Autopsy 4.22.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
ILeappAnalyzerIngestModule.java
Go to the documentation of this file.
1/*
2 * Autopsy Forensic Browser
3 *
4 * Copyright 2020-2021 Basis Technology Corp.
5 * Contact: carrier <at> sleuthkit <dot> org
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19package org.sleuthkit.autopsy.modules.leappanalyzers;
20
21import java.io.BufferedReader;
22import java.io.File;
23import java.io.FileNotFoundException;
24import java.io.FileReader;
25import java.io.IOException;
26import java.io.UncheckedIOException;
27import java.nio.file.Files;
28import java.nio.file.Path;
29import java.nio.file.Paths;
30import java.text.SimpleDateFormat;
31import java.util.Arrays;
32import java.util.List;
33import java.util.ArrayList;
34import java.util.Locale;
35import java.util.logging.Level;
36import java.util.stream.Collectors;
37import java.util.stream.Stream;
38import org.apache.commons.io.FilenameUtils;
39import org.openide.modules.InstalledFileLocator;
40import org.openide.util.NbBundle;
41import org.sleuthkit.autopsy.casemodule.Case;
42import static org.sleuthkit.autopsy.casemodule.Case.getCurrentCase;
43import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
44import org.sleuthkit.autopsy.casemodule.services.FileManager;
45import org.sleuthkit.autopsy.coreutils.ExecUtil;
46import org.sleuthkit.autopsy.coreutils.Logger;
47import org.sleuthkit.autopsy.coreutils.PlatformUtil;
48import org.sleuthkit.autopsy.datamodel.ContentUtils;
49import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
50import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProcessTerminator;
51import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
52import org.sleuthkit.autopsy.ingest.IngestJobContext;
53import org.sleuthkit.autopsy.ingest.IngestMessage;
54import org.sleuthkit.autopsy.ingest.IngestServices;
55import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
56import org.sleuthkit.datamodel.AbstractFile;
57import org.sleuthkit.datamodel.Content;
58import org.sleuthkit.datamodel.FileSystem;
59import org.sleuthkit.datamodel.Image;
60import org.sleuthkit.datamodel.LocalFilesDataSource;
61import org.sleuthkit.datamodel.ReadContentInputStream;
62import org.sleuthkit.datamodel.TskCoreException;
63import org.sleuthkit.datamodel.TskData;
64
68public class ILeappAnalyzerIngestModule implements DataSourceIngestModule {
69
70 private static final Logger logger = Logger.getLogger(ILeappAnalyzerIngestModule.class.getName());
71 private static final String MODULE_NAME = ILeappAnalyzerModuleFactory.getModuleName();
72
73 private static final String ILEAPP = "iLeapp"; //NON-NLS
74 private static final String ILEAPP_FS = "fs_"; //NON-NLS
75 private static final String ILEAPP_EXECUTABLE = "ileapp.exe";//NON-NLS
76 private static final String ILEAPP_PATHS_FILE = "iLeapp_paths.txt"; //NON-NLS
77
78 private static final String XMLFILE = "ileapp-artifact-attribute-reference.xml"; //NON-NLS
79
80 // iOS-specific files used to detect whether the data source is from an iOS device.
81 // Entries cover both /private/var/mobile/ (canonical) and /var/mobile/ (symlinked path
82 // that some acquisition tools use). Finding any one file is sufficient.
83 private static final List<String[]> IOS_INDICATOR_FILES = Arrays.asList(
84 new String[]{"sms.db", "/private/var/mobile/Library/SMS/"}, //NON-NLS
85 new String[]{"sms.db", "/var/mobile/Library/SMS/"}, //NON-NLS
86 new String[]{"AddressBook.sqlitedb", "/private/var/mobile/Library/AddressBook/"}, //NON-NLS
87 new String[]{"AddressBook.sqlitedb", "/var/mobile/Library/AddressBook/"}, //NON-NLS
88 new String[]{"com.apple.mobilephone.plist", "/private/var/mobile/Library/Preferences/"}, //NON-NLS
89 new String[]{"com.apple.mobilephone.plist", "/var/mobile/Library/Preferences/"}); //NON-NLS
90
91 private File iLeappExecutable;
92
93 private IngestJobContext context;
94
95 private LeappFileProcessor iLeappFileProcessor;
96
97 ILeappAnalyzerIngestModule() {
98 // This constructor is intentionally empty. Nothing special is needed here.
99 }
100
101 @NbBundle.Messages({
102 "ILeappAnalyzerIngestModule.executable.not.found=iLeapp Executable Not Found.",
103 "ILeappAnalyzerIngestModule.requires.windows=iLeapp module requires windows.",
104 "ILeappAnalyzerIngestModule.error.ileapp.file.processor.init=Failure to initialize ILeappProcessFile"})
105 @Override
106 public void startUp(IngestJobContext context) throws IngestModuleException {
107 this.context = context;
108
109 if (false == PlatformUtil.is64BitOS()) {
110 throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "IleappAnalyzerIngestModule.not.64.bit.os"));
111 }
112
113 if (false == PlatformUtil.isWindowsOS()) {
114 throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_requires_windows());
115 }
116
117 try {
118 iLeappFileProcessor = new LeappFileProcessor(XMLFILE, ILeappAnalyzerModuleFactory.getModuleName(), ILEAPP, context);
119 } catch (IOException | IngestModuleException | NoCurrentCaseException ex) {
120 throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_error_ileapp_file_processor_init(), ex);
121 }
122
123 try {
124 iLeappExecutable = locateExecutable(ILEAPP_EXECUTABLE);
125 } catch (FileNotFoundException exception) {
126 logger.log(Level.WARNING, "iLeapp executable not found.", exception); //NON-NLS
127 throw new IngestModuleException(Bundle.ILeappAnalyzerIngestModule_executable_not_found(), exception);
128 }
129
130 }
131
132 @NbBundle.Messages({
133 "ILeappAnalyzerIngestModule.error.running.iLeapp=Error running iLeapp, see log file.",
134 "ILeappAnalyzerIngestModule.error.creating.output.dir=Error creating iLeapp module output directory.",
135 "ILeappAnalyzerIngestModule.running.iLeapp=Running iLeapp",
136 "ILeappAnalyzerIngestModule_processing_iLeapp_results=Processing iLeapp results",
137 "ILeappAnalyzerIngestModule.has.run=iLeapp",
138 "ILeappAnalyzerIngestModule.iLeapp.cancelled=iLeapp run was canceled",
139 "ILeappAnalyzerIngestModule.completed=iLeapp Processing Completed",
140 "ILeappAnalyzerIngestModule.report.name=iLeapp Html Report",
141 "ILeappAnalyzerIngestModule.notIOS.skipped=iLeapp skipped: data source does not appear to be an iOS device."})
142 @Override
143 public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
144
145 if (!isIOSDataSource(dataSource)) {
146 logger.log(Level.INFO, "iLeapp: data source does not appear to be iOS, skipping."); //NON-NLS
147 IngestMessage message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
148 MODULE_NAME, Bundle.ILeappAnalyzerIngestModule_notIOS_skipped());
149 IngestServices.getInstance().postMessage(message);
150 return ProcessResult.OK;
151 }
152
153 statusHelper.switchToIndeterminate();
154 statusHelper.progress(Bundle.ILeappAnalyzerIngestModule_running_iLeapp());
155
156 Case currentCase = Case.getCurrentCase();
157 Path tempOutputPath = Paths.get(currentCase.getTempDirectory(), ILEAPP, ILEAPP_FS + dataSource.getId());
158 try {
159 Files.createDirectories(tempOutputPath);
160 } catch (IOException ex) {
161 logger.log(Level.SEVERE, String.format("Error creating iLeapp output directory %s", tempOutputPath.toString()), ex);
162 writeErrorMsgToIngestInbox();
163 return ProcessResult.ERROR;
164 }
165
166 List<String> iLeappPathsToProcess;
167 ProcessBuilder iLeappCommand = buildiLeappListCommand(tempOutputPath);
168 try {
169 int result = ExecUtil.execute(iLeappCommand, new DataSourceIngestModuleProcessTerminator(context, true));
170 if (result != 0) {
171 logger.log(Level.SEVERE, String.format("Error when trying to execute iLeapp program getting file paths to search for result is %d", result));
172 writeErrorMsgToIngestInbox();
173 return ProcessResult.ERROR;
174 }
175 iLeappPathsToProcess = loadIleappPathFile(tempOutputPath);
176 if (iLeappPathsToProcess.isEmpty()) {
177 logger.log(Level.SEVERE, String.format("Error getting file paths to search, list is empty"));
178 writeErrorMsgToIngestInbox();
179 return ProcessResult.ERROR;
180 }
181 } catch (IOException ex) {
182 logger.log(Level.SEVERE, String.format("Error when trying to execute iLeapp program getting file paths to search"), ex);
183 writeErrorMsgToIngestInbox();
184 return ProcessResult.ERROR;
185 }
186
187 if ((context.getDataSource() instanceof LocalFilesDataSource)) {
188 /*
189 * The data source may be local files from an iOS file system, or it
190 * may be a tarred/ZIP of an iOS file system. If it is the latter,
191 * extract the files we need to process.
192 */
193 List<AbstractFile> iLeappFilesToProcess = LeappFileProcessor.findLeappFilesToProcess(dataSource);
194 if (!iLeappFilesToProcess.isEmpty()) {
195 statusHelper.switchToDeterminate(iLeappFilesToProcess.size());
196 Integer filesProcessedCount = 0;
197 for (AbstractFile iLeappFile : iLeappFilesToProcess) {
198 processILeappFile(dataSource, currentCase, statusHelper, filesProcessedCount, iLeappFile);
199 filesProcessedCount++;
200 }
201 }
202 }
203
204 statusHelper.switchToIndeterminate();
205 statusHelper.progress(Bundle.ILeappAnalyzerIngestModule_processing_iLeapp_results());
206 extractFilesFromDataSource(dataSource, iLeappPathsToProcess, tempOutputPath);
207 processILeappFs(dataSource, currentCase, statusHelper, tempOutputPath.toString());
208
209 IngestMessage message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
210 Bundle.ILeappAnalyzerIngestModule_has_run(),
211 Bundle.ILeappAnalyzerIngestModule_completed());
212 IngestServices.getInstance().postMessage(message);
213 return ProcessResult.OK;
214 }
215
226 private void processILeappFile(Content dataSource, Case currentCase, DataSourceIngestModuleProgress statusHelper, int filesProcessedCount,
227 AbstractFile iLeappFile) {
228 statusHelper.progress(NbBundle.getMessage(this.getClass(), "ILeappAnalyzerIngestModule.processing.file", iLeappFile.getName()), filesProcessedCount);
229
230 String currentTime = new SimpleDateFormat("yyyy-MM-dd HH-mm-ss z", Locale.US).format(System.currentTimeMillis());//NON-NLS
231 Path moduleOutputPath = Paths.get(currentCase.getModuleDirectory(), ILEAPP, currentTime);
232 try {
233 Files.createDirectories(moduleOutputPath);
234 } catch (IOException ex) {
235 logger.log(Level.SEVERE, String.format("Error creating iLeapp output directory %s", moduleOutputPath.toString()), ex);
236 return;
237 }
238
239 ProcessBuilder iLeappCommand = buildiLeappCommand(moduleOutputPath, iLeappFile.getLocalAbsPath(), iLeappFile.getNameExtension());
240 try {
241 int result = ExecUtil.execute(iLeappCommand, new DataSourceIngestModuleProcessTerminator(context, true));
242 if (result != 0) {
243 logger.log(Level.WARNING, String.format("Error when trying to execute iLeapp program getting file paths to search for result is %d", result));
244 return;
245 }
246
247 addILeappReportToReports(moduleOutputPath, currentCase);
248
249 } catch (IOException ex) {
250 logger.log(Level.SEVERE, String.format("Error when trying to execute iLeapp program against file %s", iLeappFile.getLocalAbsPath()), ex);
251 return;
252 }
253
254 if (context.dataSourceIngestIsCancelled()) {
255 logger.log(Level.INFO, "ILeapp Analyser ingest module run was canceled"); //NON-NLS
256 return;
257 }
258
259 iLeappFileProcessor.processFiles(dataSource, moduleOutputPath, iLeappFile, statusHelper);
260 }
261
270 private void processILeappFs(Content dataSource, Case currentCase, DataSourceIngestModuleProgress statusHelper, String directoryToProcess) {
271 statusHelper.progress(NbBundle.getMessage(this.getClass(), "ILeappAnalyzerIngestModule.processing.filesystem"));
272 String currentTime = new SimpleDateFormat("yyyy-MM-dd HH-mm-ss z", Locale.US).format(System.currentTimeMillis());//NON-NLS
273 Path moduleOutputPath = Paths.get(currentCase.getModuleDirectory(), ILEAPP, currentTime);
274 try {
275 Files.createDirectories(moduleOutputPath);
276 } catch (IOException ex) {
277 logger.log(Level.SEVERE, String.format("Error creating iLeapp output directory %s", moduleOutputPath.toString()), ex);
278 return;
279 }
280
281 ProcessBuilder iLeappCommand = buildiLeappCommand(moduleOutputPath, directoryToProcess, "fs");
282 try {
283 int result = ExecUtil.execute(iLeappCommand, new DataSourceIngestModuleProcessTerminator(context, true));
284 if (result != 0) {
285 logger.log(Level.WARNING, String.format("Error when trying to execute iLeapp program getting file paths to search for result is %d", result));
286 return;
287 }
288
289 addILeappReportToReports(moduleOutputPath, currentCase);
290
291 } catch (IOException ex) {
292 logger.log(Level.SEVERE, String.format("Error when trying to execute iLeapp program against file system"), ex);
293 return;
294 }
295
296 if (context.dataSourceIngestIsCancelled()) {
297 logger.log(Level.INFO, "ILeapp Analyser ingest module run was canceled"); //NON-NLS
298 return;
299 }
300
301 iLeappFileProcessor.processFileSystem(dataSource, moduleOutputPath, statusHelper);
302 }
303
313 private ProcessBuilder buildiLeappCommand(Path moduleOutputPath, String sourceFilePath, String iLeappFileSystemType) {
314
315 ProcessBuilder processBuilder = buildProcessWithRunAsInvoker(
316 iLeappExecutable.getAbsolutePath(), //NON-NLS
317 "-t", iLeappFileSystemType, //NON-NLS
318 "-i", sourceFilePath, //NON-NLS
319 "-o", moduleOutputPath.toString()
320 );
321 processBuilder.directory(moduleOutputPath.toFile());
322 processBuilder.redirectError(moduleOutputPath.resolve("iLeapp_err.txt").toFile()); //NON-NLS
323 processBuilder.redirectOutput(moduleOutputPath.resolve("iLeapp_out.txt").toFile()); //NON-NLS
324 return processBuilder;
325 }
326
334 private ProcessBuilder buildiLeappListCommand(Path moduleOutputPath) {
335
336 ProcessBuilder processBuilder = buildProcessWithRunAsInvoker(
337 iLeappExecutable.getAbsolutePath(), //NON-NLS
338 "-p"
339 );
340 // leapp process also outputs a file to the working directory in addition to stdout.
341 processBuilder.directory(moduleOutputPath.toFile());
342 processBuilder.redirectError(moduleOutputPath.resolve("iLeapp_paths_error.txt").toFile()); //NON-NLS
343 processBuilder.redirectOutput(moduleOutputPath.resolve("iLeapp_paths.txt").toFile()); //NON-NLS
344 return processBuilder;
345 }
346
347 static private ProcessBuilder buildProcessWithRunAsInvoker(String... commandLine) {
348 ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
349 /*
350 * Add an environment variable to force iLeapp to run with the same
351 * permissions Autopsy uses.
352 */
353 processBuilder.environment().put("__COMPAT_LAYER", "RunAsInvoker"); //NON-NLS
354 return processBuilder;
355 }
356
357 private static File locateExecutable(String executableName) throws FileNotFoundException {
358 String executableToFindName = Paths.get(ILEAPP, executableName).toString();
359
360 File exeFile = InstalledFileLocator.getDefault().locate(executableToFindName, ILeappAnalyzerIngestModule.class.getPackage().getName(), false);
361 if (null == exeFile || exeFile.canExecute() == false) {
362 throw new FileNotFoundException(executableName + " executable not found.");
363 }
364 return exeFile;
365 }
366
371 private void addILeappReportToReports(Path iLeappOutputDir, Case currentCase) {
372 List<String> allIndexFiles;
373
374 try (Stream<Path> walk = Files.walk(iLeappOutputDir)) {
375
376 allIndexFiles = walk.map(x -> x.toString())
377 .filter(f -> f.toLowerCase().endsWith("index.html")).collect(Collectors.toList());
378
379 if (!allIndexFiles.isEmpty()) {
380 // Check for existance of directory that holds report data if does not exist then report contains no data
381 String filePath = FilenameUtils.getFullPathNoEndSeparator(allIndexFiles.get(0));
382 File dataFilesDir = new File(Paths.get(filePath, "_TSV Exports").toString());
383 if (dataFilesDir.exists()) {
384 currentCase.addReport(allIndexFiles.get(0), MODULE_NAME, Bundle.ILeappAnalyzerIngestModule_report_name());
385 }
386 }
387
388 } catch (IOException | UncheckedIOException | TskCoreException ex) {
389 // catch the error and continue on as report is not added
390 logger.log(Level.WARNING, String.format("Error finding index file in path %s", iLeappOutputDir.toString()), ex);
391 }
392
393 }
394
395 /*
396 * Reads the iLeapp paths file to get the paths that we want to extract
397 *
398 * @param moduleOutputPath path where the file paths output will reside
399 */
400 private List<String> loadIleappPathFile(Path moduleOutputPath) throws FileNotFoundException, IOException {
401 List<String> iLeappPathsToProcess = new ArrayList<>();
402
403 Path filePath = Paths.get(moduleOutputPath.toString(), ILEAPP_PATHS_FILE);
404
405 try (BufferedReader reader = new BufferedReader(new FileReader(filePath.toString()))) {
406 String line = reader.readLine();
407 while (line != null) {
408 if (line.contains("path list generation") || line.length() < 2) {
409 line = reader.readLine();
410 continue;
411 }
412 iLeappPathsToProcess.add(line.trim());
413 line = reader.readLine();
414 }
415 }
416
417 return iLeappPathsToProcess;
418 }
419
427 private void extractFilesFromDataSource(Content dataSource, List<String> iLeappPathsToProcess, Path moduleOutputPath) {
428 FileManager fileManager = getCurrentCase().getServices().getFileManager();
429
430 for (String fullFilePath : iLeappPathsToProcess) {
431
432 if (context.dataSourceIngestIsCancelled()) {
433 logger.log(Level.INFO, "ILeapp Analyser ingest module run was canceled"); //NON-NLS
434 break;
435 }
436
437 String ffp = fullFilePath.replaceAll("\\*", "%");
438 ffp = FilenameUtils.normalize(ffp, true);
439 String fileName = FilenameUtils.getName(ffp);
440 String filePath = FilenameUtils.getPath(ffp);
441
442 List<AbstractFile> iLeappFiles;
443 try {
444 if (filePath.isEmpty()) {
445 iLeappFiles = fileManager.findFiles(dataSource, fileName); //NON-NLS
446 } else {
447 iLeappFiles = fileManager.findFiles(dataSource, fileName, filePath); //NON-NLS
448 }
449 } catch (TskCoreException ex) {
450 logger.log(Level.WARNING, "No files found to process"); //NON-NLS
451 return;
452 }
453
454 for (AbstractFile iLeappFile : iLeappFiles) {
455 Path parentPath = Paths.get(moduleOutputPath.toString(), iLeappFile.getParentPath());
456 File fileParentPath = new File(parentPath.toString());
457
458 extractFileToOutput(dataSource, iLeappFile, fileParentPath, parentPath);
459 }
460 }
461 }
462
471 private void extractFileToOutput(Content dataSource, AbstractFile iLeappFile, File fileParentPath, Path parentPath) {
472 if (fileParentPath.exists()) {
473 if (!iLeappFile.isDir()) {
474 writeiLeappFile(dataSource, iLeappFile, fileParentPath.toString());
475 } else {
476 try {
477 Files.createDirectories(Paths.get(parentPath.toString(), iLeappFile.getName()));
478 } catch (IOException ex) {
479 logger.log(Level.INFO, String.format("Error creating iLeapp output directory %s", parentPath.toString()), ex);
480 }
481 }
482 } else {
483 try {
484 Files.createDirectories(parentPath);
485 } catch (IOException ex) {
486 logger.log(Level.INFO, String.format("Error creating iLeapp output directory %s", parentPath.toString()), ex);
487 }
488 if (!iLeappFile.isDir()) {
489 writeiLeappFile(dataSource, iLeappFile, fileParentPath.toString());
490 } else {
491 try {
492 Files.createDirectories(Paths.get(parentPath.toString(), iLeappFile.getName()));
493 } catch (IOException ex) {
494 logger.log(Level.INFO, String.format("Error creating iLeapp output directory %s", parentPath.toString()), ex);
495 }
496 }
497 }
498 }
499
507 private void writeiLeappFile(Content dataSource, AbstractFile iLeappFile, String parentPath) {
508 String fileName = iLeappFile.getName().replace(":", "-");
509 if (!fileName.matches(".") && !fileName.matches("..") && !fileName.toLowerCase().endsWith("-slack")) {
510 Path filePath = Paths.get(parentPath, fileName);
511 File localFile = new File(filePath.toString());
512 try {
513 ContentUtils.writeToFile(iLeappFile, localFile, context::dataSourceIngestIsCancelled);
514 } catch (ReadContentInputStream.ReadContentInputStreamException ex) {
515 logger.log(Level.WARNING, String.format("Error reading file '%s' (id=%d).",
516 iLeappFile.getName(), iLeappFile.getId()), ex); //NON-NLS
517 } catch (IOException ex) {
518 logger.log(Level.WARNING, String.format("Error writing file local file '%s' (id=%d).",
519 filePath.toString(), iLeappFile.getId()), ex); //NON-NLS
520 }
521 }
522 }
523
535 private boolean isIOSDataSource(Content dataSource) {
536 if (dataSource instanceof Image) {
537 try {
538 boolean hasDefinitelyNonIOSFs = false;
539 for (FileSystem fs : ((Image) dataSource).getFileSystems()) {
540 switch (fs.getFsType()) {
541 case TSK_FS_TYPE_EXT2:
542 case TSK_FS_TYPE_EXT3:
543 case TSK_FS_TYPE_EXT4:
544 case TSK_FS_TYPE_EXT_DETECT:
545 case TSK_FS_TYPE_YAFFS2:
546 case TSK_FS_TYPE_YAFFS2_DETECT:
547 case TSK_FS_TYPE_NTFS:
548 case TSK_FS_TYPE_NTFS_DETECT:
549 hasDefinitelyNonIOSFs = true;
550 break;
551 default:
552 break;
553 }
554 }
555 if (hasDefinitelyNonIOSFs) {
556 return false;
557 }
558 // HFS, APFS, FAT, or unknown: fall through to file check
559 } catch (TskCoreException ex) {
560 logger.log(Level.WARNING, "Error checking filesystem types for iLeapp iOS detection", ex); //NON-NLS
561 }
562 }
563 return hasIOSIndicatorFiles(dataSource);
564 }
565
575 private boolean hasIOSIndicatorFiles(Content dataSource) {
576 FileManager fileManager = getCurrentCase().getServices().getFileManager();
577 for (String[] fileInfo : IOS_INDICATOR_FILES) {
578 try {
579 if (!fileManager.findFiles(dataSource, fileInfo[0], fileInfo[1]).isEmpty()) {
580 return true;
581 }
582 } catch (TskCoreException ex) {
583 logger.log(Level.WARNING, String.format("Error searching for iOS indicator file '%s'", fileInfo[0]), ex); //NON-NLS
584 return true; // Fail open: an inconclusive search is not a negative result.
585 }
586 }
587 return false;
588 }
589
594 private void writeErrorMsgToIngestInbox() {
595 IngestMessage message = IngestMessage.createMessage(IngestMessage.MessageType.ERROR,
596 MODULE_NAME,
597 Bundle.ILeappAnalyzerIngestModule_error_running_iLeapp());
598 IngestServices.getInstance().postMessage(message);
599 }
600
601}
org.sleuthkit.autopsy.casemodule.Case.addReport
void addReport(String localPath, String srcModuleName, String reportName)
Definition Case.java:1929
org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles
List< AbstractFile > findFiles(String fileName)
Definition FileManager.java:175
org.sleuthkit.autopsy.coreutils.ExecUtil.execute
static int execute(ProcessBuilder processBuilder)
Definition ExecUtil.java:172
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition Logger.java:124
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition ContentUtils.java:52
org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile
static< T > long writeToFile(Content content, java.io.File outputFile, ProgressHandle progress, Future< T > worker, boolean source)
Definition ContentUtils.java:201
org.sleuthkit.autopsy.ingest.IngestMessage.createMessage
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
Definition IngestMessage.java:183
org.sleuthkit.autopsy.ingest.IngestServices.postMessage
void postMessage(final IngestMessage message)
Definition IngestServices.java:100
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition IngestServices.java:54
org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.process
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper)
Definition ILeappAnalyzerIngestModule.java:143
org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFile
void processILeappFile(Content dataSource, Case currentCase, DataSourceIngestModuleProgress statusHelper, int filesProcessedCount, AbstractFile iLeappFile)
Definition ILeappAnalyzerIngestModule.java:226
org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.buildiLeappCommand
ProcessBuilder buildiLeappCommand(Path moduleOutputPath, String sourceFilePath, String iLeappFileSystemType)
Definition ILeappAnalyzerIngestModule.java:313
org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.extractFilesFromDataSource
void extractFilesFromDataSource(Content dataSource, List< String > iLeappPathsToProcess, Path moduleOutputPath)
Definition ILeappAnalyzerIngestModule.java:427
org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFs
void processILeappFs(Content dataSource, Case currentCase, DataSourceIngestModuleProgress statusHelper, String directoryToProcess)
Definition ILeappAnalyzerIngestModule.java:270
org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.extractFileToOutput
void extractFileToOutput(Content dataSource, AbstractFile iLeappFile, File fileParentPath, Path parentPath)
Definition ILeappAnalyzerIngestModule.java:471
org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.writeiLeappFile
void writeiLeappFile(Content dataSource, AbstractFile iLeappFile, String parentPath)
Definition ILeappAnalyzerIngestModule.java:507

Copyright © 2012-2024 Sleuth Kit Labs. Generated on:
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.