Autopsy  4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Extract.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2021 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.io.IOException;
27 import java.nio.file.Path;
28 import java.nio.file.Paths;
29 import java.sql.ResultSet;
30 import java.sql.ResultSetMetaData;
31 import java.sql.SQLException;
32 import java.util.ArrayList;
33 import java.util.Collection;
34 import java.util.Collections;
35 import java.util.HashMap;
36 import java.util.List;
37 import java.util.logging.Level;
38 import org.openide.util.NbBundle.Messages;
39 import org.sleuthkit.autopsy.casemodule.Case;
40 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
41 import org.sleuthkit.autopsy.coreutils.Logger;
42 import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;
43 import org.sleuthkit.autopsy.datamodel.ContentUtils;
44 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
45 import org.sleuthkit.autopsy.ingest.IngestJobContext;
46 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
47 import org.sleuthkit.datamodel.AbstractFile;
48 import org.sleuthkit.datamodel.Blackboard;
49 import org.sleuthkit.datamodel.BlackboardArtifact;
50 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
51 import org.sleuthkit.datamodel.BlackboardAttribute;
52 import org.sleuthkit.datamodel.Content;
53 import org.sleuthkit.datamodel.Score;
54 import org.sleuthkit.datamodel.SleuthkitCase;
55 import org.sleuthkit.datamodel.TskCoreException;
56 
57 
58 abstract class Extract {
59 
60  protected Case currentCase;
61  protected SleuthkitCase tskCase;
62  protected Blackboard blackboard;
63  private final Logger logger = Logger.getLogger(this.getClass().getName());
64  private final ArrayList<String> errorMessages = new ArrayList<>();
65  private String moduleName = "";
66  boolean dataFound = false;
67  private RAOsAccountCache osAccountCache = null;
68 
69  Extract() {
70  this("");
71  }
72 
73  Extract(String moduleName) {
74  this.moduleName = moduleName;
75  }
76 
77  final void init() throws IngestModuleException {
78  try {
79  currentCase = Case.getCurrentCaseThrows();
80  tskCase = currentCase.getSleuthkitCase();
81  blackboard = tskCase.getBlackboard();
82  } catch (NoCurrentCaseException ex) {
83  throw new IngestModuleException(Bundle.Extract_indexError_message(), ex);
84  }
85  configExtractor();
86  }
87 
93  void configExtractor() throws IngestModuleException {
94  }
95 
106  void process(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar, RAOsAccountCache osAccountCache) {
107  this.osAccountCache = osAccountCache;
108  process(dataSource, context, progressBar);
109  }
110 
111  abstract void process(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar);
112 
113  void complete() {
114  }
115 
121  List<String> getErrorMessages() {
122  return errorMessages;
123  }
124 
130  protected void addErrorMessage(String message) {
131  errorMessages.add(message);
132  }
133 
144  BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE type, Content content, Collection<BlackboardAttribute> attributes) throws TskCoreException {
145  return createArtifactWithAttributes(new BlackboardArtifact.Type(type), content, attributes);
146  }
147 
160  BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type type, Content content, Collection<BlackboardAttribute> attributes) throws TskCoreException {
161  switch (type.getCategory()) {
162  case DATA_ARTIFACT:
163  return content.newDataArtifact(type, attributes);
164  case ANALYSIS_RESULT:
165  return content.newAnalysisResult(type, Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
166  default:
167  throw new TskCoreException("Unknown category type: " + type.getCategory().getDisplayName());
168  }
169  }
170 
181  BlackboardArtifact createAssociatedArtifact(Content content, BlackboardArtifact artifact) throws TskCoreException {
182  return createArtifactWithAttributes(TSK_ASSOCIATED_OBJECT, content, Collections.singletonList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT,
183  RecentActivityExtracterModuleFactory.getModuleName(), artifact.getArtifactID())));
184  }
185 
191  @Messages({"Extract.indexError.message=Failed to index artifact for keyword search.",
192  "Extract.noOpenCase.errMsg=No open case available."})
193  void postArtifact(BlackboardArtifact bbart) {
194  if(bbart == null) {
195  return;
196  }
197 
198  try {
199  // index the artifact for keyword search
200  blackboard.postArtifact(bbart, getName());
201  } catch (Blackboard.BlackboardException ex) {
202  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getDisplayName(), ex); //NON-NLS
203  }
204  }
205 
211  void postArtifacts(Collection<BlackboardArtifact> artifacts) {
212  if(artifacts == null || artifacts.isEmpty()) {
213  return;
214  }
215 
216  try{
217  blackboard.postArtifacts(artifacts, getName());
218  } catch (Blackboard.BlackboardException ex) {
219  logger.log(Level.SEVERE, "Unable to post blackboard artifacts", ex); //NON-NLS
220  }
221  }
222 
234  protected List<HashMap<String, Object>> dbConnect(String path, String query) {
235  ResultSet temprs;
236  List<HashMap<String, Object>> list;
237  String connectionString = "jdbc:sqlite:" + path; //NON-NLS
238  SQLiteDBConnect tempdbconnect = null;
239  try {
240  tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
241  temprs = tempdbconnect.executeQry(query);
242  list = this.resultSetToArrayList(temprs);
243  } catch (SQLException ex) {
244  logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
245  return Collections.<HashMap<String, Object>>emptyList();
246  }
247  finally {
248  if (tempdbconnect != null) {
249  tempdbconnect.closeConnection();
250  }
251  }
252  return list;
253  }
254 
262  private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
263  ResultSetMetaData md = rs.getMetaData();
264  int columns = md.getColumnCount();
265  List<HashMap<String, Object>> list = new ArrayList<>(50);
266  while (rs.next()) {
267  HashMap<String, Object> row = new HashMap<>(columns);
268  for (int i = 1; i <= columns; ++i) {
269  if (rs.getObject(i) == null) {
270  row.put(md.getColumnName(i), "");
271  } else {
272  row.put(md.getColumnName(i), rs.getObject(i));
273  }
274  }
275  list.add(row);
276  }
277 
278  return list;
279  }
280 
286  protected String getName() {
287  return moduleName;
288  }
289 
290  protected String getRAModuleName() {
291  return RecentActivityExtracterModuleFactory.getModuleName();
292  }
293 
298  public boolean foundData() {
299  return dataFound;
300  }
301 
306  protected void setFoundData(boolean foundData){
307  dataFound = foundData;
308  }
309 
314  protected Case getCurrentCase(){
315  return this.currentCase;
316  }
317 
331  protected Collection<BlackboardAttribute> createHistoryAttribute(String url, Long accessTime,
332  String referrer, String title, String programName, String domain, String user) throws TskCoreException {
333 
334  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
335  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
336  RecentActivityExtracterModuleFactory.getModuleName(),
337  (url != null) ? url : "")); //NON-NLS
338 
339  if (accessTime != null) {
340  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
341  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
342  }
343 
344  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
345  RecentActivityExtracterModuleFactory.getModuleName(),
346  (referrer != null) ? referrer : "")); //NON-NLS
347 
348  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
349  RecentActivityExtracterModuleFactory.getModuleName(),
350  (title != null) ? title : "")); //NON-NLS
351 
352  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
353  RecentActivityExtracterModuleFactory.getModuleName(),
354  (programName != null) ? programName : "")); //NON-NLS
355 
356  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
357  RecentActivityExtracterModuleFactory.getModuleName(),
358  (domain != null) ? domain : "")); //NON-NLS
359 
360  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
361  RecentActivityExtracterModuleFactory.getModuleName(),
362  (user != null) ? user : "")); //NON-NLS
363 
364  return bbattributes;
365  }
366 
378  protected Collection<BlackboardAttribute> createCookieAttributes(String url,
379  Long creationTime, Long accessTime, Long endTime, String name, String value, String programName, String domain) {
380 
381  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
382  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
383  RecentActivityExtracterModuleFactory.getModuleName(),
384  (url != null) ? url : "")); //NON-NLS
385 
386  if (creationTime != null && creationTime != 0) {
387  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
388  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
389  }
390 
391  if (accessTime != null && accessTime != 0) {
392  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
393  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
394  }
395 
396  if(endTime != null && endTime != 0) {
397  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END,
398  RecentActivityExtracterModuleFactory.getModuleName(), endTime));
399  }
400 
401  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
402  RecentActivityExtracterModuleFactory.getModuleName(),
403  (name != null) ? name : "")); //NON-NLS
404 
405  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
406  RecentActivityExtracterModuleFactory.getModuleName(),
407  (value != null) ? value : "")); //NON-NLS
408 
409  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
410  RecentActivityExtracterModuleFactory.getModuleName(),
411  (programName != null) ? programName : "")); //NON-NLS
412 
413  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
414  RecentActivityExtracterModuleFactory.getModuleName(),
415  (domain != null) ? domain : "")); //NON-NLS
416 
417  return bbattributes;
418  }
419 
430  protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
431  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
432 
433  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
434  RecentActivityExtracterModuleFactory.getModuleName(),
435  (url != null) ? url : "")); //NON-NLS
436 
437  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
438  RecentActivityExtracterModuleFactory.getModuleName(),
439  (title != null) ? title : "")); //NON-NLS
440 
441  if (creationTime != null) {
442  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
443  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
444  }
445 
446  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
447  RecentActivityExtracterModuleFactory.getModuleName(),
448  (programName != null) ? programName : "")); //NON-NLS
449 
450  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
451  RecentActivityExtracterModuleFactory.getModuleName(),
452  (domain != null) ? domain : "")); //NON-NLS
453 
454  return bbattributes;
455  }
456 
467  protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
468  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
469 
470  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
471  RecentActivityExtracterModuleFactory.getModuleName(),
472  (path != null) ? path : "")); //NON-NLS
473 
474  if (pathID != null && pathID != -1) {
475  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
476  RecentActivityExtracterModuleFactory.getModuleName(),
477  pathID));
478  }
479 
480  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
481  RecentActivityExtracterModuleFactory.getModuleName(),
482  (url != null) ? url : "")); //NON-NLS
483 
484  if (accessTime != null) {
485  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
486  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
487  }
488 
489  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
490  RecentActivityExtracterModuleFactory.getModuleName(),
491  (domain != null) ? domain : "")); //NON-NLS
492 
493  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
494  RecentActivityExtracterModuleFactory.getModuleName(),
495  (programName != null) ? programName : "")); //NON-NLS
496 
497  return bbattributes;
498  }
499 
506  protected Collection<BlackboardAttribute> createDownloadSourceAttributes(String url) {
507  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
508 
509  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
510  RecentActivityExtracterModuleFactory.getModuleName(),
511  (url != null) ? url : "")); //NON-NLS
512 
513  return bbattributes;
514  }
515 
526  protected File createTemporaryFile(IngestJobContext context, AbstractFile file, long ingestJobId) throws IOException{
527  Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(
528  getCurrentCase(), getName(), ingestJobId), file.getName() + file.getId() + file.getNameExtension());
529  java.io.File tempFile = tempFilePath.toFile();
530 
531  try {
532  ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
533  } catch (IOException ex) {
534  throw new IOException("Error writingToFile: " + file, ex); //NON-NLS
535  }
536 
537  return tempFile;
538  }
539 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:52

Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.