Package org.sleuthkit.datamodel

Examples of org.sleuthkit.datamodel.BlackboardArtifact

142
143
144
145
146
147
148
149
150
151
152
153
            // parse success: Process email and add artifacts
            processEmails(parser.getResults(), abstractFile);
        } else if (result == PstParser.ParseResult.ENCRYPT) {
            // encrypted pst: Add encrypted file artifact
            try {
                BlackboardArtifact generalInfo = abstractFile.getGenInfoArtifact();
                generalInfo.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID(),
                        EmailParserModuleFactory.getModuleName(),
                        NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.encryptionFileLevel")));
            } catch (TskCoreException ex) {
                logger.log(Level.INFO, "Failed to add encryption attribute to file: {0}", abstractFile.getName()); //NON-NLS
            }
View Full Code Here
384
385
386
387
388
389
390
391
392
393
394
395
        } else {
            bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(), EmailParserModuleFactory.getModuleName(), "/foo/bar")); //NON-NLS
        }

        try {
            BlackboardArtifact bbart;
            bbart = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG);
            bbart.addAttributes(bbattributes);
        } catch (TskCoreException ex) {
            logger.log(Level.WARNING, null, ex);
        }
    }
View Full Code Here
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
                    logger.log(Level.SEVERE, "Error parsing Pasco results.", e); //NON-NLS
                }
            }

            try {
                BlackboardArtifact bbart = origFile.newArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY);
                Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), realurl));
                //bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL_DECODED.getTypeID(), "RecentActivity", EscapeUtil.decodeURL(realurl)));

                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), ftime));
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REFERRER.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), ""));
                // @@@ NOte that other browser modules are adding TITLE in hre for the title
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.moduleName.text")));
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), domain));
                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
                                                         NbBundle.getMessage(this.getClass(),
                                                                             "ExtractIE.parentModuleName.noSpace"), user));
                bbart.addAttributes(bbattributes);
            } catch (TskCoreException ex) {
                logger.log(Level.SEVERE, "Error writing Internet Explorer web history artifact to the blackboard.", ex); //NON-NLS
            }                                   
        }
        fileScanner.close();       
View Full Code Here
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
                else {
                    date = Long.valueOf(0);
                }
                String domain = Util.extractDomain(url);
                try {
                    BlackboardArtifact bbart = bookmarkFile.newArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
                    Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
                    //TODO Revisit usage of deprecated constructor as per TSK-583
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_URL.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), url));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_TITLE.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), name));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), (date/1000000) - Long.valueOf("11644473600")));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"),
                                                             NbBundle.getMessage(this.getClass(), "Chrome.moduleName")));
                    bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN.getTypeID(),
                                                             NbBundle.getMessage(this.getClass(),
                                                                                 "Chrome.parentModuleName"), domain));
                    bbart.addAttributes(bbattributes);
                } catch (TskCoreException ex) {
                    logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS
                    this.addErrorMessage(
                            NbBundle.getMessage(this.getClass(), "Chrome.getBookmark.errMsg.errAnalyzingFile4",
                                                this.getName(), bookmarkFile.getName()));
View Full Code Here
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
        return solrHasContent(node);
    }

    @Override
    public int isPreferred(Node node) {
        BlackboardArtifact art = node.getLookup().lookup(BlackboardArtifact.class);

        if (art == null) {
            return 4;
        } else if (art.getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
            return 6;
        } else {
            return 4;
        }
    }
View Full Code Here
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
            if (ruleSatisfied != null) {
                try {
                    // Post an interesting files set hit artifact to the
                    // blackboard.
                    String moduleName = InterestingItemsIngestModuleFactory.getModuleName();
                    BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);

                    // Add a set name attribute to the artifact. This adds a
                    // fair amount of redundant data to the attributes table
                    // (i.e., rows that differ only in artifact id), but doing
                    // otherwise would requires reworking the interesting files
                    // set hit artifact.
                    BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), moduleName, filesSet.getName());
                    artifact.addAttribute(setNameAttribute);

                    // Add a category attribute to the artifact to record the
                    // interesting files set membership rule that was satisfied.
                    BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, ruleSatisfied);
                    artifact.addAttribute(ruleNameAttribute);

                } catch (TskCoreException ex) {
                    FilesIdentifierIngestModule.logger.log(Level.SEVERE, "Error posting to the blackboard", ex);
                }
            }
View Full Code Here
152
153
154
155
156
157
158
159
160
161
162
163
                }
            }

            // Add the attributes, if there are any, to a new artifact
            if (!attributes.isEmpty()) {
                BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF);
                bba.addAttributes(attributes);
                filesToFire = true;
            }

            return ProcessResult.OK;
        } catch (TskCoreException ex) {
View Full Code Here
326
327
328
329
330
331
332
333
334
335
336
            if (skCase == null) {
                return null;           
            }
           
            try {
                BlackboardArtifact art = skCase.getBlackboardArtifact(id);
                return new BlackboardArtifactNode(art);
            } catch (TskException ex) {
                logger.log(Level.WARNING, "TSK Exception occurred", ex); //NON-NLS
            }
            return null;
View Full Code Here
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
                if (artifactTypeId == -1) {
                    artifactTypeId = caseDb.addArtifactType(artifactData.getType(), artifactData.getType());
                }
                Content sourceFile = findFileInCaseDatabase(artifactData.getSourceFilePath());
                if (sourceFile != null) {
                    BlackboardArtifact artifact = sourceFile.newArtifact(artifactTypeId);

                    // Add the artifact's attributes to the case database.
                    Collection<BlackboardAttribute> attributes = new ArrayList<>();
                    for (ExternalResults.ArtifactAttribute attributeData : artifactData.getAttributes()) {
                        int attributeTypeId = caseDb.getAttrTypeID(attributeData.getType());
                        if (attributeTypeId == -1) {
                            attributeTypeId = caseDb.addAttrType(attributeData.getType(), attributeData.getType());
                        }
                        switch (attributeData.getValueType()) {
                            case "text": //NON-NLS
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), attributeData.getValue()));
                                break;
                            case "int32": //NON-NLS
                                int intValue = Integer.parseInt(attributeData.getValue());
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), intValue));
                                break;
                            case "int64": //NON-NLS
                                long longValue = Long.parseLong(attributeData.getValue());
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), longValue));
                                break;
                            case "double": //NON-NLS
                                double doubleValue = Double.parseDouble(attributeData.getValue());
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), doubleValue));
                                break;
                            default:
                                String errorMessage = NbBundle.getMessage(this.getClass(),
                                                                          "ExternalResultsImporter.importArtifacts.caseErrMsg1.text",
                                        attributeData.getType(), attributeData.getValue(),
                                        artifactData.getType(), artifactData.getSourceFilePath(),
                                        attributeData.getValueType());
                                ExternalResultsImporter.logger.log(Level.SEVERE, errorMessage);
                                this.errors.add(new ErrorInfo(ExternalResultsImporter.class.getName(), errorMessage));
                                break;
                        }
                    }
                    artifact.addAttributes(attributes);

                    if (standardArtifactTypeIds.contains(artifactTypeId)) {
                        IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(this.getClass().getSimpleName(), BlackboardArtifact.ARTIFACT_TYPE.fromID(artifactTypeId)));
                    }
                } else {
View Full Code Here
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
    @Override
    public KeywordCachedArtifact writeSingleFileHitsToBlackBoard(String termHit, AbstractFile newFsHit, String snippet, String listName) {
        final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();

        Collection<BlackboardAttribute> attributes = new ArrayList<>();
        BlackboardArtifact bba;
        KeywordCachedArtifact writeResult;
        try {
            bba = newFsHit.newArtifact(ARTIFACT_TYPE.TSK_KEYWORD_HIT);
            writeResult = new KeywordCachedArtifact(bba);
        } catch (Exception e) {
            logger.log(Level.WARNING, "Error adding bb artifact for keyword hit", e); //NON-NLS
            return null;
        }

        if (snippet != null) {
            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID(), MODULE_NAME, snippet));
        }
        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID(), MODULE_NAME, termHit));
        if ((listName != null) && (listName.equals("") == false)) {
            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), MODULE_NAME, listName));
        }
       
        //bogus - workaround the dir tree table issue
        //attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID(), MODULE_NAME, "", ""));

        //selector
        if (keywordQuery != null) {
            BlackboardAttribute.ATTRIBUTE_TYPE selType = keywordQuery.getType();
            if (selType != null) {
                attributes.add(new BlackboardAttribute(selType.getTypeID(), MODULE_NAME, termHit));
            }
        }

        try {
            bba.addAttributes(attributes); //write out to bb
            writeResult.add(attributes);
            return writeResult;
        } catch (TskException e) {
            logger.log(Level.WARNING, "Error adding bb attributes to artifact", e); //NON-NLS
        }
View Full Code Here
TOP

Related Classes of org.sleuthkit.datamodel.BlackboardArtifact

  • org.sleuthkit.autopsy.corecomponents.DataContentViewerArtifact
  • org.sleuthkit.autopsy.corecomponents.DataContentViewerArtifact$SelectedNodeChangedTask
  • org.sleuthkit.autopsy.datamodel.EmailExtracted$MessageFactory
  • org.sleuthkit.autopsy.datamodel.HashsetHits$HitFactory
  • org.sleuthkit.autopsy.datamodel.KeywordHits$HitsFactory
  • org.sleuthkit.autopsy.directorytree.DataResultFilterNode$GetPopupActionsDisplayableItemNodeVisitor
  • org.sleuthkit.autopsy.examples.SampleFileIngestModule
  • org.sleuthkit.autopsy.externalresults.ExternalResultsImporter
  • org.sleuthkit.autopsy.ingest.IngestMessageDetailsPanel
  • org.sleuthkit.autopsy.keywordsearch.ExtractedContentViewer
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.