Autopsy  4.8.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
AbstractCommonAttributeSearcher.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2018 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.commonfilesearch;
21 
22 import java.sql.SQLException;
23 import java.util.ArrayList;
24 import java.util.Collections;
25 import java.util.List;
26 import java.util.Map;
27 import java.util.Set;
28 import java.util.TreeMap;
29 import java.util.stream.Collectors;
30 import java.util.stream.Stream;
31 import org.openide.util.NbBundle;
32 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
33 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
34 import org.sleuthkit.datamodel.TskCoreException;
35 
40 public abstract class AbstractCommonAttributeSearcher {
41 
42  private boolean filterByMedia;
43  private boolean filterByDoc;
44  final int frequencyPercentageThreshold;
45 
46  AbstractCommonAttributeSearcher(boolean filterByMedia, boolean filterByDoc, int percentageThreshold) {
47  this.filterByDoc = filterByDoc;
48  this.filterByMedia = filterByMedia;
49  this.frequencyPercentageThreshold = percentageThreshold;
50  }
51 
66  public abstract CommonAttributeSearchResults findMatches() throws TskCoreException, NoCurrentCaseException, SQLException, EamDbException;
67 
74  abstract String getTabTitle();
75 
76  @NbBundle.Messages({
77  "AbstractCommonFilesMetadataBuilder.buildCategorySelectionString.doc=Documents",
78  "AbstractCommonFilesMetadataBuilder.buildCategorySelectionString.media=Media",
79  "AbstractCommonFilesMetadataBuilder.buildCategorySelectionString.all=All File Categories"
80  })
81 
82  String buildCategorySelectionString() {
83  if (!this.isFilterByDoc() && !this.isFilterByMedia()) {
84  return Bundle.AbstractCommonFilesMetadataBuilder_buildCategorySelectionString_all();
85  } else {
86  List<String> filters = new ArrayList<>();
87  if (this.isFilterByDoc()) {
88  filters.add(Bundle.AbstractCommonFilesMetadataBuilder_buildCategorySelectionString_doc());
89  }
90  if (this.isFilterByMedia()) {
91  filters.add(Bundle.AbstractCommonFilesMetadataBuilder_buildCategorySelectionString_media());
92  }
93  return String.join(", ", filters);
94  }
95  }
96 
104  @NbBundle.Messages({
105  "# {0} - threshold percent",
106  "AbstractCommonFilesMetadataBuilder.getPercentFilter.thresholdPercent=, Threshold {0}%"})
107  String getPercentThresholdString() {
108  if (frequencyPercentageThreshold == 0) {
109  return "";
110  } else {
111  return Bundle.AbstractCommonFilesMetadataBuilder_getPercentFilter_thresholdPercent(frequencyPercentageThreshold);
112  }
113  }
114 
115  static Map<Integer, CommonAttributeValueList> collateMatchesByNumberOfInstances(Map<String, CommonAttributeValue> commonFiles) {
116  //collate matches by number of matching instances - doing this in sql doesnt seem efficient
117  Map<Integer, CommonAttributeValueList> instanceCollatedCommonFiles = new TreeMap<>();
118 
119  for (CommonAttributeValue md5Metadata : commonFiles.values()) {
120  Integer size = md5Metadata.getInstanceCount();
121 
122  if (instanceCollatedCommonFiles.containsKey(size)) {
123  instanceCollatedCommonFiles.get(size).addMetadataToList(md5Metadata);
124  } else {
125  CommonAttributeValueList value = new CommonAttributeValueList();
126  value.addMetadataToList(md5Metadata);
127  instanceCollatedCommonFiles.put(size, value);
128  }
129  }
130  return instanceCollatedCommonFiles;
131  }
132 
133  /*
134  * The set of the MIME types that will be checked for extension mismatches
135  * when checkType is ONLY_MEDIA. ".jpg", ".jpeg", ".png", ".psd", ".nef",
136  * ".tiff", ".bmp", ".tec" ".aaf", ".3gp", ".asf", ".avi", ".m1v", ".m2v",
137  * //NON-NLS ".m4v", ".mp4", ".mov", ".mpeg", ".mpg", ".mpe", ".mp4", ".rm",
138  * ".wmv", ".mpv", ".flv", ".swf"
139  */
140  static final Set<String> MEDIA_PICS_VIDEO_MIME_TYPES = Stream.of(
141  "image/bmp", //NON-NLS
142  "image/gif", //NON-NLS
143  "image/jpeg", //NON-NLS
144  "image/png", //NON-NLS
145  "image/tiff", //NON-NLS
146  "image/vnd.adobe.photoshop", //NON-NLS
147  "image/x-raw-nikon", //NON-NLS
148  "image/x-ms-bmp", //NON-NLS
149  "image/x-icon", //NON-NLS
150  "video/webm", //NON-NLS
151  "video/3gpp", //NON-NLS
152  "video/3gpp2", //NON-NLS
153  "video/ogg", //NON-NLS
154  "video/mpeg", //NON-NLS
155  "video/mp4", //NON-NLS
156  "video/quicktime", //NON-NLS
157  "video/x-msvideo", //NON-NLS
158  "video/x-flv", //NON-NLS
159  "video/x-m4v", //NON-NLS
160  "video/x-ms-wmv", //NON-NLS
161  "application/vnd.ms-asf", //NON-NLS
162  "application/vnd.rn-realmedia", //NON-NLS
163  "application/x-shockwave-flash" //NON-NLS
164  ).collect(Collectors.toSet());
165 
166  /*
167  * The set of the MIME types that will be checked for extension mismatches
168  * when checkType is ONLY_TEXT_FILES. ".doc", ".docx", ".odt", ".xls",
169  * ".xlsx", ".ppt", ".pptx" ".txt", ".rtf", ".log", ".text", ".xml" ".html",
170  * ".htm", ".css", ".js", ".php", ".aspx" ".pdf"
171  */
172  static final Set<String> TEXT_FILES_MIME_TYPES = Stream.of(
173  "text/plain", //NON-NLS
174  "application/rtf", //NON-NLS
175  "application/pdf", //NON-NLS
176  "text/css", //NON-NLS
177  "text/html", //NON-NLS
178  "text/csv", //NON-NLS
179  "application/json", //NON-NLS
180  "application/javascript", //NON-NLS
181  "application/xml", //NON-NLS
182  "text/calendar", //NON-NLS
183  "application/x-msoffice", //NON-NLS
184  "application/x-ooxml", //NON-NLS
185  "application/msword", //NON-NLS
186  "application/vnd.openxmlformats-officedocument.wordprocessingml.document", //NON-NLS
187  "application/vnd.ms-powerpoint", //NON-NLS
188  "application/vnd.openxmlformats-officedocument.presentationml.presentation", //NON-NLS
189  "application/vnd.ms-excel", //NON-NLS
190  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", //NON-NLS
191  "application/vnd.oasis.opendocument.presentation", //NON-NLS
192  "application/vnd.oasis.opendocument.spreadsheet", //NON-NLS
193  "application/vnd.oasis.opendocument.text" //NON-NLS
194  ).collect(Collectors.toSet());
195 
199  boolean isFilterByMedia() {
200  return filterByMedia;
201  }
202 
206  void setFilterByMedia(boolean filterByMedia) {
207  this.filterByMedia = filterByMedia;
208  }
209 
213  boolean isFilterByDoc() {
214  return filterByDoc;
215  }
216 
220  void setFilterByDoc(boolean filterByDoc) {
221  this.filterByDoc = filterByDoc;
222  }
223 }

Copyright © 2012-2018 Basis Technology. Generated on: Thu Oct 4 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.