Autopsy  4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
MessageArtifactWorker.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.contentviewers.artifactviewers;
20 
21 import java.util.Collection;
22 import java.util.HashMap;
23 import java.util.HashSet;
24 import java.util.Map;
25 import java.util.Optional;
26 import java.util.Set;
27 import java.util.logging.Level;
28 import javax.swing.SwingWorker;
30 import org.sleuthkit.datamodel.AbstractFile;
31 import org.sleuthkit.datamodel.BlackboardArtifact;
32 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT;
33 import org.sleuthkit.datamodel.BlackboardAttribute;
34 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT;
35 import org.sleuthkit.datamodel.Content;
36 import org.sleuthkit.datamodel.TskCoreException;
37 import org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil;
38 import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
39 
44 class MessageArtifactWorker extends SwingWorker<MessageArtifactWorker.MesssageArtifactData, Void> {
45 
46  private BlackboardArtifact artifact;
47  private static final Logger logger = Logger.getLogger(MessageArtifactWorker.class.getName());
48 
49  private static final BlackboardAttribute.Type TSK_ASSOCIATED_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT);
50 
51  MessageArtifactWorker(BlackboardArtifact artifact) {
52  this.artifact = artifact;
53  }
54 
55  @Override
56  protected MesssageArtifactData doInBackground() throws Exception {
57  /*
58  * If the artifact is a keyword hit, use the associated artifact as the
59  * one to show in this viewer
60  */
61  if (artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) {
62  try {
63  getAssociatedArtifact(artifact).ifPresent(associatedArtifact -> {
64  this.artifact = associatedArtifact;
65  });
66  } catch (TskCoreException ex) {
67  logger.log(Level.SEVERE, "error getting associated artifact", ex);
68  }
69  }
70 
71  Map<BlackboardAttribute.Type, BlackboardAttribute> map = getAttributesForArtifact(artifact);
72  Set<MessageAttachments.Attachment> attachements = getAttachments(artifact);
73 
74  if (isCancelled()) {
75  return null;
76  }
77 
78  return new MesssageArtifactData(artifact, map, attachements);
79  }
80 
90  static private Map<BlackboardAttribute.Type, BlackboardAttribute> getAttributesForArtifact(BlackboardArtifact artifact) throws TskCoreException {
91  Map<BlackboardAttribute.Type, BlackboardAttribute> attributeMap = new HashMap<>();
92  for (BlackboardAttribute attribute : artifact.getAttributes()) {
93  attributeMap.put(attribute.getAttributeType(), attribute);
94  }
95 
96  return attributeMap;
97  }
98 
108  private Set<MessageAttachments.Attachment> getAttachments(BlackboardArtifact art) throws TskCoreException {
109 
110  final Set<MessageAttachments.Attachment> attachments = new HashSet<>();
111 
112  // Attachments are specified in an attribute TSK_ATTACHMENTS as JSON attribute
113  BlackboardAttribute attachmentsAttr = art.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS));
114  if (attachmentsAttr != null) {
115  try {
116  MessageAttachments msgAttachments = BlackboardJsonAttrUtil.fromAttribute(attachmentsAttr, MessageAttachments.class);
117  Collection<MessageAttachments.FileAttachment> fileAttachments = msgAttachments.getFileAttachments();
118  for (MessageAttachments.FileAttachment fileAttachment : fileAttachments) {
119  attachments.add(fileAttachment);
120  }
121  Collection<MessageAttachments.URLAttachment> urlAttachments = msgAttachments.getUrlAttachments();
122  for (MessageAttachments.URLAttachment urlAttachment : urlAttachments) {
123  attachments.add(urlAttachment);
124  }
125  } catch (BlackboardJsonAttrUtil.InvalidJsonException ex) {
126  logger.log(Level.WARNING, String.format("Unable to parse json for MessageAttachments object in artifact: %s", art.getName()), ex);
127  }
128  } else { // For backward compatibility - email attachements are derived files and children of the email message artifact
129  for (Content child : art.getChildren()) {
130  if (child instanceof AbstractFile) {
131  attachments.add(new MessageAttachments.FileAttachment((AbstractFile) child));
132  }
133  }
134  }
135 
136  return attachments;
137  }
138 
149  static Optional<BlackboardArtifact> getAssociatedArtifact(final BlackboardArtifact artifact) throws TskCoreException {
150  BlackboardAttribute attribute = artifact.getAttribute(TSK_ASSOCIATED_TYPE);
151  if (attribute != null) {
152  //in the context of the Message content viewer the associated artifact will always be a data artifact
153  return Optional.of(artifact.getSleuthkitCase().getBlackboard().getDataArtifactById(attribute.getValueLong()));
154  }
155  return Optional.empty();
156  }
157 
161  static class MesssageArtifactData {
162 
163  private final BlackboardArtifact artifact;
164  private final Map<BlackboardAttribute.Type, BlackboardAttribute> attributeMap;
165  private final Set<MessageAttachments.Attachment> attachements;
166 
167  MesssageArtifactData(BlackboardArtifact artifact, Map<BlackboardAttribute.Type, BlackboardAttribute> attributeMap, Set<MessageAttachments.Attachment> attachements) {
168  this.artifact = artifact;
169  this.attributeMap = attributeMap;
170  this.attachements = attachements;
171  }
172 
173  BlackboardArtifact getArtifact() {
174  return artifact;
175  }
176 
177  Map<BlackboardAttribute.Type, BlackboardAttribute> getAttributeMap() {
178  return attributeMap;
179  }
180 
181  Set<MessageAttachments.Attachment> getAttachements() {
182  return attachements;
183  }
184 
193  String getAttributeDisplayString(BlackboardAttribute.ATTRIBUTE_TYPE attributeType) {
194  BlackboardAttribute attribute = attributeMap.get(new BlackboardAttribute.Type(attributeType));
195  if (attribute != null) {
196  return attribute.getDisplayString();
197  }
198 
199  return "";
200  }
201  }
202 }

Copyright © 2012-2022 Basis Technology. Generated on: Tue Oct 4 2022
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.