Autopsy 4.22.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Extract.java
Go to the documentation of this file.
1/*
2 *
3 * Autopsy Forensic Browser
4 *
5 * Copyright 2012-2021 Basis Technology Corp.
6 *
7 * Copyright 2012 42six Solutions.
8 * Contact: aebadirad <at> 42six <dot> com
9 * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 */
23package org.sleuthkit.autopsy.recentactivity;
24
25import java.io.File;
26import java.io.IOException;
27import java.nio.file.Path;
28import java.nio.file.Paths;
29import java.sql.ResultSet;
30import java.sql.ResultSetMetaData;
31import java.sql.SQLException;
32import java.util.ArrayList;
33import java.util.Collection;
34import java.util.Collections;
35import java.util.HashMap;
36import java.util.List;
37import java.util.logging.Level;
38import org.apache.commons.lang.StringUtils;
39import org.sleuthkit.autopsy.casemodule.Case;
40import org.sleuthkit.autopsy.coreutils.Logger;
41import org.sleuthkit.autopsy.coreutils.NetworkUtils;
42import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;
43import org.sleuthkit.autopsy.datamodel.ContentUtils;
44import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
45import org.sleuthkit.autopsy.ingest.IngestJobContext;
46import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
47import org.sleuthkit.datamodel.AbstractFile;
48import org.sleuthkit.datamodel.Blackboard;
49import org.sleuthkit.datamodel.BlackboardArtifact;
50import org.sleuthkit.datamodel.BlackboardArtifact.Category;
51import org.sleuthkit.datamodel.BlackboardAttribute;
52import org.sleuthkit.datamodel.Content;
53import org.sleuthkit.datamodel.Score;
54import org.sleuthkit.datamodel.SleuthkitCase;
55import org.sleuthkit.datamodel.TskCoreException;
56
57abstract class Extract {
58
59 protected final Case currentCase;
60 protected final SleuthkitCase tskCase;
61 private static final Logger logger = Logger.getLogger(Extract.class.getName());
62 private final ArrayList<String> errorMessages = new ArrayList<>();
63 private final String displayName;
64 protected boolean dataFound = false;
65 private final IngestJobContext context;
66
74 Extract(String displayName, IngestJobContext context) {
75 this.displayName = displayName;
76 this.context = context;
77 currentCase = Case.getCurrentCase();
78 tskCase = currentCase.getSleuthkitCase();
79 }
80
88 void startUp() throws IngestModuleException {
89 }
90
99 abstract void process(Content dataSource, DataSourceIngestModuleProgress progressBar);
100
105 void shutDown() {
106 }
107
113 List<String> getErrorMessages() {
114 return Collections.unmodifiableList(errorMessages);
115 }
116
123 protected void addErrorMessage(String message) {
124 errorMessages.add(message);
125 }
126
139 BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type type, Content content, Collection<BlackboardAttribute> attributes) throws TskCoreException {
140 if (type.getCategory() == BlackboardArtifact.Category.DATA_ARTIFACT) {
141 return content.newDataArtifact(type, attributes);
142 } else if (type.getCategory() == BlackboardArtifact.Category.ANALYSIS_RESULT) {
143 return content.newAnalysisResult(type, Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
144 } else {
145 throw new TskCoreException("Unknown category type: " + type.getCategory().getDisplayName());
146 }
147 }
148
160 BlackboardArtifact createAssociatedArtifact(Content content, BlackboardArtifact artifact) throws TskCoreException {
161 BlackboardAttribute attribute = new BlackboardAttribute(BlackboardAttribute.Type.TSK_ASSOCIATED_ARTIFACT, getRAModuleName(), artifact.getArtifactID());
162 return createArtifactWithAttributes(BlackboardArtifact.Type.TSK_ASSOCIATED_OBJECT, content, Collections.singletonList(attribute));
163 }
164
170 void postArtifact(BlackboardArtifact artifact) {
171 if (artifact != null && !context.dataArtifactIngestIsCancelled()) {
172 postArtifacts(Collections.singleton(artifact));
173 }
174 }
175
181 void postArtifacts(Collection<BlackboardArtifact> artifacts) {
182 if (artifacts != null && !artifacts.isEmpty() && !context.dataArtifactIngestIsCancelled()) {
183 try {
184 tskCase.getBlackboard().postArtifacts(artifacts, RecentActivityExtracterModuleFactory.getModuleName(), context.getJobId());
185 } catch (Blackboard.BlackboardException ex) {
186 logger.log(Level.SEVERE, "Failed to post artifacts", ex); //NON-NLS
187 }
188 }
189 }
190
206 protected List<HashMap<String, Object>> querySQLiteDb(String path, String query) {
207 ResultSet resultSet;
208 List<HashMap<String, Object>> list;
209 String connectionString = "jdbc:sqlite:" + path; //NON-NLS
210 SQLiteDBConnect dbConnection = null;
211 try {
212 dbConnection = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
213 resultSet = dbConnection.executeQry(query);
214 list = resultSetToArrayList(resultSet);
215 } catch (SQLException ex) {
216 logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
217 return Collections.<HashMap<String, Object>>emptyList();
218 } finally {
219 if (dbConnection != null) {
220 dbConnection.closeConnection();
221 }
222 }
223 return list;
224 }
225
235 private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
236 ResultSetMetaData md = rs.getMetaData();
237 int columns = md.getColumnCount();
238 List<HashMap<String, Object>> results = new ArrayList<>(50);
239 while (rs.next()) {
240 HashMap<String, Object> row = new HashMap<>(columns);
241 for (int i = 1; i <= columns; ++i) {
242 if (rs.getObject(i) == null) {
243 row.put(md.getColumnName(i), "");
244 } else {
245 row.put(md.getColumnName(i), rs.getObject(i));
246 }
247 }
248 results.add(row);
249 }
250 return results;
251 }
252
258 protected String getDisplayName() {
259 return displayName;
260 }
261
267 protected String getRAModuleName() {
268 return RecentActivityExtracterModuleFactory.getModuleName();
269 }
270
277 public boolean foundData() {
278 return dataFound;
279 }
280
287 protected void setFoundData(boolean foundData) {
288 dataFound = foundData;
289 }
290
296 protected Case getCurrentCase() {
297 return this.currentCase;
298 }
299
317 protected Collection<BlackboardAttribute> createHistoryAttributes(String url, Long accessTime,
318 String referrer, String title, String programName, String domain, String user) throws TskCoreException {
319
320 Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
321 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
322 RecentActivityExtracterModuleFactory.getModuleName(), url)); //NON-NLS
323
324 if (accessTime != null) {
325 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
326 RecentActivityExtracterModuleFactory.getModuleName(),
327 accessTime));
328 }
329
330 if (StringUtils.isNotBlank(referrer)) {
331 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
332 RecentActivityExtracterModuleFactory.getModuleName(),
333 referrer)); //NON-NLS
334 }
335
336 if (StringUtils.isNotBlank(title)) {
337 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
338 RecentActivityExtracterModuleFactory.getModuleName(),
339 title)); //NON-NLS
340 }
341
342 if (StringUtils.isNotBlank(programName)) {
343 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
344 RecentActivityExtracterModuleFactory.getModuleName(),
345 programName)); //NON-NLS
346 }
347
348
349 if (StringUtils.isNotBlank(url)) {
350 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
351 RecentActivityExtracterModuleFactory.getModuleName(),
352 domain)); //NON-NLS
353 }
354
355 if (StringUtils.isNotBlank(user)) {
356 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
357 RecentActivityExtracterModuleFactory.getModuleName(),
358 user)); //NON-NLS
359 }
360
361 return bbattributes;
362 }
363
376 protected Collection<BlackboardAttribute> createCookieAttributes(String url,
377 Long creationTime, Long accessTime, Long endTime, String name, String value, String programName, String domain) {
378
379 Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
380 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
381 RecentActivityExtracterModuleFactory.getModuleName(),
382 (url != null) ? url : "")); //NON-NLS
383
384 if (creationTime != null && creationTime != 0) {
385 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
386 RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
387 }
388
389 if (accessTime != null && accessTime != 0) {
390 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
391 RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
392 }
393
394 if (endTime != null && endTime != 0) {
395 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END,
396 RecentActivityExtracterModuleFactory.getModuleName(), endTime));
397 }
398
399 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
400 RecentActivityExtracterModuleFactory.getModuleName(),
401 (name != null) ? name : "")); //NON-NLS
402
403 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
404 RecentActivityExtracterModuleFactory.getModuleName(),
405 (value != null) ? value : "")); //NON-NLS
406
407 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
408 RecentActivityExtracterModuleFactory.getModuleName(),
409 (programName != null) ? programName : "")); //NON-NLS
410
411 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
412 RecentActivityExtracterModuleFactory.getModuleName(),
413 (domain != null) ? domain : "")); //NON-NLS
414
415 return bbattributes;
416 }
417
430 protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
431 Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
432
433 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
434 RecentActivityExtracterModuleFactory.getModuleName(),
435 (url != null) ? url : "")); //NON-NLS
436
437 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
438 RecentActivityExtracterModuleFactory.getModuleName(),
439 (title != null) ? title : "")); //NON-NLS
440
441 if (creationTime != null) {
442 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
443 RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
444 }
445
446 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
447 RecentActivityExtracterModuleFactory.getModuleName(),
448 (programName != null) ? programName : "")); //NON-NLS
449
450 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
451 RecentActivityExtracterModuleFactory.getModuleName(),
452 (domain != null) ? domain : "")); //NON-NLS
453
454 return bbattributes;
455 }
456
468 protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
469 Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
470
471 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
472 RecentActivityExtracterModuleFactory.getModuleName(),
473 (path != null) ? path : "")); //NON-NLS
474
475 if (pathID != null && pathID != -1) {
476 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
477 RecentActivityExtracterModuleFactory.getModuleName(),
478 pathID));
479 }
480
481 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
482 RecentActivityExtracterModuleFactory.getModuleName(),
483 (url != null) ? url : "")); //NON-NLS
484
485 if (accessTime != null) {
486 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
487 RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
488 }
489
490 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
491 RecentActivityExtracterModuleFactory.getModuleName(),
492 (domain != null) ? domain : "")); //NON-NLS
493
494 bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
495 RecentActivityExtracterModuleFactory.getModuleName(),
496 (programName != null) ? programName : "")); //NON-NLS
497
498 return bbattributes;
499 }
500
513 protected File createTemporaryFile(AbstractFile file) throws IOException {
514 Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(getCurrentCase(), getDisplayName(), context.getJobId()), file.getName() + file.getId() + file.getNameExtension());
515 java.io.File tempFile = tempFilePath.toFile();
516 ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
517 return tempFile;
518 }
519
520}

Copyright © 2012-2024 Sleuth Kit Labs. Generated on:
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.