Autopsy  4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
ContainerSummary.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2020-2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datasourcesummary.datamodel;
20 
21 import java.sql.SQLException;
22 import java.util.ArrayList;
23 import java.util.Arrays;
24 import java.util.Collections;
25 import java.util.List;
27 import org.sleuthkit.datamodel.BlackboardArtifact;
28 import org.sleuthkit.datamodel.BlackboardAttribute;
29 import org.sleuthkit.datamodel.DataSource;
30 import org.sleuthkit.datamodel.Image;
31 import org.sleuthkit.datamodel.TskCoreException;
32 import org.sleuthkit.datamodel.TskData;
33 
37 public class ContainerSummary {
38 
40 
44  public ContainerSummary() {
46  }
47 
54  this.provider = provider;
55  }
56 
68  public Long getSizeOfUnallocatedFiles(DataSource currentDataSource)
69  throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException, SQLException {
70  if (currentDataSource == null) {
71  return null;
72  }
73 
74  final String valueParam = "value";
75  final String countParam = "count";
76  String query = "SELECT SUM(size) AS " + valueParam + ", COUNT(*) AS " + countParam
77  + " FROM tsk_files"
78  + " WHERE " + DataSourceInfoUtilities.getMetaFlagsContainsStatement(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)
79  + " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType()
80  + " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()
81  + " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue()
82  + " AND name<>''"
83  + " AND data_source_obj_id=" + currentDataSource.getId();
84 
85  DataSourceInfoUtilities.ResultSetHandler<Long> handler = (resultSet) -> {
86  if (resultSet.next()) {
87  // ensure that there is an unallocated count result that is attached to this data source
88  long resultCount = resultSet.getLong(valueParam);
89  return (resultCount > 0) ? resultSet.getLong(valueParam) : null;
90  } else {
91  return null;
92  }
93  };
94 
95  return DataSourceInfoUtilities.getBaseQueryResult(provider.get(), query, handler);
96  }
97 
111  public String getOperatingSystems(DataSource dataSource)
112  throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException, SQLException {
113 
114  if (dataSource == null) {
115  return null;
116  }
117 
118  return getConcattedAttrValue(dataSource.getId(),
119  BlackboardArtifact.ARTIFACT_TYPE.TSK_OS_INFO.getTypeID(),
120  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID());
121  }
122 
136  public String getDataSourceType(DataSource dataSource)
137  throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException, SQLException {
138 
139  if (dataSource == null) {
140  return null;
141  }
142 
143  return getConcattedAttrValue(dataSource.getId(),
144  BlackboardArtifact.ARTIFACT_TYPE.TSK_DATA_SOURCE_USAGE.getTypeID(),
145  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION.getTypeID());
146  }
147 
163  private String getConcattedStringsResult(String query, String valueParam, String separator)
164  throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException, SQLException {
165 
166  DataSourceInfoUtilities.ResultSetHandler<String> handler = (resultSet) -> {
167  String toRet = "";
168  boolean first = true;
169  while (resultSet.next()) {
170  if (first) {
171  first = false;
172  } else {
173  toRet += separator;
174  }
175  toRet += resultSet.getString(valueParam);
176  }
177 
178  return toRet;
179  };
180 
181  return DataSourceInfoUtilities.getBaseQueryResult(provider.get(), query, handler);
182  }
183 
199  private String getConcattedAttrValue(long dataSourceId, int artifactTypeId, int attributeTypeId)
200  throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException, SQLException {
201 
202  final String valueParam = "concatted_attribute_value";
203  String query = "SELECT attr.value_text AS " + valueParam
204  + " FROM blackboard_artifacts bba "
205  + " INNER JOIN blackboard_attributes attr ON bba.artifact_id = attr.artifact_id "
206  + " WHERE bba.data_source_obj_id = " + dataSourceId
207  + " AND bba.artifact_type_id = " + artifactTypeId
208  + " AND attr.attribute_type_id = " + attributeTypeId;
209 
210  String separator = ", ";
211  return getConcattedStringsResult(query, valueParam, separator);
212  }
213 
217  public static class ImageDetails {
218 
219  private final Long unallocatedSize;
220  private final long size;
221  private final long sectorSize;
222 
223  private final String timeZone;
224  private final String imageType;
225 
226  private final List<String> paths;
227  private final String md5Hash;
228  private final String sha1Hash;
229  private final String sha256Hash;
230 
245  ImageDetails(Long unallocatedSize, long size, long sectorSize,
246  String timeZone, String imageType, List<String> paths, String md5Hash,
247  String sha1Hash, String sha256Hash) {
248  this.unallocatedSize = unallocatedSize;
249  this.size = size;
250  this.sectorSize = sectorSize;
251  this.timeZone = timeZone;
252  this.imageType = imageType;
253  this.paths = paths == null ? Collections.emptyList() : new ArrayList<>(paths);
254  this.md5Hash = md5Hash;
255  this.sha1Hash = sha1Hash;
256  this.sha256Hash = sha256Hash;
257  }
258 
263  public Long getUnallocatedSize() {
264  return unallocatedSize;
265  }
266 
270  public long getSize() {
271  return size;
272  }
273 
277  public long getSectorSize() {
278  return sectorSize;
279  }
280 
284  public String getTimeZone() {
285  return timeZone;
286  }
287 
291  public String getImageType() {
292  return imageType;
293  }
294 
298  public List<String> getPaths() {
299  return Collections.unmodifiableList(paths);
300  }
301 
305  public String getMd5Hash() {
306  return md5Hash;
307  }
308 
312  public String getSha1Hash() {
313  return sha1Hash;
314  }
315 
319  public String getSha256Hash() {
320  return sha256Hash;
321  }
322  }
323 
327  public static class ContainerDetails {
328 
329  private final String displayName;
330  private final String originalName;
331  private final String deviceIdValue;
332  private final String acquisitionDetails;
333  private final ImageDetails imageDetails;
334 
347  ContainerDetails(String displayName, String originalName, String deviceIdValue,
348  String acquisitionDetails, ImageDetails imageDetails) {
349  this.displayName = displayName;
350  this.originalName = originalName;
351  this.deviceIdValue = deviceIdValue;
352  this.acquisitionDetails = acquisitionDetails;
353  this.imageDetails = imageDetails;
354  }
355 
359  public String getDisplayName() {
360  return displayName;
361  }
362 
366  public String getOriginalName() {
367  return originalName;
368  }
369 
373  public String getDeviceId() {
374  return deviceIdValue;
375  }
376 
380  public String getAcquisitionDetails() {
381  return acquisitionDetails;
382  }
383 
389  return imageDetails;
390  }
391  }
392 
401  public ContainerDetails getContainerDetails(DataSource ds) throws TskCoreException, SQLException, SleuthkitCaseProvider.SleuthkitCaseProviderException {
402  if (ds == null) {
403  return null;
404  }
405 
406  return new ContainerDetails(
407  ds.getName(),
408  ds.getName(),
409  ds.getDeviceId(),
410  ds.getAcquisitionDetails(),
411  ds instanceof Image ? getImageDetails((Image) ds) : null
412  );
413  }
414 
422  public ImageDetails getImageDetails(Image image) throws TskCoreException, SQLException, SleuthkitCaseProvider.SleuthkitCaseProviderException {
423  if (image == null) {
424  return null;
425  }
426 
427  Long unallocSize = getSizeOfUnallocatedFiles(image);
428  String imageType = image.getType().getName();
429  long size = image.getSize();
430  long sectorSize = image.getSsize();
431  String timeZone = image.getTimeZone();
432  List<String> paths = image.getPaths() == null ? Collections.emptyList() : Arrays.asList(image.getPaths());
433  String md5 = image.getMd5();
434  String sha1 = image.getSha1();
435  String sha256 = image.getSha256();
436 
437  return new ImageDetails(unallocSize, size, sectorSize, timeZone, imageType, paths, md5, sha1, sha256);
438  }
439 }
String getConcattedAttrValue(long dataSourceId, int artifactTypeId, int attributeTypeId)
String getConcattedStringsResult(String query, String valueParam, String separator)

Copyright © 2012-2022 Basis Technology. Generated on: Fri Oct 7 2022
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.