Autopsy  4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CVTFilterRefresher.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.communications;
20 
21 import java.beans.PropertyChangeEvent;
22 import java.sql.ResultSet;
23 import java.sql.SQLException;
24 import java.util.ArrayList;
25 import java.util.HashMap;
26 import java.util.List;
27 import java.util.Map;
28 import java.util.logging.Level;
29 import java.util.logging.Logger;
30 import javax.swing.SwingUtilities;
36 import org.sleuthkit.datamodel.Account;
37 import org.sleuthkit.datamodel.BlackboardArtifact;
38 import org.sleuthkit.datamodel.DataSource;
39 import org.sleuthkit.datamodel.SleuthkitCase;
40 import org.sleuthkit.datamodel.TskCoreException;
41 
45 abstract class CVTFilterRefresher implements RefreshThrottler.Refresher {
46 
47  private static final Logger logger = Logger.getLogger(CVTFilterRefresher.class.getName());
55  abstract void updateFilterPanel(FilterPanelData data);
56 
57  @Override
58  public void refresh() {
59  try {
60  Integer startTime;
61  Integer endTime;
62  SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
63 
64  // Fetch Min/Max start times
65  try (SleuthkitCase.CaseDbQuery dbQuery = skCase.executeQuery("SELECT MAX(date_time) as end, MIN(date_time) as start from account_relationships")) {
66  // ResultSet is closed by CasDBQuery
67  ResultSet rs = dbQuery.getResultSet();
68  rs.next();
69  startTime = rs.getInt("start"); // NON-NLS
70  endTime = rs.getInt("end"); // NON-NLS
71 
72  }
73  // Get the devices with CVT artifacts
74  List<Integer> deviceObjIds = new ArrayList<>();
75  try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery("SELECT DISTINCT data_source_obj_id FROM account_relationships")) {
76  // ResultSet is closed by CasDBQuery
77  ResultSet rs = queryResult.getResultSet();
78  while (rs.next()) {
79  deviceObjIds.add(rs.getInt(1));
80  }
81  }
82 
83  // The map key is the Content name instead of the data source name
84  // to match how the CVT filters work.
85  Map<String, DataSource> dataSourceMap = new HashMap<>();
86  for (DataSource dataSource : skCase.getDataSources()) {
87  if (deviceObjIds.contains((int) dataSource.getId())) {
88  String dsName = skCase.getContentById(dataSource.getId()).getName();
89  dataSourceMap.put(dsName, dataSource);
90  }
91  }
92 
93  List<Account.Type> accountTypesInUse = skCase.getCommunicationsManager().getAccountTypesInUse();
94 
95  SwingUtilities.invokeLater(new Runnable() {
96  @Override
97  public void run() {
98  updateFilterPanel(new FilterPanelData(dataSourceMap, accountTypesInUse, startTime, endTime));
99  }
100  });
101 
102  } catch (SQLException | TskCoreException ex) {
103  logger.log(Level.WARNING, "Unable to update CVT filter panel.", ex);
104  } catch (NoCurrentCaseException notUsed) {
108  }
109 
110  }
111 
112  @Override
113  public boolean isRefreshRequired(PropertyChangeEvent evt) {
114  String eventType = evt.getPropertyName();
115  if (eventType.equals(DATA_ADDED.toString())) {
116  // Indicate that a refresh may be needed, unless the data added is Keyword or Hashset hits
117  ModuleDataEvent eventData = (ModuleDataEvent) evt.getOldValue();
118  return (null != eventData
119  && (eventData.getBlackboardArtifactType().getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE.getTypeID()
120  || eventData.getBlackboardArtifactType().getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT.getTypeID()
121  || eventData.getBlackboardArtifactType().getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG.getTypeID()
122  || eventData.getBlackboardArtifactType().getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID()));
123  }
124 
125  return false;
126  }
127 
131  class FilterPanelData {
132 
133  private final Map<String, DataSource> dataSourceMap;
134  private final Integer startTime;
135  private final Integer endTime;
136  private final List<Account.Type> accountTypesInUse;
137 
138  FilterPanelData(Map<String, DataSource> dataSourceMap, List<Account.Type> accountTypesInUse, Integer startTime, Integer endTime) {
139  this.dataSourceMap = dataSourceMap;
140  this.startTime = startTime;
141  this.endTime = endTime;
142  this.accountTypesInUse = accountTypesInUse;
143  }
144 
145  Map<String, DataSource> getDataSourceMap() {
146  return dataSourceMap;
147  }
148 
149  Integer getStartTime() {
150  return startTime;
151  }
152 
153  Integer getEndTime() {
154  return endTime;
155  }
156 
157  List<Account.Type> getAccountTypesInUse() {
158  return accountTypesInUse;
159  }
160 
161  }
162 
163 }

Copyright © 2012-2021 Basis Technology. Generated on: Tue Jan 19 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.