Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
SampleFileIngestModule.java
Go to the documentation of this file.
1 /*
2  * Sample module in the public domain. Feel free to use this as a template
3  * for your modules.
4  *
5  * Contact: Brian Carrier [carrier <at> sleuthkit [dot] org]
6  *
7  * This is free and unencumbered software released into the public domain.
8  *
9  * Anyone is free to copy, modify, publish, use, compile, sell, or
10  * distribute this software, either in source code form or as a compiled
11  * binary, for any purpose, commercial or non-commercial, and by any
12  * means.
13  *
14  * In jurisdictions that recognize copyright laws, the author or authors
15  * of this software dedicate any and all copyright interest in the
16  * software to the public domain. We make this dedication for the benefit
17  * of the public at large and to the detriment of our heirs and
18  * successors. We intend this dedication to be an overt act of
19  * relinquishment in perpetuity of all present and future rights to this
20  * software under copyright law.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
25  * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
26  * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
27  * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
28  * OTHER DEALINGS IN THE SOFTWARE.
29  */
30 package org.sleuthkit.autopsy.examples;
31 
32 import java.util.HashMap;
33 import java.util.logging.Level;
43 import org.sleuthkit.datamodel.AbstractFile;
44 import org.sleuthkit.datamodel.BlackboardArtifact;
45 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
46 import org.sleuthkit.datamodel.BlackboardAttribute;
47 import org.sleuthkit.datamodel.TskCoreException;
48 import org.sleuthkit.datamodel.SleuthkitCase;
49 import org.sleuthkit.datamodel.TskData;
50 
56 class SampleFileIngestModule implements FileIngestModule {
57 
58  private static final HashMap<Long, Long> artifactCountsForIngestJobs = new HashMap<>();
59  private static BlackboardAttribute.ATTRIBUTE_TYPE attrType = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COUNT;
60  private final boolean skipKnownFiles;
61  private IngestJobContext context = null;
62  private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
63 
64  SampleFileIngestModule(SampleModuleIngestJobSettings settings) {
65  this.skipKnownFiles = settings.skipKnownFiles();
66  }
67 
68  @Override
69  public void startUp(IngestJobContext context) throws IngestModuleException {
70  this.context = context;
71  refCounter.incrementAndGet(context.getJobId());
72  }
73 
74  @Override
75  public IngestModule.ProcessResult process(AbstractFile file) {
76 
77  // Skip anything other than actual file system files.
78  if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)
79  || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)
80  || (file.isFile() == false)) {
81  return IngestModule.ProcessResult.OK;
82  }
83 
84  // Skip NSRL / known files.
85  if (skipKnownFiles && file.getKnown() == TskData.FileKnown.KNOWN) {
86  return IngestModule.ProcessResult.OK;
87  }
88 
89  // Do a nonsensical calculation of the number of 0x00 bytes
90  // in the first 1024-bytes of the file. This is for demo
91  // purposes only.
92  try {
93  byte buffer[] = new byte[1024];
94  int len = file.read(buffer, 0, 1024);
95  int count = 0;
96  for (int i = 0; i < len; i++) {
97  if (buffer[i] == 0x00) {
98  count++;
99  }
100  }
101 
102  // Make an attribute using the ID for the attribute attrType that
103  // was previously created.
104  BlackboardAttribute attr = new BlackboardAttribute(attrType, SampleIngestModuleFactory.getModuleName(), count);
105 
106  // Add the to the general info artifact for the file. In a
107  // real module, you would likely have more complex data types
108  // and be making more specific artifacts.
109  BlackboardArtifact art = file.getGenInfoArtifact();
110  art.addAttribute(attr);
111 
112  // This method is thread-safe with per ingest job reference counted
113  // management of shared data.
114  addToBlackboardPostCount(context.getJobId(), 1L);
115 
116  // Fire an event to notify any listeners for blackboard postings.
117  ModuleDataEvent event = new ModuleDataEvent(SampleIngestModuleFactory.getModuleName(), ARTIFACT_TYPE.TSK_GEN_INFO);
118  IngestServices.getInstance().fireModuleDataEvent(event);
119 
120  return IngestModule.ProcessResult.OK;
121 
122  } catch (TskCoreException ex) {
123  IngestServices ingestServices = IngestServices.getInstance();
124  Logger logger = ingestServices.getLogger(SampleIngestModuleFactory.getModuleName());
125  logger.log(Level.SEVERE, "Error processing file (id = " + file.getId() + ")", ex);
126  return IngestModule.ProcessResult.ERROR;
127  }
128  }
129 
130  @Override
131  public void shutDown() {
132  // This method is thread-safe with per ingest job reference counted
133  // management of shared data.
134  reportBlackboardPostCount(context.getJobId());
135  }
136 
137  synchronized static void addToBlackboardPostCount(long ingestJobId, long countToAdd) {
138  Long fileCount = artifactCountsForIngestJobs.get(ingestJobId);
139 
140  // Ensures that this job has an entry
141  if (fileCount == null) {
142  fileCount = 0L;
143  artifactCountsForIngestJobs.put(ingestJobId, fileCount);
144  }
145 
146  fileCount += countToAdd;
147  artifactCountsForIngestJobs.put(ingestJobId, fileCount);
148  }
149 
150  synchronized static void reportBlackboardPostCount(long ingestJobId) {
151  Long refCount = refCounter.decrementAndGet(ingestJobId);
152  if (refCount == 0) {
153  Long filesCount = artifactCountsForIngestJobs.remove(ingestJobId);
154  String msgText = String.format("Posted %d times to the blackboard", filesCount);
155  IngestMessage message = IngestMessage.createMessage(
156  IngestMessage.MessageType.INFO,
157  SampleIngestModuleFactory.getModuleName(),
158  msgText);
159  IngestServices.getInstance().postMessage(message);
160  }
161  }
162 }

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.