Retrieve all files

lebronjames06 · September 15, 2020, 5:55pm

I am trying to write autopsy plugin in python, all what I want is get all the files and post them in interested items. How can I accomplish that below???
I am just doing test & playing around for now, and my simple goal is retrieve all files and post them to interested items.

import jarray
import inspect
import os
from java.lang import Class
from java.lang import System
from java.sql import DriverManager, SQLException
from java.util.logging import Level
from java.io import File
from org.sleuthkit.datamodel import SleuthkitCase
from org.sleuthkit.datamodel import AbstractFile
from org.sleuthkit.datamodel import ReadContentInputStream
from org.sleuthkit.datamodel import BlackboardArtifact
#from org.sleuthkit.databases import TskDBBlackboard
from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.autopsy.ingest import IngestModule
from org.sleuthkit.autopsy.ingest.IngestModule import IngestModuleException
from org.sleuthkit.autopsy.ingest import DataSourceIngestModule
from org.sleuthkit.autopsy.ingest import IngestModuleFactoryAdapter
from org.sleuthkit.autopsy.ingest import IngestMessage
from org.sleuthkit.autopsy.ingest import IngestServices
from org.sleuthkit.autopsy.ingest import ModuleDataEvent
from org.sleuthkit.autopsy.coreutils import Logger
from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.datamodel import ContentUtils
from org.sleuthkit.autopsy.casemodule.services import Services
from org.sleuthkit.autopsy.casemodule.services import FileManager
from org.sleuthkit.autopsy.casemodule.services import Blackboard

class TestIngestModuleFactory(IngestModuleFactoryAdapter):
moduleName = “TEST Analyzer"

def getModuleDisplayName(self):
    return self.moduleName

def getModuleDescription(self):
    return “Test”

def getModuleVersionNumber(self):
    return "1.0"

def isDataSourceIngestModuleFactory(self):
    return True

def createDataSourceIngestModule(self, ingestOptions):
    return TestDbIngestModule()
class SkypeDbIngestModule(DataSourceIngestModule):
_logger = Logger.getLogger(SkypeDbIngestModuleFactory.moduleName)

def log(self, level, msg):
    self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)

def __init__(self):
    self.context = None


def startUp(self, context):
    self.context = context
   
    pass
    
    
    

def process(self, dataSource, progressBar):

    test=IngestServices.getInstance()
    msgcounter = 0
    progressBar.switchToIndeterminate()
    ccase = Case.getCurrentCase().getSleuthkitCase()
    blackboard = Case.getCurrentCase().getServices().getBlackboard()
    fileManager = Case.getCurrentCase().getServices().getFileManager()
//what do do here
files = fileManager.findFiles(dataSource, “”)
numFiles = len(files)
progressBar.switchToDeterminate(numFiles)
fileCount = 0
    for file in files:
        message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
                "file name" , str(file.getName() ))
        IngestServices.getInstance().postMessage(message)

    return IngestModule.ProcessResult.OK

Nuno_Mourinho · September 16, 2020, 5:35am

Look at the official tutorial (round files). In this example, you will learn how to add files based on file size. You can easily change that to all files.

apriestman · September 16, 2020, 1:00pm

There’s a slightly updated version of the tutorial (with non-broken images) here:

Topic		Replies	Views
In Autopsy: What ingest modules are nessesary for extracting/copying out all images? Autopsy Help	7	3140	March 20, 2020
data source ingest module Autopsy Development	1	733	October 22, 2021
Data source ingest modue Autopsy Help	1	430	August 2, 2021
How to install python ingest modules Autopsy Help	5	3169	September 8, 2021
No Ingest Modules are being executed Autopsy Help	5	1261	September 26, 2022

Retrieve all files

Related Topics