Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
IntraCaseCommonAttributeSearcher.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2018-2019 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.commonpropertiessearch;
21 
22 import java.sql.ResultSet;
23 import java.sql.SQLException;
24 import java.util.Collections;
25 import java.util.HashMap;
26 import java.util.HashSet;
27 import java.util.Map;
28 import java.util.Set;
32 import org.sleuthkit.datamodel.HashUtility;
33 import org.sleuthkit.datamodel.SleuthkitCase;
34 import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
35 import org.sleuthkit.datamodel.TskCoreException;
36 
45 @SuppressWarnings("PMD.AbstractNaming")
47 
48  private static final String FILTER_BY_MIME_TYPES_WHERE_CLAUSE = " and mime_type in (%s)"; //NON-NLS // where %s is csv list of mime_types to filter on
49 
50  private final Map<Long, String> dataSourceIdToNameMap;
51 
61  IntraCaseCommonAttributeSearcher(Map<Long, String> dataSourceIdMap, boolean filterByMediaMimeType, boolean filterByDocMimeType, int percentageThreshold) {
62  super(filterByMediaMimeType, filterByDocMimeType, percentageThreshold);
63  this.dataSourceIdToNameMap = dataSourceIdMap;
64  }
65 
66  Map<Long, String> getDataSourceIdToNameMap() {
67  return Collections.unmodifiableMap(this.dataSourceIdToNameMap);
68  }
69 
79  static final String SELECT_PREFIX = "SELECT obj_id, md5, data_source_obj_id from tsk_files where"; //NON-NLS
80 
91  protected abstract String buildSqlSelectStatement();
92 
104  @Override
105  public CommonAttributeCountSearchResults findMatchesByCount() throws TskCoreException, NoCurrentCaseException, SQLException {
106  Map<String, CommonAttributeValue> commonFiles = new HashMap<>();
107 
108  final Case currentCase = Case.getCurrentCaseThrows();
109  final String caseName = currentCase.getDisplayName();
110 
111  SleuthkitCase sleuthkitCase = currentCase.getSleuthkitCase();
112 
113  String selectStatement = this.buildSqlSelectStatement();
114 
115  try (
116  CaseDbQuery query = sleuthkitCase.executeQuery(selectStatement);
117  ResultSet resultSet = query.getResultSet()) {
118 
119  while (resultSet.next()) {
120  Long objectId = resultSet.getLong(1);
121  String md5 = resultSet.getString(2);
122  Long dataSourceId = resultSet.getLong(3);
123  String dataSource = this.getDataSourceIdToNameMap().get(dataSourceId);
124 
125  if (md5 == null || HashUtility.isNoDataMd5(md5)) {
126  continue;
127  }
128 
129  if (commonFiles.containsKey(md5)) {
130  final CommonAttributeValue commonAttributeValue = commonFiles.get(md5);
131  commonAttributeValue.addInstance(new CaseDBCommonAttributeInstance(objectId, dataSource, caseName, md5));
132  } else {
133  final CommonAttributeValue commonAttributeValue = new CommonAttributeValue(md5);
134  commonAttributeValue.addInstance(new CaseDBCommonAttributeInstance(objectId, dataSource, caseName, md5));
135  commonFiles.put(md5, commonAttributeValue);
136  }
137  }
138  }
139 
140  Map<Integer, CommonAttributeValueList> instanceCollatedCommonFiles = collateMatchesByNumberOfInstances(commonFiles);
141 
142  return new CommonAttributeCountSearchResults(instanceCollatedCommonFiles, this.frequencyPercentageThreshold);
143  }
144 
145  @Override
147  throw new CentralRepoException("Not Supported at the moment");
148  }
149 
160  String determineMimeTypeFilter() {
161 
162  Set<String> mimeTypesToFilterOn = new HashSet<>();
163  String mimeTypeString = "";
164  if (isFilterByMedia()) {
165  mimeTypesToFilterOn.addAll(MEDIA_PICS_VIDEO_MIME_TYPES);
166  }
167  if (isFilterByDoc()) {
168  mimeTypesToFilterOn.addAll(TEXT_FILES_MIME_TYPES);
169  }
170  StringBuilder mimeTypeFilter = new StringBuilder(mimeTypesToFilterOn.size());
171  if (!mimeTypesToFilterOn.isEmpty()) {
172  for (String mimeType : mimeTypesToFilterOn) {
173  mimeTypeFilter.append(SINGLE_QUOTE).append(mimeType).append(SINGLE_QUTOE_COMMA);
174  }
175  mimeTypeString = mimeTypeFilter.toString().substring(0, mimeTypeFilter.length() - 1);
176  mimeTypeString = String.format(FILTER_BY_MIME_TYPES_WHERE_CLAUSE, new Object[]{mimeTypeString});
177  }
178  return mimeTypeString;
179  }
180  static final String SINGLE_QUTOE_COMMA = "',";
181  static final String SINGLE_QUOTE = "'";
182 }

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.