Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
DataSourceInfoUtilities.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019 - 2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datasourcesummary.datamodel;
20 
21 import java.sql.ResultSet;
22 import java.sql.SQLException;
23 import java.util.ArrayList;
24 import java.util.Comparator;
25 import java.util.Date;
26 import java.util.List;
27 import java.util.SortedMap;
28 import java.util.TreeMap;
29 import org.sleuthkit.datamodel.SleuthkitCase;
30 import org.sleuthkit.datamodel.TskCoreException;
31 import org.apache.commons.lang.StringUtils;
32 import org.sleuthkit.datamodel.BlackboardArtifact;
33 import org.sleuthkit.datamodel.BlackboardAttribute;
34 import org.sleuthkit.datamodel.BlackboardAttribute.Type;
35 import org.sleuthkit.datamodel.DataSource;
36 import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
37 import org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM;
38 import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
39 
44 final class DataSourceInfoUtilities {
45 
58  static Long getCountOfTskFiles(SleuthkitCase skCase, DataSource currentDataSource, String additionalWhere)
59  throws TskCoreException, SQLException {
60  if (currentDataSource != null) {
61  return skCase.countFilesWhere(
62  "data_source_obj_id=" + currentDataSource.getId()
63  + (StringUtils.isBlank(additionalWhere) ? "" : (" AND " + additionalWhere)));
64  }
65  return null;
66  }
67 
80  static Long getCountOfRegularFiles(SleuthkitCase skCase, DataSource currentDataSource, String additionalWhere)
81  throws TskCoreException, SQLException {
82  String whereClause = "meta_type=" + TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue();
83 
84  if (StringUtils.isNotBlank(additionalWhere)) {
85  whereClause += " AND " + additionalWhere;
86  }
87 
88  return getCountOfTskFiles(skCase, currentDataSource, whereClause);
89  }
90 
103  static Long getCountOfRegNonSlackFiles(SleuthkitCase skCase, DataSource currentDataSource, String additionalWhere)
104  throws TskCoreException, SQLException {
105  String whereClause = "meta_type=" + TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
106  + " AND type<>" + TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType();
107 
108  if (StringUtils.isNotBlank(additionalWhere)) {
109  whereClause += " AND " + additionalWhere;
110  }
111 
112  return getCountOfTskFiles(skCase, currentDataSource, whereClause);
113  }
114 
118  interface ResultSetHandler<T> {
119 
120  T process(ResultSet resultset) throws SQLException;
121  }
122 
136  static <T> T getBaseQueryResult(SleuthkitCase skCase, String query, ResultSetHandler<T> processor)
137  throws TskCoreException, SQLException {
138  try (SleuthkitCase.CaseDbQuery dbQuery = skCase.executeQuery(query)) {
139  ResultSet resultSet = dbQuery.getResultSet();
140  return processor.process(resultSet);
141  }
142  }
143 
152  static String getMetaFlagsContainsStatement(TSK_FS_META_FLAG_ENUM flag) {
153  return "meta_flags & " + flag.getValue() + " > 0";
154  }
155 
159  enum SortOrder {
160  DESCENDING,
161  ASCENDING
162  }
163 
184  static List<BlackboardArtifact> getArtifacts(SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder) throws TskCoreException {
185  return getArtifacts(skCase, artifactType, dataSource, attributeType, sortOrder, 0);
186  }
187 
210  static List<BlackboardArtifact> getArtifacts(SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder, int maxCount) throws TskCoreException {
211  if (maxCount < 0) {
212  throw new IllegalArgumentException("Invalid maxCount passed to getArtifacts, value must be equal to or greater than 0");
213  }
214 
215  return createListFromMap(getArtifactMap(skCase, artifactType, dataSource, attributeType, sortOrder), maxCount);
216  }
217 
221  private DataSourceInfoUtilities() {
222  }
223 
240  static private SortedMap<BlackboardAttribute, List<BlackboardArtifact>> getArtifactMap(SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder) throws TskCoreException {
241  SortedMap<BlackboardAttribute, List<BlackboardArtifact>> sortedMap = new TreeMap<>(new AttributeComparator(sortOrder));
242  List<BlackboardArtifact> artifactList = skCase.getBlackboard().getArtifacts(artifactType.getTypeID(), dataSource.getId());
243 
244  for (BlackboardArtifact artifact : artifactList) {
245  BlackboardAttribute attribute = artifact.getAttribute(attributeType);
246  if (attribute == null) {
247  continue;
248  }
249 
250  List<BlackboardArtifact> mapArtifactList = sortedMap.get(attribute);
251  if (mapArtifactList == null) {
252  mapArtifactList = new ArrayList<>();
253  sortedMap.put(attribute, mapArtifactList);
254  }
255 
256  mapArtifactList.add(artifact);
257  }
258 
259  return sortedMap;
260  }
261 
270  static private List<BlackboardArtifact> createListFromMap(SortedMap<BlackboardAttribute, List<BlackboardArtifact>> sortedMap, int maxCount) {
271  List<BlackboardArtifact> artifactList = new ArrayList<>();
272 
273  for (List<BlackboardArtifact> mapArtifactList : sortedMap.values()) {
274 
275  if (maxCount == 0 || (artifactList.size() + mapArtifactList.size()) <= maxCount) {
276  artifactList.addAll(mapArtifactList);
277  continue;
278  }
279 
280  if (maxCount == artifactList.size()) {
281  break;
282  }
283 
284  for (BlackboardArtifact artifact : mapArtifactList) {
285  if (artifactList.size() < maxCount) {
286  artifactList.add(artifact);
287  } else {
288  break;
289  }
290  }
291  }
292  return artifactList;
293  }
294 
304  private static class AttributeComparator implements Comparator<BlackboardAttribute> {
305 
306  private final SortOrder direction;
307 
308  AttributeComparator(SortOrder direction) {
309  this.direction = direction;
310  }
311 
312  @Override
313  public int compare(BlackboardAttribute attribute1, BlackboardAttribute attribute2) {
314  if (attribute1.getAttributeType() != attribute2.getAttributeType()) {
315  throw new IllegalArgumentException("Unable to compare attributes of different types");
316  }
317 
318  int result = compare(attribute1.getAttributeType(), attribute1, attribute2);
319 
320  if (direction == SortOrder.DESCENDING) {
321  result *= -1;
322  }
323 
324  return result;
325  }
326 
338  private int compare(BlackboardAttribute.Type type, BlackboardAttribute attribute1, BlackboardAttribute attribute2) {
339  switch (type.getValueType()) {
340  case STRING:
341  return attribute1.getValueString().compareTo(attribute2.getValueString());
342  case INTEGER:
343  return Integer.compare(attribute1.getValueInt(), attribute2.getValueInt());
344  case LONG:
345  case DATETIME:
346  return Long.compare(attribute1.getValueLong(), attribute2.getValueLong());
347  case DOUBLE:
348  return Double.compare(attribute1.getValueDouble(), attribute2.getValueDouble());
349  case BYTE:
350  case JSON:
351  default:
352  throw new IllegalArgumentException("Unable to compare attributes of type " + attribute1.getAttributeType().getTypeName());
353  }
354  }
355  }
356 
366  private static BlackboardAttribute getAttributeOrNull(BlackboardArtifact artifact, Type attributeType) {
367  try {
368  return artifact.getAttribute(attributeType);
369  } catch (TskCoreException ex) {
370  return null;
371  }
372  }
373 
383  static String getStringOrNull(BlackboardArtifact artifact, Type attributeType) {
384  BlackboardAttribute attr = getAttributeOrNull(artifact, attributeType);
385  return (attr == null) ? null : attr.getValueString();
386  }
387 
397  static Long getLongOrNull(BlackboardArtifact artifact, Type attributeType) {
398  BlackboardAttribute attr = getAttributeOrNull(artifact, attributeType);
399  return (attr == null) ? null : attr.getValueLong();
400  }
401 
412  static Date getDateOrNull(BlackboardArtifact artifact, Type attributeType) {
413  Long longVal = getLongOrNull(artifact, attributeType);
414  return (longVal == null || longVal == 0) ? null : new Date(longVal * 1000);
415  }
416 }
org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.AttributeComparator.compare
int compare(BlackboardAttribute.Type type, BlackboardAttribute attribute1, BlackboardAttribute attribute2)
Definition: DataSourceInfoUtilities.java:338

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.