mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

More indexing of blackboard artifacts

Browse Source
This commit is contained in:
Eugene Livis 2015-11-09 16:47:43 -05:00
parent a884525cda
commit fc6d01db90
2 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java
View File

@ -24,7 +24,11 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level; import java.util.logging.Level;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.Blackboard;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.ingest.FileIngestModule; import org.sleuthkit.autopsy.ingest.FileIngestModule;
import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter; import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter;
@ -47,6 +51,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
private static final Map<Long, List<FilesSet>> interestingFileSetsByJob = new ConcurrentHashMap<>(); private static final Map<Long, List<FilesSet>> interestingFileSetsByJob = new ConcurrentHashMap<>();
private final FilesIdentifierIngestJobSettings settings; private final FilesIdentifierIngestJobSettings settings;
private IngestJobContext context; private IngestJobContext context;
private Blackboard blackboard;
/** /**
* Construct an interesting files identifier ingest module for an ingest * Construct an interesting files identifier ingest module for an ingest
@ -87,6 +92,8 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
*/ */
@Override @Override
public ProcessResult process(AbstractFile file) { public ProcessResult process(AbstractFile file) {
blackboard = Case.getCurrentCase().getServices().getBlackboard();
// See if the file belongs to any defined interesting files set. // See if the file belongs to any defined interesting files set.
List<FilesSet> filesSets = FilesIdentifierIngestModule.interestingFileSetsByJob.get(this.context.getJobId()); List<FilesSet> filesSets = FilesIdentifierIngestModule.interestingFileSetsByJob.get(this.context.getJobId());
for (FilesSet filesSet : filesSets) { for (FilesSet filesSet : filesSets) {
@ -110,7 +117,16 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
// interesting files set membership rule that was satisfied. // interesting files set membership rule that was satisfied.
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, ruleSatisfied); BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, ruleSatisfied);
artifact.addAttribute(ruleNameAttribute); artifact.addAttribute(ruleNameAttribute);
try {
// index the artifact for keyword search
blackboard.indexArtifact(artifact);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.error.msg", artifact.getDisplayName()), ex); //NON-NLS
MessageNotifyUtil.Notify.error(
NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), artifact.getDisplayName());
}
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact))); IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact)));
} catch (TskCoreException ex) { } catch (TskCoreException ex) {

19
Core/src/org/sleuthkit/autopsy/modules/stix/StixArtifactData.java
View File

@ -18,9 +18,12 @@
*/ */
package org.sleuthkit.autopsy.modules.stix; package org.sleuthkit.autopsy.modules.stix;
import java.util.ArrayList; import java.util.logging.Level;
import java.util.Collection; import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.Blackboard;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
@ -35,6 +38,7 @@ class StixArtifactData {
private AbstractFile file; private AbstractFile file;
private final String observableId; private final String observableId;
private final String objType; private final String objType;
private static final Logger logger = Logger.getLogger(StixArtifactData.class.getName());
public StixArtifactData(AbstractFile a_file, String a_observableId, String a_objType) { public StixArtifactData(AbstractFile a_file, String a_observableId, String a_objType) {
file = a_file; file = a_file;
@ -55,7 +59,7 @@ class StixArtifactData {
} }
public void createArtifact(String a_title) throws TskCoreException { public void createArtifact(String a_title) throws TskCoreException {
Collection<BlackboardAttribute> attrs = new ArrayList<BlackboardAttribute>(); Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
String setName; String setName;
if (a_title != null) { if (a_title != null) {
@ -68,6 +72,15 @@ class StixArtifactData {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), "Stix", setName)); //NON-NLS bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), "Stix", setName)); //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "Stix", observableId)); //NON-NLS bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(), "Stix", observableId)); //NON-NLS
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), "Stix", objType)); //NON-NLS bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), "Stix", objType)); //NON-NLS
try {
// index the artifact for keyword search
blackboard.indexArtifact(bba);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.error.msg", bba.getDisplayName()), ex); //NON-NLS
MessageNotifyUtil.Notify.error(
NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), bba.getDisplayName());
}
} }
public void print() { public void print() {