Autopsy  4.13.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
ListViewModel.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.ui.listvew.datamodel;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.Collections;
24 import java.util.Comparator;
25 import java.util.HashMap;
26 import java.util.List;
27 import java.util.Map;
28 import java.util.Map.Entry;
29 import java.util.Objects;
30 import static java.util.stream.Collectors.groupingBy;
31 import org.joda.time.Interval;
34 import org.sleuthkit.datamodel.TimelineManager;
35 import org.sleuthkit.datamodel.TskCoreException;
36 import org.sleuthkit.datamodel.TimelineEvent;
37 import org.sleuthkit.datamodel.TimelineEventType;
38 import org.sleuthkit.datamodel.TimelineLevelOfDetail;
39 
45 public class ListViewModel {
46 
47  private final EventsModel eventsModel;
48  private final TimelineManager eventManager;
49 
50  public ListViewModel(EventsModel eventsModel) {
51  this.eventsModel = eventsModel;
52  this.eventManager = eventsModel.getEventManager();
53  }
54 
65  public List<CombinedEvent> getCombinedEvents() throws TskCoreException {
66  return getCombinedEvents(eventsModel.getTimeRange(), eventsModel.getEventFilterState());
67  }
68 
83  public List<CombinedEvent> getCombinedEvents(Interval timeRange, RootFilterState filterState) throws TskCoreException {
84  List<TimelineEvent> events = eventManager.getEvents(timeRange, filterState.getActiveFilter());
85 
86  if (events == null || events.isEmpty()) {
87  return Collections.emptyList();
88  }
89 
90  ArrayList<CombinedEvent> combinedEvents = new ArrayList<>();
91 
92  Map<CombinedEventGroup, List<TimelineEvent>> groupedEventList = events.stream().collect(groupingBy(event -> new CombinedEventGroup(event.getTime(), event.getContentObjID(), event.getDescription(TimelineLevelOfDetail.HIGH))));
93 
94  for(Entry<CombinedEventGroup, List<TimelineEvent>> entry: groupedEventList.entrySet()){
95  List<TimelineEvent> groupedEvents = entry.getValue();
96  CombinedEventGroup group = entry.getKey();
97 
98  Map<TimelineEventType, Long> eventMap = new HashMap<>();
99  for(TimelineEvent event: groupedEvents) {
100  eventMap.put(event.getEventType(), event.getEventID());
101  }
102 
103  // We want to merge together file sub-type events that are at
104  //the same time, but create individual events for other event
105  // sub-types
106  if (hasFileTypeEvents(eventMap.keySet()) || eventMap.size() == 1) {
107  combinedEvents.add(new CombinedEvent(group.getTime() * 1000, eventMap));
108  } else {
109  for(Entry<TimelineEventType, Long> singleEntry: eventMap.entrySet()) {
110  Map<TimelineEventType, Long> singleEventMap = new HashMap<>();
111  singleEventMap.put(singleEntry.getKey(), singleEntry.getValue());
112  combinedEvents.add(new CombinedEvent(group.getTime() * 1000, singleEventMap));
113  }
114  }
115  }
116 
117  Collections.sort(combinedEvents, new SortEventByTime());
118 
119  return combinedEvents;
120  }
121 
122  private boolean hasFileTypeEvents(Collection<TimelineEventType> eventTypes) {
123  for (TimelineEventType type: eventTypes) {
124  if (type.getCategory() != TimelineEventType.FILE_SYSTEM) {
125  return false;
126  }
127  }
128 
129  return true;
130  }
131 
136  final class CombinedEventGroup {
137  private final String description;
138  private final long time;
139  private final long fileID;
140 
148  CombinedEventGroup(long time, long fileID, String description) {
149  this.description = description;
150  this.time = time;
151  this.fileID = fileID;
152  }
153 
159  long getTime() {
160  return time;
161  }
162 
163  @Override
164  public boolean equals (Object obj) {
165  if ( !(obj instanceof CombinedEventGroup)) {
166  return false;
167  }
168 
169  CombinedEventGroup group = (CombinedEventGroup)obj;
170 
171  return description.equals(group.description)
172  && time == group.time
173  && fileID == group.fileID;
174  }
175 
176  @Override
177  public int hashCode() {
178  int hash = 3;
179  hash = 31 * hash + Objects.hashCode(this.description);
180  hash = 31 * hash + (int) (this.time ^ (this.time >>> 32));
181  hash = 31 * hash + (int) (this.fileID ^ (this.fileID >>> 32));
182  return hash;
183  }
184 
185  }
186 
190  class SortEventByTime implements Comparator<CombinedEvent> {
191 
192  @Override
193  public int compare(CombinedEvent o1, CombinedEvent o2) {
194  return Long.compare(o1.getStartMillis(), o2.getStartMillis());
195  }
196 
197  }
198 }
List< CombinedEvent > getCombinedEvents(Interval timeRange, RootFilterState filterState)
synchronized RootFilterState getEventFilterState()
boolean hasFileTypeEvents(Collection< TimelineEventType > eventTypes)

Copyright © 2012-2019 Basis Technology. Generated on: Tue Jan 7 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.