19 package org.sleuthkit.autopsy.centralrepository.application;
21 import java.io.BufferedWriter;
23 import java.io.IOException;
24 import java.nio.file.Files;
25 import java.text.DateFormat;
26 import java.text.ParseException;
27 import java.text.SimpleDateFormat;
28 import java.util.Collection;
29 import java.util.Collections;
30 import java.util.HashMap;
31 import java.util.List;
32 import java.util.Locale;
34 import java.util.Optional;
35 import java.util.logging.Level;
36 import org.apache.commons.lang3.StringUtils;
37 import org.joda.time.DateTimeZone;
38 import org.joda.time.LocalDateTime;
39 import org.openide.nodes.Node;
40 import org.openide.util.NbBundle;
79 Optional<String> osAccountAddr = osAccount.getAddr();
80 if (osAccountAddr.isPresent()) {
82 for (OsAccountInstance instance : osAccount.getOsAccountInstances()) {
84 if (!correlationAttributeInstances.isEmpty()) {
85 return correlationAttributeInstances;
88 }
catch (TskCoreException ex) {
89 logger.log(Level.INFO, String.format(
"Unable to check create CorrelationAttribtueInstance for osAccount %s.", osAccountAddr.get()), ex);
92 return Collections.emptyList();
110 String caseUUID = openCase.
getName();
111 HashMap<UniquePathKey, NodeData> nodeDataMap =
new HashMap<>();
124 if (artifactInstance.getCorrelationCase().getCaseUUID().equals(caseUUID)
125 && (!StringUtils.isBlank(dataSourceName) && artifactInstance.getCorrelationDataSource().getName().equals(dataSourceName))
126 && (!StringUtils.isBlank(deviceId) && artifactInstance.getCorrelationDataSource().getDeviceID().equals(deviceId))) {
127 Long foundObjectId = artifactInstance.getFileObjectId();
129 if (foundObjectId != null && currentObjectId != null && foundObjectId.equals(currentObjectId)) {
135 nodeDataMap.put(uniquePathKey, newNode);
140 logger.log(Level.SEVERE,
"Error getting artifact instances from database.", ex);
142 logger.log(Level.INFO,
"Error getting artifact instances from database.", ex);
144 logger.log(Level.SEVERE,
"Exception while getting open case.", ex);
147 return new HashMap<>(
167 if (newNode.
getKnown() != TskData.FileKnown.BAD) {
168 List<ContentTag> fileMatchTags = autopsyCase.getServices().getTagsManager().getContentTagsByContent(newFile);
169 for (ContentTag tag : fileMatchTags) {
170 TskData.FileKnown tagKnownStatus = tag.getName().getKnownStatus();
171 if (tagKnownStatus.equals(TskData.FileKnown.BAD)) {
172 newNode.updateKnown(TskData.FileKnown.BAD);
184 if (nodeDataMap.containsKey(uniquePathKey)) {
185 if (newNode.
getKnown() == TskData.FileKnown.BAD) {
186 NodeData prevInstance = nodeDataMap.get(uniquePathKey);
187 prevInstance.updateKnown(newNode.
getKnown());
190 nodeDataMap.put(uniquePathKey, newNode);
199 return caseUUID + deviceId + dataSourceName;
207 String dateStringDisplay =
"";
210 LocalDateTime earliestDate = LocalDateTime.now(DateTimeZone.UTC);
211 DateFormat datetimeFormat =
new SimpleDateFormat(
"yyyy/MM/dd HH:mm:ss", Locale.US);
213 List<CorrelationCase> cases = dbManager.
getCases();
215 LocalDateTime caseDate;
217 caseDate = LocalDateTime.fromDateFields(datetimeFormat.parse(aCase.getCreationDate()));
219 if (caseDate.isBefore(earliestDate)) {
220 earliestDate = caseDate;
221 dateStringDisplay = aCase.getCreationDate();
223 }
catch (ParseException ex) {
224 throw new CentralRepoException(
"Failed to format case creation date " + aCase.getCreationDate(), ex);
229 return dateStringDisplay;
233 "OtherOccurrences.csvHeader.case=Case",
234 "OtherOccurrences.csvHeader.device=Device",
235 "OtherOccurrences.csvHeader.dataSource=Data Source",
236 "OtherOccurrences.csvHeader.attribute=Matched Attribute",
237 "OtherOccurrences.csvHeader.value=Attribute Value",
238 "OtherOccurrences.csvHeader.known=Known",
239 "OtherOccurrences.csvHeader.path=Path",
240 "OtherOccurrences.csvHeader.comment=Comment"
254 public static void writeOtherOccurrencesToFileAsCSV(File destFile, Collection<CorrelationAttributeInstance> correlationAttList, String dataSourceName, String deviceId)
throws IOException {
255 try (BufferedWriter writer = Files.newBufferedWriter(destFile.toPath())) {
257 StringBuilder headers =
new StringBuilder(
"\"");
258 headers.append(Bundle.OtherOccurrences_csvHeader_case())
265 .append(
'"').append(System.getProperty(
"line.separator"));
266 writer.write(headers.toString());
269 Map<UniquePathKey, NodeData> correlatedNodeDataMap =
new HashMap<>(0);
272 for (
NodeData nodeData : correlatedNodeDataMap.values()) {
273 writer.write(nodeData.toCsvString());
static void writeOtherOccurrencesToFileAsCSV(File destFile, Collection< CorrelationAttributeInstance > correlationAttList, String dataSourceName, String deviceId)
List< CorrelationCase > getCases()
static String getEarliestCaseDate()
static Map< UniquePathKey, NodeData > getCorrelatedInstances(String deviceId, String dataSourceName, CorrelationAttributeInstance corAttr)
static final Logger logger
static Collection< CorrelationAttributeInstance > getCorrelationAttributeFromOsAccount(Node node, OsAccount osAccount)
String getCorrelationValue()
TskData.FileKnown getKnown()
Type getCorrelationType()
static List< CorrelationAttributeInstance > makeCorrAttrsForSearch(AnalysisResult analysisResult)
static String getCsvItemSeparator()
static final String UUID_PLACEHOLDER_STRING
List< CorrelationAttributeInstance > getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type type, String value)
synchronized static Logger getLogger(String name)
static void addOrUpdateNodeData(final Case autopsyCase, Map< UniquePathKey, NodeData > nodeDataMap, AbstractFile newFile)
static Case getCurrentCaseThrows()
static String makeDataSourceString(String caseUUID, String deviceId, String dataSourceName)
static String getPlaceholderUUID()
static CentralRepository getInstance()
static boolean isEnabled()