string RootWImage::saveFiles(int smallWidth, int smallHeight, int largeWidth, int largeHeight) {
setZoomedSize(largeWidth, largeHeight);
return saveFiles(smallWidth, smallHeight);
}
/**
* Module execution function. Saves interesting files recorded on the
* blackboard to a user-specified output directory.
*
* @returns TskModule::OK on success if all files saved, TskModule::FAIL if one or more files were not saved
*/
TSK_MODULE_EXPORT TskModule::Status report()
{
TskModule::Status status = TskModule::OK;
const std::string MSG_PREFIX = "SaveInterestingFilesModule::report : ";
try
{
if (outputFolderPath.empty())
{
// Initialization failed. The reason why was already logged in initialize().
return TskModule::FAIL;
}
// Get the interesting file set hits from the blackboard and sort them by set name.
FileSets fileSets;
FileSetHits fileSetHits;
std::vector<TskBlackboardArtifact> fileSetHitArtifacts = TskServices::Instance().getBlackboard().getArtifacts(TSK_INTERESTING_FILE_HIT);
for (std::vector<TskBlackboardArtifact>::iterator fileHit = fileSetHitArtifacts.begin(); fileHit != fileSetHitArtifacts.end(); ++fileHit)
{
// Find the set name attrbute of the artifact.
bool setNameFound = false;
std::vector<TskBlackboardAttribute> attrs = (*fileHit).getAttributes();
for (std::vector<TskBlackboardAttribute>::iterator attr = attrs.begin(); attr != attrs.end(); ++attr)
{
if ((*attr).getAttributeTypeID() == TSK_SET_NAME)
{
setNameFound = true;
// Save the set name and description, using a map to ensure that these values are saved once per file set.
fileSets.insert(make_pair((*attr).getValueString(), (*attr).getContext()));
// Drop the artifact into a multimap to allow for retrieval of all of the file hits for a file set as an
// iterator range.
fileSetHits.insert(make_pair((*attr).getValueString(), (*fileHit)));
}
}
if (!setNameFound)
{
// Log the error and try the next artifact.
std::stringstream msg;
msg << MSG_PREFIX << "failed to find TSK_SET_NAME attribute for TSK_INTERESTING_FILE_HIT artifact with id '" << (*fileHit).getArtifactID() << "', skipping artifact";
LOGERROR(msg.str());
}
}
// Save the interesting files to the output directory, file set by file set.
for (map<std::string, std::string>::const_iterator fileSet = fileSets.begin(); fileSet != fileSets.end(); ++fileSet)
{
// Get the file hits for the file set as an iterator range.
FileSetHitsRange fileSetHitsRange = fileSetHits.equal_range((*fileSet).first);
// Save the files corresponding to the file hit artifacts.
saveFiles((*fileSet).first, (*fileSet).second, fileSetHitsRange);
}
}
catch (TskException &ex)
{
status = TskModule::FAIL;
std::stringstream msg;
msg << MSG_PREFIX << "TskException: " << ex.message();
LOGERROR(msg.str());
}
catch (Poco::Exception &ex)
{
status = TskModule::FAIL;
std::stringstream msg;
msg << MSG_PREFIX << "Poco::Exception: " << ex.displayText();
LOGERROR(msg.str());
}
catch (std::exception &ex)
{
status = TskModule::FAIL;
std::stringstream msg;
msg << MSG_PREFIX << "std::exception: " << ex.what();
LOGERROR(msg.str());
}
catch (...)
{
status = TskModule::FAIL;
LOGERROR(MSG_PREFIX + "unrecognized exception");
}
return status;
}
