Autopsy  4.22.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Extract.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2021 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.io.IOException;
27 import java.nio.file.Path;
28 import java.nio.file.Paths;
29 import java.sql.ResultSet;
30 import java.sql.ResultSetMetaData;
31 import java.sql.SQLException;
32 import java.util.ArrayList;
33 import java.util.Collection;
34 import java.util.Collections;
35 import java.util.HashMap;
36 import java.util.List;
37 import java.util.logging.Level;
38 import org.apache.commons.lang.StringUtils;
39 import org.sleuthkit.autopsy.casemodule.Case;
40 import org.sleuthkit.autopsy.coreutils.Logger;
41 import org.sleuthkit.autopsy.coreutils.NetworkUtils;
42 import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;
43 import org.sleuthkit.autopsy.datamodel.ContentUtils;
44 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
45 import org.sleuthkit.autopsy.ingest.IngestJobContext;
46 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
47 import org.sleuthkit.datamodel.AbstractFile;
48 import org.sleuthkit.datamodel.Blackboard;
49 import org.sleuthkit.datamodel.BlackboardArtifact;
50 import org.sleuthkit.datamodel.BlackboardArtifact.Category;
51 import org.sleuthkit.datamodel.BlackboardAttribute;
52 import org.sleuthkit.datamodel.Content;
53 import org.sleuthkit.datamodel.Score;
54 import org.sleuthkit.datamodel.SleuthkitCase;
55 import org.sleuthkit.datamodel.TskCoreException;
56 
57 abstract class Extract {
58 
59  protected final Case currentCase;
60  protected final SleuthkitCase tskCase;
61  private static final Logger logger = Logger.getLogger(Extract.class.getName());
62  private final ArrayList<String> errorMessages = new ArrayList<>();
63  private final String displayName;
64  protected boolean dataFound = false;
65  private final IngestJobContext context;
66 
74  Extract(String displayName, IngestJobContext context) {
75  this.displayName = displayName;
76  this.context = context;
77  currentCase = Case.getCurrentCase();
78  tskCase = currentCase.getSleuthkitCase();
79  }
80 
88  void startUp() throws IngestModuleException {
89  }
90 
99  abstract void process(Content dataSource, DataSourceIngestModuleProgress progressBar);
100 
105  void shutDown() {
106  }
107 
113  List<String> getErrorMessages() {
114  return Collections.unmodifiableList(errorMessages);
115  }
116 
123  protected void addErrorMessage(String message) {
124  errorMessages.add(message);
125  }
126 
139  BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type type, Content content, Collection<BlackboardAttribute> attributes) throws TskCoreException {
140  if (type.getCategory() == BlackboardArtifact.Category.DATA_ARTIFACT) {
141  return content.newDataArtifact(type, attributes);
142  } else if (type.getCategory() == BlackboardArtifact.Category.ANALYSIS_RESULT) {
143  return content.newAnalysisResult(type, Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
144  } else {
145  throw new TskCoreException("Unknown category type: " + type.getCategory().getDisplayName());
146  }
147  }
148 
160  BlackboardArtifact createAssociatedArtifact(Content content, BlackboardArtifact artifact) throws TskCoreException {
161  BlackboardAttribute attribute = new BlackboardAttribute(BlackboardAttribute.Type.TSK_ASSOCIATED_ARTIFACT, getRAModuleName(), artifact.getArtifactID());
162  return createArtifactWithAttributes(BlackboardArtifact.Type.TSK_ASSOCIATED_OBJECT, content, Collections.singletonList(attribute));
163  }
164 
170  void postArtifact(BlackboardArtifact artifact) {
171  if (artifact != null && !context.dataArtifactIngestIsCancelled()) {
172  postArtifacts(Collections.singleton(artifact));
173  }
174  }
175 
181  void postArtifacts(Collection<BlackboardArtifact> artifacts) {
182  if (artifacts != null && !artifacts.isEmpty() && !context.dataArtifactIngestIsCancelled()) {
183  try {
184  tskCase.getBlackboard().postArtifacts(artifacts, RecentActivityExtracterModuleFactory.getModuleName(), context.getJobId());
185  } catch (Blackboard.BlackboardException ex) {
186  logger.log(Level.SEVERE, "Failed to post artifacts", ex); //NON-NLS
187  }
188  }
189  }
190 
206  protected List<HashMap<String, Object>> querySQLiteDb(String path, String query) {
207  ResultSet resultSet;
208  List<HashMap<String, Object>> list;
209  String connectionString = "jdbc:sqlite:" + path; //NON-NLS
210  SQLiteDBConnect dbConnection = null;
211  try {
212  dbConnection = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
213  resultSet = dbConnection.executeQry(query);
214  list = resultSetToArrayList(resultSet);
215  } catch (SQLException ex) {
216  logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
217  return Collections.<HashMap<String, Object>>emptyList();
218  } finally {
219  if (dbConnection != null) {
220  dbConnection.closeConnection();
221  }
222  }
223  return list;
224  }
225 
235  private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
236  ResultSetMetaData md = rs.getMetaData();
237  int columns = md.getColumnCount();
238  List<HashMap<String, Object>> results = new ArrayList<>(50);
239  while (rs.next()) {
240  HashMap<String, Object> row = new HashMap<>(columns);
241  for (int i = 1; i <= columns; ++i) {
242  if (rs.getObject(i) == null) {
243  row.put(md.getColumnName(i), "");
244  } else {
245  row.put(md.getColumnName(i), rs.getObject(i));
246  }
247  }
248  results.add(row);
249  }
250  return results;
251  }
252 
258  protected String getDisplayName() {
259  return displayName;
260  }
261 
267  protected String getRAModuleName() {
268  return RecentActivityExtracterModuleFactory.getModuleName();
269  }
270 
277  public boolean foundData() {
278  return dataFound;
279  }
280 
287  protected void setFoundData(boolean foundData) {
288  dataFound = foundData;
289  }
290 
296  protected Case getCurrentCase() {
297  return this.currentCase;
298  }
299 
317  protected Collection<BlackboardAttribute> createHistoryAttributes(String url, Long accessTime,
318  String referrer, String title, String programName, String domain, String user) throws TskCoreException {
319 
320  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
321  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
322  RecentActivityExtracterModuleFactory.getModuleName(), url)); //NON-NLS
323 
324  if (accessTime != null) {
325  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
326  RecentActivityExtracterModuleFactory.getModuleName(),
327  accessTime));
328  }
329 
330  if (StringUtils.isNotBlank(referrer)) {
331  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
332  RecentActivityExtracterModuleFactory.getModuleName(),
333  referrer)); //NON-NLS
334  }
335 
336  if (StringUtils.isNotBlank(title)) {
337  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
338  RecentActivityExtracterModuleFactory.getModuleName(),
339  title)); //NON-NLS
340  }
341 
342  if (StringUtils.isNotBlank(programName)) {
343  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
344  RecentActivityExtracterModuleFactory.getModuleName(),
345  programName)); //NON-NLS
346  }
347 
348 
349  if (StringUtils.isNotBlank(url)) {
350  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
351  RecentActivityExtracterModuleFactory.getModuleName(),
352  domain)); //NON-NLS
353  }
354 
355  if (StringUtils.isNotBlank(user)) {
356  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
357  RecentActivityExtracterModuleFactory.getModuleName(),
358  user)); //NON-NLS
359  }
360 
361  return bbattributes;
362  }
363 
376  protected Collection<BlackboardAttribute> createCookieAttributes(String url,
377  Long creationTime, Long accessTime, Long endTime, String name, String value, String programName, String domain) {
378 
379  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
380  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
381  RecentActivityExtracterModuleFactory.getModuleName(),
382  (url != null) ? url : "")); //NON-NLS
383 
384  if (creationTime != null && creationTime != 0) {
385  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
386  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
387  }
388 
389  if (accessTime != null && accessTime != 0) {
390  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
391  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
392  }
393 
394  if (endTime != null && endTime != 0) {
395  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END,
396  RecentActivityExtracterModuleFactory.getModuleName(), endTime));
397  }
398 
399  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
400  RecentActivityExtracterModuleFactory.getModuleName(),
401  (name != null) ? name : "")); //NON-NLS
402 
403  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
404  RecentActivityExtracterModuleFactory.getModuleName(),
405  (value != null) ? value : "")); //NON-NLS
406 
407  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
408  RecentActivityExtracterModuleFactory.getModuleName(),
409  (programName != null) ? programName : "")); //NON-NLS
410 
411  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
412  RecentActivityExtracterModuleFactory.getModuleName(),
413  (domain != null) ? domain : "")); //NON-NLS
414 
415  return bbattributes;
416  }
417 
430  protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
431  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
432 
433  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
434  RecentActivityExtracterModuleFactory.getModuleName(),
435  (url != null) ? url : "")); //NON-NLS
436 
437  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
438  RecentActivityExtracterModuleFactory.getModuleName(),
439  (title != null) ? title : "")); //NON-NLS
440 
441  if (creationTime != null) {
442  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
443  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
444  }
445 
446  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
447  RecentActivityExtracterModuleFactory.getModuleName(),
448  (programName != null) ? programName : "")); //NON-NLS
449 
450  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
451  RecentActivityExtracterModuleFactory.getModuleName(),
452  (domain != null) ? domain : "")); //NON-NLS
453 
454  return bbattributes;
455  }
456 
468  protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
469  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
470 
471  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
472  RecentActivityExtracterModuleFactory.getModuleName(),
473  (path != null) ? path : "")); //NON-NLS
474 
475  if (pathID != null && pathID != -1) {
476  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
477  RecentActivityExtracterModuleFactory.getModuleName(),
478  pathID));
479  }
480 
481  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
482  RecentActivityExtracterModuleFactory.getModuleName(),
483  (url != null) ? url : "")); //NON-NLS
484 
485  if (accessTime != null) {
486  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
487  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
488  }
489 
490  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
491  RecentActivityExtracterModuleFactory.getModuleName(),
492  (domain != null) ? domain : "")); //NON-NLS
493 
494  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
495  RecentActivityExtracterModuleFactory.getModuleName(),
496  (programName != null) ? programName : "")); //NON-NLS
497 
498  return bbattributes;
499  }
500 
513  protected File createTemporaryFile(AbstractFile file) throws IOException {
514  Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(getCurrentCase(), getDisplayName(), context.getJobId()), file.getName() + file.getId() + file.getNameExtension());
515  java.io.File tempFile = tempFilePath.toFile();
516  ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
517  return tempFile;
518  }
519 
520 }
org::sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:52
org::sleuthkit::datamodel::Content

Copyright © 2012-2024 Sleuth Kit Labs. Generated on: Mon Mar 17 2025
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.