Autopsy  4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
WebTypes.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-16 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.datamodel.eventtype;
20 
21 import com.google.common.net.InternetDomainName;
22 import java.util.Collections;
23 import java.util.List;
24 import java.util.function.Function;
25 import javafx.scene.image.Image;
26 import org.apache.commons.lang3.StringUtils;
27 import org.openide.util.NbBundle;
29 import org.sleuthkit.datamodel.BlackboardArtifact;
30 import org.sleuthkit.datamodel.BlackboardAttribute;
31 import org.sleuthkit.datamodel.TskCoreException;
32 
36 public enum WebTypes implements EventType, ArtifactEventType {
37 
38  WEB_DOWNLOADS(NbBundle.getMessage(WebTypes.class, "WebTypes.webDownloads.name"),
39  "downloads.png", // NON-NLS
40  new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD),
41  new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
42  TopPrivateDomainExtractor.getInstance(),
43  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH)),
44  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL))) {
45 
46  @Override
47  public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf) throws TskCoreException {
48  long time = artf.getAttribute(getDateTimeAttributeType()).getValueLong();
49  String domain = getShortExtractor().apply(artf);
50  String path = getMedExtractor().apply(artf);
51  String fileName = StringUtils.substringAfterLast(path, "/");
52  String url = getFullExtractor().apply(artf);
53 
54  //TODO: review non default description construction
55  String shortDescription = fileName + " from " + domain; // NON-NLS
56  String medDescription = fileName + " from " + url; // NON-NLS
57  String fullDescription = path + " from " + url; // NON-NLS
58  return new AttributeEventDescription(time, shortDescription, medDescription, fullDescription);
59  }
60  },
61  //TODO: review description separators
62  WEB_COOKIE(NbBundle.getMessage(WebTypes.class, "WebTypes.webCookies.name"),
63  "cookies.png", // NON-NLS
64  new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE),
65  new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME),
66  TopPrivateDomainExtractor.getInstance(),
67  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME)),
68  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE))),
69  //TODO: review description separators
70  WEB_BOOKMARK(NbBundle.getMessage(WebTypes.class, "WebTypes.webBookmarks.name"),
71  "bookmarks.png", // NON-NLS
72  new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK),
73  new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED),
74  TopPrivateDomainExtractor.getInstance(),
75  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)),
76  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE))),
77  //TODO: review description separators
78  WEB_HISTORY(NbBundle.getMessage(WebTypes.class, "WebTypes.webHistory.name"),
79  "history.png", // NON-NLS
80  new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY),
81  new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
82  TopPrivateDomainExtractor.getInstance(),
83  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)),
84  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE))),
85  //TODO: review description separators
86  WEB_SEARCH(NbBundle.getMessage(WebTypes.class, "WebTypes.webSearch.name"),
87  "searchquery.png", // NON-NLS
88  new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY),
89  new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
90  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT)),
91  TopPrivateDomainExtractor.getInstance(),
92  new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME)));
93 
94  private final BlackboardAttribute.Type dateTimeAttributeType;
95 
96  private final String iconBase;
97 
98  private final Image image;
99 
100  @Override
101  public Image getFXImage() {
102  return image;
103  }
104 
105  @Override
106  public BlackboardAttribute.Type getDateTimeAttributeType() {
107  return dateTimeAttributeType;
108  }
109 
110  @Override
113  }
114 
115  private final Function<BlackboardArtifact, String> longExtractor;
116 
117  private final Function<BlackboardArtifact, String> medExtractor;
118 
119  private final Function<BlackboardArtifact, String> shortExtractor;
120 
121  @Override
122  public Function<BlackboardArtifact, String> getFullExtractor() {
123  return longExtractor;
124  }
125 
126  @Override
127  public Function<BlackboardArtifact, String> getMedExtractor() {
128  return medExtractor;
129  }
130 
131  @Override
132  public Function<BlackboardArtifact, String> getShortExtractor() {
133  return shortExtractor;
134  }
135 
136  private final String displayName;
137 
138  private final BlackboardArtifact.Type artifactType;
139 
140  @Override
141  public String getIconBase() {
142  return iconBase;
143  }
144 
145  @Override
146  public BlackboardArtifact.Type getArtifactType() {
147  return artifactType;
148  }
149 
150  private WebTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType,
151  BlackboardAttribute.Type dateTimeAttributeType,
152  Function<BlackboardArtifact, String> shortExtractor,
153  Function<BlackboardArtifact, String> medExtractor,
154  Function<BlackboardArtifact, String> longExtractor) {
155  this.displayName = displayName;
156  this.iconBase = iconBase;
157  this.artifactType = artifactType;
158  this.dateTimeAttributeType = dateTimeAttributeType;
159  this.shortExtractor = shortExtractor;
160  this.medExtractor = medExtractor;
161  this.longExtractor = longExtractor;
162  this.image = new Image("org/sleuthkit/autopsy/timeline/images/" + iconBase, true); // NON-NLS
163  }
164 
165  @Override
166  public EventType getSuperType() {
167  return BaseTypes.WEB_ACTIVITY;
168  }
169 
170  @Override
171  public String getDisplayName() {
172  return displayName;
173  }
174 
175  @Override
176  public EventType getSubType(String string) {
177  return WebTypes.valueOf(string);
178  }
179 
180  @Override
181  public List<? extends EventType> getSubTypes() {
182  return Collections.emptyList();
183  }
184 
185  private static class TopPrivateDomainExtractor extends AttributeExtractor {
186 
187  final private static TopPrivateDomainExtractor instance = new TopPrivateDomainExtractor();
188 
189  static TopPrivateDomainExtractor getInstance() {
190  return instance;
191  }
192 
193  @Override
194  public String apply(BlackboardArtifact artf) {
195  String domainString = StringUtils.substringBefore(super.apply(artf), "/");
196  if (InternetDomainName.isValid(domainString)) {
197  InternetDomainName domain = InternetDomainName.from(domainString);
198  return (domain.isUnderPublicSuffix())
199  ? domain.topPrivateDomain().toString()
200  : domain.toString();
201  } else {
202  return domainString;
203  }
204  }
205 
207  super(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN));
208  }
209  }
210 }
final Function< BlackboardArtifact, String > longExtractor
Definition: WebTypes.java:115
final Function< BlackboardArtifact, String > medExtractor
Definition: WebTypes.java:117
WebTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType, BlackboardAttribute.Type dateTimeAttributeType, Function< BlackboardArtifact, String > shortExtractor, Function< BlackboardArtifact, String > medExtractor, Function< BlackboardArtifact, String > longExtractor)
Definition: WebTypes.java:150
Function< BlackboardArtifact, String > getFullExtractor()
Definition: WebTypes.java:122
Function< BlackboardArtifact, String > getShortExtractor()
Definition: WebTypes.java:132
final Function< BlackboardArtifact, String > shortExtractor
Definition: WebTypes.java:119
Function< BlackboardArtifact, String > getMedExtractor()
Definition: WebTypes.java:127

Copyright © 2012-2018 Basis Technology. Generated on: Tue Dec 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.