19 package org.sleuthkit.autopsy.datamodel;
21 import java.text.MessageFormat;
22 import java.util.ArrayList;
23 import java.util.Arrays;
24 import java.util.LinkedHashMap;
25 import java.util.List;
27 import java.util.logging.Level;
28 import javax.swing.Action;
29 import org.apache.commons.lang3.StringUtils;
30 import org.openide.nodes.Children;
31 import org.openide.nodes.Sheet;
32 import org.openide.util.Lookup;
33 import org.openide.util.NbBundle;
34 import org.openide.util.lookup.Lookups;
42 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
44 import org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
63 BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID(),
64 BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID(),
65 BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(),};
71 BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(),};
85 this.associated = this.getLookup().lookup(Content.class);
86 this.setName(Long.toString(artifact.getArtifactID()));
88 this.setIconBaseWithExtension(iconPath);
102 this.associated = this.getLookup().lookup(Content.class);
103 this.setName(Long.toString(artifact.getArtifactID()));
105 this.setIconBaseWithExtension(
ExtractedContent.getIconFilePath(artifact.getArtifactTypeID()));
110 "BlackboardArtifactNode.getAction.errorTitle=Error getting actions",
111 "BlackboardArtifactNode.getAction.resultErrorMessage=There was a problem getting actions for the selected result."
112 +
" The 'View Result in Timeline' action will not be available.",
113 "BlackboardArtifactNode.getAction.linkedFileMessage=There was a problem getting actions for the selected result. "
114 +
" The 'View File in Timeline' action will not be available."})
116 List<Action> actionsList =
new ArrayList<>();
117 actionsList.addAll(Arrays.asList(super.getActions(context)));
124 }
catch (TskCoreException ex) {
125 LOGGER.log(Level.SEVERE, MessageFormat.format(
"Error getting arttribute(s) from blackboard artifact{0}.", artifact.getArtifactID()), ex);
126 MessageNotifyUtil.
Notify.
error(Bundle.BlackboardArtifactNode_getAction_errorTitle(), Bundle.BlackboardArtifactNode_getAction_resultErrorMessage());
131 AbstractFile c = findLinked(artifact);
135 }
catch (TskCoreException ex) {
136 LOGGER.log(Level.SEVERE, MessageFormat.format(
"Error getting linked file from blackboard artifact{0}.", artifact.getArtifactID()), ex);
137 MessageNotifyUtil.
Notify.
error(Bundle.BlackboardArtifactNode_getAction_errorTitle(), Bundle.BlackboardArtifactNode_getAction_linkedFileMessage());
141 AbstractFile file = getLookup().lookup(AbstractFile.class);
146 return actionsList.toArray(
new Action[actionsList.size()]);
155 String displayName =
"";
156 if (associated != null) {
157 displayName = associated.getName();
163 if (artifact != null && artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
165 for (BlackboardAttribute attribute : artifact.getAttributes()) {
166 if (attribute.getAttributeType().getTypeID() == ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()) {
168 if (associatedArtifact != null) {
169 displayName = associatedArtifact.getDisplayName() +
" Artifact";
173 }
catch (TskCoreException ex) {
182 Sheet s = super.createSheet();
183 Sheet.Set ss = s.get(Sheet.PROPERTIES);
185 ss = Sheet.createPropertiesSet();
188 final String NO_DESCR = NbBundle.getMessage(
BlackboardArtifactNode.class,
"BlackboardArtifactNode.noDesc.text");
190 Map<String, Object> map =
new LinkedHashMap<>();
194 NbBundle.getMessage(
BlackboardArtifactNode.class,
"BlackboardArtifactNode.createSheet.srcFile.displayName"),
196 this.getDisplayName()));
198 for (Map.Entry<String, Object> entry : map.entrySet()) {
206 if (customProperties != null) {
211 final int artifactTypeId = artifact.getArtifactTypeID();
214 if (artifactTypeId == BlackboardArtifact.ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED.getTypeID()) {
216 String actualMimeType =
"";
217 if (associated instanceof AbstractFile) {
218 AbstractFile af = (AbstractFile) associated;
219 ext = af.getNameExtension();
220 actualMimeType = af.getMIMEType();
221 if (actualMimeType == null) {
231 NbBundle.getMessage(
BlackboardArtifactNode.class,
"BlackboardArtifactNode.createSheet.mimeType.displayName"),
236 if (Arrays.asList(SHOW_UNIQUE_PATH).contains(artifactTypeId)) {
237 String sourcePath =
"";
239 sourcePath = associated.getUniquePath();
240 }
catch (TskCoreException ex) {
241 LOGGER.log(Level.WARNING,
"Failed to get unique path from: {0}", associated.getName());
244 if (sourcePath.isEmpty() ==
false) {
247 NbBundle.getMessage(
BlackboardArtifactNode.class,
"BlackboardArtifactNode.createSheet.filePath.displayName"),
252 if (Arrays.asList(SHOW_FILE_METADATA).contains(artifactTypeId)) {
253 AbstractFile file = associated instanceof AbstractFile ? (AbstractFile) associated : null;
255 NbBundle.getMessage(
BlackboardArtifactNode.class,
"ContentTagNode.createSheet.fileModifiedTime.displayName"),
259 NbBundle.getMessage(
BlackboardArtifactNode.class,
"ContentTagNode.createSheet.fileChangedTime.displayName"),
263 NbBundle.getMessage(
BlackboardArtifactNode.class,
"ContentTagNode.createSheet.fileAccessedTime.displayName"),
267 NbBundle.getMessage(
BlackboardArtifactNode.class,
"ContentTagNode.createSheet.fileCreatedTime.displayName"),
273 associated.getSize()));
276 String dataSourceStr =
"";
278 Content dataSource = associated.getDataSource();
279 if (dataSource != null) {
280 dataSourceStr = dataSource.getName();
284 }
catch (TskCoreException ex) {
285 LOGGER.log(Level.WARNING,
"Failed to get image name from {0}", associated.getName());
288 if (dataSourceStr.isEmpty() ==
false) {
291 NbBundle.getMessage(
BlackboardArtifactNode.class,
"BlackboardArtifactNode.createSheet.dataSrc.displayName"),
301 String parentName = associated.getName();
304 while ((parent = parent.getParent()) != null) {
305 parentName = parent.getName();
307 }
catch (TskCoreException ex) {
308 LOGGER.log(Level.WARNING,
"Failed to get parent name from {0}", associated.getName());
321 if (null == customProperties) {
323 customProperties =
new ArrayList<>();
325 customProperties.add(np);
335 @SuppressWarnings(
"deprecation")
338 for (BlackboardAttribute attribute : artifact.getAttributes()) {
339 final int attributeTypeID = attribute.getAttributeType().getTypeID();
341 if (attributeTypeID == ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID()
342 || attributeTypeID == ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID()
343 || attributeTypeID == ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()
344 || attributeTypeID == ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()) {
345 }
else if (attribute.getAttributeType().getValueType() == BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME) {
347 }
else if (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_TOOL_OUTPUT.getTypeID()
348 && attributeTypeID == ATTRIBUTE_TYPE.TSK_TEXT.getTypeID()) {
356 String value = attribute.getDisplayString();
357 if (value.length() > 512) {
358 value = value.substring(0, 512);
360 map.put(attribute.getAttributeType().getDisplayName(), value);
362 map.put(attribute.getAttributeType().getDisplayName(), attribute.getDisplayString());
365 }
catch (TskCoreException ex) {
366 LOGGER.log(Level.SEVERE,
"Getting attributes failed", ex);
372 return v.
visit(
this);
383 List<Object> forLookup =
new ArrayList<>();
384 forLookup.add(artifact);
388 if (content != null) {
389 forLookup.add(content);
395 if (highlight != null) {
396 forLookup.add(highlight);
399 return Lookups.fixed(forLookup.toArray(
new Object[forLookup.size()]));
404 return artifact.getSleuthkitCase().getContentById(artifact.getObjectID());
405 }
catch (TskCoreException ex) {
406 LOGGER.log(Level.WARNING,
"Getting file failed", ex);
408 throw new IllegalArgumentException(
413 if (artifact.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
417 long objectId = content.getId();
419 Lookup lookup = Lookup.getDefault();
422 List<BlackboardAttribute> attributes = artifact.getAttributes();
423 String keyword = null;
424 String regexp = null;
425 for (BlackboardAttribute att : attributes) {
426 final int attributeTypeID = att.getAttributeType().getTypeID();
427 if (attributeTypeID == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID()) {
428 keyword = att.getValueString();
429 }
else if (attributeTypeID == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID()) {
430 regexp = att.getValueString();
431 }
else if (attributeTypeID == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()) {
432 objectId = att.getValueLong();
435 if (keyword != null) {
436 boolean isRegexp = StringUtils.isNotBlank(regexp);
437 String origQuery = isRegexp ? regexp : keyword;
438 return highlightFactory.
createInstance(objectId, keyword, isRegexp, origQuery);
440 }
catch (TskCoreException ex) {
441 LOGGER.log(Level.WARNING,
"Failed to retrieve Blackboard Attributes", ex);
void fillPropertyMap(Map< String, Object > map, BlackboardArtifact artifact)
static String getStringTime(long epochSeconds, TimeZone tzone)
static boolean hasSupportedTimeStamp(BlackboardArtifact artifact)
BlackboardArtifactNode(BlackboardArtifact artifact, String iconPath)
static Lookup createLookup(BlackboardArtifact artifact)
static final Integer[] SHOW_FILE_METADATA
TextMarkupLookup createInstance(long objectId, String keyword, boolean isRegex, String originalQuery)
T visit(DataSourcesNode in)
Action[] getActions(boolean context)
static Content getAssociatedContent(BlackboardArtifact artifact)
static ViewFileInTimelineAction createViewSourceFileAction(AbstractFile file)
List< NodeProperty<?extends Object > > customProperties
static final Logger LOGGER
String getRootParentName()
final BlackboardArtifact artifact
SleuthkitCase getSleuthkitCase()
static TextMarkupLookup getHighlightLookup(BlackboardArtifact artifact, Content content)
static void error(String title, String message)
static Case getCurrentCase()
synchronized static Logger getLogger(String name)
void addNodeProperty(NodeProperty<?> np)
BlackboardArtifactNode(BlackboardArtifact artifact)
static final Integer[] SHOW_UNIQUE_PATH
static ViewFileInTimelineAction createViewFileAction(AbstractFile file)