Added artifact indexing to recent activity module

sleuthkit · Nov 10, 2015 · 73a5d53 · 73a5d53
1 parent fc6d01d
commit 73a5d53
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 6 deletions.
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
@@ -286,6 +286,9 @@ private void getBookmark() {
                             NbBundle.getMessage(this.getClass(),
                                     "Chrome.parentModuleName"), domain));
                     bbart.addAttributes(bbattributes);
+
+                    // index the artifact for keyword search
+                    this.indexArtifact(bbart);
                 } catch (TskCoreException ex) {
                     logger.log(Level.SEVERE, "Error while trying to insert Chrome bookmark artifact{0}", ex); //NON-NLS
                     this.addErrorMessage(

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
@@ -32,6 +32,8 @@
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.autopsy.casemodule.services.Blackboard;
+import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
 import org.sleuthkit.autopsy.ingest.IngestJobContext;
 import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
 import org.sleuthkit.datamodel.*;
@@ -75,7 +77,7 @@ protected void addErrorMessage(String message) {
     }
 
     /**
-     * Generic method for adding a blackboard artifact to the blackboard
+     * Generic method for adding a blackboard artifact to the blackboard and indexing it
      *
      * @param type         is a blackboard.artifact_type enum to determine which
      *                     type the artifact should be
@@ -89,10 +91,29 @@ protected void addArtifact(BlackboardArtifact.ARTIFACT_TYPE type, AbstractFile c
         try {
             BlackboardArtifact bbart = content.newArtifact(type);
             bbart.addAttributes(bbattributes);
+            // index the artifact for keyword search
+            this.indexArtifact(bbart);
         } catch (TskException ex) {
             logger.log(Level.SEVERE, "Error while trying to add an artifact", ex); //NON-NLS
         }
     }
+
+    /**
+     * Method to index a blackboard artifact for keyword search
+     *
+     * @param bbart Blackboard artifact to be indexed
+     */
+    void indexArtifact(BlackboardArtifact bbart) {
+        Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
+        try {
+            // index the artifact for keyword search
+            blackboard.indexArtifact(bbart);
+        } catch (Blackboard.BlackboardException ex) {
+            logger.log(Level.SEVERE, NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.error.msg", bbart.getDisplayName()), ex); //NON-NLS
+            MessageNotifyUtil.Notify.error(
+                    NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), bbart.getDisplayName());
+        }
+    }
 
     /**
      * Returns a List from a result set based on sql query. This is used to

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
@@ -29,10 +29,8 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
-import java.io.FileWriter;
 import java.io.IOException;
 import java.io.InputStreamReader;
-import java.io.Writer;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
@@ -517,10 +515,17 @@ private void parsePascoOutput(AbstractFile origFile, String pascoOutputFileName)
                                 "ExtractIE.parentModuleName.noSpace"), user));
                 bbart.addAttributes(bbattributes);
 
+                // index the artifact for keyword search
+                this.indexArtifact(bbart);
+
                 if ((!user.isEmpty()) && (!reportedUserAccounts.contains(user))) {
                     BlackboardArtifact osAttr = origFile.newArtifact(ARTIFACT_TYPE.TSK_OS_ACCOUNT);
                     osAttr.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME.getTypeID(),
                             NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName.noSpace"), user));
+
+                    // index the artifact for keyword search
+                    this.indexArtifact(osAttr);
+
                     reportedUserAccounts.add(user);
                 }
             } catch (TskCoreException ex) {

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -43,8 +43,6 @@
 import org.sleuthkit.datamodel.*;
 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
-import org.sleuthkit.datamodel.OSUtility; // TEMP
-import org.sleuthkit.autopsy.casemodule.Case;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -427,6 +425,9 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                         if (results.isEmpty()) {
                             BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_OS_INFO);
                             bbart.addAttributes(bbattributes);
+
+                            // index the artifact for keyword search
+                            this.indexArtifact(bbart);
                         } else {
                             results.get(0).addAttributes(bbattributes);
                         }
@@ -473,6 +474,9 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                         if (results.isEmpty()) {
                             BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_OS_INFO);
                             bbart.addAttributes(bbattributes);
+
+                            // index the artifact for keyword search
+                            this.indexArtifact(bbart);
                         } else {
                             results.get(0).addAttributes(bbattributes);
                         }
@@ -511,6 +515,9 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                         if (results.isEmpty()) {
                             BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_OS_INFO);
                             bbart.addAttributes(bbattributes);
+
+                            // index the artifact for keyword search
+                            this.indexArtifact(bbart);
                         } else {
                             results.get(0).addAttributes(bbattributes);
                         }
@@ -559,6 +566,9 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                                         bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL.getTypeID(), parentModuleName, model));
                                         bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID.getTypeID(), parentModuleName, value));
                                         bbart.addAttributes(bbattributes);
+
+                                        // index the artifact for keyword search
+                                        this.indexArtifact(bbart);
                                     } catch (TskCoreException ex) {
                                         logger.log(Level.SEVERE, "Error adding device attached artifact to blackboard."); //NON-NLS
                                     }
@@ -578,6 +588,9 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                                         bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), parentModuleName, itemMtime));
                                         BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
                                         bbart.addAttributes(bbattributes);
+
+                                        // index the artifact for keyword search
+                                        this.indexArtifact(bbart);
                                     } catch (TskCoreException ex) {
                                         logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard."); //NON-NLS
                                     }
@@ -595,6 +608,9 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                                         bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), parentModuleName, value));
                                         bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), parentModuleName, artnode.getNodeName()));
                                         bbart.addAttributes(bbattributes);
+
+                                        // index the artifact for keyword search
+                                        this.indexArtifact(bbart);
                                     } catch (TskCoreException ex) {
                                         logger.log(Level.SEVERE, "Error adding recent object artifact to blackboard."); //NON-NLS
                                     }
@@ -629,6 +645,8 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                                                 parentModuleName, sid));
                                         bbart.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH.getTypeID(),
                                                 parentModuleName, homeDir));
+                                        // index the artifact for keyword search
+                                        this.indexArtifact(bbart);
                                     } catch (TskCoreException ex) {
                                         logger.log(Level.SEVERE, "Error adding account artifact to blackboard."); //NON-NLS
                                     }
@@ -643,7 +661,8 @@ private boolean parseAutopsyPluginOutput(String regFilePath, AbstractFile regFil
                                                 parentModuleName, localPath));
                                         bbart.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REMOTE_PATH.getTypeID(),
                                                 parentModuleName, remoteName));
-
+                                        // index the artifact for keyword search
+                                        this.indexArtifact(bbart);
                                     } catch (TskCoreException ex) {
                                         logger.log(Level.SEVERE, "Error adding network artifact to blackboard."); //NON-NLS
                                     }