Autopsy  4.19.2
Graphical digital forensics platform for The Sleuth Kit and other tools.
RAImageIngestModule.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2021 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.nio.file.Path;
27 import java.nio.file.Paths;
28 import java.util.ArrayList;
29 import java.util.List;
30 import java.util.logging.Level;
31 import org.openide.util.NbBundle;
32 import org.sleuthkit.autopsy.casemodule.Case;
33 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
34 import org.sleuthkit.autopsy.coreutils.Logger;
35 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
36 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
37 import org.sleuthkit.autopsy.ingest.IngestServices;
38 import org.sleuthkit.autopsy.ingest.IngestMessage;
39 import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
40 import org.sleuthkit.datamodel.Content;
41 import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
42 import org.sleuthkit.autopsy.ingest.IngestJobContext;
43 import org.sleuthkit.datamodel.SleuthkitCase;
44 
48 public final class RAImageIngestModule implements DataSourceIngestModule {
49 
50  private static final String RECENT_ACTIVITY_FOLDER = "RecentActivity";
51  private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
52  private final List<Extract> extractors = new ArrayList<>();
53  private final List<Extract> browserExtractors = new ArrayList<>();
54  private final IngestServices services = IngestServices.getInstance();
55  private IngestJobContext context;
56  protected SleuthkitCase tskCase;
57 
58  RAImageIngestModule() {
59  }
60 
61  @Override
62  public void startUp(IngestJobContext context) throws IngestModuleException {
63  this.context = context;
64 
65  tskCase = Case.getCurrentCase().getSleuthkitCase();
66 
67  Extract iexplore = new ExtractIE(context);
68  Extract edge = new ExtractEdge(context);
69  Extract registry = new ExtractRegistry(context);
70  Extract recentDocuments = new RecentDocumentsByLnk(context);
71  Extract chrome = new Chromium(context);
72  Extract firefox = new Firefox(context);
73  Extract SEUQA = new SearchEngineURLQueryAnalyzer(context);
74  Extract osExtract = new ExtractOs(context);
75  Extract dataSourceAnalyzer = new DataSourceUsageAnalyzer(context);
76  Extract safari = new ExtractSafari(context);
77  Extract zoneInfo = new ExtractZoneIdentifier(context);
78  Extract recycleBin = new ExtractRecycleBin(context);
79  Extract sru = new ExtractSru(context);
80  Extract prefetch = new ExtractPrefetch(context);
81  Extract webAccountType = new ExtractWebAccountType(context);
82  Extract messageDomainType = new DomainCategoryRunner(context);
83  Extract jumpList = new ExtractJumpLists(context);
84 
85  extractors.add(recycleBin);
86  extractors.add(jumpList);
87  extractors.add(recentDocuments);
88  extractors.add(registry); // needs to run before the DataSourceUsageAnalyzer
89  extractors.add(osExtract); // this needs to run before the DataSourceUsageAnalyzer
90  extractors.add(dataSourceAnalyzer); //this needs to run after ExtractRegistry and ExtractOs
91  extractors.add(chrome);
92  extractors.add(firefox);
93  extractors.add(iexplore);
94  extractors.add(edge);
95  extractors.add(safari);
96  extractors.add(SEUQA); // this needs to run after the web browser modules
97  extractors.add(webAccountType); // this needs to run after the web browser modules
98  extractors.add(zoneInfo); // this needs to run after the web browser modules
99  extractors.add(sru);
100  extractors.add(prefetch);
101  extractors.add(messageDomainType);
102 
103  browserExtractors.add(chrome);
104  browserExtractors.add(firefox);
105  browserExtractors.add(iexplore);
106  browserExtractors.add(edge);
107  browserExtractors.add(safari);
108 
109  for (Extract extractor : extractors) {
110  extractor.startUp();
111  }
112  }
113 
114  @Override
115  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
116  services.postMessage(IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
117  NbBundle.getMessage(this.getClass(),
118  "RAImageIngestModule.process.started",
119  dataSource.getName())));
120 
121  progressBar.switchToDeterminate(extractors.size());
122 
123  ArrayList<String> errors = new ArrayList<>();
124 
125  for (int i = 0; i < extractors.size(); i++) {
126  Extract extracter = extractors.get(i);
127  if (context.dataSourceIngestIsCancelled()) {
128  logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getDisplayName()); //NON-NLS
129  break;
130  }
131 
132  progressBar.progress(extracter.getDisplayName(), i);
133 
134  try {
135  extracter.process(dataSource, progressBar);
136  } catch (Exception ex) {
137  logger.log(Level.SEVERE, "Exception occurred in " + extracter.getDisplayName(), ex); //NON-NLS
138  errors.add(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", RecentActivityExtracterModuleFactory.getModuleName()));
139  }
140  progressBar.progress(i + 1);
141  errors.addAll(extracter.getErrorMessages());
142  }
143 
144  // create the final message for inbox
145  StringBuilder errorMessage = new StringBuilder();
146  String errorMsgSubject;
147  MessageType msgLevel = MessageType.INFO;
148  if (errors.isEmpty() == false) {
149  msgLevel = MessageType.ERROR;
150  errorMessage.append(
151  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
152  for (String msg : errors) {
153  errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
154  }
155  errorMessage.append("</ul>\n"); //NON-NLS
156 
157  if (errors.size() == 1) {
158  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
159  } else {
160  errorMsgSubject = NbBundle.getMessage(this.getClass(),
161  "RAImageIngestModule.process.errMsgSub.nErrs", errors.size());
162  }
163  } else {
164  errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs"));
165  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs");
166  }
167  final IngestMessage msg = IngestMessage.createMessage(msgLevel, RecentActivityExtracterModuleFactory.getModuleName(),
168  NbBundle.getMessage(this.getClass(),
169  "RAImageIngestModule.process.ingestMsg.finished",
170  dataSource.getName(), errorMsgSubject),
171  errorMessage.toString());
172  services.postMessage(msg);
173 
174  StringBuilder historyMsg = new StringBuilder();
175  historyMsg.append(
176  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
177  for (Extract module : browserExtractors) {
178  historyMsg.append("<li>").append(module.getDisplayName()); //NON-NLS
179  historyMsg.append(": ").append((module.foundData()) ? NbBundle
180  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
181  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
182  historyMsg.append("</li>"); //NON-NLS
183  }
184  historyMsg.append("</ul>"); //NON-NLS
185  final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
186  NbBundle.getMessage(this.getClass(),
187  "RAImageIngestModule.process.ingestMsg.results",
188  dataSource.getName()),
189  historyMsg.toString());
190  services.postMessage(inboxMsg);
191 
192  return ProcessResult.OK;
193  }
194 
195  @Override
196  public void shutDown() {
197  for (int i = 0; i < extractors.size(); i++) {
198  Extract extracter = extractors.get(i);
199  try {
200  extracter.shutDown();
201  } catch (Exception ex) {
202  logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getDisplayName(), ex); //NON-NLS
203  }
204  }
205  }
206 
219  private static String getAndMakeRAPath(String basePath, String module, long ingestJobId) {
220  String moduleFolder = String.format("%s_%d", module, ingestJobId);
221  Path tmpPath = Paths.get(basePath, RECENT_ACTIVITY_FOLDER, moduleFolder);
222  File dir = tmpPath.toFile();
223  if (dir.exists() == false) {
224  dir.mkdirs();
225  }
226  return tmpPath.toString();
227  }
228 
239  static String getRATempPath(Case a_case, String mod, long ingestJobId) {
240  return getAndMakeRAPath(a_case.getTempDirectory(), mod, ingestJobId);
241  }
242 
253  static String getRAOutputPath(Case a_case, String mod, long ingestJobId) {
254  return getAndMakeRAPath(a_case.getModuleDirectory(), mod, ingestJobId);
255  }
256 
263  static String getRelModuleOutputPath(Case autCase, String mod, long ingestJobId) {
264  return Paths.get(getAndMakeRAPath(autCase.getModuleOutputDirectoryRelativePath(), mod, ingestJobId))
265  .normalize()
266  .toString();
267  }
268 }
org.sleuthkit.autopsy.ingest.IngestMessage.createMessage
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
Definition: IngestMessage.java:183
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.process
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar)
Definition: RAImageIngestModule.java:115
org.sleuthkit.autopsy.ingest.IngestServices.postMessage
void postMessage(final IngestMessage message)
Definition: IngestServices.java:100
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.getAndMakeRAPath
static String getAndMakeRAPath(String basePath, String module, long ingestJobId)
Definition: RAImageIngestModule.java:219
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition: IngestServices.java:54

Copyright © 2012-2021 Basis Technology. Generated on: Tue Feb 22 2022
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.