Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule Class Reference

Inherits org.sleuthkit.autopsy.ingest.DataSourceIngestModule.

Public Member Functions

ProcessResult process (Content dataSource, DataSourceIngestModuleProgress progressBar)
 
void startUp (IngestJobContext context) throws IngestModuleException
 

Private Member Functions

String generateFile (String fileName, byte[] fileContents) throws IOException
 
List< String > generateSimulatedDerivedFiles () throws IOException
 
List< String > generateSimulatedReports () throws IOException
 
void generateSimulatedResults (String resultsFilePath) throws ParserConfigurationException, IOException, TransformerConfigurationException, TransformerException
 
void generateSimulatedResultsFile (List< String > derivedFilePaths, List< String > reportPaths, String resultsFilePath) throws ParserConfigurationException, TransformerConfigurationException, TransformerException
 

Private Attributes

IngestJobContext context
 
String derivedFileInCaseDatabase
 
final String fileInCaseDatabase = "/WINDOWS/system32/ntmsapi.dll"
 
String outputDirPath
 

Static Private Attributes

static final String moduleName = SampleExecutableIngestModuleFactory.getModuleName()
 
static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter()
 

Detailed Description

Sample data source ingest module that doesn't do much. Demonstrates use of utility classes: ExecUtils and the org.sleuthkit.autopsy.externalresults package.

Definition at line 73 of file SampleExecutableDataSourceIngestModule.java.

Member Function Documentation

String org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateFile ( String  fileName,
byte[]  fileContents 
) throws IOException
private
List<String> org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedDerivedFiles ( ) throws IOException
private
List<String> org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedReports ( ) throws IOException
private
void org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults ( String  resultsFilePath) throws ParserConfigurationException, IOException, TransformerConfigurationException, TransformerException
private
void org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResultsFile ( List< String >  derivedFilePaths,
List< String >  reportPaths,
String  resultsFilePath 
) throws ParserConfigurationException, TransformerConfigurationException, TransformerException
private

Definition at line 194 of file SampleExecutableDataSourceIngestModule.java.

References org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ARTIFACT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ARTIFACTS_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ATTRIBUTE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.DERIVED_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.DERIVED_FILES_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.LOCAL_PATH_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.PARENT_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORT_NAME_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORTS_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ROOT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.SOURCE_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.SOURCE_MODULE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeNames.TYPE_ATTR, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.VALUE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_DATETIME, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_DOUBLE, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_INT32, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_INT64, and org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_TEXT.

Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults().

ProcessResult org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.process ( Content  dataSource,
DataSourceIngestModuleProgress  progressBar 
)
void org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.startUp ( IngestJobContext  context) throws IngestModuleException

Invoked by Autopsy to allow an ingest module instance to set up any internal data structures and acquire any private resources it will need during an ingest job. If the module depends on loading any resources, it should do so in this method so that it can throw an exception in the case of an error and alert the user. Exceptions that are thrown from process() and shutDown() are logged, but do not stop processing of the data source.

Parameters
contextProvides data and services specific to the ingest job and the ingest pipeline of which the module is a part.
Exceptions
org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException

Implements org.sleuthkit.autopsy.ingest.IngestModule.

Definition at line 83 of file SampleExecutableDataSourceIngestModule.java.

References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.context, org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getModuleDirectory(), org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter.incrementAndGet(), and org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.moduleName.

Member Data Documentation

IngestJobContext org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.context
private
String org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.derivedFileInCaseDatabase
private

Definition at line 80 of file SampleExecutableDataSourceIngestModule.java.

final String org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.fileInCaseDatabase = "/WINDOWS/system32/ntmsapi.dll"
private

Definition at line 77 of file SampleExecutableDataSourceIngestModule.java.

final String org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.moduleName = SampleExecutableIngestModuleFactory.getModuleName()
staticprivate
String org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.outputDirPath
private

Definition at line 79 of file SampleExecutableDataSourceIngestModule.java.

final IngestModuleReferenceCounter org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.refCounter = new IngestModuleReferenceCounter()
staticprivate

Definition at line 75 of file SampleExecutableDataSourceIngestModule.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2016 Basis Technology. Generated on: Mon Jan 2 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.