23 package org.sleuthkit.autopsy.recentactivity;
25 import java.util.ArrayList;
26 import java.util.List;
27 import java.util.logging.Level;
29 import org.openide.util.NbBundle;
31 import java.util.Collection;
40 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
42 import org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
50 class RecentDocumentsByLnk
extends Extract {
52 private static final Logger logger = Logger.getLogger(RecentDocumentsByLnk.class.getName());
53 private IngestServices services = IngestServices.getInstance();
54 private Content dataSource;
55 private IngestJobContext context;
64 private void getRecentDocuments() {
67 List<AbstractFile> recentFiles;
69 recentFiles = fileManager.
findFiles(dataSource,
"%.lnk",
"Recent");
70 }
catch (TskCoreException ex) {
71 logger.log(Level.WARNING,
"Error searching for .lnk files.");
73 NbBundle.getMessage(
this.getClass(),
"RecentDocumentsByLnk.getRecDoc.errMsg.errGetLnkFiles",
78 if (recentFiles.isEmpty()) {
79 logger.log(Level.INFO,
"Didn't find any recent files.");
84 for (AbstractFile recentFile : recentFiles) {
85 if (context.dataSourceIngestIsCancelled()) {
89 if (recentFile.getSize() == 0) {
93 JLnkParser lnkParser =
new JLnkParser(
new ReadContentInputStream(recentFile), (
int) recentFile.getSize());
95 lnk = lnkParser.parse();
96 }
catch (JLnkParserException e) {
98 boolean unalloc = recentFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)
99 || recentFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC);
100 if (unalloc ==
false) {
101 logger.log(Level.WARNING,
"Error lnk parsing the file to get recent files {0}", recentFile);
106 Collection<BlackboardAttribute> bbattributes =
new ArrayList<>();
107 String path = lnk.getBestPath();
108 bbattributes.add(
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH,
109 NbBundle.getMessage(
this.getClass(),
110 "RecentDocumentsByLnk.parentModuleName.noSpace"),
112 bbattributes.add(
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH_ID,
113 NbBundle.getMessage(
this.getClass(),
114 "RecentDocumentsByLnk.parentModuleName.noSpace"),
115 Util.findID(dataSource, path)));
116 bbattributes.add(
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME,
117 NbBundle.getMessage(
this.getClass(),
118 "RecentDocumentsByLnk.parentModuleName.noSpace"),
119 recentFile.getCrtime()));
120 this.addArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT, recentFile, bbattributes);
122 services.fireModuleDataEvent(
new ModuleDataEvent(
123 NbBundle.getMessage(
this.getClass(),
"RecentDocumentsByLnk.parentModuleName"),
124 BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT));
128 public void process(Content dataSource, IngestJobContext context) {
129 this.dataSource = dataSource;
130 this.context = context;
132 this.getRecentDocuments();
synchronized List< AbstractFile > findFiles(String fileName)