Autopsy  4.10.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Extract.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2019 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.io.IOException;
27 import java.nio.file.Path;
28 import java.nio.file.Paths;
29 import java.sql.ResultSet;
30 import java.sql.ResultSetMetaData;
31 import java.sql.SQLException;
32 import java.util.ArrayList;
33 import java.util.Collection;
34 import java.util.Collections;
35 import java.util.HashMap;
36 import java.util.List;
37 import java.util.logging.Level;
38 import org.openide.util.NbBundle;
39 import org.openide.util.NbBundle.Messages;
40 import org.sleuthkit.autopsy.casemodule.Case;
41 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
42 import org.sleuthkit.autopsy.casemodule.services.Blackboard;
43 import org.sleuthkit.autopsy.coreutils.Logger;
44 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
45 import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;
46 import org.sleuthkit.autopsy.datamodel.ContentUtils;
47 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
48 import org.sleuthkit.autopsy.ingest.IngestJobContext;
49 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
50 import org.sleuthkit.datamodel.AbstractFile;
51 import org.sleuthkit.datamodel.BlackboardArtifact;
52 import org.sleuthkit.datamodel.BlackboardAttribute;
53 import org.sleuthkit.datamodel.Content;
54 import org.sleuthkit.datamodel.SleuthkitCase;
55 import org.sleuthkit.datamodel.TskCoreException;
56 import org.sleuthkit.datamodel.TskException;
57 
58 
59 abstract class Extract {
60 
61  protected Case currentCase;
62  protected SleuthkitCase tskCase;
63  private final Logger logger = Logger.getLogger(this.getClass().getName());
64  private final ArrayList<String> errorMessages = new ArrayList<>();
65  String moduleName = "";
66  boolean dataFound = false;
67 
68  Extract() {
69  }
70 
71  final void init() throws IngestModuleException {
72  try {
73  currentCase = Case.getCurrentCaseThrows();
74  tskCase = currentCase.getSleuthkitCase();
75  } catch (NoCurrentCaseException ex) {
76  throw new IngestModuleException(Bundle.Extract_indexError_message(), ex);
77  }
78  configExtractor();
79  }
80 
86  void configExtractor() throws IngestModuleException {
87  }
88 
89  abstract void process(Content dataSource, IngestJobContext context, DataSourceIngestModuleProgress progressBar);
90 
91  void complete() {
92  }
93 
99  List<String> getErrorMessages() {
100  return errorMessages;
101  }
102 
108  protected void addErrorMessage(String message) {
109  errorMessages.add(message);
110  }
111 
124  protected BlackboardArtifact addArtifact(BlackboardArtifact.ARTIFACT_TYPE type, Content content, Collection<BlackboardAttribute> bbattributes) {
125  try {
126  BlackboardArtifact bbart = content.newArtifact(type);
127  bbart.addAttributes(bbattributes);
128  // index the artifact for keyword search
129  this.indexArtifact(bbart);
130  return bbart;
131  } catch (TskException ex) {
132  logger.log(Level.SEVERE, "Error while trying to add an artifact", ex); //NON-NLS
133  }
134  return null;
135  }
136 
142  @Messages({"Extract.indexError.message=Failed to index artifact for keyword search.",
143  "Extract.noOpenCase.errMsg=No open case available."})
144  void indexArtifact(BlackboardArtifact bbart) {
145  try {
146  Blackboard blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard();
147  // index the artifact for keyword search
148  blackboard.indexArtifact(bbart);
149  } catch (Blackboard.BlackboardException ex) {
150  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getDisplayName(), ex); //NON-NLS
151  MessageNotifyUtil.Notify.error(Bundle.Extract_indexError_message(), bbart.getDisplayName());
152  } catch (NoCurrentCaseException ex) {
153  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
154  MessageNotifyUtil.Notify.error(Bundle.Extract_noOpenCase_errMsg(), bbart.getDisplayName());
155  }
156  }
157 
169  protected List<HashMap<String, Object>> dbConnect(String path, String query) {
170  ResultSet temprs;
171  List<HashMap<String, Object>> list;
172  String connectionString = "jdbc:sqlite:" + path; //NON-NLS
173  try {
174  SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
175  temprs = tempdbconnect.executeQry(query);
176  list = this.resultSetToArrayList(temprs);
177  tempdbconnect.closeConnection();
178  } catch (SQLException ex) {
179  logger.log(Level.SEVERE, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
180  errorMessages.add(NbBundle.getMessage(this.getClass(), "Extract.dbConn.errMsg.failedToQueryDb", getName()));
181  return Collections.<HashMap<String, Object>>emptyList();
182  }
183  return list;
184  }
185 
193  private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
194  ResultSetMetaData md = rs.getMetaData();
195  int columns = md.getColumnCount();
196  List<HashMap<String, Object>> list = new ArrayList<>(50);
197  while (rs.next()) {
198  HashMap<String, Object> row = new HashMap<>(columns);
199  for (int i = 1; i <= columns; ++i) {
200  if (rs.getObject(i) == null) {
201  row.put(md.getColumnName(i), "");
202  } else {
203  row.put(md.getColumnName(i), rs.getObject(i));
204  }
205  }
206  list.add(row);
207  }
208 
209  return list;
210  }
211 
217  protected String getName() {
218  return moduleName;
219  }
220 
225  public boolean foundData() {
226  return dataFound;
227  }
228 
233  protected void setFoundData(boolean foundData){
234  dataFound = foundData;
235  }
236 
241  protected Case getCurrentCase(){
242  return this.currentCase;
243  }
244 
258  protected Collection<BlackboardAttribute> createHistoryAttribute(String url, Long accessTime,
259  String referrer, String title, String programName, String domain, String user) throws TskCoreException {
260 
261  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
262  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
263  RecentActivityExtracterModuleFactory.getModuleName(),
264  (url != null) ? url : "")); //NON-NLS
265 
266  if (accessTime != null) {
267  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
268  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
269  }
270 
271  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
272  RecentActivityExtracterModuleFactory.getModuleName(),
273  (referrer != null) ? referrer : "")); //NON-NLS
274 
275  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
276  RecentActivityExtracterModuleFactory.getModuleName(),
277  (title != null) ? title : "")); //NON-NLS
278 
279  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
280  RecentActivityExtracterModuleFactory.getModuleName(),
281  (programName != null) ? programName : "")); //NON-NLS
282 
283  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
284  RecentActivityExtracterModuleFactory.getModuleName(),
285  (domain != null) ? domain : "")); //NON-NLS
286 
287  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
288  RecentActivityExtracterModuleFactory.getModuleName(),
289  (user != null) ? user : "")); //NON-NLS
290 
291  return bbattributes;
292  }
293 
305  protected Collection<BlackboardAttribute> createCookieAttributes(String url,
306  Long creationTime, String name, String value, String programName, String domain) {
307 
308  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
309  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
310  RecentActivityExtracterModuleFactory.getModuleName(),
311  (url != null) ? url : "")); //NON-NLS
312 
313  if (creationTime != null) {
314  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
315  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
316  }
317 
318  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
319  RecentActivityExtracterModuleFactory.getModuleName(),
320  (name != null) ? name : "")); //NON-NLS
321 
322  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
323  RecentActivityExtracterModuleFactory.getModuleName(),
324  (value != null) ? value : "")); //NON-NLS
325 
326  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
327  RecentActivityExtracterModuleFactory.getModuleName(),
328  (programName != null) ? programName : "")); //NON-NLS
329 
330  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
331  RecentActivityExtracterModuleFactory.getModuleName(),
332  (domain != null) ? domain : "")); //NON-NLS
333 
334  return bbattributes;
335  }
336 
347  protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
348  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
349 
350  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
351  RecentActivityExtracterModuleFactory.getModuleName(),
352  (url != null) ? url : "")); //NON-NLS
353 
354  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
355  RecentActivityExtracterModuleFactory.getModuleName(),
356  (title != null) ? title : "")); //NON-NLS
357 
358  if (creationTime != null) {
359  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
360  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
361  }
362 
363  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
364  RecentActivityExtracterModuleFactory.getModuleName(),
365  (programName != null) ? programName : "")); //NON-NLS
366 
367  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
368  RecentActivityExtracterModuleFactory.getModuleName(),
369  (domain != null) ? domain : "")); //NON-NLS
370 
371  return bbattributes;
372  }
373 
384  protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
385  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
386 
387  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
388  RecentActivityExtracterModuleFactory.getModuleName(),
389  (path != null) ? path : "")); //NON-NLS
390 
391  if (pathID != null && pathID != -1) {
392  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
393  RecentActivityExtracterModuleFactory.getModuleName(),
394  pathID));
395  }
396 
397  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
398  RecentActivityExtracterModuleFactory.getModuleName(),
399  (url != null) ? url : "")); //NON-NLS
400 
401  if (accessTime != null) {
402  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
403  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
404  }
405 
406  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
407  RecentActivityExtracterModuleFactory.getModuleName(),
408  (domain != null) ? domain : "")); //NON-NLS
409 
410  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
411  RecentActivityExtracterModuleFactory.getModuleName(),
412  (programName != null) ? programName : "")); //NON-NLS
413 
414  return bbattributes;
415  }
416 
423  protected Collection<BlackboardAttribute> createDownloadSourceAttributes(String url) {
424  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
425 
426  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
427  RecentActivityExtracterModuleFactory.getModuleName(),
428  (url != null) ? url : "")); //NON-NLS
429 
430  return bbattributes;
431  }
432 
442  protected File createTemporaryFile(IngestJobContext context, AbstractFile file) throws IOException{
443  Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(
444  getCurrentCase(), getName()), file.getName() + file.getId() + file.getNameExtension());
445  java.io.File tempFile = tempFilePath.toFile();
446 
447  try {
448  ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
449  } catch (IOException ex) {
450  throw new IOException("Error writingToFile: " + file, ex); //NON-NLS
451  }
452 
453  return tempFile;
454  }
455 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:55

Copyright © 2012-2018 Basis Technology. Generated on: Fri Mar 22 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.