Autopsy  4.8.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
RAImageIngestModule.java
Go to the documentation of this file.
1  /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2018 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.io.FileNotFoundException;
27 import java.util.ArrayList;
28 import java.util.List;
29 import java.util.logging.Level;
30 import org.openide.util.NbBundle;
31 import org.sleuthkit.autopsy.casemodule.Case;
32 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
33 import org.sleuthkit.autopsy.coreutils.Logger;
34 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
35 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
36 import org.sleuthkit.autopsy.ingest.IngestServices;
37 import org.sleuthkit.autopsy.ingest.IngestMessage;
38 import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
39 import org.sleuthkit.datamodel.Content;
40 import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
41 import org.sleuthkit.autopsy.ingest.IngestJobContext;
42 
46 public final class RAImageIngestModule implements DataSourceIngestModule {
47 
48  private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
49  private final List<Extract> extracters = new ArrayList<>();
50  private final List<Extract> browserExtracters = new ArrayList<>();
51  private IngestServices services = IngestServices.getInstance();
52  private IngestJobContext context;
53  private StringBuilder subCompleted = new StringBuilder();
54 
55  RAImageIngestModule() {
56  }
57 
58  @Override
59  public void startUp(IngestJobContext context) throws IngestModuleException {
60  this.context = context;
61 
62  Extract iexplore;
63  try {
64  iexplore = new ExtractIE();
65  } catch (NoCurrentCaseException ex) {
66  throw new IngestModuleException(ex.getMessage(), ex);
67  }
68 
69  Extract registry = new ExtractRegistry();
70  Extract recentDocuments = new RecentDocumentsByLnk();
71  Extract chrome = new Chrome();
72  Extract firefox = new Firefox();
73  Extract SEUQA = new SearchEngineURLQueryAnalyzer();
74 
75  extracters.add(chrome);
76  extracters.add(firefox);
77  extracters.add(iexplore);
78  extracters.add(recentDocuments);
79  extracters.add(SEUQA); // this needs to run after the web browser modules
80  extracters.add(registry); // this runs last because it is slowest
81 
82  browserExtracters.add(chrome);
83  browserExtracters.add(firefox);
84  browserExtracters.add(iexplore);
85 
86  for (Extract extracter : extracters) {
87  extracter.init();
88  }
89  }
90 
91  @Override
92  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
93  services.postMessage(IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
94  NbBundle.getMessage(this.getClass(),
95  "RAImageIngestModule.process.started",
96  dataSource.getName())));
97 
98  progressBar.switchToDeterminate(extracters.size());
99 
100  ArrayList<String> errors = new ArrayList<>();
101 
102  for (int i = 0; i < extracters.size(); i++) {
103  Extract extracter = extracters.get(i);
104  if (context.dataSourceIngestIsCancelled()) {
105  logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS
106  break;
107  }
108 
109  progressBar.progress(extracter.getName(), i);
110 
111  try {
112  extracter.process(dataSource, context);
113  } catch (Exception ex) {
114  logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex); //NON-NLS
115  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed",
116  extracter.getName()));
117  errors.add(
118  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", RecentActivityExtracterModuleFactory.getModuleName()));
119  }
120  progressBar.progress(i + 1);
121  errors.addAll(extracter.getErrorMessages());
122  }
123 
124  // create the final message for inbox
125  StringBuilder errorMessage = new StringBuilder();
126  String errorMsgSubject;
127  MessageType msgLevel = MessageType.INFO;
128  if (errors.isEmpty() == false) {
129  msgLevel = MessageType.ERROR;
130  errorMessage.append(
131  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
132  for (String msg : errors) {
133  errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
134  }
135  errorMessage.append("</ul>\n"); //NON-NLS
136 
137  if (errors.size() == 1) {
138  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
139  } else {
140  errorMsgSubject = NbBundle.getMessage(this.getClass(),
141  "RAImageIngestModule.process.errMsgSub.nErrs", errors.size());
142  }
143  } else {
144  errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs"));
145  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs");
146  }
147  final IngestMessage msg = IngestMessage.createMessage(msgLevel, RecentActivityExtracterModuleFactory.getModuleName(),
148  NbBundle.getMessage(this.getClass(),
149  "RAImageIngestModule.process.ingestMsg.finished",
150  dataSource.getName(), errorMsgSubject),
151  errorMessage.toString());
152  services.postMessage(msg);
153 
154  StringBuilder historyMsg = new StringBuilder();
155  historyMsg.append(
156  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
157  for (Extract module : browserExtracters) {
158  historyMsg.append("<li>").append(module.getName()); //NON-NLS
159  historyMsg.append(": ").append((module.foundData()) ? NbBundle
160  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
161  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
162  historyMsg.append("</li>"); //NON-NLS
163  }
164  historyMsg.append("</ul>"); //NON-NLS
165  final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
166  NbBundle.getMessage(this.getClass(),
167  "RAImageIngestModule.process.ingestMsg.results",
168  dataSource.getName()),
169  historyMsg.toString());
170  services.postMessage(inboxMsg);
171 
172  if (context.dataSourceIngestIsCancelled()) {
173  return ProcessResult.OK;
174  }
175 
176  for (int i = 0; i < extracters.size(); i++) {
177  Extract extracter = extracters.get(i);
178  try {
179  extracter.complete();
180  } catch (Exception ex) {
181  logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex); //NON-NLS
182  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed",
183  extracter.getName()));
184  }
185  }
186 
187  return ProcessResult.OK;
188  }
189 
200  protected static String getRATempPath(Case a_case, String mod) {
201  String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
202  File dir = new File(tmpDir);
203  if (dir.exists() == false) {
204  dir.mkdirs();
205  }
206  return tmpDir;
207  }
208 
219  protected static String getRAOutputPath(Case a_case, String mod) {
220  String tmpDir = a_case.getModuleDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
221  File dir = new File(tmpDir);
222  if (dir.exists() == false) {
223  dir.mkdirs();
224  }
225  return tmpDir;
226  }
227 }
org.sleuthkit.autopsy.ingest.IngestMessage.createMessage
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
Definition: IngestMessage.java:183
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.process
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar)
Definition: RAImageIngestModule.java:92
org.sleuthkit.autopsy.ingest.IngestServices.postMessage
void postMessage(final IngestMessage message)
Definition: IngestServices.java:97
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition: IngestServices.java:51

Copyright © 2012-2018 Basis Technology. Generated on: Thu Oct 4 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.