Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
SampleDataSourceIngestModule.java
Go to the documentation of this file.
1 /*
2  * Sample module in the public domain. Feel free to use this as a template
3  * for your modules.
4  *
5  * Contact: Brian Carrier [carrier <at> sleuthkit [dot] org]
6  *
7  * This is free and unencumbered software released into the public domain.
8  *
9  * Anyone is free to copy, modify, publish, use, compile, sell, or
10  * distribute this software, either in source code form or as a compiled
11  * binary, for any purpose, commercial or non-commercial, and by any
12  * means.
13  *
14  * In jurisdictions that recognize copyright laws, the author or authors
15  * of this software dedicate any and all copyright interest in the
16  * software to the public domain. We make this dedication for the benefit
17  * of the public at large and to the detriment of our heirs and
18  * successors. We intend this dedication to be an overt act of
19  * relinquishment in perpetuity of all present and future rights to this
20  * software under copyright law.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
25  * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
26  * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
27  * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
28  * OTHER DEALINGS IN THE SOFTWARE.
29  */
30 package org.sleuthkit.autopsy.examples;
31 
32 import java.util.List;
33 import java.util.logging.Level;
50 
57 class SampleDataSourceIngestModule implements DataSourceIngestModule {
58 
59  private final boolean skipKnownFiles;
60  private IngestJobContext context = null;
61 
62  SampleDataSourceIngestModule(SampleModuleIngestJobSettings settings) {
63  this.skipKnownFiles = settings.skipKnownFiles();
64  }
65 
66  @Override
67  public void startUp(IngestJobContext context) throws IngestModuleException {
68  this.context = context;
69  }
70 
71  @Override
72  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
73  if (context.dataSourceIngestIsCancelled()) {
74  return IngestModule.ProcessResult.OK;
75  }
76 
77  // There are two tasks to do.
78  progressBar.switchToDeterminate(2);
79 
80  Case autopsyCase = Case.getCurrentCase();
81  SleuthkitCase sleuthkitCase = autopsyCase.getSleuthkitCase();
82  Services services = new Services(sleuthkitCase);
83  FileManager fileManager = services.getFileManager();
84  try {
85  // Get count of files with .doc extension.
86  long fileCount = 0;
87  List<AbstractFile> docFiles = fileManager.findFiles(dataSource, "%.doc");
88  for (AbstractFile docFile : docFiles) {
89  if (!skipKnownFiles || docFile.getKnown() != TskData.FileKnown.KNOWN) {
90  ++fileCount;
91  }
92  }
93  progressBar.progress(1);
94 
95  if (context.dataSourceIngestIsCancelled()) {
96  return IngestModule.ProcessResult.OK;
97  }
98 
99  // Get files by creation time.
100  long currentTime = System.currentTimeMillis() / 1000;
101  long minTime = currentTime - (14 * 24 * 60 * 60); // Go back two weeks.
102  List<AbstractFile> otherFiles = fileManager.findFiles(dataSource, "crtime > " + minTime);
103  for (AbstractFile otherFile : otherFiles) {
104  if (!skipKnownFiles || otherFile.getKnown() != TskData.FileKnown.KNOWN) {
105  ++fileCount;
106  }
107  }
108  progressBar.progress(1);
109 
110  if (context.dataSourceIngestIsCancelled()) {
111  return IngestModule.ProcessResult.OK;
112  }
113 
114  // Post a message to the ingest messages in box.
115  String msgText = String.format("Found %d files", fileCount);
116  IngestMessage message = IngestMessage.createMessage(
117  IngestMessage.MessageType.DATA,
118  SampleIngestModuleFactory.getModuleName(),
119  msgText);
120  IngestServices.getInstance().postMessage(message);
121 
122  return IngestModule.ProcessResult.OK;
123 
124  } catch (TskCoreException ex) {
125  IngestServices ingestServices = IngestServices.getInstance();
126  Logger logger = ingestServices.getLogger(SampleIngestModuleFactory.getModuleName());
127  logger.log(Level.SEVERE, "File query failed", ex);
128  return IngestModule.ProcessResult.ERROR;
129  }
130  }
131 }

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.