Autopsy  4.14.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
ContextViewer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.contentviewers.contextviewer;
20 
21 import java.awt.Component;
22 import java.util.ArrayList;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.Map;
26 import java.util.logging.Level;
27 import javax.swing.BoxLayout;
28 import static javax.swing.ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED;
29 import org.apache.commons.lang.StringUtils;
30 import org.openide.nodes.Node;
31 import org.openide.util.NbBundle;
32 import org.openide.util.lookup.ServiceProvider;
33 import org.sleuthkit.autopsy.casemodule.Case;
34 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
35 import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
36 import org.sleuthkit.autopsy.coreutils.Logger;
37 import org.sleuthkit.datamodel.AbstractFile;
38 import org.sleuthkit.datamodel.BlackboardArtifact;
39 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
40 import org.sleuthkit.datamodel.BlackboardAttribute;
41 import org.sleuthkit.datamodel.SleuthkitCase;
42 import org.sleuthkit.datamodel.TskCoreException;
43 
49 @ServiceProvider(service = DataContentViewer.class, position = 7)
50 public final class ContextViewer extends javax.swing.JPanel implements DataContentViewer {
51 
52  private static final long serialVersionUID = 1L;
53  private static final Logger logger = Logger.getLogger(ContextViewer.class.getName());
54  private static final int ARTIFACT_STR_MAX_LEN = 1024;
55  private static final int ATTRIBUTE_STR_MAX_LEN = 200;
56 
57  // defines a list of artifacts that provide context for a file
58  private static final List<BlackboardArtifact.ARTIFACT_TYPE> SOURCE_CONTEXT_ARTIFACTS = new ArrayList<>();
59  private final List<javax.swing.JPanel> contextSourcePanels = new ArrayList<>();
60  private final List<javax.swing.JPanel> contextUsagePanels = new ArrayList<>();
61 
62  static {
63  SOURCE_CONTEXT_ARTIFACTS.add(TSK_ASSOCIATED_OBJECT);
64  }
65 
69  public ContextViewer() {
70 
71  initComponents();
72  jScrollPane.setHorizontalScrollBarPolicy(HORIZONTAL_SCROLLBAR_AS_NEEDED);
73  }
74 
80  @SuppressWarnings("unchecked")
81  // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
82  private void initComponents() {
83 
84  jSourcePanel = new javax.swing.JPanel();
85  javax.swing.JLabel jSourceLabel = new javax.swing.JLabel();
86  jUsagePanel = new javax.swing.JPanel();
87  javax.swing.JLabel jUsageLabel = new javax.swing.JLabel();
88  jUnknownPanel = new javax.swing.JPanel();
89  javax.swing.JLabel jUnknownLabel = new javax.swing.JLabel();
90  jScrollPane = new javax.swing.JScrollPane();
91 
92  jSourcePanel.setBackground(javax.swing.UIManager.getDefaults().getColor("window"));
93 
94  jSourceLabel.setFont(jSourceLabel.getFont().deriveFont(jSourceLabel.getFont().getStyle() | java.awt.Font.BOLD, jSourceLabel.getFont().getSize()+1));
95  org.openide.awt.Mnemonics.setLocalizedText(jSourceLabel, org.openide.util.NbBundle.getMessage(ContextViewer.class, "ContextViewer.jSourceLabel.text")); // NOI18N
96 
97  javax.swing.GroupLayout jSourcePanelLayout = new javax.swing.GroupLayout(jSourcePanel);
98  jSourcePanel.setLayout(jSourcePanelLayout);
99  jSourcePanelLayout.setHorizontalGroup(
100  jSourcePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
101  .addGroup(jSourcePanelLayout.createSequentialGroup()
102  .addGap(40, 40, 40)
103  .addComponent(jSourceLabel)
104  .addContainerGap(304, Short.MAX_VALUE))
105  );
106  jSourcePanelLayout.setVerticalGroup(
107  jSourcePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
108  .addGroup(jSourcePanelLayout.createSequentialGroup()
109  .addGap(5, 5, 5)
110  .addComponent(jSourceLabel)
111  .addGap(2, 2, 2))
112  );
113 
114  jUsagePanel.setBackground(javax.swing.UIManager.getDefaults().getColor("window"));
115 
116  jUsageLabel.setFont(jUsageLabel.getFont().deriveFont(jUsageLabel.getFont().getStyle() | java.awt.Font.BOLD, jUsageLabel.getFont().getSize()+1));
117  org.openide.awt.Mnemonics.setLocalizedText(jUsageLabel, org.openide.util.NbBundle.getMessage(ContextViewer.class, "ContextViewer.jUsageLabel.text")); // NOI18N
118 
119  javax.swing.GroupLayout jUsagePanelLayout = new javax.swing.GroupLayout(jUsagePanel);
120  jUsagePanel.setLayout(jUsagePanelLayout);
121  jUsagePanelLayout.setHorizontalGroup(
122  jUsagePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
123  .addGroup(jUsagePanelLayout.createSequentialGroup()
124  .addGap(40, 40, 40)
125  .addComponent(jUsageLabel)
126  .addContainerGap(298, Short.MAX_VALUE))
127  );
128  jUsagePanelLayout.setVerticalGroup(
129  jUsagePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
130  .addGroup(jUsagePanelLayout.createSequentialGroup()
131  .addGap(2, 2, 2)
132  .addComponent(jUsageLabel)
133  .addGap(2, 2, 2))
134  );
135 
136  jUnknownPanel.setBackground(new java.awt.Color(255, 255, 255));
137 
138  org.openide.awt.Mnemonics.setLocalizedText(jUnknownLabel, org.openide.util.NbBundle.getMessage(ContextViewer.class, "ContextViewer.jUnknownLabel.text")); // NOI18N
139 
140  javax.swing.GroupLayout jUnknownPanelLayout = new javax.swing.GroupLayout(jUnknownPanel);
141  jUnknownPanel.setLayout(jUnknownPanelLayout);
142  jUnknownPanelLayout.setHorizontalGroup(
143  jUnknownPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
144  .addGroup(jUnknownPanelLayout.createSequentialGroup()
145  .addGap(50, 50, 50)
146  .addComponent(jUnknownLabel)
147  .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
148  );
149  jUnknownPanelLayout.setVerticalGroup(
150  jUnknownPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
151  .addGroup(jUnknownPanelLayout.createSequentialGroup()
152  .addGap(2, 2, 2)
153  .addComponent(jUnknownLabel)
154  .addGap(2, 2, 2))
155  );
156 
157  setBackground(new java.awt.Color(255, 255, 255));
158  setPreferredSize(new java.awt.Dimension(495, 358));
159 
160  jScrollPane.setBackground(new java.awt.Color(255, 255, 255));
161 
162  javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
163  this.setLayout(layout);
164  layout.setHorizontalGroup(
165  layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
166  .addComponent(jScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 509, Short.MAX_VALUE)
167  );
168  layout.setVerticalGroup(
169  layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
170  .addComponent(jScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 335, Short.MAX_VALUE)
171  );
172  }// </editor-fold>//GEN-END:initComponents
173 
174  @Override
175  public void setNode(Node selectedNode) {
176  if ((selectedNode == null) || (!isSupported(selectedNode))) {
177  resetComponent();
178  return;
179  }
180 
181  AbstractFile file = selectedNode.getLookup().lookup(AbstractFile.class);
182  try {
183  populateSourceContextData(file);
184  } catch (NoCurrentCaseException | TskCoreException ex) {
185  logger.log(Level.SEVERE, String.format("Exception displaying context for file %s", file.getName()), ex); //NON-NLS
186  }
187  }
188 
189  @NbBundle.Messages({
190  "ContextViewer.title=Context",
191  "ContextViewer.toolTip=Displays context for selected file."
192  })
193 
194  @Override
195  public String getTitle() {
196  return Bundle.ContextViewer_title();
197  }
198 
199  @Override
200  public String getToolTip() {
201  return Bundle.ContextViewer_toolTip();
202  }
203 
204  @Override
205  public DataContentViewer createInstance() {
206  return new ContextViewer();
207  }
208 
209  @Override
210  public Component getComponent() {
211  return this;
212  }
213 
214  @Override
215  public void resetComponent() {
216  contextSourcePanels.clear();
217  contextUsagePanels.clear();
218  }
219 
220  @Override
221  public boolean isSupported(Node node) {
222 
223  // check if the node has an abstract file and the file has any context defining artifacts.
224  if (node.getLookup().lookup(AbstractFile.class) != null) {
225  AbstractFile abstractFile = node.getLookup().lookup(AbstractFile.class);
226  for (BlackboardArtifact.ARTIFACT_TYPE artifactType : SOURCE_CONTEXT_ARTIFACTS) {
227  List<BlackboardArtifact> artifactsList;
228  try {
229  artifactsList = abstractFile.getArtifacts(artifactType);
230  if (!artifactsList.isEmpty()) {
231  return true;
232  }
233  } catch (TskCoreException ex) {
234  logger.log(Level.SEVERE, String.format("Exception while looking up context artifacts for file %s", abstractFile), ex); //NON-NLS
235  }
236  }
237 
238  }
239 
240  return false;
241  }
242 
243  @Override
244  public int isPreferred(Node node) {
245  // this is a low preference viewer.
246  return 1;
247  }
248 
249  @NbBundle.Messages({
250  "ContextViewer.unknownSource=Unknown ",
251  })
261  private void populateSourceContextData(AbstractFile sourceFile) throws NoCurrentCaseException, TskCoreException {
262 
263  SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
264 
265  // Check for all context artifacts
266  boolean foundASource = false;
267  for (BlackboardArtifact.ARTIFACT_TYPE artifactType : SOURCE_CONTEXT_ARTIFACTS) {
268  List<BlackboardArtifact> artifactsList = tskCase.getBlackboardArtifacts(artifactType, sourceFile.getId());
269 
270  foundASource = !artifactsList.isEmpty();
271  for (BlackboardArtifact contextArtifact : artifactsList) {
272  addSourceEntry(contextArtifact);
273  }
274  }
275  javax.swing.JPanel contextContainer = new javax.swing.JPanel();
276  contextContainer.add(jSourcePanel);
277  contextContainer.setLayout(new BoxLayout(contextContainer, BoxLayout.Y_AXIS));
278  if (contextSourcePanels.isEmpty()) {
279  contextContainer.add(jUnknownPanel);
280  } else {
281  for (javax.swing.JPanel sourcePanel : contextSourcePanels) {
282  contextContainer.add(sourcePanel);
283  }
284  }
285  contextContainer.add(jUsagePanel);
286  if (contextUsagePanels.isEmpty()) {
287  contextContainer.add(jUnknownPanel);
288  } else {
289  for (javax.swing.JPanel usagePanel : contextUsagePanels) {
290  contextContainer.add(usagePanel);
291  }
292  }
293  contextContainer.setEnabled(foundASource);
294  contextContainer.setVisible(foundASource);
295  jScrollPane.getViewport().setView(contextContainer);
296  jScrollPane.setEnabled(foundASource);
297  jScrollPane.setVisible(foundASource);
298  jScrollPane.repaint();
299  jScrollPane.revalidate();
300 
301 
302  }
303 
313  private void addSourceEntry(BlackboardArtifact artifact) throws TskCoreException {
314 
315  if (BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID() == artifact.getArtifactTypeID()) {
316  BlackboardAttribute associatedArtifactAttribute = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT));
317  if (associatedArtifactAttribute != null) {
318  long artifactId = associatedArtifactAttribute.getValueLong();
319  BlackboardArtifact associatedArtifact = artifact.getSleuthkitCase().getBlackboardArtifact(artifactId);
320 
321  setSourceFields(associatedArtifact);
322  }
323  }
324  }
325 
334  @NbBundle.Messages({
335  "ContextViewer.attachmentSource=Attached to: ",
336  "ContextViewer.downloadSource=Downloaded from: ",
337  "ContextViewer.recentDocs=Recent Documents: "
338  })
339  private void setSourceFields(BlackboardArtifact associatedArtifact) throws TskCoreException {
340  if (BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE.getTypeID() == associatedArtifact.getArtifactTypeID()
341  || BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID() == associatedArtifact.getArtifactTypeID()) {
342  String sourceName = Bundle.ContextViewer_attachmentSource();
343  String sourceText = msgArtifactToAbbreviatedString(associatedArtifact);
344  javax.swing.JPanel sourcePanel = new ContextSourcePanel(sourceName, sourceText, associatedArtifact);
345  contextSourcePanels.add(sourcePanel);
346 
347  } else if (BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID() == associatedArtifact.getArtifactTypeID()
348  || BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE.getTypeID() == associatedArtifact.getArtifactTypeID()) {
349  String sourceName = Bundle.ContextViewer_downloadSource();
350  String sourceText = webDownloadArtifactToString(associatedArtifact);
351  javax.swing.JPanel sourcePanel = new ContextSourcePanel(sourceName, sourceText, associatedArtifact);
352  contextSourcePanels.add(sourcePanel);
353 
354  } else if (BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID() == associatedArtifact.getArtifactTypeID()) {
355  String sourceName = Bundle.ContextViewer_recentDocs();
356  String sourceText = recentDocArtifactToString(associatedArtifact);
357  javax.swing.JPanel usagePanel = new ContextUsagePanel(sourceName, sourceText, associatedArtifact);
358  contextUsagePanels.add(usagePanel);
359 
360  }
361  }
362 
373  @NbBundle.Messages({
374  "ContextViewer.downloadURL=URL",
375  "ContextViewer.downloadedOn=On"
376  })
377  private String webDownloadArtifactToString(BlackboardArtifact artifact) throws TskCoreException {
378  StringBuilder sb = new StringBuilder(ARTIFACT_STR_MAX_LEN);
379  Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributesMap = getAttributesMap(artifact);
380 
381  if (BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID() == artifact.getArtifactTypeID()
382  || BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE.getTypeID() == artifact.getArtifactTypeID()) {
383  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL, attributesMap, Bundle.ContextViewer_downloadURL());
384  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED, attributesMap, Bundle.ContextViewer_downloadedOn());
385  }
386  return sb.toString();
387  }
388 
399  @NbBundle.Messages({
400  "ContextViewer.on=Opened at",
401  "ContextViewer.unknown=Opened at unknown time"
402  })
403  private String recentDocArtifactToString(BlackboardArtifact artifact) throws TskCoreException {
404  StringBuilder sb = new StringBuilder(ARTIFACT_STR_MAX_LEN);
405  Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributesMap = getAttributesMap(artifact);
406 
407  BlackboardAttribute attribute = attributesMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME);
408 
409  if (BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID() == artifact.getArtifactTypeID()) {
410  if (attribute != null && attribute.getValueLong() > 0) {
411  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, attributesMap, Bundle.ContextViewer_on());
412  } else {
413  sb.append(Bundle.ContextViewer_unknown());
414  }
415  }
416  return sb.toString();
417  }
418 
428  @NbBundle.Messages({
429  "ContextViewer.message=Message",
430  "ContextViewer.email=Email",
431  "ContextViewer.messageFrom=From",
432  "ContextViewer.messageTo=To",
433  "ContextViewer.messageOn=On",})
434  private String msgArtifactToAbbreviatedString(BlackboardArtifact artifact) throws TskCoreException {
435 
436  StringBuilder sb = new StringBuilder(ARTIFACT_STR_MAX_LEN);
437  Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributesMap = getAttributesMap(artifact);
438 
439  if (BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE.getTypeID() == artifact.getArtifactTypeID()) {
440  sb.append(Bundle.ContextViewer_message()).append(' ');
441  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, attributesMap, Bundle.ContextViewer_messageFrom());
442  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, attributesMap, Bundle.ContextViewer_messageTo());
443  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, attributesMap, Bundle.ContextViewer_messageOn());
444  } else if (BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID() == artifact.getArtifactTypeID()) {
445  sb.append(Bundle.ContextViewer_email()).append(' ');
446  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM, attributesMap, Bundle.ContextViewer_messageFrom());
447  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_TO, attributesMap, Bundle.ContextViewer_messageTo());
448  appendAttributeString(sb, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT, attributesMap, Bundle.ContextViewer_messageOn());
449  }
450  return sb.toString();
451  }
452 
463  private void appendAttributeString(StringBuilder sb, BlackboardAttribute.ATTRIBUTE_TYPE attribType,
464  Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributesMap, String prependStr) {
465 
466  BlackboardAttribute attribute = attributesMap.get(attribType);
467  if (attribute != null) {
468  String attrVal = attribute.getDisplayString();
469  if (!StringUtils.isEmpty(attrVal)) {
470  if (!StringUtils.isEmpty(prependStr)) {
471  sb.append(prependStr).append(' ');
472  }
473  sb.append(StringUtils.abbreviate(attrVal, ATTRIBUTE_STR_MAX_LEN)).append(' ');
474  }
475  }
476  }
477 
488  private Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> getAttributesMap(BlackboardArtifact artifact) throws TskCoreException {
489  Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attributeMap = new HashMap<>();
490 
491  List<BlackboardAttribute> attributeList = artifact.getAttributes();
492  for (BlackboardAttribute attribute : attributeList) {
493  BlackboardAttribute.ATTRIBUTE_TYPE type = BlackboardAttribute.ATTRIBUTE_TYPE.fromID(attribute.getAttributeType().getTypeID());
494  attributeMap.put(type, attribute);
495  }
496 
497  return attributeMap;
498  }
499 
500 
501  // Variables declaration - do not modify//GEN-BEGIN:variables
502  private javax.swing.JScrollPane jScrollPane;
503  private javax.swing.JPanel jSourcePanel;
504  private javax.swing.JPanel jUnknownPanel;
505  private javax.swing.JPanel jUsagePanel;
506  // End of variables declaration//GEN-END:variables
507 }
org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer
Definition: DataContentViewer.java:35
org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.getAttributesMap
Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute > getAttributesMap(BlackboardArtifact artifact)
Definition: ContextViewer.java:488
org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.appendAttributeString
void appendAttributeString(StringBuilder sb, BlackboardAttribute.ATTRIBUTE_TYPE attribType, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute > attributesMap, String prependStr)
Definition: ContextViewer.java:463
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.msgArtifactToAbbreviatedString
String msgArtifactToAbbreviatedString(BlackboardArtifact artifact)
Definition: ContextViewer.java:434
org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.setSourceFields
void setSourceFields(BlackboardArtifact associatedArtifact)
Definition: ContextViewer.java:339

Copyright © 2012-2020 Basis Technology. Generated on: Wed Apr 8 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.