Autopsy  4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
ThunderbirdMboxFileIngestModule.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.thunderbirdparser;
20 
21 import java.io.File;
22 import java.io.IOException;
23 import java.util.ArrayList;
24 import java.util.Collection;
25 import java.util.HashSet;
26 import java.util.Iterator;
27 import java.util.List;
28 import java.util.Set;
29 import java.util.logging.Level;
30 import java.util.regex.Matcher;
31 import java.util.regex.Pattern;
32 import org.apache.james.mime4j.MimeException;
33 import org.openide.util.NbBundle;
34 import org.openide.util.NbBundle.Messages;
35 import org.sleuthkit.autopsy.casemodule.Case;
36 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
37 import org.sleuthkit.autopsy.casemodule.services.FileManager;
38 import org.sleuthkit.autopsy.coreutils.Logger;
39 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
40 import org.sleuthkit.autopsy.datamodel.ContentUtils;
41 import org.sleuthkit.autopsy.ingest.FileIngestModule;
42 import org.sleuthkit.autopsy.ingest.IngestJobContext;
43 import org.sleuthkit.autopsy.ingest.IngestMessage;
44 import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
45 import org.sleuthkit.autopsy.ingest.IngestMonitor;
46 import org.sleuthkit.autopsy.ingest.IngestServices;
47 import org.sleuthkit.autopsy.ingest.ModuleContentEvent;
48 import org.sleuthkit.datamodel.AbstractFile;
49 import org.sleuthkit.datamodel.Account;
50 import org.sleuthkit.datamodel.AccountFileInstance;
51 import org.sleuthkit.datamodel.Blackboard;
52 import org.sleuthkit.datamodel.BlackboardArtifact;
53 import org.sleuthkit.datamodel.BlackboardAttribute;
54 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
55 import org.sleuthkit.datamodel.DerivedFile;
56 import org.sleuthkit.datamodel.Relationship;
57 import org.sleuthkit.datamodel.TskCoreException;
58 import org.sleuthkit.datamodel.TskData;
59 import org.sleuthkit.datamodel.TskDataException;
60 import org.sleuthkit.datamodel.TskException;
61 
67 public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
68  private static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName());
69  private final IngestServices services = IngestServices.getInstance();
70  private FileManager fileManager;
71  private IngestJobContext context;
72  private Blackboard blackboard;
73 
74  private Case currentCase;
75 
79  ThunderbirdMboxFileIngestModule() {
80  }
81 
82  @Override
83  @Messages ({"ThunderbirdMboxFileIngestModule.noOpenCase.errMsg=Exception while getting open case."})
84  public void startUp(IngestJobContext context) throws IngestModuleException {
85  this.context = context;
86  try {
87  currentCase = Case.getCurrentCaseThrows();
88  fileManager = Case.getCurrentCaseThrows().getServices().getFileManager();
89  } catch (NoCurrentCaseException ex) {
90  logger.log(Level.SEVERE, "Exception while getting open case.", ex);
91  throw new IngestModuleException(Bundle.ThunderbirdMboxFileIngestModule_noOpenCase_errMsg(), ex);
92  }
93  }
94 
95  @Override
96  public ProcessResult process(AbstractFile abstractFile) {
97 
98  blackboard = currentCase.getSleuthkitCase().getBlackboard();
99 
100  // skip known
101  if (abstractFile.getKnown().equals(TskData.FileKnown.KNOWN)) {
102  return ProcessResult.OK;
103  }
104 
105  //skip unalloc
106  if ((abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)) ||
107  (abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK))) {
108  return ProcessResult.OK;
109  }
110 
111  if ((abstractFile.isFile() == false)) {
112  return ProcessResult.OK;
113  }
114 
115  // check its signature
116  boolean isMbox = false;
117  boolean isEMLFile = false;
118 
119  try {
120  byte[] t = new byte[64];
121  if (abstractFile.getSize() > 64) {
122  int byteRead = abstractFile.read(t, 0, 64);
123  if (byteRead > 0) {
124  isMbox = MboxParser.isValidMimeTypeMbox(t);
125  isEMLFile = EMLParser.isEMLFile(abstractFile, t);
126  }
127  }
128  } catch (TskException ex) {
129  logger.log(Level.WARNING, null, ex);
130  }
131 
132  if (isMbox) {
133  return processMBox(abstractFile);
134  }
135 
136  if (isEMLFile) {
137  return processEMLFile(abstractFile);
138  }
139 
140  if (PstParser.isPstFile(abstractFile)) {
141  return processPst(abstractFile);
142  }
143 
144  if (VcardParser.isVcardFile(abstractFile)) {
145  return processVcard(abstractFile);
146  }
147 
148  return ProcessResult.OK;
149  }
150 
158  @Messages({"ThunderbirdMboxFileIngestModule.processPst.indexError.message=Failed to index encryption detected artifact for keyword search."})
159  private ProcessResult processPst(AbstractFile abstractFile) {
160  String fileName;
161  try {
162  fileName = getTempPath() + File.separator + abstractFile.getName()
163  + "-" + String.valueOf(abstractFile.getId());
164  } catch (NoCurrentCaseException ex) {
165  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
166  return ProcessResult.ERROR;
167  }
168  File file = new File(fileName);
169 
170  long freeSpace = services.getFreeDiskSpace();
171  if ((freeSpace != IngestMonitor.DISK_FREE_SPACE_UNKNOWN) && (abstractFile.getSize() >= freeSpace)) {
172  logger.log(Level.WARNING, "Not enough disk space to write file to disk."); //NON-NLS
173  IngestMessage msg = IngestMessage.createErrorMessage(EmailParserModuleFactory.getModuleName(), EmailParserModuleFactory.getModuleName(),
174  NbBundle.getMessage(this.getClass(),
175  "ThunderbirdMboxFileIngestModule.processPst.errMsg.outOfDiskSpace",
176  abstractFile.getName()));
177  services.postMessage(msg);
178  return ProcessResult.OK;
179  }
180 
181  try {
182  ContentUtils.writeToFile(abstractFile, file, context::fileIngestIsCancelled);
183  } catch (IOException ex) {
184  logger.log(Level.WARNING, "Failed writing pst file to disk.", ex); //NON-NLS
185  return ProcessResult.OK;
186  }
187 
188  PstParser parser = new PstParser(services);
189  PstParser.ParseResult result = parser.open(file, abstractFile.getId());
190 
191  switch( result) {
192  case OK:
193  processEmails(parser.getPartialEmailMessages(), parser.getEmailMessageIterator(), abstractFile);
194  break;
195 
196  case ENCRYPT:
197  // encrypted pst: Add encrypted file artifact
198  try {
199 
200  BlackboardArtifact artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED);
201  artifact.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, EmailParserModuleFactory.getModuleName(), NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.encryptionFileLevel")));
202 
203  try {
204  // index the artifact for keyword search
205  blackboard.postArtifact(artifact, EmailParserModuleFactory.getModuleName());
206  } catch (Blackboard.BlackboardException ex) {
207  MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_processPst_indexError_message(), artifact.getDisplayName());
208  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
209  }
210  } catch (TskCoreException ex) {
211  logger.log(Level.INFO, "Failed to add encryption attribute to file: {0}", abstractFile.getName()); //NON-NLS
212  }
213  break;
214  default:
215  // parsing error: log message
216  postErrorMessage(
217  NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.processPst.errProcFile.msg",
218  abstractFile.getName()),
219  NbBundle.getMessage(this.getClass(),
220  "ThunderbirdMboxFileIngestModule.processPst.errProcFile.details"));
221  logger.log(Level.INFO, "PSTParser failed to parse {0}", abstractFile.getName()); //NON-NLS
222  return ProcessResult.ERROR;
223  }
224 
225  if (file.delete() == false) {
226  logger.log(Level.INFO, "Failed to delete temp file: {0}", file.getName()); //NON-NLS
227  }
228 
229  return ProcessResult.OK;
230  }
231 
239  private ProcessResult processMBox(AbstractFile abstractFile) {
240  String mboxFileName = abstractFile.getName();
241  String mboxParentDir = abstractFile.getParentPath();
242  // use the local path to determine the e-mail folder structure
243  String emailFolder = "";
244  // email folder is everything after "Mail" or ImapMail
245  if (mboxParentDir.contains("/Mail/")) { //NON-NLS
246  emailFolder = mboxParentDir.substring(mboxParentDir.indexOf("/Mail/") + 5); //NON-NLS
247  } else if (mboxParentDir.contains("/ImapMail/")) { //NON-NLS
248  emailFolder = mboxParentDir.substring(mboxParentDir.indexOf("/ImapMail/") + 9); //NON-NLS
249  }
250  emailFolder = emailFolder + mboxFileName;
251  emailFolder = emailFolder.replaceAll(".sbd", ""); //NON-NLS
252 
253  String fileName;
254  try {
255  fileName = getTempPath() + File.separator + abstractFile.getName()
256  + "-" + String.valueOf(abstractFile.getId());
257  } catch (NoCurrentCaseException ex) {
258  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
259  return ProcessResult.ERROR;
260  }
261  File file = new File(fileName);
262 
263  long freeSpace = services.getFreeDiskSpace();
264  if ((freeSpace != IngestMonitor.DISK_FREE_SPACE_UNKNOWN) && (abstractFile.getSize() >= freeSpace)) {
265  logger.log(Level.WARNING, "Not enough disk space to write file to disk."); //NON-NLS
266  postErrorMessage(
267  NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.processMBox.errProcFile.msg",
268  abstractFile.getName()),
269  NbBundle.getMessage(this.getClass(),
270  "ThunderbirdMboxFileIngestModule.processMBox.errProfFile.details"));
271  return ProcessResult.OK;
272  }
273 
274  try {
275  ContentUtils.writeToFile(abstractFile, file, context::fileIngestIsCancelled);
276  } catch (IOException ex) {
277  logger.log(Level.WARNING, "Failed writing mbox file to disk.", ex); //NON-NLS
278  return ProcessResult.OK;
279  }
280 
281  MboxParser emailIterator = MboxParser.getEmailIterator( emailFolder, file, abstractFile.getId());
282  List<EmailMessage> emails = new ArrayList<>();
283  if(emailIterator != null) {
284  while(emailIterator.hasNext()) {
285  EmailMessage emailMessage = emailIterator.next();
286  if(emailMessage != null) {
287  emails.add(emailMessage);
288  }
289  }
290 
291  String errors = emailIterator.getErrors();
292  if (!errors.isEmpty()) {
293  postErrorMessage(
294  NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.processMBox.errProcFile.msg2",
295  abstractFile.getName()), errors);
296  }
297  }
298  processEmails(emails, MboxParser.getEmailIterator( emailFolder, file, abstractFile.getId()), abstractFile);
299 
300  if (file.delete() == false) {
301  logger.log(Level.INFO, "Failed to delete temp file: {0}", file.getName()); //NON-NLS
302  }
303 
304  return ProcessResult.OK;
305  }
306 
315  @Messages({
316  "# {0} - file name",
317  "# {1} - file ID",
318  "ThunderbirdMboxFileIngestModule.errorMessage.outOfDiskSpace=Out of disk space. Cannot copy '{0}' (id={1}) to parse."
319  })
320  private ProcessResult processVcard(AbstractFile abstractFile) {
321  try {
322  VcardParser parser = new VcardParser(currentCase, context);
323  parser.parse(abstractFile);
324  } catch (IOException | NoCurrentCaseException ex) {
325  logger.log(Level.WARNING, String.format("Exception while parsing the file '%s' (id=%d).", abstractFile.getName(), abstractFile.getId()), ex); //NON-NLS
326  return ProcessResult.OK;
327  }
328  return ProcessResult.OK;
329  }
330 
331  private ProcessResult processEMLFile(AbstractFile abstractFile) {
332  try {
333  EmailMessage message = EMLParser.parse(abstractFile);
334 
335  if (message == null) {
336  return ProcessResult.OK;
337  }
338 
339  List<AbstractFile> derivedFiles = new ArrayList<>();
340 
341  BlackboardArtifact msgArtifact = addEmailArtifact(message, abstractFile);
342 
343  if ((msgArtifact != null) && (message.hasAttachment())) {
344  derivedFiles.addAll(handleAttachments(message.getAttachments(), abstractFile, msgArtifact));
345  }
346 
347  if (derivedFiles.isEmpty() == false) {
348  for (AbstractFile derived : derivedFiles) {
349  services.fireModuleContentEvent(new ModuleContentEvent(derived));
350  }
351  }
352  context.addFilesToJob(derivedFiles);
353 
354  } catch (IOException ex) {
355  logger.log(Level.WARNING, String.format("Error reading eml file %s", abstractFile.getName()), ex);
356  return ProcessResult.ERROR;
357  } catch (MimeException ex) {
358  logger.log(Level.WARNING, String.format("Error reading eml file %s", abstractFile.getName()), ex);
359  return ProcessResult.ERROR;
360  }
361 
362  return ProcessResult.OK;
363  }
364 
371  static String getTempPath() throws NoCurrentCaseException {
372  String tmpDir = Case.getCurrentCaseThrows().getTempDirectory() + File.separator
373  + "EmailParser"; //NON-NLS
374  File dir = new File(tmpDir);
375  if (dir.exists() == false) {
376  dir.mkdirs();
377  }
378  return tmpDir;
379  }
380 
388  static String getModuleOutputPath() throws NoCurrentCaseException {
389  String outDir = Case.getCurrentCaseThrows().getModuleDirectory() + File.separator
390  + EmailParserModuleFactory.getModuleName();
391  File dir = new File(outDir);
392  if (dir.exists() == false) {
393  dir.mkdirs();
394  }
395  return outDir;
396  }
397 
404  static String getRelModuleOutputPath() throws NoCurrentCaseException {
405  return Case.getCurrentCaseThrows().getModuleOutputDirectoryRelativePath() + File.separator
406  + EmailParserModuleFactory.getModuleName();
407  }
408 
417  private void processEmails(List<EmailMessage> partialEmailsForThreading, Iterator<EmailMessage> fullMessageIterator, AbstractFile abstractFile) {
418  // Putting try/catch around this to catch any exception and still allow
419  // the creation of the artifacts to continue.
420  try{
421  EmailMessageThreader.threadMessages(partialEmailsForThreading);
422  } catch(Exception ex) {
423  logger.log(Level.WARNING, String.format("Exception thrown parsing emails from %s", abstractFile.getName()), ex);
424  }
425 
426  List<AbstractFile> derivedFiles = new ArrayList<>();
427 
428  int msgCnt = 0;
429  while(fullMessageIterator.hasNext()) {
430  EmailMessage current = fullMessageIterator.next();
431 
432  if(current == null) {
433  continue;
434  }
435 
436  if(partialEmailsForThreading.size() > msgCnt) {
437  EmailMessage threaded = partialEmailsForThreading.get(msgCnt++);
438 
439  if(threaded.getMessageID().equals(current.getMessageID()) &&
440  threaded.getSubject().equals(current.getSubject())) {
441  current.setMessageThreadID(threaded.getMessageThreadID());
442  }
443  }
444 
445  BlackboardArtifact msgArtifact = addEmailArtifact(current, abstractFile);
446 
447  if ((msgArtifact != null) && (current.hasAttachment())) {
448  derivedFiles.addAll(handleAttachments(current.getAttachments(), abstractFile, msgArtifact ));
449  }
450  }
451 
452  if (derivedFiles.isEmpty() == false) {
453  for (AbstractFile derived : derivedFiles) {
454  services.fireModuleContentEvent(new ModuleContentEvent(derived));
455  }
456  }
457  context.addFilesToJob(derivedFiles);
458  }
469  private List<AbstractFile> handleAttachments(List<EmailMessage.Attachment> attachments, AbstractFile abstractFile, BlackboardArtifact messageArtifact) {
470  List<AbstractFile> files = new ArrayList<>();
471  for (EmailMessage.Attachment attach : attachments) {
472  String filename = attach.getName();
473  long crTime = attach.getCrTime();
474  long mTime = attach.getmTime();
475  long aTime = attach.getaTime();
476  long cTime = attach.getcTime();
477  String relPath = attach.getLocalPath();
478  long size = attach.getSize();
479  TskData.EncodingType encodingType = attach.getEncodingType();
480 
481  try {
482  DerivedFile df = fileManager.addDerivedFile(filename, relPath,
483  size, cTime, crTime, aTime, mTime, true, messageArtifact, "",
484  EmailParserModuleFactory.getModuleName(), EmailParserModuleFactory.getModuleVersion(), "", encodingType);
485  files.add(df);
486  } catch (TskCoreException ex) {
487  postErrorMessage(
488  NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.handleAttch.errMsg",
489  abstractFile.getName()),
490  NbBundle.getMessage(this.getClass(),
491  "ThunderbirdMboxFileIngestModule.handleAttch.errMsg.details", filename));
492  logger.log(Level.INFO, "", ex);
493  }
494  }
495  return files;
496  }
497 
505  private Set<String> findEmailAddresess(String input) {
506  Pattern p = Pattern.compile("\\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}\\b",
507  Pattern.CASE_INSENSITIVE);
508  Matcher m = p.matcher(input);
509  Set<String> emailAddresses = new HashSet<>();
510  while (m.find()) {
511  emailAddresses.add( m.group());
512  }
513  return emailAddresses;
514  }
515 
524  @Messages({"ThunderbirdMboxFileIngestModule.addArtifact.indexError.message=Failed to index email message detected artifact for keyword search."})
525  private BlackboardArtifact addEmailArtifact(EmailMessage email, AbstractFile abstractFile) {
526  BlackboardArtifact bbart = null;
527  List<BlackboardAttribute> bbattributes = new ArrayList<>();
528  String to = email.getRecipients();
529  String cc = email.getCc();
530  String bcc = email.getBcc();
531  String from = email.getSender();
532  long dateL = email.getSentDate();
533  String headers = email.getHeaders();
534  String body = email.getTextBody();
535  String bodyHTML = email.getHtmlBody();
536  String rtf = email.getRtfBody();
537  String subject = email.getSubject();
538  long id = email.getId();
539  String localPath = email.getLocalPath();
540  String threadID = email.getMessageThreadID();
541 
542  List<String> senderAddressList = new ArrayList<>();
543  String senderAddress;
544  senderAddressList.addAll(findEmailAddresess(from));
545 
546  AccountFileInstance senderAccountInstance = null;
547 
548  if (senderAddressList.size() == 1) {
549  senderAddress = senderAddressList.get(0);
550  try {
551  senderAccountInstance = currentCase.getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.EMAIL, senderAddress, EmailParserModuleFactory.getModuleName(), abstractFile);
552  }
553  catch(TskCoreException ex) {
554  logger.log(Level.WARNING, "Failed to create account for email address " + senderAddress, ex); //NON-NLS
555  }
556  }
557  else {
558  logger.log(Level.WARNING, "Failed to find sender address, from = {0}", from); //NON-NLS
559  }
560 
561  List<String> recipientAddresses = new ArrayList<>();
562  recipientAddresses.addAll(findEmailAddresess(to));
563  recipientAddresses.addAll(findEmailAddresess(cc));
564  recipientAddresses.addAll(findEmailAddresess(bcc));
565 
566  List<AccountFileInstance> recipientAccountInstances = new ArrayList<>();
567  recipientAddresses.forEach((addr) -> {
568  try {
569  AccountFileInstance recipientAccountInstance =
570  currentCase.getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.EMAIL, addr,
571  EmailParserModuleFactory.getModuleName(), abstractFile);
572  recipientAccountInstances.add(recipientAccountInstance);
573  }
574  catch(TskCoreException ex) {
575  logger.log(Level.WARNING, "Failed to create account for email address " + addr, ex); //NON-NLS
576  }
577  });
578 
579  addArtifactAttribute(headers, ATTRIBUTE_TYPE.TSK_HEADERS, bbattributes);
580  addArtifactAttribute(from, ATTRIBUTE_TYPE.TSK_EMAIL_FROM, bbattributes);
581  addArtifactAttribute(to, ATTRIBUTE_TYPE.TSK_EMAIL_TO, bbattributes);
582  addArtifactAttribute(subject, ATTRIBUTE_TYPE.TSK_SUBJECT, bbattributes);
583 
584  addArtifactAttribute(dateL, ATTRIBUTE_TYPE.TSK_DATETIME_RCVD, bbattributes);
585  addArtifactAttribute(dateL, ATTRIBUTE_TYPE.TSK_DATETIME_SENT, bbattributes);
586 
587  addArtifactAttribute(body, ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN, bbattributes);
588 
589  addArtifactAttribute(((id < 0L) ? NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.notAvail") : String.valueOf(id)),
590  ATTRIBUTE_TYPE.TSK_MSG_ID, bbattributes);
591 
592  addArtifactAttribute(((localPath.isEmpty() == false) ? localPath : ""),
593  ATTRIBUTE_TYPE.TSK_PATH, bbattributes);
594 
595  addArtifactAttribute(cc, ATTRIBUTE_TYPE.TSK_EMAIL_CC, bbattributes);
596  addArtifactAttribute(bodyHTML, ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_HTML, bbattributes);
597  addArtifactAttribute(rtf, ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_RTF, bbattributes);
598  addArtifactAttribute(threadID, ATTRIBUTE_TYPE.TSK_THREAD_ID, bbattributes);
599 
600 
601  try {
602 
603  bbart = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG);
604  bbart.addAttributes(bbattributes);
605 
606  // Add account relationships
607  currentCase.getSleuthkitCase().getCommunicationsManager().addRelationships(senderAccountInstance, recipientAccountInstances, bbart,Relationship.Type.MESSAGE, dateL);
608 
609  try {
610  // index the artifact for keyword search
611  blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName());
612  } catch (Blackboard.BlackboardException ex) {
613  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getArtifactID(), ex); //NON-NLS
614  MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_addArtifact_indexError_message(), bbart.getDisplayName());
615  }
616  } catch (TskCoreException | TskDataException ex) {
617  logger.log(Level.WARNING, null, ex);
618  }
619 
620  return bbart;
621  }
622 
630  static void addArtifactAttribute(String stringVal, BlackboardAttribute.Type attrType, Collection<BlackboardAttribute> bbattributes) {
631  if (stringVal.isEmpty() == false) {
632  bbattributes.add(new BlackboardAttribute(attrType, EmailParserModuleFactory.getModuleName(), stringVal));
633  }
634  }
635 
643  static void addArtifactAttribute(String stringVal, ATTRIBUTE_TYPE attrType, Collection<BlackboardAttribute> bbattributes) {
644  if (stringVal.isEmpty() == false) {
645  bbattributes.add(new BlackboardAttribute(attrType, EmailParserModuleFactory.getModuleName(), stringVal));
646  }
647  }
648 
656  static void addArtifactAttribute(long longVal, ATTRIBUTE_TYPE attrType, Collection<BlackboardAttribute> bbattributes) {
657  if (longVal > 0) {
658  bbattributes.add(new BlackboardAttribute(attrType, EmailParserModuleFactory.getModuleName(), longVal));
659  }
660  }
661 
668  void postErrorMessage(String subj, String details) {
669  IngestMessage ingestMessage = IngestMessage.createErrorMessage(EmailParserModuleFactory.getModuleVersion(), subj, details);
670  services.postMessage(ingestMessage);
671  }
672 
678  IngestServices getServices() {
679  return services;
680  }
681 
682  @Override
683  public void shutDown() {
684  // nothing to shut down
685  }
686 }
org.sleuthkit.autopsy.ingest.IngestMessage.createErrorMessage
static IngestMessage createErrorMessage(String source, String subject, String detailsHtml)
Definition: IngestMessage.java:216
org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.processEmails
void processEmails(List< EmailMessage > partialEmailsForThreading, Iterator< EmailMessage > fullMessageIterator, AbstractFile abstractFile)
Definition: ThunderbirdMboxFileIngestModule.java:417
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:55
org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.addEmailArtifact
BlackboardArtifact addEmailArtifact(EmailMessage email, AbstractFile abstractFile)
Definition: ThunderbirdMboxFileIngestModule.java:525
org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile
static< T > long writeToFile(Content content, java.io.File outputFile, ProgressHandle progress, Future< T > worker, boolean source)
Definition: ContentUtils.java:210
org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile
synchronized DerivedFile addDerivedFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType)
Definition: FileManager.java:354
org.sleuthkit.autopsy.ingest.IngestJobContext.addFilesToJob
void addFilesToJob(List< AbstractFile > files)
Definition: IngestJobContext.java:129
org.sleuthkit.autopsy.ingest.IngestServices.postMessage
void postMessage(final IngestMessage message)
Definition: IngestServices.java:97
org.sleuthkit.autopsy.ingest.IngestServices.fireModuleContentEvent
void fireModuleContentEvent(ModuleContentEvent moduleContentEvent)
Definition: IngestServices.java:124
org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error
static void error(String title, String message)
Definition: MessageNotifyUtil.java:227
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.handleAttachments
List< AbstractFile > handleAttachments(List< EmailMessage.Attachment > attachments, AbstractFile abstractFile, BlackboardArtifact messageArtifact)
Definition: ThunderbirdMboxFileIngestModule.java:469
org.sleuthkit.autopsy.ingest.ModuleContentEvent
Definition: ModuleContentEvent.java:27
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition: IngestServices.java:51

Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.