Autopsy  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule Class Reference

Inherits org.sleuthkit.autopsy.ingest.DataSourceIngestModule.

Classes

class  HashData
 
enum  HashType
 
enum  Mode
 

Public Member Functions

ProcessResult process (Content dataSource, DataSourceIngestModuleProgress statusHelper)
 
default void shutDown ()
 
void startUp (IngestJobContext context) throws IngestModuleException
 

Private Attributes

final boolean computeHashes
 
IngestJobContext context
 
final List< HashDatahashDataList = new ArrayList<>()
 
final boolean verifyHashes
 

Static Private Attributes

static final long DEFAULT_CHUNK_SIZE = 32 * 1024
 
static final Logger logger = Logger.getLogger(DataSourceIntegrityIngestModule.class.getName())
 
static final IngestServices services = IngestServices.getInstance()
 

Detailed Description

Data source ingest module that verifies the integrity of an Expert Witness Format (EWF) E01 image file by generating a hash of the file and comparing it to the value stored in the image. Will also generate hashes for any image-type data source that has none.

Definition at line 52 of file DataSourceIntegrityIngestModule.java.

Member Function Documentation

ProcessResult org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.process ( Content  dataSource,
DataSourceIngestModuleProgress  progressBar 
)

Processes a data source. Called once between calls to startUp() and shutDown().

Parameters
dataSourceThe data source to process.
progressBarA progress bar to be used to report progress.
Returns
A result code indicating success or failure of the processing.

Implements org.sleuthkit.autopsy.ingest.DataSourceIngestModule.

Definition at line 116 of file DataSourceIntegrityIngestModule.java.

References org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.Mode.COMPUTE, org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.computeHashes, org.sleuthkit.autopsy.ingest.IngestMessage.createMessage(), org.sleuthkit.autopsy.ingest.IngestJobContext.dataSourceIngestIsCancelled(), org.sleuthkit.autopsy.ingest.IngestMessage.MessageType.ERROR, org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.casemodule.services.Services.getArtifactsBlackboard(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.ingest.IngestMessage.MessageType.INFO, org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.HashType.MD5, org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, org.sleuthkit.autopsy.ingest.IngestServices.postMessage(), org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.progress(), org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.HashType.SHA1, org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.HashType.SHA256, org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.switchToDeterminate(), org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.Mode.VERIFY, org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.verifyHashes, and org.sleuthkit.autopsy.ingest.IngestMessage.MessageType.WARNING.

default void org.sleuthkit.autopsy.ingest.IngestModule.shutDown ( )
inherited

Invoked by Autopsy when an ingest job is completed (either because the data has been analyzed or because the job was cancelled), before the ingest module instance is discarded. The module should respond by doing things like releasing private resources, submitting final results, and posting a final ingest message.

IMPORTANT: If the module instances must share resources, the modules are responsible for synchronizing access to the shared resources and doing reference counting as required to release those resources correctly. Also, more than one ingest job may be in progress at any given time. This must also be taken into consideration when sharing resources between module instances. See IngestModuleReferenceCounter.

Implemented in org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule, org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule, org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule, org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule, org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule, org.sleuthkit.autopsy.modules.embeddedfileextractor.EmbeddedFileExtractorIngestModule, org.sleuthkit.autopsy.modules.yara.YaraIngestModule, and org.sleuthkit.autopsy.ingest.FileIngestModuleAdapter.

Definition at line 86 of file IngestModule.java.

void org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.startUp ( IngestJobContext  context) throws IngestModuleException

Invoked by Autopsy to allow an ingest module instance to set up any internal data structures and acquire any private resources it will need during an ingest job. If the module depends on loading any resources, it should do so in this method so that it can throw an exception in the case of an error and alert the user. Exceptions that are thrown from startUp() are logged and stop processing of the data source.

IMPORTANT: If the module instances must share resources, the modules are responsible for synchronizing access to the shared resources and doing reference counting as required to release those resources correctly. Also, more than one ingest job may be in progress at any given time. This must also be taken into consideration when sharing resources between module instances. See IngestModuleReferenceCounter.

Parameters
contextProvides data and services specific to the ingest job and the ingest pipeline of which the module is a part.
Exceptions
org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException

Implements org.sleuthkit.autopsy.ingest.IngestModule.

Definition at line 74 of file DataSourceIntegrityIngestModule.java.

References org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.context.

Member Data Documentation

final boolean org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.computeHashes
private
IngestJobContext org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.context
private
final long org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.DEFAULT_CHUNK_SIZE = 32 * 1024
staticprivate

Definition at line 55 of file DataSourceIntegrityIngestModule.java.

final List<HashData> org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.hashDataList = new ArrayList<>()
private

Definition at line 61 of file DataSourceIntegrityIngestModule.java.

final Logger org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.logger = Logger.getLogger(DataSourceIntegrityIngestModule.class.getName())
staticprivate

Definition at line 54 of file DataSourceIntegrityIngestModule.java.

final IngestServices org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.services = IngestServices.getInstance()
staticprivate

Definition at line 56 of file DataSourceIntegrityIngestModule.java.

final boolean org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityIngestModule.verifyHashes
private

The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.