Autopsy  4.5.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
InterestingArtifactCreatorIngestModule.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2017 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.test;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.logging.Level;
24 
25 import org.openide.util.Exceptions;
26 import org.openide.util.NbBundle;
32 import org.sleuthkit.datamodel.AbstractFile;
33 import org.sleuthkit.datamodel.BlackboardArtifact;
34 import org.sleuthkit.datamodel.BlackboardAttribute;
35 import org.sleuthkit.datamodel.TskCoreException;
36 
41 @NbBundle.Messages({
42  "InterestingArtifactCreatorIngestModule.exceptionMessage.errorCreatingCustomType=Error creating custom artifact type."
43 })
44 final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapter {
45 
46  private static final Logger logger = Logger.getLogger(InterestingArtifactCreatorIngestModule.class.getName());
47  private static final String MODULE_NAME = InterestingArtifactCreatorIngestModuleFactory.getModuleName();
48  private static final String[] ARTIFACT_TYPE_NAMES = {"TSK_WEB_BOOKMARK", "TSK_KEYWORD_HIT", "TSK_CALLLOG"};
49  private static final String[] ARTIFACT_DISPLAY_NAMES = {"Web Bookmarks", "Keyword Hits", "Call Logs"};
50  private static final String INT_ARTIFACT_TYPE_NAME = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getLabel();
51  private static final String INT_ARTIFACT_DISPLAY_NAME = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getDisplayName();
52  private BlackboardArtifact.Type artifactType;
53 
54  @Override
55  public void startUp(IngestJobContext context) throws IngestModuleException {
56  Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
57  try {
58  artifactType = blackboard.getOrAddArtifactType(INT_ARTIFACT_TYPE_NAME, INT_ARTIFACT_DISPLAY_NAME);
59  } catch (Blackboard.BlackboardException ex) {
60  throw new IngestModuleException(Bundle.InterestingArtifactCreatorIngestModule_exceptionMessage_errorCreatingCustomType(), ex);
61  }
62  }
63 
64  @Override
65  public ProcessResult process(AbstractFile file) {
66  /*
67  * Skip directories and virtual files.
68  */
69  if (file.isDir() || file.isVirtual()) {
70  return ProcessResult.OK;
71  }
72 
73  try {
74  /*
75  * Add a custom artifact with one custom attribute of each value
76  * type.
77  */
78  int randomArtIndex = (int) (Math.random() * 3);
79  Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
80  BlackboardArtifact.Type artifactTypeBase = blackboard.getOrAddArtifactType(ARTIFACT_TYPE_NAMES[randomArtIndex], ARTIFACT_DISPLAY_NAMES[randomArtIndex]);
81  BlackboardArtifact artifactBase = file.newArtifact(artifactTypeBase.getTypeID());
82  Collection<BlackboardAttribute> baseAttributes = new ArrayList<>();
83  String commentTxt;
84  BlackboardAttribute baseAttr;
85  switch (artifactBase.getArtifactTypeID()) {
86  case 2:
87  commentTxt = "www.placeholderWebsiteDOTCOM";
88  baseAttr = new BlackboardAttribute(
89  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL, "Fake Web BookMark", "www.thisWebsiteIsStillFake.com");
90  baseAttributes.add(baseAttr);
91  break;
92  case 9:
93  commentTxt = "fakeKeyword";
94  baseAttr = new BlackboardAttribute(
95  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW, "Fake Keyword Search", "Fake Keyword Preview Text");
96  BlackboardAttribute set = new BlackboardAttribute(
97  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, "Fake Keyword Search", "Fake");
98  BlackboardAttribute keyword = new BlackboardAttribute(
99  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD, "Fake Keyword Search", "FakeKeyword");
100  baseAttributes.add(baseAttr);
101  baseAttributes.add(set);
102  baseAttributes.add(keyword);
103  break;
104  case 25:
105  commentTxt = "fake phone number from";
106  baseAttr = new BlackboardAttribute(
107  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, "Fake Call Log Whatever", "555-555-5555");
108  baseAttributes.add(baseAttr);
109  break;
110  default:
111  commentTxt = "DEPENDENT ON ARTIFACT TYPE";
112  break;
113  }
114  artifactBase.addAttributes(baseAttributes);
115  BlackboardArtifact artifact = file.newArtifact(artifactType.getTypeID());
116  Collection<BlackboardAttribute> attributes = new ArrayList<>();
117  BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, "ArtifactsAndTxt");
118 
119  BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, commentTxt);
120  BlackboardAttribute att3 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, "");
121  attributes.add(att);
122  attributes.add(att2);
123  attributes.add(att3);
124  attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, artifactBase.getArtifactID()));
125  artifact.addAttributes(attributes);
126  } catch (TskCoreException ex) {
127  logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
128  return ProcessResult.ERROR;
129  } catch (Blackboard.BlackboardException ex) {
130  Exceptions.printStackTrace(ex);
131  }
132  return ProcessResult.OK;
133  }
134 
135 }

Copyright © 2012-2016 Basis Technology. Generated on: Tue Feb 20 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.