Autopsy  4.4
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileSize.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013-2015 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datamodel;
20 
21 import java.beans.PropertyChangeEvent;
22 import java.beans.PropertyChangeListener;
23 import java.util.ArrayList;
24 import java.util.Arrays;
25 import java.util.List;
26 import java.util.Observable;
27 import java.util.Observer;
28 import java.util.logging.Level;
29 import org.openide.nodes.AbstractNode;
30 import org.openide.nodes.ChildFactory;
31 import org.openide.nodes.Children;
32 import org.openide.nodes.Node;
33 import org.openide.nodes.Sheet;
34 import org.openide.util.NbBundle;
35 import org.openide.util.lookup.Lookups;
39 import org.sleuthkit.datamodel.AbstractFile;
40 import org.sleuthkit.datamodel.Content;
41 import org.sleuthkit.datamodel.ContentVisitor;
42 import org.sleuthkit.datamodel.DerivedFile;
43 import org.sleuthkit.datamodel.Directory;
44 import org.sleuthkit.datamodel.File;
45 import org.sleuthkit.datamodel.FsContent;
46 import org.sleuthkit.datamodel.LayoutFile;
47 import org.sleuthkit.datamodel.LocalFile;
48 import org.sleuthkit.datamodel.SleuthkitCase;
49 import org.sleuthkit.datamodel.TskCoreException;
50 import org.sleuthkit.datamodel.TskData;
51 import org.sleuthkit.datamodel.VirtualDirectory;
52 
56 public class FileSize implements AutopsyVisitableItem {
57 
58  private SleuthkitCase skCase;
59 
60  public enum FileSizeFilter implements AutopsyVisitableItem {
61 
62  SIZE_50_200(0, "SIZE_50_200", "50 - 200MB"), //NON-NLS
63  SIZE_200_1000(1, "SIZE_200_1GB", "200MB - 1GB"), //NON-NLS
64  SIZE_1000_(2, "SIZE_1000+", "1GB+"); //NON-NLS
65  private int id;
66  private String name;
67  private String displayName;
68 
69  private FileSizeFilter(int id, String name, String displayName) {
70  this.id = id;
71  this.name = name;
72  this.displayName = displayName;
73 
74  }
75 
76  public String getName() {
77  return this.name;
78  }
79 
80  public int getId() {
81  return this.id;
82  }
83 
84  public String getDisplayName() {
85  return this.displayName;
86  }
87 
88  @Override
89  public <T> T accept(AutopsyItemVisitor<T> v) {
90  return v.visit(this);
91  }
92  }
93 
94  public FileSize(SleuthkitCase skCase) {
95  this.skCase = skCase;
96  }
97 
98  @Override
99  public <T> T accept(AutopsyItemVisitor<T> v) {
100  return v.visit(this);
101  }
102 
103  public SleuthkitCase getSleuthkitCase() {
104  return this.skCase;
105  }
106 
107  /*
108  * Root node. Children are nodes for specific sizes.
109  */
110  public static class FileSizeRootNode extends DisplayableItemNode {
111 
112  private static final String NAME = NbBundle.getMessage(FileSize.class, "FileSize.fileSizeRootNode.name");
113 
114  FileSizeRootNode(SleuthkitCase skCase) {
115  super(Children.create(new FileSizeRootChildren(skCase), true), Lookups.singleton(NAME));
116  super.setName(NAME);
117  super.setDisplayName(NAME);
118  this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-size-16.png"); //NON-NLS
119  }
120 
121  @Override
122  public boolean isLeafTypeNode() {
123  return false;
124  }
125 
126  @Override
127  public <T> T accept(DisplayableItemNodeVisitor<T> v) {
128  return v.visit(this);
129  }
130 
131  @Override
132  protected Sheet createSheet() {
133  Sheet s = super.createSheet();
134  Sheet.Set ss = s.get(Sheet.PROPERTIES);
135  if (ss == null) {
136  ss = Sheet.createPropertiesSet();
137  s.put(ss);
138  }
139 
140  ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "FileSize.createSheet.name.name"),
141  NbBundle.getMessage(this.getClass(), "FileSize.createSheet.name.displayName"),
142  NbBundle.getMessage(this.getClass(), "FileSize.createSheet.name.desc"),
143  NAME));
144  return s;
145  }
146 
147  @Override
148  public String getItemType() {
149  return getClass().getName();
150  }
151  }
152 
153  /*
154  * Makes the children for specific sizes
155  */
156  public static class FileSizeRootChildren extends ChildFactory<org.sleuthkit.autopsy.datamodel.FileSize.FileSizeFilter> {
157 
158  private SleuthkitCase skCase;
159  private Observable notifier;
160 
161  public FileSizeRootChildren(SleuthkitCase skCase) {
162  this.skCase = skCase;
163  notifier = new FileSizeRootChildrenObservable();
164  }
165 
170  private final class FileSizeRootChildrenObservable extends Observable {
171 
176  }
177 
178  private void removeListeners() {
179  deleteObservers();
183  }
184 
185  private final PropertyChangeListener pcl = new PropertyChangeListener() {
186  @Override
187  public void propertyChange(PropertyChangeEvent evt) {
188  String eventType = evt.getPropertyName();
189 
190  if (eventType.equals(IngestManager.IngestModuleEvent.CONTENT_CHANGED.toString())) {
197  try {
198  // new file was added
199  // @@@ could check the size here and only fire off updates if we know the file meets the min size criteria
201  update();
202  } catch (IllegalStateException notUsed) {
206  }
207  } else if (eventType.equals(IngestManager.IngestJobEvent.COMPLETED.toString())
208  || eventType.equals(IngestManager.IngestJobEvent.CANCELLED.toString())
209  || eventType.equals(Case.Events.DATA_SOURCE_ADDED.toString())) {
216  try {
218  update();
219  } catch (IllegalStateException notUsed) {
223  }
224  } else if (eventType.equals(Case.Events.CURRENT_CASE.toString())) {
225  // case was closed. Remove listeners so that we don't get called with a stale case handle
226  if (evt.getNewValue() == null) {
227  removeListeners();
228  }
229  }
230  }
231  };
232 
233  private void update() {
234  setChanged();
235  notifyObservers();
236  }
237  }
238 
239  @Override
240  protected boolean createKeys(List<FileSizeFilter> list) {
241  list.addAll(Arrays.asList(FileSizeFilter.values()));
242  return true;
243  }
244 
245  @Override
246  protected Node createNodeForKey(FileSizeFilter key) {
247  return new FileSizeNode(skCase, key, notifier);
248  }
249 
250  /*
251  * Node for a specific size range. Children are files.
252  */
253  public class FileSizeNode extends DisplayableItemNode {
254 
256 
257  // use version with observer instead so that it updates
258  @Deprecated
259  FileSizeNode(SleuthkitCase skCase, FileSizeFilter filter) {
260  super(Children.create(new FileSizeChildren(filter, skCase, null), true), Lookups.singleton(filter.getDisplayName()));
261  this.filter = filter;
262  init();
263  }
264 
272  FileSizeNode(SleuthkitCase skCase, FileSizeFilter filter, Observable o) {
273  super(Children.create(new FileSizeChildren(filter, skCase, o), true), Lookups.singleton(filter.getDisplayName()));
274  this.filter = filter;
275  init();
276  o.addObserver(new FileSizeNodeObserver());
277  }
278 
279  private void init() {
280  super.setName(filter.getName());
281 
282  String tooltip = filter.getDisplayName();
283  this.setShortDescription(tooltip);
284  this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-size-16.png"); //NON-NLS
285 
287  }
288 
289  @Override
290  public String getItemType() {
295  return DisplayableItemNode.FILE_PARENT_NODE_KEY;
296  }
297 
298  // update the display name when new events are fired
299  private class FileSizeNodeObserver implements Observer {
300 
301  @Override
302  public void update(Observable o, Object arg) {
304  }
305  }
306 
307  private void updateDisplayName() {
308  final long count = FileSizeChildren.calculateItems(skCase, filter);
309  super.setDisplayName(filter.getDisplayName() + " (" + count + ")");
310  }
311 
312  @Override
313  public <T> T accept(DisplayableItemNodeVisitor<T> v) {
314  return v.visit(this);
315  }
316 
317  @Override
318  protected Sheet createSheet() {
319  Sheet s = super.createSheet();
320  Sheet.Set ss = s.get(Sheet.PROPERTIES);
321  if (ss == null) {
322  ss = Sheet.createPropertiesSet();
323  s.put(ss);
324  }
325 
326  ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "FileSize.createSheet.filterType.name"),
327  NbBundle.getMessage(this.getClass(), "FileSize.createSheet.filterType.displayName"),
328  NbBundle.getMessage(this.getClass(), "FileSize.createSheet.filterType.desc"),
329  filter.getDisplayName()));
330 
331  return s;
332  }
333 
334  @Override
335  public boolean isLeafTypeNode() {
336  return true;
337  }
338  }
339 
340  /*
341  * Makes children, which are nodes for files of a given range
342  */
343  static class FileSizeChildren extends ChildFactory.Detachable<AbstractFile> {
344 
345  private final SleuthkitCase skCase;
346  private final FileSizeFilter filter;
347  private final Observable notifier;
348  private static final Logger logger = Logger.getLogger(FileSizeChildren.class.getName());
349 
357  FileSizeChildren(FileSizeFilter filter, SleuthkitCase skCase, Observable o) {
358  this.skCase = skCase;
359  this.filter = filter;
360  this.notifier = o;
361  }
362 
363  @Override
364  protected void addNotify() {
365  if (notifier != null) {
366  notifier.addObserver(observer);
367  }
368  }
369 
370  @Override
371  protected void removeNotify() {
372  if (notifier != null) {
373  notifier.deleteObserver(observer);
374  }
375  }
376 
377  private final Observer observer = new FileSizeChildrenObserver();
378 
379  // Cause refresh of children if there are changes
380  private class FileSizeChildrenObserver implements Observer {
381 
382  @Override
383  public void update(Observable o, Object arg) {
384  refresh(true);
385  }
386  }
387 
388  @Override
389  protected boolean createKeys(List<AbstractFile> list) {
390  list.addAll(runFsQuery());
391  return true;
392  }
393 
394  private static String makeQuery(FileSizeFilter filter) {
395  String query;
396  switch (filter) {
397  case SIZE_50_200:
398  query = "(size >= 50000000 AND size < 200000000)"; //NON-NLS
399  break;
400  case SIZE_200_1000:
401  query = "(size >= 200000000 AND size < 1000000000)"; //NON-NLS
402  break;
403 
404  case SIZE_1000_:
405  query = "(size >= 1000000000)"; //NON-NLS
406  break;
407 
408  default:
409  throw new IllegalArgumentException("Unsupported filter type to get files by size: " + filter); //NON-NLS
410  }
411  // ignore unalloc block files
412  query = query + " AND (type != " + TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS.getFileType() + ")"; //NON-NLS
413 
414  return query;
415  }
416 
417  private List<AbstractFile> runFsQuery() {
418  List<AbstractFile> ret = new ArrayList<>();
419 
420  try {
421  String query = makeQuery(filter);
422 
423  ret = skCase.findAllFilesWhere(query);
424  } catch (Exception e) {
425  logger.log(Level.SEVERE, "Error getting files for the file size view: " + e.getMessage()); //NON-NLS
426  }
427 
428  return ret;
429  }
430 
436  static long calculateItems(SleuthkitCase sleuthkitCase, FileSizeFilter filter) {
437  try {
438  return sleuthkitCase.countFilesWhere(makeQuery(filter));
439  } catch (TskCoreException ex) {
440  logger.log(Level.SEVERE, "Error getting files by size search view count", ex); //NON-NLS
441  return 0;
442  }
443  }
444 
445  @Override
446  protected Node createNodeForKey(AbstractFile key) {
447  return key.accept(new ContentVisitor.Default<AbstractNode>() {
448  public FileNode visit(AbstractFile f) {
449  return new FileNode(f, false);
450  }
451 
452  public FileNode visit(FsContent f) {
453  return new FileNode(f, false);
454  }
455 
456  @Override
457  public FileNode visit(LayoutFile f) {
458  return new FileNode(f, false);
459  }
460 
461  @Override
462  public FileNode visit(File f) {
463  return new FileNode(f, false);
464  }
465 
466  @Override
467  public FileNode visit(Directory f) {
468  return new FileNode(f, false);
469  }
470 
471  @Override
472  public FileNode visit(LocalFile f) {
473  return new FileNode(f, false);
474  }
475 
476  @Override
477  public FileNode visit(DerivedFile f) {
478  return new FileNode(f, false);
479  }
480 
481  @Override
482  public FileNode visit(VirtualDirectory f) {
483  return new FileNode(f, false);
484  }
485 
486  @Override
487  protected AbstractNode defaultVisit(Content di) {
488  throw new UnsupportedOperationException(
489  NbBundle.getMessage(this.getClass(),
490  "FileSize.exception.notSupported.msg",
491  di.toString()));
492  }
493  });
494  }
495  }
496  }
497 }
public< T > T accept(AutopsyItemVisitor< T > v)
Definition: FileSize.java:89
void removeIngestModuleEventListener(final PropertyChangeListener listener)
static synchronized IngestManager getInstance()
static void removePropertyChangeListener(PropertyChangeListener listener)
Definition: Case.java:369
void removeIngestJobEventListener(final PropertyChangeListener listener)
void addIngestJobEventListener(final PropertyChangeListener listener)
static void addPropertyChangeListener(PropertyChangeListener listener)
Definition: Case.java:357
FileSizeFilter(int id, String name, String displayName)
Definition: FileSize.java:69
void addIngestModuleEventListener(final PropertyChangeListener listener)
synchronized static Logger getLogger(String name)
Definition: Logger.java:161

Copyright © 2012-2016 Basis Technology. Generated on: Tue Jun 13 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.