Hi there, i am trying to create a new artifact but its always giving me the exception "INFO: Artifacts Creation Error, TSK_DEEP_FAKE_DETECT ".
What am i doing wrong?
I would suggest first switching to the getOrAddArtifactType() in the Blackboard class, since it’s possible the issue is that the artifact already exists.
You can access the Blackboard through getBlackboard() on the SleuthkitCase object. It would also help to print out the exception being returned.
@Sara_Ferreira , I would concur with @apriestman that the issue likely resides with similar artifact types in which the error is detecting as part of it’s algorithm of comparing and identifying one of the various artifacts as being similar, yet distinct. Maybe try working to ensure whichever artifacts and creation code you’re using distinctly separates the variables. Just a thought.
im only creating one new artifact and one new attribute in that artifact. Are you saying that the names are coliding with the artifacts types defined by autopsy?
More that you might be defining your new type multiple times in the same case. But again, it would be helpful if you could print out the actual exceptions that are coming back. Otherwise it is impossible to know what is wrong.
Something that might be coming into play here is that under the covers Autopsy makes N copies of a module, one for each ingest thread. If the new artifact type is created in the startUp method of the module, then every module copy other than the first will experience a duplicate type error.
The way to handle this is with IngestModuleReferenceCounter so that only the first module instance creates the artifact type. There are examples of the use of IngestModuleReferenceCounter in several places in the code base.
This only applies to file level ingest modules. Only one thread is used to run the data source level ingest modules pipeline.
I’m not a python person, but the issue may be that you’ve moved outside the scope of the first try block which means artId isn’t set. You could try printing it out to check.
Also, you could save the BlackboardArtifact.Type object that’s returned from addBlackboardArtifactType() and then call getTypeID() on it instead of having the separate call to getArtifactTypeID().
I replied to your email but to help anyone else out in the future here is what you can do. This uses what Ann suggested before using the getOrAddArtifactType. You will also need to use the getOrAddAttributeType as well.
# Use blackboard class to index blackboard artifacts for keyword search
blackboard = Case.getCurrentCase().getServices().getBlackboard()
#create artifact
artId = blackboard.getOrAddArtifactType("TSK_SOME_ARTIFACT", "Description")
artifact = file.newArtifact(artId.getTypeID())
#create attribute
attId = blackboard.getOrAddAttributeType("TSK_SOME_ATTRIBUTE", BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Description")
atribute=BlackboardAttribute(attId, moduleName, data)
try:
artifact.addAttribute(atribute)
except:
self.log(Level.INFO, "Error adding attribute to artifact")
try:
blackboard.postArtifact(artifact, moduleName)
except:
self.log(Level.INFO, "Error posting artifact")
For anyone else having issues creating the custom artifact. There is a slight update for Marks answer, postArtifact looks to be indexArtifact according to the source above. I have tested this with 4.19.1
Hi I have referred to this code to create an artifact of Direct Messages but I want to display multiple things along with text such as time and type. How do I implement Arrays.asList over here? If I send my code could you please help? Thanks.
I could manage to create multiple entries but all came on separate line when the time and type related to the message should be on same line. (My timestamps are also wrong for some reason)
