Autopsy  4.11.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Extract.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2019 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.io.IOException;
27 import java.nio.file.Path;
28 import java.nio.file.Paths;
29 import java.sql.ResultSet;
30 import java.sql.ResultSetMetaData;
31 import java.sql.SQLException;
32 import java.util.ArrayList;
33 import java.util.Collection;
34 import java.util.Collections;
35 import java.util.HashMap;
36 import java.util.List;
37 import java.util.logging.Level;
38 import org.openide.util.NbBundle;
39 import org.openide.util.NbBundle.Messages;
50 import org.sleuthkit.datamodel.AbstractFile;
51 import org.sleuthkit.datamodel.BlackboardArtifact;
52 import org.sleuthkit.datamodel.BlackboardAttribute;
53 import org.sleuthkit.datamodel.Content;
54 import org.sleuthkit.datamodel.SleuthkitCase;
55 import org.sleuthkit.datamodel.TskCoreException;
56 import org.sleuthkit.datamodel.TskException;
57 
58 
59 abstract class Extract {
60 
61  protected Case currentCase;
62  protected SleuthkitCase tskCase;
63  private final Logger logger = Logger.getLogger(this.getClass().getName());
64  private final ArrayList<String> errorMessages = new ArrayList<>();
65  String moduleName = "";
66  boolean dataFound = false;
67 
68  Extract() {
69  }
70 
71  final void init() throws IngestModuleException {
72  try {
73  currentCase = Case.getCurrentCaseThrows();
74  tskCase = currentCase.getSleuthkitCase();
75  } catch (NoCurrentCaseException ex) {
76  throw new IngestModuleException(Bundle.Extract_indexError_message(), ex);
77  }
78  configExtractor();
79  }
80 
86  void configExtractor() throws IngestModuleException {
87  }
88 
89  abstract void process(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar);
90 
91  void complete() {
92  }
93 
99  List<String> getErrorMessages() {
100  return errorMessages;
101  }
102 
108  protected void addErrorMessage(String message) {
109  errorMessages.add(message);
110  }
111 
124  protected BlackboardArtifact addArtifact(BlackboardArtifact.ARTIFACT_TYPE type, Content content, Collection<BlackboardAttribute> bbattributes) {
125  try {
126  BlackboardArtifact bbart = content.newArtifact(type);
127  bbart.addAttributes(bbattributes);
128  // index the artifact for keyword search
129  this.indexArtifact(bbart);
130  return bbart;
131  } catch (TskException ex) {
132  logger.log(Level.SEVERE, "Error while trying to add an artifact", ex); //NON-NLS
133  }
134  return null;
135  }
136 
142  @Messages({"Extract.indexError.message=Failed to index artifact for keyword search.",
143  "Extract.noOpenCase.errMsg=No open case available."})
144  void indexArtifact(BlackboardArtifact bbart) {
145  try {
146  Blackboard blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard();
147  // index the artifact for keyword search
148  blackboard.indexArtifact(bbart);
149  } catch (Blackboard.BlackboardException ex) {
150  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getDisplayName(), ex); //NON-NLS
151  MessageNotifyUtil.Notify.error(Bundle.Extract_indexError_message(), bbart.getDisplayName());
152  } catch (NoCurrentCaseException ex) {
153  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
154  MessageNotifyUtil.Notify.error(Bundle.Extract_noOpenCase_errMsg(), bbart.getDisplayName());
155  }
156  }
157 
169  protected List<HashMap<String, Object>> dbConnect(String path, String query) {
170  ResultSet temprs;
171  List<HashMap<String, Object>> list;
172  String connectionString = "jdbc:sqlite:" + path; //NON-NLS
173  SQLiteDBConnect tempdbconnect = null;
174  try {
175  tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
176  temprs = tempdbconnect.executeQry(query);
177  list = this.resultSetToArrayList(temprs);
178  } catch (SQLException ex) {
179  logger.log(Level.SEVERE, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
180  errorMessages.add(NbBundle.getMessage(this.getClass(), "Extract.dbConn.errMsg.failedToQueryDb", getName()));
181  return Collections.<HashMap<String, Object>>emptyList();
182  }
183  finally {
184  if (tempdbconnect != null) {
185  tempdbconnect.closeConnection();
186  }
187  }
188  return list;
189  }
190 
198  private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
199  ResultSetMetaData md = rs.getMetaData();
200  int columns = md.getColumnCount();
201  List<HashMap<String, Object>> list = new ArrayList<>(50);
202  while (rs.next()) {
203  HashMap<String, Object> row = new HashMap<>(columns);
204  for (int i = 1; i <= columns; ++i) {
205  if (rs.getObject(i) == null) {
206  row.put(md.getColumnName(i), "");
207  } else {
208  row.put(md.getColumnName(i), rs.getObject(i));
209  }
210  }
211  list.add(row);
212  }
213 
214  return list;
215  }
216 
222  protected String getName() {
223  return moduleName;
224  }
225 
230  public boolean foundData() {
231  return dataFound;
232  }
233 
238  protected void setFoundData(boolean foundData){
239  dataFound = foundData;
240  }
241 
246  protected Case getCurrentCase(){
247  return this.currentCase;
248  }
249 
263  protected Collection<BlackboardAttribute> createHistoryAttribute(String url, Long accessTime,
264  String referrer, String title, String programName, String domain, String user) throws TskCoreException {
265 
266  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
267  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
268  RecentActivityExtracterModuleFactory.getModuleName(),
269  (url != null) ? url : "")); //NON-NLS
270 
271  if (accessTime != null) {
272  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
273  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
274  }
275 
276  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
277  RecentActivityExtracterModuleFactory.getModuleName(),
278  (referrer != null) ? referrer : "")); //NON-NLS
279 
280  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
281  RecentActivityExtracterModuleFactory.getModuleName(),
282  (title != null) ? title : "")); //NON-NLS
283 
284  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
285  RecentActivityExtracterModuleFactory.getModuleName(),
286  (programName != null) ? programName : "")); //NON-NLS
287 
288  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
289  RecentActivityExtracterModuleFactory.getModuleName(),
290  (domain != null) ? domain : "")); //NON-NLS
291 
292  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
293  RecentActivityExtracterModuleFactory.getModuleName(),
294  (user != null) ? user : "")); //NON-NLS
295 
296  return bbattributes;
297  }
298 
310  protected Collection<BlackboardAttribute> createCookieAttributes(String url,
311  Long creationTime, String name, String value, String programName, String domain) {
312 
313  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
314  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
315  RecentActivityExtracterModuleFactory.getModuleName(),
316  (url != null) ? url : "")); //NON-NLS
317 
318  if (creationTime != null) {
319  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
320  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
321  }
322 
323  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
324  RecentActivityExtracterModuleFactory.getModuleName(),
325  (name != null) ? name : "")); //NON-NLS
326 
327  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
328  RecentActivityExtracterModuleFactory.getModuleName(),
329  (value != null) ? value : "")); //NON-NLS
330 
331  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
332  RecentActivityExtracterModuleFactory.getModuleName(),
333  (programName != null) ? programName : "")); //NON-NLS
334 
335  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
336  RecentActivityExtracterModuleFactory.getModuleName(),
337  (domain != null) ? domain : "")); //NON-NLS
338 
339  return bbattributes;
340  }
341 
352  protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
353  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
354 
355  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
356  RecentActivityExtracterModuleFactory.getModuleName(),
357  (url != null) ? url : "")); //NON-NLS
358 
359  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
360  RecentActivityExtracterModuleFactory.getModuleName(),
361  (title != null) ? title : "")); //NON-NLS
362 
363  if (creationTime != null) {
364  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
365  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
366  }
367 
368  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
369  RecentActivityExtracterModuleFactory.getModuleName(),
370  (programName != null) ? programName : "")); //NON-NLS
371 
372  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
373  RecentActivityExtracterModuleFactory.getModuleName(),
374  (domain != null) ? domain : "")); //NON-NLS
375 
376  return bbattributes;
377  }
378 
389  protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
390  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
391 
392  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
393  RecentActivityExtracterModuleFactory.getModuleName(),
394  (path != null) ? path : "")); //NON-NLS
395 
396  if (pathID != null && pathID != -1) {
397  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
398  RecentActivityExtracterModuleFactory.getModuleName(),
399  pathID));
400  }
401 
402  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
403  RecentActivityExtracterModuleFactory.getModuleName(),
404  (url != null) ? url : "")); //NON-NLS
405 
406  if (accessTime != null) {
407  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
408  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
409  }
410 
411  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
412  RecentActivityExtracterModuleFactory.getModuleName(),
413  (domain != null) ? domain : "")); //NON-NLS
414 
415  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
416  RecentActivityExtracterModuleFactory.getModuleName(),
417  (programName != null) ? programName : "")); //NON-NLS
418 
419  return bbattributes;
420  }
421 
428  protected Collection<BlackboardAttribute> createDownloadSourceAttributes(String url) {
429  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
430 
431  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
432  RecentActivityExtracterModuleFactory.getModuleName(),
433  (url != null) ? url : "")); //NON-NLS
434 
435  return bbattributes;
436  }
437 
447  protected File createTemporaryFile(IngestJobContext context, AbstractFile file) throws IOException{
448  Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(
449  getCurrentCase(), getName()), file.getName() + file.getId() + file.getNameExtension());
450  java.io.File tempFile = tempFilePath.toFile();
451 
452  try {
453  ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
454  } catch (IOException ex) {
455  throw new IOException("Error writingToFile: " + file, ex); //NON-NLS
456  }
457 
458  return tempFile;
459  }
460 }

Copyright © 2012-2018 Basis Technology. Generated on: Fri Jun 21 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.