Sleuth Kit Java Bindings (JNI)  4.9.0
Java bindings for using The Sleuth Kit
BlackboardArtifact.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.io.Serializable;
22 import java.io.UnsupportedEncodingException;
23 import java.text.MessageFormat;
24 import java.util.ArrayList;
25 import java.util.Collection;
26 import java.util.HashMap;
27 import java.util.HashSet;
28 import java.util.List;
29 import java.util.Map;
30 import java.util.Objects;
31 import java.util.ResourceBundle;
32 import java.util.Set;
33 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
34 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
35 import org.sleuthkit.datamodel.SleuthkitCase.ObjectInfo;
36 
48 public class BlackboardArtifact implements Content {
49 
50  private static final ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
51  private final long artifactId;
52  private final long sourceObjId; // refers to objID of parent/source object
53  private final long artifactObjId; // objId of the artifact in tsk_objects. TBD: replace artifactID with this
54  private final long dataSourceObjId; // objId of the data source in tsk_objects.
55  private final int artifactTypeId;
56  private final String artifactTypeName;
57  private final String displayName;
58  private ReviewStatus reviewStatus;
59  private final SleuthkitCase sleuthkitCase;
60  private final List<BlackboardAttribute> attrsCache = new ArrayList<BlackboardAttribute>();
61  private boolean loadedCacheFromDb = false;
62  private Content parent;
63  private String uniquePath;
64 
65  private byte[] contentBytes = null;
66 
67  private volatile boolean checkedHasChildren;
68  private volatile boolean hasChildren;
69  private volatile int childrenCount;
70 
91  BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long sourceObjId, long artifactObjId, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName, ReviewStatus reviewStatus) {
92 
93  this.sleuthkitCase = sleuthkitCase;
94  this.artifactId = artifactID;
95  this.sourceObjId = sourceObjId;
96  this.artifactObjId = artifactObjId;
97  this.artifactTypeId = artifactTypeID;
98  this.dataSourceObjId = dataSourceObjId;
99  this.artifactTypeName = artifactTypeName;
100  this.displayName = displayName;
101  this.reviewStatus = reviewStatus;
102 
103  this.checkedHasChildren = false;
104  this.hasChildren = false;
105  this.childrenCount = -1;
106 
107  }
108 
128  BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long sourceObjId, long artifactObjID, long dataSourceObjID, int artifactTypeID, String artifactTypeName, String displayName, ReviewStatus reviewStatus, boolean isNew) {
129  this(sleuthkitCase, artifactID, sourceObjId, artifactObjID, dataSourceObjID, artifactTypeID, artifactTypeName, displayName, reviewStatus);
130  if (isNew) {
131  /*
132  * If this object represents a newly created artifact, then its
133  * collection of attributes has already been populated and there is
134  * no need to fetch them form the case database.
135  */
136  this.loadedCacheFromDb = true;
137  }
138  }
139 
146  public SleuthkitCase getSleuthkitCase() {
147  return sleuthkitCase;
148  }
149 
155  public long getArtifactID() {
156  return this.artifactId;
157  }
158 
165  public long getObjectID() {
166  return this.sourceObjId;
167  }
168 
174  long getDataSourceObjectID() {
175  return this.dataSourceObjId;
176  }
177 
183  public int getArtifactTypeID() {
184  return this.artifactTypeId;
185  }
186 
192  public String getArtifactTypeName() {
193  return this.artifactTypeName;
194  }
195 
201  public String getDisplayName() {
202  return this.displayName;
203  }
204 
212  public String getShortDescription() throws TskCoreException {
213  BlackboardAttribute attr = null;
214  StringBuilder shortDescription = new StringBuilder("");
215  switch (ARTIFACT_TYPE.fromID(artifactTypeId)) {
216  case TSK_WEB_BOOKMARK: //web_bookmark, web_cookie, web_download, and web_history are the same attribute for now
217  case TSK_WEB_COOKIE:
218  case TSK_WEB_DOWNLOAD:
219  case TSK_WEB_HISTORY:
220  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DOMAIN));
221  break;
222  case TSK_KEYWORD_HIT:
223  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW));
224  break;
225  case TSK_DEVICE_ATTACHED:
226  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID));
227  break;
228  case TSK_CONTACT: //contact, message, and calllog are the same attributes for now
229  case TSK_MESSAGE:
230  case TSK_CALLLOG:
231  //get the first of these attributes which exists and is non null
232  final ATTRIBUTE_TYPE[] typesThatCanHaveName = {ATTRIBUTE_TYPE.TSK_NAME,
233  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
234  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
235  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO,
236  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME,
237  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE,
238  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_OFFICE,
239  ATTRIBUTE_TYPE.TSK_EMAIL,
240  ATTRIBUTE_TYPE.TSK_EMAIL_FROM,
241  ATTRIBUTE_TYPE.TSK_EMAIL_TO,
242  ATTRIBUTE_TYPE.TSK_EMAIL_HOME,
243  ATTRIBUTE_TYPE.TSK_EMAIL_OFFICE}; //in the order we want to use them
244  for (ATTRIBUTE_TYPE t : typesThatCanHaveName) {
245  attr = getAttribute(new BlackboardAttribute.Type(t));
246  if (attr != null && !attr.getDisplayString().isEmpty()) {
247  break;
248  }
249  }
250  break;
251  default:
252  break;
253  }
254  if (attr != null) {
255  shortDescription.append(attr.getAttributeType().getDisplayName()).append(": ").append(attr.getDisplayString());
256  } else {
257  shortDescription.append(getDisplayName());
258  }
259  //get the first of these date attributes which exists and is non null
260  final ATTRIBUTE_TYPE[] typesThatCanHaveDate = {ATTRIBUTE_TYPE.TSK_DATETIME,
261  ATTRIBUTE_TYPE.TSK_DATETIME_SENT,
262  ATTRIBUTE_TYPE.TSK_DATETIME_RCVD,
263  ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
264  ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED,
265  ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
266  ATTRIBUTE_TYPE.TSK_DATETIME_START,
267  ATTRIBUTE_TYPE.TSK_DATETIME_END}; //in the order we want to use them
268  BlackboardAttribute date;
269  for (ATTRIBUTE_TYPE t : typesThatCanHaveDate) {
270  date = getAttribute(new BlackboardAttribute.Type(t));
271  if (date != null && !date.getDisplayString().isEmpty()) {
272  shortDescription.append(" ");
273  shortDescription.append(MessageFormat.format(bundle.getString("BlackboardArtifact.shortDescriptionDate.text"), date.getDisplayString())); //NON-NLS
274  break;
275  }
276  }
277  return shortDescription.toString();
278  }
279 
286  public ReviewStatus getReviewStatus() {
287  return reviewStatus;
288  }
289 
298  public void setReviewStatus(ReviewStatus newStatus) throws TskCoreException {
299  getSleuthkitCase().setReviewStatus(this, newStatus);
300  reviewStatus = newStatus;
301  }
302 
314  public void addAttribute(BlackboardAttribute attribute) throws TskCoreException {
315  attribute.setArtifactId(artifactId);
316  attribute.setCaseDatabase(getSleuthkitCase());
317  getSleuthkitCase().addBlackboardAttribute(attribute, this.artifactTypeId);
318  attrsCache.add(attribute);
319  }
320 
329  public List<BlackboardAttribute> getAttributes() throws TskCoreException {
330  ArrayList<BlackboardAttribute> attributes;
331  if (false == loadedCacheFromDb) {
332  attributes = getSleuthkitCase().getBlackboardAttributes(this);
333  attrsCache.clear();
334  attrsCache.addAll(attributes);
335  loadedCacheFromDb = true;
336  } else {
337  attributes = new ArrayList<BlackboardAttribute>(attrsCache);
338  }
339  return attributes;
340  }
341 
356  public BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType) throws TskCoreException {
357  List<BlackboardAttribute> attributes = this.getAttributes();
358  for (BlackboardAttribute attribute : attributes) {
359  if (attribute.getAttributeType().equals(attributeType)) {
360  return attribute;
361  }
362  }
363  return null;
364  }
365 
375  public void addAttributes(Collection<BlackboardAttribute> attributes) throws TskCoreException {
376  if (attributes.isEmpty()) {
377  return;
378  }
379  for (BlackboardAttribute attribute : attributes) {
380  attribute.setArtifactId(artifactId);
381  attribute.setCaseDatabase(getSleuthkitCase());
382  }
383  getSleuthkitCase().addBlackboardAttributes(attributes, artifactTypeId);
384  attrsCache.addAll(attributes);
385  }
386 
393  @Override
394  public synchronized String getUniquePath() throws TskCoreException {
395 
396  // Return the path of the parrent file
397  if (uniquePath == null) {
398  uniquePath = "";
399  Content myParent = getParent();
400  if (myParent != null) {
401  uniquePath = myParent.getUniquePath();
402  }
403  }
404  return uniquePath;
405  }
406 
407  @Override
408  public synchronized Content getParent() throws TskCoreException {
409  if (parent == null) {
410  ObjectInfo parentInfo;
411  parentInfo = getSleuthkitCase().getParentInfo(this);
412  if (parentInfo == null) {
413  parent = null;
414  } else {
415  parent = getSleuthkitCase().getContentById(parentInfo.getId());
416  }
417  }
418  return parent;
419  }
420 
428  @Override
429  public ArrayList<BlackboardArtifact> getAllArtifacts() throws TskCoreException {
430  // Currently we don't have any artifacts derived from an artifact.
431  return new ArrayList<BlackboardArtifact>();
432  }
433 
444  @Override
445  public ArrayList<BlackboardArtifact> getArtifacts(String artifactTypeName) throws TskCoreException {
446  // Currently we don't have any artifacts derived from an artifact.
447  return new ArrayList<BlackboardArtifact>();
448  }
449 
460  @Override
461  public ArrayList<BlackboardArtifact> getArtifacts(int artifactTypeID) throws TskCoreException {
462  // Currently we don't have any artifacts derived from an artifact.
463  return new ArrayList<BlackboardArtifact>();
464  }
465 
475  @Override
476  public ArrayList<BlackboardArtifact> getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
477  // Currently we don't have any artifacts derived from an artifact.
478  return new ArrayList<BlackboardArtifact>();
479  }
480 
488  @Override
489  public long getAllArtifactsCount() throws TskCoreException {
490  // Currently we don't have any artifacts derived from an artifact.
491  return 0;
492  }
493 
504  @Override
505  public long getArtifactsCount(String artifactTypeName) throws TskCoreException {
506  // Currently we don't have any artifacts derived from an artifact.
507  return 0;
508  }
509 
520  @Override
521  public long getArtifactsCount(int artifactTypeID) throws TskCoreException {
522  // Currently we don't have any artifacts derived from an artifact.
523  return 0;
524  }
525 
536  @Override
537  public long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
538  // Currently we don't have any artifacts derived from an artifact.
539  return 0;
540  }
541 
550  @Override
551  public BlackboardArtifact getGenInfoArtifact() throws TskCoreException {
552  // Currently we don't have any artifacts derived from an artifact.
553  return null;
554  }
555 
569  @Override
570  public BlackboardArtifact getGenInfoArtifact(boolean create) throws TskCoreException {
571  // Currently we don't have any artifacts derived from an artifact.
572  if (create) {
573  throw new TskCoreException("Artifacts of artifacts are not supported.");
574  }
575 
576  return null;
577  }
578 
589  @Override
590  public ArrayList<BlackboardAttribute> getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException {
591  // Currently we don't have any artifacts derived from an artifact.
592  return new ArrayList<>();
593  }
594 
602  @Override
603  public Set<String> getHashSetNames() throws TskCoreException {
604  // Currently we don't have any artifacts derived from an artifact.
605  return new HashSet<String>();
606  }
607 
619  @Override
620  public BlackboardArtifact newArtifact(int artifactTypeID) throws TskCoreException {
621  throw new TskCoreException("Cannot create artifact of an artifact. Not supported.");
622  }
623 
634  @Override
635  public BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
636  throw new TskCoreException("Cannot create artifact of an artifact. Not supported.");
637  }
638 
647  @Override
648  public <T> T accept(ContentVisitor<T> visitor) {
649  return visitor.visit(this);
650  }
651 
659  @Override
660  public boolean equals(Object object) {
661  if (object == null) {
662  return false;
663  }
664  if (getClass() != object.getClass()) {
665  return false;
666  }
667  final BlackboardArtifact other = (BlackboardArtifact) object;
668  return artifactId == other.getArtifactID();
669  }
670 
676  @Override
677  public int hashCode() {
678  int hash = 7;
679  hash = 41 * hash + (int) (this.artifactId ^ (this.artifactId >>> 32));
680  return hash;
681  }
682 
688  @Override
689  public String toString() {
690  return "BlackboardArtifact{" + "artifactID=" + artifactId + ", objID=" + getObjectID() + ", artifactObjID=" + artifactObjId + ", artifactTypeID=" + artifactTypeId + ", artifactTypeName=" + artifactTypeName + ", displayName=" + displayName + ", Case=" + getSleuthkitCase() + '}'; //NON-NLS
691  }
692 
703  @Override
704  public <T> T accept(SleuthkitItemVisitor<T> visitor) {
705  return visitor.visit(this);
706  }
707 
714  @Override
715  public long getSize() {
716 
717  if (contentBytes == null) {
718  try {
719  loadArtifactContent();
720  } catch (TskCoreException ex) {
721  return 0;
722  }
723  }
724 
725  return contentBytes.length;
726  }
727 
731  @Override
732  public void close() {
733  contentBytes = null;
734  }
735 
749  @Override
750  public final int read(byte[] buf, long offset, long len) throws TskCoreException {
751 
752  if (contentBytes == null) {
753  loadArtifactContent();
754  }
755 
756  if (0 == contentBytes.length) {
757  return 0;
758  }
759 
760  // Copy bytes
761  long readLen = Math.min(contentBytes.length - offset, len);
762  System.arraycopy(contentBytes, 0, buf, 0, (int) readLen);
763 
764  return (int) readLen;
765  }
766 
767  @Override
768  public String getName() {
769  return this.displayName + getArtifactID();
770  }
771 
772  @Override
773  public Content getDataSource() throws TskCoreException {
774  return getSleuthkitCase().getContentById(dataSourceObjId);
775  }
776 
783  private void loadArtifactContent() throws TskCoreException {
784  StringBuilder artifactContents = new StringBuilder();
785 
786  Content dataSource = null;
787  try {
788  dataSource = getDataSource();
789  } catch (TskCoreException ex) {
790  throw new TskCoreException("Unable to get datasource for artifact: " + this.toString(), ex);
791  }
792  if (dataSource == null) {
793  throw new TskCoreException("Datasource was null for artifact: " + this.toString());
794  }
795 
796  try {
797  for (BlackboardAttribute attribute : getAttributes()) {
798  artifactContents.append(attribute.getAttributeType().getDisplayName());
799  artifactContents.append(" : ");
800  artifactContents.append(attribute.getDisplayString());
801  artifactContents.append(System.lineSeparator());
802  }
803  } catch (TskCoreException ex) {
804  throw new TskCoreException("Unable to get attributes for artifact: " + this.toString(), ex);
805  }
806 
807  try {
808  contentBytes = artifactContents.toString().getBytes("UTF-8");
809  } catch (UnsupportedEncodingException ex) {
810  throw new TskCoreException("Failed to convert artifact string to bytes for artifact: " + this.toString(), ex);
811  }
812 
813  }
814 
818  public static final class Type implements Serializable {
819 
820  private static final long serialVersionUID = 1L;
821  private final String typeName;
822  private final int typeID;
823  private final String displayName;
824 
832  public Type(int typeID, String typeName, String displayName) {
833  this.typeID = typeID;
834  this.typeName = typeName;
835  this.displayName = displayName;
836  }
837 
843  public Type(ARTIFACT_TYPE type) {
844  this(type.getTypeID(), type.getLabel(), type.getDisplayName());
845  }
846 
852  public String getTypeName() {
853  return this.typeName;
854  }
855 
861  public int getTypeID() {
862  return this.typeID;
863  }
864 
870  public String getDisplayName() {
871  return this.displayName;
872  }
873 
881  @Override
882  public boolean equals(Object that) {
883  if (this == that) {
884  return true;
885  } else if (!(that instanceof Type)) {
886  return false;
887  } else {
888  return ((Type) that).sameType(this);
889  }
890  }
891 
899  private boolean sameType(Type that) {
900  return this.typeName.equals(that.getTypeName())
901  && this.displayName.equals(that.getDisplayName())
902  && this.typeID == that.getTypeID();
903  }
904 
910  @Override
911  public int hashCode() {
912  int hash = 11;
913  hash = 83 * hash + Objects.hashCode(this.typeID);
914  hash = 83 * hash + Objects.hashCode(this.displayName);
915  hash = 83 * hash + Objects.hashCode(this.typeName);
916  return hash;
917  }
918  }
919 
925  public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
926 
930  TSK_GEN_INFO(1, "TSK_GEN_INFO", //NON-NLS
931  bundle.getString("BlackboardArtifact.tskGenInfo.text")),
937  TSK_WEB_BOOKMARK(2, "TSK_WEB_BOOKMARK", //NON-NLS
938  bundle.getString("BlackboardArtifact.tskWebBookmark.text")),
944  TSK_WEB_COOKIE(3, "TSK_WEB_COOKIE",
945  bundle.getString("BlackboardArtifact.tskWebCookie.text")), //NON-NLS
951  TSK_WEB_HISTORY(4, "TSK_WEB_HISTORY", //NON-NLS
952  bundle.getString("BlackboardArtifact.tskWebHistory.text")),
958  TSK_WEB_DOWNLOAD(5, "TSK_WEB_DOWNLOAD", //NON-NLS
959  bundle.getString("BlackboardArtifact.tskWebDownload.text")),
963  TSK_RECENT_OBJECT(6, "TSK_RECENT_OBJ", //NON-NLS
964  bundle.getString("BlackboardArtifact.tsk.recentObject.text")),
970  @Deprecated
971  TSK_GPS_TRACKPOINT(7, "TSK_GPS_TRACKPOINT", //NON-NLS
972  bundle.getString("BlackboardArtifact.tskGpsTrackpoint.text")),
976  TSK_INSTALLED_PROG(8, "TSK_INSTALLED_PROG", //NON-NLS
977  bundle.getString("BlackboardArtifact.tskInstalledProg.text")),
981  TSK_KEYWORD_HIT(9, "TSK_KEYWORD_HIT",
982  bundle.getString("BlackboardArtifact.tskKeywordHits.text")),
986  TSK_HASHSET_HIT(10, "TSK_HASHSET_HIT", //NON-NLS
987  bundle.getString("BlackboardArtifact.tskHashsetHit.text")),
991  TSK_DEVICE_ATTACHED(11, "TSK_DEVICE_ATTACHED", //NON-NLS
992  bundle.getString("BlackboardArtifact.tskDeviceAttached.text")),
997  TSK_INTERESTING_FILE_HIT(12, "TSK_INTERESTING_FILE_HIT", //NON-NLS
998  bundle.getString("BlackboardArtifact.tskInterestingFileHit.text")),
999 
1002  TSK_EMAIL_MSG(13, "TSK_EMAIL_MSG", //NON-NLS
1003  bundle.getString("BlackboardArtifact.tskEmailMsg.text")),
1007  TSK_EXTRACTED_TEXT(14, "TSK_EXTRACTED_TEXT", //NON-NLS
1008  bundle.getString("BlackboardArtifact.tskExtractedText.text")),
1012  TSK_WEB_SEARCH_QUERY(15, "TSK_WEB_SEARCH_QUERY", //NON-NLS
1013  bundle.getString("BlackboardArtifact.tskWebSearchQuery.text")),
1017  TSK_METADATA_EXIF(16, "TSK_METADATA_EXIF", //NON-NLS
1018  bundle.getString("BlackboardArtifact.tskMetadataExif.text")),
1024  @Deprecated
1025  TSK_TAG_FILE(17, "TSK_TAG_FILE", //NON-NLS
1026  bundle.getString("BlackboardArtifact.tagFile.text")),
1032  @Deprecated
1033  TSK_TAG_ARTIFACT(18, "TSK_TAG_ARTIFACT", //NON-NLS
1034  bundle.getString("BlackboardArtifact.tskTagArtifact.text")),
1038  TSK_OS_INFO(19, "TSK_OS_INFO", //NON-NLS
1039  bundle.getString("BlackboardArtifact.tskOsInfo.text")),
1043  TSK_OS_ACCOUNT(20, "TSK_OS_ACCOUNT", //NON-NLS
1044  bundle.getString("BlackboardArtifact.tskOsAccount.text")),
1048  TSK_SERVICE_ACCOUNT(21, "TSK_SERVICE_ACCOUNT", //NON-NLS
1049  bundle.getString("BlackboardArtifact.tskServiceAccount.text")),
1055  @Deprecated
1056  TSK_TOOL_OUTPUT(22, "TSK_TOOL_OUTPUT", //NON-NLS
1057  bundle.getString("BlackboardArtifact.tskToolOutput.text")),
1064  TSK_CONTACT(23, "TSK_CONTACT", //NON-NLS
1065  bundle.getString("BlackboardArtifact.tskContact.text")),
1072  TSK_MESSAGE(24, "TSK_MESSAGE", //NON-NLS
1073  bundle.getString("BlackboardArtifact.tskMessage.text")),
1079  TSK_CALLLOG(25, "TSK_CALLLOG", //NON-NLS
1080  bundle.getString("BlackboardArtifact.tskCalllog.text")),
1084  TSK_CALENDAR_ENTRY(26, "TSK_CALENDAR_ENTRY", //NON-NLS
1085  bundle.getString("BlackboardArtifact.tskCalendarEntry.text")),
1089  TSK_SPEED_DIAL_ENTRY(27, "TSK_SPEED_DIAL_ENTRY", //NON-NLS
1090  bundle.getString("BlackboardArtifact.tskSpeedDialEntry.text")),
1094  TSK_BLUETOOTH_PAIRING(28, "TSK_BLUETOOTH_PAIRING", //NON-NLS
1095  bundle.getString("BlackboardArtifact.tskBluetoothPairing.text")),
1099  TSK_GPS_BOOKMARK(29, "TSK_GPS_BOOKMARK", //NON-NLS
1100  bundle.getString("BlackboardArtifact.tskGpsBookmark.text")),
1104  TSK_GPS_LAST_KNOWN_LOCATION(30, "TSK_GPS_LAST_KNOWN_LOCATION", //NON-NLS
1105  bundle.getString("BlackboardArtifact.tskGpsLastKnownLocation.text")),
1109  TSK_GPS_SEARCH(31, "TSK_GPS_SEARCH", //NON-NLS
1110  bundle.getString("BlackboardArtifact.tskGpsSearch.text")),
1114  TSK_PROG_RUN(32, "TSK_PROG_RUN", //NON-NLS
1115  bundle.getString("BlackboardArtifact.tskProgRun.text")),
1119  TSK_ENCRYPTION_DETECTED(33, "TSK_ENCRYPTION_DETECTED", //NON-NLS
1120  bundle.getString("BlackboardArtifact.tskEncryptionDetected.text")),
1124  TSK_EXT_MISMATCH_DETECTED(34, "TSK_EXT_MISMATCH_DETECTED", //NON-NLS
1125  bundle.getString("BlackboardArtifact.tskExtMismatchDetected.text")),
1130  TSK_INTERESTING_ARTIFACT_HIT(35, "TSK_INTERESTING_ARTIFACT_HIT", //NON-NLS
1131  bundle.getString("BlackboardArtifact.tskInterestingArtifactHit.text")),
1137  TSK_GPS_ROUTE(36, "TSK_GPS_ROUTE", //NON-NLS
1138  bundle.getString("BlackboardArtifact.tskGpsRoute.text")),
1142  TSK_REMOTE_DRIVE(37, "TSK_REMOTE_DRIVE", //NON-NLS
1143  bundle.getString("BlackboardArtifact.tskRemoteDrive.text")),
1147  TSK_FACE_DETECTED(38, "TSK_FACE_DETECTED", //NON-NLS
1148  bundle.getString("BlackboardArtifact.tskFaceDetected.text")),
1152  TSK_ACCOUNT(39, "TSK_ACCOUNT", //NON-NLS
1153  bundle.getString("BlackboardArtifact.tskAccount.text")),
1157  TSK_ENCRYPTION_SUSPECTED(40, "TSK_ENCRYPTION_SUSPECTED", //NON-NLS
1158  bundle.getString("BlackboardArtifact.tskEncryptionSuspected.text")),
1159  /*
1160  * A classifier detected an object in a media file.
1161  */
1162  TSK_OBJECT_DETECTED(41, "TSK_OBJECT_DETECTED", //NON-NLS
1163  bundle.getString("BlackboardArtifact.tskObjectDetected.text")),
1167  TSK_WIFI_NETWORK(42, "TSK_WIFI_NETWORK", //NON-NLS
1168  bundle.getString("BlackboardArtifact.tskWIFINetwork.text")),
1172  TSK_DEVICE_INFO(43, "TSK_DEVICE_INFO", //NON-NLS
1173  bundle.getString("BlackboardArtifact.tskDeviceInfo.text")),
1177  TSK_SIM_ATTACHED(44, "TSK_SIM_ATTACHED", //NON-NLS
1178  bundle.getString("BlackboardArtifact.tskSimAttached.text")),
1182  TSK_BLUETOOTH_ADAPTER(45, "TSK_BLUETOOTH_ADAPTER", //NON-NLS
1183  bundle.getString("BlackboardArtifact.tskBluetoothAdapter.text")),
1187  TSK_WIFI_NETWORK_ADAPTER(46, "TSK_WIFI_NETWORK_ADAPTER", //NON-NLS
1188  bundle.getString("BlackboardArtifact.tskWIFINetworkAdapter.text")),
1192  TSK_VERIFICATION_FAILED(47, "TSK_VERIFICATION_FAILED", //NON-NLS
1193  bundle.getString("BlackboardArtifact.tskVerificationFailed.text")),
1197  TSK_DATA_SOURCE_USAGE(48, "TSK_DATA_SOURCE_USAGE", //NON-NLS
1198  bundle.getString("BlackboardArtifact.tskDataSourceUsage.text")),
1204  TSK_WEB_FORM_AUTOFILL(49, "TSK_WEB_FORM_AUTOFILL", //NON-NLS
1205  bundle.getString("BlackboardArtifact.tskWebFormAutofill.text")),
1211  TSK_WEB_FORM_ADDRESS(50, "TSK_WEB_FORM_ADDRESSES ", //NON-NLS
1212  bundle.getString("BlackboardArtifact.tskWebFormAddresses.text")),
1219  @Deprecated
1220  TSK_DOWNLOAD_SOURCE(51, "TSK_DOWNLOAD_SOURCE", //NON-NLS
1221  bundle.getString("BlackboardArtifact.tskDownloadSource.text")),
1225  TSK_WEB_CACHE(52, "TSK_WEB_CACHE", //NON-NLS
1226  bundle.getString("BlackboardArtifact.tskWebCache.text")),
1230  TSK_TL_EVENT(53, "TSK_TL_EVENT", //NON-NLS
1231  bundle.getString("BlackboardArtifact.tskTLEvent.text")),
1235  TSK_CLIPBOARD_CONTENT(54, "TSK_CLIPBOARD_CONTENT", //NON-NLS
1236  bundle.getString("BlackboardArtifact.tskClipboardContent.text")),
1240  TSK_ASSOCIATED_OBJECT(55, "TSK_ASSOCIATED_OBJECT", //NON-NLS
1241  bundle.getString("BlackboardArtifact.tskAssociatedObject.text")),
1245  TSK_USER_CONTENT_SUSPECTED(56, "TSK_USER_CONTENT_SUSPECTED", //NON-NLS
1246  bundle.getString("BlackboardArtifact.tskUserContentSuspected.text")),
1250  TSK_METADATA(57, "TSK_METADATA", //NON-NLS
1251  bundle.getString("BlackboardArtifact.tskMetadata.text")),
1257  TSK_GPS_TRACK(58, "TSK_GPS_TRACK",
1258  bundle.getString("BlackboardArtifact.tskTrack.text"));
1259  /* To developers: For each new artifact, ensure that:
1260  * - The enum value has 1-line JavaDoc description
1261  * - The artifact catalog (artifact_catalog.dox) is updated to reflect the attributes it uses
1262  */
1263 
1264 
1265 
1266  private final String label;
1267  private final int typeId;
1268  private final String displayName;
1269 
1277  private ARTIFACT_TYPE(int typeId, String label, String displayName) {
1278  this.typeId = typeId;
1279  this.label = label;
1280  this.displayName = displayName;
1281  }
1282 
1288  public int getTypeID() {
1289  return this.typeId;
1290  }
1291 
1297  public String getLabel() {
1298  return this.label;
1299  }
1300 
1309  static public ARTIFACT_TYPE fromLabel(String label) {
1310  for (ARTIFACT_TYPE value : ARTIFACT_TYPE.values()) {
1311  if (value.getLabel().equals(label)) {
1312  return value;
1313  }
1314  }
1315  throw new IllegalArgumentException("No ARTIFACT_TYPE matching type: " + label);
1316  }
1317 
1328  static public ARTIFACT_TYPE fromID(int id) {
1329  for (ARTIFACT_TYPE value : ARTIFACT_TYPE.values()) {
1330  if (value.getTypeID() == id) {
1331  return value;
1332  }
1333  }
1334  throw new IllegalArgumentException("No ARTIFACT_TYPE matching type: " + id);
1335  }
1336 
1342  public String getDisplayName() {
1343  return displayName;
1344  }
1345 
1357  @Override
1358  public <T> T accept(SleuthkitItemVisitor<T> visitor) {
1359  return visitor.visit(this);
1360  }
1361 
1362  }
1363 
1367  public enum ReviewStatus {
1368 
1369  APPROVED(1, "APPROVED", "ReviewStatus.Approved"), //approved by human user
1370  REJECTED(2, "REJECTED", "ReviewStatus.Rejected"), //rejected by humna user
1371  UNDECIDED(3, "UNDECIDED", "ReviewStatus.Undecided"); // not yet reviewed by human user
1372 
1373  private final Integer id;
1374  private final String name;
1375  private final String displayName;
1376  private final static Map<Integer, ReviewStatus> idToStatus = new HashMap<Integer, ReviewStatus>();
1377 
1378  static {
1379  for (ReviewStatus status : values()) {
1380  idToStatus.put(status.getID(), status);
1381  }
1382  }
1383 
1392  private ReviewStatus(Integer id, String name, String displayNameKey) {
1393  this.id = id;
1394  this.name = name;
1395  this.displayName = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle").getString(displayNameKey);
1396  }
1397 
1405  public static ReviewStatus withID(int id) {
1406  return idToStatus.get(id);
1407  }
1408 
1414  public Integer getID() {
1415  return id;
1416  }
1417 
1423  String getName() {
1424  return name;
1425  }
1426 
1432  public String getDisplayName() {
1433  return displayName;
1434  }
1435  }
1436 
1458  @Deprecated
1459  protected BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName) {
1460  this(sleuthkitCase, artifactID, objID, artifactObjID, dataSourceObjId, artifactTypeID, artifactTypeName, displayName, ReviewStatus.UNDECIDED);
1461  }
1462 
1477  @Deprecated
1478  public List<BlackboardAttribute> getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType) throws TskCoreException {
1479  if (loadedCacheFromDb == false) {
1480  List<BlackboardAttribute> attrs = getSleuthkitCase().getBlackboardAttributes(this);
1481  attrsCache.clear();
1482  attrsCache.addAll(attrs);
1483  loadedCacheFromDb = true;
1484  }
1485  ArrayList<BlackboardAttribute> filteredAttributes = new ArrayList<BlackboardAttribute>();
1486  for (BlackboardAttribute attr : attrsCache) {
1487  if (attr.getAttributeType().getTypeID() == attributeType.getTypeID()) {
1488  filteredAttributes.add(attr);
1489  }
1490  }
1491  return filteredAttributes;
1492  }
1493 
1494  @Override
1495  public long getId() {
1496  return this.artifactObjId;
1497  }
1498 
1507  @Override
1508  public List<Long> getChildrenIds() throws TskCoreException {
1509  List<Long> childrenIDs = new ArrayList<Long>();
1510  childrenIDs.addAll(getSleuthkitCase().getAbstractFileChildrenIds(this));
1511  childrenIDs.addAll(getSleuthkitCase().getBlackboardArtifactChildrenIds(this));
1512 
1513  return childrenIDs;
1514  }
1515 
1516  @Override
1517  public int getChildrenCount() throws TskCoreException {
1518  if (childrenCount != -1) {
1519  return childrenCount;
1520  }
1521 
1522  childrenCount = this.getSleuthkitCase().getContentChildrenCount(this);
1523 
1524  hasChildren = childrenCount > 0;
1525  checkedHasChildren = true;
1526 
1527  return childrenCount;
1528  }
1529 
1530  @Override
1531  public boolean hasChildren() throws TskCoreException {
1532  if (checkedHasChildren == true) {
1533  return hasChildren;
1534  }
1535 
1536  childrenCount = this.getSleuthkitCase().getContentChildrenCount(this);
1537 
1538  hasChildren = childrenCount > 0;
1539  checkedHasChildren = true;
1540 
1541  return hasChildren;
1542  }
1543 
1552  @Override
1553  public List<Content> getChildren() throws TskCoreException {
1554  List<Content> children = new ArrayList<>();
1555  children.addAll(getSleuthkitCase().getAbstractFileChildren(this));
1556  children.addAll(getSleuthkitCase().getBlackboardArtifactChildren(this));
1557 
1558  return children;
1559  }
1560 }
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromID
static ARTIFACT_TYPE fromID(int id)
Definition: BlackboardArtifact.java:1328
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(int artifactTypeID)
Definition: BlackboardArtifact.java:461
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO
TSK_PHONE_NUMBER_TO
Definition: BlackboardAttribute.java:1170
org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
Definition: SleuthkitCase.java:4335
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromLabel
static ARTIFACT_TYPE fromLabel(String label)
Definition: BlackboardArtifact.java:1309
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW
TSK_KEYWORD_PREVIEW
Definition: BlackboardAttribute.java:938
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME
TSK_NAME
Definition: BlackboardAttribute.java:917
org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes
void addBlackboardAttributes(Collection< BlackboardAttribute > attributes, int artifactTypeId)
Definition: SleuthkitCase.java:3887
org.sleuthkit.datamodel.BlackboardArtifact.Type.Type
Type(int typeID, String typeName, String displayName)
Definition: BlackboardArtifact.java:832
org.sleuthkit.datamodel.BlackboardArtifact.addAttributes
void addAttributes(Collection< BlackboardAttribute > attributes)
Definition: BlackboardArtifact.java:375
org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute
void addBlackboardAttribute(BlackboardAttribute attr, int artifactTypeId)
Definition: SleuthkitCase.java:3865
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN
TSK_DOMAIN
Definition: BlackboardAttribute.java:951
org.sleuthkit.datamodel.BlackboardArtifact.getAttributes
List< BlackboardAttribute > getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType)
Definition: BlackboardArtifact.java:1478
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER
TSK_PHONE_NUMBER
Definition: BlackboardAttribute.java:1019
org.sleuthkit.datamodel.ContentVisitor.visit
T visit(Directory d)
org.sleuthkit.datamodel.BlackboardArtifact.read
final int read(byte[] buf, long offset, long len)
Definition: BlackboardArtifact.java:750
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START
TSK_DATETIME_START
Definition: BlackboardAttribute.java:1182
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_OFFICE
TSK_EMAIL_OFFICE
Definition: BlackboardAttribute.java:1179
org.sleuthkit.datamodel.BlackboardArtifact.addAttribute
void addAttribute(BlackboardAttribute attribute)
Definition: BlackboardArtifact.java:314
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID
TSK_DEVICE_ID
Definition: BlackboardAttribute.java:966
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:476
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_HOME
TSK_EMAIL_HOME
Definition: BlackboardAttribute.java:1176
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME
TSK_DATETIME
Definition: BlackboardAttribute.java:914
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE
TSK_PHONE_NUMBER_MOBILE
Definition: BlackboardAttribute.java:1164
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.accept
public< T > T accept(SleuthkitItemVisitor< T > visitor)
Definition: BlackboardArtifact.java:1358
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_RCVD
TSK_DATETIME_RCVD
Definition: BlackboardAttribute.java:1068
org.sleuthkit.datamodel.BlackboardArtifact.newArtifact
BlackboardArtifact newArtifact(int artifactTypeID)
Definition: BlackboardArtifact.java:620
org.sleuthkit.datamodel.BlackboardArtifact.getAttribute
BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType)
Definition: BlackboardArtifact.java:356
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT
TSK_DATETIME_SENT
Definition: BlackboardAttribute.java:1071
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_OFFICE
TSK_PHONE_NUMBER_OFFICE
Definition: BlackboardAttribute.java:1161
org.sleuthkit.datamodel.BlackboardArtifact.getArtifactsCount
long getArtifactsCount(String artifactTypeName)
Definition: BlackboardArtifact.java:505
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME
TSK_PHONE_NUMBER_HOME
Definition: BlackboardAttribute.java:1158
org.sleuthkit.datamodel.Content
Definition: Content.java:32
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END
TSK_DATETIME_END
Definition: BlackboardAttribute.java:1185
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL
TSK_EMAIL
Definition: BlackboardAttribute.java:969
org.sleuthkit.datamodel.ContentVisitor
Definition: ContentVisitor.java:32
org.sleuthkit.datamodel.BlackboardArtifact.getGenInfoArtifact
BlackboardArtifact getGenInfoArtifact(boolean create)
Definition: BlackboardArtifact.java:570
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getDisplayName
String getDisplayName()
Definition: BlackboardArtifact.java:1342
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getLabel
String getLabel()
Definition: BlackboardArtifact.java:1297
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(String artifactTypeName)
Definition: BlackboardArtifact.java:445
org.sleuthkit.datamodel.BlackboardArtifact.BlackboardArtifact
BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName)
Definition: BlackboardArtifact.java:1459
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED
TSK_DATETIME_ACCESSED
Definition: BlackboardAttribute.java:1013
org.sleuthkit.datamodel.BlackboardArtifact.getAllArtifacts
ArrayList< BlackboardArtifact > getAllArtifacts()
Definition: BlackboardArtifact.java:429
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM
TSK_PHONE_NUMBER_FROM
Definition: BlackboardAttribute.java:1167
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED
TSK_DATETIME_CREATED
Definition: BlackboardAttribute.java:1137
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getTypeID
int getTypeID()
Definition: BlackboardArtifact.java:1288
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE
Definition: BlackboardAttribute.java:909
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED
TSK_DATETIME_MODIFIED
Definition: BlackboardAttribute.java:1140
org.sleuthkit.datamodel.BlackboardArtifact.getArtifactsCount
long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:537
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_TO
TSK_EMAIL_TO
Definition: BlackboardAttribute.java:1041
org.sleuthkit.datamodel.BlackboardArtifact.getGenInfoAttributes
ArrayList< BlackboardAttribute > getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type)
Definition: BlackboardArtifact.java:590
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE
Definition: BlackboardArtifact.java:925
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM
TSK_EMAIL_FROM
Definition: BlackboardAttribute.java:1050
org.sleuthkit.datamodel.Content.getUniquePath
String getUniquePath()
org.sleuthkit.datamodel.BlackboardArtifact.newArtifact
BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:635
org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus
void setReviewStatus(BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus)
Definition: SleuthkitCase.java:9428

Copyright © 2011-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.