Autopsy  4.19.2
Graphical digital forensics platform for The Sleuth Kit and other tools.
Extract.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2021 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
25 import java.io.File;
26 import java.io.IOException;
27 import java.nio.file.Path;
28 import java.nio.file.Paths;
29 import java.sql.ResultSet;
30 import java.sql.ResultSetMetaData;
31 import java.sql.SQLException;
32 import java.util.ArrayList;
33 import java.util.Collection;
34 import java.util.Collections;
35 import java.util.HashMap;
36 import java.util.List;
37 import java.util.logging.Level;
38 import org.sleuthkit.autopsy.casemodule.Case;
39 import org.sleuthkit.autopsy.coreutils.Logger;
40 import org.sleuthkit.autopsy.coreutils.SQLiteDBConnect;
41 import org.sleuthkit.autopsy.datamodel.ContentUtils;
42 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
43 import org.sleuthkit.autopsy.ingest.IngestJobContext;
44 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
45 import org.sleuthkit.datamodel.AbstractFile;
46 import org.sleuthkit.datamodel.Blackboard;
47 import org.sleuthkit.datamodel.BlackboardArtifact;
48 import org.sleuthkit.datamodel.BlackboardArtifact.Category;
49 import org.sleuthkit.datamodel.BlackboardAttribute;
50 import org.sleuthkit.datamodel.Content;
51 import org.sleuthkit.datamodel.Score;
52 import org.sleuthkit.datamodel.SleuthkitCase;
53 import org.sleuthkit.datamodel.TskCoreException;
54 
55 abstract class Extract {
56 
57  protected final Case currentCase;
58  protected final SleuthkitCase tskCase;
59  private static final Logger logger = Logger.getLogger(Extract.class.getName());
60  private final ArrayList<String> errorMessages = new ArrayList<>();
61  private final String displayName;
62  protected boolean dataFound = false;
63  private final IngestJobContext context;
64 
72  Extract(String displayName, IngestJobContext context) {
73  this.displayName = displayName;
74  this.context = context;
75  currentCase = Case.getCurrentCase();
76  tskCase = currentCase.getSleuthkitCase();
77  }
78 
86  void startUp() throws IngestModuleException {
87  }
88 
97  abstract void process(Content dataSource, DataSourceIngestModuleProgress progressBar);
98 
103  void shutDown() {
104  }
105 
111  List<String> getErrorMessages() {
112  return Collections.unmodifiableList(errorMessages);
113  }
114 
121  protected void addErrorMessage(String message) {
122  errorMessages.add(message);
123  }
124 
137  BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type type, Content content, Collection<BlackboardAttribute> attributes) throws TskCoreException {
138  if (type.getCategory() == BlackboardArtifact.Category.DATA_ARTIFACT) {
139  return content.newDataArtifact(type, attributes);
140  } else if (type.getCategory() == BlackboardArtifact.Category.ANALYSIS_RESULT) {
141  return content.newAnalysisResult(type, Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
142  } else {
143  throw new TskCoreException("Unknown category type: " + type.getCategory().getDisplayName());
144  }
145  }
146 
158  BlackboardArtifact createAssociatedArtifact(Content content, BlackboardArtifact artifact) throws TskCoreException {
159  BlackboardAttribute attribute = new BlackboardAttribute(BlackboardAttribute.Type.TSK_ASSOCIATED_ARTIFACT, getRAModuleName(), artifact.getArtifactID());
160  return createArtifactWithAttributes(BlackboardArtifact.Type.TSK_ASSOCIATED_OBJECT, content, Collections.singletonList(attribute));
161  }
162 
168  void postArtifact(BlackboardArtifact artifact) {
169  if (artifact != null && !context.dataArtifactIngestIsCancelled()) {
170  postArtifacts(Collections.singleton(artifact));
171  }
172  }
173 
179  void postArtifacts(Collection<BlackboardArtifact> artifacts) {
180  if (artifacts != null && !artifacts.isEmpty() && !context.dataArtifactIngestIsCancelled()) {
181  try {
182  tskCase.getBlackboard().postArtifacts(artifacts, RecentActivityExtracterModuleFactory.getModuleName(), context.getJobId());
183  } catch (Blackboard.BlackboardException ex) {
184  logger.log(Level.SEVERE, "Failed to post artifacts", ex); //NON-NLS
185  }
186  }
187  }
188 
204  protected List<HashMap<String, Object>> querySQLiteDb(String path, String query) {
205  ResultSet resultSet;
206  List<HashMap<String, Object>> list;
207  String connectionString = "jdbc:sqlite:" + path; //NON-NLS
208  SQLiteDBConnect dbConnection = null;
209  try {
210  dbConnection = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
211  resultSet = dbConnection.executeQry(query);
212  list = resultSetToArrayList(resultSet);
213  } catch (SQLException ex) {
214  logger.log(Level.WARNING, "Error while trying to read into a sqlite db." + connectionString, ex); //NON-NLS
215  return Collections.<HashMap<String, Object>>emptyList();
216  } finally {
217  if (dbConnection != null) {
218  dbConnection.closeConnection();
219  }
220  }
221  return list;
222  }
223 
233  private List<HashMap<String, Object>> resultSetToArrayList(ResultSet rs) throws SQLException {
234  ResultSetMetaData md = rs.getMetaData();
235  int columns = md.getColumnCount();
236  List<HashMap<String, Object>> results = new ArrayList<>(50);
237  while (rs.next()) {
238  HashMap<String, Object> row = new HashMap<>(columns);
239  for (int i = 1; i <= columns; ++i) {
240  if (rs.getObject(i) == null) {
241  row.put(md.getColumnName(i), "");
242  } else {
243  row.put(md.getColumnName(i), rs.getObject(i));
244  }
245  }
246  results.add(row);
247  }
248  return results;
249  }
250 
256  protected String getDisplayName() {
257  return displayName;
258  }
259 
265  protected String getRAModuleName() {
266  return RecentActivityExtracterModuleFactory.getModuleName();
267  }
268 
275  public boolean foundData() {
276  return dataFound;
277  }
278 
285  protected void setFoundData(boolean foundData) {
286  dataFound = foundData;
287  }
288 
294  protected Case getCurrentCase() {
295  return this.currentCase;
296  }
297 
315  protected Collection<BlackboardAttribute> createHistoryAttributes(String url, Long accessTime,
316  String referrer, String title, String programName, String domain, String user) throws TskCoreException {
317 
318  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
319  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
320  RecentActivityExtracterModuleFactory.getModuleName(),
321  (url != null) ? url : "")); //NON-NLS
322 
323  if (accessTime != null) {
324  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
325  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
326  }
327 
328  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_REFERRER,
329  RecentActivityExtracterModuleFactory.getModuleName(),
330  (referrer != null) ? referrer : "")); //NON-NLS
331 
332  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
333  RecentActivityExtracterModuleFactory.getModuleName(),
334  (title != null) ? title : "")); //NON-NLS
335 
336  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
337  RecentActivityExtracterModuleFactory.getModuleName(),
338  (programName != null) ? programName : "")); //NON-NLS
339 
340  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
341  RecentActivityExtracterModuleFactory.getModuleName(),
342  (domain != null) ? domain : "")); //NON-NLS
343 
344  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_USER_NAME,
345  RecentActivityExtracterModuleFactory.getModuleName(),
346  (user != null) ? user : "")); //NON-NLS
347 
348  return bbattributes;
349  }
350 
363  protected Collection<BlackboardAttribute> createCookieAttributes(String url,
364  Long creationTime, Long accessTime, Long endTime, String name, String value, String programName, String domain) {
365 
366  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
367  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
368  RecentActivityExtracterModuleFactory.getModuleName(),
369  (url != null) ? url : "")); //NON-NLS
370 
371  if (creationTime != null && creationTime != 0) {
372  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
373  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
374  }
375 
376  if (accessTime != null && accessTime != 0) {
377  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
378  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
379  }
380 
381  if (endTime != null && endTime != 0) {
382  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END,
383  RecentActivityExtracterModuleFactory.getModuleName(), endTime));
384  }
385 
386  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
387  RecentActivityExtracterModuleFactory.getModuleName(),
388  (name != null) ? name : "")); //NON-NLS
389 
390  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE,
391  RecentActivityExtracterModuleFactory.getModuleName(),
392  (value != null) ? value : "")); //NON-NLS
393 
394  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
395  RecentActivityExtracterModuleFactory.getModuleName(),
396  (programName != null) ? programName : "")); //NON-NLS
397 
398  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
399  RecentActivityExtracterModuleFactory.getModuleName(),
400  (domain != null) ? domain : "")); //NON-NLS
401 
402  return bbattributes;
403  }
404 
417  protected Collection<BlackboardAttribute> createBookmarkAttributes(String url, String title, Long creationTime, String programName, String domain) {
418  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
419 
420  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
421  RecentActivityExtracterModuleFactory.getModuleName(),
422  (url != null) ? url : "")); //NON-NLS
423 
424  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE,
425  RecentActivityExtracterModuleFactory.getModuleName(),
426  (title != null) ? title : "")); //NON-NLS
427 
428  if (creationTime != null) {
429  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
430  RecentActivityExtracterModuleFactory.getModuleName(), creationTime));
431  }
432 
433  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
434  RecentActivityExtracterModuleFactory.getModuleName(),
435  (programName != null) ? programName : "")); //NON-NLS
436 
437  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
438  RecentActivityExtracterModuleFactory.getModuleName(),
439  (domain != null) ? domain : "")); //NON-NLS
440 
441  return bbattributes;
442  }
443 
455  protected Collection<BlackboardAttribute> createDownloadAttributes(String path, Long pathID, String url, Long accessTime, String domain, String programName) {
456  Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
457 
458  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
459  RecentActivityExtracterModuleFactory.getModuleName(),
460  (path != null) ? path : "")); //NON-NLS
461 
462  if (pathID != null && pathID != -1) {
463  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
464  RecentActivityExtracterModuleFactory.getModuleName(),
465  pathID));
466  }
467 
468  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
469  RecentActivityExtracterModuleFactory.getModuleName(),
470  (url != null) ? url : "")); //NON-NLS
471 
472  if (accessTime != null) {
473  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
474  RecentActivityExtracterModuleFactory.getModuleName(), accessTime));
475  }
476 
477  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN,
478  RecentActivityExtracterModuleFactory.getModuleName(),
479  (domain != null) ? domain : "")); //NON-NLS
480 
481  bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
482  RecentActivityExtracterModuleFactory.getModuleName(),
483  (programName != null) ? programName : "")); //NON-NLS
484 
485  return bbattributes;
486  }
487 
500  protected File createTemporaryFile(AbstractFile file) throws IOException {
501  Path tempFilePath = Paths.get(RAImageIngestModule.getRATempPath(getCurrentCase(), getDisplayName(), context.getJobId()), file.getName() + file.getId() + file.getNameExtension());
502  java.io.File tempFile = tempFilePath.toFile();
503  ContentUtils.writeToFile(file, tempFile, context::dataSourceIngestIsCancelled);
504  return tempFile;
505  }
506 
507 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:52

Copyright © 2012-2021 Basis Technology. Generated on: Tue Feb 22 2022
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.