Autopsy  4.10.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule Class Reference

Inherits org.sleuthkit.autopsy.ingest.FileIngestModule.

Public Member Functions

ProcessResult process (AbstractFile abstractFile)
void shutDown ()
void startUp (IngestJobContext context) throws IngestModuleException

Private Member Functions

BlackboardArtifact addEmailArtifact (EmailMessage email, AbstractFile abstractFile)
Set< String > findEmailAddresess (String input)
List< AbstractFile > handleAttachments (List< EmailMessage.Attachment > attachments, AbstractFile abstractFile, BlackboardArtifact messageArtifact)
void processEmails (List< EmailMessage > emails, AbstractFile abstractFile)
ProcessResult processMBox (AbstractFile abstractFile)
ProcessResult processPst (AbstractFile abstractFile)
ProcessResult processVcard (AbstractFile abstractFile)

Private Attributes

Blackboard blackboard
IngestJobContext context
Case currentCase
FileManager fileManager
final IngestServices services = IngestServices.getInstance()

Static Private Attributes

static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName())

Detailed Description

File-level ingest module that detects MBOX, PST, and vCard files based on signature. Understands Thunderbird folder layout to provide additional structure and metadata.

Definition at line 66 of file

Member Function Documentation

BlackboardArtifact org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.addEmailArtifact ( EmailMessage  email,
AbstractFile  abstractFile 
Set<String> org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.findEmailAddresess ( String  input)

Finds and returns a set of unique email addresses found in the input string

input- input string, like the To/CC line from an email header
Set<String>: set of email addresses found in the input string

Definition at line 478 of file

Referenced by org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.addEmailArtifact().

List<AbstractFile> org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.handleAttachments ( List< EmailMessage.Attachment >  attachments,
AbstractFile  abstractFile,
BlackboardArtifact  messageArtifact 

Add the given attachments as derived files and reschedule them for ingest.

List of attachments

Definition at line 442 of file


Referenced by org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.processEmails().

ProcessResult org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.process ( AbstractFile  file)
void org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.processEmails ( List< EmailMessage >  emails,
AbstractFile  abstractFile 
ProcessResult org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.processMBox ( AbstractFile  abstractFile)
ProcessResult org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.processPst ( AbstractFile  abstractFile)
ProcessResult org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.processVcard ( AbstractFile  abstractFile)
void org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.shutDown ( )

Invoked by Autopsy when an ingest job is completed (either because the data has been analyzed or because the job was canceled - check IngestJobContext.fileIngestIsCancelled()), before the ingest module instance is discarded. The module should respond by doing things like releasing private resources, submitting final results, and posting a final ingest message.

Implements org.sleuthkit.autopsy.ingest.FileIngestModule.

Definition at line 654 of file

void org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.startUp ( IngestJobContext  context) throws IngestModuleException

Invoked by Autopsy to allow an ingest module instance to set up any internal data structures and acquire any private resources it will need during an ingest job. If the module depends on loading any resources, it should do so in this method so that it can throw an exception in the case of an error and alert the user. Exceptions that are thrown from process() and shutDown() are logged, but do not stop processing of the data source.

contextProvides data and services specific to the ingest job and the ingest pipeline of which the module is a part.

Implements org.sleuthkit.autopsy.ingest.IngestModule.

Definition at line 83 of file

References org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.context, org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(),, and org.sleuthkit.autopsy.casemodule.Case.getServices().

Member Data Documentation

Blackboard org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.blackboard

Definition at line 71 of file

IngestJobContext org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.context
Case org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.currentCase

Definition at line 73 of file

FileManager org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.fileManager

Definition at line 69 of file

final Logger org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName())

Definition at line 67 of file

final IngestServices = IngestServices.getInstance()

Definition at line 68 of file

The documentation for this class was generated from the following file:

Copyright © 2012-2018 Basis Technology. Generated on: Fri Mar 22 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.