/* * * Autopsy Forensic Browser * * Copyright 2012 Basis Technology Corp. * * Copyright 2012 42six Solutions. * Contact: aebadirad 42six com * Project Contact/Architect: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.sleuthkit.autopsy.recentactivity; import java.io.File; import java.util.ArrayList; import java.util.List; import java.util.logging.Level; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Version; import org.sleuthkit.autopsy.ingest.PipelineContext; import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController; import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType; import org.sleuthkit.autopsy.ingest.IngestModuleDataSource; import org.sleuthkit.autopsy.ingest.IngestModuleInit; import org.sleuthkit.datamodel.Content; /** * Recent activity image ingest module * */ public final class RAImageIngestModule extends IngestModuleDataSource { private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName()); private static RAImageIngestModule defaultInstance = null; private IngestServices services; private static int messageId = 0; private StringBuilder subCompleted = new StringBuilder(); private ArrayList modules; private List browserModules; final private static String MODULE_VERSION = Version.getVersion(); //public constructor is required //as multiple instances are created for processing multiple images simultenously public RAImageIngestModule() { } @Override public void process(PipelineContextpipelineContext, Content dataSource, IngestDataSourceWorkerController controller) { services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.started", dataSource.getName()))); controller.switchToDeterminate(modules.size()); controller.progress(0); ArrayList errors = new ArrayList<>(); for (int i = 0; i < modules.size(); i++) { Extract module = modules.get(i); if (controller.isCancelled()) { logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", module.getName()); break; } try { module.process(pipelineContext, dataSource, controller); } catch (Exception ex) { logger.log(Level.SEVERE, "Exception occurred in " + module.getName(), ex); subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed", module.getName())); errors.add( NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", module.getName())); } controller.progress(i + 1); errors.addAll(module.getErrorMessages()); } // create the final message for inbox StringBuilder errorMessage = new StringBuilder(); String errorMsgSubject; MessageType msgLevel = MessageType.INFO; if (errors.isEmpty() == false) { msgLevel = MessageType.ERROR; errorMessage.append( NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered")); for (String msg : errors) { errorMessage.append("

").append(msg).append("

\n"); } errorMessage.append("\n"); if (errors.size() == 1) { errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr"); } else { errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.nErrs", errors.size()); } } else { errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs")); errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs"); } final IngestMessage msg = IngestMessage.createMessage(++messageId, msgLevel, this, NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.ingestMsg.finished", dataSource.getName(), errorMsgSubject), errorMessage.toString()); services.postMessage(msg); StringBuilder historyMsg = new StringBuilder(); historyMsg.append( NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName())); for (Extract module : browserModules) { historyMsg.append("

").append(module.getName()); historyMsg.append(": ").append((module.foundData()) ? NbBundle .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd")); historyMsg.append("

"); } historyMsg.append(""); final IngestMessage inboxMsg = IngestMessage.createMessage(++messageId, MessageType.INFO, this, NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.ingestMsg.results", dataSource.getName()), historyMsg.toString()); services.postMessage(inboxMsg); } @Override public void complete() { logger.log(Level.INFO, "complete() " + this.toString()); // close modules for (int i = 0; i < modules.size(); i++) { Extract module = modules.get(i); try { module.complete(); } catch (Exception ex) { logger.log(Level.SEVERE, "Exception occurred when completing " + module.getName(), ex); subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed", module.getName())); } } //module specific cleanup due to completion here } @Override public String getName() { return NbBundle.getMessage(this.getClass(), "RAImageIngestModule.getName"); } @Override public String getDescription() { return NbBundle.getMessage(this.getClass(), "RAImageIngestModule.getDesc"); } @Override public void init(IngestModuleInit initContext) throws IngestModuleException { modules = new ArrayList<>(); browserModules = new ArrayList(); logger.log(Level.INFO, "init() {0}", this.toString()); services = IngestServices.getDefault(); final Extract registry = new ExtractRegistry(); final Extract iexplore = new ExtractIE(); final Extract recentDocuments= new RecentDocumentsByLnk(); final Extract chrome = new Chrome(); final Extract firefox = new Firefox(); final Extract SEUQA = new SearchEngineURLQueryAnalyzer(); modules.add(chrome); modules.add(firefox); modules.add(iexplore); modules.add(recentDocuments); // this needs to run after the web browser modules modules.add(SEUQA); // this runs last because it is slowest modules.add(registry); browserModules.add(chrome); browserModules.add(firefox); browserModules.add(iexplore); for (Extract module : modules) { try { module.init(initContext); } catch (IngestModuleException ex) { logger.log(Level.SEVERE, "Exception during init() of " + module.getName(), ex); } } } @Override public void stop() { logger.log(Level.INFO, "RAImageIngetModule::stop()"); for (Extract module : modules) { try { module.stop(); } catch (Exception ex) { logger.log(Level.SEVERE, "Exception during stop() of " + module.getName(), ex); } } logger.log(Level.INFO, "Recent Activity processes has been shutdown."); } @Override public String getVersion() { return MODULE_VERSION; } @Override public boolean hasBackgroundJobsRunning() { return false; } /** * Get the temp path for a specific sub-module in recent activity. Will create the dir if it doesn't exist. * @param a_case Case that directory is for * @param mod Module name that will be used for a sub folder in the temp folder to prevent name collisions * @return Path to directory */ protected static String getRATempPath(Case a_case, String mod) { String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod; File dir = new File(tmpDir); if (dir.exists() == false) { dir.mkdirs(); } return tmpDir; } /** * Get the output path for a specific sub-module in recent activity. Will create the dir if it doesn't exist. * @param a_case Case that directory is for * @param mod Module name that will be used for a sub folder in the temp folder to prevent name collisions * @return Path to directory */ protected static String getRAOutputPath(Case a_case, String mod) { String tmpDir = a_case.getModulesOutputDirAbsPath() + File.separator + "RecentActivity" + File.separator + mod; File dir = new File(tmpDir); if (dir.exists() == false) { dir.mkdirs(); } return tmpDir; } }