Autopsy  4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
RecentFilesFilterChildren.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datamodel;
20 
21 import java.util.ArrayList;
22 import java.util.Calendar;
23 import java.util.List;
24 import java.util.logging.Level;
25 
26 import org.openide.util.NbBundle;
28 import org.openide.nodes.AbstractNode;
29 import org.openide.nodes.ChildFactory;
30 import org.openide.nodes.Node;
32 import org.sleuthkit.datamodel.AbstractFile;
33 import org.sleuthkit.datamodel.Content;
34 import org.sleuthkit.datamodel.ContentVisitor;
35 import org.sleuthkit.datamodel.DerivedFile;
36 import org.sleuthkit.datamodel.Directory;
37 import org.sleuthkit.datamodel.File;
38 import org.sleuthkit.datamodel.LocalFile;
39 import org.sleuthkit.datamodel.SleuthkitCase;
40 import org.sleuthkit.datamodel.TskCoreException;
41 import org.sleuthkit.datamodel.TskData;
42 
47 class RecentFilesFilterChildren extends ChildFactory<Content> {
48 
49  private SleuthkitCase skCase;
50  private RecentFilesFilter filter;
51  private Calendar prevDay;
52  private final static Logger logger = Logger.getLogger(RecentFilesFilterChildren.class.getName());
53  //private final static int MAX_OBJECTS = 1000000;
54 
55  RecentFilesFilterChildren(RecentFilesFilter filter, SleuthkitCase skCase, Calendar lastDay) {
56  this.skCase = skCase;
57  this.filter = filter;
58  this.prevDay = (Calendar) lastDay.clone();
59  prevDay.add(Calendar.DATE, -filter.getDurationDays());
60  }
61 
62  @Override
63  protected boolean createKeys(List<Content> list) {
64  list.addAll(runQuery());
65  return true;
66  }
67 
68  private String createQuery() {
69  Calendar prevDayQuery = (Calendar) prevDay.clone();
70  String query = "(dir_type = " + TskData.TSK_FS_NAME_TYPE_ENUM.REG.getValue() + ")" //NON-NLS
71  + " AND (known IS NULL OR known != 1) AND ("; //NON-NLS
72  long lowerLimit = prevDayQuery.getTimeInMillis() / 1000;
73  prevDayQuery.add(Calendar.DATE, 1);
74  prevDayQuery.add(Calendar.MILLISECOND, -1);
75  long upperLimit = prevDayQuery.getTimeInMillis() / 1000;
76  query += "(crtime BETWEEN " + lowerLimit + " AND " + upperLimit + ") OR "; //NON-NLS
77  query += "(ctime BETWEEN " + lowerLimit + " AND " + upperLimit + ") OR "; //NON-NLS
78  //query += "(atime BETWEEN " + lowerLimit + " AND " + upperLimit + ") OR ";
79  query += "(mtime BETWEEN " + lowerLimit + " AND " + upperLimit + "))"; //NON-NLS
80  //query += " LIMIT " + MAX_OBJECTS;
81  return query;
82  }
83 
84  private List<AbstractFile> runQuery() {
85  List<AbstractFile> ret = new ArrayList<AbstractFile>();
86  try {
87  List<AbstractFile> found = skCase.findAllFilesWhere(createQuery());
88  for (AbstractFile c : found) {
89  ret.add(c);
90  }
91 
92  } catch (TskCoreException ex) {
93  logger.log(Level.WARNING, "Couldn't get search results", ex); //NON-NLS
94  }
95  return ret;
96 
97  }
98 
104  long calculateItems() {
105  try {
106  return skCase.countFilesWhere(createQuery());
107  } catch (TskCoreException ex) {
108  logger.log(Level.SEVERE, "Error getting recent files search view count", ex); //NON-NLS
109  return 0;
110  }
111  }
112 
113  @Override
114  protected Node createNodeForKey(Content key) {
115  return key.accept(new ContentVisitor.Default<AbstractNode>() {
116  @Override
117  public FileNode visit(File f) {
118  return new FileNode(f, false);
119  }
120 
121  @Override
122  public DirectoryNode visit(Directory d) {
123  return new DirectoryNode(d);
124  }
125 
126  @Override
127  public LocalFileNode visit(DerivedFile f) {
128  return new LocalFileNode(f);
129  }
130 
131  @Override
132  public LocalFileNode visit(LocalFile f) {
133  return new LocalFileNode(f);
134  }
135 
136  @Override
137  protected AbstractNode defaultVisit(Content di) {
138  throw new UnsupportedOperationException(
139  NbBundle.getMessage(this.getClass(),
140  "RecentFilesFilterChildren.exception.defaultVisit.msg",
141  di.toString()));
142  }
143  });
144  }
145 }

Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.