From 3759301e26391c6bdddc27ba0733b8636dbbfa86 Mon Sep 17 00:00:00 2001
From: Kelly Kelly <kelly@basistech.com>
Date: Wed, 16 Mar 2022 15:07:17 -0400
Subject: [PATCH] Added check so the OS infor windows object is only created
 for windows images

---
 .../autopsy/recentactivity/ExtractRegistry.java        | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index 6f40e20af9..7045ce6811 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -416,6 +416,14 @@ private void analyzeRegistryFiles(long ingestJobId) {
             // delete the hive
             regFileNameLocalFile.delete();
         }
+        
+        // RA can be run on non-window images. We are going to assume that
+        // the data source was from windows if there was registry files. 
+        // Therefore we will only create the OSInfo object if there are 
+        // registry files.
+        if(allRegistryFiles.size() > 0) {
+            osInfo.createOSInfo();
+        }
 
         try {
             if (logFile != null) {
@@ -1976,8 +1984,6 @@ public void process(Content dataSource, DataSourceIngestModuleProgress progressB
 
         progressBar.progress(Bundle.Progress_Message_Analyze_Registry());
         analyzeRegistryFiles(context.getJobId());
-        
-        osInfo.createOSInfo();
     }
 
     /**
-- 
GitLab