Autopsy  4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
EventsRepository.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.db;
20 
21 import com.google.common.cache.CacheBuilder;
22 import com.google.common.cache.CacheLoader;
23 import com.google.common.cache.LoadingCache;
24 import com.google.common.util.concurrent.ThreadFactoryBuilder;
25 import java.util.ArrayList;
26 import java.util.Collection;
27 import java.util.Collections;
28 import java.util.EnumMap;
29 import java.util.List;
30 import java.util.Map;
31 import static java.util.Objects.isNull;
32 import java.util.Set;
33 import java.util.concurrent.CancellationException;
34 import java.util.concurrent.ExecutionException;
35 import java.util.concurrent.Executor;
36 import java.util.concurrent.Executors;
37 import java.util.concurrent.TimeUnit;
38 import java.util.function.Consumer;
39 import java.util.logging.Level;
40 import java.util.stream.Collectors;
41 import javafx.application.Platform;
42 import javafx.beans.property.ReadOnlyBooleanProperty;
43 import javafx.beans.property.ReadOnlyBooleanWrapper;
44 import javafx.beans.property.ReadOnlyObjectProperty;
45 import javafx.collections.FXCollections;
46 import javafx.collections.ObservableList;
47 import javafx.collections.ObservableMap;
48 import javafx.concurrent.Worker;
49 import javax.swing.JOptionPane;
50 import org.apache.commons.lang3.StringUtils;
51 import org.joda.time.Interval;
52 import org.netbeans.api.progress.ProgressHandle;
53 import org.openide.util.NbBundle;
54 import org.openide.windows.WindowManager;
72 import org.sleuthkit.datamodel.AbstractFile;
73 import org.sleuthkit.datamodel.BlackboardArtifact;
74 import org.sleuthkit.datamodel.BlackboardArtifactTag;
75 import org.sleuthkit.datamodel.ContentTag;
76 import org.sleuthkit.datamodel.SleuthkitCase;
77 import org.sleuthkit.datamodel.Tag;
78 import org.sleuthkit.datamodel.TagName;
79 import org.sleuthkit.datamodel.TskCoreException;
80 import org.sleuthkit.datamodel.TskData;
81 
97 public class EventsRepository {
98 
99  private final static Logger logger = Logger.getLogger(EventsRepository.class.getName());
100 
101  private final Executor workerExecutor = Executors.newSingleThreadExecutor(new ThreadFactoryBuilder().setNameFormat("eventrepository-worker-%d").build()); //NON-NLS
103  private final EventDB eventDB;
104  private final Case autoCase;
106 
107  private final LoadingCache<Object, Long> maxCache;
108  private final LoadingCache<Object, Long> minCache;
109  private final LoadingCache<Long, SingleEvent> idToEventCache;
110  private final LoadingCache<ZoomParams, Map<EventType, Long>> eventCountsCache;
111  private final LoadingCache<ZoomParams, List<EventStripe>> eventStripeCache;
112 
113  private final ObservableMap<Long, String> datasourcesMap = FXCollections.observableHashMap();
114  private final ObservableMap<Long, String> hashSetMap = FXCollections.observableHashMap();
115  private final ObservableList<TagName> tagNames = FXCollections.observableArrayList();
116 
117  public Case getAutoCase() {
118  return autoCase;
119  }
120 
121  public ObservableList<TagName> getTagNames() {
122  return tagNames;
123  }
124 
125  synchronized public ObservableMap<Long, String> getDatasourcesMap() {
126  return datasourcesMap;
127  }
128 
129  synchronized public ObservableMap<Long, String> getHashSetMap() {
130  return hashSetMap;
131  }
132 
133  public Interval getBoundingEventsInterval(Interval timeRange, RootFilter filter) {
134  return eventDB.getBoundingEventsInterval(timeRange, filter);
135  }
136 
142  return modelInstance;
143  }
144 
145  public EventsRepository(Case autoCase, ReadOnlyObjectProperty<ZoomParams> currentStateProperty) {
146  this.autoCase = autoCase;
147  //TODO: we should check that case is open, or get passed a case object/directory -jm
148  this.eventDB = EventDB.getEventDB(autoCase);
150  idToEventCache = CacheBuilder.newBuilder()
151  .maximumSize(5000L)
152  .expireAfterAccess(10, TimeUnit.MINUTES)
153  .build(CacheLoader.from(eventDB::getEventById));
154  eventCountsCache = CacheBuilder.newBuilder()
155  .maximumSize(1000L)
156  .expireAfterAccess(10, TimeUnit.MINUTES)
157  .build(CacheLoader.from(eventDB::countEventsByType));
158  eventStripeCache = CacheBuilder.newBuilder()
159  .maximumSize(1000L)
160  .expireAfterAccess(10, TimeUnit.MINUTES
161  ).build(CacheLoader.from(eventDB::getEventStripes));
162  maxCache = CacheBuilder.newBuilder().build(CacheLoader.from(eventDB::getMaxTime));
163  minCache = CacheBuilder.newBuilder().build(CacheLoader.from(eventDB::getMinTime));
164  this.modelInstance = new FilteredEventsModel(this, currentStateProperty);
165  }
166 
170  public Long getMaxTime() {
171  return maxCache.getUnchecked("max"); // NON-NLS
172 
173  }
174 
178  public Long getMinTime() {
179  return minCache.getUnchecked("min"); // NON-NLS
180 
181  }
182 
183  public SingleEvent getEventById(Long eventID) {
184  return idToEventCache.getUnchecked(eventID);
185  }
186 
187  synchronized public Set<SingleEvent> getEventsById(Collection<Long> eventIDs) {
188  return eventIDs.stream()
189  .map(idToEventCache::getUnchecked)
190  .collect(Collectors.toSet());
191 
192  }
193 
194  synchronized public List<EventStripe> getEventStripes(ZoomParams params) {
195  try {
196  return eventStripeCache.get(params);
197  } catch (ExecutionException ex) {
198  logger.log(Level.SEVERE, "Failed to load Event Stripes from cache for " + params.toString(), ex); //NON-NLS
199  return Collections.emptyList();
200  }
201  }
202 
203  synchronized public Map<EventType, Long> countEvents(ZoomParams params) {
204  return eventCountsCache.getUnchecked(params);
205  }
206 
207  synchronized public int countAllEvents() {
208  return eventDB.countAllEvents();
209  }
210 
226  public List<Long> getEventIDsForFile(AbstractFile file, boolean includeDerivedArtifacts) {
227  return eventDB.getEventIDsForFile(file, includeDerivedArtifacts);
228  }
229 
239  public List<Long> getEventIDsForArtifact(BlackboardArtifact artifact) {
240  return eventDB.getEventIDsForArtifact(artifact);
241  }
242 
243  private void invalidateCaches() {
244  minCache.invalidateAll();
245  maxCache.invalidateAll();
246  eventCountsCache.invalidateAll();
247  eventStripeCache.invalidateAll();
248  idToEventCache.invalidateAll();
249  }
250 
251  public List<Long> getEventIDs(Interval timeRange, RootFilter filter) {
252  return eventDB.getEventIDs(timeRange, filter);
253  }
254 
266  public List<CombinedEvent> getCombinedEvents(Interval timeRange, RootFilter filter) {
267  return eventDB.getCombinedEvents(timeRange, filter);
268  }
269 
270  public Interval getSpanningInterval(Collection<Long> eventIDs) {
271  return eventDB.getSpanningInterval(eventIDs);
272  }
273 
274  public boolean hasNewColumns() {
275  return eventDB.hasNewColumns();
276  }
277 
286  public Map<String, Long> getTagCountsByTagName(Set<Long> eventIDsWithTags) {
287  return eventDB.getTagCountsByTagName(eventIDsWithTags);
288  }
289 
296  synchronized private void populateFilterData(SleuthkitCase skCase) {
297 
298  for (Map.Entry<Long, String> hashSet : eventDB.getHashSetNames().entrySet()) {
299  hashSetMap.putIfAbsent(hashSet.getKey(), hashSet.getValue());
300  }
301  //because there is no way to remove a datasource we only add to this map.
302  for (Long id : eventDB.getDataSourceIDs()) {
303  try {
304  datasourcesMap.putIfAbsent(id, skCase.getContentById(id).getDataSource().getName());
305  } catch (TskCoreException ex) {
306  logger.log(Level.SEVERE, "Failed to get datasource by ID.", ex); //NON-NLS
307  }
308  }
309 
310  try {
311  //should this only be tags applied to files or event bearing artifacts?
312  tagNames.setAll(skCase.getTagNamesInUse());
313  } catch (TskCoreException ex) {
314  logger.log(Level.SEVERE, "Failed to get tag names in use.", ex); //NON-NLS
315  }
316  }
317 
318  synchronized public Set<Long> addTag(long objID, Long artifactID, Tag tag, EventDB.EventTransaction trans) {
319  Set<Long> updatedEventIDs = eventDB.addTag(objID, artifactID, tag, trans);
320  if (!updatedEventIDs.isEmpty()) {
321  invalidateCaches(updatedEventIDs);
322  }
323  return updatedEventIDs;
324  }
325 
326  synchronized public Set<Long> deleteTag(long objID, Long artifactID, long tagID, boolean tagged) {
327  Set<Long> updatedEventIDs = eventDB.deleteTag(objID, artifactID, tagID, tagged);
328  if (!updatedEventIDs.isEmpty()) {
329  invalidateCaches(updatedEventIDs);
330  }
331  return updatedEventIDs;
332  }
333 
334  synchronized private void invalidateCaches(Set<Long> updatedEventIDs) {
335  eventCountsCache.invalidateAll();
336  eventStripeCache.invalidateAll();
337  idToEventCache.invalidateAll(updatedEventIDs);
338  try {
339  tagNames.setAll(autoCase.getSleuthkitCase().getTagNamesInUse());
340  } catch (TskCoreException ex) {
341  logger.log(Level.SEVERE, "Failed to get tag names in use.", ex); //NON-NLS
342  }
343  }
344 
353  public void syncTagsFilter(TagsFilter tagsFilter) {
354  for (TagName t : tagNames) {
355  tagsFilter.addSubFilter(new TagNameFilter(t, autoCase));
356  }
357  for (TagNameFilter t : tagsFilter.getSubFilters()) {
358  t.setDisabled(tagNames.contains(t.getTagName()) == false);
359  }
360  }
361 
362  public boolean areFiltersEquivalent(RootFilter f1, RootFilter f2) {
363  return SQLHelper.getSQLWhere(f1).equals(SQLHelper.getSQLWhere(f2));
364  }
365 
378  public CancellationProgressTask<Void> rebuildRepository(Consumer<Worker.State> onStateChange) {
379  return rebuildRepository(DBPopulationMode.FULL, onStateChange);
380  }
381 
394  public CancellationProgressTask<Void> rebuildTags(Consumer<Worker.State> onStateChange) {
395  return rebuildRepository(DBPopulationMode.TAGS_ONLY, onStateChange);
396  }
397 
410  private CancellationProgressTask<Void> rebuildRepository(final DBPopulationMode mode, Consumer<Worker.State> onStateChange) {
411  logger.log(Level.INFO, "(re)starting {0} db population task", mode); //NON-NLS
412  if (dbWorker != null) {
413  dbWorker.cancel();
414  }
415  dbWorker = new DBPopulationWorker(mode, onStateChange);
416  workerExecutor.execute(dbWorker);
417  return dbWorker;
418  }
419 
420  private enum DBPopulationMode {
421 
424  }
425 
430  private class DBPopulationWorker extends CancellationProgressTask<Void> {
431 
432  private final ReadOnlyBooleanWrapper cancellable = new ReadOnlyBooleanWrapper(true);
433 
435  private final SleuthkitCase skCase;
436  private final TagsManager tagsManager;
437 
438  private ProgressHandle progressHandle;
439 
440  @Override
441  public ReadOnlyBooleanProperty cancellableProperty() {
442  return cancellable.getReadOnlyProperty();
443  }
444 
445  @Override
446  public boolean requestCancel() {
447  Platform.runLater(() -> cancellable.set(false));
448  return super.requestCancel();
449  }
450 
451  @Override
452  protected void updateTitle(String title) {
453  super.updateTitle(title);
454  progressHandle.setDisplayName(title);
455  }
456 
457  @Override
458  protected void updateMessage(String message) {
459  super.updateMessage(message);
460  progressHandle.progress(message);
461  }
462 
463  @Override
464  protected void updateProgress(double workDone, double max) {
465  super.updateProgress(workDone, max);
466  if (workDone >= 0) {
467  progressHandle.progress((int) workDone);
468  }
469  }
470 
471  @Override
472  protected void updateProgress(long workDone, long max) {
473  super.updateProgress(workDone, max);
474  super.updateProgress(workDone, max);
475  if (workDone >= 0) {
476  progressHandle.progress((int) workDone);
477  }
478  }
479 
480  DBPopulationWorker(DBPopulationMode mode, Consumer<Worker.State> onStateChange) {
481  skCase = autoCase.getSleuthkitCase();
482  tagsManager = autoCase.getServices().getTagsManager();
483  this.dbPopulationMode = mode;
484  this.stateProperty().addListener(stateObservable -> onStateChange.accept(getState()));
485  }
486 
487  void restartProgressHandle(String title, String message, Double workDone, double total, Boolean cancellable) {
488  if (progressHandle != null) {
489  progressHandle.finish();
490  }
491  progressHandle = cancellable
492  ? ProgressHandle.createHandle(title, this::requestCancel)
493  : ProgressHandle.createHandle(title);
494 
495  if (workDone < 0) {
496  progressHandle.start();
497  } else {
498  progressHandle.start((int) total);
499  }
500  updateTitle(title);
501  updateMessage(message);
502  updateProgress(workDone, total);
503  }
504 
505  @SuppressWarnings("deprecation") // TODO (EUR-733): Do not use SleuthkitCase.getLastObjectId
506  @Override
507  @NbBundle.Messages({"progressWindow.msg.refreshingFileTags=Refreshing file tags",
508  "progressWindow.msg.refreshingResultTags=Refreshing result tags",
509  "progressWindow.msg.gatheringData=Gathering event data",
510  "progressWindow.msg.commitingDb=Committing events database"})
511  protected Void call() throws Exception {
512  EventDB.EventTransaction trans = null;
513 
514  if (dbPopulationMode == DBPopulationMode.FULL) {
515  //drop old db, and add back MAC and artifact events
516  logger.log(Level.INFO, "Beginning population of timeline db."); // NON-NLS
517  restartProgressHandle(Bundle.progressWindow_msg_gatheringData(), "", -1D, 1, true);
518  //reset database //TODO: can we do more incremental updates? -jm
519  eventDB.reInitializeDB();
520  //grab ids of all files
521  List<Long> fileIDs = skCase.findAllFileIdsWhere("name != '.' AND name != '..'" +
522  " AND type != " + TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.ordinal()); //NON-NLS
523  final int numFiles = fileIDs.size();
524 
525  trans = eventDB.beginTransaction();
526  insertMACTimeEvents(numFiles, fileIDs, trans);
528  }
529 
530  //tags
531  if (dbPopulationMode == DBPopulationMode.TAGS_ONLY) {
532  trans = eventDB.beginTransaction();
533  logger.log(Level.INFO, "dropping old tags"); // NON-NLS
534  eventDB.reInitializeTags();
535  }
536 
537  logger.log(Level.INFO, "updating content tags"); // NON-NLS
538  List<ContentTag> contentTags = tagsManager.getAllContentTags();
539  int currentWorkTotal = contentTags.size();
540  restartProgressHandle(Bundle.progressWindow_msg_refreshingFileTags(), "", 0D, currentWorkTotal, true);
541  insertContentTags(currentWorkTotal, contentTags, trans);
542 
543  logger.log(Level.INFO, "updating artifact tags"); // NON-NLS
544  List<BlackboardArtifactTag> artifactTags = tagsManager.getAllBlackboardArtifactTags();
545  currentWorkTotal = artifactTags.size();
546  restartProgressHandle(Bundle.progressWindow_msg_refreshingResultTags(), "", 0D, currentWorkTotal, true);
547  insertArtifactTags(currentWorkTotal, artifactTags, trans);
548 
549  logger.log(Level.INFO, "committing db"); // NON-NLS
550  Platform.runLater(() -> cancellable.set(false));
551  restartProgressHandle(Bundle.progressWindow_msg_commitingDb(), "", -1D, 1, false);
552  eventDB.commitTransaction(trans);
553 
554  eventDB.analyze();
555  populateFilterData(skCase);
557 
558  progressHandle.finish();
559  if (isCancelRequested()) {
560  cancel();
561  }
562  return null;
563  }
564 
565  private void insertArtifactTags(int currentWorkTotal, List<BlackboardArtifactTag> artifactTags, EventDB.EventTransaction trans) {
566  for (int i = 0; i < currentWorkTotal; i++) {
567  if (isCancelRequested()) {
568  break;
569  }
570  updateProgress(i, currentWorkTotal);
571  BlackboardArtifactTag artifactTag = artifactTags.get(i);
572  eventDB.addTag(artifactTag.getContent().getId(), artifactTag.getArtifact().getArtifactID(), artifactTag, trans);
573  }
574  }
575 
576  private void insertContentTags(int currentWorkTotal, List<ContentTag> contentTags, EventDB.EventTransaction trans) {
577  for (int i = 0; i < currentWorkTotal; i++) {
578  if (isCancelRequested()) {
579  break;
580  }
581  updateProgress(i, currentWorkTotal);
582  ContentTag contentTag = contentTags.get(i);
583  eventDB.addTag(contentTag.getContent().getId(), null, contentTag, trans);
584  }
585  }
586 
588  //insert artifact based events
589  //TODO: use (not-yet existing api) to grab all artifacts with timestamps, rather than the hardcoded lists in EventType -jm
590  for (EventType type : RootEventType.allTypes) {
591  if (isCancelRequested()) {
592  break;
593  }
594  //skip file_system events, they are already handled above.
595  if (type instanceof ArtifactEventType) {
596  populateEventType((ArtifactEventType) type, trans);
597  }
598  }
599  }
600 
601  @NbBundle.Messages("progressWindow.msg.populateMacEventsFiles=Populating MAC time events for files")
602  private void insertMACTimeEvents(final int numFiles, List<Long> fileIDs, EventDB.EventTransaction trans) {
603  restartProgressHandle(Bundle.progressWindow_msg_populateMacEventsFiles(), "", 0D, numFiles, true);
604  for (int i = 0; i < numFiles; i++) {
605  if (isCancelRequested()) {
606  break;
607  }
608  long fID = fileIDs.get(i);
609  try {
610  AbstractFile f = skCase.getAbstractFileById(fID);
611 
612  if (isNull(f)) {
613  logger.log(Level.WARNING, "Failed to get data for file : {0}", fID); // NON-NLS
614  } else {
615  insertEventsForFile(f, trans);
616  updateProgress(i, numFiles);
617  updateMessage(f.getName());
618  }
619  } catch (TskCoreException tskCoreException) {
620  logger.log(Level.SEVERE, "Failed to insert MAC time events for file : " + fID, tskCoreException); // NON-NLS
621  }
622  }
623  }
624 
625  private void insertEventsForFile(AbstractFile f, EventDB.EventTransaction trans) throws TskCoreException {
626  //gather time stamps into map
627  EnumMap<FileSystemTypes, Long> timeMap = new EnumMap<>(FileSystemTypes.class);
628  timeMap.put(FileSystemTypes.FILE_CREATED, f.getCrtime());
629  timeMap.put(FileSystemTypes.FILE_ACCESSED, f.getAtime());
630  timeMap.put(FileSystemTypes.FILE_CHANGED, f.getCtime());
631  timeMap.put(FileSystemTypes.FILE_MODIFIED, f.getMtime());
632 
633  /*
634  * if there are no legitimate ( greater than zero ) time stamps (
635  * eg, logical/local files) skip the rest of the event generation:
636  * this should result in dropping logical files, since they do not
637  * have legitimate time stamps.
638  */
639  if (Collections.max(timeMap.values()) > 0) {
640  final String uniquePath = f.getUniquePath();
641  final String parentPath = f.getParentPath();
642  long datasourceID = f.getDataSource().getId();
643  String datasourceName = StringUtils.substringBeforeLast(uniquePath, parentPath);
644 
645  String rootFolder = StringUtils.substringBefore(StringUtils.substringAfter(parentPath, "/"), "/");
646  String shortDesc = datasourceName + "/" + StringUtils.defaultString(rootFolder);
647  shortDesc = shortDesc.endsWith("/") ? shortDesc : shortDesc + "/";
648  String medDesc = datasourceName + parentPath;
649 
650  final TskData.FileKnown known = f.getKnown();
651  Set<String> hashSets = f.getHashSetNames();
652  List<ContentTag> tags = tagsManager.getContentTagsByContent(f);
653 
654  for (Map.Entry<FileSystemTypes, Long> timeEntry : timeMap.entrySet()) {
655  if (timeEntry.getValue() > 0) {
656  // if the time is legitimate ( greater than zero ) insert it
657  eventDB.insertEvent(timeEntry.getValue(), timeEntry.getKey(),
658  datasourceID, f.getId(), null, uniquePath, medDesc,
659  shortDesc, known, hashSets, tags, trans);
660  }
661  }
662  }
663  }
664 
665  @Override
666  @NbBundle.Messages("msgdlg.problem.text=There was a problem populating the timeline."
667  + " Not all events may be present or accurate.")
668  protected void done() {
669  super.done();
670  try {
671  get();
672  } catch (CancellationException ex) {
673  logger.log(Level.WARNING, "Timeline database population was cancelled by the user. " //NON-NLS
674  + " Not all events may be present or accurate."); // NON-NLS
675  } catch (Exception ex) {
676  logger.log(Level.WARNING, "Unexpected exception while populating database.", ex); // NON-NLS
677  JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(), Bundle.msgdlg_problem_text());
678  }
679  }
680 
687  @NbBundle.Messages({"# {0} - event type ", "progressWindow.populatingXevents=Populating {0} events"})
689  try {
690  //get all the blackboard artifacts corresponding to the given event sub_type
691  final ArrayList<BlackboardArtifact> blackboardArtifacts = skCase.getBlackboardArtifacts(type.getArtifactTypeID());
692  final int numArtifacts = blackboardArtifacts.size();
693  restartProgressHandle(Bundle.progressWindow_populatingXevents(type.getDisplayName()), "", 0D, numArtifacts, true);
694  for (int i = 0; i < numArtifacts; i++) {
695  try {
696  //for each artifact, extract the relevant information for the descriptions
697  insertEventForArtifact(type, blackboardArtifacts.get(i), trans);
698  updateProgress(i, numArtifacts);
699  } catch (TskCoreException ex) {
700  logger.log(Level.SEVERE, "There was a problem inserting event for artifact: " + blackboardArtifacts.get(i).getArtifactID(), ex); // NON-NLS
701  }
702  }
703  } catch (TskCoreException ex) {
704  logger.log(Level.SEVERE, "There was a problem getting events with sub type " + type.toString() + ".", ex); // NON-NLS
705  }
706  }
707 
708  private void insertEventForArtifact(final ArtifactEventType type, BlackboardArtifact bbart, EventDB.EventTransaction trans) throws TskCoreException {
710 
711  // if the time is legitimate ( greater than zero ) insert it into the db
712  if (eventDescription != null && eventDescription.getTime() > 0) {
713  long objectID = bbart.getObjectID();
714  AbstractFile f = skCase.getAbstractFileById(objectID);
715  long datasourceID = f.getDataSource().getId();
716  long artifactID = bbart.getArtifactID();
717  Set<String> hashSets = f.getHashSetNames();
718  List<BlackboardArtifactTag> tags = tagsManager.getBlackboardArtifactTagsByArtifact(bbart);
719  String fullDescription = eventDescription.getFullDescription();
720  String medDescription = eventDescription.getMedDescription();
721  String shortDescription = eventDescription.getShortDescription();
722  eventDB.insertEvent(eventDescription.getTime(), type, datasourceID, objectID, artifactID, fullDescription, medDescription, shortDescription, null, hashSets, tags, trans);
723  }
724  }
725  }
726 }
static EventDB getEventDB(Case autoCase)
Definition: EventDB.java:110
List< Long > getEventIDsForArtifact(BlackboardArtifact artifact)
List< Long > getEventIDsForFile(AbstractFile file, boolean includeDerivedArtifacts)
boolean areFiltersEquivalent(RootFilter f1, RootFilter f2)
Interval getSpanningInterval(Collection< Long > eventIDs)
Definition: EventDB.java:177
void insertMACTimeEvents(final int numFiles, List< Long > fileIDs, EventDB.EventTransaction trans)
Map< String, Long > getTagCountsByTagName(Set< Long > eventIDsWithTags)
synchronized ObservableMap< Long, String > getHashSetMap()
synchronized Map< EventType, Long > countEvents(ZoomParams params)
synchronized void populateFilterData(SleuthkitCase skCase)
synchronized List< EventStripe > getEventStripes(ZoomParams params)
synchronized ObservableMap< Long, String > getDatasourcesMap()
Interval getSpanningInterval(Collection< Long > eventIDs)
List< ContentTag > getContentTagsByContent(Content content)
void insertEventForArtifact(final ArtifactEventType type, BlackboardArtifact bbart, EventDB.EventTransaction trans)
synchronized Set< Long > deleteTag(long objID, Long artifactID, long tagID, boolean tagged)
synchronized Set< Long > addTag(long objID, Long artifactID, Tag tag, EventDB.EventTransaction trans)
CancellationProgressTask< Void > rebuildRepository(Consumer< Worker.State > onStateChange)
static final List<?extends EventType > allTypes
Definition: EventType.java:35
final ObservableMap< Long, String > hashSetMap
List< BlackboardArtifactTag > getAllBlackboardArtifactTags()
EventsRepository(Case autoCase, ReadOnlyObjectProperty< ZoomParams > currentStateProperty)
void insertArtifactTags(int currentWorkTotal, List< BlackboardArtifactTag > artifactTags, EventDB.EventTransaction trans)
synchronized Set< SingleEvent > getEventsById(Collection< Long > eventIDs)
List< CombinedEvent > getCombinedEvents(Interval timeRange, RootFilter filter)
final LoadingCache< ZoomParams, Map< EventType, Long > > eventCountsCache
void populateEventType(final ArtifactEventType type, EventDB.EventTransaction trans)
final LoadingCache< Long, SingleEvent > idToEventCache
void insertEventsForFile(AbstractFile f, EventDB.EventTransaction trans)
synchronized void invalidateCaches(Set< Long > updatedEventIDs)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
final ObservableMap< Long, String > datasourcesMap
CancellationProgressTask< Void > rebuildTags(Consumer< Worker.State > onStateChange)
Interval getBoundingEventsInterval(Interval timeRange, RootFilter filter)
final LoadingCache< ZoomParams, List< EventStripe > > eventStripeCache
static AttributeEventDescription buildEventDescription(ArtifactEventType type, BlackboardArtifact artf)
void insertContentTags(int currentWorkTotal, List< ContentTag > contentTags, EventDB.EventTransaction trans)
List< Long > getEventIDs(Interval timeRange, RootFilter filter)
List< BlackboardArtifactTag > getBlackboardArtifactTagsByArtifact(BlackboardArtifact artifact)

Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.