Autopsy  4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
RAImageIngestModule.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2019 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.nio.file.Paths;
27 import java.util.ArrayList;
28 import java.util.List;
29 import java.util.logging.Level;
30 import org.openide.util.NbBundle;
31 import org.sleuthkit.autopsy.casemodule.Case;
32 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
33 import org.sleuthkit.autopsy.coreutils.Logger;
34 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
35 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
36 import org.sleuthkit.autopsy.ingest.IngestServices;
37 import org.sleuthkit.autopsy.ingest.IngestMessage;
38 import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
39 import org.sleuthkit.datamodel.Content;
40 import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
41 import org.sleuthkit.autopsy.ingest.IngestJobContext;
42 
46 public final class RAImageIngestModule implements DataSourceIngestModule {
47 
48  private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
49  private final List<Extract> extractors = new ArrayList<>();
50  private final List<Extract> browserExtractors = new ArrayList<>();
51  private IngestServices services = IngestServices.getInstance();
52  private IngestJobContext context;
53  private StringBuilder subCompleted = new StringBuilder();
54 
55  RAImageIngestModule() {
56  }
57 
58  @Override
59  public void startUp(IngestJobContext context) throws IngestModuleException {
60  this.context = context;
61 
62  Extract iexplore;
63  Extract edge;
64  try {
65  iexplore = new ExtractIE();
66  edge = new ExtractEdge();
67  } catch (NoCurrentCaseException ex) {
68  throw new IngestModuleException(ex.getMessage(), ex);
69  }
70 
71  Extract registry = new ExtractRegistry();
72  Extract recentDocuments = new RecentDocumentsByLnk();
73  Extract chrome = new Chromium();
74  Extract firefox = new Firefox();
75  Extract SEUQA = new SearchEngineURLQueryAnalyzer();
76  Extract osExtract = new ExtractOs();
77  Extract dataSourceAnalyzer = new DataSourceUsageAnalyzer();
78  Extract safari = new ExtractSafari();
79  Extract zoneInfo = new ExtractZoneIdentifier();
80  Extract recycleBin = new ExtractRecycleBin();
81  Extract sru = new ExtractSru();
82  Extract prefetch = new ExtractPrefetch();
83  Extract webAccountType = new ExtractWebAccountType();
84  Extract messageDomainType = new DomainCategoryRunner();
85 
86  extractors.add(chrome);
87  extractors.add(firefox);
88  extractors.add(iexplore);
89  extractors.add(edge);
90  extractors.add(safari);
91  extractors.add(recentDocuments);
92  extractors.add(SEUQA); // this needs to run after the web browser modules
93  extractors.add(webAccountType); // this needs to run after the web browser modules
94  extractors.add(registry); // this should run after quicker modules like the browser modules and needs to run before the DataSourceUsageAnalyzer
95  extractors.add(osExtract); // this needs to run before the DataSourceUsageAnalyzer
96  extractors.add(dataSourceAnalyzer); //this needs to run after ExtractRegistry and ExtractOs
97  extractors.add(zoneInfo); // this needs to run after the web browser modules
98  extractors.add(recycleBin); // this needs to run after ExtractRegistry and ExtractOS
99  extractors.add(sru);
100  extractors.add(prefetch);
101  extractors.add(messageDomainType);
102 
103  browserExtractors.add(chrome);
104  browserExtractors.add(firefox);
105  browserExtractors.add(iexplore);
106  browserExtractors.add(edge);
107  browserExtractors.add(safari);
108 
109  for (Extract extractor : extractors) {
110  extractor.init();
111  }
112  }
113 
114  @Override
115  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
116  services.postMessage(IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
117  NbBundle.getMessage(this.getClass(),
118  "RAImageIngestModule.process.started",
119  dataSource.getName())));
120 
121  progressBar.switchToDeterminate(extractors.size());
122 
123  ArrayList<String> errors = new ArrayList<>();
124 
125  for (int i = 0; i < extractors.size(); i++) {
126  Extract extracter = extractors.get(i);
127  if (context.dataSourceIngestIsCancelled()) {
128  logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS
129  break;
130  }
131 
132  progressBar.progress(extracter.getName(), i);
133 
134  try {
135  extracter.process(dataSource, context, progressBar);
136  } catch (Exception ex) {
137  logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex); //NON-NLS
138  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed",
139  extracter.getName()));
140  errors.add(
141  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", RecentActivityExtracterModuleFactory.getModuleName()));
142  }
143  progressBar.progress(i + 1);
144  errors.addAll(extracter.getErrorMessages());
145  }
146 
147  // create the final message for inbox
148  StringBuilder errorMessage = new StringBuilder();
149  String errorMsgSubject;
150  MessageType msgLevel = MessageType.INFO;
151  if (errors.isEmpty() == false) {
152  msgLevel = MessageType.ERROR;
153  errorMessage.append(
154  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
155  for (String msg : errors) {
156  errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
157  }
158  errorMessage.append("</ul>\n"); //NON-NLS
159 
160  if (errors.size() == 1) {
161  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
162  } else {
163  errorMsgSubject = NbBundle.getMessage(this.getClass(),
164  "RAImageIngestModule.process.errMsgSub.nErrs", errors.size());
165  }
166  } else {
167  errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs"));
168  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs");
169  }
170  final IngestMessage msg = IngestMessage.createMessage(msgLevel, RecentActivityExtracterModuleFactory.getModuleName(),
171  NbBundle.getMessage(this.getClass(),
172  "RAImageIngestModule.process.ingestMsg.finished",
173  dataSource.getName(), errorMsgSubject),
174  errorMessage.toString());
175  services.postMessage(msg);
176 
177  StringBuilder historyMsg = new StringBuilder();
178  historyMsg.append(
179  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
180  for (Extract module : browserExtractors) {
181  historyMsg.append("<li>").append(module.getName()); //NON-NLS
182  historyMsg.append(": ").append((module.foundData()) ? NbBundle
183  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
184  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
185  historyMsg.append("</li>"); //NON-NLS
186  }
187  historyMsg.append("</ul>"); //NON-NLS
188  final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
189  NbBundle.getMessage(this.getClass(),
190  "RAImageIngestModule.process.ingestMsg.results",
191  dataSource.getName()),
192  historyMsg.toString());
193  services.postMessage(inboxMsg);
194 
195  if (context.dataSourceIngestIsCancelled()) {
196  return ProcessResult.OK;
197  }
198 
199  for (int i = 0; i < extractors.size(); i++) {
200  Extract extracter = extractors.get(i);
201  try {
202  extracter.complete();
203  } catch (Exception ex) {
204  logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex); //NON-NLS
205  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed",
206  extracter.getName()));
207  }
208  }
209 
210  return ProcessResult.OK;
211  }
212 
223  protected static String getRATempPath(Case a_case, String mod) {
224  String tmpDir = a_case.getTempDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
225  File dir = new File(tmpDir);
226  if (dir.exists() == false) {
227  dir.mkdirs();
228  }
229  return tmpDir;
230  }
231 
242  protected static String getRAOutputPath(Case a_case, String mod) {
243  String tmpDir = a_case.getModuleDirectory() + File.separator + "RecentActivity" + File.separator + mod; //NON-NLS
244  File dir = new File(tmpDir);
245  if (dir.exists() == false) {
246  dir.mkdirs();
247  }
248  return tmpDir;
249  }
250 
257  static String getRelModuleOutputPath() throws NoCurrentCaseException {
258  return Paths.get(Case.getCurrentCaseThrows().getModuleOutputDirectoryRelativePath(),
259  "RecentActivity").normalize().toString() ; //NON-NLS
260  }
261 }
org.sleuthkit.autopsy.ingest.IngestMessage.createMessage
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
Definition: IngestMessage.java:183
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.process
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar)
Definition: RAImageIngestModule.java:115
org.sleuthkit.autopsy.ingest.IngestServices.postMessage
void postMessage(final IngestMessage message)
Definition: IngestServices.java:97
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition: IngestServices.java:51

Copyright © 2012-2021 Basis Technology. Generated on: Tue Jan 19 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.