Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
RAImageIngestModule.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2019 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.nio.file.Paths;
27 import java.util.ArrayList;
28 import java.util.List;
29 import java.util.logging.Level;
30 import org.openide.util.NbBundle;
31 import org.sleuthkit.autopsy.casemodule.Case;
32 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
33 import org.sleuthkit.autopsy.coreutils.Logger;
34 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
35 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
36 import org.sleuthkit.autopsy.ingest.IngestServices;
37 import org.sleuthkit.autopsy.ingest.IngestMessage;
38 import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
39 import org.sleuthkit.datamodel.Content;
40 import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
41 import org.sleuthkit.autopsy.ingest.IngestJobContext;
42 
46 public final class RAImageIngestModule implements DataSourceIngestModule {
47 
48  private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
49  private final List<Extract> extractors = new ArrayList<>();
50  private final List<Extract> browserExtractors = new ArrayList<>();
51  private IngestServices services = IngestServices.getInstance();
52  private IngestJobContext context;
53  private StringBuilder subCompleted = new StringBuilder();
54 
55  RAImageIngestModule() {
56  }
57 
58  @Override
59  public void startUp(IngestJobContext context) throws IngestModuleException {
60  this.context = context;
61 
62  Extract iexplore;
63  Extract edge;
64  try {
65  iexplore = new ExtractIE();
66  edge = new ExtractEdge();
67  } catch (NoCurrentCaseException ex) {
68  throw new IngestModuleException(ex.getMessage(), ex);
69  }
70 
71  Extract registry = new ExtractRegistry();
72  Extract recentDocuments = new RecentDocumentsByLnk();
73  Extract chrome = new Chromium();
74  Extract firefox = new Firefox();
75  Extract SEUQA = new SearchEngineURLQueryAnalyzer();
76  Extract osExtract = new ExtractOs();
77  Extract dataSourceAnalyzer = new DataSourceUsageAnalyzer();
78  Extract safari = new ExtractSafari();
79  Extract zoneInfo = new ExtractZoneIdentifier();
80  Extract recycleBin = new ExtractRecycleBin();
81  Extract sru = new ExtractSru();
82  Extract prefetch = new ExtractPrefetch();
83  Extract webAccountType = new ExtractWebAccountType();
84 
85  extractors.add(chrome);
86  extractors.add(firefox);
87  extractors.add(iexplore);
88  extractors.add(edge);
89  extractors.add(safari);
90  extractors.add(recentDocuments);
91  extractors.add(SEUQA); // this needs to run after the web browser modules
92  extractors.add(webAccountType); // this needs to run after the web browser modules
93  extractors.add(registry); // this should run after quicker modules like the browser modules and needs to run before the DataSourceUsageAnalyzer
94  extractors.add(osExtract); // this needs to run before the DataSourceUsageAnalyzer
95  extractors.add(dataSourceAnalyzer); //this needs to run after ExtractRegistry and ExtractOs
96  extractors.add(zoneInfo); // this needs to run after the web browser modules
97  extractors.add(recycleBin); // this needs to run after ExtractRegistry and ExtractOS
98  extractors.add(sru);
99  extractors.add(prefetch);
100 
101  browserExtractors.add(chrome);
102  browserExtractors.add(firefox);
103  browserExtractors.add(iexplore);
104  browserExtractors.add(edge);
105  browserExtractors.add(safari);
106 
107  for (Extract extractor : extractors) {
108  extractor.init();
109  }
110  }
111 
112  @Override
113  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
114  services.postMessage(IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
115  NbBundle.getMessage(this.getClass(),
116  "RAImageIngestModule.process.started",
117  dataSource.getName())));
118 
119  progressBar.switchToDeterminate(extractors.size());
120 
121  ArrayList<String> errors = new ArrayList<>();
122 
123  for (int i = 0; i < extractors.size(); i++) {
124  Extract extracter = extractors.get(i);
125  if (context.dataSourceIngestIsCancelled()) {
126  logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS
127  break;
128  }
129 
130  progressBar.progress(extracter.getName(), i);
131 
132  try {
133  extracter.process(dataSource, context, progressBar);
134  } catch (Exception ex) {
135  logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex); //NON-NLS
136  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed",
137  extracter.getName()));
138  errors.add(
139  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", RecentActivityExtracterModuleFactory.getModuleName()));
140  }
141  progressBar.progress(i + 1);
142  errors.addAll(extracter.getErrorMessages());
143  }
144 
145  // create the final message for inbox
146  StringBuilder errorMessage = new StringBuilder();
147  String errorMsgSubject;
148  MessageType msgLevel = MessageType.INFO;
149  if (errors.isEmpty() == false) {
150  msgLevel = MessageType.ERROR;
151  errorMessage.append(
152  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
153  for (String msg : errors) {
154  errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
155  }
156  errorMessage.append("</ul>\n"); //NON-NLS
157 
158  if (errors.size() == 1) {
159  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
160  } else {
161  errorMsgSubject = NbBundle.getMessage(this.getClass(),
162  "RAImageIngestModule.process.errMsgSub.nErrs", errors.size());
163  }
164  } else {
165  errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs"));
166  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs");
167  }
168  final IngestMessage msg = IngestMessage.createMessage(msgLevel, RecentActivityExtracterModuleFactory.getModuleName(),
169  NbBundle.getMessage(this.getClass(),
170  "RAImageIngestModule.process.ingestMsg.finished",
171  dataSource.getName(), errorMsgSubject),
172  errorMessage.toString());
173  services.postMessage(msg);
174 
175  StringBuilder historyMsg = new StringBuilder();
176  historyMsg.append(
177  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
178  for (Extract module : browserExtractors) {
179  historyMsg.append("<li>").append(module.getName()); //NON-NLS
180  historyMsg.append(": ").append((module.foundData()) ? NbBundle
181  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
182  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
183  historyMsg.append("</li>"); //NON-NLS
184  }
185  historyMsg.append("</ul>"); //NON-NLS
186  final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
187  NbBundle.getMessage(this.getClass(),
188  "RAImageIngestModule.process.ingestMsg.results",
189  dataSource.getName()),
190  historyMsg.toString());
191  services.postMessage(inboxMsg);
192 
193  if (context.dataSourceIngestIsCancelled()) {
194  return ProcessResult.OK;
195  }
196 
197  for (int i = 0; i < extractors.size(); i++) {
198  Extract extracter = extractors.get(i);
199  try {
200  extracter.complete();
201  } catch (Exception ex) {
202  logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex); //NON-NLS
203  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed",
204  extracter.getName()));
205  }
206  }
207 
208  return ProcessResult.OK;
209  }
210 
221  protected static String getRATempPath(Case a_case, String mod) {
222  String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
223  File dir = new File(tmpDir);
224  if (dir.exists() == false) {
225  dir.mkdirs();
226  }
227  return tmpDir;
228  }
229 
240  protected static String getRAOutputPath(Case a_case, String mod) {
241  String tmpDir = a_case.getModuleDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
242  File dir = new File(tmpDir);
243  if (dir.exists() == false) {
244  dir.mkdirs();
245  }
246  return tmpDir;
247  }
248 
255  static String getRelModuleOutputPath() throws NoCurrentCaseException {
256  return Paths.get(Case.getCurrentCaseThrows().getModuleOutputDirectoryRelativePath(),
257  "RecentActivity").normalize().toString() ; //NON-NLS
258  }
259 }
org.sleuthkit.autopsy.ingest.IngestMessage.createMessage
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
Definition: IngestMessage.java:183
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.process
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar)
Definition: RAImageIngestModule.java:113
org.sleuthkit.autopsy.ingest.IngestServices.postMessage
void postMessage(final IngestMessage message)
Definition: IngestServices.java:97
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition: IngestServices.java:51

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.