Autopsy  4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
RAImageIngestModule.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2019 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.nio.file.Path;
27 import java.nio.file.Paths;
28 import java.util.ArrayList;
29 import java.util.List;
30 import java.util.logging.Level;
31 import org.openide.util.NbBundle;
32 import org.sleuthkit.autopsy.casemodule.Case;
33 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
34 import org.sleuthkit.autopsy.coreutils.Logger;
35 import org.sleuthkit.autopsy.coreutils.TimeStampUtils;
36 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
37 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
38 import org.sleuthkit.autopsy.ingest.IngestServices;
39 import org.sleuthkit.autopsy.ingest.IngestMessage;
40 import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
41 import org.sleuthkit.datamodel.Content;
42 import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
43 import org.sleuthkit.autopsy.ingest.IngestJobContext;
44 import org.sleuthkit.datamodel.DataSource;
45 import org.sleuthkit.datamodel.SleuthkitCase;
46 
50 public final class RAImageIngestModule implements DataSourceIngestModule {
51 
52  private static final String RECENT_ACTIVITY_FOLDER = "RecentActivity";
53  private static final Logger logger = Logger.getLogger(RAImageIngestModule.class.getName());
54  private final List<Extract> extractors = new ArrayList<>();
55  private final List<Extract> browserExtractors = new ArrayList<>();
56  private final IngestServices services = IngestServices.getInstance();
57  private IngestJobContext context;
58  private final StringBuilder subCompleted = new StringBuilder();
59  protected SleuthkitCase tskCase;
60  private RAOsAccountCache accountCache = new RAOsAccountCache();
61 
62  RAImageIngestModule() {
63  }
64 
65  @Override
66  public void startUp(IngestJobContext context) throws IngestModuleException {
67  this.context = context;
68 
69  tskCase = Case.getCurrentCase().getSleuthkitCase();
70 
71  Extract iexplore = new ExtractIE();
72  Extract edge = new ExtractEdge();
73  Extract registry = new ExtractRegistry();
74  Extract recentDocuments = new RecentDocumentsByLnk();
75  Extract chrome = new Chromium();
76  Extract firefox = new Firefox();
77  Extract SEUQA = new SearchEngineURLQueryAnalyzer();
78  Extract osExtract = new ExtractOs();
79  Extract dataSourceAnalyzer = new DataSourceUsageAnalyzer();
80  Extract safari = new ExtractSafari();
81  Extract zoneInfo = new ExtractZoneIdentifier();
82  Extract recycleBin = new ExtractRecycleBin();
83  Extract sru = new ExtractSru();
84  Extract prefetch = new ExtractPrefetch();
85  Extract webAccountType = new ExtractWebAccountType();
86  Extract messageDomainType = new DomainCategoryRunner();
87  Extract jumpList = new ExtractJumpLists();
88 
89  extractors.add(recycleBin);
90  extractors.add(jumpList);
91  extractors.add(recentDocuments);
92  extractors.add(registry); // needs to run before the DataSourceUsageAnalyzer
93  extractors.add(osExtract); // this needs to run before the DataSourceUsageAnalyzer
94  extractors.add(dataSourceAnalyzer); //this needs to run after ExtractRegistry and ExtractOs
95  extractors.add(chrome);
96  extractors.add(firefox);
97  extractors.add(iexplore);
98  extractors.add(edge);
99  extractors.add(safari);
100  extractors.add(SEUQA); // this needs to run after the web browser modules
101  extractors.add(webAccountType); // this needs to run after the web browser modules
102  extractors.add(zoneInfo); // this needs to run after the web browser modules
103  extractors.add(sru);
104  extractors.add(prefetch);
105  extractors.add(messageDomainType);
106 
107  browserExtractors.add(chrome);
108  browserExtractors.add(firefox);
109  browserExtractors.add(iexplore);
110  browserExtractors.add(edge);
111  browserExtractors.add(safari);
112 
113  for (Extract extractor : extractors) {
114  extractor.init();
115  }
116  }
117 
118  @Override
119  public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
120  services.postMessage(IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
121  NbBundle.getMessage(this.getClass(),
122  "RAImageIngestModule.process.started",
123  dataSource.getName())));
124 
125  progressBar.switchToDeterminate(extractors.size());
126 
127  ArrayList<String> errors = new ArrayList<>();
128 
129  for (int i = 0; i < extractors.size(); i++) {
130  Extract extracter = extractors.get(i);
131  if (context.dataSourceIngestIsCancelled()) {
132  logger.log(Level.INFO, "Recent Activity has been canceled, quitting before {0}", extracter.getName()); //NON-NLS
133  break;
134  }
135 
136  progressBar.progress(extracter.getName(), i);
137 
138  try {
139  extracter.process(dataSource, context, progressBar, accountCache);
140  if (extracter instanceof ExtractRegistry) {
141  accountCache.initialize(tskCase, ((DataSource) dataSource).getHost());
142  }
143  } catch (Exception ex) {
144  logger.log(Level.SEVERE, "Exception occurred in " + extracter.getName(), ex); //NON-NLS
145  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModFailed",
146  extracter.getName()));
147  errors.add(
148  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errModErrs", RecentActivityExtracterModuleFactory.getModuleName()));
149  }
150  progressBar.progress(i + 1);
151  errors.addAll(extracter.getErrorMessages());
152  }
153 
154  // create the final message for inbox
155  StringBuilder errorMessage = new StringBuilder();
156  String errorMsgSubject;
157  MessageType msgLevel = MessageType.INFO;
158  if (errors.isEmpty() == false) {
159  msgLevel = MessageType.ERROR;
160  errorMessage.append(
161  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.errsEncountered"));
162  for (String msg : errors) {
163  errorMessage.append("<li>").append(msg).append("</li>\n"); //NON-NLS
164  }
165  errorMessage.append("</ul>\n"); //NON-NLS
166 
167  if (errors.size() == 1) {
168  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.oneErr");
169  } else {
170  errorMsgSubject = NbBundle.getMessage(this.getClass(),
171  "RAImageIngestModule.process.errMsgSub.nErrs", errors.size());
172  }
173  } else {
174  errorMessage.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsg.noErrs"));
175  errorMsgSubject = NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.errMsgSub.noErrs");
176  }
177  final IngestMessage msg = IngestMessage.createMessage(msgLevel, RecentActivityExtracterModuleFactory.getModuleName(),
178  NbBundle.getMessage(this.getClass(),
179  "RAImageIngestModule.process.ingestMsg.finished",
180  dataSource.getName(), errorMsgSubject),
181  errorMessage.toString());
182  services.postMessage(msg);
183 
184  StringBuilder historyMsg = new StringBuilder();
185  historyMsg.append(
186  NbBundle.getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.title", dataSource.getName()));
187  for (Extract module : browserExtractors) {
188  historyMsg.append("<li>").append(module.getName()); //NON-NLS
189  historyMsg.append(": ").append((module.foundData()) ? NbBundle
190  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.found") : NbBundle
191  .getMessage(this.getClass(), "RAImageIngestModule.process.histMsg.notFnd"));
192  historyMsg.append("</li>"); //NON-NLS
193  }
194  historyMsg.append("</ul>"); //NON-NLS
195  final IngestMessage inboxMsg = IngestMessage.createMessage(MessageType.INFO, RecentActivityExtracterModuleFactory.getModuleName(),
196  NbBundle.getMessage(this.getClass(),
197  "RAImageIngestModule.process.ingestMsg.results",
198  dataSource.getName()),
199  historyMsg.toString());
200  services.postMessage(inboxMsg);
201 
202  if (context.dataSourceIngestIsCancelled()) {
203  return ProcessResult.OK;
204  }
205 
206  for (int i = 0; i < extractors.size(); i++) {
207  Extract extracter = extractors.get(i);
208  try {
209  extracter.complete();
210  } catch (Exception ex) {
211  logger.log(Level.SEVERE, "Exception occurred when completing " + extracter.getName(), ex); //NON-NLS
212  subCompleted.append(NbBundle.getMessage(this.getClass(), "RAImageIngestModule.complete.errMsg.failed",
213  extracter.getName()));
214  }
215  }
216 
217  return ProcessResult.OK;
218  }
219 
231  private static String getAndMakeRAPath(String basePath, String module, long ingestJobId) {
232  String moduleFolder = String.format("%s_%d", module, ingestJobId);
233  Path tmpPath = Paths.get(basePath, RECENT_ACTIVITY_FOLDER, moduleFolder);
234  File dir = tmpPath.toFile();
235  if (dir.exists() == false) {
236  dir.mkdirs();
237  }
238  return tmpPath.toString();
239  }
240 
251  static String getRATempPath(Case a_case, String mod, long ingestJobId) {
252  return getAndMakeRAPath(a_case.getTempDirectory(), mod, ingestJobId);
253  }
254 
265  static String getRAOutputPath(Case a_case, String mod, long ingestJobId) {
266  return getAndMakeRAPath(a_case.getModuleDirectory(), mod, ingestJobId);
267  }
268 
275  static String getRelModuleOutputPath(Case autCase, String mod, long ingestJobId) {
276  return Paths.get(getAndMakeRAPath(autCase.getModuleOutputDirectoryRelativePath(), mod, ingestJobId))
277  .normalize()
278  .toString();
279  }
280 }
org.sleuthkit.autopsy.ingest.IngestMessage.createMessage
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
Definition: IngestMessage.java:183
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.process
ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar)
Definition: RAImageIngestModule.java:119
org.sleuthkit.autopsy.ingest.IngestServices.postMessage
void postMessage(final IngestMessage message)
Definition: IngestServices.java:100
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.recentactivity.RAImageIngestModule.getAndMakeRAPath
static String getAndMakeRAPath(String basePath, String module, long ingestJobId)
Definition: RAImageIngestModule.java:231
org.sleuthkit.autopsy.ingest.IngestServices.getInstance
static synchronized IngestServices getInstance()
Definition: IngestServices.java:54

Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.