Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
HashDbManager.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011 - 2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.hashdatabase;
20 
21 import java.beans.PropertyChangeEvent;
22 import java.beans.PropertyChangeListener;
23 import java.beans.PropertyChangeSupport;
24 import java.io.File;
25 import java.io.IOException;
26 import java.util.ArrayList;
27 import java.util.HashSet;
28 import java.util.List;
29 import java.util.Objects;
30 import java.util.Set;
31 import java.util.concurrent.ExecutionException;
32 import java.util.logging.Level;
33 import javax.swing.JFileChooser;
34 import javax.swing.JOptionPane;
35 import javax.swing.SwingWorker;
36 import javax.swing.filechooser.FileNameExtensionFilter;
37 import org.apache.commons.io.FilenameUtils;
38 import org.netbeans.api.progress.ProgressHandle;
39 import org.openide.util.NbBundle;
40 import org.openide.util.NbBundle.Messages;
41 import org.sleuthkit.autopsy.core.RuntimeProperties;
42 import org.sleuthkit.autopsy.coreutils.Logger;
43 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
44 import org.sleuthkit.autopsy.ingest.IngestManager;
45 import org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettings.HashDbInfo;
46 import org.sleuthkit.datamodel.AbstractFile;
47 import org.sleuthkit.datamodel.Content;
48 import org.sleuthkit.datamodel.HashEntry;
49 import org.sleuthkit.datamodel.HashHitInfo;
50 import org.sleuthkit.datamodel.SleuthkitJNI;
51 import org.sleuthkit.datamodel.TskCoreException;
52 
57 public class HashDbManager implements PropertyChangeListener {
58 
59  private static final String HASH_DATABASE_FILE_EXTENSON = "kdb"; //NON-NLS
60  private static HashDbManager instance = null;
61  private List<HashDb> knownHashSets = new ArrayList<>();
62  private List<HashDb> knownBadHashSets = new ArrayList<>();
63  private Set<String> hashSetNames = new HashSet<>();
64  private Set<String> hashSetPaths = new HashSet<>();
65  PropertyChangeSupport changeSupport = new PropertyChangeSupport(HashDbManager.class);
66  private static final Logger logger = Logger.getLogger(HashDbManager.class.getName());
67  private boolean allDatabasesLoadedCorrectly = false;
68 
74  public enum SetEvt {
75 
76  DB_ADDED, DB_DELETED, DB_INDEXED
77  };
78 
84  public static synchronized HashDbManager getInstance() {
85  if (instance == null) {
86  instance = new HashDbManager();
87  }
88  return instance;
89  }
90 
91  public synchronized void addPropertyChangeListener(PropertyChangeListener listener) {
92  changeSupport.addPropertyChangeListener(listener);
93  }
94 
95  public synchronized void removePropertyChangeListener(PropertyChangeListener listener) {
96  changeSupport.removePropertyChangeListener(listener);
97  }
98 
99  synchronized boolean verifyAllDatabasesLoadedCorrectly(){
100  return allDatabasesLoadedCorrectly;
101  }
102 
103  private HashDbManager() {
104  loadHashsetsConfiguration();
105  }
106 
112  static String getHashDatabaseFileExtension() {
113  return HASH_DATABASE_FILE_EXTENSON;
114  }
115 
116  public class HashDbManagerException extends Exception {
117 
118  private static final long serialVersionUID = 1L;
119 
120  private HashDbManagerException(String message) {
121  super(message);
122  }
123 
124  private HashDbManagerException(String message, Throwable exception) {
125  super(message, exception);
126  }
127  }
128 
148  public synchronized HashDb addExistingHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException {
149  HashDb hashDb = null;
150  hashDb = this.addExistingHashDatabaseNoSave(hashSetName, path, searchDuringIngest, sendIngestMessages, knownFilesType);
151  this.save();
152  return hashDb;
153  }
154 
155  synchronized HashDb addExistingHashDatabaseNoSave(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException {
156  HashDb hashDb = null;
157  try {
158  if (!new File(path).exists()) {
159  throw new HashDbManagerException(NbBundle.getMessage(HashDbManager.class, "HashDbManager.hashDbDoesNotExistExceptionMsg", path));
160  }
161 
162  if (hashSetPaths.contains(path)) {
163  throw new HashDbManagerException(NbBundle.getMessage(HashDbManager.class, "HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
164  }
165 
166  if (hashSetNames.contains(hashSetName)) {
167  throw new HashDbManagerException(NbBundle.getMessage(HashDbManager.class, "HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
168  }
169 
170  hashDb = addHashDatabase(SleuthkitJNI.openHashDatabase(path), hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
171  } catch (TskCoreException ex) {
172  throw new HashDbManagerException(ex.getMessage());
173  }
174  return hashDb;
175  }
176 
195  public synchronized HashDb addNewHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages,
196  HashDb.KnownFilesType knownFilesType) throws HashDbManagerException {
197 
198  HashDb hashDb = null;
199  hashDb = this.addNewHashDatabaseNoSave(hashSetName, path, searchDuringIngest, sendIngestMessages, knownFilesType);
200 
201  this.save();
202 
203  return hashDb;
204  }
205 
206  public synchronized HashDb addNewHashDatabaseNoSave(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages,
207  HashDb.KnownFilesType knownFilesType) throws HashDbManagerException {
208  HashDb hashDb = null;
209  try {
210  File file = new File(path);
211  if (file.exists()) {
212  throw new HashDbManagerException(NbBundle.getMessage(HashDbManager.class, "HashDbManager.hashDbFileExistsExceptionMsg", path));
213  }
214  if (!FilenameUtils.getExtension(file.getName()).equalsIgnoreCase(HASH_DATABASE_FILE_EXTENSON)) {
215  throw new HashDbManagerException(NbBundle.getMessage(HashDbManager.class, "HashDbManager.illegalHashDbFileNameExtensionMsg",
216  getHashDatabaseFileExtension()));
217  }
218 
219  if (hashSetPaths.contains(path)) {
220  throw new HashDbManagerException(NbBundle.getMessage(HashDbManager.class, "HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
221  }
222 
223  if (hashSetNames.contains(hashSetName)) {
224  throw new HashDbManagerException(NbBundle.getMessage(HashDbManager.class, "HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
225  }
226 
227  hashDb = addHashDatabase(SleuthkitJNI.createHashDatabase(path), hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
228  } catch (TskCoreException ex) {
229  throw new HashDbManagerException(ex.getMessage());
230  }
231  return hashDb;
232  }
233 
234  private HashDb addHashDatabase(int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException {
235  // Wrap an object around the handle.
236  HashDb hashDb = new HashDb(handle, hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
237 
238  // Get the indentity data before updating the collections since the
239  // accessor methods may throw.
240  String databasePath = hashDb.getDatabasePath();
241  String indexPath = hashDb.getIndexPath();
242 
243  // Update the collections used to ensure that hash set names are unique
244  // and the same database is not added to the configuration more than once.
245  hashSetNames.add(hashDb.getHashSetName());
246  if (!databasePath.equals("None")) { //NON-NLS
247  hashSetPaths.add(databasePath);
248  }
249  if (!indexPath.equals("None")) { //NON-NLS
250  hashSetPaths.add(indexPath);
251  }
252 
253  // Add the hash database to the appropriate collection for its type.
254  if (hashDb.getKnownFilesType() == HashDb.KnownFilesType.KNOWN) {
255  knownHashSets.add(hashDb);
256  } else {
257  knownBadHashSets.add(hashDb);
258  }
259 
260  // Let any external listeners know that there's a new set
261  try {
262  changeSupport.firePropertyChange(SetEvt.DB_ADDED.toString(), null, hashSetName);
263  } catch (Exception e) {
264  logger.log(Level.SEVERE, "HashDbManager listener threw exception", e); //NON-NLS
265  MessageNotifyUtil.Notify.show(
266  NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErr"),
267  NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErrorListeningToUpdatesMsg"),
268  MessageNotifyUtil.MessageType.ERROR);
269  }
270  return hashDb;
271  }
272 
273  synchronized void indexHashDatabase(HashDb hashDb) {
274  hashDb.addPropertyChangeListener(this);
275  HashDbIndexer creator = new HashDbIndexer(hashDb);
276  creator.execute();
277  }
278 
279  @Override
280  public void propertyChange(PropertyChangeEvent event) {
281  if (event.getPropertyName().equals(HashDb.Event.INDEXING_DONE.name())) {
282  HashDb hashDb = (HashDb) event.getNewValue();
283  if (null != hashDb) {
284  try {
285  String indexPath = hashDb.getIndexPath();
286  if (!indexPath.equals("None")) { //NON-NLS
287  hashSetPaths.add(indexPath);
288  }
289  } catch (TskCoreException ex) {
290  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDb.getHashSetName() + " hash database after indexing", ex); //NON-NLS
291  }
292  }
293  }
294  }
295 
304  public synchronized void removeHashDatabase(HashDb hashDb) throws HashDbManagerException {
305  this.removeHashDatabaseNoSave(hashDb);
306  this.save();
307  }
308 
309  public synchronized void removeHashDatabaseNoSave(HashDb hashDb) throws HashDbManagerException {
310  // Don't remove a database if ingest is running
311  boolean ingestIsRunning = IngestManager.getInstance().isIngestRunning();
312  if (ingestIsRunning) {
313  throw new HashDbManagerException(NbBundle.getMessage(this.getClass(), "HashDbManager.ingestRunningExceptionMsg"));
314  }
315  // Remove the database from whichever hash set list it occupies,
316  // and remove its hash set name from the hash set used to ensure unique
317  // hash set names are used, before undertaking These operations will succeed and constitute
318  // a mostly effective removal, even if the subsequent operations fail.
319  String hashSetName = hashDb.getHashSetName();
320  knownHashSets.remove(hashDb);
321  knownBadHashSets.remove(hashDb);
322  hashSetNames.remove(hashSetName);
323 
324  // Now undertake the operations that could throw.
325  try {
326  hashSetPaths.remove(hashDb.getIndexPath());
327  } catch (TskCoreException ex) {
328  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDb.getHashSetName() + " hash database when removing the database", ex); //NON-NLS
329  }
330  try {
331  if (!hashDb.hasIndexOnly()) {
332  hashSetPaths.remove(hashDb.getDatabasePath());
333  }
334  } catch (TskCoreException ex) {
335  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting database path of " + hashDb.getHashSetName() + " hash database when removing the database", ex); //NON-NLS
336  }
337  try {
338  hashDb.close();
339  } catch (TskCoreException ex) {
340  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + hashDb.getHashSetName() + " hash database when removing the database", ex); //NON-NLS
341  }
342 
343  // Let any external listeners know that a set has been deleted
344  try {
345  changeSupport.firePropertyChange(SetEvt.DB_DELETED.toString(), null, hashSetName);
346  } catch (Exception e) {
347  logger.log(Level.SEVERE, "HashDbManager listener threw exception", e); //NON-NLS
348  MessageNotifyUtil.Notify.show(
349  NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErr"),
350  NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErrorListeningToUpdatesMsg"),
351  MessageNotifyUtil.MessageType.ERROR);
352  }
353  }
354 
355  void save() throws HashDbManagerException {
356  try {
357  if (!HashLookupSettings.writeSettings(new HashLookupSettings(this.knownHashSets, this.knownBadHashSets))) {
358  throw new HashDbManagerException(NbBundle.getMessage(this.getClass(), "HashDbManager.saveErrorExceptionMsg"));
359  }
360  } catch (HashLookupSettings.HashLookupSettingsException ex) {
361  throw new HashDbManagerException(NbBundle.getMessage(this.getClass(), "HashDbManager.saveErrorExceptionMsg"));
362  }
363  }
364 
371  public synchronized List<HashDb> getAllHashSets() {
372  List<HashDb> hashDbs = new ArrayList<>();
373  hashDbs.addAll(knownHashSets);
374  hashDbs.addAll(knownBadHashSets);
375  return hashDbs;
376  }
377 
383  public synchronized List<HashDb> getKnownFileHashSets() {
384  List<HashDb> hashDbs = new ArrayList<>();
385  hashDbs.addAll(knownHashSets);
386  return hashDbs;
387  }
388 
394  public synchronized List<HashDb> getKnownBadFileHashSets() {
395  List<HashDb> hashDbs = new ArrayList<>();
396  hashDbs.addAll(knownBadHashSets);
397  return hashDbs;
398  }
399 
405  public synchronized List<HashDb> getUpdateableHashSets() {
406  List<HashDb> updateableDbs = getUpdateableHashSets(knownHashSets);
407  updateableDbs.addAll(getUpdateableHashSets(knownBadHashSets));
408  return updateableDbs;
409  }
410 
411  private List<HashDb> getUpdateableHashSets(List<HashDb> hashDbs) {
412  ArrayList<HashDb> updateableDbs = new ArrayList<>();
413  for (HashDb db : hashDbs) {
414  try {
415  if (db.isUpdateable()) {
416  updateableDbs.add(db);
417  }
418  } catch (TskCoreException ex) {
419  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error checking updateable status of " + db.getHashSetName() + " hash database", ex); //NON-NLS
420  }
421  }
422  return updateableDbs;
423  }
424 
429  public synchronized void loadLastSavedConfiguration() {
430  closeHashDatabases(knownHashSets);
431  closeHashDatabases(knownBadHashSets);
432  hashSetNames.clear();
433  hashSetPaths.clear();
434 
435  loadHashsetsConfiguration();
436  }
437 
438  private void closeHashDatabases(List<HashDb> hashDatabases) {
439  for (HashDb database : hashDatabases) {
440  try {
441  database.close();
442  } catch (TskCoreException ex) {
443  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + database.getHashSetName() + " hash database", ex); //NON-NLS
444  }
445  }
446  hashDatabases.clear();
447  }
448 
449  private void loadHashsetsConfiguration() {
450  try {
451  HashLookupSettings settings = HashLookupSettings.readSettings();
452  this.configureSettings(settings);
453  } catch (HashLookupSettings.HashLookupSettingsException ex) {
454  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Could not read Hash lookup settings from disk.", ex);
455  }
456  }
457 
464  @Messages({"# {0} - database name", "HashDbManager.noDbPath.message=Couldn't get valid database path for: {0}"})
465  private void configureSettings(HashLookupSettings settings) {
466  allDatabasesLoadedCorrectly = true;
467  List<HashDbInfo> hashDbInfoList = settings.getHashDbInfo();
468  for (HashDbInfo hashDb : hashDbInfoList) {
469  try {
470  String dbPath = this.getValidFilePath(hashDb.getHashSetName(), hashDb.getPath());
471  if (dbPath != null) {
472  addHashDatabase(SleuthkitJNI.openHashDatabase(dbPath), hashDb.getHashSetName(), hashDb.getSearchDuringIngest(), hashDb.getSendIngestMessages(), hashDb.getKnownFilesType());
473  } else {
474  logger.log(Level.WARNING, Bundle.HashDbManager_noDbPath_message(hashDb.getHashSetName()));
475  allDatabasesLoadedCorrectly = false;
476  }
477  } catch (TskCoreException ex) {
478  Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error opening hash database", ex); //NON-NLS
479  JOptionPane.showMessageDialog(null,
480  NbBundle.getMessage(this.getClass(),
481  "HashDbManager.unableToOpenHashDbMsg", hashDb.getHashSetName()),
482  NbBundle.getMessage(this.getClass(), "HashDbManager.openHashDbErr"),
483  JOptionPane.ERROR_MESSAGE);
484  allDatabasesLoadedCorrectly = false;
485  }
486  }
487 
488  /* NOTE: When RuntimeProperties.coreComponentsAreActive() is "false",
489  I don't think we should overwrite hash db settings file because we
490  were unable to load a database. The user should have to fix the issue or
491  remove the database from settings. Overwiting the settings effectively removes
492  the database from HashLookupSettings and the user may not know about this
493  because the dialogs are not being displayed. The next time user starts Autopsy, HashDB
494  will load without errors and the user may think that the problem was solved.*/
495  if (!allDatabasesLoadedCorrectly && RuntimeProperties.coreComponentsAreActive()) {
496  try {
497  HashLookupSettings.writeSettings(new HashLookupSettings(this.knownHashSets, this.knownBadHashSets));
498  allDatabasesLoadedCorrectly = true;
499  } catch (HashLookupSettings.HashLookupSettingsException ex) {
500  allDatabasesLoadedCorrectly = false;
501  logger.log(Level.SEVERE, "Could not overwrite hash database settings.", ex);
502  }
503  }
504  }
505 
506  private String getValidFilePath(String hashSetName, String configuredPath) {
507  // Check the configured path.
508  File database = new File(configuredPath);
509  if (database.exists()) {
510  return configuredPath;
511  }
512 
513  // Give the user an opportunity to find the desired file.
514  String newPath = null;
515  if (RuntimeProperties.coreComponentsAreActive() &&
516  JOptionPane.showConfirmDialog(null,
517  NbBundle.getMessage(this.getClass(), "HashDbManager.dlgMsg.dbNotFoundAtLoc",
518  hashSetName, configuredPath),
519  NbBundle.getMessage(this.getClass(), "HashDbManager.dlgTitle.MissingDb"),
520  JOptionPane.YES_NO_OPTION) == JOptionPane.YES_OPTION) {
521  newPath = searchForFile();
522  if (null != newPath && !newPath.isEmpty()) {
523  database = new File(newPath);
524  if (!database.exists()) {
525  newPath = null;
526  }
527  }
528  }
529  return newPath;
530  }
531 
532  private String searchForFile() {
533  String filePath = null;
534  JFileChooser fc = new JFileChooser();
535  fc.setDragEnabled(false);
536  fc.setFileSelectionMode(JFileChooser.FILES_ONLY);
537  String[] EXTENSION = new String[]{"txt", "idx", "hash", "Hash", "kdb"}; //NON-NLS
538  FileNameExtensionFilter filter = new FileNameExtensionFilter(
539  NbBundle.getMessage(this.getClass(), "HashDbManager.fileNameExtensionFilter.title"), EXTENSION);
540  fc.setFileFilter(filter);
541  fc.setMultiSelectionEnabled(false);
542  if (fc.showOpenDialog(null) == JFileChooser.APPROVE_OPTION) {
543  File f = fc.getSelectedFile();
544  try {
545  filePath = f.getCanonicalPath();
546  } catch (IOException ex) {
547  Logger.getLogger(HashDbManager.class.getName()).log(Level.WARNING, "Couldn't get selected file path", ex); //NON-NLS
548  }
549  }
550  return filePath;
551  }
552 
557  public static class HashDb {
558 
563  public enum KnownFilesType {
564 
565  KNOWN(NbBundle.getMessage(HashDbManager.class, "HashDbManager.known.text")),
566  KNOWN_BAD(NbBundle.getMessage(HashDbManager.class, "HashDbManager.knownBad.text"));
567  private final String displayName;
568 
569  private KnownFilesType(String displayName) {
570  this.displayName = displayName;
571  }
572 
573  public String getDisplayName() {
574  return this.displayName;
575  }
576  }
577 
581  public enum Event {
582 
583  INDEXING_DONE
584  }
585  private static final long serialVersionUID = 1L;
586  private final int handle;
587  private final String hashSetName;
588  private boolean searchDuringIngest;
589  private boolean sendIngestMessages;
590  private final KnownFilesType knownFilesType;
591  private boolean indexing;
592  private final PropertyChangeSupport propertyChangeSupport = new PropertyChangeSupport(this);
593 
594  private HashDb(int handle, String hashSetName, boolean useForIngest, boolean sendHitMessages, KnownFilesType knownFilesType) {
595  this.handle = handle;
596  this.hashSetName = hashSetName;
597  this.searchDuringIngest = useForIngest;
598  this.sendIngestMessages = sendHitMessages;
599  this.knownFilesType = knownFilesType;
600  this.indexing = false;
601  }
602 
608  public void addPropertyChangeListener(PropertyChangeListener pcl) {
609  propertyChangeSupport.addPropertyChangeListener(pcl);
610  }
611 
617  public void removePropertyChangeListener(PropertyChangeListener pcl) {
618  propertyChangeSupport.removePropertyChangeListener(pcl);
619  }
620 
621  public String getHashSetName() {
622  return hashSetName;
623  }
624 
625  public String getDatabasePath() throws TskCoreException {
626  return SleuthkitJNI.getHashDatabasePath(handle);
627  }
628 
629  public String getIndexPath() throws TskCoreException {
630  return SleuthkitJNI.getHashDatabaseIndexPath(handle);
631  }
632 
633  public KnownFilesType getKnownFilesType() {
634  return knownFilesType;
635  }
636 
637  public boolean getSearchDuringIngest() {
638  return searchDuringIngest;
639  }
640 
641  void setSearchDuringIngest(boolean useForIngest) {
642  this.searchDuringIngest = useForIngest;
643  }
644 
645  public boolean getSendIngestMessages() {
646  return sendIngestMessages;
647  }
648 
649  void setSendIngestMessages(boolean showInboxMessages) {
650  this.sendIngestMessages = showInboxMessages;
651  }
652 
660  public boolean isUpdateable() throws TskCoreException {
661  return SleuthkitJNI.isUpdateableHashDatabase(this.handle);
662  }
663 
672  public void addHashes(Content content) throws TskCoreException {
673  addHashes(content, null);
674  }
675 
686  public void addHashes(Content content, String comment) throws TskCoreException {
687  // This only works for AbstractFiles and MD5 hashes at present.
688  assert content instanceof AbstractFile;
689  if (content instanceof AbstractFile) {
690  AbstractFile file = (AbstractFile) content;
691  if (null != file.getMd5Hash()) {
692  SleuthkitJNI.addToHashDatabase(null, file.getMd5Hash(), null, null, comment, handle);
693  }
694  }
695  }
696 
704  public void addHashes(List<HashEntry> hashes) throws TskCoreException {
705  SleuthkitJNI.addToHashDatabase(hashes, handle);
706  }
707 
717  public boolean lookupMD5Quick(Content content) throws TskCoreException {
718  boolean result = false;
719  assert content instanceof AbstractFile;
720  if (content instanceof AbstractFile) {
721  AbstractFile file = (AbstractFile) content;
722  if (null != file.getMd5Hash()) {
723  result = SleuthkitJNI.lookupInHashDatabase(file.getMd5Hash(), handle);
724  }
725  }
726  return result;
727  }
728 
738  public HashHitInfo lookupMD5(Content content) throws TskCoreException {
739  HashHitInfo result = null;
740  // This only works for AbstractFiles and MD5 hashes at present.
741  assert content instanceof AbstractFile;
742  if (content instanceof AbstractFile) {
743  AbstractFile file = (AbstractFile) content;
744  if (null != file.getMd5Hash()) {
745  result = SleuthkitJNI.lookupInHashDatabaseVerbose(file.getMd5Hash(), handle);
746  }
747  }
748  return result;
749  }
750 
751  boolean hasIndex() throws TskCoreException {
752  return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
753  }
754 
755  public boolean hasIndexOnly() throws TskCoreException {
756  return SleuthkitJNI.hashDatabaseIsIndexOnly(handle);
757  }
758 
759  boolean canBeReIndexed() throws TskCoreException {
760  return SleuthkitJNI.hashDatabaseCanBeReindexed(handle);
761  }
762 
763  boolean isIndexing() {
764  return indexing;
765  }
766 
767  private void close() throws TskCoreException {
768  SleuthkitJNI.closeHashDatabase(handle);
769  }
770 
771  @Override
772  public int hashCode() {
773  int code = 23;
774  code = 47 * code + Integer.hashCode(handle);
775  code = 47 * code + Objects.hashCode(this.hashSetName);
776  code = 47 * code + Objects.hashCode(this.propertyChangeSupport);
777  code = 47 * code + Objects.hashCode(this.knownFilesType);
778  return code;
779  }
780 
781  @Override
782  public boolean equals(Object obj) {
783  if (obj == null) {
784  return false;
785  }
786  if (getClass() != obj.getClass()) {
787  return false;
788  }
789  final HashDb other = (HashDb) obj;
790  if (!Objects.equals(this.hashSetName, other.hashSetName)) {
791  return false;
792  }
793  if (this.searchDuringIngest != other.searchDuringIngest) {
794  return false;
795  }
796  if (this.sendIngestMessages != other.sendIngestMessages) {
797  return false;
798  }
799  if (this.knownFilesType != other.knownFilesType) {
800  return false;
801  }
802  return true;
803  }
804  }
805 
809  private class HashDbIndexer extends SwingWorker<Object, Void> {
810 
811  private ProgressHandle progress = null;
812  private HashDb hashDb = null;
813 
814  HashDbIndexer(HashDb hashDb) {
815  this.hashDb = hashDb;
816  }
817 
818  ;
819 
820  @Override
821  protected Object doInBackground() {
822  hashDb.indexing = true;
823  progress = ProgressHandle.createHandle(
824  NbBundle.getMessage(this.getClass(), "HashDbManager.progress.indexingHashSet", hashDb.hashSetName));
825  progress.start();
826  progress.switchToIndeterminate();
827  try {
828  SleuthkitJNI.createLookupIndexForHashDatabase(hashDb.handle);
829  } catch (TskCoreException ex) {
830  Logger.getLogger(HashDb.class.getName()).log(Level.SEVERE, "Error indexing hash database", ex); //NON-NLS
831  JOptionPane.showMessageDialog(null,
832  NbBundle.getMessage(this.getClass(),
833  "HashDbManager.dlgMsg.errorIndexingHashSet",
834  hashDb.getHashSetName()),
835  NbBundle.getMessage(this.getClass(), "HashDbManager.hashDbIndexingErr"),
836  JOptionPane.ERROR_MESSAGE);
837  }
838  return null;
839  }
840 
841  @Override
842  protected void done() {
843  hashDb.indexing = false;
844  progress.finish();
845 
846  // see if we got any errors
847  try {
848  get();
849  } catch (InterruptedException | ExecutionException ex) {
850  logger.log(Level.SEVERE, "Error creating index", ex); //NON-NLS
851  MessageNotifyUtil.Notify.show(
852  NbBundle.getMessage(this.getClass(), "HashDbManager.errCreatingIndex.title"),
853  NbBundle.getMessage(this.getClass(), "HashDbManager.errCreatingIndex.msg", ex.getMessage()),
854  MessageNotifyUtil.MessageType.ERROR);
855  } // catch and ignore if we were cancelled
856  catch (java.util.concurrent.CancellationException ex) {
857  }
858 
859  try {
860  hashDb.propertyChangeSupport.firePropertyChange(HashDb.Event.INDEXING_DONE.toString(), null, hashDb);
861  hashDb.propertyChangeSupport.firePropertyChange(HashDbManager.SetEvt.DB_INDEXED.toString(), null, hashDb.getHashSetName());
862  } catch (Exception e) {
863  logger.log(Level.SEVERE, "HashDbManager listener threw exception", e); //NON-NLS
864  MessageNotifyUtil.Notify.show(
865  NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErr"),
866  NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErrorListeningToUpdatesMsg"),
867  MessageNotifyUtil.MessageType.ERROR);
868  }
869  }
870  }
871 }
org.sleuthkit.autopsy.ingest.IngestManager.getInstance
static synchronized IngestManager getInstance()
Definition: IngestManager.java:234
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener
synchronized void addPropertyChangeListener(PropertyChangeListener listener)
Definition: HashDbManager.java:91
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase
HashDb addHashDatabase(int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
Definition: HashDbManager.java:234
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets
List< HashDb > getUpdateableHashSets(List< HashDb > hashDbs)
Definition: HashDbManager.java:411
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave
synchronized HashDb addNewHashDatabaseNoSave(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
Definition: HashDbManager.java:206
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave
synchronized void removeHashDatabaseNoSave(HashDb hashDb)
Definition: HashDbManager.java:309
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath
String getValidFilePath(String hashSetName, String configuredPath)
Definition: HashDbManager.java:506
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase
synchronized HashDb addNewHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
Definition: HashDbManager.java:195
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener
synchronized void removePropertyChangeListener(PropertyChangeListener listener)
Definition: HashDbManager.java:95
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases
void closeHashDatabases(List< HashDb > hashDatabases)
Definition: HashDbManager.java:438
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:161
org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show
static void show(String title, String message, MessageType type, ActionListener actionListener)
Definition: MessageNotifyUtil.java:188
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.HashDb
HashDb(int handle, String hashSetName, boolean useForIngest, boolean sendHitMessages, KnownFilesType knownFilesType)
Definition: HashDbManager.java:594
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase
synchronized HashDb addExistingHashDatabase(String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType)
Definition: HashDbManager.java:148

Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.