Autopsy  4.5.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
ArtifactEventType.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-16 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.datamodel.eventtype;
20 
21 import java.text.MessageFormat;
22 import java.util.Optional;
23 import java.util.function.Function;
24 import java.util.logging.Level;
25 import org.apache.commons.lang3.StringUtils;
27 import org.sleuthkit.datamodel.BlackboardArtifact;
28 import org.sleuthkit.datamodel.BlackboardAttribute;
29 import org.sleuthkit.datamodel.TskCoreException;
30 
34 public interface ArtifactEventType extends EventType {
35 
36  public static final Logger LOGGER = Logger.getLogger(ArtifactEventType.class.getName());
37 
43  public BlackboardArtifact.Type getArtifactType();
44 
50  public BlackboardAttribute.Type getDateTimeAttributeType();
51 
58  public default int getArtifactTypeID() {
59  return getArtifactType().getTypeID();
60  }
61 
75  default AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf) throws TskCoreException {
76  final BlackboardAttribute dateTimeAttr = artf.getAttribute(getDateTimeAttributeType());
77 
78  long time = dateTimeAttr.getValueLong();
79  String shortDescription = getShortExtractor().apply(artf);
80  String medDescription = shortDescription + " : " + getMedExtractor().apply(artf);
81  String fullDescription = medDescription + " : " + getFullExtractor().apply(artf);
82  return new AttributeEventDescription(time, shortDescription, medDescription, fullDescription);
83  }
84 
89  Function<BlackboardArtifact, String> getFullExtractor();
90 
95  Function<BlackboardArtifact, String> getMedExtractor();
96 
101  Function<BlackboardArtifact, String> getShortExtractor();
102 
109 
110  final private long time;
111 
112  public long getTime() {
113  return time;
114  }
115 
116  public String getShortDescription() {
117  return shortDescription;
118  }
119 
120  public String getMedDescription() {
121  return medDescription;
122  }
123 
124  public String getFullDescription() {
125  return fullDescription;
126  }
127 
128  final private String shortDescription;
129 
130  final private String medDescription;
131 
132  final private String fullDescription;
133 
134  public AttributeEventDescription(long time, String shortDescription,
135  String medDescription,
136  String fullDescription) {
137  this.time = time;
138  this.shortDescription = shortDescription;
139  this.medDescription = medDescription;
140  this.fullDescription = fullDescription;
141  }
142  }
143 
159  static public AttributeEventDescription buildEventDescription(ArtifactEventType type, BlackboardArtifact artf) throws TskCoreException {
160  //if we got passed an artifact that doesn't correspond to the type of the event,
161  //something went very wrong. throw an exception.
162  if (type.getArtifactTypeID() != artf.getArtifactTypeID()) {
163  throw new IllegalArgumentException();
164  }
165  if (artf.getAttribute(type.getDateTimeAttributeType()) == null) {
166  LOGGER.log(Level.WARNING, "Artifact {0} has no date/time attribute, skipping it.", artf.getArtifactID()); // NON-NLS
167  return null;
168  }
169  //use the hook provided by this subtype implementation
170  return type.parseAttributesHelper(artf);
171  }
172 
173  static class AttributeExtractor implements Function<BlackboardArtifact, String> {
174 
175  public String apply(BlackboardArtifact artf) {
176  return Optional.ofNullable(getAttributeSafe(artf, attributeType))
177  .map(BlackboardAttribute::getDisplayString)
178  .map(StringUtils::defaultString)
179  .orElse("");
180  }
181 
182  private final BlackboardAttribute.Type attributeType;
183 
184  public AttributeExtractor(BlackboardAttribute.Type attribute) {
185  this.attributeType = attribute;
186  }
187 
188  }
189 
190  static class EmptyExtractor implements Function<BlackboardArtifact, String> {
191 
192  @Override
193  public String apply(BlackboardArtifact t) {
194  return "";
195  }
196  }
197 
198  static BlackboardAttribute getAttributeSafe(BlackboardArtifact artf, BlackboardAttribute.Type attrType) {
199  try {
200  return artf.getAttribute(attrType);
201  } catch (TskCoreException ex) {
202  LOGGER.log(Level.SEVERE, MessageFormat.format("Error getting attribute from artifact {0}.", artf.getArtifactID()), ex); // NON-NLS
203  return null;
204  }
205  }
206 
207 }
Function< BlackboardArtifact, String > getShortExtractor()
Function< BlackboardArtifact, String > getMedExtractor()
default AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf)
Function< BlackboardArtifact, String > getFullExtractor()
AttributeEventDescription(long time, String shortDescription, String medDescription, String fullDescription)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
static BlackboardAttribute getAttributeSafe(BlackboardArtifact artf, BlackboardAttribute.Type attrType)
static AttributeEventDescription buildEventDescription(ArtifactEventType type, BlackboardArtifact artf)

Copyright © 2012-2016 Basis Technology. Generated on: Tue Feb 20 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.