Retrieve all files

lebronjames06 · September 15, 2020, 5:55pm

I am trying to write autopsy plugin in python, all what I want is get all the files and post them in interested items. How can I accomplish that below???
I am just doing test & playing around for now, and my simple goal is retrieve all files and post them to interested items.

import jarray
import inspect
import os
from java.lang import Class
from java.lang import System
from java.sql import DriverManager, SQLException
from java.util.logging import Level
from java.io import File
from org.sleuthkit.datamodel import SleuthkitCase
from org.sleuthkit.datamodel import AbstractFile
from org.sleuthkit.datamodel import ReadContentInputStream
from org.sleuthkit.datamodel import BlackboardArtifact
#from org.sleuthkit.databases import TskDBBlackboard
from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.autopsy.ingest import IngestModule
from org.sleuthkit.autopsy.ingest.IngestModule import IngestModuleException
from org.sleuthkit.autopsy.ingest import DataSourceIngestModule
from org.sleuthkit.autopsy.ingest import IngestModuleFactoryAdapter
from org.sleuthkit.autopsy.ingest import IngestMessage
from org.sleuthkit.autopsy.ingest import IngestServices
from org.sleuthkit.autopsy.ingest import ModuleDataEvent
from org.sleuthkit.autopsy.coreutils import Logger
from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.datamodel import ContentUtils
from org.sleuthkit.autopsy.casemodule.services import Services
from org.sleuthkit.autopsy.casemodule.services import FileManager
from org.sleuthkit.autopsy.casemodule.services import Blackboard

class TestIngestModuleFactory(IngestModuleFactoryAdapter):
moduleName = “TEST Analyzer"

def getModuleDisplayName(self):
    return self.moduleName

def getModuleDescription(self):
    return “Test”

def getModuleVersionNumber(self):
    return "1.0"

def isDataSourceIngestModuleFactory(self):
    return True

def createDataSourceIngestModule(self, ingestOptions):
    return TestDbIngestModule()
class SkypeDbIngestModule(DataSourceIngestModule):
_logger = Logger.getLogger(SkypeDbIngestModuleFactory.moduleName)

def log(self, level, msg):
    self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)

def __init__(self):
    self.context = None


def startUp(self, context):
    self.context = context
   
    pass
    
    
    

def process(self, dataSource, progressBar):

    test=IngestServices.getInstance()
    msgcounter = 0
    progressBar.switchToIndeterminate()
    ccase = Case.getCurrentCase().getSleuthkitCase()
    blackboard = Case.getCurrentCase().getServices().getBlackboard()
    fileManager = Case.getCurrentCase().getServices().getFileManager()
//what do do here
files = fileManager.findFiles(dataSource, “”)
numFiles = len(files)
progressBar.switchToDeterminate(numFiles)
fileCount = 0
    for file in files:
        message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
                "file name" , str(file.getName() ))
        IngestServices.getInstance().postMessage(message)

    return IngestModule.ProcessResult.OK

Nuno_Mourinho · September 16, 2020, 5:35am

Look at the official tutorial (round files). In this example, you will learn how to add files based on file size. You can easily change that to all files.

apriestman · September 16, 2020, 1:00pm

There’s a slightly updated version of the tutorial (with non-broken images) here:

Topic		Replies	Views
data source ingest module Autopsy Development	1	703	October 22, 2021
How to install python ingest modules Autopsy Help	5	2855	September 8, 2021
How to run a downloaded Data Source Ingest Module in Autopsy? Autopsy Help	2	804	October 8, 2021
Opening Local Config Files with Python Ingest Modules for Comparison Autopsy Development	3	849	May 10, 2019
Is it possible to create an Autopsy plugin to add a Data Source Type in Python? Autopsy Development	1	366	October 17, 2022

Retrieve all files

Related Topics