mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-11 23:46:15 +00:00
Merge remote-tracking branch 'upstream/master'
This commit is contained in:
Richard Cordovano
commit
fc81760167
@ -902,7 +902,7 @@ public class IngestManager {
|
||||
abstractFileModulesRetValues.clear();
|
||||
}
|
||||
|
||||
logger.log(Level.INFO, "IngestManager: Processing: {0}", fileToProcess.getName());
|
||||
//logger.log(Level.INFO, "IngestManager: Processing: {0}", fileToProcess.getName());
|
||||
progress.progress(fileToProcess.getName(), processedFiles);
|
||||
for (IngestModuleAbstractFile module : fileIngestTask.getModules()) {
|
||||
//process the file with every file module
|
||||
|
||||
@ -781,7 +781,7 @@ public final class KeywordSearchIngestModule extends IngestModuleAbstractFile {
|
||||
}
|
||||
}
|
||||
}
|
||||
logger.log(Level.INFO, "Detected format: " + aFile.getName() + " " + detectedFormat);
|
||||
//logger.log(Level.INFO, "Detected format: " + aFile.getName() + " " + detectedFormat);
|
||||
|
||||
// we skip archive formats that are opened by the archive module.
|
||||
// @@@ We could have a check here to see if the archive module was enabled though...
|
||||
|
||||
@ -94,7 +94,7 @@ public class ThunderbirdEmailParser {
|
||||
return this.tika.detect(firstFewBytes, inDocName);
|
||||
}
|
||||
|
||||
public boolean isValidMimeTypeMbox(byte[] buffer) {
|
||||
static public boolean isValidMimeTypeMbox(byte[] buffer) {
|
||||
return (new String(buffer)).startsWith("From ");
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* Autopsy Forensic Browser
|
||||
*
|
||||
* Copyright 2011 Basis Technology Corp.
|
||||
* Copyright 2011-2013 Basis Technology Corp.
|
||||
* Contact: carrier <at> sleuthkit <dot> org
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -29,30 +29,33 @@ import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.logging.Level;
|
||||
import org.apache.commons.lang.StringEscapeUtils;
|
||||
import org.apache.tika.exception.TikaException;
|
||||
import org.apache.tika.metadata.Metadata;
|
||||
import org.sleuthkit.autopsy.ingest.IngestServices;
|
||||
import org.sleuthkit.autopsy.ingest.IngestModuleAbstract.*;
|
||||
import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
|
||||
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||
import org.sleuthkit.datamodel.ReadContentInputStream;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskException;
|
||||
import org.xml.sax.SAXException;
|
||||
import org.apache.commons.lang.StringEscapeUtils;
|
||||
import org.sleuthkit.autopsy.casemodule.Case;
|
||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import org.sleuthkit.autopsy.datamodel.ContentUtils;
|
||||
import org.sleuthkit.autopsy.ingest.PipelineContext;
|
||||
import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
|
||||
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
|
||||
import org.sleuthkit.autopsy.ingest.IngestServices;
|
||||
import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
|
||||
import org.sleuthkit.autopsy.ingest.PipelineContext;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.ReadContentInputStream;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
import org.sleuthkit.datamodel.TskException;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
/**
|
||||
* File-level ingest module that detects MBOX files based on signature.
|
||||
* Understands Thunderbird folder layout to provide additional structure and metadata.
|
||||
*/
|
||||
public class ThunderbirdMboxFileIngestModule extends IngestModuleAbstractFile {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName());
|
||||
@ -73,16 +76,14 @@ public class ThunderbirdMboxFileIngestModule extends IngestModuleAbstractFile {
|
||||
|
||||
@Override
|
||||
public ProcessResult process(PipelineContext<IngestModuleAbstractFile>ingestContext, AbstractFile abstractFile) {
|
||||
ThunderbirdEmailParser mbox = new ThunderbirdEmailParser();
|
||||
boolean isMbox = false;
|
||||
|
||||
IngestModuleAbstractFile.ProcessResult hashDBResult =
|
||||
services.getAbstractFileModuleResult(hashDBModuleName);
|
||||
|
||||
if (abstractFile.getKnown().equals(
|
||||
TskData.FileKnown.KNOWN)) {
|
||||
return ProcessResult.OK; //file is known, stop processing it
|
||||
} else if (hashDBResult == IngestModuleAbstractFile.ProcessResult.ERROR) {
|
||||
}
|
||||
|
||||
IngestModuleAbstractFile.ProcessResult hashDBResult =
|
||||
services.getAbstractFileModuleResult(hashDBModuleName);
|
||||
if (hashDBResult == IngestModuleAbstractFile.ProcessResult.ERROR) {
|
||||
return ProcessResult.ERROR; //file has read error, stop processing it
|
||||
}
|
||||
|
||||
@ -90,20 +91,23 @@ public class ThunderbirdMboxFileIngestModule extends IngestModuleAbstractFile {
|
||||
return ProcessResult.OK;
|
||||
}
|
||||
|
||||
boolean isMbox = false;
|
||||
try {
|
||||
byte[] t = new byte[64];
|
||||
if (abstractFile.getSize() > 64) {
|
||||
int byteRead = abstractFile.read(t, 0, 64);
|
||||
if (byteRead > 0) {
|
||||
isMbox = mbox.isValidMimeTypeMbox(t);
|
||||
isMbox = ThunderbirdEmailParser.isValidMimeTypeMbox(t);
|
||||
}
|
||||
}
|
||||
} catch (TskException ex) {
|
||||
logger.log(Level.WARNING, null, ex);
|
||||
}
|
||||
|
||||
if (isMbox == false) {
|
||||
return ProcessResult.OK;
|
||||
}
|
||||
|
||||
if (isMbox) {
|
||||
logger.log(Level.INFO, "ThunderbirdMboxFileIngestModule: Parsing {0}", abstractFile.getName());
|
||||
|
||||
String mboxName = abstractFile.getName();
|
||||
@ -154,6 +158,7 @@ public class ThunderbirdMboxFileIngestModule extends IngestModuleAbstractFile {
|
||||
replace = "";
|
||||
|
||||
}
|
||||
|
||||
String folderPath = mboxPath.substring(index);
|
||||
folderPath = folderPath.replaceAll(replace, "");
|
||||
folderPath = folderPath + mboxName;
|
||||
@ -179,6 +184,7 @@ public class ThunderbirdMboxFileIngestModule extends IngestModuleAbstractFile {
|
||||
String subject = "";
|
||||
String cc = "";
|
||||
String bcc = "";
|
||||
ThunderbirdEmailParser mbox = new ThunderbirdEmailParser();
|
||||
try {
|
||||
ReadContentInputStream contentStream = new ReadContentInputStream(abstractFile);
|
||||
mbox.parse(contentStream);
|
||||
@ -225,11 +231,8 @@ public class ThunderbirdMboxFileIngestModule extends IngestModuleAbstractFile {
|
||||
Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex);
|
||||
} catch (IOException ex) {
|
||||
Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex);
|
||||
} catch (SAXException ex) {
|
||||
} catch (SAXException | TikaException ex) {
|
||||
Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex);
|
||||
} catch (TikaException ex) {
|
||||
Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName()).log(Level.WARNING, null, ex);
|
||||
}
|
||||
}
|
||||
|
||||
return ProcessResult.OK;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user