Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
AbstractAbstractFileNode.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datamodel;
20 
21 import java.beans.PropertyChangeEvent;
22 import java.beans.PropertyChangeListener;
23 import java.util.ArrayList;
24 import java.util.List;
25 import org.openide.nodes.Children;
26 import java.util.Map;
27 import java.util.logging.Level;
28 import java.util.stream.Collectors;
29 import org.apache.commons.lang3.StringUtils;
30 import org.openide.nodes.Sheet;
31 import org.openide.util.NbBundle;
32 import org.sleuthkit.autopsy.casemodule.Case;
33 import org.sleuthkit.autopsy.casemodule.events.ContentTagAddedEvent;
34 import org.sleuthkit.autopsy.casemodule.events.ContentTagDeletedEvent;
35 import org.sleuthkit.autopsy.coreutils.Logger;
36 import org.sleuthkit.autopsy.ingest.IngestManager;
37 import org.sleuthkit.autopsy.ingest.ModuleContentEvent;
38 import org.sleuthkit.datamodel.AbstractFile;
39 import org.sleuthkit.datamodel.Content;
40 import org.sleuthkit.datamodel.ContentTag;
41 import org.sleuthkit.datamodel.TskCoreException;
42 
48 public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends AbstractContentNode<T> {
49 
50  private static final Logger LOGGER = Logger.getLogger(AbstractAbstractFileNode.class.getName());
51 
56  AbstractAbstractFileNode(T abstractFile) {
57  super(abstractFile);
58  String name = abstractFile.getName();
59  int dotIndex = name.lastIndexOf(".");
60  if (dotIndex > 0) {
61  String ext = name.substring(dotIndex).toLowerCase();
62 
63  // If this is an archive file we will listen for ingest events
64  // that will notify us when new content has been identified.
65  for (String s : FileTypeExtensions.getArchiveExtensions()) {
66  if (ext.equals(s)) {
67  IngestManager.getInstance().addIngestModuleEventListener(pcl);
68  }
69  }
70  }
71  // Listen for case events so that we can detect when case is closed
72  Case.addPropertyChangeListener(pcl);
73  }
74 
75  private void removeListeners() {
76  IngestManager.getInstance().removeIngestModuleEventListener(pcl);
77  Case.removePropertyChangeListener(pcl);
78  }
79 
80  private final PropertyChangeListener pcl = (PropertyChangeEvent evt) -> {
81  String eventType = evt.getPropertyName();
82 
83  // Is this a content changed event?
84  if (eventType.equals(IngestManager.IngestModuleEvent.CONTENT_CHANGED.toString())) {
85  if ((evt.getOldValue() instanceof ModuleContentEvent) == false) {
86  return;
87  }
88  ModuleContentEvent moduleContentEvent = (ModuleContentEvent) evt.getOldValue();
89  if ((moduleContentEvent.getSource() instanceof Content) == false) {
90  return;
91  }
92  Content newContent = (Content) moduleContentEvent.getSource();
93 
94  // Does the event indicate that content has been added to *this* file?
95  if (getContent().getId() == newContent.getId()) {
96  // If so, refresh our children.
97  try {
98  Children parentsChildren = getParentNode().getChildren();
99  if (parentsChildren != null) {
100  ((ContentChildren) parentsChildren).refreshChildren();
101  parentsChildren.getNodesCount();
102  }
103  } catch (NullPointerException ex) {
104  // Skip
105  }
106 
107  }
108  } else if (eventType.equals(Case.Events.CURRENT_CASE.toString())) {
109  if (evt.getNewValue() == null) {
110  // case was closed. Remove listeners so that we don't get called with a stale case handle
111  removeListeners();
112  }
113  } else if (eventType.equals(Case.Events.CONTENT_TAG_ADDED.toString())) {
114  ContentTagAddedEvent event = (ContentTagAddedEvent) evt;
115  if (event.getAddedTag().getContent().equals(content)) {
116  updateSheet();
117  }
118  } else if (eventType.equals(Case.Events.CONTENT_TAG_DELETED.toString())) {
119  ContentTagDeletedEvent event = (ContentTagDeletedEvent) evt;
120  if (event.getDeletedTagInfo().getContentID() == content.getId()) {
121  updateSheet();
122  }
123  }
124  };
125 
126  private void updateSheet() {
127  this.setSheet(createSheet());
128  }
129 
130  // Note: this order matters for the search result, changed it if the order of property headers on the "KeywordSearchNode"changed
131  public static enum AbstractFilePropertyType {
132 
133  NAME {
134  @Override
135  public String toString() {
136  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.nameColLbl");
137  }
138  },
139  LOCATION {
140  @Override
141  public String toString() {
142  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.locationColLbl");
143  }
144  },
145  MOD_TIME {
146  @Override
147  public String toString() {
148  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.modifiedTimeColLbl");
149  }
150  },
151  CHANGED_TIME {
152  @Override
153  public String toString() {
154  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.changeTimeColLbl");
155  }
156  },
157  ACCESS_TIME {
158  @Override
159  public String toString() {
160  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.accessTimeColLbl");
161  }
162  },
163  CREATED_TIME {
164  @Override
165  public String toString() {
166  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.createdTimeColLbl");
167  }
168  },
169  SIZE {
170  @Override
171  public String toString() {
172  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.sizeColLbl");
173  }
174  },
175  FLAGS_DIR {
176  @Override
177  public String toString() {
178  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.flagsDirColLbl");
179  }
180  },
181  FLAGS_META {
182  @Override
183  public String toString() {
184  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.flagsMetaColLbl");
185  }
186  },
187  MODE {
188  @Override
189  public String toString() {
190  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.modeColLbl");
191  }
192  },
193  USER_ID {
194  @Override
195  public String toString() {
196  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.useridColLbl");
197  }
198  },
199  GROUP_ID {
200  @Override
201  public String toString() {
202  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.groupidColLbl");
203  }
204  },
205  META_ADDR {
206  @Override
207  public String toString() {
208  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.metaAddrColLbl");
209  }
210  },
211  ATTR_ADDR {
212  @Override
213  public String toString() {
214  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.attrAddrColLbl");
215  }
216  },
217  TYPE_DIR {
218  @Override
219  public String toString() {
220  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.typeDirColLbl");
221  }
222  },
223  TYPE_META {
224  @Override
225  public String toString() {
226  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.typeMetaColLbl");
227  }
228  },
229  KNOWN {
230  @Override
231  public String toString() {
232  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.knownColLbl");
233  }
234  },
235  HASHSETS {
236  @Override
237  public String toString() {
238  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.inHashsetsColLbl");
239  }
240  },
241  MD5HASH {
242  @Override
243  public String toString() {
244  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.md5HashColLbl");
245  }
246  },
247  ObjectID {
248  @Override
249  public String toString() {
250  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.objectId");
251 
252  }
253  },
254  MIMETYPE {
255  @Override
256  public String toString() {
257  return NbBundle.getMessage(this.getClass(), "AbstractAbstractFileNode.mimeType");
258 
259  }
260  },
261  }
262 
270  public static void fillPropertyMap(Map<String, Object> map, AbstractFile content) {
271 
272  String path = "";
273  try {
274  path = content.getUniquePath();
275  } catch (TskCoreException ex) {
276  LOGGER.log(Level.SEVERE, "Except while calling Content.getUniquePath() on {0}", content); //NON-NLS
277  }
278 
279  map.put(AbstractFilePropertyType.NAME.toString(), AbstractAbstractFileNode.getContentDisplayName(content));
280  map.put(AbstractFilePropertyType.LOCATION.toString(), path);
281  map.put(AbstractFilePropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content));
282  map.put(AbstractFilePropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(content.getCtime(), content));
283  map.put(AbstractFilePropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
284  map.put(AbstractFilePropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
285  map.put(AbstractFilePropertyType.SIZE.toString(), content.getSize());
286  map.put(AbstractFilePropertyType.FLAGS_DIR.toString(), content.getDirFlagAsString());
287  map.put(AbstractFilePropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
288  map.put(AbstractFilePropertyType.MODE.toString(), content.getModesAsString());
289  map.put(AbstractFilePropertyType.USER_ID.toString(), content.getUid());
290  map.put(AbstractFilePropertyType.GROUP_ID.toString(), content.getGid());
291  map.put(AbstractFilePropertyType.META_ADDR.toString(), content.getMetaAddr());
292  map.put(AbstractFilePropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType().getValue()) + "-" + content.getAttributeId());
293  map.put(AbstractFilePropertyType.TYPE_DIR.toString(), content.getDirType().getLabel());
294  map.put(AbstractFilePropertyType.TYPE_META.toString(), content.getMetaType().toString());
295  map.put(AbstractFilePropertyType.KNOWN.toString(), content.getKnown().getName());
296  map.put(AbstractFilePropertyType.HASHSETS.toString(), getHashSetHitsForFile(content));
297  map.put(AbstractFilePropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
298  map.put(AbstractFilePropertyType.ObjectID.toString(), content.getId());
299  map.put(AbstractFilePropertyType.MIMETYPE.toString(), content.getMIMEType() == null ? "" : content.getMIMEType());
300  }
301 
307  protected void addTagProperty(Sheet.Set ss) {
308  final String NO_DESCR = NbBundle.getMessage(AbstractAbstractFileNode.class, "AbstractAbstractFileNode.addFileProperty.desc");
309  List<ContentTag> tags;
310  try {
311  tags = Case.getCurrentCase().getServices().getTagsManager().getContentTagsByContent(content);
312  } catch (TskCoreException ex) {
313  tags = new ArrayList<>();
314  LOGGER.log(Level.SEVERE, "Failed to get tags for content " + content.getName(), ex);
315  }
316  ss.put(new NodeProperty<>("Tags", NbBundle.getMessage(AbstractAbstractFileNode.class, "AbstractAbstractFileNode.addFileProperty.tags.displayName"),
317  NO_DESCR, tags.stream().map(t -> t.getName().getDisplayName()).collect(Collectors.joining(", "))));
318  }
319 
320  static String getContentDisplayName(AbstractFile file) {
321  String name = file.getName();
322  switch (name) {
323  case "..":
324  return DirectoryNode.DOTDOTDIR;
325 
326  case ".":
327  return DirectoryNode.DOTDIR;
328  default:
329  return name;
330  }
331  }
332 
333  @SuppressWarnings("deprecation")
334  private static String getHashSetHitsForFile(AbstractFile content) {
335  try {
336  return StringUtils.join(content.getHashSetNames(), ", ");
337  } catch (TskCoreException tskCoreException) {
338  LOGGER.log(Level.WARNING, "Error getting hashset hits: ", tskCoreException); //NON-NLS
339  return "";
340  }
341  }
342 }
org::sleuthkit.autopsy.ingest.IngestManager.removeIngestModuleEventListener
void removeIngestModuleEventListener(final PropertyChangeListener listener)
Definition: IngestManager.java:691
org::sleuthkit.autopsy.datamodel.ContentUtils.getStringTime
static String getStringTime(long epochSeconds, TimeZone tzone)
Definition: ContentUtils.java:84
org::sleuthkit.autopsy.ingest.IngestManager.getInstance
static synchronized IngestManager getInstance()
Definition: IngestManager.java:234
org::sleuthkit::datamodel::AbstractContent::getName
String getName()
org::sleuthkit.autopsy.casemodule.Case.removePropertyChangeListener
static void removePropertyChangeListener(PropertyChangeListener listener)
Definition: Case.java:384
org::sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:53
org::sleuthkit::datamodel::AbstractFile::getDirType
TSK_FS_NAME_TYPE_ENUM getDirType()
org::sleuthkit::datamodel::AbstractContent::getUniquePath
synchronized String getUniquePath()
org::sleuthkit.autopsy.datamodel.AbstractAbstractFileNode.fillPropertyMap
static void fillPropertyMap(Map< String, Object > map, AbstractFile content)
Definition: AbstractAbstractFileNode.java:270
org::sleuthkit::datamodel::ContentTag
org::sleuthkit.autopsy.casemodule.events.ContentTagAddedEvent
Definition: ContentTagAddedEvent.java:31
org::sleuthkit::datamodel::AbstractFile::getMetaType
TSK_FS_META_TYPE_ENUM getMetaType()
org::sleuthkit::datamodel::Content
org::sleuthkit.autopsy.datamodel.AbstractContentNode
Definition: AbstractContentNode.java:37
org::sleuthkit::datamodel::Content::getId
long getId()
org::sleuthkit.autopsy.casemodule.Case.addPropertyChangeListener
static void addPropertyChangeListener(PropertyChangeListener listener)
Definition: Case.java:372
org::sleuthkit::datamodel::AbstractContent::getId
long getId()
org::sleuthkit.autopsy.ingest.IngestManager.addIngestModuleEventListener
void addIngestModuleEventListener(final PropertyChangeListener listener)
Definition: IngestManager.java:682
org::sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:161
org::sleuthkit.autopsy.datamodel.AbstractContentNode.getName
String getName()
Definition: AbstractContentNode.java:74
org::sleuthkit.autopsy.ingest.ModuleContentEvent
Definition: ModuleContentEvent.java:27
org::sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByContent
synchronized List< ContentTag > getContentTagsByContent(Content content)
Definition: TagsManager.java:341
org::sleuthkit.autopsy.casemodule.events.ContentTagDeletedEvent
Definition: ContentTagDeletedEvent.java:30
org::sleuthkit.autopsy.datamodel.AbstractContentNode< T >::getContent
T getContent()
Definition: AbstractContentNode.java:63
org::sleuthkit::datamodel::AbstractFile::getAttrType
TskData.TSK_FS_ATTR_TYPE_ENUM getAttrType()

Copyright © 2012-2016 Basis Technology. Generated on: Mon Apr 24 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.