Autopsy  4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
SampleDataSourceIngestModule.java
Go to the documentation of this file.
1 /*
2  * Sample module in the public domain. Feel free to use this as a template
3  * for your modules.
4  *
5  * Contact: Brian Carrier [carrier <at> sleuthkit [dot] org]
6  *
7  * This is free and unencumbered software released into the public domain.
8  *
9  * Anyone is free to copy, modify, publish, use, compile, sell, or
10  * distribute this software, either in source code form or as a compiled
11  * binary, for any purpose, commercial or non-commercial, and by any
12  * means.
13  *
14  * In jurisdictions that recognize copyright laws, the author or authors
15  * of this software dedicate any and all copyright interest in the
16  * software to the public domain. We make this dedication for the benefit
17  * of the public at large and to the detriment of our heirs and
18  * successors. We intend this dedication to be an overt act of
19  * relinquishment in perpetuity of all present and future rights to this
20  * software under copyright law.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
25  * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
26  * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
27  * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
28  * OTHER DEALINGS IN THE SOFTWARE.
29  */
30 package org.sleuthkit.autopsy.examples;
31 
32 import java.util.List;
33 import java.util.logging.Level;
39 import org.sleuthkit.datamodel.AbstractFile;
40 import org.sleuthkit.datamodel.Content;
41 import org.sleuthkit.datamodel.TskCoreException;
47 import org.sleuthkit.datamodel.TskData;
48 
55 class SampleDataSourceIngestModule implements DataSourceIngestModule {
56 
57  private final boolean skipKnownFiles;
58  private IngestJobContext context = null;
59 
60  SampleDataSourceIngestModule(SampleModuleIngestJobSettings settings) {
61  this.skipKnownFiles = settings.skipKnownFiles();
62  }
63 
64  @Override
65  public void startUp(IngestJobContext context) throws IngestModuleException {
66  this.context = context;
67  }
68 
69  @Override
70  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
71 
72  // There are two tasks to do.
73  progressBar.switchToDeterminate(2);
74 
75  try {
76  // Get count of files with .doc extension.
77  FileManager fileManager = Case.getCurrentCaseThrows().getServices().getFileManager();
78  List<AbstractFile> docFiles = fileManager.findFiles(dataSource, "%.doc");
79 
80  long fileCount = 0;
81  for (AbstractFile docFile : docFiles) {
82  if (!skipKnownFiles || docFile.getKnown() != TskData.FileKnown.KNOWN) {
83  ++fileCount;
84  }
85  }
86  progressBar.progress(1);
87 
88  // check if we were cancelled
89  if (context.dataSourceIngestIsCancelled()) {
90  return IngestModule.ProcessResult.OK;
91  }
92 
93  // Get files by creation time.
94  long currentTime = System.currentTimeMillis() / 1000;
95  long minTime = currentTime - (14 * 24 * 60 * 60); // Go back two weeks.
96  List<AbstractFile> otherFiles = fileManager.findFiles(dataSource, "crtime > " + minTime);
97  for (AbstractFile otherFile : otherFiles) {
98  if (!skipKnownFiles || otherFile.getKnown() != TskData.FileKnown.KNOWN) {
99  ++fileCount;
100  }
101  }
102  progressBar.progress(1);
103 
104  if (context.dataSourceIngestIsCancelled()) {
105  return IngestModule.ProcessResult.OK;
106  }
107 
108  // Post a message to the ingest messages in box.
109  String msgText = String.format("Found %d files", fileCount);
110  IngestMessage message = IngestMessage.createMessage(
111  IngestMessage.MessageType.DATA,
112  SampleIngestModuleFactory.getModuleName(),
113  msgText);
114  IngestServices.getInstance().postMessage(message);
115 
116  return IngestModule.ProcessResult.OK;
117 
118  } catch (TskCoreException | NoCurrentCaseException ex) {
119  IngestServices ingestServices = IngestServices.getInstance();
120  Logger logger = ingestServices.getLogger(SampleIngestModuleFactory.getModuleName());
121  logger.log(Level.SEVERE, "File query failed", ex);
122  return IngestModule.ProcessResult.ERROR;
123  }
124  }
125 }

Copyright © 2012-2020 Basis Technology. Generated on: Mon Jul 6 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.