Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CaseDataSourcesSummary.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datasourcesummary.datamodel;
20 
21 import java.util.Collections;
22 import java.util.HashMap;
23 import java.util.List;
24 import java.util.Map;
25 import java.util.logging.Level;
29 import org.sleuthkit.datamodel.BlackboardArtifact;
30 import org.sleuthkit.datamodel.BlackboardAttribute;
31 import org.sleuthkit.datamodel.SleuthkitCase;
32 import org.sleuthkit.datamodel.TskCoreException;
33 import org.sleuthkit.datamodel.TskData;
34 
38 public class CaseDataSourcesSummary {
39 
40  private static final Logger logger = Logger.getLogger(CaseDataSourcesSummary.class.getName());
41 
50  public static Map<Long, String> getDataSourceTypes() {
51  try {
52  SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
53  List<BlackboardArtifact> listOfArtifacts = skCase.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_DATA_SOURCE_USAGE);
54  Map<Long, String> typeMap = new HashMap<>();
55  for (BlackboardArtifact typeArtifact : listOfArtifacts) {
56  BlackboardAttribute descriptionAttr = typeArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION));
57  if (typeArtifact.getDataSource() != null && descriptionAttr != null) {
58  long dsId = typeArtifact.getDataSource().getId();
59  String type = typeMap.get(typeArtifact.getDataSource().getId());
60  if (type == null) {
61  type = descriptionAttr.getValueString();
62  } else {
63  type = type + ", " + descriptionAttr.getValueString();
64  }
65  typeMap.put(dsId, type);
66  }
67  }
68  return typeMap;
69  } catch (TskCoreException | NoCurrentCaseException ex) {
70  logger.log(Level.WARNING, "Unable to get types of files for all datasources, providing empty results", ex);
71  return Collections.emptyMap();
72  }
73  }
74 
83  public static Map<Long, Long> getCountsOfFiles() {
84  try {
85  final String countFilesQuery = "data_source_obj_id, COUNT(*) AS value FROM tsk_files"
86  + " WHERE meta_type=" + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
87  + " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()
88  + " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue()
89  + " AND name<>''"
90  + " GROUP BY data_source_obj_id"; //NON-NLS
91  return getValuesMap(countFilesQuery);
92  } catch (TskCoreException | NoCurrentCaseException ex) {
93  logger.log(Level.WARNING, "Unable to get counts of files for all datasources, providing empty results", ex);
94  return Collections.emptyMap();
95  }
96  }
97 
106  public static Map<Long, Long> getCountsOfArtifacts() {
107  try {
108  final String countArtifactsQuery = "data_source_obj_id, COUNT(*) AS value"
109  + " FROM blackboard_artifacts WHERE review_status_id !=" + BlackboardArtifact.ReviewStatus.REJECTED.getID()
110  + " GROUP BY data_source_obj_id"; //NON-NLS
111  return getValuesMap(countArtifactsQuery);
112  } catch (TskCoreException | NoCurrentCaseException ex) {
113  logger.log(Level.WARNING, "Unable to get counts of artifacts for all datasources, providing empty results", ex);
114  return Collections.emptyMap();
115  }
116  }
117 
127  public static Map<Long, Long> getCountsOfTags() {
128  try {
129  final String countFileTagsQuery = "data_source_obj_id, COUNT(*) AS value"
130  + " FROM content_tags as content_tags, tsk_files as tsk_files"
131  + " WHERE content_tags.obj_id = tsk_files.obj_id"
132  + " GROUP BY data_source_obj_id"; //NON-NLS
133  //new hashmap so it can be modifiable
134  Map<Long, Long> tagCountMap = new HashMap<>(getValuesMap(countFileTagsQuery));
135  final String countArtifactTagsQuery = "data_source_obj_id, COUNT(*) AS value"
136  + " FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts"
137  + " WHERE artifact_tags.artifact_id = arts.artifact_id"
138  + " GROUP BY data_source_obj_id"; //NON-NLS
139  //combine the results from the count artifact tags query into the copy of the mapped results from the count file tags query
140  getValuesMap(countArtifactTagsQuery).forEach((key, value) -> tagCountMap.merge(key, value, (value1, value2) -> value1 + value2));
141  return tagCountMap;
142  } catch (TskCoreException | NoCurrentCaseException ex) {
143  logger.log(Level.WARNING, "Unable to get counts of tags for all datasources, providing empty results", ex);
144  return Collections.emptyMap();
145  }
146  }
147 
159  private static Map<Long, Long> getValuesMap(String query) throws TskCoreException, NoCurrentCaseException {
160  SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
161  DataSourceSingleValueCallback callback = new DataSourceSingleValueCallback();
162  skCase.getCaseDbAccessManager().select(query, callback);
163  return callback.getMapOfValues();
164  }
165 
167  }
168 }
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.