Autopsy  4.10.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CommonAttributeCountSearchResults.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2018-2019 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.commonpropertiessearch;
21 
22 import java.util.ArrayList;
23 import java.util.Collections;
24 import java.util.HashMap;
25 import java.util.List;
26 import java.util.Map;
27 import java.util.Map.Entry;
28 import java.util.TreeMap;
29 import java.util.logging.Level;
35 
41 
42  private static final Logger LOGGER = Logger.getLogger(CommonAttributeCountSearchResults.class.getName());
43 
44  // maps instance count to list of attribute values.
45  private final Map<Integer, CommonAttributeValueList> instanceCountToAttributeValues;
46  private final int percentageThreshold;
47  private final int resultTypeId;
48 
60  CommonAttributeCountSearchResults(Map<Integer, CommonAttributeValueList> metadata, int percentageThreshold, CorrelationAttributeInstance.Type resultType) {
61  //wrap in a new object in case any client code has used an unmodifiable collection
62  this.instanceCountToAttributeValues = new TreeMap<>(metadata);
63  this.percentageThreshold = percentageThreshold;
64  this.resultTypeId = resultType.getId();
65  }
66 
75  CommonAttributeCountSearchResults(Map<Integer, CommonAttributeValueList> metadata, int percentageThreshold) {
76  //wrap in a new object in case any client code has used an unmodifiable collection
77  this.instanceCountToAttributeValues = new TreeMap<>(metadata);
78  this.percentageThreshold = percentageThreshold;
79  this.resultTypeId = CorrelationAttributeInstance.FILES_TYPE_ID;
80  }
81 
92  CommonAttributeValueList getAttributeValuesForInstanceCount(Integer instanceCount) {
93  return this.instanceCountToAttributeValues.get(instanceCount);
94  }
95 
103  public Map<Integer, CommonAttributeValueList> getMetadata() {
104  return Collections.unmodifiableMap(this.instanceCountToAttributeValues);
105  }
106 
112  public void filterMetadata() throws EamDbException {
113  filterMetadata(this.percentageThreshold);
114  }
115 
126  private void filterMetadata(int maximumPercentageThreshold) throws EamDbException {
127  if (!EamDb.isEnabled()) {
128  return;
129  }
130 
133  .stream()
134  .filter(filterType -> filterType.getId() == this.resultTypeId)
135  .findFirst().get();
136 
137  EamDb eamDb = EamDb.getInstance();
138 
139  Map<Integer, List<CommonAttributeValue>> itemsToRemove = new HashMap<>();
140  //Call countUniqueDataSources once to reduce the number of DB queries needed to get
141  //the frequencyPercentage
142  Double uniqueCaseDataSourceTuples = eamDb.getCountUniqueDataSources().doubleValue();
143 
144  for (Entry<Integer, CommonAttributeValueList> listOfValues : Collections.unmodifiableMap(this.instanceCountToAttributeValues).entrySet()) {
145 
146  final Integer key = listOfValues.getKey();
147  final CommonAttributeValueList values = listOfValues.getValue();
148 
149  for (CommonAttributeValue value : values.getDelayedMetadataSet()) { // Need the real metadata
150  if (maximumPercentageThreshold != 0) { //only do the frequency filtering when a max % was set
151  try {
152  Double uniqueTypeValueTuples = eamDb.getCountUniqueCaseDataSourceTuplesHavingTypeValue(
153  attributeType, value.getValue()).doubleValue();
154  Double commonalityPercentage = uniqueTypeValueTuples / uniqueCaseDataSourceTuples * 100;
155  int frequencyPercentage = commonalityPercentage.intValue();
156  if (frequencyPercentage > maximumPercentageThreshold) {
157  if (itemsToRemove.containsKey(key)) {
158  itemsToRemove.get(key).add(value);
159  } else {
160  List<CommonAttributeValue> toRemove = new ArrayList<>();
161  toRemove.add(value);
162  itemsToRemove.put(key, toRemove);
163  }
164  }
166  LOGGER.log(Level.WARNING, "Unable to determine frequency percentage attribute - frequency filter may not be accurate for these results.", ex);
167  }
168  }
169  }
170  }
171  for (Entry<Integer, List<CommonAttributeValue>> valuesToRemove : itemsToRemove.entrySet()) {
172  final Integer key = valuesToRemove.getKey();
173  final List<CommonAttributeValue> values = valuesToRemove.getValue();
174  for (CommonAttributeValue value : values) {
175  final CommonAttributeValueList instanceCountValue = this.instanceCountToAttributeValues.get(key);
176  if (instanceCountValue != null) {
177  instanceCountValue.removeMetaData(value);
178  if (instanceCountValue.getDelayedMetadataSet().isEmpty()) { // Check the real metadata
179  this.instanceCountToAttributeValues.remove(key);
180  }
181  }
182  }
183  }
184  }
185 
191  public int size() {
192 
193  int count = 0;
194  for (CommonAttributeValueList data : this.instanceCountToAttributeValues.values()) {
195  for (CommonAttributeValue md5 : data.getDelayedMetadataSet()) {
196  count += md5.getInstanceCount();
197  }
198  }
199  return count;
200  }
201 }
Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

Copyright © 2012-2018 Basis Technology. Generated on: Fri Mar 22 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.