Autopsy 4.22.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
InterestingArtifactCreatorIngestModule.java
Go to the documentation of this file.
1/*
2 * Autopsy Forensic Browser
3 *
4 * Copyright 2011-2019 Basis Technology Corp.
5 * Contact: carrier <at> sleuthkit <dot> org
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19package org.sleuthkit.autopsy.test;
20
21import java.util.ArrayList;
22import java.util.Collection;
23import java.util.Collections;
24import java.util.logging.Level;
25import org.openide.util.NbBundle;
26import org.sleuthkit.autopsy.casemodule.Case;
27import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
28import org.sleuthkit.autopsy.coreutils.Logger;
29import org.sleuthkit.autopsy.ingest.FileIngestModuleAdapter;
30import org.sleuthkit.autopsy.ingest.IngestJobContext;
31import org.sleuthkit.datamodel.AbstractFile;
32import org.sleuthkit.datamodel.Blackboard;
33import org.sleuthkit.datamodel.BlackboardArtifact;
34import org.sleuthkit.datamodel.BlackboardAttribute;
35import org.sleuthkit.datamodel.Score;
36import org.sleuthkit.datamodel.TskCoreException;
37
42@NbBundle.Messages({
43 "InterestingArtifactCreatorIngestModule.exceptionMessage.errorCreatingCustomType=Error creating custom artifact type."
44})
45final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapter {
46
47 private static final Logger logger = Logger.getLogger(InterestingArtifactCreatorIngestModule.class.getName());
48 private static final String MODULE_NAME = InterestingArtifactCreatorIngestModuleFactory.getModuleName();
49 private static final String[] ARTIFACT_TYPE_NAMES = {"TSK_WEB_BOOKMARK", "TSK_KEYWORD_HIT", "TSK_CALLLOG"};
50 private static final String[] ARTIFACT_DISPLAY_NAMES = {"Web Bookmarks", "Keyword Hits", "Call Logs"};
51 private static final String INT_ARTIFACT_TYPE_NAME = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ITEM.getLabel();
52 private static final String INT_ARTIFACT_DISPLAY_NAME = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ITEM.getDisplayName();
53 private BlackboardArtifact.Type artifactType;
54
55 @Override
56 public void startUp(IngestJobContext context) throws IngestModuleException {
57 try {
58 Blackboard blackboard = Case.getCurrentCaseThrows().getServices().getArtifactsBlackboard();
59 artifactType = blackboard.getOrAddArtifactType(INT_ARTIFACT_TYPE_NAME, INT_ARTIFACT_DISPLAY_NAME);
60 } catch (Blackboard.BlackboardException | NoCurrentCaseException ex) {
61 throw new IngestModuleException(Bundle.InterestingArtifactCreatorIngestModule_exceptionMessage_errorCreatingCustomType(), ex);
62 }
63 }
64
65 @Override
66 public ProcessResult process(AbstractFile file) {
67 /*
68 * Skip directories and virtual files.
69 */
70 if (file.isDir() || file.isVirtual()) {
71 return ProcessResult.OK;
72 }
73
74 try {
75 /*
76 * Add a custom artifact with one custom attribute of each value
77 * type.
78 */
79 int randomArtIndex = (int) (Math.random() * 3);
80 Blackboard blackboard = Case.getCurrentCaseThrows().getServices().getArtifactsBlackboard();
81 BlackboardArtifact.Type artifactTypeBase = blackboard.getOrAddArtifactType(ARTIFACT_TYPE_NAMES[randomArtIndex], ARTIFACT_DISPLAY_NAMES[randomArtIndex]);
82
83 Collection<BlackboardAttribute> baseAttributes = new ArrayList<>();
84 String commentTxt;
85 BlackboardAttribute baseAttr;
86 switch (artifactTypeBase.getTypeID()) {
87 case 2:
88 commentTxt = "www.placeholderWebsiteDOTCOM";
89 baseAttr = new BlackboardAttribute(
90 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL, "Fake Web BookMark", "www.thisWebsiteIsStillFake.com");
91 baseAttributes.add(baseAttr);
92 break;
93 case 9:
94 commentTxt = "fakeKeyword";
95 baseAttr = new BlackboardAttribute(
96 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW, "Fake Keyword Search", "Fake Keyword Preview Text");
97 BlackboardAttribute set = new BlackboardAttribute(
98 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, "Fake Keyword Search", "Fake");
99 BlackboardAttribute keyword = new BlackboardAttribute(
100 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD, "Fake Keyword Search", "FakeKeyword");
101 baseAttributes.add(baseAttr);
102 baseAttributes.add(set);
103 baseAttributes.add(keyword);
104 break;
105 case 25:
106 commentTxt = "fake phone number from";
107 baseAttr = new BlackboardAttribute(
108 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, "Fake Call Log Whatever", "555-555-5555");
109 baseAttributes.add(baseAttr);
110 break;
111 default:
112 commentTxt = "DEPENDENT ON ARTIFACT TYPE";
113 break;
114 }
115
116 BlackboardArtifact artifactBase;
117 switch (artifactTypeBase.getCategory()) {
118 case DATA_ARTIFACT:
119 artifactBase = file.newDataArtifact(artifactTypeBase, baseAttributes);
120 break;
121 case ANALYSIS_RESULT:
122 artifactBase = file.newAnalysisResult(artifactTypeBase, Score.SCORE_UNKNOWN, null, null, null, baseAttributes)
123 .getAnalysisResult();
124 break;
125 default:
126 throw new IllegalArgumentException("Unknown category type: " + artifactTypeBase.getCategory().getDisplayName());
127 }
128
129 Collection<BlackboardAttribute> attributes = new ArrayList<>();
130 BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, "ArtifactsAndTxt");
131
132 BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, commentTxt);
133 BlackboardAttribute att3 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, "");
134 attributes.add(att);
135 attributes.add(att2);
136 attributes.add(att3);
137 attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, artifactBase.getArtifactID()));
138
139 switch (artifactType.getCategory()) {
140 case DATA_ARTIFACT:
141 file.newDataArtifact(artifactType, attributes);
142 break;
143 case ANALYSIS_RESULT:
144 file.newAnalysisResult(artifactType, Score.SCORE_UNKNOWN, null, null, null, attributes)
145 .getAnalysisResult();
146 break;
147 default:
148 throw new IllegalArgumentException("Unknown category type: " + artifactType.getCategory().getDisplayName());
149 }
150
151 } catch (TskCoreException | NoCurrentCaseException ex) {
152 logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
153 return ProcessResult.ERROR;
154 } catch (Blackboard.BlackboardException ex) {
155 logger.log(Level.WARNING, "Blackboard Exception processing file with obj_id = " + file.getId(), ex);
156 }
157 return ProcessResult.OK;
158 }
159
160}
org.sleuthkit.autopsy.casemodule.services.Blackboard.getOrAddArtifactType
synchronized BlackboardArtifact.Type getOrAddArtifactType(String typeName, String displayName)
Definition Blackboard.java:80
org.sleuthkit.autopsy.casemodule.services.Services.getArtifactsBlackboard
org.sleuthkit.datamodel.Blackboard getArtifactsBlackboard()
Definition Services.java:86
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition Logger.java:124

Copyright © 2012-2024 Sleuth Kit Labs. Generated on:
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.