api-docs/4.16.0/_recent_files_summary_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2020 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.datasourcesummary.datamodel;


 import org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor;

 import java.nio.file.Paths;

 import java.text.DateFormat;

 import java.text.SimpleDateFormat;

 import java.util.ArrayList;

 import java.util.Arrays;

 import java.util.Collections;

 import java.util.HashSet;

 import java.util.List;

 import java.util.Locale;

 import java.util.Objects;

 import java.util.Set;

 import java.util.SortedMap;

 import java.util.TreeMap;

 import org.sleuthkit.datamodel.AbstractFile;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import org.sleuthkit.datamodel.Content;

 import org.sleuthkit.datamodel.DataSource;

 import org.sleuthkit.datamodel.SleuthkitCase;

 import org.sleuthkit.datamodel.TskCoreException;

 import org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException;

 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;


 public class RecentFilesSummary implements DefaultArtifactUpdateGovernor {


     private final static BlackboardAttribute.Type DATETIME_ACCESSED_ATT = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED);

     private final static BlackboardAttribute.Type DOMAIN_ATT = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN);

     private final static BlackboardAttribute.Type PATH_ATT = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH);

     private final static BlackboardAttribute.Type DATETIME_ATT = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME);

     private final static BlackboardAttribute.Type ASSOCATED_ATT = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT);

     private final static BlackboardAttribute.Type EMAIL_FROM_ATT = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM);

     private final static BlackboardAttribute.Type MSG_DATEIME_SENT_ATT = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT);

     private final static BlackboardArtifact.Type ASSOCATED_OBJ_ART = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT);


     private static final DateFormat DATETIME_FORMAT = new SimpleDateFormat("yyyy/MM/dd HH:mm:ss", Locale.getDefault());


     private static final Set<Integer> ARTIFACT_UPDATE_TYPE_IDS = new HashSet<>(Arrays.asList(

             ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID(),

             ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID(),

             ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID(),

             ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(),

             ARTIFACT_TYPE.TSK_MESSAGE.getTypeID()

     ));


     private final SleuthkitCaseProvider provider;


     public RecentFilesSummary() {

         this(SleuthkitCaseProvider.DEFAULT);

     }


     public RecentFilesSummary(SleuthkitCaseProvider provider) {

         if (provider == null) {

             throw new IllegalArgumentException("Unable to construct RecentFileSummary object. SleuthkitCaseProvider cannot be null");

         }


         this.provider = provider;

     }


     @Override

     public Set<Integer> getArtifactTypeIdsForRefresh() {

         return ARTIFACT_UPDATE_TYPE_IDS;

     }


     public List<RecentFileDetails> getRecentlyOpenedDocuments(DataSource dataSource, int maxCount) throws SleuthkitCaseProviderException, TskCoreException {

         if (dataSource == null) {

             return Collections.emptyList();

         }


         List<BlackboardArtifact> artifactList

                 = DataSourceInfoUtilities.getArtifacts(provider.get(),

                         new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_RECENT_OBJECT),

                         dataSource,

                         DATETIME_ATT,

                         DataSourceInfoUtilities.SortOrder.DESCENDING,

                         10);


         List<RecentFileDetails> fileDetails = new ArrayList<>();

         for (BlackboardArtifact artifact : artifactList) {

             Long accessedTime = null;

             String path = "";


             // Get all the attributes in one call.

             List<BlackboardAttribute> attributeList = artifact.getAttributes();

             for (BlackboardAttribute attribute : attributeList) {


                 if (attribute.getAttributeType().equals(DATETIME_ATT)) {

                     accessedTime = attribute.getValueLong();

                 } else if (attribute.getAttributeType().equals(PATH_ATT)) {

                     path = attribute.getValueString();

                 }


                 if (accessedTime != null) {

                     fileDetails.add(new RecentFileDetails(path, accessedTime));

                 }

             }


         }


         return fileDetails;

     }


     public List<RecentDownloadDetails> getRecentDownloads(DataSource dataSource, int maxCount) throws TskCoreException, SleuthkitCaseProviderException {

         if (dataSource == null) {

             return Collections.emptyList();

         }


         List<BlackboardArtifact> artifactList

                 = DataSourceInfoUtilities.getArtifacts(provider.get(),

                         new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD),

                         dataSource,

                         DATETIME_ACCESSED_ATT,

                         DataSourceInfoUtilities.SortOrder.DESCENDING,

                         maxCount);


         List<RecentDownloadDetails> fileDetails = new ArrayList<>();

         for (BlackboardArtifact artifact : artifactList) {

             // Get all the attributes in one call.

             Long accessedTime = null;

             String domain = "";

             String path = "";


             List<BlackboardAttribute> attributeList = artifact.getAttributes();

             for (BlackboardAttribute attribute : attributeList) {


                 if (attribute.getAttributeType().equals(DATETIME_ACCESSED_ATT)) {

                     accessedTime = attribute.getValueLong();

                 } else if (attribute.getAttributeType().equals(DOMAIN_ATT)) {

                     domain = attribute.getValueString();

                 } else if (attribute.getAttributeType().equals(PATH_ATT)) {

                     path = attribute.getValueString();

                 }

             }

             if (accessedTime != null) {

                 fileDetails.add(new RecentDownloadDetails(path, accessedTime, domain));

             }

         }


         return fileDetails;

     }


     public List<RecentAttachmentDetails> getRecentAttachments(DataSource dataSource, int maxCount) throws SleuthkitCaseProviderException, TskCoreException {

         if (dataSource == null) {

             return Collections.emptyList();

         }


         return createListFromMap(buildAttachmentMap(dataSource), maxCount);

     }


     private SortedMap<Long, List<RecentAttachmentDetails>> buildAttachmentMap(DataSource dataSource) throws SleuthkitCaseProviderException, TskCoreException {

         SleuthkitCase skCase = provider.get();

         TreeMap<Long, List<RecentAttachmentDetails>> sortedMap = new TreeMap<>();


         List<BlackboardArtifact> associatedArtifacts = skCase.getBlackboard().getArtifacts(ASSOCATED_OBJ_ART.getTypeID(), dataSource.getId());

         for (BlackboardArtifact artifact : associatedArtifacts) {

             BlackboardAttribute attribute = artifact.getAttribute(ASSOCATED_ATT);

             if (attribute == null) {

                 continue;

             }


             BlackboardArtifact messageArtifact = skCase.getBlackboardArtifact(attribute.getValueLong());

             if (isMessageArtifact(messageArtifact)) {

                 Content content = artifact.getParent();

                 if (content instanceof AbstractFile) {

                     String sender;

                     Long date = null;

                     String path;


                     BlackboardAttribute senderAttribute = messageArtifact.getAttribute(EMAIL_FROM_ATT);

                     if (senderAttribute != null) {

                         sender = senderAttribute.getValueString();

                     } else {

                         sender = "";

                     }

                     senderAttribute = messageArtifact.getAttribute(MSG_DATEIME_SENT_ATT);

                     if (senderAttribute != null) {

                         date = senderAttribute.getValueLong();

                     }


                     AbstractFile abstractFile = (AbstractFile) content;


                     path = Paths.get(abstractFile.getParentPath(), abstractFile.getName()).toString();


                     if (date != null && date != 0) {

                         List<RecentAttachmentDetails> list = sortedMap.get(date);

                         if (list == null) {

                             list = new ArrayList<>();

                             sortedMap.put(date, list);

                         }

                         RecentAttachmentDetails details = new RecentAttachmentDetails(path, date, sender);

                         if (!list.contains(details)) {

                             list.add(details);

                         }

                     }

                 }

             }

         }

         return sortedMap.descendingMap();

     }


     private List<RecentAttachmentDetails> createListFromMap(SortedMap<Long, List<RecentAttachmentDetails>> sortedMap, int maxCount) {

         List<RecentAttachmentDetails> fileList = new ArrayList<>();


         for (List<RecentAttachmentDetails> mapList : sortedMap.values()) {

             if (maxCount == 0 || fileList.size() + mapList.size() <= maxCount) {

                 fileList.addAll(mapList);

                 continue;

             }


             if (maxCount == fileList.size()) {

                 break;

             }


             for (RecentAttachmentDetails details : mapList) {

                 if (fileList.size() < maxCount) {

                     fileList.add(details);

                 } else {

                     break;

                 }

             }

         }


         return fileList;

     }


     private boolean isMessageArtifact(BlackboardArtifact nodeArtifact) {

         final int artifactTypeID = nodeArtifact.getArtifactTypeID();

         return artifactTypeID == ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID()

                 || artifactTypeID == ARTIFACT_TYPE.TSK_MESSAGE.getTypeID();

     }


     public static class RecentFileDetails {


         private final String path;

         private final long date;


         RecentFileDetails(String path, long date) {

             this.path = path;

             this.date = date;

         }


         public String getDateAsString() {

             return DATETIME_FORMAT.format(date * 1000);

         }


         Long getDateAsLong() {

             return date;

         }


         public String getPath() {

             return path;

         }


     }


     public static class RecentDownloadDetails extends RecentFileDetails {


         private final String webDomain;


         RecentDownloadDetails(String path, long date, String webDomain) {

             super(path, date);

             this.webDomain = webDomain;

         }


         public String getWebDomain() {

             return webDomain;

         }

     }


     public static class RecentAttachmentDetails extends RecentFileDetails {


         private final String sender;


         RecentAttachmentDetails(String path, long date, String sender) {

             super(path, date);

             this.sender = sender;

         }


         public String getSender() {

             return sender;

         }


         @Override

         public boolean equals(Object obj) {

             if (!(obj instanceof RecentAttachmentDetails)) {

                 return false;

             }

             RecentAttachmentDetails compareObj = (RecentAttachmentDetails) obj;


             return compareObj.getSender().equals(this.sender)

                     && compareObj.getPath().equals(this.getPath())

                     && compareObj.getDateAsLong().equals(this.getDateAsLong());

         }


         @Override

         public int hashCode() {

             int hash = 5;

             hash = 73 * hash + Objects.hashCode(this.sender);

             return hash;

         }

     }

 }

org.sleuthkit

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentFileDetails.getPath
String getPath()
Definition: RecentFilesSummary.java:375

org.sleuthkit.autopsy.datasourcesummary.datamodel
Definition: AnalysisSummary.java:19

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT
SleuthkitCaseProvider DEFAULT
Definition: SleuthkitCaseProvider.java:66

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getArtifactTypeIdsForRefresh
Set< Integer > getArtifactTypeIdsForRefresh()
Definition: RecentFilesSummary.java:92

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.buildAttachmentMap
SortedMap< Long, List< RecentAttachmentDetails > > buildAttachmentMap(DataSource dataSource)
Definition: RecentFilesSummary.java:232

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentlyOpenedDocuments
List< RecentFileDetails > getRecentlyOpenedDocuments(DataSource dataSource, int maxCount)
Definition: RecentFilesSummary.java:110

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider
Definition: SleuthkitCaseProvider.java:32

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.ARTIFACT_UPDATE_TYPE_IDS
static final Set< Integer > ARTIFACT_UPDATE_TYPE_IDS
Definition: RecentFilesSummary.java:61

org

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentAttachmentDetails.getSender
String getSender()
Definition: RecentFilesSummary.java:438

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentFileDetails.path
final String path
Definition: RecentFilesSummary.java:337

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentAttachmentDetails.hashCode
int hashCode()
Definition: RecentFilesSummary.java:455

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.createListFromMap
List< RecentAttachmentDetails > createListFromMap(SortedMap< Long, List< RecentAttachmentDetails >> sortedMap, int maxCount)
Definition: RecentFilesSummary.java:293

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.DATETIME_FORMAT
static final DateFormat DATETIME_FORMAT
Definition: RecentFilesSummary.java:59

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentFileDetails
Definition: RecentFilesSummary.java:335

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentDownloads
List< RecentDownloadDetails > getRecentDownloads(DataSource dataSource, int maxCount)
Definition: RecentFilesSummary.java:162

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentFilesSummary
RecentFilesSummary()
Definition: RecentFilesSummary.java:74

org.sleuthkit.autopsy.datasourcesummary.uiutils
Definition: AbstractLoadableComponent.java:19

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.DOMAIN_ATT
static final BlackboardAttribute.Type DOMAIN_ATT
Definition: RecentFilesSummary.java:51

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.ASSOCATED_OBJ_ART
static final BlackboardArtifact.Type ASSOCATED_OBJ_ART
Definition: RecentFilesSummary.java:57

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentDownloadDetails.getWebDomain
String getWebDomain()
Definition: RecentFilesSummary.java:406

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentAttachments
List< RecentAttachmentDetails > getRecentAttachments(DataSource dataSource, int maxCount)
Definition: RecentFilesSummary.java:213

org.sleuthkit.autopsy.datasourcesummary

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentFilesSummary
RecentFilesSummary(SleuthkitCaseProvider provider)
Definition: RecentFilesSummary.java:83

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentAttachmentDetails
Definition: RecentFilesSummary.java:414

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentFileDetails.date
final long date
Definition: RecentFilesSummary.java:338

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.isMessageArtifact
boolean isMessageArtifact(BlackboardArtifact nodeArtifact)
Definition: RecentFilesSummary.java:326

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.ASSOCATED_ATT
static final BlackboardAttribute.Type ASSOCATED_ATT
Definition: RecentFilesSummary.java:54

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.DATETIME_ATT
static final BlackboardAttribute.Type DATETIME_ATT
Definition: RecentFilesSummary.java:53

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.provider
final SleuthkitCaseProvider provider
Definition: RecentFilesSummary.java:69

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.MSG_DATEIME_SENT_ATT
static final BlackboardAttribute.Type MSG_DATEIME_SENT_ATT
Definition: RecentFilesSummary.java:56

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentDownloadDetails.webDomain
final String webDomain
Definition: RecentFilesSummary.java:386

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary
Definition: RecentFilesSummary.java:48

org.sleuthkit.autopsy

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentFileDetails.getDateAsString
String getDateAsString()
Definition: RecentFilesSummary.java:357

org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor
Definition: DefaultArtifactUpdateGovernor.java:32

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentAttachmentDetails.equals
boolean equals(Object obj)
Definition: RecentFilesSummary.java:443

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.DATETIME_ACCESSED_ATT
static final BlackboardAttribute.Type DATETIME_ACCESSED_ATT
Definition: RecentFilesSummary.java:50

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get
SleuthkitCase get()

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.PATH_ATT
static final BlackboardAttribute.Type PATH_ATT
Definition: RecentFilesSummary.java:52

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentDownloadDetails
Definition: RecentFilesSummary.java:384

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.RecentAttachmentDetails.sender
final String sender
Definition: RecentFilesSummary.java:416

org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.EMAIL_FROM_ATT
static final BlackboardAttribute.Type EMAIL_FROM_ATT
Definition: RecentFilesSummary.java:55

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException
Definition: SleuthkitCaseProvider.java:38