-
Notifications
You must be signed in to change notification settings - Fork 31
/
autopsy.py
113 lines (82 loc) · 3.49 KB
/
autopsy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import os
import sys
import logging
# sys.path.append(os.path.dirname(__file__)) #include this path to module autopsy
from org.sleuthkit.autopsy.ingest import GenericIngestModuleJobSettings
from org.sleuthkit.autopsy.report import GeneralReportModuleAdapter
from org.sleuthkit.autopsy.ingest import IngestModuleFactoryAdapter
try:
from org.sleuthkit.autopsy.datasourceprocessors import DataSourceProcessorAdapter as DSP
except:
# Autopsy <4.20 mask
from org.sleuthkit.autopsy.corecomponentinterfaces import DataSourceProcessor as DSP
from org.sleuthkit.autopsy.casemodule import Case
from psy.ingest import ProjectIngestModule
from psy.report import ReportOutput
from psy.processor import DataSourcesPanelSettings
from psy.settings import ProjectIngestSettingsPanel, ProjectReportSettingsPanel
from psy.psyutils import PsyUtils
VERSION = "1.1"
#3 Modules - Ingest, Report, DatasourceProcessor
class ProjectIngestModuleFactory(IngestModuleFactoryAdapter):
moduleName = "LabCif - FAMA"
def __init__(self):
self.settings = None
#Module Settings
def getModuleDisplayName(self):
return self.moduleName
def getModuleDescription(self):
return "FAMA framework. Extract, analyze and generate reports based on user data."
def getModuleVersionNumber(self):
return VERSION
#Data Source Ingest
def isDataSourceIngestModuleFactory(self):
return True
def createDataSourceIngestModule(self, ingestOptions):
return ProjectIngestModule(self.settings)
#Settings
def getDefaultIngestJobSettings(self):
return GenericIngestModuleJobSettings()
def hasIngestJobSettingsPanel(self):
return True
def getIngestJobSettingsPanel(self, settings):
if not isinstance(settings, GenericIngestModuleJobSettings):
raise IllegalArgumentException("Expected settings argument to be instanceof GenericIngestModuleJobSettings")
self.settings = settings
return ProjectIngestSettingsPanel(self.settings)
class ProjectIngestModuleReport(GeneralReportModuleAdapter):
moduleName = "LabCif - FAMA Report"
def __init__(self):
self.settings = None
self.report = ReportOutput()
def getName(self):
return self.moduleName
def getDescription(self):
return "Forensic Analysis for Mobile Apps Framework Report Generator"
def generateReport(self, settings, progressBar):
autopsy_version = PsyUtils.get_autopsy_version()
baseReportDir = settings
if (autopsy_version["major"] == 4 and autopsy_version["minor"] >= 16):
baseReportDir = settings.getReportDirectoryPath()
self.report.generateReport(baseReportDir, progressBar)
def getConfigurationPanel(self):
self.configPanel = ProjectReportSettingsPanel()
return self.configPanel
def getRelativeFilePath(self):
return "index.html"
class ProjectDSProcessor(DSP):
configPanel = None
moduleName = "Live extraction with ADB (Android)"
def __init__(self):
self.configPanel = DataSourcesPanelSettings()
@staticmethod
def getType():
return ProjectDSProcessor.moduleName
def getDataSourceType(self):
return self.moduleName
def getPanel(self):
return self.configPanel
def isPanelValid(self):
return self.configPanel.validatePanel()
def run(self, host, progressMonitor, callback):
self.configPanel.run(host, progressMonitor, callback)