|
Autopsy
3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.ingest.FileIngestModule.
Classes | |
| class | IngestJobTotals |
Public Member Functions | |
| void | startUp (org.sleuthkit.autopsy.ingest.IngestJobContext context) throws IngestModuleException |
| ProcessResult | process (AbstractFile file) |
| void | shutDown () |
| void | startUp (IngestJobContext context) throws IngestModuleException |
Private Member Functions | |
| void | updateEnabledHashSets (List< HashDb > allHashSets, List< HashDb > enabledHashSets) |
| void | postHashSetHitToBlackboard (AbstractFile abstractFile, String md5Hash, String hashSetName, String comment, boolean showInboxMessage) |
| synchronized void | postSummary () |
Static Private Member Functions | |
| static synchronized IngestJobTotals | getTotalsForIngestJobs (long ingestJobId) |
Private Attributes | |
| final IngestServices | services = IngestServices.getInstance() |
| final SleuthkitCase | skCase = Case.getCurrentCase().getSleuthkitCase() |
| final HashDbManager | hashDbManager = HashDbManager.getInstance() |
| final HashLookupModuleSettings | settings |
| List< HashDb > | knownBadHashSets = new ArrayList<>() |
| List< HashDb > | knownHashSets = new ArrayList<>() |
| long | jobId |
Static Private Attributes | |
| static final Logger | logger = Logger.getLogger(HashDbIngestModule.class.getName()) |
| static final int | MAX_COMMENT_SIZE = 500 |
| static final HashMap< Long, IngestJobTotals > | totalsForIngestJobs = new HashMap<>() |
| static final IngestModuleReferenceCounter | refCounter = new IngestModuleReferenceCounter() |
Definition at line 49 of file HashDbIngestModule.java.
|
staticprivate |
Definition at line 68 of file HashDbIngestModule.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.process().
|
private |
Definition at line 276 of file HashDbIngestModule.java.
References org::sleuthkit::datamodel::BlackboardArtifact.addAttribute(), org.sleuthkit.autopsy.ingest.IngestMessage.createDataMessage(), org.sleuthkit.autopsy.ingest.IngestServices.fireModuleDataEvent(), org::sleuthkit::datamodel::AbstractContent.getName(), org::sleuthkit::datamodel::AbstractContent.newArtifact(), org.sleuthkit.autopsy.ingest.IngestServices.postMessage(), org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_COMMENT, org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_HASH_MD5, org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE.TSK_HASHSET_HIT, and org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_SET_NAME.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.process().
|
private |
Definition at line 334 of file HashDbIngestModule.java.
References org.sleuthkit.autopsy.ingest.IngestMessage.createMessage(), org.sleuthkit.autopsy.ingest.IngestMessage.MessageType.INFO, org.sleuthkit.autopsy.ingest.IngestServices.postMessage(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.IngestJobTotals.totalCalctime, org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.IngestJobTotals.totalKnownBadCount, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.IngestJobTotals.totalLookuptime.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.shutDown().
| ProcessResult org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.process | ( | AbstractFile | file | ) |
Processes a file. Called between calls to startUp() and shutDown(). Will be called for each file in a data source.
| file | The file to analyze. |
Implements org.sleuthkit.autopsy.ingest.FileIngestModule.
Definition at line 132 of file HashDbIngestModule.java.
References org::sleuthkit::datamodel::TskData::FileKnown.BAD, org::sleuthkit::datamodel::HashUtility.calculateMd5(), org.sleuthkit.autopsy.ingest.IngestMessage.createErrorMessage(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org::sleuthkit::datamodel::HashHitInfo.getComments(), org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), org::sleuthkit::datamodel::AbstractContent.getName(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.getTotalsForIngestJobs(), org::sleuthkit::datamodel::AbstractFile.getType(), org::sleuthkit::datamodel::AbstractFile.isDir(), org::sleuthkit::datamodel::TskData::FileKnown.KNOWN, org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.MAX_COMMENT_SIZE, org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.postHashSetHitToBlackboard(), org.sleuthkit.autopsy.ingest.IngestServices.postMessage(), org::sleuthkit::datamodel::SleuthkitCase.setKnown(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.IngestJobTotals.totalCalctime, org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.IngestJobTotals.totalKnownBadCount, org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.IngestJobTotals.totalLookuptime, and org::sleuthkit::datamodel::TskData::TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS.
| void org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.shutDown | ( | ) |
Invoked by Autopsy when an ingest job is completed (either because the data has been analyzed or because the job was canceled - check IngestJobContext.fileIngestIsCancelled()), before the ingest module instance is discarded. The module should respond by doing things like releasing private resources, submitting final results, and posting a final ingest message.
Implements org.sleuthkit.autopsy.ingest.FileIngestModule.
Definition at line 374 of file HashDbIngestModule.java.
References org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter.decrementAndGet(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.postSummary().
| void org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp | ( | org.sleuthkit.autopsy.ingest.IngestJobContext | context | ) | throws IngestModuleException |
Definition at line 82 of file HashDbIngestModule.java.
References org.sleuthkit.autopsy.ingest.IngestMessage.createWarningMessage(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets(), org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter.incrementAndGet(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.knownBadHashSets, org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.knownHashSets, org.sleuthkit.autopsy.ingest.IngestServices.postMessage(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.updateEnabledHashSets().
|
inherited |
Invoked by Autopsy to allow an ingest module instance to set up any internal data structures and acquire any private resources it will need during an ingest job. If the module depends on loading any resources, it should do so in this method so that it can throw an exception in the case of an error and alert the user. Exceptions that are thrown from process() and shutDown() are logged, but do not stop processing of the data source.
| context | Provides data and services specific to the ingest job and the ingest pipeline of which the module is a part. |
Implemented in org.sleuthkit.autopsy.ingest.FileIngestPipeline.PipelineModule, org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule, org.sleuthkit.autopsy.examples.SampleExecutableDataSourceIngestModule, org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule, org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule, org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule, org.sleuthkit.autopsy.modules.embeddedfileextractor.EmbeddedFileExtractorIngestModule, org.sleuthkit.autopsy.modules.e01verify.E01VerifyIngestModule, org.sleuthkit.autopsy.recentactivity.RAImageIngestModule, org.sleuthkit.autopsy.ingest.DataSourceIngestModuleAdapter, and org.sleuthkit.autopsy.ingest.FileIngestModuleAdapter.
Referenced by org.sleuthkit.autopsy.ingest.FileIngestPipeline.PipelineModule.startUp().
|
private |
Cycle through list of hashsets and return the subset that is enabled.
| allHashSets | List of all hashsets from DB manager |
| enabledHashSets | List of enabled ones to return. |
Definition at line 115 of file HashDbIngestModule.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp().
|
private |
Definition at line 54 of file HashDbIngestModule.java.
|
private |
Definition at line 58 of file HashDbIngestModule.java.
|
private |
Definition at line 56 of file HashDbIngestModule.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp().
|
private |
Definition at line 57 of file HashDbIngestModule.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp().
|
staticprivate |
Definition at line 50 of file HashDbIngestModule.java.
|
staticprivate |
Definition at line 51 of file HashDbIngestModule.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.process().
|
staticprivate |
Definition at line 60 of file HashDbIngestModule.java.
|
private |
Definition at line 52 of file HashDbIngestModule.java.
|
private |
Definition at line 55 of file HashDbIngestModule.java.
|
private |
Definition at line 53 of file HashDbIngestModule.java.
|
staticprivate |
Definition at line 59 of file HashDbIngestModule.java.
Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.