Autopsy  4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
SingleEvent.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-16 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.datamodel;
20 
21 import com.google.common.collect.ImmutableMap;
22 import com.google.common.collect.ImmutableSortedSet;
23 import java.util.Collections;
24 import java.util.Comparator;
25 import java.util.Optional;
26 import java.util.Set;
27 import java.util.SortedSet;
28 import javax.annotation.Nullable;
29 import javax.annotation.concurrent.Immutable;
30 import org.joda.time.Interval;
33 import org.sleuthkit.datamodel.TskData;
34 
38 @Immutable
39 public class SingleEvent implements TimeLineEvent {
40 
41  private final long eventID;
45  private final long objID;
46 
51  private final Long artifactID;
52 
56  private final long dataSourceID;
57 
61  private final long time;
65  private final EventType type;
66 
71  private final ImmutableMap<DescriptionLoD, String> descriptions;
72 
76  private final TskData.FileKnown known;
77 
82  private final boolean hashHit;
83 
87  private final boolean tagged;
88 
93  private MultiEvent<?> parent = null;
94 
95  public SingleEvent(long eventID, long dataSourceID, long objID, @Nullable Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) {
96  this.eventID = eventID;
97  this.dataSourceID = dataSourceID;
98  this.objID = objID;
99  this.artifactID = Long.valueOf(0).equals(artifactID) ? null : artifactID;
100  this.time = time;
101  this.type = type;
102  descriptions = ImmutableMap.<DescriptionLoD, String>of(DescriptionLoD.FULL, fullDescription,
103  DescriptionLoD.MEDIUM, medDescription,
104  DescriptionLoD.SHORT, shortDescription);
105  this.known = known;
106  this.hashHit = hashHit;
107  this.tagged = tagged;
108  }
109 
120  SingleEvent singleEvent = new SingleEvent(eventID, dataSourceID, objID, artifactID, time, type, descriptions.get(DescriptionLoD.FULL), descriptions.get(DescriptionLoD.MEDIUM), descriptions.get(DescriptionLoD.SHORT), known, hashHit, tagged);
121  singleEvent.parent = newParent;
122  return singleEvent;
123  }
124 
130  public boolean isTagged() {
131  return tagged;
132  }
133 
142  public boolean isHashHit() {
143  return hashHit;
144  }
145 
152  public Optional<Long> getArtifactID() {
153  return Optional.ofNullable(artifactID);
154  }
155 
161  public long getEventID() {
162  return eventID;
163  }
164 
170  public long getFileID() {
171  return objID;
172  }
173 
179  public long getTime() {
180  return time;
181  }
182 
183  @Override
185  return type;
186  }
187 
193  public String getFullDescription() {
195  }
196 
202  public String getMedDescription() {
204  }
205 
211  public String getShortDescription() {
213  }
214 
220  public TskData.FileKnown getKnown() {
221  return known;
222  }
223 
231  public String getDescription(DescriptionLoD lod) {
232  return descriptions.get(lod);
233  }
234 
240  public long getDataSourceID() {
241  return dataSourceID;
242  }
243 
244  @Override
245  public Set<Long> getEventIDs() {
246  return Collections.singleton(eventID);
247  }
248 
249  @Override
250  public Set<Long> getEventIDsWithHashHits() {
251  return isHashHit() ? Collections.singleton(eventID) : Collections.emptySet();
252  }
253 
254  @Override
255  public Set<Long> getEventIDsWithTags() {
256  return isTagged() ? Collections.singleton(eventID) : Collections.emptySet();
257  }
258 
259  @Override
260  public long getEndMillis() {
261  return time * 1000;
262  }
263 
264  @Override
265  public long getStartMillis() {
266  return time * 1000;
267  }
268 
269  @Override
270  public int hashCode() {
271  int hash = 7;
272  hash = 13 * hash + (int) (this.eventID ^ (this.eventID >>> 32));
273  return hash;
274  }
275 
276  @Override
277  public boolean equals(Object obj) {
278  if (obj == null) {
279  return false;
280  }
281  if (getClass() != obj.getClass()) {
282  return false;
283  }
284  final SingleEvent other = (SingleEvent) obj;
285  if (this.eventID != other.eventID) {
286  return false;
287  }
288  return true;
289  }
290 
291  @Override
292  public SortedSet<EventCluster> getClusters() {
293  EventCluster eventCluster = new EventCluster(new Interval(time * 1000, time * 1000), type, getEventIDs(), getEventIDsWithHashHits(), getEventIDsWithTags(), getFullDescription(), DescriptionLoD.FULL);
294  return ImmutableSortedSet.orderedBy(Comparator.comparing(EventCluster::getStartMillis)).add(eventCluster).build();
295  }
296 
297  @Override
298  public String getDescription() {
299  return getFullDescription();
300  }
301 
302  @Override
304  return DescriptionLoD.FULL;
305  }
306 
315  @Override
316  public Optional<EventStripe> getParentStripe() {
317  if (parent == null) {
318  return Optional.empty();
319  } else if (parent instanceof EventStripe) {
320  return Optional.of((EventStripe) parent);
321  } else {
322  return parent.getParentStripe();
323  }
324  }
325 }
SingleEvent(long eventID, long dataSourceID, long objID,@Nullable Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged)
final ImmutableMap< DescriptionLoD, String > descriptions
SingleEvent withParent(MultiEvent<?> newParent)

Copyright © 2012-2018 Basis Technology. Generated on: Tue Dec 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.