Custom Processing

Custom Processing example.

  4 minute read  

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

class CustomProcessor
    def initialize(case_path, case_name, process_this)
        @case_path = case_path
        @case_name = case_name
        @process_this = process_this
        @out = Hash.new
        @items = Array.new
        @exceptions = Array.new
    end

    def process
        begin
            case_settings = {:compound => false, :name => "#{@case_name}", :description => "Simple Case", :investigator => "Inspector Gadget"}
            current_case = $utilities.caseFactory.create("/Cases/CustomProcessing", case_settings)
            processor = current_case.createProcessor()
            processor.processing_settings = {:report_processing_status => "physical_files",
                                             :enable_custom_processing => ["text", "properties", "binary"]
            }
            processor.parallel_processing_settings = {:worker_count => 2, :worker_memory => 2000 }
            processor.when_item_processed do | callback |
                begin
                    item = Hash.new
                    item[:mimetype] = callback.getMimeType()
                    unless callback.getBinaryFile().nil?
                        item[:path_to_binary] = callback.getBinaryFile().toString()
                    end
                    item[:properties] = callback.properties
                    item[:text] = callback.getText()
                    item[:path] = callback.path
                    @items << item
                rescue => exception
                   @exceptions << {:class => exception.class.name, :message => exception.message}
                end
            end
            container = processor.new_evidence_container("Evidence-#{Time.now.strftime('%Y-%m-%d_%H-%M-%S')}")
            container.addFile(@process_this)
            container.save
            @out[:processing_started] = Time.now.strftime('%Y-%m-%d_%H-%M-%S')
            processor.process
            @out[:final_item_count] = @items.length()
            current_case.close
        rescue => exception
           @exceptions << {:class => exception.class.name, :message => exception.message}
        end
        @out[:exceptions] = @exceptions
        @out[:items] = @items
        @out[:processing_finished] = Time.now.strftime('%Y-%m-%d_%H-%M-%S')
        return @out
    end
end
$response.setBody(CustomProcessor.new("/Cases", "CustomProcessing", "/Engines/9.0.0.171/doc/api").process)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

function CustomProcessor(casePath, caseName, processThis) {
  this.casePath = casePath;
  this.caseName = caseName;
  this.processThis = processThis;
  this.items = [];
  this.exceptions = [];
  this.out = {};
}

CustomProcessor.prototype.process = function() {
  try {
    var caseSettings = {};
    caseSettings['compound'] = false;
    caseSettings['name'] = this.caseName;
    caseSettings['description'] = 'Simple Case';
    caseSettings['investigator'] = 'Inspector Gadget';

    var currentCase = utilities.getCaseFactory().create(this.casePath + '/' + this.caseName, caseSettings);
    var processor = currentCase.createProcessor();

    var processingSettings = {};
    processingSettings['report_processing_status'] = 'physical_files';
    processingSettings['enable_custom_processing'] = ["text", "properties", "binary"];

    var parallelProcessingSettings = {};
    parallelProcessingSettings['worker_count'] = 2;
    parallelProcessingSettings['worker_memory'] = 2000;

    processor.setProcessingSettings(processingSettings);
    processor.setParallelProcessingSettings(parallelProcessingSettings);

    var self = this;
    processor.whenItemProcessed(function(callback) {
      try {
        var item = {};
        item['mimtype'] = callback.getMimeType();

        if(callback.getBinaryFile()) {
          item['path_to_binary'] = callback.getBinaryFile().toString();
        }

        item['properties'] = callback.getProperties();
        item['text'] = callback.getText();
        item['path'] = callback.getPath();
        self.items.push(item);
      } catch (err) {
        self.exceptions.push(err.message);
      }
    });

    var startTime = new Date().getTime().toString();
    var container = processor.newEvidenceContainer('Evidence-' + startTime);
    container.addFile(this.processThis);
    container.save();
    this.out['processing_started'] = startTime;
    processor.process();
    this.out['final_item_count'] = this.items.length;
    currentCase.close();
  } catch (err) {
    this.exceptions.push(err.message);
  }
  this.out['exceptions'] = this.exceptions;
  this.out['items'] = this.items;
  this.out['processing_finished'] = new Date().getTime().toString();
  return this.out;
}

$response.setBody(new CustomProcessor("/Cases", "CustomProcessing", "/Engines/9.0.0.171/doc/api").process())

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

import time
import os

class CustomProcessor:

  def __init__(self, case_path, case_name, process_this):
    self.case_path = case_path
    self.case_name = case_name
    self.process_this = process_this
    self.out = {}
    self.exceptions = []
    self.items = []

  def when_item_processed(self, callback):
    try:
      item = {}
      item['mimetype'] = callback.getMimeType();

      if callback.getBinaryFile() is not None:
        item['path_to_binary'] = callback.getBinaryFile().toString()

      item['properties'] = callback.getProperties()
      item['text'] = callback.getText()
      item['path'] = callback.getPath()
      self.items.append(item)
    except Exception, e:
      self.exceptions.append(str(e))


  def process(self):
    try:
      case_settings = {"compound": False, "name": self.case_name, "description": "Simple Case", "investigator": "Inspector Gadget"}
      current_case = utilities.getCaseFactory().create(os.path.join(self.case_path, self.case_name), case_settings)
      processor = current_case.createProcessor()
      processing_settings = {"report_processing_status": "physical_files", "enable_custom_processing": ["text", "properties", "binary"]}
      parallel_processing_settings = {"worker_count": 2, "worker_memory": 2000}

      processor.setProcessingSettings(processing_settings)
      processor.setParallelProcessingSettings(parallel_processing_settings)
      processor.whenItemProcessed(self.when_item_processed)
      started = int(round(time.time() * 1000))
      container = processor.newEvidenceContainer("Evidence-" + str(started))
      container.addFile(self.process_this)
      container.save()
      self.out['processing_started'] = started
      processor.process()
      self.out['final_item_count'] = len(self.items)
      current_case.close()
    except Exception, e:
      self.exceptions.append(str(e))

    self.out['finished'] = int(round(time.time() * 1000))
    self.out['exceptions'] = self.exceptions
    self.out['items'] = self.items
    return self.out

processor = CustomProcessor("/Cases", "CustomProcessing", "/Engines/9.0.0.171/doc/api")
response.setBody(processor.process())

curl --location --request PUT 'http://localhost:8080/nuix-restful-service/svc/v1/userScripts' \
--header 'nuix-auth-token: YOUR_AUTH_TOKEN' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data-raw '{
"async": false,
"fileName": "customProcessing.rb",
"language": "RUBY"
}
'

wget --no-check-certificate --quiet \
  --method PUT \
  --timeout=0 \
  --header 'nuix-auth-token: YOUR_AUTH_TOKEN' \
  --header 'Content-Type: application/json' \
  --header 'Accept: application/json' \
  --body-data '{
  "async": false,
  "fileName": "customProcessing.rb",
  "language": "RUBY"
}
' \
   'http://localhost:8080/nuix-restful-service/svc/v1/userScripts'