Autopsy  4.13.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CaseUcoFormatExporter.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2018-2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.report.modules.caseuco;
20 
21 import com.fasterxml.jackson.core.JsonEncoding;
22 import com.fasterxml.jackson.core.JsonFactory;
23 import com.fasterxml.jackson.core.JsonGenerator;
24 import com.fasterxml.jackson.core.util.DefaultIndenter;
25 import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
26 import com.google.common.collect.Lists;
27 import java.io.File;
28 import java.io.IOException;
29 import java.nio.file.Files;
30 import java.nio.file.Path;
31 import java.nio.file.Paths;
32 import java.sql.ResultSet;
33 import java.sql.SQLException;
34 import java.util.List;
35 import java.util.SimpleTimeZone;
36 import java.util.TimeZone;
37 import java.util.logging.Level;
38 import org.apache.commons.io.FileUtils;
39 import org.openide.util.NbBundle;
40 import org.sleuthkit.autopsy.casemodule.Case;
41 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
42 import org.sleuthkit.autopsy.casemodule.services.TagsManager;
43 import org.sleuthkit.autopsy.coreutils.Logger;
44 import org.sleuthkit.autopsy.datamodel.ContentUtils;
45 import org.sleuthkit.autopsy.ingest.IngestManager;
46 import org.sleuthkit.autopsy.report.ReportProgressPanel;
47 import org.sleuthkit.datamodel.AbstractFile;
48 import org.sleuthkit.datamodel.BlackboardArtifact;
49 import org.sleuthkit.datamodel.BlackboardArtifactTag;
50 import org.sleuthkit.datamodel.BlackboardAttribute;
51 import org.sleuthkit.datamodel.Content;
52 import org.sleuthkit.datamodel.ContentTag;
53 import org.sleuthkit.datamodel.DataSource;
54 import org.sleuthkit.datamodel.SleuthkitCase;
55 import org.sleuthkit.datamodel.TskCoreException;
56 import org.sleuthkit.datamodel.TskData;
57 import org.sleuthkit.datamodel.TagName;
58 
62 public final class CaseUcoFormatExporter {
63 
64  private static final Logger logger = Logger.getLogger(CaseUcoFormatExporter.class.getName());
65 
66  private static final BlackboardAttribute.Type SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME);
67  private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT;
68  private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT;
69  private static final String TEMP_DIR_NAME = "case_uco_tmp";
70 
71  private CaseUcoFormatExporter() {
72  }
73 
81  @NbBundle.Messages({
82  "ReportCaseUco.unableToCreateDirectories=Unable to create directory for CASE-UCO report",
83  "ReportCaseUco.initializing=Creating directories...",
84  "ReportCaseUco.querying=Querying files...",
85  "ReportCaseUco.ingestWarning=Warning, this report will be created before ingest services completed",
86  "ReportCaseUco.datasourceMsg=Generating CASE-UCO Report for %s",
87  "ReportCaseUco.srcModuleName.text=CASE-UCO Report",
88  "ReportCaseUco.databaseError=Failed to get list of files from case database",
89  "ReportCaseUco.jsonError=Failed to create JSON output for the CASE-UCO report",
90  "ReportCaseUco.resultSetError=Unable to read result set",
91  "ReportCaseUco.noOpenCase=No current case open"
92  })
93  @SuppressWarnings("deprecation")
94  public static void generateReport(String reportOutputPath, ReportProgressPanel progressPanel) {
95 
96  // Start the progress bar and setup the report
97  progressPanel.setIndeterminate(false);
98  progressPanel.start();
99  progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing());
100 
101  // Create the JSON generator
102  JsonFactory jsonGeneratorFactory = new JsonFactory();
103  java.io.File reportFile = Paths.get(reportOutputPath).toFile();
104  try {
105  Files.createDirectories(Paths.get(reportFile.getParent()));
106  } catch (IOException ex) {
107  logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS
108  progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, Bundle.ReportCaseUco_unableToCreateDirectories());
109  return;
110  }
111 
112  // Check if ingest has finished
113  if (IngestManager.getInstance().isIngestRunning()) {
114  progressPanel.updateStatusLabel(Bundle.ReportCaseUco_ingestWarning());
115  }
116 
117  JsonGenerator jsonGenerator = null;
118  SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
119  try {
120  jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
121  // instert \n after each field for more readable formatting
122  jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n")));
123 
124  SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
125 
126  progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
127 
128  // create the required CASE-UCO entries at the beginning of the output file
129  initializeJsonOutputFile(jsonGenerator);
130 
131  // create CASE-UCO entry for the Autopsy case
132  String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
133 
134  // loop over all data sources in the case
135  for (DataSource ds : skCase.getDataSources()) {
136  progressPanel.updateStatusLabel(String.format(
137  Bundle.ReportCaseUco_datasourceMsg(), ds.getName()));
138 
139  // create CASE-UCO data source entry
140  long selectedDataSourceId = ds.getId();
141  String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator);
142 
143  // Run getAllFilesQuery to get all files, exclude directories
144  final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
145  + "data_source_obj_id = " + Long.toString(selectedDataSourceId)
146  + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
147  + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
148  + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS
149 
150  try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) {
151  ResultSet resultSet = queryResult.getResultSet();
152 
153  // Loop files and write info to CASE-UCO report
154  while (resultSet.next()) {
155 
156  if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) {
157  break;
158  }
159 
160  Long objectId = resultSet.getLong(1);
161  String fileName = resultSet.getString(2);
162  long size = resultSet.getLong("size");
163  String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone);
164  String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone);
165  String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone);
166  String md5Hash = resultSet.getString("md5");
167  String parent_path = resultSet.getString("parent_path");
168  String mime_type = resultSet.getString("mime_type");
169  String extension = resultSet.getString("extension");
170 
171  saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
172  }
173  }
174  }
175 
176  // create the required CASE-UCO entries at the end of the output file
177  finilizeJsonOutputFile(jsonGenerator);
178 
179  Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), "");
180 
181  progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE);
182  } catch (TskCoreException ex) {
183  logger.log(Level.SEVERE, Bundle.ReportCaseUco_databaseError(), ex); //NON-NLS
184  progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, Bundle.ReportCaseUco_databaseError());
185  } catch (IOException ex) {
186  logger.log(Level.SEVERE, Bundle.ReportCaseUco_jsonError(), ex); //NON-NLS
187  progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, Bundle.ReportCaseUco_jsonError());
188  } catch (SQLException ex) {
189  logger.log(Level.WARNING, Bundle.ReportCaseUco_resultSetError(), ex); //NON-NLS
190  progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, Bundle.ReportCaseUco_resultSetError());
191  } catch (NoCurrentCaseException ex) {
192  logger.log(Level.SEVERE, Bundle.ReportCaseUco_noOpenCase(), ex); //NON-NLS
193  progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, Bundle.ReportCaseUco_noOpenCase());
194  } finally {
195  if (jsonGenerator != null) {
196  try {
197  jsonGenerator.close();
198  } catch (IOException ex) {
199  logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
200  }
201  }
202  }
203  }
204 
219  @NbBundle.Messages({
220  "CaseUcoFormatExporter.startMsg=Generating CASE-UCO Report",
221  "CaseUcoFormatExporter.finishMsg=Finished generating CASE-UCO Report"
222  })
223  public static void export(List<TagName> tagTypes, List<String> interestingItemSets,
224  File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException,
225  NoCurrentCaseException, TskCoreException {
226 
227  progressPanel.updateStatusLabel(Bundle.CaseUcoFormatExporter_startMsg());
228  //Acquire references for file discovery
229  Case currentCase = Case.getCurrentCaseThrows();
230  String caseTempDirectory = currentCase.getTempDirectory();
231  SleuthkitCase skCase = currentCase.getSleuthkitCase();
232  TagsManager tagsManager = currentCase.getServices().getTagsManager();
233 
234  //Create temp directory to filter out duplicate files.
235  Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME);
236  FileUtils.deleteDirectory(tmpDir.toFile());
237  Files.createDirectory(tmpDir);
238 
239  //Create our report file
240  Path reportFile = Paths.get(caseReportFolder.toString(),
241  CaseUcoReport.getReportFileName());
242 
243  //Timezone for formatting file creation, modification, and accessed times
244  SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
245 
246  try (JsonGenerator jsonGenerator = createJsonGenerator(reportFile.toFile())) {
247  initializeJsonOutputFile(jsonGenerator);
248  //Make the case the first entity in the report file.
249  String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
250 
251  for (DataSource ds : skCase.getDataSources()) {
252  progressPanel.updateStatusLabel(String.format(
253  Bundle.ReportCaseUco_datasourceMsg(), ds.getName()));
254  String dataSourceTraceId = saveDataSourceInfo(ds.getId(),
255  caseTraceId, skCase, jsonGenerator);
256  for (TagName tn : tagTypes) {
257  for (ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) {
258  saveUniqueFilesToCaseUcoFormat(ct.getContent(), tmpDir,
259  jsonGenerator, timeZone, dataSourceTraceId);
260  }
261  for (BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) {
262  saveUniqueFilesToCaseUcoFormat(bat.getContent(), tmpDir,
263  jsonGenerator, timeZone, dataSourceTraceId);
264  }
265  }
266  if (!interestingItemSets.isEmpty()) {
267  List<BlackboardArtifact.ARTIFACT_TYPE> typesToQuery = Lists.newArrayList(
268  INTERESTING_FILE_HIT, INTERESTING_ARTIFACT_HIT);
269  for (BlackboardArtifact.ARTIFACT_TYPE artType : typesToQuery) {
270  for (BlackboardArtifact bArt : skCase.getBlackboardArtifacts(artType)) {
271  if (bArt.getDataSource().getId() != ds.getId()) {
272  continue;
273  }
274  BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME);
275  if (interestingItemSets.contains(setAttr.getValueString())) {
276  Content content = skCase.getContentById(bArt.getObjectID());
277  saveUniqueFilesToCaseUcoFormat(content, tmpDir,
278  jsonGenerator, timeZone, dataSourceTraceId);
279  }
280  }
281  }
282  }
283  }
284  finilizeJsonOutputFile(jsonGenerator);
285  progressPanel.updateStatusLabel(Bundle.CaseUcoFormatExporter_finishMsg());
286  }
287  }
288 
301  private static void saveUniqueFilesToCaseUcoFormat(Content content, Path tmpDir, JsonGenerator jsonGenerator,
302  TimeZone timeZone, String dataSourceTraceId) throws IOException {
303  if (content instanceof AbstractFile && !(content instanceof DataSource)) {
304  AbstractFile absFile = (AbstractFile) content;
305  Path filePath = tmpDir.resolve(Long.toString(absFile.getId()));
306  if (!Files.exists(filePath) && !absFile.isDir()) {
307  saveFileInCaseUcoFormat(
308  absFile.getId(),
309  absFile.getName(),
310  absFile.getParentPath(),
311  absFile.getMd5Hash(),
312  absFile.getMIMEType(),
313  absFile.getSize(),
314  ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone),
315  ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone),
316  ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone),
317  absFile.getNameExtension(),
318  jsonGenerator,
319  dataSourceTraceId
320  );
321  filePath.toFile().createNewFile();
322  }
323  }
324  }
325 
326  private static JsonGenerator createJsonGenerator(File reportFile) throws IOException {
327  JsonFactory jsonGeneratorFactory = new JsonFactory();
328  JsonGenerator jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
329  // instert \n after each field for more readable formatting
330  jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n")));
331  return jsonGenerator;
332  }
333 
334  private static void initializeJsonOutputFile(JsonGenerator catalog) throws IOException {
335  catalog.writeStartObject();
336  catalog.writeFieldName("@graph");
337  catalog.writeStartArray();
338  }
339 
340  private static void finilizeJsonOutputFile(JsonGenerator catalog) throws IOException {
341  catalog.writeEndArray();
342  catalog.writeEndObject();
343  }
344 
356  private static String saveCaseInfo(SleuthkitCase skCase, JsonGenerator catalog) throws TskCoreException, SQLException, IOException, NoCurrentCaseException {
357 
358  // create a "trace" entry for the Autopsy case iteself
359  String uniqueCaseName;
360  String dbFileName;
361  TskData.DbType dbType = skCase.getDatabaseType();
362  if (dbType == TskData.DbType.SQLITE) {
363  uniqueCaseName = Case.getCurrentCaseThrows().getName();
364  dbFileName = skCase.getDatabaseName();
365  } else {
366  uniqueCaseName = skCase.getDatabaseName();
367  dbFileName = "";
368  }
369 
370  String caseDirPath = skCase.getDbDirPath();
371  String caseTraceId = "case-" + uniqueCaseName;
372  catalog.writeStartObject();
373  catalog.writeStringField("@id", caseTraceId);
374  catalog.writeStringField("@type", "Trace");
375 
376  catalog.writeFieldName("propertyBundle");
377  catalog.writeStartArray();
378  catalog.writeStartObject();
379 
380  // replace double slashes with single ones
381  caseDirPath = caseDirPath.replaceAll("\\\\", "/");
382 
383  catalog.writeStringField("@type", "File");
384  if (dbType == TskData.DbType.SQLITE) {
385  catalog.writeStringField("filePath", caseDirPath + "/" + dbFileName);
386  catalog.writeBooleanField("isDirectory", false);
387  } else {
388  catalog.writeStringField("filePath", caseDirPath);
389  catalog.writeBooleanField("isDirectory", true);
390  }
391  catalog.writeEndObject();
392 
393  catalog.writeEndArray();
394  catalog.writeEndObject();
395 
396  return caseTraceId;
397  }
398 
411  private static String saveDataSourceInfo(Long selectedDataSourceId, String caseTraceId, SleuthkitCase skCase, JsonGenerator jsonGenerator) throws TskCoreException, SQLException, IOException {
412 
413  Long imageSize = (long) 0;
414  String imageName = "";
415  boolean isImageDataSource = false;
416  String getImageDataSourceQuery = "select size from tsk_image_info where obj_id = " + selectedDataSourceId;
417  try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getImageDataSourceQuery)) {
418  ResultSet resultSet = queryResult.getResultSet();
419  // check if we got a result
420  while (resultSet.next()) {
421  // we got a result so the data source was an image data source
422  imageSize = resultSet.getLong(1);
423  isImageDataSource = true;
424  break;
425  }
426  }
427 
428  if (isImageDataSource) {
429  // get caseDirPath to image file
430  String getPathToDataSourceQuery = "select name from tsk_image_names where obj_id = " + selectedDataSourceId;
431  try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getPathToDataSourceQuery)) {
432  ResultSet resultSet = queryResult.getResultSet();
433  while (resultSet.next()) {
434  imageName = resultSet.getString(1);
435  break;
436  }
437  }
438  } else {
439  // logical file data source
440  String getLogicalDataSourceQuery = "select name from tsk_files where obj_id = " + selectedDataSourceId;
441  try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getLogicalDataSourceQuery)) {
442  ResultSet resultSet = queryResult.getResultSet();
443  while (resultSet.next()) {
444  imageName = resultSet.getString(1);
445  break;
446  }
447  }
448  }
449 
450  return saveDataSourceInCaseUcoFormat(jsonGenerator, imageName, imageSize, selectedDataSourceId, caseTraceId);
451  }
452 
453  private static String saveDataSourceInCaseUcoFormat(JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId, String caseTraceId) throws IOException {
454 
455  // create a "trace" entry for the data source
456  String dataSourceTraceId = "data-source-" + selectedDataSourceId;
457  catalog.writeStartObject();
458  catalog.writeStringField("@id", dataSourceTraceId);
459  catalog.writeStringField("@type", "Trace");
460 
461  catalog.writeFieldName("propertyBundle");
462  catalog.writeStartArray();
463 
464  catalog.writeStartObject();
465  catalog.writeStringField("@type", "File");
466 
467  // replace double back slashes with single ones
468  imageName = imageName.replaceAll("\\\\", "/");
469 
470  catalog.writeStringField("filePath", imageName);
471  catalog.writeEndObject();
472 
473  if (imageSize > 0) {
474  catalog.writeStartObject();
475  catalog.writeStringField("@type", "ContentData");
476  catalog.writeStringField("sizeInBytes", Long.toString(imageSize));
477  catalog.writeEndObject();
478  }
479 
480  catalog.writeEndArray();
481  catalog.writeEndObject();
482 
483  // create a "relationship" entry between the case and the data source
484  catalog.writeStartObject();
485  catalog.writeStringField("@id", "relationship-" + caseTraceId);
486  catalog.writeStringField("@type", "Relationship");
487  catalog.writeStringField("source", dataSourceTraceId);
488  catalog.writeStringField("target", caseTraceId);
489  catalog.writeStringField("kindOfRelationship", "contained-within");
490  catalog.writeBooleanField("isDirectional", true);
491 
492  catalog.writeFieldName("propertyBundle");
493  catalog.writeStartArray();
494  catalog.writeStartObject();
495  catalog.writeStringField("@type", "PathRelation");
496  catalog.writeStringField("path", imageName);
497  catalog.writeEndObject();
498  catalog.writeEndArray();
499 
500  catalog.writeEndObject();
501 
502  return dataSourceTraceId;
503  }
504 
505  private static void saveFileInCaseUcoFormat(Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime,
506  String atime, String mtime, String extension, JsonGenerator catalog, String dataSourceTraceId) throws IOException {
507 
508  String fileTraceId = "file-" + objectId;
509 
510  // create a "trace" entry for the file
511  catalog.writeStartObject();
512  catalog.writeStringField("@id", fileTraceId);
513  catalog.writeStringField("@type", "Trace");
514 
515  catalog.writeFieldName("propertyBundle");
516  catalog.writeStartArray();
517 
518  catalog.writeStartObject();
519  catalog.writeStringField("@type", "File");
520  catalog.writeStringField("createdTime", ctime);
521  catalog.writeStringField("accessedTime", atime);
522  catalog.writeStringField("modifiedTime", mtime);
523  if (extension != null) {
524  catalog.writeStringField("extension", extension);
525  }
526  catalog.writeStringField("fileName", fileName);
527  if (parent_path != null) {
528  catalog.writeStringField("filePath", parent_path + fileName);
529  }
530  catalog.writeBooleanField("isDirectory", false);
531  catalog.writeStringField("sizeInBytes", Long.toString(size));
532  catalog.writeEndObject();
533 
534  catalog.writeStartObject();
535  catalog.writeStringField("@type", "ContentData");
536  if (mime_type != null) {
537  catalog.writeStringField("mimeType", mime_type);
538  }
539  if (md5Hash != null) {
540  catalog.writeFieldName("hash");
541  catalog.writeStartArray();
542  catalog.writeStartObject();
543  catalog.writeStringField("@type", "Hash");
544  catalog.writeStringField("hashMethod", "MD5");
545  catalog.writeStringField("hashValue", md5Hash);
546  catalog.writeEndObject();
547  catalog.writeEndArray();
548  }
549  catalog.writeStringField("sizeInBytes", Long.toString(size));
550 
551  catalog.writeEndObject();
552 
553  catalog.writeEndArray();
554  catalog.writeEndObject();
555 
556  // create a "relationship" entry between the file and the data source
557  catalog.writeStartObject();
558  catalog.writeStringField("@id", "relationship-" + objectId);
559  catalog.writeStringField("@type", "Relationship");
560  catalog.writeStringField("source", fileTraceId);
561  catalog.writeStringField("target", dataSourceTraceId);
562  catalog.writeStringField("kindOfRelationship", "contained-within");
563  catalog.writeBooleanField("isDirectional", true);
564 
565  catalog.writeFieldName("propertyBundle");
566  catalog.writeStartArray();
567  catalog.writeStartObject();
568  catalog.writeStringField("@type", "PathRelation");
569  if (parent_path != null) {
570  catalog.writeStringField("path", parent_path + fileName);
571  } else {
572  catalog.writeStringField("path", fileName);
573  }
574  catalog.writeEndObject();
575  catalog.writeEndArray();
576 
577  catalog.writeEndObject();
578  }
579 }
org.sleuthkit.autopsy.ingest.IngestManager.getInstance
static synchronized IngestManager getInstance()
Definition: IngestManager.java:146
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.INTERESTING_ARTIFACT_HIT
static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_ARTIFACT_HIT
Definition: CaseUcoFormatExporter.java:68
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:55
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.generateReport
static void generateReport(String reportOutputPath, ReportProgressPanel progressPanel)
Definition: CaseUcoFormatExporter.java:94
org.sleuthkit.autopsy.casemodule.Case.addReport
void addReport(String localPath, String srcModuleName, String reportName)
Definition: Case.java:1630
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveDataSourceInfo
static String saveDataSourceInfo(Long selectedDataSourceId, String caseTraceId, SleuthkitCase skCase, JsonGenerator jsonGenerator)
Definition: CaseUcoFormatExporter.java:411
org.sleuthkit.autopsy.datamodel.ContentUtils.getStringTimeISO8601
static String getStringTimeISO8601(long epochSeconds, TimeZone tzone)
Definition: ContentUtils.java:107
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveUniqueFilesToCaseUcoFormat
static void saveUniqueFilesToCaseUcoFormat(Content content, Path tmpDir, JsonGenerator jsonGenerator, TimeZone timeZone, String dataSourceTraceId)
Definition: CaseUcoFormatExporter.java:301
org.sleuthkit.autopsy.casemodule.services.TagsManager.getBlackboardArtifactTagsByTagName
List< BlackboardArtifactTag > getBlackboardArtifactTagsByTagName(TagName tagName)
Definition: TagsManager.java:822
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveCaseInfo
static String saveCaseInfo(SleuthkitCase skCase, JsonGenerator catalog)
Definition: CaseUcoFormatExporter.java:356
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export
static void export(List< TagName > tagTypes, List< String > interestingItemSets, File caseReportFolder, ReportProgressPanel progressPanel)
Definition: CaseUcoFormatExporter.java:223
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveFileInCaseUcoFormat
static void saveFileInCaseUcoFormat(Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime, String atime, String mtime, String extension, JsonGenerator catalog, String dataSourceTraceId)
Definition: CaseUcoFormatExporter.java:505
org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByTagName
List< ContentTag > getContentTagsByTagName(TagName tagName)
Definition: TagsManager.java:603
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveDataSourceInCaseUcoFormat
static String saveDataSourceInCaseUcoFormat(JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId, String caseTraceId)
Definition: CaseUcoFormatExporter.java:453
org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.INTERESTING_FILE_HIT
static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_FILE_HIT
Definition: CaseUcoFormatExporter.java:67

Copyright © 2012-2019 Basis Technology. Generated on: Tue Jan 7 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.