19 package org.sleuthkit.autopsy.timeline.datamodel.eventtype;
21 import java.util.Arrays;
22 import java.util.Collections;
23 import java.util.List;
24 import java.util.Optional;
25 import java.util.function.Function;
26 import java.util.logging.Level;
27 import javafx.scene.image.Image;
28 import org.apache.commons.lang3.StringUtils;
29 import org.openide.util.NbBundle;
34 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
36 import org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
44 MESSAGE(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.message.name"),
"message.png",
45 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_MESSAGE),
46 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
49 final BlackboardAttribute dir = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DIRECTION));
50 final BlackboardAttribute readStatus = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_READ_STATUS));
51 final BlackboardAttribute name = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_NAME));
52 final BlackboardAttribute phoneNumber = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER));
53 final BlackboardAttribute subject = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SUBJECT));
54 List<String> asList = Arrays.asList(stringValueOf(dir), stringValueOf(readStatus), name != null || phoneNumber != null ? toFrom(dir) :
"", stringValueOf(name != null ? name : phoneNumber), (subject == null ?
"" : stringValueOf(subject)));
55 return StringUtils.join(asList,
" ");
57 new AttributeExtractor(
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_TEXT))),
58 GPS_ROUTE(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.GPSRoutes.name"),
"gps-search.png",
59 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_GPS_ROUTE),
60 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
64 final BlackboardAttribute latStart = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START));
65 final BlackboardAttribute longStart = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START));
66 final BlackboardAttribute latEnd = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END));
67 final BlackboardAttribute longEnd = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END));
68 return String.format(
"from %1$s %2$s to %3$s %4$s", stringValueOf(latStart), stringValueOf(longStart), stringValueOf(latEnd), stringValueOf(longEnd));
70 GPS_TRACKPOINT(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.GPSTrackpoint.name"),
"gps-trackpoint.png",
71 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_GPS_TRACKPOINT),
72 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
75 final BlackboardAttribute longitude = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE));
76 final BlackboardAttribute latitude = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE));
77 return stringValueOf(latitude) +
" " + stringValueOf(longitude);
79 new EmptyExtractor()),
80 CALL_LOG(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.Calls.name"),
"calllog.png",
81 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_CALLLOG),
82 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_START),
86 EMAIL(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.Email.name"),
"mail-icon-16.png",
87 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_EMAIL_MSG),
88 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_SENT),
90 final BlackboardAttribute emailFrom = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_FROM));
91 final BlackboardAttribute emailTo = getAttributeSafe(artf,
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_TO));
92 return stringValueOf(emailFrom) +
" to " + stringValueOf(emailTo);
94 new AttributeExtractor(
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SUBJECT)),
95 new AttributeExtractor(
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN))),
96 RECENT_DOCUMENTS(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.recentDocuments.name"),
"recent_docs.png",
97 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_RECENT_OBJECT),
98 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
100 (String t) -> (StringUtils.substringBeforeLast(StringUtils.substringBeforeLast(t,
"\\"),
"\\"))),
101 new AttributeExtractor(
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH)).andThen(
102 (String t) -> StringUtils.substringBeforeLast(t,
"\\")),
107 final BlackboardAttribute dateTimeAttr = artf.getAttribute(getDateTimeAttributeType());
109 long time = dateTimeAttr.getValueLong();
112 String shortDescription = getShortExtractor().apply(artf);
113 String medDescription = getMedExtractor().apply(artf);
114 String fullDescription = getFullExtractor().apply(artf);
119 INSTALLED_PROGRAM(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.installedPrograms.name"),
"programs.png",
120 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_INSTALLED_PROG),
121 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
125 EXIF(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.exif.name"),
"camera-icon-16.png",
126 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_METADATA_EXIF),
127 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED),
129 new AttributeExtractor(
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL)),
132 AbstractFile file = artf.getSleuthkitCase().getAbstractFileById(artf.getObjectID());
134 return file.getName();
136 }
catch (TskCoreException ex) {
137 LOGGER.log(Level.SEVERE,
"Exif event type failed to look up backing file name", ex);
139 return "error loading file name";
141 DEVICES_ATTACHED(NbBundle.getMessage(
MiscTypes.class,
"MiscTypes.devicesAttached.name"),
"usb_devices.png",
142 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED),
143 new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
145 new AttributeExtractor(
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL)),
149 return Optional.ofNullable(attr)
150 .map(BlackboardAttribute::getDisplayString)
154 public static String
toFrom(BlackboardAttribute dir) {
158 switch (dir.getDisplayString()) {
188 return longExtractor;
198 return shortExtractor;
203 return dateTimeAttributeType;
230 private MiscTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType,
231 BlackboardAttribute.Type dateTimeAttributeType,
232 Function<BlackboardArtifact, String> shortExtractor,
233 Function<BlackboardArtifact, String> medExtractor,
234 Function<BlackboardArtifact, String> longExtractor) {
235 this.displayName = displayName;
236 this.iconBase = iconBase;
237 this.artifactType = artifactType;
238 this.dateTimeAttributeType = dateTimeAttributeType;
239 this.shortExtractor = shortExtractor;
240 this.medExtractor = medExtractor;
241 this.longExtractor = longExtractor;
242 this.image =
new Image(
"org/sleuthkit/autopsy/timeline/images/" + iconBase,
true);
252 return Collections.emptyList();
final Function< BlackboardArtifact, String > medExtractor
static String toFrom(BlackboardAttribute dir)
List<?extends EventType > getSubTypes()
EventTypeZoomLevel getZoomLevel()
Function< BlackboardArtifact, String > getMedExtractor()
MiscTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType, BlackboardAttribute.Type dateTimeAttributeType, Function< BlackboardArtifact, String > shortExtractor, Function< BlackboardArtifact, String > medExtractor, Function< BlackboardArtifact, String > longExtractor)
Function< BlackboardArtifact, String > getFullExtractor()
BlackboardAttribute.Type getDateTimeAttributeType()
static String stringValueOf(BlackboardAttribute attr)
EventType getSubType(String string)
final Function< BlackboardArtifact, String > longExtractor
final BlackboardAttribute.Type dateTimeAttributeType
Function< BlackboardArtifact, String > getShortExtractor()
BlackboardArtifact.Type getArtifactType()
final BlackboardArtifact.Type artifactType
static BlackboardAttribute getAttributeSafe(BlackboardArtifact artf, BlackboardAttribute.Type attrType)
final Function< BlackboardArtifact, String > shortExtractor