Autopsy: /home/carriersleuth/repos/autopsy/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java Source File

Autopsy  4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Extract.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2019 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.io.IOException;
27 import java.nio.file.Path;
28 import java.nio.file.Paths;
29 import java.sql.ResultSet;
30 import java.sql.ResultSetMetaData;
31 import java.sql.SQLException;
32 import java.util.ArrayList;
33 import java.util.Collection;
34 import java.util.Collections;
35 import java.util.HashMap;
36 import java.util.List;
37 import java.util.logging.Level;
38 import org.openide.util.NbBundle.Messages;
39 import org.sleuthkit.autopsy.casemodule.Case;
40 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
41 import org.sleuthkit.autopsy.coreutils.Logger;
42 import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;
43 import org.sleuthkit.autopsy.datamodel.ContentUtils;
44 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
45 import org.sleuthkit.autopsy.ingest.IngestJobContext;
46 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
47 import org.sleuthkit.datamodel.AbstractFile;
48 import org.sleuthkit.datamodel.Blackboard;
49 import org.sleuthkit.datamodel.BlackboardArtifact;
50 import org.sleuthkit.datamodel.BlackboardAttribute;
51 import org.sleuthkit.datamodel.Content;
52 import org.sleuthkit.datamodel.SleuthkitCase;
53 import org.sleuthkit.datamodel.TskCoreException;
54 import org.sleuthkit.datamodel.TskException;
55 
56 
57 abstract class Extract {
58 
59  protected Case currentCase;
60  protected SleuthkitCase tskCase;
61  protected Blackboard blackboard;
62  private final Logger logger = Logger.getLogger(this.getClass().getName());
63  private final ArrayList<String> errorMessages = new ArrayList<>();
64  String moduleName = "";
65  boolean dataFound = false;
66 
67  Extract() {
68  }
69 
70  final void init() throws IngestModuleException {
71  try {
72  currentCase = Case.getCurrentCaseThrows();
73  tskCase = currentCase.getSleuthkitCase();
74  blackboard = tskCase.getBlackboard();
75  } catch (NoCurrentCaseException ex) {
76  throw new IngestModuleException(Bundle.Extract_indexError_message(), ex);
77  }
78  configExtractor();
79  }
80 
86  void configExtractor() throws IngestModuleException {
87  }
88 
89  abstract void process(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar);
90 
91  void complete() {
92  }
93 
99  List<String> getErrorMessages() {
100  return errorMessages;
101  }
102 
108  protected void addErrorMessage(String message) {
109  errorMessages.add(message);
110  }
111 
124  protected BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE type, Content content, Collection<BlackboardAttribute> bbattributes) {
125  try {
126  BlackboardArtifact bbart = content.newArtifact(type);
127  bbart.addAttributes(bbattributes);
128  return bbart;
129  } catch (TskException ex) {
130  logger.log(Level.WARNING, "Error while trying to add an artifact", ex); //NON-NLS
131  }
132  return null;
133  }
134 
140  @Messages({"Extract.indexError.message=Failed to index artifact for keyword search.",
141  "Extract.noOpenCase.errMsg=No open case available."})
142  void postArtifact(BlackboardArtifact bbart) {
143  if(bbart == null) {
144  return;
145  }
146 
147  try {
148  // index the artifact for keyword search
149  blackboard.postArtifact(bbart, getName());
150  } catch (Blackboard.BlackboardException ex) {
151  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getDisplayName(), ex); //NON-NLS
152  }
153  }
154 
160  void postArtifacts(Collection<BlackboardArtifact> artifacts) {
161  if(artifacts == null || artifacts.isEmpty()) {
162  return;
163  }
164 
165  try{
166  blackboard.postArtifacts(artifacts, getName());
167  } catch (Blackboard.BlackboardException ex) {
168  logger.log(Level.SEVERE, "Unable to post blackboard artifacts", ex); //NON-NLS
169  }
170  }
171 
183  protected List<HashMap<String, Object>> dbConnect(String path, String query) {
184  ResultSet temprs;
185  List<HashMap<String, Object>> list;
186  String connectionString = "jdbc:sqlite:" + path; //NON-NLS
187  SQLiteDBConnect tempdbconnect = null;
188  try {
189  tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
190  temprs = tempdbconnect.executeQry(query);
191  list = this.resultSetToArrayList(temprs);
192  } catch (SQLException ex) {
193  logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
194  return Collections.<HashMap<String, Object>>emptyList();
195  }
196  finally {
197  if (tempdbconnect != null) {
198  tempdbconnect.closeConnection();
199  }
200  }
201  return list;
202  }
203 
211  private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
212  ResultSetMetaData md = rs.getMetaData();
213  int columns = md.getColumnCount();
214  List<HashMap<String, Object>> list = new ArrayList<>(50);
215  while (rs.next()) {
216  HashMap<String, Object> row = new HashMap<>(columns);
217  for (int i = 1; i <= columns; ++i) {
218  if (rs.getObject(i) == null) {
219  row.put(md.getColumnName(i), "");
220  } else {
221  row.put(md.getColumnName(i), rs.getObject(i));
222  }
223  }
224  list.add(row);
225  }
226 
227  return list;
228  }
229 
235  protected String getName() {
236  return moduleName;
237  }
238 
239  protected String getRAModuleName() {
240  return RecentActivityExtracterModuleFactory.getModuleName();
241  }
242 
247  public boolean foundData() {
248  return dataFound;
249  }
250 
255  protected void setFoundData(boolean foundData){
256  dataFound = foundData;
257  }
258 
263  protected Case getCurrentCase(){
264  return this.currentCase;
265  }
266 
280  protected Collection<BlackboardAttribute> createHistoryAttribute(String url, Long accessTime,
281  String referrer, String title, String programName, String domain, String user) throws TskCoreException {
282 
283  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
284  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
285  RecentActivityExtracterModuleFactory.getModuleName(),
286  (url != null) ? url : "")); //NON-NLS
287 
288  if (accessTime != null) {
289  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
290  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
291  }
292 
293  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
294  RecentActivityExtracterModuleFactory.getModuleName(),
295  (referrer != null) ? referrer : "")); //NON-NLS
296 
297  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
298  RecentActivityExtracterModuleFactory.getModuleName(),
299  (title != null) ? title : "")); //NON-NLS
300 
301  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
302  RecentActivityExtracterModuleFactory.getModuleName(),
303  (programName != null) ? programName : "")); //NON-NLS
304 
305  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
306  RecentActivityExtracterModuleFactory.getModuleName(),
307  (domain != null) ? domain : "")); //NON-NLS
308 
309  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
310  RecentActivityExtracterModuleFactory.getModuleName(),
311  (user != null) ? user : "")); //NON-NLS
312 
313  return bbattributes;
314  }
315 
327  protected Collection<BlackboardAttribute> createCookieAttributes(String url,
328  Long creationTime, String name, String value, String programName, String domain) {
329 
330  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
331  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
332  RecentActivityExtracterModuleFactory.getModuleName(),
333  (url != null) ? url : "")); //NON-NLS
334 
335  if (creationTime != null) {
336  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
337  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
338  }
339 
340  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
341  RecentActivityExtracterModuleFactory.getModuleName(),
342  (name != null) ? name : "")); //NON-NLS
343 
344  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
345  RecentActivityExtracterModuleFactory.getModuleName(),
346  (value != null) ? value : "")); //NON-NLS
347 
348  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
349  RecentActivityExtracterModuleFactory.getModuleName(),
350  (programName != null) ? programName : "")); //NON-NLS
351 
352  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
353  RecentActivityExtracterModuleFactory.getModuleName(),
354  (domain != null) ? domain : "")); //NON-NLS
355 
356  return bbattributes;
357  }
358 
369  protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
370  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
371 
372  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
373  RecentActivityExtracterModuleFactory.getModuleName(),
374  (url != null) ? url : "")); //NON-NLS
375 
376  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
377  RecentActivityExtracterModuleFactory.getModuleName(),
378  (title != null) ? title : "")); //NON-NLS
379 
380  if (creationTime != null) {
381  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
382  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
383  }
384 
385  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
386  RecentActivityExtracterModuleFactory.getModuleName(),
387  (programName != null) ? programName : "")); //NON-NLS
388 
389  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
390  RecentActivityExtracterModuleFactory.getModuleName(),
391  (domain != null) ? domain : "")); //NON-NLS
392 
393  return bbattributes;
394  }
395 
406  protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
407  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
408 
409  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
410  RecentActivityExtracterModuleFactory.getModuleName(),
411  (path != null) ? path : "")); //NON-NLS
412 
413  if (pathID != null && pathID != -1) {
414  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
415  RecentActivityExtracterModuleFactory.getModuleName(),
416  pathID));
417  }
418 
419  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
420  RecentActivityExtracterModuleFactory.getModuleName(),
421  (url != null) ? url : "")); //NON-NLS
422 
423  if (accessTime != null) {
424  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
425  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
426  }
427 
428  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
429  RecentActivityExtracterModuleFactory.getModuleName(),
430  (domain != null) ? domain : "")); //NON-NLS
431 
432  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
433  RecentActivityExtracterModuleFactory.getModuleName(),
434  (programName != null) ? programName : "")); //NON-NLS
435 
436  return bbattributes;
437  }
438 
445  protected Collection<BlackboardAttribute> createDownloadSourceAttributes(String url) {
446  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
447 
448  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
449  RecentActivityExtracterModuleFactory.getModuleName(),
450  (url != null) ? url : "")); //NON-NLS
451 
452  return bbattributes;
453  }
454 
464  protected File createTemporaryFile(IngestJobContext context, AbstractFile file) throws IOException{
465  Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(
466  getCurrentCase(), getName()), file.getName() + file.getId() + file.getNameExtension());
467  java.io.File tempFile = tempFilePath.toFile();
468 
469  try {
470  ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
471  } catch (IOException ex) {
472  throw new IOException("Error writingToFile: " + file, ex); //NON-NLS
473  }
474 
475  return tempFile;
476  }
477 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:55

Copyright © 2012-2020 Basis Technology. Generated on: Mon Jul 6 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

AltStyle によって変換されたページ (->オリジナル) /