Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
CustomArtifactsCreatorIngestModule.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.report.testfixtures;
20 
21 import java.util.ArrayList;
22 import java.util.List;
23 import java.util.logging.Level;
24 import javax.xml.bind.DatatypeConverter;
30 import org.sleuthkit.datamodel.AbstractFile;
31 import org.sleuthkit.datamodel.BlackboardArtifact;
32 import org.sleuthkit.datamodel.BlackboardAttribute;
33 import org.sleuthkit.datamodel.TskCoreException;
34 import org.openide.util.NbBundle;
35 
40 @NbBundle.Messages({
41  "ErrorCreatingCustomBlackBoardType=Error creating custom blackboard type."
42 })
43 final class CustomArtifactsCreatorIngestModule extends FileIngestModuleAdapter {
44 
45  private static final Logger logger = Logger.getLogger(CustomArtifactsCreatorIngestModule.class.getName());
46  private static final String moduleName = CustomArtifactsCreatorIngestModuleFactory.getModuleName();
47  private static final String ARTIFACT_TYPE_NAME = "AUT_ARTIFACT";
48  private static final String ARTIFACT_DISPLAY_NAME = "Autopsy Artifact";
49  private static final String INT_ATTR_TYPE_NAME = "AUT_INT_ATTRIBUTE";
50  private static final String INT_ATTR_DISPLAY_NAME = "Autopsy Integer";
51  private static final String DOUBLE_ATTR_TYPE_NAME = "AUT_DOUBLE_ATTRIBUTE";
52  private static final String DOUBLE_ATTR_DISPLAY_NAME = "Autopsy Double";
53  private static final String LONG_ATTR_TYPE_NAME = "AUT_LONG_ATTRIBUTE";
54  private static final String LONG_ATTR_DISPLAY_NAME = "Autopsy Long";
55  private static final String DATETIME_ATTR_TYPE_NAME = "AUT_DATETIME_ATTRIBUTE";
56  private static final String DATETIME_ATTR_DISPLAY_NAME = "Autopsy Datetime";
57  private static final String BYTES_ATTR_TYPE_NAME = "AUT_BYTES_ATTRIBUTE";
58  private static final String BYTES_ATTR_DISPLAY_NAME = "Autopsy Bytes";
59  private static final String STRING_ATTR_TYPE_NAME = "AUT_STRING_ATTRIBUTE";
60  private static final String STRING_ATTR_DISPLAY_NAME = "Autopsy String";
61  private BlackboardArtifact.Type artifactType;
62  private BlackboardAttribute.Type intAttrType;
63  private BlackboardAttribute.Type doubleAttrType;
64  private BlackboardAttribute.Type longAttributeType;
65  private BlackboardAttribute.Type dateTimeAttrType;
66  private BlackboardAttribute.Type bytesAttrType;
67  private BlackboardAttribute.Type stringAttrType;
68 
69  @Override
70  public void startUp(IngestJobContext context) throws IngestModuleException {
72  try {
73  artifactType = blackboard.getOrAddArtifactType(ARTIFACT_TYPE_NAME, ARTIFACT_DISPLAY_NAME);
74  intAttrType = blackboard.getOrAddAttributeType(INT_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.INTEGER, INT_ATTR_DISPLAY_NAME);
75  doubleAttrType = blackboard.getOrAddAttributeType(DOUBLE_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DOUBLE, DOUBLE_ATTR_DISPLAY_NAME);
76  longAttributeType = blackboard.getOrAddAttributeType(LONG_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG, LONG_ATTR_DISPLAY_NAME);
77  dateTimeAttrType = blackboard.getOrAddAttributeType(DATETIME_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME, DATETIME_ATTR_DISPLAY_NAME);
78  bytesAttrType = blackboard.getOrAddAttributeType(BYTES_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE, BYTES_ATTR_DISPLAY_NAME);
79  stringAttrType = blackboard.getOrAddAttributeType(STRING_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, STRING_ATTR_DISPLAY_NAME);
80  } catch (Blackboard.BlackboardException ex) {
81  throw new IngestModuleException(Bundle.ErrorCreatingCustomBlackBoardType(), ex);
82  }
83  }
84 
85  @Override
86  public ProcessResult process(AbstractFile file) {
87  /*
88  * Skip directories and virtual files.
89  */
90  if (file.isDir() || file.isVirtual()) {
91  return ProcessResult.OK;
92  }
93 
94  /*
95  * Add a custom artifact with one custom attribute of each value type.
96  */
97  try {
98  BlackboardArtifact artifact = file.newArtifact(artifactType.getTypeID());
99  List<BlackboardAttribute> attributes = new ArrayList<>();
100  attributes.add(new BlackboardAttribute(intAttrType, moduleName, 0));
101  attributes.add(new BlackboardAttribute(doubleAttrType, moduleName, 0.0));
102  attributes.add(new BlackboardAttribute(longAttributeType, moduleName, 0L));
103  attributes.add(new BlackboardAttribute(dateTimeAttrType, moduleName, 60L));
104  attributes.add(new BlackboardAttribute(bytesAttrType, moduleName, DatatypeConverter.parseHexBinary("ABCD")));
105  attributes.add(new BlackboardAttribute(stringAttrType, moduleName, "Zero"));
106  artifact.addAttributes(attributes);
107  } catch (TskCoreException ex) {
108  logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
109  return ProcessResult.ERROR;
110  }
111 
112  return ProcessResult.OK;
113  }
114 
115 }
synchronized BlackboardAttribute.Type getOrAddAttributeType(String typeName, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName)
synchronized BlackboardArtifact.Type getOrAddArtifactType(String typeName, String displayName)
Definition: Blackboard.java:86
synchronized static Logger getLogger(String name)
Definition: Logger.java:161

Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.