Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
AbstractAbstractFileNode.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datamodel;
20 
21 import java.sql.ResultSet;
22 import java.sql.SQLException;
23 import java.util.Map;
24 import java.util.logging.Level;
25 import org.openide.util.NbBundle;
33 
39 public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends AbstractContentNode<T> {
40 
42 
47  AbstractAbstractFileNode(T abstractFile) {
48  super(abstractFile);
49  }
50 
51  // Note: this order matters for the search result, changed it if the order of property headers on the "KeywordSearchNode"changed
52  public static enum AbstractFilePropertyType {
53 
54  NAME {
55  @Override
56  public String toString() {
57  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.nameColLbl");
58  }
59  },
60  LOCATION {
61  @Override
62  public String toString() {
63  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.locationColLbl");
64  }
65  },
66  MOD_TIME {
67  @Override
68  public String toString() {
69  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.modifiedTimeColLbl");
70  }
71  },
72  CHANGED_TIME {
73  @Override
74  public String toString() {
75  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.changeTimeColLbl");
76  }
77  },
78  ACCESS_TIME {
79  @Override
80  public String toString() {
81  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.accessTimeColLbl");
82  }
83  },
84  CREATED_TIME {
85  @Override
86  public String toString() {
87  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.createdTimeColLbl");
88  }
89  },
90  SIZE {
91  @Override
92  public String toString() {
93  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.sizeColLbl");
94  }
95  },
96  FLAGS_DIR {
97  @Override
98  public String toString() {
99  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.flagsDirColLbl");
100  }
101  },
102  FLAGS_META {
103  @Override
104  public String toString() {
105  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.flagsMetaColLbl");
106  }
107  },
108  MODE {
109  @Override
110  public String toString() {
111  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.modeColLbl");
112  }
113  },
114  USER_ID {
115  @Override
116  public String toString() {
117  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.useridColLbl");
118  }
119  },
120  GROUP_ID {
121  @Override
122  public String toString() {
123  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.groupidColLbl");
124  }
125  },
126  META_ADDR {
127  @Override
128  public String toString() {
129  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.metaAddrColLbl");
130  }
131  },
132  ATTR_ADDR {
133  @Override
134  public String toString() {
135  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.attrAddrColLbl");
136  }
137  },
138  TYPE_DIR {
139  @Override
140  public String toString() {
141  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.typeDirColLbl");
142  }
143  },
144  TYPE_META {
145  @Override
146  public String toString() {
147  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.typeMetaColLbl");
148  }
149  },
150  KNOWN {
151  @Override
152  public String toString() {
153  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.knownColLbl");
154  }
155  },
156  HASHSETS {
157  @Override
158  public String toString() {
159  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.inHashsetsColLbl");
160  }
161  },
162  MD5HASH {
163  @Override
164  public String toString() {
165 
166  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.md5HashColLbl");
167  }
168  },
169  ObjectID {
170  @Override
171  public String toString() {
172  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.objectId");
173 
174  }
175  },
176  }
177 
178 
186  public static void fillPropertyMap(Map<String, Object> map, AbstractFile content) {
187 
188  String path = "";
189  try {
190  path = content.getUniquePath();
191  } catch (TskCoreException ex) {
192  logger.log(Level.SEVERE, "Except while calling Content.getUniquePath() on {0}", content); //NON-NLS
193  }
194 
195  map.put(AbstractFilePropertyType.NAME.toString(), AbstractAbstractFileNode.getContentDisplayName(content));
196  map.put(AbstractFilePropertyType.LOCATION.toString(), path);
197  map.put(AbstractFilePropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content));
198  map.put(AbstractFilePropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(content.getCtime(), content));
199  map.put(AbstractFilePropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
200  map.put(AbstractFilePropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
201  map.put(AbstractFilePropertyType.SIZE.toString(), content.getSize());
202  map.put(AbstractFilePropertyType.FLAGS_DIR.toString(), content.getDirFlagAsString());
203  map.put(AbstractFilePropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
204  map.put(AbstractFilePropertyType.MODE.toString(), content.getModesAsString());
205  map.put(AbstractFilePropertyType.USER_ID.toString(), content.getUid());
206  map.put(AbstractFilePropertyType.GROUP_ID.toString(), content.getGid());
207  map.put(AbstractFilePropertyType.META_ADDR.toString(), content.getMetaAddr());
208  map.put(AbstractFilePropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType().getValue()) + "-" + Long.toString(content.getAttrId()));
209  map.put(AbstractFilePropertyType.TYPE_DIR.toString(), content.getDirType().getLabel());
210  map.put(AbstractFilePropertyType.TYPE_META.toString(), content.getMetaType().toString());
211  map.put(AbstractFilePropertyType.KNOWN.toString(), content.getKnown().getName());
212  map.put(AbstractFilePropertyType.HASHSETS.toString(), getHashSetHitsForFile(content));
213  map.put(AbstractFilePropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
214  map.put(AbstractFilePropertyType.ObjectID.toString(), content.getId());
215  }
216 
217 
218  static String getContentDisplayName(AbstractFile file) {
219  String name = file.getName();
220  switch (name) {
221  case "..":
222  name = DirectoryNode.DOTDOTDIR;
223  break;
224  case ".":
225  name = DirectoryNode.DOTDIR;
226  break;
227  }
228  return name;
229  }
230  @SuppressWarnings("deprecation")
231  private static String getHashSetHitsForFile(AbstractFile content) {
232  String strList = "";
233  SleuthkitCase skCase = content.getSleuthkitCase();
234  long objId = content.getId();
235 
236  int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
237  int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID();
238 
239  String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
240  + "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
241  + "attribute_type_id=" + setNameId //NON-NLS
242  + " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
243  + " AND blackboard_artifacts.artifact_type_id=" + artId //NON-NLS
244  + " AND blackboard_artifacts.obj_id=" + objId; //NON-NLS
245 
246  try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
247  ResultSet resultSet = dbQuery.getResultSet();
248  int i = 0;
249  while (resultSet.next()) {
250  if (i++ > 0) {
251  strList += ", ";
252  }
253  strList += resultSet.getString("value_text"); //NON-NLS
254  }
255  } catch (TskCoreException | SQLException ex) {
256  logger.log(Level.WARNING, "Error getting hashset hits: ", ex); //NON-NLS
257  }
258 
259  return strList;
260  }
261 
262 }
static String getStringTime(long epochSeconds, TimeZone tzone)
TSK_FS_NAME_TYPE_ENUM getDirType()
static void fillPropertyMap(Map< String, Object > map, AbstractFile content)
TSK_FS_META_TYPE_ENUM getMetaType()
static Logger getLogger(String name)
Definition: Logger.java:131
CaseDbQuery executeQuery(String query)
TskData.TSK_FS_ATTR_TYPE_ENUM getAttrType()

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.