataSource level ingest modules
* Used by modules to check task status and to post progress to * Used by modules to check task status and to post progress to
*/ */
public class IngestImageWorkerController { public class IngestDataSourceWorkerController {
private IngestImageThread worker; private IngestDataSourceThread worker;
private ProgressHandle progress; private ProgressHandle progress;
/** /**
* Instantiate the controller for the worker * Instantiate the controller for the worker
* @param worker underlying image ingest thread * @param worker underlying DataSource ingest thread
* @param progress the progress handle * @param progress the progress handle
*/ */
IngestImageWorkerController(IngestImageThread worker, ProgressHandle progress) { IngestDataSourceWorkerController(IngestDataSourceThread worker, ProgressHandle progress) {
this.worker = worker; this.worker = worker;
this.progress = progress; this.progress = progress;
} }
@ -51,7 +51,7 @@ public class IngestImageWorkerController {
/** /**
* Update the progress bar and switch to determinate mode once number of total work units is known * Update the progress bar and switch to determinate mode once number of total work units is known
* @param workUnits total number of work units for the image ingest task * @param workUnits total number of work units for the DataSource ingest task
*/ */
public void switchToDeterminate(int workUnits) { public void switchToDeterminate(int workUnits) {
if (progress != null) { if (progress != null) {

4
Core/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java
View File

@ -79,8 +79,8 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
private void loadModules() { private void loadModules() {
this.modules.clear(); this.modules.clear();
//this.moduleStates.clear(); maintain the state //this.moduleStates.clear(); maintain the state
Collection<IngestModuleImage> imageModules = manager.enumerateImageModules(); Collection<IngestModuleDataSource> imageModules = manager.enumerateDataSourceModules();
for (final IngestModuleImage module : imageModules) { for (final IngestModuleDataSource module : imageModules) {
addModule(module); addModule(module);
} }
Collection<IngestModuleAbstractFile> fsModules = manager.enumerateAbstractFileModules(); Collection<IngestModuleAbstractFile> fsModules = manager.enumerateAbstractFileModules();

161
Core/src/org/sleuthkit/autopsy/ingest/IngestManager.java
View File

@ -43,7 +43,6 @@ import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestScheduler.FileScheduler.ProcessTask; import org.sleuthkit.autopsy.ingest.IngestScheduler.FileScheduler.ProcessTask;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.Image;
/** /**
* IngestManager sets up and manages ingest modules runs them in a background * IngestManager sets up and manages ingest modules runs them in a background
@ -62,10 +61,10 @@ public class IngestManager {
private final IngestScheduler scheduler; private final IngestScheduler scheduler;
//workers //workers
private IngestAbstractFileProcessor abstractFileIngester; private IngestAbstractFileProcessor abstractFileIngester;
private List<IngestImageThread> imageIngesters; private List<IngestDataSourceThread> dataSourceIngesters;
private SwingWorker<Object, Void> queueWorker; private SwingWorker<Object, Void> queueWorker;
//modules //modules
private List<IngestModuleImage> imageModules; private List<IngestModuleDataSource> dataSourceModules;
private List<IngestModuleAbstractFile> abstractFileModules; private List<IngestModuleAbstractFile> abstractFileModules;
// module return values // module return values
private final Map<String, IngestModuleAbstractFile.ProcessResult> abstractFileModulesRetValues = new HashMap<String, IngestModuleAbstractFile.ProcessResult>(); private final Map<String, IngestModuleAbstractFile.ProcessResult> abstractFileModulesRetValues = new HashMap<String, IngestModuleAbstractFile.ProcessResult>();
@ -127,7 +126,7 @@ public class IngestManager {
private static volatile IngestManager instance; private static volatile IngestManager instance;
private IngestManager() { private IngestManager() {
imageIngesters = new ArrayList<IngestImageThread>(); dataSourceIngesters = new ArrayList<IngestDataSourceThread>();
scheduler = IngestScheduler.getInstance(); scheduler = IngestScheduler.getInstance();
@ -147,11 +146,11 @@ public class IngestManager {
if (evt.getPropertyName().equals(IngestModuleLoader.Event.ModulesReloaded.toString())) { if (evt.getPropertyName().equals(IngestModuleLoader.Event.ModulesReloaded.toString())) {
//TODO might need to not allow to remove modules if they are running //TODO might need to not allow to remove modules if they are running
abstractFileModules = moduleLoader.getAbstractFileIngestModules(); abstractFileModules = moduleLoader.getAbstractFileIngestModules();
imageModules = moduleLoader.getImageIngestModules(); dataSourceModules = moduleLoader.getDataSourceIngestModules();
} }
} }
}); });
imageModules = moduleLoader.getImageIngestModules(); dataSourceModules = moduleLoader.getDataSourceIngestModules();
} catch (IngestModuleLoaderException ex) { } catch (IngestModuleLoaderException ex) {
logger.log(Level.SEVERE, "Error getting module loader"); logger.log(Level.SEVERE, "Error getting module loader");
} }
@ -224,11 +223,11 @@ public class IngestManager {
} }
/** /**
* Multiple image version of execute() method. Enqueues multiple data inputs (Content objects) * Multiple data-sources version of execute() method. Enqueues multiple sources inputs (Content objects)
* and associated modules at once * and associated modules at once
* *
* @param modules modules to execute on every image * @param modules modules to execute on every data source
* @param inputs inputs to enqueue and execute the ingest modules on * @param inputs input data sources to enqueue and execute the ingest modules on
*/ */
public void execute(final List<IngestModuleAbstract> modules, final List<Content> inputs) { public void execute(final List<IngestModuleAbstract> modules, final List<Content> inputs) {
logger.log(Level.INFO, "Will enqueue number of inputs: " + inputs.size() logger.log(Level.INFO, "Will enqueue number of inputs: " + inputs.size()
@ -244,7 +243,7 @@ public class IngestManager {
if (ui != null) { if (ui != null) {
ui.restoreMessages(); ui.restoreMessages();
} }
//logger.log(Level.INFO, "Queues: " + imageQueue.toString() + " " + AbstractFileQueue.toString());
} }
/** /**
@ -258,8 +257,8 @@ public class IngestManager {
* not block and can be called multiple times to enqueue more work to * not block and can be called multiple times to enqueue more work to
* already running background ingest process. * already running background ingest process.
* *
* @param modules modules to execute on the image * @param modules modules to execute on the data source input
* @param input input Content objects to execute the ingest modules on * @param input input data source Content objects to execute the ingest modules on
*/ */
public void execute(final List<IngestModuleAbstract> modules, final Content input) { public void execute(final List<IngestModuleAbstract> modules, final Content input) {
List<Content> inputs = new ArrayList<Content>(); List<Content> inputs = new ArrayList<Content>();
@ -269,7 +268,7 @@ public class IngestManager {
} }
/** /**
* Schedule a file for ingest and add it to ongoing file ingest process on the same image. * Schedule a file for ingest and add it to ongoing file ingest process on the same data source.
* Scheduler updates the current progress. * Scheduler updates the current progress.
* *
* The file to be added is usually a product of a currently ran ingest. * The file to be added is usually a product of a currently ran ingest.
@ -289,14 +288,14 @@ public class IngestManager {
* if AbstractFile module is still running, do nothing and allow it to * if AbstractFile module is still running, do nothing and allow it to
* consume queue otherwise start /restart AbstractFile worker * consume queue otherwise start /restart AbstractFile worker
* *
* image workers run per (module,image). Check if one for the (module,image) * data source ingest workers run per (module,content). Checks if one for the same (module,content)
* is already running otherwise start/restart the worker * is already running otherwise start/restart the worker
*/ */
private synchronized void startAll() { private synchronized void startAll() {
final IngestScheduler.ImageScheduler imageScheduler = scheduler.getImageScheduler(); final IngestScheduler.DataSourceScheduler dataSourceScheduler = scheduler.getDataSourceScheduler();
final IngestScheduler.FileScheduler fileScheduler = scheduler.getFileScheduler(); final IngestScheduler.FileScheduler fileScheduler = scheduler.getFileScheduler();
logger.log(Level.INFO, "Image queue: " + imageScheduler.toString()); logger.log(Level.INFO, "DataSource queue: " + dataSourceScheduler.toString());
logger.log(Level.INFO, "File queue: " + fileScheduler.toString()); logger.log(Level.INFO, "File queue: " + fileScheduler.toString());
if (!ingestMonitor.isRunning()) { if (!ingestMonitor.isRunning()) {
@ -304,45 +303,45 @@ public class IngestManager {
} }
//image ingesters //image ingesters
// cycle through each image in the queue // cycle through each data source content in the queue
while (imageScheduler.hasNext()) { while (dataSourceScheduler.hasNext()) {
//dequeue //dequeue
// get next image and set of modules // get next data source content and set of modules
final ScheduledTask<IngestModuleImage> imageTask = imageScheduler.next(); final ScheduledTask<IngestModuleDataSource> dataSourceTask = dataSourceScheduler.next();
// check if each module for this image is already running // check if each module for this data source content is already running
for (IngestModuleImage taskModule : imageTask.getModules()) { for (IngestModuleDataSource taskModule : dataSourceTask.getModules()) {
boolean alreadyRunning = false; boolean alreadyRunning = false;
for (IngestImageThread worker : imageIngesters) { for (IngestDataSourceThread worker : dataSourceIngesters) {
// ignore threads that are on different images // ignore threads that are on different data sources
if (!worker.getContent().equals(imageTask.getContent())) { if (!worker.getContent().equals(dataSourceTask.getContent())) {
continue; //check next worker continue; //check next worker
} }
//same image, check module (by name, not id, since different instances) //same data source, check module (by name, not id, since different instances)
if (worker.getModule().getName().equals(taskModule.getName())) { if (worker.getModule().getName().equals(taskModule.getName())) {
alreadyRunning = true; alreadyRunning = true;
logger.log(Level.INFO, "Image Ingester <" + imageTask.getContent() logger.log(Level.INFO, "Data Source Ingester <" + dataSourceTask.getContent()
+ ", " + taskModule.getName() + "> is already running"); + ", " + taskModule.getName() + "> is already running");
break; break;
} }
} }
//checked all workers //checked all workers
if (alreadyRunning == false) { if (alreadyRunning == false) {
logger.log(Level.INFO, "Starting new image Ingester <" + imageTask.getContent() logger.log(Level.INFO, "Starting new data source Ingester <" + dataSourceTask.getContent()
+ ", " + taskModule.getName() + ">"); + ", " + taskModule.getName() + ">");
//image modules are now initialized per instance //data source modules are now initialized per instance
IngestModuleInit moduleInit = new IngestModuleInit(); IngestModuleInit moduleInit = new IngestModuleInit();
moduleInit.setModuleArgs(taskModule.getArguments()); moduleInit.setModuleArgs(taskModule.getArguments());
PipelineContext<IngestModuleImage> imagepipelineContext = PipelineContext<IngestModuleDataSource> dataSourcepipelineContext =
new PipelineContext<IngestModuleImage>(imageTask, getProcessUnallocSpace()); new PipelineContext<IngestModuleDataSource>(dataSourceTask, getProcessUnallocSpace());
final IngestImageThread newImageWorker = new IngestImageThread(this, final IngestDataSourceThread newDataSourceWorker = new IngestDataSourceThread(this,
imagepipelineContext, (Image)imageTask.getContent(), taskModule, moduleInit); dataSourcepipelineContext, dataSourceTask.getContent(), taskModule, moduleInit);
imageIngesters.add(newImageWorker); dataSourceIngesters.add(newDataSourceWorker);
//wrap the module in a worker, that will run init, process and complete on the module //wrap the module in a worker, that will run init, process and complete on the module
newImageWorker.execute(); newDataSourceWorker.execute();
IngestManager.fireModuleEvent(IngestModuleEvent.STARTED.toString(), taskModule.getName()); IngestManager.fireModuleEvent(IngestModuleEvent.STARTED.toString(), taskModule.getName());
} }
} }
@ -395,7 +394,7 @@ public class IngestManager {
//empty queues //empty queues
scheduler.getFileScheduler().empty(); scheduler.getFileScheduler().empty();
scheduler.getImageScheduler().empty(); scheduler.getDataSourceScheduler().empty();
//stop module workers //stop module workers
if (abstractFileIngester != null) { if (abstractFileIngester != null) {
@ -420,24 +419,24 @@ public class IngestManager {
} }
List<IngestImageThread> toStop = new ArrayList<IngestImageThread>(); List<IngestDataSourceThread> toStop = new ArrayList<IngestDataSourceThread>();
toStop.addAll(imageIngesters); toStop.addAll(dataSourceIngesters);
for (IngestImageThread imageWorker : toStop) { for (IngestDataSourceThread dataSourceWorker : toStop) {
IngestModuleImage s = imageWorker.getModule(); IngestModuleDataSource s = dataSourceWorker.getModule();
//stop the worker thread if thread is running //stop the worker thread if thread is running
boolean cancelled = imageWorker.cancel(true); boolean cancelled = dataSourceWorker.cancel(true);
if (!cancelled) { if (!cancelled) {
logger.log(Level.INFO, "Unable to cancel image ingest worker for module: " logger.log(Level.INFO, "Unable to cancel data source ingest worker for module: "
+ imageWorker.getModule().getName() + " img: " + imageWorker.getContent().getName()); + dataSourceWorker.getModule().getName() + " data source: " + dataSourceWorker.getContent().getName());
} }
//stop notification to module to cleanup resources //stop notification to module to cleanup resources
if (isModuleRunning(s)) { if (isModuleRunning(s)) {
try { try {
imageWorker.getModule().stop(); dataSourceWorker.getModule().stop();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.WARNING, "Exception while stopping module: " + s.getName(), e); logger.log(Level.WARNING, "Exception while stopping module: " + s.getName(), e);
} }
@ -458,7 +457,7 @@ public class IngestManager {
return true; return true;
} else if (isFileIngestRunning()) { } else if (isFileIngestRunning()) {
return true; return true;
} else if (isImageIngestRunning()) { } else if (isDataSourceIngestRunning()) {
return true; return true;
} else { } else {
return false; return false;
@ -477,7 +476,7 @@ public class IngestManager {
return true; return true;
} }
} }
for (IngestImageThread thread : imageIngesters) { for (IngestDataSourceThread thread : dataSourceIngesters) {
if (isModuleRunning(thread.getModule())) { if (isModuleRunning(thread.getModule())) {
return false; return false;
} }
@ -506,16 +505,16 @@ public class IngestManager {
} }
/** /**
* check the status of the image-level ingest pipeline * check the status of the data-source-level ingest pipeline
*/ */
public synchronized boolean isImageIngestRunning() { public synchronized boolean isDataSourceIngestRunning() {
if (imageIngesters.isEmpty()) { if (dataSourceIngesters.isEmpty()) {
return false; return false;
} }
//in case there are still image ingesters in the queue but already done //in case there are still data source ingesters in the queue but already done
boolean allDone = true; boolean allDone = true;
for (IngestImageThread ii : imageIngesters) { for (IngestDataSourceThread ii : dataSourceIngesters) {
if (ii.isDone() == false) { if (ii.isDone() == false) {
allDone = false; allDone = false;
break; break;
@ -549,13 +548,13 @@ public class IngestManager {
} else { } else {
//image module //data source module
synchronized (this) { synchronized (this) {
if (imageIngesters.isEmpty()) { if (dataSourceIngesters.isEmpty()) {
return false; return false;
} }
IngestImageThread imt = null; IngestDataSourceThread imt = null;
for (IngestImageThread ii : imageIngesters) { for (IngestDataSourceThread ii : dataSourceIngesters) {
if (ii.getModule().equals(module)) { if (ii.getModule().equals(module)) {
imt = ii; imt = ii;
break; break;
@ -639,11 +638,11 @@ public class IngestManager {
} }
/** /**
* helper to return all loaded image modules managed sorted in order as * helper to return all loaded data-source ingest modules managed sorted in order as
* specified in pipeline_config XML * specified in pipeline_config XML
*/ */
public List<IngestModuleImage> enumerateImageModules() { public List<IngestModuleDataSource> enumerateDataSourceModules() {
return moduleLoader.getImageIngestModules(); return moduleLoader.getDataSourceIngestModules();
} }
/** /**
@ -654,11 +653,11 @@ public class IngestManager {
return moduleLoader.getAbstractFileIngestModules(); return moduleLoader.getAbstractFileIngestModules();
} }
//image worker to remove itself when complete or interrupted //data source worker to remove itself when complete or interrupted
void removeImageIngestWorker(IngestImageThread worker) { void removeDataSourceIngestWorker(IngestDataSourceThread worker) {
//remove worker //remove worker
synchronized (this) { synchronized (this) {
imageIngesters.remove(worker); dataSourceIngesters.remove(worker);
} }
} }
@ -674,7 +673,7 @@ public class IngestManager {
private final DateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss"); private final DateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
private final StopWatch timer = new StopWatch(); private final StopWatch timer = new StopWatch();
private IngestModuleAbstract currentModuleForTimer; private IngestModuleAbstract currentModuleForTimer;
//file module timing stats, image module timers are logged in IngestImageThread class //file module timing stats, datasource module timers are logged in IngestDataSourceThread class
private final Map<String, Long> fileModuleTimers = new HashMap<String, Long>(); private final Map<String, Long> fileModuleTimers = new HashMap<String, Long>();
IngestManagerStats() { IngestManagerStats() {
@ -924,7 +923,7 @@ public class IngestManager {
progress.switchToIndeterminate(); progress.switchToIndeterminate();
progress.switchToDeterminate(totalEnqueuedFiles); progress.switchToDeterminate(totalEnqueuedFiles);
} }
if (processedFiles < totalEnqueuedFiles) { //fix for now to handle the same image enqueued twice if (processedFiles < totalEnqueuedFiles) { //fix for now to handle the same datasource Content enqueued twice
++processedFiles; ++processedFiles;
} }
//--totalEnqueuedFiles; //--totalEnqueuedFiles;
@ -999,7 +998,7 @@ public class IngestManager {
} }
} }
/* Thread that adds image/file and module pairs to queues */ /* Thread that adds content/file and module pairs to queues */
private class EnqueueWorker extends SwingWorker<Object, Void> { private class EnqueueWorker extends SwingWorker<Object, Void> {
private List<IngestModuleAbstract> modules; private List<IngestModuleAbstract> modules;
@ -1065,14 +1064,14 @@ public class IngestManager {
private void queueAll(List<IngestModuleAbstract> modules, final List<Content> inputs) { private void queueAll(List<IngestModuleAbstract> modules, final List<Content> inputs) {
final IngestScheduler.ImageScheduler imageScheduler = scheduler.getImageScheduler(); final IngestScheduler.DataSourceScheduler dataSourceScheduler = scheduler.getDataSourceScheduler();
final IngestScheduler.FileScheduler fileScheduler = scheduler.getFileScheduler(); final IngestScheduler.FileScheduler fileScheduler = scheduler.getFileScheduler();
int processed = 0; int processed = 0;
for (Content input : inputs) { for (Content input : inputs) {
final String inputName = input.getName(); final String inputName = input.getName();
final List<IngestModuleImage> imageMods = new ArrayList<IngestModuleImage>(); final List<IngestModuleDataSource> dataSourceMods = new ArrayList<IngestModuleDataSource>();
final List<IngestModuleAbstractFile> fileMods = new ArrayList<IngestModuleAbstractFile>(); final List<IngestModuleAbstractFile> fileMods = new ArrayList<IngestModuleAbstractFile>();
for (IngestModuleAbstract module : modules) { for (IngestModuleAbstract module : modules) {
@ -1085,11 +1084,11 @@ public class IngestManager {
progress.progress(moduleName + " " + inputName, processed); progress.progress(moduleName + " " + inputName, processed);
switch (module.getType()) { switch (module.getType()) {
case Image: case DataSource:
final IngestModuleImage newModuleInstance = final IngestModuleDataSource newModuleInstance =
(IngestModuleImage) moduleLoader.getNewIngestModuleInstance(module); (IngestModuleDataSource) moduleLoader.getNewIngestModuleInstance(module);
if (newModuleInstance != null) { if (newModuleInstance != null) {
imageMods.add(newModuleInstance); dataSourceMods.add(newModuleInstance);
} else { } else {
logger.log(Level.INFO, "Error loading module and adding input " + inputName logger.log(Level.INFO, "Error loading module and adding input " + inputName
+ " with module " + module.getName()); + " with module " + module.getName());
@ -1112,16 +1111,16 @@ public class IngestManager {
//queue to schedulers //queue to schedulers
//queue to image-level ingest pipeline(s) //queue to datasource-level ingest pipeline(s)
final boolean processUnalloc = getProcessUnallocSpace(); final boolean processUnalloc = getProcessUnallocSpace();
final ScheduledTask<IngestModuleImage> imageTask = final ScheduledTask<IngestModuleDataSource> dataSourceTask =
new ScheduledTask<IngestModuleImage>(input, imageMods); new ScheduledTask<IngestModuleDataSource>(input, dataSourceMods);
final PipelineContext<IngestModuleImage> imagepipelineContext = final PipelineContext<IngestModuleDataSource> dataSourcePipelineContext =
new PipelineContext<IngestModuleImage>(imageTask, processUnalloc); new PipelineContext<IngestModuleDataSource>(dataSourceTask, processUnalloc);
logger.log(Level.INFO, "Queing image ingest task: " + imageTask); logger.log(Level.INFO, "Queing data source ingest task: " + dataSourceTask);
progress.progress("Image Ingest" + " " + inputName, processed); progress.progress("DataSource Ingest" + " " + inputName, processed);
imageScheduler.schedule(imagepipelineContext); dataSourceScheduler.schedule(dataSourcePipelineContext);
progress.progress("Image Ingest" + " " + inputName, ++processed); progress.progress("DataSource Ingest" + " " + inputName, ++processed);
//queue to file-level ingest pipeline //queue to file-level ingest pipeline
final ScheduledTask<IngestModuleAbstractFile> fTask = final ScheduledTask<IngestModuleAbstractFile> fTask =
@ -1133,7 +1132,7 @@ public class IngestManager {
fileScheduler.schedule(filepipelineContext); fileScheduler.schedule(filepipelineContext);
progress.progress("File Ingest" + " " + inputName, ++processed); progress.progress("File Ingest" + " " + inputName, ++processed);
} //for images } //for data sources
//logger.log(Level.INFO, AbstractFileQueue.printQueue()); //logger.log(Level.INFO, AbstractFileQueue.printQueue());
@ -1143,7 +1142,7 @@ public class IngestManager {
logger.log(Level.SEVERE, "Error while enqueing files. ", ex); logger.log(Level.SEVERE, "Error while enqueing files. ", ex);
//empty queues //empty queues
scheduler.getFileScheduler().empty(); scheduler.getFileScheduler().empty();
scheduler.getImageScheduler().empty(); scheduler.getDataSourceScheduler().empty();
} }
} }
} }

2
Core/src/org/sleuthkit/autopsy/ingest/IngestMessagePanel.java
View File

@ -350,7 +350,7 @@ class IngestMessagePanel extends JPanel implements TableModelListener {
for (IngestModuleAbstract module : manager.enumerateAbstractFileModules()) { for (IngestModuleAbstract module : manager.enumerateAbstractFileModules()) {
groupings.put(module, new HashMap<String, List<IngestMessageGroup>>()); groupings.put(module, new HashMap<String, List<IngestMessageGroup>>());
} }
for (IngestModuleAbstract module : manager.enumerateImageModules()) { for (IngestModuleAbstract module : manager.enumerateDataSourceModules()) {
groupings.put(module, new HashMap<String, List<IngestMessageGroup>>()); groupings.put(module, new HashMap<String, List<IngestMessageGroup>>());
} }
} }

4
Core/src/org/sleuthkit/autopsy/ingest/IngestMessageTopComponent.java
View File

@ -39,7 +39,7 @@ import org.openide.windows.WindowManager;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Content;
/** /**
* Top component which displays something. * Top component which displays something.
@ -327,7 +327,7 @@ public final class IngestMessageTopComponent extends TopComponent implements Ing
} }
@Override @Override
public void displayIngestDialog(final Image image) { public void displayIngestDialog(final Content ingestDataSource) {
/* /*
final IngestDialog ingestDialog = new IngestDialog(); final IngestDialog ingestDialog = new IngestDialog();
ingestDialog.setImage(image); ingestDialog.setImage(image);

6
Core/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstract.java
View File

@ -32,9 +32,9 @@ public abstract class IngestModuleAbstract {
*/ */
public enum ModuleType { public enum ModuleType {
/** /**
* Image type module * DataSource type module
*/ */
Image, DataSource,
/** /**
* AbstractFile type module * AbstractFile type module
@ -94,7 +94,7 @@ public abstract class IngestModuleAbstract {
abstract public String getDescription(); abstract public String getDescription();
/** /**
* Returns type of the module (Image-level or file-level) * Returns type of the module (data source-level or file-level)
* @return module type * @return module type
*/ */
abstract public ModuleType getType(); abstract public ModuleType getType();

2
Core/src/org/sleuthkit/autopsy/ingest/IngestModuleAbstractFile.java
View File

@ -21,7 +21,7 @@ package org.sleuthkit.autopsy.ingest;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
/** /**
* Ingest module interface that will be called for every file in the image * Ingest module interface that will be called for every file in the data source Content
*/ */
public abstract class IngestModuleAbstractFile extends IngestModuleAbstract { public abstract class IngestModuleAbstractFile extends IngestModuleAbstract {

14
Core/src/org/sleuthkit/autopsy/ingest/IngestModuleImage.java → Core/src/org/sleuthkit/autopsy/ingest/IngestModuleDataSource.java
View File

@ -18,7 +18,7 @@
*/ */
package org.sleuthkit.autopsy.ingest; package org.sleuthkit.autopsy.ingest;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Content;
/** /**
* Ingest module that acts on entire image. * Ingest module that acts on entire image.
@ -26,15 +26,15 @@ import org.sleuthkit.datamodel.Image;
* A new instance of this module will be created for each image. * A new instance of this module will be created for each image.
* Therefore, image-level modules can assume that the process() method will be called at most once after init() is called. * Therefore, image-level modules can assume that the process() method will be called at most once after init() is called.
*/ */
public abstract class IngestModuleImage extends IngestModuleAbstract { public abstract class IngestModuleDataSource extends IngestModuleAbstract {
@Override @Override
public ModuleType getType() { public ModuleType getType() {
return ModuleType.Image; return ModuleType.DataSource;
} }
/** /**
* Called with the image to analyze. * Called with the data source Content object to analyze.
* *
* Modules typically use FileManager to get specific files to analyze. * Modules typically use FileManager to get specific files to analyze.
* *
@ -42,11 +42,11 @@ public abstract class IngestModuleImage extends IngestModuleAbstract {
* The module should also send messages to the ingest inbox with interesting events (data, errors, warnings, infos). * The module should also send messages to the ingest inbox with interesting events (data, errors, warnings, infos).
* The module notifies data viewers by firing events using IngestManagerProxy.fireModuleDataEvent * The module notifies data viewers by firing events using IngestManagerProxy.fireModuleDataEvent
* *
* The module will have its own progress bar while it is running and it should update it with the IngestImageWorkerController object. * The module will have its own progress bar while it is running and it should update it with the IngestDataSourceWorkerController object.
* *
* @param pipelineContext Context in which the ingest pipeline is running (Settings, modules, etc) * @param pipelineContext Context in which the ingest pipeline is running (Settings, modules, etc)
* @param image Image to process * @param dataSource data source to process (such as Image, VirtualDirectory for file etc, etc)
* @param controller Used to update progress bar and to check if the task has been canceled. * @param controller Used to update progress bar and to check if the task has been canceled.
*/ */
abstract public void process(PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestImageWorkerController controller); abstract public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller);
} }

54
Core/src/org/sleuthkit/autopsy/ingest/IngestModuleLoader.java
View File

@ -100,7 +100,7 @@ public final class IngestModuleLoader {
private final List<IngestModuleLoader.XmlPipelineRaw> pipelinesXML; private final List<IngestModuleLoader.XmlPipelineRaw> pipelinesXML;
//validated pipelines with instantiated modules //validated pipelines with instantiated modules
private final List<IngestModuleAbstractFile> filePipeline; private final List<IngestModuleAbstractFile> filePipeline;
private final List<IngestModuleImage> imagePipeline; private final List<IngestModuleDataSource> dataSourcePipeline;
private static final Logger logger = Logger.getLogger(IngestModuleLoader.class.getName()); private static final Logger logger = Logger.getLogger(IngestModuleLoader.class.getName());
private ClassLoader classLoader; private ClassLoader classLoader;
private PropertyChangeSupport pcs; private PropertyChangeSupport pcs;
@ -121,7 +121,7 @@ public final class IngestModuleLoader {
private IngestModuleLoader() { private IngestModuleLoader() {
pipelinesXML = new ArrayList<IngestModuleLoader.XmlPipelineRaw>(); pipelinesXML = new ArrayList<IngestModuleLoader.XmlPipelineRaw>();
filePipeline = new ArrayList<IngestModuleAbstractFile>(); filePipeline = new ArrayList<IngestModuleAbstractFile>();
imagePipeline = new ArrayList<IngestModuleImage>(); dataSourcePipeline = new ArrayList<IngestModuleDataSource>();
dateFormatter = new SimpleDateFormat(DATE_FORMAT); dateFormatter = new SimpleDateFormat(DATE_FORMAT);
String numModDiscoveredStr = ModuleSettings.getConfigSetting(IngestManager.MODULE_PROPERTIES, CUR_MODULES_DISCOVERED_SETTING); String numModDiscoveredStr = ModuleSettings.getConfigSetting(IngestManager.MODULE_PROPERTIES, CUR_MODULES_DISCOVERED_SETTING);
@ -263,8 +263,8 @@ public final class IngestModuleLoader {
} catch (SecurityException ex) { } catch (SecurityException ex) {
Exceptions.printStackTrace(ex); Exceptions.printStackTrace(ex);
} }
} //if image module: check if has public constructor with no args } //if data source module: check if has public constructor with no args
else if (pType == IngestModuleLoader.XmlPipelineRaw.PIPELINE_TYPE.IMAGE_ANALYSIS) { else if (pType == IngestModuleLoader.XmlPipelineRaw.PIPELINE_TYPE.DATA_SOURCE_ANALYSIS) {
try { try {
Constructor<?> constr = moduleClass.getConstructor(); Constructor<?> constr = moduleClass.getConstructor();
int modifiers = constr.getModifiers(); int modifiers = constr.getModifiers();
@ -487,10 +487,10 @@ public final class IngestModuleLoader {
logger.log(Level.INFO, "Found file ingest module in: " + basePackageName + ": " + it.next().toString()); logger.log(Level.INFO, "Found file ingest module in: " + basePackageName + ": " + it.next().toString());
} }
Set<?> imageModules = reflections.getSubTypesOf(IngestModuleImage.class); Set<?> dataSourceModules = reflections.getSubTypesOf(IngestModuleDataSource.class);
it = imageModules.iterator(); it = dataSourceModules.iterator();
while (it.hasNext()) { while (it.hasNext()) {
logger.log(Level.INFO, "Found image ingest module in: " + basePackageName + ": " + it.next().toString()); logger.log(Level.INFO, "Found DataSource ingest module in: " + basePackageName + ": " + it.next().toString());
} }
//find out which modules to add //find out which modules to add
@ -528,13 +528,13 @@ public final class IngestModuleLoader {
} }
it = imageModules.iterator(); it = dataSourceModules.iterator();
while (it.hasNext()) { while (it.hasNext()) {
boolean exists = false; boolean exists = false;
Class<IngestModuleImage> foundClass = (Class<IngestModuleImage>) it.next(); Class<IngestModuleDataSource> foundClass = (Class<IngestModuleDataSource>) it.next();
for (IngestModuleLoader.XmlPipelineRaw rawP : pipelinesXML) { for (IngestModuleLoader.XmlPipelineRaw rawP : pipelinesXML) {
if (!rawP.type.equals(IngestModuleLoader.XmlPipelineRaw.PIPELINE_TYPE.IMAGE_ANALYSIS.toString())) { if (!rawP.type.equals(IngestModuleLoader.XmlPipelineRaw.PIPELINE_TYPE.DATA_SOURCE_ANALYSIS.toString())) {
continue; //skip continue; //skip
} }
@ -552,9 +552,9 @@ public final class IngestModuleLoader {
} }
if (exists == false) { if (exists == false) {
logger.log(Level.INFO, "Discovered a new image module to load: " + foundClass.getName()); logger.log(Level.INFO, "Discovered a new DataSource module to load: " + foundClass.getName());
//ADD MODULE //ADD MODULE
addModuleToRawPipeline(foundClass, IngestModuleLoader.XmlPipelineRaw.PIPELINE_TYPE.IMAGE_ANALYSIS); addModuleToRawPipeline(foundClass, IngestModuleLoader.XmlPipelineRaw.PIPELINE_TYPE.DATA_SOURCE_ANALYSIS);
modulesChanged = true; modulesChanged = true;
} }
@ -703,7 +703,7 @@ public final class IngestModuleLoader {
//clear current //clear current
filePipeline.clear(); filePipeline.clear();
imagePipeline.clear(); dataSourcePipeline.clear();
//add autodiscovered modules to pipelinesXML //add autodiscovered modules to pipelinesXML
autodiscover(); autodiscover();
@ -768,18 +768,18 @@ public final class IngestModuleLoader {
} }
filePipeline.add(fileModuleInstance); filePipeline.add(fileModuleInstance);
break; break;
case IMAGE_ANALYSIS: case DATA_SOURCE_ANALYSIS:
final Class<IngestModuleImage> imageModuleClass = final Class<IngestModuleDataSource> dataSourceModuleClass =
(Class<IngestModuleImage>) Class.forName(pMod.location, true, classLoader); (Class<IngestModuleDataSource>) Class.forName(pMod.location, true, classLoader);
try { try {
Constructor<IngestModuleImage> constr = imageModuleClass.getConstructor(); Constructor<IngestModuleDataSource> constr = dataSourceModuleClass.getConstructor();
IngestModuleImage imageModuleInstance = constr.newInstance(); IngestModuleDataSource dataSourceModuleInstance = constr.newInstance();
if (imageModuleInstance != null) { if (dataSourceModuleInstance != null) {
//set arguments //set arguments
imageModuleInstance.setArguments(pMod.arguments); dataSourceModuleInstance.setArguments(pMod.arguments);
imagePipeline.add(imageModuleInstance); dataSourcePipeline.add(dataSourceModuleInstance);
} }
} catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException ex) { } catch (NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException ex) {
@ -940,12 +940,12 @@ public final class IngestModuleLoader {
} }
/** /**
* Get loaded image modules * Get loaded data source modules
* *
* @return image modules loaded * @return data source modules loaded
*/ */
public List<IngestModuleImage> getImageIngestModules() { public List<IngestModuleDataSource> getDataSourceIngestModules() {
return imagePipeline; return dataSourcePipeline;
} }
//pipeline XML representation //pipeline XML representation
@ -964,7 +964,7 @@ public final class IngestModuleLoader {
return IngestModuleAbstractFile.class; return IngestModuleAbstractFile.class;
} }
}, },
IMAGE_ANALYSIS { DATA_SOURCE_ANALYSIS {
@Override @Override
public String toString() { public String toString() {
return "ImageAnalysis"; return "ImageAnalysis";
@ -972,7 +972,7 @@ public final class IngestModuleLoader {
@Override @Override
public Class getIngestModuleInterface() { public Class getIngestModuleInterface() {
return IngestModuleImage.class; return IngestModuleDataSource.class;
} }
},; },;
} }

91
Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
View File

@ -40,7 +40,6 @@ import org.sleuthkit.datamodel.DerivedFile;
import org.sleuthkit.datamodel.Directory; import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.FileSystem; import org.sleuthkit.datamodel.FileSystem;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.VirtualDirectory; import org.sleuthkit.datamodel.VirtualDirectory;
import org.sleuthkit.datamodel.LayoutFile; import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.LocalFile; import org.sleuthkit.datamodel.LocalFile;
@ -51,12 +50,12 @@ import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM; import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
/** /**
* Schedules images and files with their associated modules for ingest, and * Schedules data source (images, file-sets, etc) and files with their associated modules for ingest, and
* manage queues of the scheduled tasks. * manage queues of the scheduled tasks.
* *
* Currently a singleton object only. * Currently a singleton object only (as there is one pipeline at a time)
* *
* Contains internal schedulers for content objects into image and file ingest * Contains internal schedulers for content objects into data source and and file ingest
* pipelines. * pipelines.
* *
*/ */
@ -64,7 +63,7 @@ class IngestScheduler {
private static IngestScheduler instance; private static IngestScheduler instance;
private static Logger logger = Logger.getLogger(IngestScheduler.class.getName()); private static Logger logger = Logger.getLogger(IngestScheduler.class.getName());
private final ImageScheduler imageScheduler = new ImageScheduler(); private final DataSourceScheduler dataSourceScheduler = new DataSourceScheduler();
private final FileScheduler fileScheduler = new FileScheduler(); private final FileScheduler fileScheduler = new FileScheduler();
private IngestScheduler() { private IngestScheduler() {
@ -83,8 +82,8 @@ class IngestScheduler {
return instance; return instance;
} }
ImageScheduler getImageScheduler() { DataSourceScheduler getDataSourceScheduler() {
return imageScheduler; return dataSourceScheduler;
} }
FileScheduler getFileScheduler() { FileScheduler getFileScheduler() {
@ -94,10 +93,10 @@ class IngestScheduler {
/** /**
* FileScheduler ingest scheduler * FileScheduler ingest scheduler
* *
* Supports addition ScheduledTasks - tuples of (image, modules) * Supports addition ScheduledTasks - tuples of (data-source, modules)
* *
* Enqueues files and modules, and sorts the files by priority. Maintains * Enqueues files and modules, and sorts the files by priority. Maintains
* only top level directories in memory, not all files in image. * only top level directories in memory (not all children files of the scheduled container content objects)
* *
* getNext() will return next ProcessTask - tuple of (file, modules) * getNext() will return next ProcessTask - tuple of (file, modules)
* *
@ -110,7 +109,7 @@ class IngestScheduler {
private List<ProcessTask> curDirProcessTasks; private List<ProcessTask> curDirProcessTasks;
//list of files being processed in the currently processed directory //list of files being processed in the currently processed directory
private LinkedList<ProcessTask> curFileProcessTasks; //need to add to start and end quickly private LinkedList<ProcessTask> curFileProcessTasks; //need to add to start and end quickly
//estimated files to be enqueued for current images //estimated total files to be enqueued for currently scheduled content objects
private int filesEnqueuedEst; private int filesEnqueuedEst;
private int filesDequeued; private int filesDequeued;
private final static int FAT_NTFS_FLAGS = private final static int FAT_NTFS_FLAGS =
@ -188,7 +187,7 @@ class IngestScheduler {
/** /**
* Get number of files dequeued so far This is reset after the same * Get number of files dequeued so far This is reset after the same
* image is enqueued that is already in a queue * content is enqueued that is already in a queue
* *
* @return number of files dequeued so far * @return number of files dequeued so far
*/ */
@ -197,8 +196,8 @@ class IngestScheduler {
} }
/** /**
* Task for a specific file to process. * Task for a specific file to process. More specific than the
* More specific than the higher-level ScheduledTask. * higher-level ScheduledTask.
*/ */
static class ProcessTask { static class ProcessTask {
@ -260,7 +259,7 @@ class IngestScheduler {
} }
/** /**
* Create 1 or more ProcessTasks for each root dir in the image from * Create 1 or more ProcessTasks for each root dir in the Content from
* the context supplied * the context supplied
* *
* @param context the original ingest context * @param context the original ingest context
@ -358,8 +357,8 @@ class IngestScheduler {
* as the parent origin file. * as the parent origin file.
* *
* @param file file to be scheduled * @param file file to be scheduled
* @param originalContext original image schedule context that was used * @param originalContext original content schedule context that was used
* to schedule the parent origin file, with the modules, settings, etc. * to schedule the parent origin content, with the modules, settings, etc.
*/ */
synchronized void schedule(AbstractFile file, PipelineContext originalContext) { synchronized void schedule(AbstractFile file, PipelineContext originalContext) {
ScheduledTask originalTask = originalContext.getScheduledTask(); ScheduledTask originalTask = originalContext.getScheduledTask();
@ -382,7 +381,7 @@ class IngestScheduler {
* Schedule new Content object for a file ingest with associated * Schedule new Content object for a file ingest with associated
* modules. * modules.
* *
* @param task image schedule task with image and associated modules * @param context context to schedule, with scheduled task containing content to process and modules
*/ */
synchronized void schedule(PipelineContext<IngestModuleAbstractFile> context) { synchronized void schedule(PipelineContext<IngestModuleAbstractFile> context) {
@ -396,13 +395,13 @@ class IngestScheduler {
final Content contentToSchedule = task.getContent(); final Content contentToSchedule = task.getContent();
if (getSourceContent().contains(contentToSchedule)) { if (getSourceContent().contains(contentToSchedule)) {
//reset counters if the same image enqueued twice //reset counters if the same content enqueued twice
//Note, not very accurate, because we may have processed some files from //Note, not very accurate, because we may have processed some files from
//another image //another content
this.filesDequeued = 0; this.filesDequeued = 0;
} }
//remove duplicate scheduled tasks for this image if enqueued previously //remove duplicate scheduled tasks still in queues for this content if enqueued previously
removeDupTasks(task); removeDupTasks(task);
List<ProcessTask> rootTasks = ProcessTask.createFromScheduledTask(context); List<ProcessTask> rootTasks = ProcessTask.createFromScheduledTask(context);
@ -752,9 +751,9 @@ class IngestScheduler {
} }
/** /**
* Get counts of ingestable files/dirs for the image input source. * Get counts of ingestable files/dirs for the content input source.
* *
* Includes counts of all unalloc files (for the fs, image, volume) even * Note, also includes counts of all unalloc children files (for the fs, image, volume) even
* if ingest didn't ask for them * if ingest didn't ask for them
*/ */
static class GetFilesCountVisitor extends ContentVisitor.Default<Long> { static class GetFilesCountVisitor extends ContentVisitor.Default<Long> {
@ -884,32 +883,38 @@ class IngestScheduler {
} }
/** /**
* ImageScheduler ingest scheduler * DataSourceScheduler ingest scheduler
*/ */
static class ImageScheduler implements Iterator<ScheduledTask<IngestModuleImage>> { static class DataSourceScheduler implements Iterator<ScheduledTask<IngestModuleDataSource>> {
private LinkedList<ScheduledTask<IngestModuleImage>> tasks; private LinkedList<ScheduledTask<IngestModuleDataSource>> tasks;
ImageScheduler() { DataSourceScheduler() {
tasks = new LinkedList<ScheduledTask<IngestModuleImage>>(); tasks = new LinkedList<ScheduledTask<IngestModuleDataSource>>();
} }
synchronized void schedule(PipelineContext<IngestModuleImage> context) { synchronized void schedule(PipelineContext<IngestModuleDataSource> context) {
ScheduledTask<IngestModuleImage> task = context.getScheduledTask(); ScheduledTask<IngestModuleDataSource> task = context.getScheduledTask();
//skip if task contains no modules //skip if task contains no modules
if (task.getModules().isEmpty()) { if (task.getModules().isEmpty()) {
return; return;
} }
if (!(task.getContent() instanceof Image)) { try {
//only accepting Image content objects if (task.getContent().getParent() != null) {
//only accepting parent-less content objects (Image, parentless VirtualDirectory)
logger.log(Level.SEVERE, "Only parent-less Content (data sources) can be scheduled for DataSource ingest, skipping: " + task.getContent());
return;
}
} catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error validating data source to be scheduled for DataSource ingest" + task.getContent(), e);
return; return;
} }
ScheduledTask<IngestModuleImage> existTask = null; ScheduledTask<IngestModuleDataSource> existTask = null;
for (ScheduledTask<IngestModuleImage> curTask : tasks) { for (ScheduledTask<IngestModuleDataSource> curTask : tasks) {
if (curTask.getContent().equals(task.getContent())) { if (curTask.getContent().equals(task.getContent())) {
existTask = curTask; existTask = curTask;
break; break;
@ -917,7 +922,7 @@ class IngestScheduler {
} }
if (existTask != null) { if (existTask != null) {
//merge modules for the image task //merge modules for the data source task
existTask.addModules(task.getModules()); existTask.addModules(task.getModules());
} else { } else {
//enqueue a new task //enqueue a new task
@ -926,23 +931,23 @@ class IngestScheduler {
} }
@Override @Override
public synchronized ScheduledTask<IngestModuleImage> next() throws IllegalStateException { public synchronized ScheduledTask<IngestModuleDataSource> next() throws IllegalStateException {
if (!hasNext()) { if (!hasNext()) {
throw new IllegalStateException("There is image tasks in the queue, check hasNext()"); throw new IllegalStateException("There is no data source tasks in the queue, check hasNext()");
} }
final ScheduledTask<IngestModuleImage> ret = tasks.pollFirst(); final ScheduledTask<IngestModuleDataSource> ret = tasks.pollFirst();
return ret; return ret;
} }
/** /**
* get all images that are scheduled to process * get all data source that are scheduled to process
* *
* @return list of images in the queue scheduled to process * @return list of data sources in the queue scheduled to process
*/ */
synchronized List<org.sleuthkit.datamodel.Content> getContents() { synchronized List<org.sleuthkit.datamodel.Content> getContents() {
List<org.sleuthkit.datamodel.Content> contents = new ArrayList<org.sleuthkit.datamodel.Content>(); List<org.sleuthkit.datamodel.Content> contents = new ArrayList<org.sleuthkit.datamodel.Content>();
for (ScheduledTask<IngestModuleImage> task : tasks) { for (ScheduledTask<IngestModuleDataSource> task : tasks) {
contents.add(task.getContent()); contents.add(task.getContent());
} }
return contents; return contents;
@ -955,7 +960,7 @@ class IngestScheduler {
@Override @Override
public void remove() { public void remove() {
throw new UnsupportedOperationException("Removing of scheduled image ingest tasks is not supported. "); throw new UnsupportedOperationException("Removing of scheduled data source ingest tasks is not supported. ");
} }
synchronized void empty() { synchronized void empty() {
@ -969,8 +974,8 @@ class IngestScheduler {
@Override @Override
public String toString() { public String toString() {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
sb.append("ImageQueue, size: ").append(getCount()); sb.append("DataSourceQueue, size: ").append(getCount());
for (ScheduledTask<IngestModuleImage> task : tasks) { for (ScheduledTask<IngestModuleDataSource> task : tasks) {
sb.append(task.toString()).append(" "); sb.append(task.toString()).append(" ");
} }
return sb.toString(); return sb.toString();

4
Core/src/org/sleuthkit/autopsy/ingest/IngestUI.java
View File

@ -19,7 +19,7 @@
package org.sleuthkit.autopsy.ingest; package org.sleuthkit.autopsy.ingest;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Content;
/** /**
* UI support for ingest * UI support for ingest
@ -29,7 +29,7 @@ public interface IngestUI {
int getMessagesCount(); int getMessagesCount();
void clearMessages(); void clearMessages();
void restoreMessages(); void restoreMessages();
void displayIngestDialog(final Image image); void displayIngestDialog(final Content ingestDataSource);
void displayReport(final String report); void displayReport(final String report);
} }

2
Core/src/org/sleuthkit/autopsy/ingest/PipelineContext.java
View File

@ -25,7 +25,7 @@ import java.util.Objects;
* Stores information about a given pipeline, which is a series of modules. * Stores information about a given pipeline, which is a series of modules.
* This is passed into modules for their reference. * This is passed into modules for their reference.
* *
* @param T type of the ingest associated with the context (file or image) * @param T type of the ingest associated with the context (file or data source Content)
* *
*/ */
public class PipelineContext <T extends IngestModuleAbstract> { public class PipelineContext <T extends IngestModuleAbstract> {

2
Core/src/org/sleuthkit/autopsy/ingest/ScheduledTask.java
View File

@ -26,7 +26,7 @@ import org.sleuthkit.datamodel.Content;
* A task that will be scheduled. Contains the top-level data to analyze and the pipeline. * A task that will be scheduled. Contains the top-level data to analyze and the pipeline.
* Children of the data will also be scheduled. * Children of the data will also be scheduled.
* *
* @param T type of Ingest Module / Pipeline (file or image) associated with this task * @param T type of Ingest Module / Pipeline (file or data source content) associated with this task
*/ */
class ScheduledTask<T extends IngestModuleAbstract> { class ScheduledTask<T extends IngestModuleAbstract> {

70
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
View File

@ -27,7 +27,6 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject; import com.google.gson.JsonObject;
import com.google.gson.JsonParser; import com.google.gson.JsonParser;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import java.util.logging.Level; import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
@ -36,20 +35,19 @@ import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.FileReader; import java.io.FileReader;
import java.io.IOException; import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.SQLException;
import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.EscapeUtil; import org.sleuthkit.autopsy.coreutils.EscapeUtil;
import org.sleuthkit.autopsy.ingest.PipelineContext; import org.sleuthkit.autopsy.ingest.PipelineContext;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
import org.sleuthkit.autopsy.ingest.IngestModuleImage; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
@ -81,27 +79,27 @@ public class Chrome extends Extract {
@Override @Override
public void process(PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestImageWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
this.getHistory(image, controller); this.getHistory(dataSource, controller);
this.getBookmark(image, controller); this.getBookmark(dataSource, controller);
this.getCookie(image, controller); this.getCookie(dataSource, controller);
this.getLogin(image, controller); this.getLogin(dataSource, controller);
this.getDownload(image, controller); this.getDownload(dataSource, controller);
} }
private void getHistory(Image image, IngestImageWorkerController controller) { private void getHistory(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> historyFiles = null; List<AbstractFile> historyFiles = null;
try { try {
historyFiles = fileManager.findFiles(image, "History", "Chrome"); historyFiles = fileManager.findFiles(dataSource, "History", "Chrome");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex); logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
} }
// get only the allocated ones, for now // get only the allocated ones, for now
List<FsContent> allocatedHistoryFiles = new ArrayList<>(); List<AbstractFile> allocatedHistoryFiles = new ArrayList<>();
for (FsContent historyFile : historyFiles) { for (AbstractFile historyFile : historyFiles) {
if (historyFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.ALLOC)) { if (historyFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.ALLOC)) {
allocatedHistoryFiles.add(historyFile); allocatedHistoryFiles.add(historyFile);
} }
@ -117,7 +115,7 @@ public class Chrome extends Extract {
while (j < historyFiles.size()) { while (j < historyFiles.size()) {
String temps = currentCase.getTempDirectory() + File.separator + historyFiles.get(j).getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + historyFiles.get(j).getName().toString() + j + ".db";
int errors = 0; int errors = 0;
final FsContent historyFile = historyFiles.get(j++); final AbstractFile historyFile = historyFiles.get(j++);
if (historyFile.getSize() == 0) { if (historyFile.getSize() == 0) {
continue; continue;
} }
@ -160,12 +158,12 @@ public class Chrome extends Extract {
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
} }
private void getBookmark(Image image, IngestImageWorkerController controller) { private void getBookmark(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> bookmarkFiles = null; List<AbstractFile> bookmarkFiles = null;
try { try {
bookmarkFiles = fileManager.findFiles(image, "Bookmarks", "Chrome"); bookmarkFiles = fileManager.findFiles(dataSource, "Bookmarks", "Chrome");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex); logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
} }
@ -173,7 +171,7 @@ public class Chrome extends Extract {
int j = 0; int j = 0;
if (bookmarkFiles != null && !bookmarkFiles.isEmpty()) { if (bookmarkFiles != null && !bookmarkFiles.isEmpty()) {
while (j < bookmarkFiles.size()) { while (j < bookmarkFiles.size()) {
FsContent bookmarkFile = bookmarkFiles.get(j++); AbstractFile bookmarkFile = bookmarkFiles.get(j++);
String temps = currentCase.getTempDirectory() + File.separator + bookmarkFile.getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + bookmarkFile.getName().toString() + j + ".db";
int errors = 0; int errors = 0;
try { try {
@ -258,12 +256,12 @@ public class Chrome extends Extract {
//COOKIES section //COOKIES section
// This gets the cookie info // This gets the cookie info
private void getCookie(Image image, IngestImageWorkerController controller) { private void getCookie(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> cookiesFiles = null; List<AbstractFile> cookiesFiles = null;
try { try {
cookiesFiles = fileManager.findFiles(image, "Cookies", "Chrome"); cookiesFiles = fileManager.findFiles(dataSource, "Cookies", "Chrome");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex); logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
} }
@ -271,7 +269,7 @@ public class Chrome extends Extract {
int j = 0; int j = 0;
if (cookiesFiles != null && !cookiesFiles.isEmpty()) { if (cookiesFiles != null && !cookiesFiles.isEmpty()) {
while (j < cookiesFiles.size()) { while (j < cookiesFiles.size()) {
FsContent cookiesFile = cookiesFiles.get(j++); AbstractFile cookiesFile = cookiesFiles.get(j++);
String temps = currentCase.getTempDirectory() + File.separator + cookiesFile.getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + cookiesFile.getName().toString() + j + ".db";
int errors = 0; int errors = 0;
try { try {
@ -318,12 +316,12 @@ public class Chrome extends Extract {
//Downloads section //Downloads section
// This gets the downloads info // This gets the downloads info
private void getDownload(Image image, IngestImageWorkerController controller) { private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> historyFiles = null; List<AbstractFile> historyFiles = null;
try { try {
historyFiles = fileManager.findFiles(image, "History", "Chrome"); historyFiles = fileManager.findFiles(dataSource, "History", "Chrome");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex); logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
} }
@ -331,7 +329,7 @@ public class Chrome extends Extract {
int j = 0; int j = 0;
if (historyFiles != null && !historyFiles.isEmpty()) { if (historyFiles != null && !historyFiles.isEmpty()) {
while (j < historyFiles.size()) { while (j < historyFiles.size()) {
FsContent historyFile = historyFiles.get(j++); AbstractFile historyFile = historyFiles.get(j++);
if (historyFile.getSize() == 0) { if (historyFile.getSize() == 0) {
continue; continue;
} }
@ -354,7 +352,7 @@ public class Chrome extends Extract {
for (HashMap<String, Object> result : tempList) { for (HashMap<String, Object> result : tempList) {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", (result.get("full_path").toString()))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "Recent Activity", (result.get("full_path").toString())));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "Recent Activity", Util.findID(image, (result.get("full_path").toString())))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "Recent Activity", Util.findID(dataSource, (result.get("full_path").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? result.get("url").toString() : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? result.get("url").toString() : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "Recent Activity", ((result.get("url").toString() != null) ? EscapeUtil.decodeURL(result.get("url").toString()) : "")));
Long time = (Long.valueOf(result.get("start_time").toString())); Long time = (Long.valueOf(result.get("start_time").toString()));
@ -382,12 +380,12 @@ public class Chrome extends Extract {
//Login/Password section //Login/Password section
// This gets the user info // This gets the user info
private void getLogin(Image image, IngestImageWorkerController controller) { private void getLogin(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> signonFiles = null; List<AbstractFile> signonFiles = null;
try { try {
signonFiles = fileManager.findFiles(image, "signons.sqlite", "Chrome"); signonFiles = fileManager.findFiles(dataSource, "signons.sqlite", "Chrome");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex); logger.log(Level.SEVERE, "Error when trying to get Chrome history files.", ex);
} }
@ -395,7 +393,7 @@ public class Chrome extends Extract {
int j = 0; int j = 0;
if (signonFiles != null && !signonFiles.isEmpty()) { if (signonFiles != null && !signonFiles.isEmpty()) {
while (j < signonFiles.size()) { while (j < signonFiles.size()) {
FsContent signonFile = signonFiles.get(j++); AbstractFile signonFile = signonFiles.get(j++);
String temps = currentCase.getTempDirectory() + File.separator + signonFile.getName().toString() + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + signonFile.getName().toString() + j + ".db";
int errors = 0; int errors = 0;
try { try {
@ -450,7 +448,7 @@ public class Chrome extends Extract {
@Override @Override
public void stop() { public void stop() {
logger.info("Attmped to stop chrome extract, but operation is not supported; skipping..."); logger.info("Attempted to stop chrome extract, but operation is not supported; skipping...");
} }
@Override @Override

73
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
View File

@ -30,11 +30,11 @@ import java.util.*;
import java.util.logging.Level; import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestModuleImage; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.report.SQLiteDBConnect; import org.sleuthkit.autopsy.report.SQLiteDBConnect;
import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.*;
abstract public class Extract extends IngestModuleImage{ abstract public class Extract extends IngestModuleDataSource{
protected Case currentCase = Case.getCurrentCase(); // get the most updated case protected Case currentCase = Case.getCurrentCase(); // get the most updated case
protected SleuthkitCase tskCase = currentCase.getSleuthkitCase(); protected SleuthkitCase tskCase = currentCase.getSleuthkitCase();
@ -51,62 +51,18 @@ abstract public class Extract extends IngestModuleImage{
return errorMessages; return errorMessages;
} }
/** /**
* Returns a List of FsContent objects from TSK based on sql query. * Generic method for adding a blackboard artifact to the blackboard
* *
* @param image is a Image object that denotes which image to get the files from * @param type is a blackboard.artifact_type enum to determine which type
* @param query is a sql string query that is to be run * the artifact should be
* @return FFSqlitedb is a List of FsContent objects * @param content is the AbstractFile object that needs to have the artifact
* added for it
* @param bbattributes is the collection of blackboard attributes that need
* to be added to the artifact after the artifact has been created
*/ */
@SuppressWarnings("deprecation") public void addArtifact(BlackboardArtifact.ARTIFACT_TYPE type, AbstractFile content, Collection<BlackboardAttribute> bbattributes) {
public List<FsContent> extractFiles(Image image, String query) {
Collection<FileSystem> imageFS = tskCase.getFileSystems(image);
List<String> fsIds = new LinkedList<String>();
for (FileSystem img : imageFS) {
Long tempID = img.getId();
fsIds.add(tempID.toString());
}
String allFS = new String();
for (int i = 0; i < fsIds.size(); i++) {
if (i == 0) {
allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + fsIds.get(i) + "'";
if (i == fsIds.size() - 1) {
allFS += ")";
}
}
List<FsContent> FFSqlitedb = null;
ResultSet rs = null;
try {
rs = tskCase.runQuery(query + allFS);
FFSqlitedb = tskCase.resultSetToFsContents(rs);
} catch (SQLException ex) {
logger.log(Level.SEVERE, "Error while trying to extract files for:" + this.getClass().getName(), ex);
this.addErrorMessage(this.getName() + ": Error while trying to extract files to analyze.");
}
finally {
if (rs != null) {
try {
tskCase.closeRunQuery(rs);
} catch (SQLException ex) {
logger.log(Level.SEVERE, "Error while trying to close result set after extract files for:" + this.getClass().getName(), ex);
}
}
}
return FFSqlitedb;
}
/**
* Generic method for adding a blackboard artifact to the blackboard
*
* @param type is a blackboard.artifact_type enum to determine which type the artifact should be
* @param content is the FsContent object that needs to have the artifact added for it
* @param bbattributes is the collection of blackboard attributes that need to be added to the artifact after the artifact has been created
*/
public void addArtifact(BlackboardArtifact.ARTIFACT_TYPE type, FsContent content, Collection<BlackboardAttribute> bbattributes) {
try { try {
BlackboardArtifact bbart = content.newArtifact(type); BlackboardArtifact bbart = content.newArtifact(type);
@ -116,8 +72,9 @@ abstract public class Extract extends IngestModuleImage{
} }
} }
/** /**
* Returns a List from a result set based on sql query. * Returns a List from a result set based on sql query.
* This is used to query sqlite databases storing user recent activity data, such as in firefox sqlite db
* *
* @param path is the string path to the sqlite db file * @param path is the string path to the sqlite db file
* @param query is a sql string query that is to be run * @param query is a sql string query that is to be run
@ -140,12 +97,12 @@ abstract public class Extract extends IngestModuleImage{
} }
/** /**
* Returns a List of FsContent objects from TSK based on sql query. * Returns a List of AbstractFile objects from TSK based on sql query.
* *
* @param rs is the resultset that needs to be converted to an arraylist * @param rs is the resultset that needs to be converted to an arraylist
* @return list returns the arraylist built from the converted resultset * @return list returns the arraylist built from the converted resultset
*/ */
public List<HashMap<String,Object>> resultSetToArrayList(ResultSet rs) throws SQLException { private List<HashMap<String,Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
ResultSetMetaData md = rs.getMetaData(); ResultSetMetaData md = rs.getMetaData();
int columns = md.getColumnCount(); int columns = md.getColumnCount();
List<HashMap<String,Object>> list = new ArrayList<HashMap<String,Object>>(50); List<HashMap<String,Object>> list = new ArrayList<HashMap<String,Object>>(50);

83
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -41,7 +41,6 @@ import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import java.util.Collection; import java.util.Collection;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.Scanner; import java.util.Scanner;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
@ -54,7 +53,7 @@ import org.sleuthkit.autopsy.coreutils.JLNK;
import org.sleuthkit.autopsy.coreutils.JLnkParser; import org.sleuthkit.autopsy.coreutils.JLnkParser;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.datamodel.KeyValue; import org.sleuthkit.autopsy.datamodel.KeyValue;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
@ -62,11 +61,10 @@ import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.ingest.PipelineContext; import org.sleuthkit.autopsy.ingest.PipelineContext;
import org.sleuthkit.autopsy.ingest.IngestModuleImage; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.*; import org.sleuthkit.datamodel.*;
@ -76,14 +74,14 @@ public class ExtractIE extends Extract {
private IngestServices services; private IngestServices services;
private String recentQuery = "select * from `tsk_files` where parent_path LIKE '%/Recent%' and name LIKE '%.lnk'"; private String recentQuery = "select * from `tsk_files` where parent_path LIKE '%/Recent%' and name LIKE '%.lnk'";
//sleauthkit db handle //sleauthkit db handle
SleuthkitCase tempDb; SleuthkitCase tskCase;
//paths set in init() //paths set in init()
private String PASCO_RESULTS_PATH; private String PASCO_RESULTS_PATH;
private String PASCO_LIB_PATH; private String PASCO_LIB_PATH;
private String JAVA_PATH; private String JAVA_PATH;
//Results List to be referenced/used outside the class //Results List to be referenced/used outside the class
public ArrayList<HashMap<String, Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String, Object>>(); public ArrayList<HashMap<String, Object>> PASCO_RESULTS_LIST = new ArrayList<HashMap<String, Object>>();
// List of Pasco result files for this image // List of Pasco result files for this data source
private List<String> pascoResults; private List<String> pascoResults;
//Look Up Table that holds Pasco2 results //Look Up Table that holds Pasco2 results
private HashMap<String, Object> PASCO_RESULTS_LUT; private HashMap<String, Object> PASCO_RESULTS_LUT;
@ -107,29 +105,29 @@ public class ExtractIE extends Extract {
@Override @Override
public void process(PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestImageWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
this.getHistory(image, controller); this.getHistory(dataSource, controller);
this.getBookmark(image, controller); this.getBookmark(dataSource, controller);
this.getCookie(image, controller); this.getCookie(dataSource, controller);
this.getRecentDocuments(image, controller); this.getRecentDocuments(dataSource, controller);
this.parsePascoResults(pascoResults); this.parsePascoResults(pascoResults);
} }
//Favorites section //Favorites section
// This gets the favorite info // This gets the favorite info
private void getBookmark(Image image, IngestImageWorkerController controller) { private void getBookmark(Content dataSource, IngestDataSourceWorkerController controller) {
int errors = 0; int errors = 0;
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> favoritesFiles = null; List<AbstractFile> favoritesFiles = null;
try { try {
favoritesFiles = fileManager.findFiles(image, "%.url", "Favorites"); favoritesFiles = fileManager.findFiles(dataSource, "%.url", "Favorites");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
} }
for (FsContent favoritesFile : favoritesFiles) { for (AbstractFile favoritesFile : favoritesFiles) {
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
} }
@ -175,18 +173,18 @@ public class ExtractIE extends Extract {
//Cookies section //Cookies section
// This gets the cookies info // This gets the cookies info
private void getCookie(Image image, IngestImageWorkerController controller) { private void getCookie(Content dataSource, IngestDataSourceWorkerController controller) {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> cookiesFiles = null; List<AbstractFile> cookiesFiles = null;
try { try {
cookiesFiles = fileManager.findFiles(image, "%.txt", "Cookies"); cookiesFiles = fileManager.findFiles(dataSource, "%.txt", "Cookies");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
} }
int errors = 0; int errors = 0;
for (FsContent cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
} }
@ -230,17 +228,17 @@ public class ExtractIE extends Extract {
//Recent Documents section //Recent Documents section
// This gets the recent object info // This gets the recent object info
private void getRecentDocuments(Image image, IngestImageWorkerController controller) { private void getRecentDocuments(Content dataSource, IngestDataSourceWorkerController controller) {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> recentFiles = null; List<AbstractFile> recentFiles = null;
try { try {
recentFiles = fileManager.findFiles(image, "%.lnk", "Recent"); recentFiles = fileManager.findFiles(dataSource, "%.lnk", "Recent");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
} }
for (FsContent recentFile : recentFiles) { for (AbstractFile recentFile : recentFiles) {
if (controller.isCancelled()) { if (controller.isCancelled()) {
break; break;
} }
@ -264,7 +262,7 @@ public class ExtractIE extends Extract {
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", path)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", path));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", Util.getFileName(path))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", Util.getFileName(path)));
long id = Util.findID(image, path); long id = Util.findID(dataSource, path);
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", id)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", id));
//TODO Revisit usage of deprecated constructor as per TSK-583 //TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Date Created", datetime)); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", "Date Created", datetime));
@ -280,9 +278,10 @@ public class ExtractIE extends Extract {
return IE_PASCO_LUT; return IE_PASCO_LUT;
} }
private void getHistory(Image image, IngestImageWorkerController controller) { private void getHistory(Content dataSource, IngestDataSourceWorkerController controller) {
final Case currentCase = Case.getCurrentCase(); currentCase = Case.getCurrentCase();
final String caseDir = Case.getCurrentCase().getCaseDirectory(); tskCase = currentCase.getSleuthkitCase();
PASCO_RESULTS_PATH = Case.getCurrentCase().getTempDirectory() + File.separator + "results"; PASCO_RESULTS_PATH = Case.getCurrentCase().getTempDirectory() + File.separator + "results";
JAVA_PATH = PlatformUtil.getJavaPath(); JAVA_PATH = PlatformUtil.getJavaPath();
pascoResults = new ArrayList<String>(); pascoResults = new ArrayList<String>();
@ -306,38 +305,20 @@ public class ExtractIE extends Extract {
File resultsDir = new File(PASCO_RESULTS_PATH); File resultsDir = new File(PASCO_RESULTS_PATH);
resultsDir.mkdirs(); resultsDir.mkdirs();
tempDb = currentCase.getSleuthkitCase();
Collection<FileSystem> imageFS = tempDb.getFileSystems(image);
List<String> fsIds = new LinkedList<String>();
for (FileSystem img : imageFS) {
Long tempID = img.getId();
fsIds.add(tempID.toString());
}
String allFS = new String();
for (int i = 0; i < fsIds.size(); i++) {
if (i == 0) {
allFS += " AND (0";
}
allFS += " OR fs_obj_id = '" + fsIds.get(i) + "'";
if (i == fsIds.size() - 1) {
allFS += ")";
}
}
// get index.dat files // get index.dat files
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> indexFiles = null; List<AbstractFile> indexFiles = null;
try { try {
indexFiles = fileManager.findFiles(image, "index.dat"); indexFiles = fileManager.findFiles(dataSource, "index.dat");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
} }
String temps; String temps;
String indexFileName; String indexFileName;
for (FsContent indexFile : indexFiles) { for (AbstractFile indexFile : indexFiles) {
// Since each result represent an index.dat file, // Since each result represent an index.dat file,
// just create these files with the following notation: // just create these files with the following notation:
// index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat) // index<Number>.dat (i.e. index0.dat, index1.dat,..., indexN.dat)
@ -497,7 +478,7 @@ public class ExtractIE extends Extract {
// TODO: Need to fix this so we have the right obj_id // TODO: Need to fix this so we have the right obj_id
try { try {
BlackboardArtifact bbart = tempDb.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY); BlackboardArtifact bbart = tskCase.getContentById(artObjId).newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", realurl)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(), "RecentActivity", realurl));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", EscapeUtil.decodeURL(realurl))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", EscapeUtil.decodeURL(realurl)));

18
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
View File

@ -37,8 +37,8 @@ import org.sleuthkit.autopsy.coreutils.ExecUtil;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
import org.sleuthkit.autopsy.ingest.IngestModuleImage; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.PipelineContext; import org.sleuthkit.autopsy.ingest.PipelineContext;
@ -103,12 +103,12 @@ public class ExtractRegistry extends Extract {
} }
private void getRegistryFiles(Image image, IngestImageWorkerController controller) { private void getRegistryFiles(Content dataSource, IngestDataSourceWorkerController controller) {
org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> allRegistryFiles = new ArrayList<FsContent>(); List<AbstractFile> allRegistryFiles = new ArrayList<AbstractFile>();
try { try {
allRegistryFiles.addAll(fileManager.findFiles(image, "ntuser.dat")); allRegistryFiles.addAll(fileManager.findFiles(dataSource, "ntuser.dat"));
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'ntuser.dat' file."); logger.log(Level.WARNING, "Error fetching 'ntuser.dat' file.");
} }
@ -118,14 +118,14 @@ public class ExtractRegistry extends Extract {
String[] regFileNames = new String[] {"system", "software", "security", "sam", "default"}; String[] regFileNames = new String[] {"system", "software", "security", "sam", "default"};
for (String regFileName : regFileNames) { for (String regFileName : regFileNames) {
try { try {
allRegistryFiles.addAll(fileManager.findFiles(image, regFileName, "%/system32/config%")); allRegistryFiles.addAll(fileManager.findFiles(dataSource, regFileName, "%/system32/config%"));
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching registry file: " + regFileName); logger.log(Level.WARNING, "Error fetching registry file: " + regFileName);
} }
} }
int j = 0; int j = 0;
for (FsContent regFile : allRegistryFiles) { for (AbstractFile regFile : allRegistryFiles) {
String regFileName = regFile.getName(); String regFileName = regFile.getName();
String temps = currentCase.getTempDirectory() + "\\" + regFileName; String temps = currentCase.getTempDirectory() + "\\" + regFileName;
try { try {
@ -396,8 +396,8 @@ public class ExtractRegistry extends Extract {
} }
@Override @Override
public void process(PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestImageWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
this.getRegistryFiles(image, controller); this.getRegistryFiles(dataSource, controller);
} }
@Override @Override

54
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -35,17 +35,17 @@ import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.coreutils.EscapeUtil; import org.sleuthkit.autopsy.coreutils.EscapeUtil;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.autopsy.ingest.PipelineContext; import org.sleuthkit.autopsy.ingest.PipelineContext;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestModuleImage; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
/** /**
@ -73,22 +73,22 @@ public class Firefox extends Extract {
} }
@Override @Override
public void process(PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestImageWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
this.getHistory(image, controller); this.getHistory(dataSource, controller);
this.getBookmark(image, controller); this.getBookmark(dataSource, controller);
this.getDownload(image, controller); this.getDownload(dataSource, controller);
this.getCookie(image, controller); this.getCookie(dataSource, controller);
} }
private void getHistory(Image image, IngestImageWorkerController controller) { private void getHistory(Content dataSource, IngestDataSourceWorkerController controller) {
//Make these seperate, this is for history //Make these seperate, this is for history
//List<FsContent> FFSqlitedb = this.extractFiles(image, "select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'"); //List<FsContent> FFSqlitedb = this.extractFiles(dataSource, "select * from tsk_files where name LIKE '%places.sqlite%' and name NOT LIKE '%journal%' and parent_path LIKE '%Firefox%'");
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> historyFiles = null; List<AbstractFile> historyFiles = null;
try { try {
historyFiles = fileManager.findFiles(image, "%places.sqlite%", "Firefox"); historyFiles = fileManager.findFiles(dataSource, "%places.sqlite%", "Firefox");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching internet history files for Firefox."); logger.log(Level.WARNING, "Error fetching internet history files for Firefox.");
} }
@ -98,7 +98,7 @@ public class Firefox extends Extract {
} }
int j = 0; int j = 0;
for (FsContent historyFile : historyFiles) { for (AbstractFile historyFile : historyFiles) {
String fileName = historyFile.getName(); String fileName = historyFile.getName();
String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db";
int errors = 0; int errors = 0;
@ -139,12 +139,12 @@ public class Firefox extends Extract {
services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY)); services.fireModuleDataEvent(new ModuleDataEvent("Recent Activity", BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY));
} }
private void getBookmark(Image image, IngestImageWorkerController controller) { private void getBookmark(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> bookmarkFiles = null; List<AbstractFile> bookmarkFiles = null;
try { try {
bookmarkFiles = fileManager.findFiles(image, "places.sqlite", "Firefox"); bookmarkFiles = fileManager.findFiles(dataSource, "places.sqlite", "Firefox");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching bookmark files for Firefox."); logger.log(Level.WARNING, "Error fetching bookmark files for Firefox.");
} }
@ -154,7 +154,7 @@ public class Firefox extends Extract {
} }
int j = 0; int j = 0;
for (FsContent bookmarkFile : bookmarkFiles) { for (AbstractFile bookmarkFile : bookmarkFiles) {
String fileName = bookmarkFile.getName(); String fileName = bookmarkFile.getName();
String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db";
int errors = 0; int errors = 0;
@ -194,12 +194,12 @@ public class Firefox extends Extract {
//COOKIES section //COOKIES section
// This gets the cookie info // This gets the cookie info
private void getCookie(Image image, IngestImageWorkerController controller) { private void getCookie(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> cookiesFiles = null; List<AbstractFile> cookiesFiles = null;
try { try {
cookiesFiles = fileManager.findFiles(image, "cookies.sqlite", "Firefox"); cookiesFiles = fileManager.findFiles(dataSource, "cookies.sqlite", "Firefox");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching cookies files for Firefox."); logger.log(Level.WARNING, "Error fetching cookies files for Firefox.");
} }
@ -209,7 +209,7 @@ public class Firefox extends Extract {
} }
int j = 0; int j = 0;
for (FsContent cookiesFile : cookiesFiles) { for (AbstractFile cookiesFile : cookiesFiles) {
String fileName = cookiesFile.getName(); String fileName = cookiesFile.getName();
String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db";
int errors = 0; int errors = 0;
@ -270,12 +270,12 @@ public class Firefox extends Extract {
//Downloads section //Downloads section
// This gets the downloads info // This gets the downloads info
private void getDownload(Image image, IngestImageWorkerController controller) { private void getDownload(Content dataSource, IngestDataSourceWorkerController controller) {
FileManager fileManager = currentCase.getServices().getFileManager(); FileManager fileManager = currentCase.getServices().getFileManager();
List<FsContent> downloadsFiles = null; List<AbstractFile> downloadsFiles = null;
try { try {
downloadsFiles = fileManager.findFiles(image, "downloads.sqlite", "Firefox"); downloadsFiles = fileManager.findFiles(dataSource, "downloads.sqlite", "Firefox");
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'downloads' files for Firefox."); logger.log(Level.WARNING, "Error fetching 'downloads' files for Firefox.");
} }
@ -285,7 +285,7 @@ public class Firefox extends Extract {
} }
int j = 0; int j = 0;
for (FsContent downloadsFile : downloadsFiles) { for (AbstractFile downloadsFile : downloadsFiles) {
String fileName = downloadsFile.getName(); String fileName = downloadsFile.getName();
String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db"; String temps = currentCase.getTempDirectory() + File.separator + fileName + j + ".db";
int errors = 0; int errors = 0;
@ -312,7 +312,7 @@ public class Firefox extends Extract {
//TODO Revisit usage of deprecated constructor as per TSK-583 //TODO Revisit usage of deprecated constructor as per TSK-583
//bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString())))); //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", "Last Visited", (Long.valueOf(result.get("startTime").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("startTime").toString())))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), "RecentActivity", (Long.valueOf(result.get("startTime").toString()))));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", Util.findID(image, urldecodedtarget))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID(), "RecentActivity", Util.findID(dataSource, urldecodedtarget)));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", ((result.get("target").toString() != null) ? result.get("target").toString() : ""))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), "RecentActivity", ((result.get("target").toString() != null) ? result.get("target").toString() : "")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox")); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", "FireFox"));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : "")))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(), "RecentActivity", (Util.extractDomain((result.get("source").toString() != null) ? result.get("source").toString() : ""))));

16
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
View File

@ -26,19 +26,19 @@ import java.util.ArrayList;
import java.util.logging.Level; import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.PipelineContext; import org.sleuthkit.autopsy.ingest.PipelineContext;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
import org.sleuthkit.autopsy.ingest.IngestModuleImage; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.Content;
/** /**
* Recent activity image ingest module * Recent activity image ingest module
* *
*/ */
public final class RAImageIngestModule extends IngestModuleImage { public final class RAImageIngestModule extends IngestModuleDataSource {
private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName()); private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
private static RAImageIngestModule defaultInstance = null; private static RAImageIngestModule defaultInstance = null;
@ -55,8 +55,8 @@ public final class RAImageIngestModule extends IngestModuleImage {
@Override @Override
public void process(PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestImageWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Started " + image.getName())); services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Started " + dataSource.getName()));
controller.switchToDeterminate(modules.size()); controller.switchToDeterminate(modules.size());
controller.progress(0); controller.progress(0);
@ -69,7 +69,7 @@ public final class RAImageIngestModule extends IngestModuleImage {
break; break;
} }
try { try {
module.process(pipelineContext, image, controller); module.process(pipelineContext, dataSource, controller);
} catch (Exception ex) { } catch (Exception ex) {
logger.log(Level.SEVERE, "Exception occurred in " + module.getName(), ex); logger.log(Level.SEVERE, "Exception occurred in " + module.getName(), ex);
subCompleted.append(module.getName()).append(" failed - see log for details <br>"); subCompleted.append(module.getName()).append(" failed - see log for details <br>");
@ -97,7 +97,7 @@ public final class RAImageIngestModule extends IngestModuleImage {
errorMessage.append("No errors encountered."); errorMessage.append("No errors encountered.");
errorMsgSubject = "No errors reported"; errorMsgSubject = "No errors reported";
} }
final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Finished " + image.getName()+ " - " + errorMsgSubject, errorMessage.toString()); final IngestMessage msg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Finished " + dataSource.getName()+ " - " + errorMsgSubject, errorMessage.toString());
services.postMessage(msg); services.postMessage(msg);
} }

34
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
View File

@ -31,25 +31,24 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import javax.swing.JPanel;
import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.ParserConfigurationException;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.coreutils.XMLUtil; import org.sleuthkit.autopsy.coreutils.XMLUtil;
import org.sleuthkit.autopsy.ingest.PipelineContext; import org.sleuthkit.autopsy.ingest.PipelineContext;
import org.sleuthkit.autopsy.ingest.IngestImageWorkerController; import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
import org.sleuthkit.autopsy.ingest.IngestModuleAbstract; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleImage;
import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.TskException; import org.sleuthkit.datamodel.TskException;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.NamedNodeMap; import org.w3c.dom.NamedNodeMap;
@ -241,7 +240,7 @@ public class SearchEngineURLQueryAnalyzer extends Extract {
return basereturn; return basereturn;
} }
private void getURLs(Image image, IngestImageWorkerController controller) { private void getURLs(Content dataSource, IngestDataSourceWorkerController controller) {
int totalQueries = 0; int totalQueries = 0;
try { try {
//from blackboard_artifacts //from blackboard_artifacts
@ -255,12 +254,19 @@ public class SearchEngineURLQueryAnalyzer extends Extract {
String searchEngineDomain = ""; String searchEngineDomain = "";
String browser = ""; String browser = "";
long last_accessed = -1; long last_accessed = -1;
//from tsk_files
List<FsContent> fslst = this.extractFiles(image, "select * from tsk_files where `obj_id` = '" + artifact.getObjectID() + "'"); long fileId = artifact.getObjectID();
if (fslst.isEmpty() || fslst == null) { boolean isFromSource = tskCase.isFileFromSource(dataSource, fileId);
continue; //File was from a different image, and does not exist in current examination. Skipping to a new list of artifacts. if (!isFromSource) {
//File was from a different dataSource. Skipping.
continue;
} }
FsContent fs = fslst.get(0); //associated file
AbstractFile file = tskCase.getAbstractFileById(fileId);
if (file == null ) {
continue;
}
SearchEngineURLQueryAnalyzer.SearchEngine se = NullEngine; SearchEngineURLQueryAnalyzer.SearchEngine se = NullEngine;
//from blackboard_attributes //from blackboard_attributes
Collection<BlackboardAttribute> listAttributes = currentCase.getSleuthkitCase().getMatchingAttributes("Where `artifact_id` = " + artifact.getArtifactID()); Collection<BlackboardAttribute> listAttributes = currentCase.getSleuthkitCase().getMatchingAttributes("Where `artifact_id` = " + artifact.getArtifactID());
@ -295,7 +301,7 @@ public class SearchEngineURLQueryAnalyzer extends Extract {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), MODULE_NAME, query)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), MODULE_NAME, query));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), MODULE_NAME, browser)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), MODULE_NAME, browser));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), MODULE_NAME, last_accessed)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(), MODULE_NAME, last_accessed));
this.addArtifact(ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY, fs, bbattributes); this.addArtifact(ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY, file, bbattributes);
se.increment(); se.increment();
++totalQueries; ++totalQueries;
} }
@ -323,8 +329,8 @@ public class SearchEngineURLQueryAnalyzer extends Extract {
} }
@Override @Override
public void process(PipelineContext<IngestModuleImage>pipelineContext, Image image, IngestImageWorkerController controller) { public void process(PipelineContext<IngestModuleDataSource>pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
this.getURLs(image, controller); this.getURLs(dataSource, controller);
logger.info("Search Engine stats: \n" + getTotals()); logger.info("Search Engine stats: \n" + getTotals());
} }

10
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
View File

@ -41,9 +41,9 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.autopsy.report.SQLiteDBConnect; import org.sleuthkit.autopsy.report.SQLiteDBConnect;
import org.sleuthkit.datamodel.Image; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
/** /**
@ -187,7 +187,7 @@ public class Util {
return path; return path;
} }
public static long findID(Image image, String path) { public static long findID(Content dataSource, String path) {
String parent_path = path.replace('\\', '/'); // fix Chrome paths String parent_path = path.replace('\\', '/'); // fix Chrome paths
if (parent_path.length() > 2 && parent_path.charAt(1) == ':') { if (parent_path.length() > 2 && parent_path.charAt(1) == ':') {
parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:') parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:')
@ -198,9 +198,9 @@ public class Util {
//String query = "select * from tsk_files where parent_path like \"" + parent_path + "\" AND name like \"" + name + "\""; //String query = "select * from tsk_files where parent_path like \"" + parent_path + "\" AND name like \"" + name + "\"";
FileManager fileManager = Case.getCurrentCase().getServices().getFileManager(); FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
List<FsContent> files = null; List<AbstractFile> files = null;
try { try {
files = fileManager.findFiles(image, name, parent_path); files = fileManager.findFiles(dataSource, name, parent_path);
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history.");
} }