Autopsy
4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.ingest.DataSourceIngestModule.
Public Member Functions | |
ProcessResult | process (Content dataSource, DataSourceIngestModuleProgress progressBar) |
void | startUp (IngestJobContext context) throws IngestModuleException |
Private Member Functions | |
String | generateFile (String fileName, byte[] fileContents) throws IOException |
List< String > | generateSimulatedDerivedFiles () throws IOException |
List< String > | generateSimulatedReports () throws IOException |
void | generateSimulatedResults (String resultsFilePath) throws ParserConfigurationException, IOException, TransformerConfigurationException, TransformerException |
void | generateSimulatedResultsFile (List< String > derivedFilePaths, List< String > reportPaths, String resultsFilePath) throws ParserConfigurationException, TransformerConfigurationException, TransformerException |
Private Attributes | |
IngestJobContext | context |
String | derivedFileInCaseDatabase |
final String | fileInCaseDatabase = "/WINDOWS/system32/ntmsapi.dll" |
String | outputDirPath |
Static Private Attributes | |
static final String | moduleName = SampleExecutableIngestModuleFactory.getModuleName() |
static final IngestModuleReferenceCounter | refCounter = new IngestModuleReferenceCounter() |
Sample data source ingest module that doesn't do much. Demonstrates use of utility classes: ExecUtils and the org.sleuthkit.autopsy.externalresults package.
Definition at line 73 of file SampleExecutableDataSourceIngestModule.java.
|
private |
|
private |
Definition at line 158 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateFile(), and org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId().
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults().
|
private |
Definition at line 171 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateFile(), and org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId().
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults().
|
private |
Definition at line 152 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedDerivedFiles(), org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedReports(), and org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResultsFile().
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.process().
|
private |
Definition at line 194 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ARTIFACT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ARTIFACTS_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ATTRIBUTE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.DERIVED_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.DERIVED_FILES_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.LOCAL_PATH_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.PARENT_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORT_NAME_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.REPORTS_LIST_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.ROOT_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.SOURCE_FILE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.SOURCE_MODULE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeNames.TYPE_ATTR, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.TagNames.VALUE_ELEM, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_DATETIME, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_DOUBLE, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_INT32, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_INT64, and org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.AttributeValues.VALUE_TYPE_TEXT.
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults().
ProcessResult org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.process | ( | Content | dataSource, |
DataSourceIngestModuleProgress | progressBar | ||
) |
Processes a data source. Called once between calls to startUp() and shutDown().
dataSource | The data source to process. |
progressBar | A progress bar to be used to report progress. |
Implements org.sleuthkit.autopsy.ingest.DataSourceIngestModule.
Definition at line 96 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.ingest.IngestMessage.createErrorMessage(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.coreutils.ExecUtil.execute(), org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.generateSimulatedResults(), org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter.get(), org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.getErrorInfo(), org.sleuthkit.autopsy.ingest.IngestServices.getInstance(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.ingest.IngestServices.getLogger(), org.sleuthkit.autopsy.externalresults.ExternalResultsImporter.importResults(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, org.sleuthkit.autopsy.externalresults.ExternalResultsXMLParser.parse(), org.sleuthkit.autopsy.ingest.IngestServices.postMessage(), org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.progress(), and org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.switchToDeterminate().
void org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.startUp | ( | IngestJobContext | context | ) | throws IngestModuleException |
Invoked by Autopsy to allow an ingest module instance to set up any internal data structures and acquire any private resources it will need during an ingest job. If the module depends on loading any resources, it should do so in this method so that it can throw an exception in the case of an error and alert the user. Exceptions that are thrown from process() and shutDown() are logged, but do not stop processing of the data source.
context | Provides data and services specific to the ingest job and the ingest pipeline of which the module is a part. |
Implements org.sleuthkit.autopsy.ingest.IngestModule.
Definition at line 83 of file SampleExecutableDataSourceIngestModule.java.
References org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.context, org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getModuleDirectory(), org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter.incrementAndGet(), and org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.moduleName.
|
private |
Definition at line 78 of file SampleExecutableDataSourceIngestModule.java.
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.startUp().
|
private |
Definition at line 80 of file SampleExecutableDataSourceIngestModule.java.
|
private |
Definition at line 77 of file SampleExecutableDataSourceIngestModule.java.
|
staticprivate |
Definition at line 76 of file SampleExecutableDataSourceIngestModule.java.
Referenced by org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule.startUp().
|
private |
Definition at line 79 of file SampleExecutableDataSourceIngestModule.java.
|
staticprivate |
Definition at line 75 of file SampleExecutableDataSourceIngestModule.java.
Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.