Autopsy 4.22.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
RAImageIngestModule.java
Go to the documentation of this file.
1/*
2 *
3 * Autopsy Forensic Browser
4 *
5 * Copyright 2012-2021 Basis Technology Corp.
6 *
7 * Copyright 2012 42six Solutions.
8 * Contact: aebadirad <at> 42six <dot> com
9 * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10 *
11 * Licensed under the Apache License, Version 2.0 (the "License");
12 * you may not use this file except in compliance with the License.
13 * You may obtain a copy of the License at
14 *
15 * http://www.apache.org/licenses/LICENSE-2.0
16 *
17 * Unless required by applicable law or agreed to in writing, software
18 * distributed under the License is distributed on an "AS IS" BASIS,
19 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 * See the License for the specific language governing permissions and
21 * limitations under the License.
22 */
23package org.sleuthkit.autopsy.recentactivity;
24
25import java.io.File;
26import java.nio.file.Path;
27import java.nio.file.Paths;
28import java.util.ArrayList;
29import java.util.List;
30import java.util.logging.Level;
31import org.openide.util.NbBundle;
32import org.sleuthkit.autopsy.casemodule.Case;
33import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
34import org.sleuthkit.autopsy.coreutils.Logger;
35import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
36import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
37import org.sleuthkit.autopsy.ingest.IngestServices;
38import org.sleuthkit.autopsy.ingest.IngestMessage;
39import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
40import org.sleuthkit.datamodel.Content;
41import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
42import org.sleuthkit.autopsy.ingest.IngestJobContext;
43import org.sleuthkit.datamodel.SleuthkitCase;
44
48public final class RAImageIngestModule implements DataSourceIngestModule {
49
50 private static final String RECENT_ACTIVITY_FOLDER = "RecentActivity";
51 private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
52 private final List<Extract> extractors = new ArrayList<>();
53 private final List<Extract> browserExtractors = new ArrayList<>();
54 private final IngestServices services = IngestServices.getInstance();
55 private IngestJobContext context;
56 protected SleuthkitCase tskCase;
57
58 RAImageIngestModule() {
59 }
60
61 @Override
62 public void startUp(IngestJobContext context) throws IngestModuleException {
63 this.context = context;
64
65 tskCase = Case.getCurrentCase().getSleuthkitCase();
66
67 Extract iexplore = new ExtractIE(context);
68 Extract edge = new ExtractEdge(context);
69 Extract registry = new ExtractRegistry(context);
70 Extract recentDocuments = new RecentDocumentsByLnk(context);
71 Extract chrome = new Chromium(context);
72 Extract firefox = new Firefox(context);
73 Extract SEUQA = new SearchEngineURLQueryAnalyzer(context);
74 Extract osExtract = new ExtractOs(context);
75 Extract dataSourceAnalyzer = new DataSourceUsageAnalyzer(context);
76 Extract safari = new ExtractSafari(context);
77 Extract zoneInfo = new ExtractZoneIdentifier(context);
78 Extract recycleBin = new ExtractRecycleBin(context);
79 Extract sru = new ExtractSru(context);
80 Extract prefetch = new ExtractPrefetch(context);
81 Extract webAccountType = new ExtractWebAccountType(context);
82 Extract messageDomainType = new DomainCategoryRunner(context);
83 Extract jumpList = new ExtractJumpLists(context);
84 Extract thumbcache = new ExtractThumbcache(context);
85
86 extractors.add(recycleBin);
87 extractors.add(jumpList);
88 extractors.add(recentDocuments);
89 extractors.add(registry); // needs to run before the DataSourceUsageAnalyzer
90 extractors.add(osExtract); // this needs to run before the DataSourceUsageAnalyzer
91 extractors.add(dataSourceAnalyzer); //this needs to run after ExtractRegistry and ExtractOs
92 extractors.add(chrome);
93 extractors.add(firefox);
94 extractors.add(iexplore);
95 extractors.add(edge);
96 extractors.add(safari);
97 extractors.add(SEUQA); // this needs to run after the web browser modules
98 extractors.add(webAccountType); // this needs to run after the web browser modules
99 extractors.add(zoneInfo); // this needs to run after the web browser modules
100 extractors.add(sru);
101 extractors.add(prefetch);
102 extractors.add(thumbcache);
103 extractors.add(messageDomainType);
104
105 browserExtractors.add(chrome);
106 browserExtractors.add(firefox);
107 browserExtractors.add(iexplore);
108 browserExtractors.add(edge);
109 browserExtractors.add(safari);
110
111 for (Extract extractor : extractors) {
112 extractor.startUp();
113 }
114 }
115
116 @Override
117 public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
118 services.postMessage(IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
119 NbBundle.getMessage(this.getClass(),
120 "RAImageIngestModule.process.started",
121 dataSource.getName())));
122
123 progressBar.switchToDeterminate(extractors.size());
124
125 ArrayList<String> errors = new ArrayList<>();
126
127 for (int i = 0; i < extractors.size(); i++) {
128 Extract extracter = extractors.get(i);
129 if (context.dataSourceIngestIsCancelled()) {
130 logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getDisplayName()); //NON-NLS
131 break;
132 }
133
134 progressBar.progress(extracter.getDisplayName(), i);
135
136 try {
137 extracter.process(dataSource, progressBar);
138 } catch (Exception ex) {
139 logger.log(Level.SEVERE, "Exception occurred in " + extracter.getDisplayName(), ex); //NON-NLS
140 errors.add(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", RecentActivityExtracterModuleFactory.getModuleName()));
141 }
142 progressBar.progress(i + 1);
143 errors.addAll(extracter.getErrorMessages());
144 }
145
146 // create the final message for inbox
147 StringBuilder errorMessage = new StringBuilder();
148 String errorMsgSubject;
149 MessageType msgLevel = MessageType.INFO;
150 if (errors.isEmpty() == false) {
151 msgLevel = MessageType.ERROR;
152 errorMessage.append(
153 NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
154 for (String msg : errors) {
155 errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
156 }
157 errorMessage.append("</ul>\n"); //NON-NLS
158
159 if (errors.size() == 1) {
160 errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
161 } else {
162 errorMsgSubject = NbBundle.getMessage(this.getClass(),
163 "RAImageIngestModule.process.errMsgSub.nErrs", errors.size());
164 }
165 } else {
166 errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs"));
167 errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs");
168 }
169 final IngestMessage msg = IngestMessage.createMessage(msgLevel, RecentActivityExtracterModuleFactory.getModuleName(),
170 NbBundle.getMessage(this.getClass(),
171 "RAImageIngestModule.process.ingestMsg.finished",
172 dataSource.getName(), errorMsgSubject),
173 errorMessage.toString());
174 services.postMessage(msg);
175
176 StringBuilder historyMsg = new StringBuilder();
177 historyMsg.append(
178 NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
179 for (Extract module : browserExtractors) {
180 historyMsg.append("<li>").append(module.getDisplayName()); //NON-NLS
181 historyMsg.append(": ").append((module.foundData()) ? NbBundle
182 .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
183 .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
184 historyMsg.append("</li>"); //NON-NLS
185 }
186 historyMsg.append("</ul>"); //NON-NLS
187 final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
188 NbBundle.getMessage(this.getClass(),
189 "RAImageIngestModule.process.ingestMsg.results",
190 dataSource.getName()),
191 historyMsg.toString());
192 services.postMessage(inboxMsg);
193
194 return ProcessResult.OK;
195 }
196
197 @Override
198 public void shutDown() {
199 for (int i = 0; i < extractors.size(); i++) {
200 Extract extracter = extractors.get(i);
201 try {
202 extracter.shutDown();
203 } catch (Exception ex) {
204 logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getDisplayName(), ex); //NON-NLS
205 }
206 }
207 }
208
221 private static String getAndMakeRAPath(String basePath, String module, long ingestJobId) {
222 String moduleFolder = String.format("%s_%d", module, ingestJobId);
223 Path tmpPath = Paths.get(basePath, RECENT_ACTIVITY_FOLDER, moduleFolder);
224 File dir = tmpPath.toFile();
225 if (dir.exists() == false) {
226 dir.mkdirs();
227 }
228 return tmpPath.toString();
229 }
230
241 static String getRATempPath(Case a_case, String mod, long ingestJobId) {
242 return getAndMakeRAPath(a_case.getTempDirectory(), mod, ingestJobId);
243 }
244
255 static String getRAOutputPath(Case a_case, String mod, long ingestJobId) {
256 return getAndMakeRAPath(a_case.getModuleDirectory(), mod, ingestJobId);
257 }
258
265 static String getRelModuleOutputPath(Case autCase, String mod, long ingestJobId) {
266 return Paths.get(getAndMakeRAPath(autCase.getModuleOutputDirectoryRelativePath(), mod, ingestJobId))
267 .normalize()
268 .toString();
269 }
270}
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition Logger.java:124
org.sleuthkit.autopsy.ingest.IngestMessage.createMessage
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
Definition IngestMessage.java:183
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition IngestServices.java:54
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.process
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar)
Definition RAImageIngestModule.java:117
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.getAndMakeRAPath
static String getAndMakeRAPath(String basePath, String module, long ingestJobId)
Definition RAImageIngestModule.java:221

Copyright © 2012-2024 Sleuth Kit Labs. Generated on:
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.