Autopsy
3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.ingest.DataSourceIngestModule.
Public Member Functions | |
void | startUp (IngestJobContext context) throws IngestModuleException |
ProcessResult | process (Content dataSource, DataSourceIngestModuleProgress progressBar) |
Private Member Functions | |
void | generateSimulatedResults (String resultsFilePath) throws ParserConfigurationException, IOException, TransformerConfigurationException, TransformerException |
List< String > | generateSimulatedDerivedFiles () throws IOException |
List< String > | generateSimulatedReports () throws IOException |
String | generateFile (String fileName, byte[] fileContents) throws IOException |
void | generateSimulatedResultsFile (List< String > derivedFilePaths, List< String > reportPaths, String resultsFilePath) throws ParserConfigurationException, TransformerConfigurationException, TransformerException |
Private Attributes | |
final String | fileInCaseDatabase = "/WINDOWS/system32/ntmsapi.dll" |
IngestJobContext | context |
String | outputDirPath |
String | derivedFileInCaseDatabase |
Static Private Attributes | |
static final IngestModuleReferenceCounter | refCounter = new IngestModuleReferenceCounter() |
static final String | moduleName = SampleExecutableIngestModuleFactory.getModuleName() |
Sample data source ingest module that doesn't do much. Demonstrates use of utility classes: ExecUtils and the org.sleuthkit.autopsy.externalresults package.
Definition at line 73 of file SampleExecutableDataSourceIngestModule.java.
|
private |
|
private |
Definition at line 159 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateFile(), and org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId().
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults().
|
private |
Definition at line 172 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateFile(), and org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId().
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults().
|
private |
Definition at line 153 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedDerivedFiles(), org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedReports(), and org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResultsFile().
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.process().
|
private |
Definition at line 195 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ARTIFACT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ARTIFACTS_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ATTRIBUTE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.DERIVED_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.DERIVED_FILES_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.LOCAL_PATH_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.PARENT_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORT_NAME_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORTS_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ROOT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.SOURCE_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.SOURCE_MODULE_ELEM, org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_SET_NAME, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeNames.TYPE_ATTR, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.VALUE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_DOUBLE, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_INT32, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_INT64, and org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_TEXT.
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults().
ProcessResult org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.process | ( | Content | dataSource, |
DataSourceIngestModuleProgress | progressBar | ||
) |
Processes a data source. Called once between calls to startUp() and shutDown().
dataSource | The data source to process. |
progressBar | A progress bar to be used to report progress. |
Implements org.sleuthkit.autopsy.ingest.DataSourceIngestModule.
Definition at line 96 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.ingest.IngestMessage.createErrorMessage(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.coreutils.ExecUtil.execute(), org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults(), org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter.get(), org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.getErrorInfo(), org.sleuthkit.autopsy.ingest.IngestServices.getInstance(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.ingest.IngestServices.getLogger(), org::sleuthkit::datamodel::Image.getPaths(), org.sleuthkit.autopsy.externalresults.ExternalResultsImporter.importResults(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.parse(), org.sleuthkit.autopsy.ingest.IngestServices.postMessage(), org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.progress(), and org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.switchToDeterminate().
void org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.startUp | ( | IngestJobContext | context | ) | throws IngestModuleException |
Invoked by Autopsy to allow an ingest module instance to set up any internal data structures and acquire any private resources it will need during an ingest job. If the module depends on loading any resources, it should do so in this method so that it can throw an exception in the case of an error and alert the user. Exceptions that are thrown from process() and shutDown() are logged, but do not stop processing of the data source.
context | Provides data and services specific to the ingest job and the ingest pipeline of which the module is a part. |
Implements org.sleuthkit.autopsy.ingest.IngestModule.
Definition at line 83 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.context, org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getModulesOutputDirAbsPath(), org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter.incrementAndGet(), and org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.moduleName.
|
private |
Definition at line 78 of file SampleExecutableDataSourceIngestModule.java.
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.startUp().
|
private |
Definition at line 80 of file SampleExecutableDataSourceIngestModule.java.
|
private |
Definition at line 77 of file SampleExecutableDataSourceIngestModule.java.
|
staticprivate |
Definition at line 76 of file SampleExecutableDataSourceIngestModule.java.
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.startUp().
|
private |
Definition at line 79 of file SampleExecutableDataSourceIngestModule.java.
|
staticprivate |
Definition at line 75 of file SampleExecutableDataSourceIngestModule.java.
Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.