19 package org.sleuthkit.autopsy.test;
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.logging.Level;
25 import org.openide.util.Exceptions;
26 import org.openide.util.NbBundle;
42 "InterestingArtifactCreatorIngestModule.exceptionMessage.errorCreatingCustomType=Error creating custom artifact type."
44 final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapter {
46 private static final Logger logger = Logger.getLogger(InterestingArtifactCreatorIngestModule.class.getName());
47 private static final String MODULE_NAME = InterestingArtifactCreatorIngestModuleFactory.getModuleName();
48 private static final String[] ARTIFACT_TYPE_NAMES = {
"TSK_WEB_BOOKMARK",
"TSK_KEYWORD_HIT",
"TSK_CALLLOG"};
49 private static final String[] ARTIFACT_DISPLAY_NAMES = {
"Web Bookmarks",
"Keyword Hits",
"Call Logs"};
50 private static final String INT_ARTIFACT_TYPE_NAME = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getLabel();
51 private static final String INT_ARTIFACT_DISPLAY_NAME = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getDisplayName();
52 private BlackboardArtifact.Type artifactType;
55 public void startUp(IngestJobContext context)
throws IngestModuleException {
56 Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
58 artifactType = blackboard.getOrAddArtifactType(INT_ARTIFACT_TYPE_NAME, INT_ARTIFACT_DISPLAY_NAME);
59 }
catch (Blackboard.BlackboardException ex) {
60 throw new IngestModuleException(Bundle.InterestingArtifactCreatorIngestModule_exceptionMessage_errorCreatingCustomType(), ex);
65 public ProcessResult process(AbstractFile file) {
69 if (file.isDir() || file.isVirtual()) {
70 return ProcessResult.OK;
78 int randomArtIndex = (int) (Math.random() * 3);
79 Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
80 BlackboardArtifact.Type artifactTypeBase = blackboard.getOrAddArtifactType(ARTIFACT_TYPE_NAMES[randomArtIndex], ARTIFACT_DISPLAY_NAMES[randomArtIndex]);
81 BlackboardArtifact artifactBase = file.newArtifact(artifactTypeBase.getTypeID());
82 Collection<BlackboardAttribute> baseAttributes =
new ArrayList<>();
84 BlackboardAttribute baseAttr;
85 switch (artifactBase.getArtifactTypeID()) {
87 commentTxt =
"www.placeholderWebsiteDOTCOM";
88 baseAttr =
new BlackboardAttribute(
89 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
"Fake Web BookMark",
"www.thisWebsiteIsStillFake.com");
90 baseAttributes.add(baseAttr);
93 commentTxt =
"fakeKeyword";
94 baseAttr =
new BlackboardAttribute(
95 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW,
"Fake Keyword Search",
"Fake Keyword Preview Text");
96 BlackboardAttribute set =
new BlackboardAttribute(
97 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
"Fake Keyword Search",
"Fake");
98 BlackboardAttribute keyword =
new BlackboardAttribute(
99 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD,
"Fake Keyword Search",
"FakeKeyword");
100 baseAttributes.add(baseAttr);
101 baseAttributes.add(set);
102 baseAttributes.add(keyword);
105 commentTxt =
"fake phone number from";
106 baseAttr =
new BlackboardAttribute(
107 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
"Fake Call Log Whatever",
"555-555-5555");
108 baseAttributes.add(baseAttr);
111 commentTxt =
"DEPENDENT ON ARTIFACT TYPE";
114 artifactBase.addAttributes(baseAttributes);
115 BlackboardArtifact artifact = file.newArtifact(artifactType.getTypeID());
116 Collection<BlackboardAttribute> attributes =
new ArrayList<>();
117 BlackboardAttribute att =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
"ArtifactsAndTxt");
119 BlackboardAttribute att2 =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, commentTxt);
120 BlackboardAttribute att3 =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME,
"");
122 attributes.add(att2);
123 attributes.add(att3);
124 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, artifactBase.getArtifactID()));
125 artifact.addAttributes(attributes);
126 }
catch (TskCoreException ex) {
127 logger.log(Level.SEVERE, String.format(
"Failed to process file (obj_id = %d)", file.getId()), ex);
128 return ProcessResult.ERROR;
129 }
catch (Blackboard.BlackboardException ex) {
130 Exceptions.printStackTrace(ex);
132 return ProcessResult.OK;