Autopsy 4.22.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
CaseDataSourcesSummary.java
Go to the documentation of this file.
1/*
2 * Autopsy Forensic Browser
3 *
4 * Copyright 2020 Basis Technology Corp.
5 * Contact: carrier <at> sleuthkit <dot> org
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19package org.sleuthkit.autopsy.datasourcesummary.datamodel;
20
21import java.util.Collections;
22import java.util.HashMap;
23import java.util.List;
24import java.util.Map;
25import java.util.logging.Level;
26import org.sleuthkit.autopsy.casemodule.Case;
27import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
28import org.sleuthkit.autopsy.coreutils.Logger;
29import org.sleuthkit.datamodel.BlackboardArtifact;
30import org.sleuthkit.datamodel.BlackboardAttribute;
31import org.sleuthkit.datamodel.SleuthkitCase;
32import org.sleuthkit.datamodel.TskCoreException;
33import org.sleuthkit.datamodel.TskData;
34
38public class CaseDataSourcesSummary {
39
40 private static final Logger logger = Logger.getLogger(CaseDataSourcesSummary.class.getName());
41
50 public static Map<Long, String> getDataSourceTypes() {
51 try {
52 SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
53 List<BlackboardArtifact> listOfArtifacts = skCase.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_DATA_SOURCE_USAGE);
54 Map<Long, String> typeMap = new HashMap<>();
55 for (BlackboardArtifact typeArtifact : listOfArtifacts) {
56 BlackboardAttribute descriptionAttr = typeArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION));
57 if (typeArtifact.getDataSource() != null && descriptionAttr != null) {
58 long dsId = typeArtifact.getDataSource().getId();
59 String type = typeMap.get(typeArtifact.getDataSource().getId());
60 if (type == null) {
61 type = descriptionAttr.getValueString();
62 } else {
63 type = type + ", " + descriptionAttr.getValueString();
64 }
65 typeMap.put(dsId, type);
66 }
67 }
68 return typeMap;
69 } catch (TskCoreException | NoCurrentCaseException ex) {
70 logger.log(Level.WARNING, "Unable to get types of files for all datasources, providing empty results", ex);
71 return Collections.emptyMap();
72 }
73 }
74
83 public static Map<Long, Long> getCountsOfFiles() {
84 try {
85 final String countFilesQuery = "data_source_obj_id, COUNT(*) AS value FROM tsk_files"
86 + " WHERE meta_type=" + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
87 + " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()
88 + " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue()
89 + " AND name<>''"
90 + " GROUP BY data_source_obj_id"; //NON-NLS
91 return getValuesMap(countFilesQuery);
92 } catch (TskCoreException | NoCurrentCaseException ex) {
93 logger.log(Level.WARNING, "Unable to get counts of files for all datasources, providing empty results", ex);
94 return Collections.emptyMap();
95 }
96 }
97
106 public static Map<Long, Long> getCountsOfArtifacts() {
107 try {
108 final String countArtifactsQuery = "data_source_obj_id, COUNT(*) AS value"
109 + " FROM blackboard_artifacts WHERE review_status_id !=" + BlackboardArtifact.ReviewStatus.REJECTED.getID()
110 + " GROUP BY data_source_obj_id"; //NON-NLS
111 return getValuesMap(countArtifactsQuery);
112 } catch (TskCoreException | NoCurrentCaseException ex) {
113 logger.log(Level.WARNING, "Unable to get counts of artifacts for all datasources, providing empty results", ex);
114 return Collections.emptyMap();
115 }
116 }
117
127 public static Map<Long, Long> getCountsOfTags() {
128 try {
129 final String countFileTagsQuery = "data_source_obj_id, COUNT(*) AS value"
130 + " FROM content_tags as content_tags, tsk_files as tsk_files"
131 + " WHERE content_tags.obj_id = tsk_files.obj_id"
132 + " GROUP BY data_source_obj_id"; //NON-NLS
133 //new hashmap so it can be modifiable
134 Map<Long, Long> tagCountMap = new HashMap<>(getValuesMap(countFileTagsQuery));
135 final String countArtifactTagsQuery = "data_source_obj_id, COUNT(*) AS value"
136 + " FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts"
137 + " WHERE artifact_tags.artifact_id = arts.artifact_id"
138 + " GROUP BY data_source_obj_id"; //NON-NLS
139 //combine the results from the count artifact tags query into the copy of the mapped results from the count file tags query
140 getValuesMap(countArtifactTagsQuery).forEach((key, value) -> tagCountMap.merge(key, value, (value1, value2) -> value1 + value2));
141 return tagCountMap;
142 } catch (TskCoreException | NoCurrentCaseException ex) {
143 logger.log(Level.WARNING, "Unable to get counts of tags for all datasources, providing empty results", ex);
144 return Collections.emptyMap();
145 }
146 }
147
159 private static Map<Long, Long> getValuesMap(String query) throws TskCoreException, NoCurrentCaseException {
160 SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
161 DataSourceSingleValueCallback callback = new DataSourceSingleValueCallback();
162 skCase.getCaseDbAccessManager().select(query, callback);
163 return callback.getMapOfValues();
164 }
165
166 private CaseDataSourcesSummary() {
167 }
168}
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition Logger.java:124

Copyright © 2012-2024 Sleuth Kit Labs. Generated on:
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.