19 package org.sleuthkit.autopsy.datasourcesummary.datamodel;
22 import java.util.ArrayList;
23 import java.util.Arrays;
24 import java.util.Collections;
25 import java.util.HashSet;
26 import java.util.List;
29 import java.util.function.Function;
30 import java.util.stream.Collectors;
31 import org.apache.commons.lang3.StringUtils;
32 import org.apache.commons.lang3.tuple.Pair;
35 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
37 import org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
47 private static final BlackboardAttribute.Type
TYPE_SET_NAME =
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SET_NAME);
52 ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(),
53 ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getTypeID(),
54 ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID(),
55 ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()
105 public List<Pair<String, Long>>
getKeywordCounts(DataSource dataSource)
throws SleuthkitCaseProviderException, TskCoreException {
108 .filter((pair) -> pair != null && pair.getKey() != null && !EXCLUDED_KEYWORD_SEARCH_ITEMS.contains(pair.getKey().toUpperCase().trim()))
109 .collect(Collectors.toList());
124 public List<Pair<String, Long>>
getInterestingItemCounts(DataSource dataSource)
throws SleuthkitCaseProviderException, TskCoreException {
125 return getCountsData(dataSource,
TYPE_SET_NAME, ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
142 private List<Pair<String, Long>>
getCountsData(DataSource dataSource, BlackboardAttribute.Type keyType, ARTIFACT_TYPE... artifactTypes)
143 throws SleuthkitCaseProviderException, TskCoreException {
145 if (dataSource == null) {
146 return Collections.emptyList();
149 List<BlackboardArtifact> artifacts =
new ArrayList<>();
150 SleuthkitCase skCase = provider.
get();
153 for (ARTIFACT_TYPE type : artifactTypes) {
154 artifacts.addAll(skCase.getBlackboard().getArtifacts(type.getTypeID(), dataSource.getId()));
158 Map<String, Long> countedKeys = artifacts.stream()
160 String key = DataSourceInfoUtilities.getStringOrNull(art, keyType);
161 return (StringUtils.isBlank(key)) ? null : key;
163 .filter((key) -> key != null)
164 .collect(Collectors.groupingBy(Function.identity(), Collectors.counting()));
167 return countedKeys.entrySet().stream()
168 .map((e) -> Pair.of(e.getKey(), e.getValue()))
169 .sorted((a, b) -> -a.getValue().compareTo(b.getValue()))
170 .collect(Collectors.toList());
List< Pair< String, Long > > getInterestingItemCounts(DataSource dataSource)
SleuthkitCaseProvider DEFAULT
List< Pair< String, Long > > getCountsData(DataSource dataSource, BlackboardAttribute.Type keyType, ARTIFACT_TYPE...artifactTypes)
Set< Integer > getArtifactTypeIdsForRefresh()
static final Set< String > EXCLUDED_KEYWORD_SEARCH_ITEMS
final SleuthkitCaseProvider provider
AnalysisSummary(SleuthkitCaseProvider provider)
List< Pair< String, Long > > getHashsetCounts(DataSource dataSource)
static final BlackboardAttribute.Type TYPE_SET_NAME
static final Set< Integer > ARTIFACT_UPDATE_TYPE_IDS
List< Pair< String, Long > > getKeywordCounts(DataSource dataSource)