Autopsy  4.4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
SampleDataSourceIngestModule.java
Go to the documentation of this file.
1 /*
2  * Sample module in the public domain. Feel free to use this as a template
3  * for your modules.
4  *
5  * Contact: Brian Carrier [carrier <at> sleuthkit [dot] org]
6  *
7  * This is free and unencumbered software released into the public domain.
8  *
9  * Anyone is free to copy, modify, publish, use, compile, sell, or
10  * distribute this software, either in source code form or as a compiled
11  * binary, for any purpose, commercial or non-commercial, and by any
12  * means.
13  *
14  * In jurisdictions that recognize copyright laws, the author or authors
15  * of this software dedicate any and all copyright interest in the
16  * software to the public domain. We make this dedication for the benefit
17  * of the public at large and to the detriment of our heirs and
18  * successors. We intend this dedication to be an overt act of
19  * relinquishment in perpetuity of all present and future rights to this
20  * software under copyright law.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
25  * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
26  * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
27  * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
28  * OTHER DEALINGS IN THE SOFTWARE.
29  */
30 package org.sleuthkit.autopsy.examples;
31 
32 import java.util.List;
33 import java.util.logging.Level;
39 import org.sleuthkit.datamodel.AbstractFile;
40 import org.sleuthkit.datamodel.Content;
41 import org.sleuthkit.datamodel.FsContent;
42 import org.sleuthkit.datamodel.SleuthkitCase;
43 import org.sleuthkit.datamodel.TskCoreException;
49 import org.sleuthkit.datamodel.TskData;
50 
57 class SampleDataSourceIngestModule implements DataSourceIngestModule {
58 
59  private final boolean skipKnownFiles;
60  private IngestJobContext context = null;
61 
62  SampleDataSourceIngestModule(SampleModuleIngestJobSettings settings) {
63  this.skipKnownFiles = settings.skipKnownFiles();
64  }
65 
66  @Override
67  public void startUp(IngestJobContext context) throws IngestModuleException {
68  this.context = context;
69  }
70 
71  @Override
72  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
73 
74  // There are two tasks to do.
75  progressBar.switchToDeterminate(2);
76 
77  try {
78  // Get count of files with .doc extension.
79  FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
80  List<AbstractFile> docFiles = fileManager.findFiles(dataSource, "%.doc");
81 
82  long fileCount = 0;
83  for (AbstractFile docFile : docFiles) {
84  if (!skipKnownFiles || docFile.getKnown() != TskData.FileKnown.KNOWN) {
85  ++fileCount;
86  }
87  }
88  progressBar.progress(1);
89 
90  // check if we were cancelled
91  if (context.dataSourceIngestIsCancelled()) {
92  return IngestModule.ProcessResult.OK;
93  }
94 
95  // Get files by creation time.
96  long currentTime = System.currentTimeMillis() / 1000;
97  long minTime = currentTime - (14 * 24 * 60 * 60); // Go back two weeks.
98  List<AbstractFile> otherFiles = fileManager.findFiles(dataSource, "crtime > " + minTime);
99  for (AbstractFile otherFile : otherFiles) {
100  if (!skipKnownFiles || otherFile.getKnown() != TskData.FileKnown.KNOWN) {
101  ++fileCount;
102  }
103  }
104  progressBar.progress(1);
105 
106  if (context.dataSourceIngestIsCancelled()) {
107  return IngestModule.ProcessResult.OK;
108  }
109 
110  // Post a message to the ingest messages in box.
111  String msgText = String.format("Found %d files", fileCount);
112  IngestMessage message = IngestMessage.createMessage(
113  IngestMessage.MessageType.DATA,
114  SampleIngestModuleFactory.getModuleName(),
115  msgText);
116  IngestServices.getInstance().postMessage(message);
117 
118  return IngestModule.ProcessResult.OK;
119 
120  } catch (TskCoreException ex) {
121  IngestServices ingestServices = IngestServices.getInstance();
122  Logger logger = ingestServices.getLogger(SampleIngestModuleFactory.getModuleName());
123  logger.log(Level.SEVERE, "File query failed", ex);
124  return IngestModule.ProcessResult.ERROR;
125  }
126  }
127 }

Copyright © 2012-2016 Basis Technology. Generated on: Fri Sep 29 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.