api-docs/4.20.0/_extract_8java_source.html

 /*

  *

  * Autopsy Forensic Browser

  *

  * Copyright 2012-2021 Basis Technology Corp.

  *

  * Copyright 2012 42six Solutions.

  * Contact: aebadirad <at> 42six <dot> com

  * Project Contact/Architect: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.recentactivity;


 import java.io.File;

 import java.io.IOException;

 import java.nio.file.Path;

 import java.nio.file.Paths;

 import java.sql.ResultSet;

 import java.sql.ResultSetMetaData;

 import java.sql.SQLException;

 import java.util.ArrayList;

 import java.util.Collection;

 import java.util.Collections;

 import java.util.HashMap;

 import java.util.List;

 import java.util.logging.Level;

 import org.apache.commons.lang.StringUtils;

 import org.sleuthkit.autopsy.casemodule.Case;

 import org.sleuthkit.autopsy.coreutils.Logger;

 import org.sleuthkit.autopsy.coreutils.NetworkUtils;

 import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;

 import org.sleuthkit.autopsy.datamodel.ContentUtils;

 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;

 import org.sleuthkit.autopsy.ingest.IngestJobContext;

 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;

 import org.sleuthkit.datamodel.AbstractFile;

 import org.sleuthkit.datamodel.Blackboard;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import org.sleuthkit.datamodel.BlackboardArtifact.Category;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import org.sleuthkit.datamodel.Content;

 import org.sleuthkit.datamodel.Score;

 import org.sleuthkit.datamodel.SleuthkitCase;

 import org.sleuthkit.datamodel.TskCoreException;


 abstract class Extract {


     protected final Case currentCase;

     protected final SleuthkitCase tskCase;

     private static final Logger logger = Logger.getLogger(Extract.class.getName());

     private final ArrayList<String> errorMessages = new ArrayList<>();

     private final String displayName;

     protected boolean dataFound = false;

     private final IngestJobContext context;


     Extract(String displayName, IngestJobContext context) {

         this.displayName = displayName;

         this.context = context;

         currentCase = Case.getCurrentCase();

         tskCase = currentCase.getSleuthkitCase();

     }


     void startUp() throws IngestModuleException {

     }


     abstract void process(Content dataSource, DataSourceIngestModuleProgress progressBar);


     void shutDown() {

     }


     List<String> getErrorMessages() {

         return Collections.unmodifiableList(errorMessages);

     }


     protected void addErrorMessage(String message) {

         errorMessages.add(message);

     }


     BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type type, Content content, Collection<BlackboardAttribute> attributes) throws TskCoreException {

         if (type.getCategory() == BlackboardArtifact.Category.DATA_ARTIFACT) {

             return content.newDataArtifact(type, attributes);

         } else if (type.getCategory() == BlackboardArtifact.Category.ANALYSIS_RESULT) {

             return content.newAnalysisResult(type, Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();

         } else {

             throw new TskCoreException("Unknown category type: " + type.getCategory().getDisplayName());

         }

     }


     BlackboardArtifact createAssociatedArtifact(Content content, BlackboardArtifact artifact) throws TskCoreException {

         BlackboardAttribute attribute = new BlackboardAttribute(BlackboardAttribute.Type.TSK_ASSOCIATED_ARTIFACT, getRAModuleName(), artifact.getArtifactID());

         return createArtifactWithAttributes(BlackboardArtifact.Type.TSK_ASSOCIATED_OBJECT, content, Collections.singletonList(attribute));

     }


     void postArtifact(BlackboardArtifact artifact) {

         if (artifact != null && !context.dataArtifactIngestIsCancelled()) {

             postArtifacts(Collections.singleton(artifact));

         }

     }


     void postArtifacts(Collection<BlackboardArtifact> artifacts) {

         if (artifacts != null && !artifacts.isEmpty() && !context.dataArtifactIngestIsCancelled()) {

             try {

                 tskCase.getBlackboard().postArtifacts(artifacts, RecentActivityExtracterModuleFactory.getModuleName(), context.getJobId());

             } catch (Blackboard.BlackboardException ex) {

                 logger.log(Level.SEVERE, "Failed to post artifacts", ex); //NON-NLS

             }

         }

     }


     protected List<HashMap<String, Object>> querySQLiteDb(String path, String query) {

         ResultSet resultSet;

         List<HashMap<String, Object>> list;

         String connectionString = "jdbc:sqlite:" + path; //NON-NLS

         SQLiteDBConnect dbConnection = null;

         try {

             dbConnection = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS

             resultSet = dbConnection.executeQry(query);

             list = resultSetToArrayList(resultSet);

         } catch (SQLException ex) {

             logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS

             return Collections.<HashMap<String, Object>>emptyList();

         } finally {

             if (dbConnection != null) {

                 dbConnection.closeConnection();

             }

         }

         return list;

     }


     private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {

         ResultSetMetaData md = rs.getMetaData();

         int columns = md.getColumnCount();

         List<HashMap<String, Object>> results = new ArrayList<>(50);

         while (rs.next()) {

             HashMap<String, Object> row = new HashMap<>(columns);

             for (int i = 1; i <= columns; ++i) {

                 if (rs.getObject(i) == null) {

                     row.put(md.getColumnName(i), "");

                 } else {

                     row.put(md.getColumnName(i), rs.getObject(i));

                 }

             }

             results.add(row);

         }

         return results;

     }


     protected String getDisplayName() {

         return displayName;

     }


     protected String getRAModuleName() {

         return RecentActivityExtracterModuleFactory.getModuleName();

     }


     public boolean foundData() {

         return dataFound;

     }


     protected void setFoundData(boolean foundData) {

         dataFound = foundData;

     }


     protected Case getCurrentCase() {

         return this.currentCase;

     }


     protected Collection<BlackboardAttribute> createHistoryAttributes(String url, Long accessTime,

             String referrer, String title, String programName, String domain, String user) throws TskCoreException {


         Collection<BlackboardAttribute> bbattributes = new ArrayList<>();

         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,

                 RecentActivityExtracterModuleFactory.getModuleName(), url)); //NON-NLS


         if (accessTime != null) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,

                     RecentActivityExtracterModuleFactory.getModuleName(),

                     accessTime));

         }


         if (StringUtils.isNotBlank(referrer)) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,

                     RecentActivityExtracterModuleFactory.getModuleName(),

                     referrer)); //NON-NLS

         }


         if (StringUtils.isNotBlank(title)) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,

                     RecentActivityExtracterModuleFactory.getModuleName(),

                     title)); //NON-NLS

         }


         if (StringUtils.isNotBlank(programName)) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,

                     RecentActivityExtracterModuleFactory.getModuleName(),

                     programName)); //NON-NLS

         }


         if (StringUtils.isNotBlank(url)) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,

                     RecentActivityExtracterModuleFactory.getModuleName(),

                     domain)); //NON-NLS

         }


         if (StringUtils.isNotBlank(user)) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,

                     RecentActivityExtracterModuleFactory.getModuleName(),

                     user)); //NON-NLS

         }


         return bbattributes;

     }


     protected Collection<BlackboardAttribute> createCookieAttributes(String url,

             Long creationTime, Long accessTime, Long endTime, String name, String value, String programName, String domain) {


         Collection<BlackboardAttribute> bbattributes = new ArrayList<>();

         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (url != null) ? url : "")); //NON-NLS


         if (creationTime != null && creationTime != 0) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,

                     RecentActivityExtracterModuleFactory.getModuleName(), creationTime));

         }


         if (accessTime != null && accessTime != 0) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,

                     RecentActivityExtracterModuleFactory.getModuleName(), accessTime));

         }


         if (endTime != null && endTime != 0) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END,

                     RecentActivityExtracterModuleFactory.getModuleName(), endTime));

         }


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (name != null) ? name : "")); //NON-NLS


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (value != null) ? value : "")); //NON-NLS


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (programName != null) ? programName : "")); //NON-NLS


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (domain != null) ? domain : "")); //NON-NLS


         return bbattributes;

     }


     protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {

         Collection<BlackboardAttribute> bbattributes = new ArrayList<>();


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (url != null) ? url : "")); //NON-NLS


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (title != null) ? title : "")); //NON-NLS


         if (creationTime != null) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,

                     RecentActivityExtracterModuleFactory.getModuleName(), creationTime));

         }


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (programName != null) ? programName : "")); //NON-NLS


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (domain != null) ? domain : "")); //NON-NLS


         return bbattributes;

     }


     protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {

         Collection<BlackboardAttribute> bbattributes = new ArrayList<>();


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (path != null) ? path : "")); //NON-NLS


         if (pathID != null && pathID != -1) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,

                     RecentActivityExtracterModuleFactory.getModuleName(),

                     pathID));

         }


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (url != null) ? url : "")); //NON-NLS


         if (accessTime != null) {

             bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,

                     RecentActivityExtracterModuleFactory.getModuleName(), accessTime));

         }


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (domain != null) ? domain : "")); //NON-NLS


         bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,

                 RecentActivityExtracterModuleFactory.getModuleName(),

                 (programName != null) ? programName : "")); //NON-NLS


         return bbattributes;

     }


     protected File createTemporaryFile(AbstractFile file) throws IOException {

         Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(getCurrentCase(), getDisplayName(), context.getJobId()), file.getName() + file.getId() + file.getNameExtension());

         java.io.File tempFile = tempFilePath.toFile();

         ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);

         return tempFile;

     }


 }

org.sleuthkit

org.sleuthkit.autopsy.casemodule.Case
Definition: Case.java:163

org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:52

org

org.sleuthkit.autopsy.coreutils.NetworkUtils
Definition: NetworkUtils.java:30

org.sleuthkit.autopsy.casemodule
Definition: AddImageAction.java:19

org.sleuthkit.autopsy.datamodel
Definition: AbstractAbstractFileNode.java:19

org.sleuthkit.autopsy.coreutils
Definition: AppSQLiteDB.java:19

org.sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org.sleuthkit.autopsy.ingest
Definition: AnalysisResultIngestModule.java:19

org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress
Definition: DataSourceIngestModuleProgress.java:24

org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException
Definition: IngestModule.java:98

org.sleuthkit.autopsy.ingest.IngestJobContext
Definition: IngestJobContext.java:29

org.sleuthkit.autopsy.coreutils.SQLiteDBConnect
Definition: SQLiteDBConnect.java:37

org.sleuthkit.autopsy

org.sleuthkit.autopsy.ingest.IngestModule
Definition: IngestModule.java:46