19 package org.sleuthkit.autopsy.timeline.datamodel.eventtype;
21 import com.google.common.net.InternetDomainName;
22 import java.util.Collections;
23 import java.util.List;
24 import java.util.function.Function;
25 import javafx.scene.image.Image;
26 import org.apache.commons.lang3.StringUtils;
27 import org.openide.util.NbBundle;
38 WEB_DOWNLOADS(NbBundle.getMessage(
WebTypes.class,
"WebTypes.webDownloads.name"),
40 new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD),
41 new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
43 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH)),
44 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL))) {
48 long time = artf.getAttribute(getDateTimeAttributeType()).getValueLong();
49 String domain = getShortExtractor().apply(artf);
50 String path = getMedExtractor().apply(artf);
51 String fileName = StringUtils.substringAfterLast(path,
"/");
52 String url = getFullExtractor().apply(artf);
55 String shortDescription = fileName +
" from " + domain;
56 String medDescription = fileName +
" from " + url;
57 String fullDescription = path +
" from " + url;
62 WEB_COOKIE(NbBundle.getMessage(
WebTypes.class,
"WebTypes.webCookies.name"),
64 new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE),
65 new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME),
67 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME)),
68 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE))),
70 WEB_BOOKMARK(NbBundle.getMessage(
WebTypes.class,
"WebTypes.webBookmarks.name"),
72 new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK),
73 new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED),
75 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)),
76 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE))),
78 WEB_HISTORY(NbBundle.getMessage(
WebTypes.class,
"WebTypes.webHistory.name"),
80 new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY),
81 new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
83 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)),
84 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE))),
86 WEB_SEARCH(NbBundle.getMessage(
WebTypes.class,
"WebTypes.webSearch.name"),
88 new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY),
89 new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
90 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT)),
92 new AttributeExtractor(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME)));
107 return dateTimeAttributeType;
123 return longExtractor;
133 return shortExtractor;
150 private WebTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType,
151 BlackboardAttribute.Type dateTimeAttributeType,
152 Function<BlackboardArtifact, String> shortExtractor,
153 Function<BlackboardArtifact, String> medExtractor,
154 Function<BlackboardArtifact, String> longExtractor) {
155 this.displayName = displayName;
156 this.iconBase = iconBase;
157 this.artifactType = artifactType;
158 this.dateTimeAttributeType = dateTimeAttributeType;
159 this.shortExtractor = shortExtractor;
160 this.medExtractor = medExtractor;
161 this.longExtractor = longExtractor;
162 this.image =
new Image(
"org/sleuthkit/autopsy/timeline/images/" + iconBase,
true);
182 return Collections.emptyList();
194 public String
apply(BlackboardArtifact artf) {
195 String domainString = StringUtils.substringBefore(super.apply(artf),
"/");
196 if (InternetDomainName.isValid(domainString)) {
197 InternetDomainName domain = InternetDomainName.from(domainString);
198 return (domain.isUnderPublicSuffix())
199 ? domain.topPrivateDomain().toString()
207 super(
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN));
final Function< BlackboardArtifact, String > longExtractor
final Function< BlackboardArtifact, String > medExtractor
BlackboardAttribute.Type getDateTimeAttributeType()
WebTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType, BlackboardAttribute.Type dateTimeAttributeType, Function< BlackboardArtifact, String > shortExtractor, Function< BlackboardArtifact, String > medExtractor, Function< BlackboardArtifact, String > longExtractor)
EventType getSubType(String string)
Function< BlackboardArtifact, String > getFullExtractor()
Function< BlackboardArtifact, String > getShortExtractor()
EventTypeZoomLevel getZoomLevel()
String apply(BlackboardArtifact artf)
final BlackboardArtifact.Type artifactType
BlackboardArtifact.Type getArtifactType()
List<?extends EventType > getSubTypes()
final Function< BlackboardArtifact, String > shortExtractor
final BlackboardAttribute.Type dateTimeAttributeType
Function< BlackboardArtifact, String > getMedExtractor()