Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileSearch.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.discovery.search;
20 
21 import com.google.common.cache.Cache;
22 import com.google.common.cache.CacheBuilder;
23 import java.io.IOException;
24 import java.util.ArrayList;
25 import java.util.LinkedHashMap;
26 import java.util.List;
27 import java.util.Map;
28 import java.util.logging.Level;
29 import org.apache.commons.lang.StringUtils;
30 import org.openide.util.NbBundle;
32 import org.sleuthkit.datamodel.AbstractFile;
33 import org.sleuthkit.datamodel.SleuthkitCase;
40 
44 public class FileSearch {
45 
46  private final static Logger logger = Logger.getLogger(FileSearch.class.getName());
47  private static final int MAXIMUM_CACHE_SIZE = 10;
48  private static final Cache<SearchKey, Map<GroupKey, List<Result>>> searchCache = CacheBuilder.newBuilder()
49  .maximumSize(MAXIMUM_CACHE_SIZE)
50  .build();
51 
70  static SearchResults runFileSearchDebug(String userName,
71  List<AbstractFilter> filters,
72  AttributeType groupAttributeType,
73  Group.GroupSortingAlgorithm groupSortingType,
74  ResultsSorter.SortingMethod fileSortingMethod,
75  SleuthkitCase caseDb, CentralRepository centralRepoDb) throws DiscoveryException {
76  // Make a list of attributes that we want to add values for. This ensures the
77  // ResultFile objects will have all needed fields set when it's time to group
78  // and sort them. For example, if we're grouping by central repo frequency, we need
79  // to make sure we've loaded those values before grouping.
80  List<AttributeType> attributesNeededForGroupingOrSorting = new ArrayList<>();
81  attributesNeededForGroupingOrSorting.add(groupAttributeType);
82  attributesNeededForGroupingOrSorting.addAll(fileSortingMethod.getRequiredAttributes());
83 
84  // Run the queries for each filter
85  List<Result> results = SearchFiltering.runQueries(filters, caseDb, centralRepoDb);
86 
87  // Add the data to resultFiles for any attributes needed for sorting and grouping
88  addAttributes(attributesNeededForGroupingOrSorting, results, caseDb, centralRepoDb);
89 
90  // Collect everything in the search results
91  SearchResults searchResults = new SearchResults(groupSortingType, groupAttributeType, fileSortingMethod);
92  searchResults.add(results);
93 
94  // Sort and group the results
95  searchResults.sortGroupsAndFiles();
96  Map<GroupKey, List<Result>> resultHashMap = searchResults.toLinkedHashMap();
97  SearchKey searchKey = new SearchKey(userName, filters, groupAttributeType, groupSortingType, fileSortingMethod);
98  synchronized (searchCache) {
99  searchCache.put(searchKey, resultHashMap);
100  }
101  return searchResults;
102  }
103 
122  public static Map<GroupKey, Integer> getGroupSizes(String userName,
123  List<AbstractFilter> filters,
124  AttributeType groupAttributeType,
125  Group.GroupSortingAlgorithm groupSortingType,
126  ResultsSorter.SortingMethod fileSortingMethod,
127  SleuthkitCase caseDb, CentralRepository centralRepoDb) throws DiscoveryException {
128  Map<GroupKey, List<Result>> searchResults = runFileSearch(userName, filters,
129  groupAttributeType, groupSortingType, fileSortingMethod, caseDb, centralRepoDb);
130  LinkedHashMap<GroupKey, Integer> groupSizes = new LinkedHashMap<>();
131  for (GroupKey groupKey : searchResults.keySet()) {
132  groupSizes.put(groupKey, searchResults.get(groupKey).size());
133  }
134  return groupSizes;
135  }
136 
159  public static List<Result> getFilesInGroup(String userName,
160  List<AbstractFilter> filters,
161  AttributeType groupAttributeType,
162  Group.GroupSortingAlgorithm groupSortingType,
163  ResultsSorter.SortingMethod fileSortingMethod,
164  GroupKey groupKey,
165  int startingEntry,
166  int numberOfEntries,
167  SleuthkitCase caseDb, CentralRepository centralRepoDb) throws DiscoveryException {
168  //the group should be in the cache at this point
169  List<Result> filesInGroup = null;
170  SearchKey searchKey = new SearchKey(userName, filters, groupAttributeType, groupSortingType, fileSortingMethod);
171  Map<GroupKey, List<Result>> resultsMap;
172  synchronized (searchCache) {
173  resultsMap = searchCache.getIfPresent(searchKey);
174  }
175  if (resultsMap != null) {
176  filesInGroup = resultsMap.get(groupKey);
177  }
178  List<Result> page = new ArrayList<>();
179  if (filesInGroup == null) {
180  logger.log(Level.INFO, "Group {0} was not cached, performing search to cache all groups again", groupKey);
181  runFileSearch(userName, filters, groupAttributeType, groupSortingType, fileSortingMethod, caseDb, centralRepoDb);
182  synchronized (searchCache) {
183  resultsMap = searchCache.getIfPresent(searchKey.getKeyString());
184  }
185  if (resultsMap != null) {
186  filesInGroup = resultsMap.get(groupKey);
187  }
188  if (filesInGroup == null) {
189  logger.log(Level.WARNING, "Group {0} did not exist in cache or new search results", groupKey);
190  return page; //group does not exist
191  }
192  }
193  // Check that there is data after the starting point
194  if (filesInGroup.size() < startingEntry) {
195  logger.log(Level.WARNING, "Group only contains {0} files, starting entry of {1} is too large.", new Object[]{filesInGroup.size(), startingEntry});
196  return page;
197  }
198  // Add files to the page
199  for (int i = startingEntry; (i < startingEntry + numberOfEntries)
200  && (i < filesInGroup.size()); i++) {
201  page.add(filesInGroup.get(i));
202  }
203  return page;
204  }
205 
214  @NbBundle.Messages({"FileSearch.documentSummary.noPreview=No preview available.",
215  "FileSearch.documentSummary.noBytes=No bytes read for document, unable to display preview."})
216  public static TextSummary summarize(AbstractFile file) {
217  TextSummary summary = null;
218  TextSummarizer localSummarizer;
219  synchronized (searchCache) {
220  localSummarizer = SummaryHelpers.getLocalSummarizer();
221 
222  }
223  if (localSummarizer != null) {
224  try {
225  //a summary of length 40 seems to fit without vertical scroll bars
226  summary = localSummarizer.summarize(file, 40);
227  } catch (IOException ex) {
228  return new TextSummary(Bundle.FileSearch_documentSummary_noPreview(), null, 0);
229  }
230  }
231  if (summary == null || StringUtils.isBlank(summary.getSummaryText())) {
232  //summary text was empty grab the beginning of the file
233  summary = SummaryHelpers.getDefaultSummary(file);
234  }
235  return summary;
236  }
237 
255  private static Map<GroupKey, List<Result>> runFileSearch(String userName,
256  List<AbstractFilter> filters,
257  AttributeType groupAttributeType,
258  Group.GroupSortingAlgorithm groupSortingType,
259  ResultsSorter.SortingMethod fileSortingMethod,
260  SleuthkitCase caseDb, CentralRepository centralRepoDb) throws DiscoveryException {
261 
262  // Make a list of attributes that we want to add values for. This ensures the
263  // ResultFile objects will have all needed fields set when it's time to group
264  // and sort them. For example, if we're grouping by central repo frequency, we need
265  // to make sure we've loaded those values before grouping.
266  List<AttributeType> attributesNeededForGroupingOrSorting = new ArrayList<>();
267  attributesNeededForGroupingOrSorting.add(groupAttributeType);
268  attributesNeededForGroupingOrSorting.addAll(fileSortingMethod.getRequiredAttributes());
269 
270  // Run the queries for each filter
271  List<Result> results = SearchFiltering.runQueries(filters, caseDb, centralRepoDb);
272 
273  // Add the data to resultFiles for any attributes needed for sorting and grouping
274  addAttributes(attributesNeededForGroupingOrSorting, results, caseDb, centralRepoDb);
275 
276  // Collect everything in the search results
277  SearchResults searchResults = new SearchResults(groupSortingType, groupAttributeType, fileSortingMethod);
278  searchResults.add(results);
279  Map<GroupKey, List<Result>> resultHashMap = searchResults.toLinkedHashMap();
280  SearchKey searchKey = new SearchKey(userName, filters, groupAttributeType, groupSortingType, fileSortingMethod);
281  synchronized (searchCache) {
282  searchCache.put(searchKey, resultHashMap);
283  }
284  // Return a version of the results in general Java objects
285  return resultHashMap;
286  }
287 
301  private static void addAttributes(List<AttributeType> attrs, List<Result> results, SleuthkitCase caseDb, CentralRepository centralRepoDb)
302  throws DiscoveryException {
303  for (AttributeType attr : attrs) {
304  attr.addAttributeToResults(results, caseDb, centralRepoDb);
305  }
306  }
307 
308  private FileSearch() {
309  // Class should not be instantiated
310  }
311 
312 }
static void addAttributes(List< AttributeType > attrs, List< Result > results, SleuthkitCase caseDb, CentralRepository centralRepoDb)
TextSummary summarize(AbstractFile file, int summarySize)
static final Cache< SearchKey, Map< GroupKey, List< Result > > > searchCache
Definition: FileSearch.java:48
static TextSummary summarize(AbstractFile file)
static Map< GroupKey, List< Result > > runFileSearch(String userName, List< AbstractFilter > filters, AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod fileSortingMethod, SleuthkitCase caseDb, CentralRepository centralRepoDb)
static Map< GroupKey, Integer > getGroupSizes(String userName, List< AbstractFilter > filters, AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod fileSortingMethod, SleuthkitCase caseDb, CentralRepository centralRepoDb)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
static List< Result > getFilesInGroup(String userName, List< AbstractFilter > filters, AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod fileSortingMethod, GroupKey groupKey, int startingEntry, int numberOfEntries, SleuthkitCase caseDb, CentralRepository centralRepoDb)

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.