Autopsy  4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
ListViewModel.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.ui.listvew.datamodel;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.Collections;
24 import java.util.Comparator;
25 import java.util.HashMap;
26 import java.util.List;
27 import java.util.Map;
28 import java.util.Map.Entry;
29 import java.util.Objects;
30 import static java.util.stream.Collectors.groupingBy;
31 import org.joda.time.Interval;
34 import org.sleuthkit.datamodel.TimelineManager;
35 import org.sleuthkit.datamodel.TskCoreException;
36 import org.sleuthkit.datamodel.TimelineEvent;
37 import org.sleuthkit.datamodel.TimelineEventType;
38 
44 public class ListViewModel {
45 
47  private final TimelineManager eventManager;
48 
49  public ListViewModel(FilteredEventsModel eventsModel) {
50  this.eventsModel = eventsModel;
51  this.eventManager = eventsModel.getEventManager();
52  }
53 
64  public List<CombinedEvent> getCombinedEvents() throws TskCoreException {
65  return getCombinedEvents(eventsModel.getTimeRange(), eventsModel.getFilterState());
66  }
67 
82  public List<CombinedEvent> getCombinedEvents(Interval timeRange, RootFilterState filterState) throws TskCoreException {
83  List<TimelineEvent> events = eventManager.getEvents(timeRange, filterState.getActiveFilter());
84 
85  if (events == null || events.isEmpty()) {
86  return Collections.emptyList();
87  }
88 
89  ArrayList<CombinedEvent> combinedEvents = new ArrayList<>();
90 
91  Map<CombinedEventGroup, List<TimelineEvent>> groupedEventList = events.stream().collect(groupingBy(event -> new CombinedEventGroup(event.getTime(), event.getFileObjID(), event.getFullDescription())));
92 
93  for(Entry<CombinedEventGroup, List<TimelineEvent>> entry: groupedEventList.entrySet()){
94  List<TimelineEvent> groupedEvents = entry.getValue();
95  CombinedEventGroup group = entry.getKey();
96 
97  Map<TimelineEventType, Long> eventMap = new HashMap<>();
98  for(TimelineEvent event: groupedEvents) {
99  eventMap.put(event.getEventType(), event.getEventID());
100  }
101 
102  // We want to merge together file sub-type events that are at
103  //the same time, but create individual events for other event
104  // sub-types
105  if (hasFileTypeEvents(eventMap.keySet()) || eventMap.size() == 1) {
106  combinedEvents.add(new CombinedEvent(group.getTime() * 1000, eventMap));
107  } else {
108  for(Entry<TimelineEventType, Long> singleEntry: eventMap.entrySet()) {
109  Map<TimelineEventType, Long> singleEventMap = new HashMap<>();
110  singleEventMap.put(singleEntry.getKey(), singleEntry.getValue());
111  combinedEvents.add(new CombinedEvent(group.getTime() * 1000, singleEventMap));
112  }
113  }
114  }
115 
116  Collections.sort(combinedEvents, new SortEventByTime());
117 
118  return combinedEvents;
119  }
120 
121  private boolean hasFileTypeEvents(Collection<TimelineEventType> eventTypes) {
122  for (TimelineEventType type: eventTypes) {
123  if (type.getBaseType() != TimelineEventType.FILE_SYSTEM) {
124  return false;
125  }
126  }
127 
128  return true;
129  }
130 
135  final class CombinedEventGroup {
136  private final String description;
137  private final long time;
138  private final long fileID;
139 
147  CombinedEventGroup(long time, long fileID, String description) {
148  this.description = description;
149  this.time = time;
150  this.fileID = fileID;
151  }
152 
158  long getTime() {
159  return time;
160  }
161 
162  @Override
163  public boolean equals (Object obj) {
164  if ( !(obj instanceof CombinedEventGroup)) {
165  return false;
166  }
167 
168  CombinedEventGroup group = (CombinedEventGroup)obj;
169 
170  return description.equals(group.description)
171  && time == group.time
172  && fileID == group.fileID;
173  }
174 
175  @Override
176  public int hashCode() {
177  int hash = 3;
178  hash = 31 * hash + Objects.hashCode(this.description);
179  hash = 31 * hash + (int) (this.time ^ (this.time >>> 32));
180  hash = 31 * hash + (int) (this.fileID ^ (this.fileID >>> 32));
181  return hash;
182  }
183 
184  }
185 
189  class SortEventByTime implements Comparator<CombinedEvent> {
190 
191  @Override
192  public int compare(CombinedEvent o1, CombinedEvent o2) {
193  return Long.compare(o1.getStartMillis(), o2.getStartMillis());
194  }
195 
196  }
197 }
List< CombinedEvent > getCombinedEvents(Interval timeRange, RootFilterState filterState)
boolean hasFileTypeEvents(Collection< TimelineEventType > eventTypes)

Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.