Autopsy  4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2021 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  *
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
25 import;
26 import java.nio.file.Path;
27 import java.nio.file.Paths;
28 import java.util.ArrayList;
29 import java.util.List;
30 import java.util.logging.Level;
31 import org.openide.util.NbBundle;
40 import org.sleuthkit.datamodel.Content;
43 import org.sleuthkit.datamodel.SleuthkitCase;
48 public final class RAImageIngestModule implements DataSourceIngestModule {
50  private static final String RECENT_ACTIVITY_FOLDER = "RecentActivity";
51  private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
52  private final List<Extract> extractors = new ArrayList<>();
53  private final List<Extract> browserExtractors = new ArrayList<>();
56  protected SleuthkitCase tskCase;
59  }
61  @Override
62  public void startUp(IngestJobContext context) throws IngestModuleException {
63  this.context = context;
65  tskCase = Case.getCurrentCase().getSleuthkitCase();
67  Extract iexplore = new ExtractIE(context);
68  Extract edge = new ExtractEdge(context);
69  Extract registry = new ExtractRegistry(context);
70  Extract recentDocuments = new RecentDocumentsByLnk(context);
71  Extract chrome = new Chromium(context);
72  Extract firefox = new Firefox(context);
73  Extract SEUQA = new SearchEngineURLQueryAnalyzer(context);
74  Extract osExtract = new ExtractOs(context);
75  Extract dataSourceAnalyzer = new DataSourceUsageAnalyzer(context);
76  Extract safari = new ExtractSafari(context);
77  Extract zoneInfo = new ExtractZoneIdentifier(context);
78  Extract recycleBin = new ExtractRecycleBin(context);
79  Extract sru = new ExtractSru(context);
80  Extract prefetch = new ExtractPrefetch(context);
81  Extract webAccountType = new ExtractWebAccountType(context);
82  Extract messageDomainType = new DomainCategoryRunner(context);
83  Extract jumpList = new ExtractJumpLists(context);
85  extractors.add(recycleBin);
86  extractors.add(jumpList);
87  extractors.add(recentDocuments);
88  extractors.add(registry); // needs to run before the DataSourceUsageAnalyzer
89  extractors.add(osExtract); // this needs to run before the DataSourceUsageAnalyzer
90  extractors.add(dataSourceAnalyzer); //this needs to run after ExtractRegistry and ExtractOs
91  extractors.add(chrome);
92  extractors.add(firefox);
93  extractors.add(iexplore);
94  extractors.add(edge);
95  extractors.add(safari);
96  extractors.add(SEUQA); // this needs to run after the web browser modules
97  extractors.add(webAccountType); // this needs to run after the web browser modules
98  extractors.add(zoneInfo); // this needs to run after the web browser modules
99  extractors.add(sru);
100  extractors.add(prefetch);
101  extractors.add(messageDomainType);
103  browserExtractors.add(chrome);
104  browserExtractors.add(firefox);
105  browserExtractors.add(iexplore);
106  browserExtractors.add(edge);
107  browserExtractors.add(safari);
109  for (Extract extractor : extractors) {
110  extractor.startUp();
111  }
112  }
114  @Override
115  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
117  NbBundle.getMessage(this.getClass(),
118  "RAImageIngestModule.process.started",
119  dataSource.getName())));
121  progressBar.switchToDeterminate(extractors.size());
123  ArrayList<String> errors = new ArrayList<>();
125  for (int i = 0; i < extractors.size(); i++) {
126  Extract extracter = extractors.get(i);
127  if (context.dataSourceIngestIsCancelled()) {
128  logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getDisplayName()); //NON-NLS
129  break;
130  }
132  progressBar.progress(extracter.getDisplayName(), i);
134  try {
135  extracter.process(dataSource, progressBar);
136  } catch (Exception ex) {
137  logger.log(Level.SEVERE, "Exception occurred in " + extracter.getDisplayName(), ex); //NON-NLS
138  errors.add(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", RecentActivityExtracterModuleFactory.getModuleName()));
139  }
140  progressBar.progress(i + 1);
141  errors.addAll(extracter.getErrorMessages());
142  }
144  // create the final message for inbox
145  StringBuilder errorMessage = new StringBuilder();
146  String errorMsgSubject;
147  MessageType msgLevel = MessageType.INFO;
148  if (errors.isEmpty() == false) {
149  msgLevel = MessageType.ERROR;
150  errorMessage.append(
151  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
152  for (String msg : errors) {
153  errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
154  }
155  errorMessage.append("</ul>\n"); //NON-NLS
157  if (errors.size() == 1) {
158  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
159  } else {
160  errorMsgSubject = NbBundle.getMessage(this.getClass(),
161  "RAImageIngestModule.process.errMsgSub.nErrs", errors.size());
162  }
163  } else {
164  errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs"));
165  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs");
166  }
168  NbBundle.getMessage(this.getClass(),
169  "RAImageIngestModule.process.ingestMsg.finished",
170  dataSource.getName(), errorMsgSubject),
171  errorMessage.toString());
172  services.postMessage(msg);
174  StringBuilder historyMsg = new StringBuilder();
175  historyMsg.append(
176  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
177  for (Extract module : browserExtractors) {
178  historyMsg.append("<li>").append(module.getDisplayName()); //NON-NLS
179  historyMsg.append(": ").append((module.foundData()) ? NbBundle
180  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
181  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
182  historyMsg.append("</li>"); //NON-NLS
183  }
184  historyMsg.append("</ul>"); //NON-NLS
186  NbBundle.getMessage(this.getClass(),
187  "RAImageIngestModule.process.ingestMsg.results",
188  dataSource.getName()),
189  historyMsg.toString());
190  services.postMessage(inboxMsg);
192  return ProcessResult.OK;
193  }
195  @Override
196  public void shutDown() {
197  for (int i = 0; i < extractors.size(); i++) {
198  Extract extracter = extractors.get(i);
199  try {
200  extracter.shutDown();
201  } catch (Exception ex) {
202  logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getDisplayName(), ex); //NON-NLS
203  }
204  }
205  }
219  private static String getAndMakeRAPath(String basePath, String module, long ingestJobId) {
220  String moduleFolder = String.format("%s_%d", module, ingestJobId);
221  Path tmpPath = Paths.get(basePath, RECENT_ACTIVITY_FOLDER, moduleFolder);
222  File dir = tmpPath.toFile();
223  if (dir.exists() == false) {
224  dir.mkdirs();
225  }
226  return tmpPath.toString();
227  }
239  static String getRATempPath(Case a_case, String mod, long ingestJobId) {
240  return getAndMakeRAPath(a_case.getTempDirectory(), mod, ingestJobId);
241  }
253  static String getRAOutputPath(Case a_case, String mod, long ingestJobId) {
254  return getAndMakeRAPath(a_case.getModuleDirectory(), mod, ingestJobId);
255  }
263  static String getRelModuleOutputPath(Case autCase, String mod, long ingestJobId) {
264  return Paths.get(getAndMakeRAPath(autCase.getModuleOutputDirectoryRelativePath(), mod, ingestJobId))
265  .normalize()
266  .toString();
267  }
268 }
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar)
void postMessage(final IngestMessage message)
synchronized static Logger getLogger(String name)
static String getAndMakeRAPath(String basePath, String module, long ingestJobId)
static synchronized IngestServices getInstance()

Copyright © 2012-2022 Basis Technology. Generated on: Tue Feb 6 2024
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.