api-docs/4.22.1/_domain_search_8java_source.html

/*

 * Autopsy

 *

 * Copyright 2020-2021 Basis Technology Corp.

 * Contact: carrier <at> sleuthkit <dot> org

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package org.sleuthkit.autopsy.discovery.search;


import java.awt.Image;

import java.util.ArrayList;

import java.util.HashMap;

import java.util.LinkedHashMap;

import java.util.List;

import java.util.Map;

import org.apache.commons.lang3.StringUtils;

import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;

import org.sleuthkit.autopsy.coreutils.TimeZoneUtils;

import org.sleuthkit.autopsy.discovery.search.DiscoveryKeyUtils.GroupKey;

import org.sleuthkit.datamodel.BlackboardArtifact;

import org.sleuthkit.datamodel.BlackboardAttribute;

import org.sleuthkit.datamodel.SleuthkitCase;

import org.sleuthkit.datamodel.TskCoreException;


public class DomainSearch {


    private final DomainSearchCache searchCache;

    private final DomainSearchThumbnailCache thumbnailCache;

    private final DomainSearchArtifactsCache artifactsCache;


    public DomainSearch() {

        this(new DomainSearchCache(), new DomainSearchThumbnailCache(),

                new DomainSearchArtifactsCache());

    }


    DomainSearch(DomainSearchCache cache, DomainSearchThumbnailCache thumbnailCache,

            DomainSearchArtifactsCache artifactsCache) {

        this.searchCache = cache;

        this.thumbnailCache = thumbnailCache;

        this.artifactsCache = artifactsCache;

    }


    public Map<GroupKey, Integer> getGroupSizes(String userName,

            List<AbstractFilter> filters,

            DiscoveryAttributes.AttributeType groupAttributeType,

            Group.GroupSortingAlgorithm groupSortingType,

            ResultsSorter.SortingMethod domainSortingMethod,

            SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException {


        final Map<GroupKey, List<Result>> searchResults = searchCache.get(

                userName, filters, groupAttributeType, groupSortingType,

                domainSortingMethod, caseDb, centralRepoDb, context);


        // Transform the cached results into a map of group key to group size.

        final LinkedHashMap<GroupKey, Integer> groupSizes = new LinkedHashMap<>();

        for (GroupKey groupKey : searchResults.keySet()) {

            if (context.searchIsCancelled()) {

                throw new SearchCancellationException("The search was cancelled before group sizes were finished being calculated");

            }

            groupSizes.put(groupKey, searchResults.get(groupKey).size());

        }


        return groupSizes;

    }


    public List<Result> getDomainsInGroup(String userName,

            List<AbstractFilter> filters,

            DiscoveryAttributes.AttributeType groupAttributeType,

            Group.GroupSortingAlgorithm groupSortingType,

            ResultsSorter.SortingMethod domainSortingMethod,

            GroupKey groupKey, int startingEntry, int numberOfEntries,

            SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException {


        final Map<GroupKey, List<Result>> searchResults = searchCache.get(

                userName, filters, groupAttributeType, groupSortingType,

                domainSortingMethod, caseDb, centralRepoDb, context);

        final List<Result> domainsInGroup = searchResults.get(groupKey);

        final List<Result> page = new ArrayList<>();

        for (int i = startingEntry; (i < startingEntry + numberOfEntries)

                && (i < domainsInGroup.size()); i++) {

            page.add(domainsInGroup.get(i));

        }


        return page;

    }


    public Image getThumbnail(DomainSearchThumbnailRequest thumbnailRequest) throws DiscoveryException {

        return thumbnailCache.get(thumbnailRequest);

    }


    public List<BlackboardArtifact> getArtifacts(DomainSearchArtifactsRequest artifactsRequest) throws DiscoveryException {

        return artifactsCache.get(artifactsRequest);

    }


    public List<MiniTimelineResult> getAllArtifactsForDomain(SleuthkitCase sleuthkitCase, String domain) throws DiscoveryException {

        List<BlackboardArtifact> artifacts = new ArrayList<>();

        Map<String, List<BlackboardArtifact>> dateMap = new HashMap<>();

        if (!StringUtils.isBlank(domain)) {

            for (BlackboardArtifact.ARTIFACT_TYPE type : SearchData.Type.DOMAIN.getArtifactTypes()) {


                artifacts.addAll(getArtifacts(new DomainSearchArtifactsRequest(sleuthkitCase, domain, type)));

            }


            for (BlackboardArtifact artifact : artifacts) {

                String date;

                try {

                    date = getDate(artifact);

                } catch (TskCoreException ex) {

                    throw new DiscoveryException("Unable to get date for artifact with ID: " + artifact.getArtifactID(), ex);

                }

                if (!StringUtils.isBlank(date)) {

                    List<BlackboardArtifact> artifactList = dateMap.get(date);

                    if (artifactList == null) {

                        artifactList = new ArrayList<>();

                    }

                    artifactList.add(artifact);

                    dateMap.put(date, artifactList);

                }

            }

        }

        List<MiniTimelineResult> dateArtifactList = new ArrayList<>();


        for (String date : dateMap.keySet()) {

            dateArtifactList.add(new MiniTimelineResult(date, dateMap.get(date)));

        }

        return dateArtifactList;

    }


    private String getDate(BlackboardArtifact artifact) throws TskCoreException {

        for (BlackboardAttribute attribute : artifact.getAttributes()) {

            if (attribute.getAttributeType().getTypeName().startsWith("TSK_DATETIME")) {

                String dateString = TimeZoneUtils.getFormattedTime(attribute.getValueLong());

                if (dateString.length() >= 10) {

                    return dateString.substring(0, 10);

                }

            }

        }

        return "";

    }


}


org.sleuthkit.autopsy.coreutils.TimeZoneUtils
Definition TimeZoneUtils.java:36

org.sleuthkit.autopsy.coreutils.TimeZoneUtils.getFormattedTime
static String getFormattedTime(long epochTime)
Definition TimeZoneUtils.java:145

org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.AttributeType
Definition DiscoveryAttributes.java:62

org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes
Definition DiscoveryAttributes.java:55

org.sleuthkit.autopsy.discovery.search.DiscoveryException
Definition DiscoveryException.java:24

org.sleuthkit.autopsy.discovery.search.DiscoveryKeyUtils.GroupKey
Definition DiscoveryKeyUtils.java:234

org.sleuthkit.autopsy.discovery.search.DomainSearchArtifactsCache
Definition DomainSearchArtifactsCache.java:38

org.sleuthkit.autopsy.discovery.search.DomainSearchArtifactsRequest
Definition DomainSearchArtifactsRequest.java:29

org.sleuthkit.autopsy.discovery.search.DomainSearch.getDomainsInGroup
List< Result > getDomainsInGroup(String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, GroupKey groupKey, int startingEntry, int numberOfEntries, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context)
Definition DomainSearch.java:135

org.sleuthkit.autopsy.discovery.search.DomainSearch.DomainSearch
DomainSearch()
Definition DomainSearch.java:48

org.sleuthkit.autopsy.discovery.search.DomainSearch.getDate
String getDate(BlackboardArtifact artifact)
Definition DomainSearch.java:252

org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain
List< MiniTimelineResult > getAllArtifactsForDomain(SleuthkitCase sleuthkitCase, String domain)
Definition DomainSearch.java:208

org.sleuthkit.autopsy.discovery.search.DomainSearch.thumbnailCache
final DomainSearchThumbnailCache thumbnailCache
Definition DomainSearch.java:42

org.sleuthkit.autopsy.discovery.search.DomainSearch.artifactsCache
final DomainSearchArtifactsCache artifactsCache
Definition DomainSearch.java:43

org.sleuthkit.autopsy.discovery.search.DomainSearch.getGroupSizes
Map< GroupKey, Integer > getGroupSizes(String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context)
Definition DomainSearch.java:89

org.sleuthkit.autopsy.discovery.search.DomainSearch.searchCache
final DomainSearchCache searchCache
Definition DomainSearch.java:41

org.sleuthkit.autopsy.discovery.search.DomainSearch.getArtifacts
List< BlackboardArtifact > getArtifacts(DomainSearchArtifactsRequest artifactsRequest)
Definition DomainSearch.java:192

org.sleuthkit.autopsy.discovery.search.DomainSearch.getThumbnail
Image getThumbnail(DomainSearchThumbnailRequest thumbnailRequest)
Definition DomainSearch.java:173

org.sleuthkit.autopsy.discovery.search.DomainSearchThumbnailCache
Definition DomainSearchThumbnailCache.java:29

org.sleuthkit.autopsy.discovery.search.DomainSearchThumbnailRequest
Definition DomainSearchThumbnailRequest.java:28

org.sleuthkit.autopsy.discovery.search.Group
Definition Group.java:29

org.sleuthkit.autopsy.discovery.search.MiniTimelineResult
Definition MiniTimelineResult.java:30

org.sleuthkit.autopsy.discovery.search.ResultsSorter
Definition ResultsSorter.java:32

org.sleuthkit.autopsy.discovery.search.SearchCancellationException
Definition SearchCancellationException.java:27

org.sleuthkit.autopsy.discovery.search.SearchData
Definition SearchData.java:36

org.sleuthkit.autopsy.discovery.search.Group.GroupSortingAlgorithm
Definition Group.java:146

org.sleuthkit.autopsy.discovery.search.ResultsSorter.SortingMethod
Definition ResultsSorter.java:376

org.sleuthkit.autopsy.discovery.search.SearchData.Type
Definition SearchData.java:453

org.sleuthkit.autopsy.discovery.search.SearchData.Type.DOMAIN
DOMAIN
Definition SearchData.java:460

org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository
Definition CentralRepository.java:36

org.sleuthkit.autopsy.discovery.search.SearchContext
Definition SearchContext.java:25