23 package org.sleuthkit.autopsy.recentactivity;
26 import java.io.IOException;
27 import java.nio.file.Path;
28 import java.nio.file.Paths;
29 import java.sql.ResultSet;
30 import java.sql.ResultSetMetaData;
31 import java.sql.SQLException;
32 import java.util.ArrayList;
33 import java.util.Collection;
34 import java.util.Collections;
35 import java.util.HashMap;
36 import java.util.List;
37 import java.util.logging.Level;
38 import org.openide.util.NbBundle.Messages;
50 import static org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
58 abstract class Extract {
60 protected Case currentCase;
61 protected SleuthkitCase tskCase;
62 protected Blackboard blackboard;
63 private final Logger logger = Logger.getLogger(this.getClass().getName());
64 private final ArrayList<String> errorMessages =
new ArrayList<>();
65 private String moduleName =
"";
66 boolean dataFound =
false;
67 private RAOsAccountCache osAccountCache = null;
73 Extract(String moduleName) {
74 this.moduleName = moduleName;
77 final void init() throws IngestModuleException {
79 currentCase = Case.getCurrentCaseThrows();
80 tskCase = currentCase.getSleuthkitCase();
81 blackboard = tskCase.getBlackboard();
82 }
catch (NoCurrentCaseException ex) {
83 throw new IngestModuleException(Bundle.Extract_indexError_message(), ex);
93 void configExtractor() throws IngestModuleException {
106 void process(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar, RAOsAccountCache osAccountCache) {
107 this.osAccountCache = osAccountCache;
108 process(dataSource, context, progressBar);
111 abstract void process(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar);
121 List<String> getErrorMessages() {
122 return errorMessages;
130 protected void addErrorMessage(String message) {
131 errorMessages.add(message);
144 BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.ARTIFACT_TYPE type, Content content, Collection<BlackboardAttribute> attributes)
throws TskCoreException {
145 return createArtifactWithAttributes(
new BlackboardArtifact.Type(type), content, attributes);
160 BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type type, Content content, Collection<BlackboardAttribute> attributes)
throws TskCoreException {
161 switch (type.getCategory()) {
163 return content.newDataArtifact(type, attributes);
164 case ANALYSIS_RESULT:
165 return content.newAnalysisResult(type, Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
167 throw new TskCoreException(
"Unknown category type: " + type.getCategory().getDisplayName());
181 BlackboardArtifact createAssociatedArtifact(Content content, BlackboardArtifact artifact)
throws TskCoreException {
182 return createArtifactWithAttributes(TSK_ASSOCIATED_OBJECT, content, Collections.singletonList(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT,
183 RecentActivityExtracterModuleFactory.getModuleName(), artifact.getArtifactID())));
191 @Messages({
"Extract.indexError.message=Failed to index artifact for keyword search.",
192 "Extract.noOpenCase.errMsg=No open case available."})
193 void postArtifact(BlackboardArtifact bbart) {
200 blackboard.postArtifact(bbart, getName());
201 }
catch (Blackboard.BlackboardException ex) {
202 logger.log(Level.SEVERE,
"Unable to index blackboard artifact " + bbart.getDisplayName(), ex);
211 void postArtifacts(Collection<BlackboardArtifact> artifacts) {
212 if(artifacts == null || artifacts.isEmpty()) {
217 blackboard.postArtifacts(artifacts, getName());
218 }
catch (Blackboard.BlackboardException ex) {
219 logger.log(Level.SEVERE,
"Unable to post blackboard artifacts", ex);
234 protected List<HashMap<String, Object>> dbConnect(String path, String query) {
236 List<HashMap<String, Object>> list;
237 String connectionString =
"jdbc:sqlite:" + path;
238 SQLiteDBConnect tempdbconnect = null;
240 tempdbconnect =
new SQLiteDBConnect(
"org.sqlite.JDBC", connectionString);
241 temprs = tempdbconnect.executeQry(query);
242 list = this.resultSetToArrayList(temprs);
243 }
catch (SQLException ex) {
244 logger.log(Level.WARNING,
"Error while trying to read into a sqlite db." + connectionString, ex);
245 return Collections.<HashMap<String, Object>>emptyList();
248 if (tempdbconnect != null) {
249 tempdbconnect.closeConnection();
262 private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs)
throws SQLException {
263 ResultSetMetaData md = rs.getMetaData();
264 int columns = md.getColumnCount();
265 List<HashMap<String, Object>> list =
new ArrayList<>(50);
267 HashMap<String, Object> row =
new HashMap<>(columns);
268 for (
int i = 1; i <= columns; ++i) {
269 if (rs.getObject(i) == null) {
270 row.put(md.getColumnName(i),
"");
272 row.put(md.getColumnName(i), rs.getObject(i));
286 protected String getName() {
290 protected String getRAModuleName() {
291 return RecentActivityExtracterModuleFactory.getModuleName();
298 public boolean foundData() {
306 protected void setFoundData(
boolean foundData){
307 dataFound = foundData;
314 protected Case getCurrentCase(){
315 return this.currentCase;
331 protected Collection<BlackboardAttribute> createHistoryAttribute(String url, Long accessTime,
332 String referrer, String title, String programName, String domain, String user)
throws TskCoreException {
334 Collection<BlackboardAttribute> bbattributes =
new ArrayList<>();
335 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
336 RecentActivityExtracterModuleFactory.getModuleName(),
337 (url != null) ? url :
""));
339 if (accessTime != null) {
340 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
341 RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
344 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
345 RecentActivityExtracterModuleFactory.getModuleName(),
346 (referrer != null) ? referrer :
""));
348 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
349 RecentActivityExtracterModuleFactory.getModuleName(),
350 (title != null) ? title :
""));
352 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
353 RecentActivityExtracterModuleFactory.getModuleName(),
354 (programName != null) ? programName :
""));
356 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
357 RecentActivityExtracterModuleFactory.getModuleName(),
358 (domain != null) ? domain :
""));
360 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
361 RecentActivityExtracterModuleFactory.getModuleName(),
362 (user != null) ? user :
""));
378 protected Collection<BlackboardAttribute> createCookieAttributes(String url,
379 Long creationTime, Long accessTime, Long endTime, String name, String value, String programName, String domain) {
381 Collection<BlackboardAttribute> bbattributes =
new ArrayList<>();
382 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
383 RecentActivityExtracterModuleFactory.getModuleName(),
384 (url != null) ? url :
""));
386 if (creationTime != null && creationTime != 0) {
387 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
388 RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
391 if (accessTime != null && accessTime != 0) {
392 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
393 RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
396 if(endTime != null && endTime != 0) {
397 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END,
398 RecentActivityExtracterModuleFactory.getModuleName(), endTime));
401 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
402 RecentActivityExtracterModuleFactory.getModuleName(),
403 (name != null) ? name :
""));
405 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
406 RecentActivityExtracterModuleFactory.getModuleName(),
407 (value != null) ? value :
""));
409 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
410 RecentActivityExtracterModuleFactory.getModuleName(),
411 (programName != null) ? programName :
""));
413 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
414 RecentActivityExtracterModuleFactory.getModuleName(),
415 (domain != null) ? domain :
""));
430 protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
431 Collection<BlackboardAttribute> bbattributes =
new ArrayList<>();
433 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
434 RecentActivityExtracterModuleFactory.getModuleName(),
435 (url != null) ? url :
""));
437 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
438 RecentActivityExtracterModuleFactory.getModuleName(),
439 (title != null) ? title :
""));
441 if (creationTime != null) {
442 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
443 RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
446 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
447 RecentActivityExtracterModuleFactory.getModuleName(),
448 (programName != null) ? programName :
""));
450 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
451 RecentActivityExtracterModuleFactory.getModuleName(),
452 (domain != null) ? domain :
""));
467 protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
468 Collection<BlackboardAttribute> bbattributes =
new ArrayList<>();
470 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
471 RecentActivityExtracterModuleFactory.getModuleName(),
472 (path != null) ? path :
""));
474 if (pathID != null && pathID != -1) {
475 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
476 RecentActivityExtracterModuleFactory.getModuleName(),
480 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
481 RecentActivityExtracterModuleFactory.getModuleName(),
482 (url != null) ? url :
""));
484 if (accessTime != null) {
485 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
486 RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
489 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
490 RecentActivityExtracterModuleFactory.getModuleName(),
491 (domain != null) ? domain :
""));
493 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
494 RecentActivityExtracterModuleFactory.getModuleName(),
495 (programName != null) ? programName :
""));
506 protected Collection<BlackboardAttribute> createDownloadSourceAttributes(String url) {
507 Collection<BlackboardAttribute> bbattributes =
new ArrayList<>();
509 bbattributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
510 RecentActivityExtracterModuleFactory.getModuleName(),
511 (url != null) ? url :
""));
526 protected File createTemporaryFile(IngestJobContext context, AbstractFile file,
long ingestJobId)
throws IOException{
527 Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(
528 getCurrentCase(), getName(), ingestJobId), file.getName() + file.getId() + file.getNameExtension());
529 java.io.File tempFile = tempFilePath.toFile();
532 ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
533 }
catch (IOException ex) {
534 throw new IOException(
"Error writingToFile: " + file, ex);