Autopsy  4.13.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CentralRepoCommonAttributeInstance.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2018 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.commonpropertiessearch;
21 
22 import java.io.File;
23 import java.util.ArrayList;
24 import java.util.List;
25 import java.util.Optional;
26 import java.util.logging.Level;
32 import org.sleuthkit.datamodel.AbstractFile;
33 import org.sleuthkit.datamodel.DataSource;
34 import org.sleuthkit.datamodel.SleuthkitCase;
35 import org.sleuthkit.datamodel.TskCoreException;
36 
43 
44  private static final Logger LOGGER = Logger.getLogger(CentralRepoCommonAttributeInstance.class.getName());
45  private final Integer crFileId;
46  private final NODE_TYPE nodeType;
49 
51  super();
52  this.crFileId = attrInstId;
54  this.nodeType = nodeType;
55  }
56 
57  @Override
59  return this.correlationType;
60  }
61 
62  void setCurrentAttributeInst(CorrelationAttributeInstance attribute) {
63  this.currentAttribute = attribute;
64  }
65 
66  @Override
67  AbstractFile getAbstractFile() {
68  if (this.abstractFile != null) {
69  return this.abstractFile;
70  }
71 
72  Case currentCase;
73  if (this.currentAttribute != null) {
74 
75  final CorrelationAttributeInstance currentAttributeInstance = this.currentAttribute;
76 
77  try {
78  String currentFullPath = currentAttributeInstance.getFilePath();
79  currentCase = Case.getCurrentCaseThrows();
80 
81  // Only attempt to make the abstract file if the attribute is from the current case
82  if (currentCase.getName().equals(currentAttributeInstance.getCorrelationCase().getCaseUUID())) {
83  SleuthkitCase tskDb = currentCase.getSleuthkitCase();
84 
85  // Find the correct data source
86  Optional<DataSource> dataSource = tskDb.getDataSources().stream()
87  .filter(p -> p.getId() == currentAttribute.getCorrelationDataSource().getDataSourceObjectID())
88  .findFirst();
89  if (!dataSource.isPresent()) {
90  LOGGER.log(Level.WARNING, String.format("Unable to find data source with device ID %s in the current case", currentAttribute.getCorrelationDataSource().getDeviceID()));
91  return null;
92  }
93 
94  // First try to find the file in the current case using the file object id
95  // we get from the CR (if available).
96  Long fileId = currentAttribute.getFileObjectId();
97  if (fileId != null && fileId != 0) {
98  AbstractFile file = tskDb.getAbstractFileById(fileId);
99  if (file == null) {
100  LOGGER.log(Level.WARNING, String.format("Failed to find file with id %s in current case. Will attempt to find file based on path.", fileId));
101  } else {
102  this.abstractFile = file;
103  }
104  }
105 
106  if (this.abstractFile == null) {
107  // We failed to find the file using the file id so now we
108  // will try using the file name, parent path and data source id.
109  File fileFromPath = new File(currentFullPath);
110  String fileName = fileFromPath.getName();
111  fileName = SleuthkitCase.escapeSingleQuotes(fileName);
112 
113  // Create the parent path. Make sure not to add a separator if there is already one there.
114  String parentPath = fileFromPath.getParent();
115  if (!parentPath.endsWith(File.separator)) {
116  parentPath += File.separator;
117  }
118  parentPath = parentPath.replace("\\", "/");
119  parentPath = SleuthkitCase.escapeSingleQuotes(parentPath);
120  final String whereClause = String.format("lower(name) = '%s' AND lower(parent_path) = '%s' AND data_source_obj_id = %s", fileName, parentPath, dataSource.get().getId());
121  List<AbstractFile> potentialAbstractFiles = tskDb.findAllFilesWhere(whereClause);
122 
123  if (potentialAbstractFiles.isEmpty()) {
124  LOGGER.log(Level.SEVERE, String.format("Unable to find AbstractFile for record with filePath: %s.", new Object[]{currentAttributeInstance.getFilePath()}));
125  } else if (potentialAbstractFiles.size() > 1) {
126  LOGGER.log(Level.WARNING, String.format("Unable to find an exact match for AbstractFile for record with filePath: %s. May have returned the wrong file.", new Object[]{currentFullPath}));
127  this.abstractFile = potentialAbstractFiles.get(0);
128  } else {
129  this.abstractFile = potentialAbstractFiles.get(0);
130  }
131  }
132  }
133  } catch (TskCoreException | NoCurrentCaseException ex) {
134  LOGGER.log(Level.SEVERE, String.format("Unable to find AbstractFile for record with filePath: %s. Node not created.", new Object[]{currentAttributeInstance.getFilePath()}), ex);
135  }
136  }
137 
138  return this.abstractFile;
139  }
140 
141  @Override
143  List<DisplayableItemNode> attrInstNodeList = new ArrayList<>(0);
144  String currCaseDbName = Case.getCurrentCase().getDisplayName();
145  try {
146  DisplayableItemNode generatedInstNode = AbstractCommonAttributeInstance.createNode(currentAttribute, this.getAbstractFile(), currCaseDbName, nodeType);
147  attrInstNodeList.add(generatedInstNode);
148  } catch (TskCoreException ex) {
149  LOGGER.log(Level.SEVERE, String.format("Unable to get DataSource for record with md5: %s. Node not created.", new Object[]{currentAttribute.getCorrelationValue()}), ex);
150  }
151 
152  return attrInstNodeList.toArray(new DisplayableItemNode[attrInstNodeList.size()]);
153  }
154 }
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

Copyright © 2012-2019 Basis Technology. Generated on: Tue Jan 7 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.