Package org.sleuthkit.datamodel

Examples of org.sleuthkit.datamodel.BlackboardArtifact


            // parse success: Process email and add artifacts
            processEmails(parser.getResults(), abstractFile);
        } else if (result == PstParser.ParseResult.ENCRYPT) {
            // encrypted pst: Add encrypted file artifact
            try {
                BlackboardArtifact generalInfo = abstractFile.getGenInfoArtifact();
                generalInfo.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID(),
                        EmailParserModuleFactory.getModuleName(),
                        NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.encryptionFileLevel")));
            } catch (TskCoreException ex) {
                logger.log(Level.INFO, "Failed to add encryption attribute to file: {0}", abstractFile.getName()); //NON-NLS
            }
View Full Code Here


        } else {
            bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), EmailParserModuleFactory.getModuleName(), "/foo/bar")); //NON-NLS
        }

        try {
            BlackboardArtifact bbart;
            bbart = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG);
            bbart.addAttributes(bbattributes);
        } catch (TskCoreException ex) {
            logger.log(Level.WARNING, null, ex);
        }
    }
View Full Code Here

                    logger.log(Level.SEVERE, "Error parsing Pasco results.", e); //NON-NLS
                }
            }

            try {
                BlackboardArtifact bbart = origFile.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
                Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), realurl));
                //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", EscapeUtil.decodeURL(realurl)));

                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), ftime));
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), ""));
                // @@@ NOte that other browser modules are adding TITLE in hre for the title
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.moduleName.text")));
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), domain));
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), user));
                bbart.addAttributes(bbattributes);
            } catch (TskCoreException ex) {
                logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex); //NON-NLS
            }                                   
        }
        fileScanner.close();       
View Full Code Here

                else {
                    date = Long.valueOf(0);
                }
                String domain = Util.extractDomain(url);
                try {
                    BlackboardArtifact bbart = bookmarkFile.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
                    Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
                    //TODO Revisit usage of deprecated constructor as per TSK-583
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), url));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), name));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), (date/1000000) - Long.valueOf("11644473600")));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"),
                                                             NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), domain));
                    bbart.addAttributes(bbattributes);
                } catch (TskCoreException ex) {
                    logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS
                    this.addErrorMessage(
                            NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile4",
                                                this.getName(), bookmarkFile.getName()));
View Full Code Here

        return solrHasContent(node);
    }

    @Override
    public int isPreferred(Node node) {
        BlackboardArtifact art = node.getLookup().lookup(BlackboardArtifact.class);

        if (art == null) {
            return 4;
        } else if (art.getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
            return 6;
        } else {
            return 4;
        }
    }
View Full Code Here

            if (ruleSatisfied != null) {
                try {
                    // Post an interesting files set hit artifact to the
                    // blackboard.
                    String moduleName = InterestingItemsIngestModuleFactory.getModuleName();
                    BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);

                    // Add a set name attribute to the artifact. This adds a
                    // fair amount of redundant data to the attributes table
                    // (i.e., rows that differ only in artifact id), but doing
                    // otherwise would requires reworking the interesting files
                    // set hit artifact.
                    BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), moduleName, filesSet.getName());
                    artifact.addAttribute(setNameAttribute);

                    // Add a category attribute to the artifact to record the
                    // interesting files set membership rule that was satisfied.
                    BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, ruleSatisfied);
                    artifact.addAttribute(ruleNameAttribute);

                } catch (TskCoreException ex) {
                    FilesIdentifierIngestModule.logger.log(Level.SEVERE, "Error posting to the blackboard", ex);
                }
            }
View Full Code Here

                }
            }

            // Add the attributes, if there are any, to a new artifact
            if (!attributes.isEmpty()) {
                BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF);
                bba.addAttributes(attributes);
                filesToFire = true;
            }

            return ProcessResult.OK;
        } catch (TskCoreException ex) {
View Full Code Here

            if (skCase == null) {
                return null;           
            }
           
            try {
                BlackboardArtifact art = skCase.getBlackboardArtifact(id);
                return new BlackboardArtifactNode(art);
            } catch (TskException ex) {
                logger.log(Level.WARNING, "TSK Exception occurred", ex); //NON-NLS
            }
            return null;
View Full Code Here

                if (artifactTypeId == -1) {
                    artifactTypeId = caseDb.addArtifactType(artifactData.getType(), artifactData.getType());
                }
                Content sourceFile = findFileInCaseDatabase(artifactData.getSourceFilePath());
                if (sourceFile != null) {
                    BlackboardArtifact artifact = sourceFile.newArtifact(artifactTypeId);

                    // Add the artifact's attributes to the case database.
                    Collection<BlackboardAttribute> attributes = new ArrayList<>();
                    for (ExternalResults.ArtifactAttribute attributeData : artifactData.getAttributes()) {
                        int attributeTypeId = caseDb.getAttrTypeID(attributeData.getType());
                        if (attributeTypeId == -1) {
                            attributeTypeId = caseDb.addAttrType(attributeData.getType(), attributeData.getType());
                        }
                        switch (attributeData.getValueType()) {
                            case "text": //NON-NLS
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), attributeData.getValue()));
                                break;
                            case "int32": //NON-NLS
                                int intValue = Integer.parseInt(attributeData.getValue());
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), intValue));
                                break;
                            case "int64": //NON-NLS
                                long longValue = Long.parseLong(attributeData.getValue());
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), longValue));
                                break;
                            case "double": //NON-NLS
                                double doubleValue = Double.parseDouble(attributeData.getValue());
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), doubleValue));
                                break;
                            default:
                                String errorMessage = NbBundle.getMessage(this.getClass(),
                                                                          "ExternalResultsImporter.importArtifacts.caseErrMsg1.text",
                                        attributeData.getType(), attributeData.getValue(),
                                        artifactData.getType(), artifactData.getSourceFilePath(),
                                        attributeData.getValueType());
                                ExternalResultsImporter.logger.log(Level.SEVERE, errorMessage);
                                this.errors.add(new ErrorInfo(ExternalResultsImporter.class.getName(), errorMessage));
                                break;
                        }
                    }
                    artifact.addAttributes(attributes);

                    if (standardArtifactTypeIds.contains(artifactTypeId)) {
                        IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(this.getClass().getSimpleName(), BlackboardArtifact.ARTIFACT_TYPE.fromID(artifactTypeId)));
                    }
                } else {
View Full Code Here

    @Override
    public KeywordCachedArtifact writeSingleFileHitsToBlackBoard(String termHit, AbstractFile newFsHit, String snippet, String listName) {
        final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();

        Collection<BlackboardAttribute> attributes = new ArrayList<>();
        BlackboardArtifact bba;
        KeywordCachedArtifact writeResult;
        try {
            bba = newFsHit.newArtifact(ARTIFACT_TYPE.TSK_KEYWORD_HIT);
            writeResult = new KeywordCachedArtifact(bba);
        } catch (Exception e) {
            logger.log(Level.WARNING, "Error adding bb artifact for keyword hit", e); //NON-NLS
            return null;
        }

        if (snippet != null) {
            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID(), MODULE_NAME, snippet));
        }
        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID(), MODULE_NAME, termHit));
        if ((listName != null) && (listName.equals("") == false)) {
            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), MODULE_NAME, listName));
        }
       
        //bogus - workaround the dir tree table issue
        //attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID(), MODULE_NAME, "", ""));

        //selector
        if (keywordQuery != null) {
            BlackboardAttribute.ATTRIBUTE_TYPE selType = keywordQuery.getType();
            if (selType != null) {
                attributes.add(new BlackboardAttribute(selType.getTypeID(), MODULE_NAME, termHit));
            }
        }

        try {
            bba.addAttributes(attributes); //write out to bb
            writeResult.add(attributes);
            return writeResult;
        } catch (TskException e) {
            logger.log(Level.WARNING, "Error adding bb attributes to artifact", e); //NON-NLS
        }
View Full Code Here

TOP

Related Classes of org.sleuthkit.datamodel.BlackboardArtifact

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.