Autopsy  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
OtherOccurrencesNodeWorker.java
Go to the documentation of this file.
1 /*
2  * Central Repository
3  *
4  * Copyright 2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.centralrepository.contentviewer;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.HashMap;
24 import java.util.HashSet;
25 import java.util.Map;
26 import java.util.Set;
27 import java.util.logging.Level;
28 import javax.swing.SwingWorker;
29 import org.openide.nodes.Node;
39 import org.sleuthkit.datamodel.AbstractFile;
40 import org.sleuthkit.datamodel.Content;
41 import org.sleuthkit.datamodel.OsAccount;
42 import org.sleuthkit.datamodel.TskException;
43 
48 class OtherOccurrencesNodeWorker extends SwingWorker<OtherOccurrencesData, Void> {
49 
50  private static final Logger logger = Logger.getLogger(OtherOccurrencesNodeWorker.class.getName());
51 
52  private final Node node;
53 
59  OtherOccurrencesNodeWorker(Node node) {
60  this.node = node;
61  }
62 
63  @Override
64  protected OtherOccurrencesData doInBackground() throws Exception {
65  OsAccount osAccount = node.getLookup().lookup(OsAccount.class);
66  AbstractFile file = OtherOccurrences.getAbstractFileFromNode(node);
67  if (osAccount != null) {
68  file = node.getLookup().lookup(AbstractFile.class);
69  }
70  String deviceId = "";
71  String dataSourceName = "";
72  Map<String, CorrelationCase> caseNames = new HashMap<>();
73  Case currentCase = Case.getCurrentCaseThrows();
74  OtherOccurrencesData data = null;
75  try {
76  if (file != null) {
77  Content dataSource = file.getDataSource();
78  deviceId = currentCase.getSleuthkitCase().getDataSource(dataSource.getId()).getDeviceId();
79  dataSourceName = dataSource.getName();
80  }
81  } catch (TskException ex) {
82  // do nothing.
83  // @@@ Review this behavior
84  return null;
85  }
86  Collection<CorrelationAttributeInstance> correlationAttributes = new ArrayList<>();
87  if (osAccount != null) {
88  correlationAttributes = OtherOccurrences.getCorrelationAttributeFromOsAccount(node, osAccount);
89  } else {
90  correlationAttributes = OtherOccurrences.getCorrelationAttributesFromNode(node, file);
91  }
92  int totalCount = 0;
93  Set<String> dataSources = new HashSet<>();
94  for (CorrelationAttributeInstance corAttr : correlationAttributes) {
95  for (NodeData nodeData : OtherOccurrences.getCorrelatedInstances(file, deviceId, dataSourceName, corAttr).values()) {
96  if (nodeData.isCentralRepoNode()) {
97  try {
98  dataSources.add(OtherOccurrences.makeDataSourceString(nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID(), nodeData.getDeviceID(), nodeData.getDataSourceName()));
99  caseNames.put(nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID(), nodeData.getCorrelationAttributeInstance().getCorrelationCase());
100  } catch (CentralRepoException ex) {
101  logger.log(Level.WARNING, "Unable to get correlation case for displaying other occurrence for case: " + nodeData.getCaseName(), ex);
102  }
103  } else {
104  try {
105  dataSources.add(OtherOccurrences.makeDataSourceString(Case.getCurrentCaseThrows().getName(), nodeData.getDeviceID(), nodeData.getDataSourceName()));
106  caseNames.put(Case.getCurrentCaseThrows().getName(), new CorrelationCase(Case.getCurrentCaseThrows().getName(), Case.getCurrentCaseThrows().getDisplayName()));
107  } catch (NoCurrentCaseException ex) {
108  logger.log(Level.WARNING, "No current case open for other occurrences", ex);
109  }
110  }
111  totalCount++;
112 
113  if (isCancelled()) {
114  break;
115  }
116  }
117  }
118 
119  if (!isCancelled()) {
120  data = new OtherOccurrencesData(correlationAttributes, file, dataSourceName, deviceId, caseNames, totalCount, dataSources.size(), OtherOccurrences.getEarliestCaseDate());
121  }
122 
123  return data;
124  }
125 
130  static class OtherOccurrencesData {
131 
132  private final String deviceId;
133  private final AbstractFile file;
134  private final String dataSourceName;
135  private final Map<String, CorrelationCase> caseMap;
136  private final int instanceDataCount;
137  private final int dataSourceCount;
138  private final String earliestCaseDate;
139  private final Collection<CorrelationAttributeInstance> correlationAttributes;
140 
141  private OtherOccurrencesData(Collection<CorrelationAttributeInstance> correlationAttributes, AbstractFile file, String dataSourceName, String deviceId, Map<String, CorrelationCase> caseMap, int instanceCount, int dataSourceCount, String earliestCaseDate) {
142  this.file = file;
143  this.deviceId = deviceId;
144  this.dataSourceName = dataSourceName;
145  this.caseMap = caseMap;
146  this.instanceDataCount = instanceCount;
147  this.dataSourceCount = dataSourceCount;
148  this.earliestCaseDate = earliestCaseDate;
149  this.correlationAttributes = correlationAttributes;
150  }
151 
152  public String getDeviceId() {
153  return deviceId;
154  }
155 
156  public AbstractFile getFile() {
157  return file;
158  }
159 
160  public String getDataSourceName() {
161  return dataSourceName;
162  }
163 
164  public Map<String, CorrelationCase> getCaseMap() {
165  return caseMap;
166  }
167 
168  public int getInstanceDataCount() {
169  return instanceDataCount;
170  }
171 
172  public int getDataSourceCount() {
173  return dataSourceCount;
174  }
175 
181  public String getEarliestCaseDate() {
182  return earliestCaseDate;
183  }
184 
185  public Collection<CorrelationAttributeInstance> getCorrelationAttributes() {
186  return correlationAttributes;
187  }
188  }
189 }

Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.