def process(self, dataSource, progressBar):
# Set the ogress bar to an Indeterminate state for now
progressBar.switchToIndeterminate()
# Return if we're not running on a windows sytem
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO,
"Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# Save our output to a file in the reports folder
# named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() +
"\\Reports" + "\\img_stat-" +
str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to the report
# Check if the ingest is terminated and
# delete the incomplete report file
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd)
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder,
DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE",
"img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,
"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
def process(self, dataSource, progressBar):
# we don't know how much work there will be
progressBar.switchToIndeterminate()
# Example has only a Windows EXE, so bail if we aren't on Windows
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO,
"Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# We'll save our output to a file in the reports folder, named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() +
"\\Reports" + "\\img_stat-" +
str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to the report
# Check if the ingest is terminated and delete the incomplete report file
# Do not add report to the case tree if the ingest is cancelled before finish.
# This can be done by using IngestJobContext.dataSourceIngestIsCancelled
# See: http://sleuthkit.org/autopsy/docs/api-docs/4.7.0/_ingest_job_context_8java.html
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd)
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder,
DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE",
"img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,
"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
def process(self, dataSource, progressBar):
# we don't know how much work there will be
progressBar.switchToIndeterminate()
# Example has only a Windows EXE, so bail if we aren't on Windows
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO, "Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# We'll save our output to a file in the reports folder, named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() + "\\Reports" + "\\img_stat-" + str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to the report
# Check if the ingest is terminated and delete the incomplete report file
# Do not add report to the case tree if the ingest is cancelled before finish.
# This can be done by using IngestJobContext.dataSourceIngestIsCancelled
# See: http://sleuthkit.org/autopsy/docs/api-docs/4.7.0/_ingest_job_context_8java.html
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd);
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder,DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE", "img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
def process(self, dataSource, progressBar):
# we don't know how much work there will be
progressBar.switchToIndeterminate()
# Example has only a Windows EXE, so bail if we aren't on Windows
if not PlatformUtil.isWindowsOS():
self.log(Level.INFO, "Ignoring data source. Not running on Windows")
return IngestModule.ProcessResult.OK
# Verify we have a disk image and not a folder of files
if not isinstance(dataSource, Image):
self.log(Level.INFO, "Ignoring data source. Not an image")
return IngestModule.ProcessResult.OK
# Get disk image paths
imagePaths = dataSource.getPaths()
# We'll save our output to a file in the reports folder, named based on EXE and data source ID
reportFile = File(Case.getCurrentCase().getCaseDirectory() + "\\Reports" + "\\img_stat-" + str(dataSource.getId()) + ".txt")
# Run the EXE, saving output to reportFile
# We use ExecUtil because it will deal with the user cancelling the job
self.log(Level.INFO, "Running program on data source")
cmd = ArrayList()
cmd.add(self.pathToEXE.toString())
# Add each argument in its own line. I.e. "-f foo" would be two calls to .add()
cmd.add(imagePaths[0])
processBuilder = ProcessBuilder(cmd);
processBuilder.redirectOutput(reportFile)
ExecUtil.execute(processBuilder, DataSourceIngestModuleProcessTerminator(self.context))
# Add the report to the case, so it shows up in the tree
# Do not add report to the case tree if the ingest is cancelled before finish.
if not self.context.dataSourceIngestIsCancelled():
Case.getCurrentCase().addReport(reportFile.toString(), "Run EXE", "img_stat output")
else:
if reportFile.exists():
if not reportFile.delete():
self.log(LEVEL.warning,"Error deleting the incomplete report file")
return IngestModule.ProcessResult.OK
