forked from sleuthkit/autopsy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreportmodule.py
111 lines (90 loc) · 4.7 KB
/
reportmodule.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Sample module in the public domain. Feel free to use this as a template
# for your modules (and you can remove this header and take complete credit
# and liability)
#
# Contact: Brian Carrier [carrier <at> sleuthkit [dot] org]
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
# binary, for any purpose, commercial or non-commercial, and by any
# means.
#
# In jurisdictions that recognize copyright laws, the author or authors
# of this software dedicate any and all copyright interest in the
# software to the public domain. We make this dedication for the benefit
# of the public at large and to the detriment of our heirs and
# successors. We intend this dedication to be an overt act of
# relinquishment in perpetuity of all present and future rights to this
# software under copyright law.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
# Sample report module for Autopsy. Use as a starting point for new modules.
#
# Search for TODO for the things that you need to change
# See http://sleuthkit.org/autopsy/docs/api-docs/latest/index.html for documentation
import os
from java.lang import System
from java.util.logging import Level
from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.coreutils import Logger
from org.sleuthkit.autopsy.report import GeneralReportModuleAdapter
from org.sleuthkit.autopsy.report.ReportProgressPanel import ReportStatus
# TODO: Rename the class to something more specific
class SampleGeneralReportModule(GeneralReportModuleAdapter):
# TODO: Rename this. Will be shown to users when making a report
moduleName = "Sample Report Module"
_logger = None
def log(self, level, msg):
if _logger == None:
_logger = Logger.getLogger(self.moduleName)
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
def getName(self):
return self.moduleName
# TODO: Give it a useful description
def getDescription(self):
return "A sample Jython report module"
# TODO: Update this to reflect where the report file will be written to
def getRelativeFilePath(self):
return "sampleReport.txt"
# TODO: Update this method to make a report
# The 'reportSettings' object being passed in is an instance of org.sleuthkit.autopsy.report.GeneralReportSettings.
# GeneralReportSettings.getReportDirectoryPath() is the directory that reports are being stored in.
# Report should go into GeneralReportSettings.getReportDirectoryPath() + getRelativeFilePath().
# The 'progressBar' object is of type ReportProgressPanel.
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1report_1_1_report_progress_panel.html
def generateReport(self, reportSettings, progressBar):
# For an example, we write a file with the number of files created in the past 2 weeks
# Configure progress bar for 2 tasks
progressBar.setIndeterminate(False)
progressBar.start()
progressBar.setMaximumProgress(2)
# Find epoch time of when 2 weeks ago was
currentTime = System.currentTimeMillis() / 1000
minTime = currentTime - (14 * 24 * 60 * 60) # (days * hours * minutes * seconds)
# Query the database for files that meet our criteria
sleuthkitCase = Case.getCurrentCase().getSleuthkitCase()
files = sleuthkitCase.findAllFilesWhere("crtime > %d" % minTime)
fileCount = 0
for file in files:
fileCount += 1
# Could do something else here and write it to HTML, CSV, etc.
# Increment since we are done with step #1
progressBar.increment()
# Write the count to the report file.
fileName = os.path.join(reportSettings.getReportDirectoryPath(), self.getRelativeFilePath())
report = open(fileName, 'w')
report.write("file count = %d" % fileCount)
report.close()
# Add the report to the Case, so it is shown in the tree
Case.getCurrentCase().addReport(fileName, self.moduleName, "File Count Report")
progressBar.increment()
# Call this with ERROR if report was not generated
progressBar.complete(ReportStatus.COMPLETE)