Autopsy  4.20.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Util.java
Go to the documentation of this file.
1  /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2018 Basis Technology Corp.
6  *
7  * Copyright 2012 42six Solutions.
8  * Contact: aebadirad <at> 42six <dot> com
9  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
10  *
11  * Licensed under the Apache License, Version 2.0 (the "License");
12  * you may not use this file except in compliance with the License.
13  * You may obtain a copy of the License at
14  *
15  * http://www.apache.org/licenses/LICENSE-2.0
16  *
17  * Unless required by applicable law or agreed to in writing, software
18  * distributed under the License is distributed on an "AS IS" BASIS,
19  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20  * See the License for the specific language governing permissions and
21  * limitations under the License.
22  */
23 package org.sleuthkit.autopsy.recentactivity;
24 
26 import java.io.File;
27 import java.io.FileInputStream;
28 import java.io.IOException;
29 import java.nio.MappedByteBuffer;
30 import java.nio.channels.FileChannel;
31 import java.nio.charset.Charset;
32 import java.sql.ResultSet;
33 import java.text.SimpleDateFormat;
34 import java.util.Date;
35 import java.util.List;
36 import java.util.logging.Level;
38 import java.util.regex.Matcher;
39 import java.util.regex.Pattern;
43 import org.sleuthkit.datamodel.AbstractFile;
44 import org.sleuthkit.datamodel.Content;
45 import org.sleuthkit.datamodel.TskCoreException;
46 
51 class Util {
52 
53  private static Logger logger = Logger.getLogger(Util.class.getName());
54 
56  private static final long FILETIME_EPOCH_DIFF = 11644473600000L;
57 
59  private static final long FILETIME_ONE_MILLISECOND = 10 * 1000;
60 
61  private Util() {
62  }
63 
64  public static boolean pathexists(String path) {
65  File file = new File(path);
66  boolean exists = file.exists();
67  return exists;
68  }
69 
70  public static String utcConvert(String utc) {
71  SimpleDateFormat formatter = new SimpleDateFormat("MM-dd-yyyy HH:mm");
72  String tempconvert = formatter.format(new Date(Long.parseLong(utc)));
73  return tempconvert;
74  }
75 
76  public static String readFile(String path) throws IOException {
77  FileInputStream stream = new FileInputStream(new File(path));
78  try {
79  FileChannel fc = stream.getChannel();
80  MappedByteBuffer bb = fc.map(FileChannel.MapMode.READ_ONLY, 0, fc.size());
81  /*
82  * Instead of using default, pass in a decoder.
83  */
84  return Charset.defaultCharset().decode(bb).toString();
85  } finally {
86  stream.close();
87  }
88  }
89 
90  public static String getFileName(String value) {
91  String filename = "";
92  String filematch = "^([a-zA-Z]\\:)(\\\\[^\\\\/:*?<>\"|]*(?<!\\[ \\]))*(\\.[a-zA-Z]{2,6})$"; //NON-NLS
93 
94  Pattern p = Pattern.compile(filematch, Pattern.CASE_INSENSITIVE | Pattern.DOTALL | Pattern.COMMENTS);
95  Matcher m = p.matcher(value);
96  if (m.find()) {
97  filename = m.group(1);
98 
99  }
100  int lastPos = value.lastIndexOf('\\');
101  filename = (lastPos < 0) ? value : value.substring(lastPos + 1);
102  return filename.toString();
103  }
104 
105  public static String getPath(String txt) {
106  String path = "";
107 
108  //String drive ="([a-z]:\\\\(?:[-\\w\\.\\d]+\\\\)*(?:[-\\w\\.\\d]+)?)"; // Windows drive
109  String drive = "([a-z]:\\\\\\S.+)"; //NON-NLS
110  Pattern p = Pattern.compile(drive, Pattern.CASE_INSENSITIVE | Pattern.COMMENTS);
111  Matcher m = p.matcher(txt);
112  if (m.find()) {
113  path = m.group(1);
114 
115  } else {
116 
117  String network = "(\\\\(?:\\\\[^:\\s?*\"<>|]+)+)"; // Windows network NON-NLS
118 
119  Pattern p2 = Pattern.compile(network, Pattern.CASE_INSENSITIVE | Pattern.DOTALL);
120  Matcher m2 = p2.matcher(txt);
121  if (m2.find()) {
122  path = m2.group(1);
123  }
124  }
125  return path;
126  }
127 
128  public static long findID(Content dataSource, String path) {
129  String parent_path = path.replace('\\', '/'); // fix Chrome paths
130  if (parent_path.length() > 2 && parent_path.charAt(1) == ':') {
131  parent_path = parent_path.substring(2); // remove drive letter (e.g., 'C:')
132  }
133  int index = parent_path.lastIndexOf('/');
134  String name = parent_path.substring(++index);
135  parent_path = parent_path.substring(0, index);
136  List<AbstractFile> files = null;
137  try {
138  files = Case.getCurrentCaseThrows().getSleuthkitCase().getFileManager().findFilesExactNameExactPath(dataSource, name, parent_path);
139  } catch (TskCoreException | NoCurrentCaseException ex) {
140  logger.log(Level.WARNING, "Error fetching 'index.data' files for Internet Explorer history."); //NON-NLS
141  }
142 
143  if (files == null || files.isEmpty()) {
144  return -1;
145  }
146  return files.get(0).getId();
147  }
148 
149  public static boolean checkColumn(String column, String tablename, String connection) {
150  String query = "PRAGMA table_info(" + tablename + ")"; //NON-NLS
151  boolean found = false;
152  ResultSet temprs;
153  SQLiteDBConnect tempdbconnect = null;
154  try {
155  tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
156  temprs = tempdbconnect.executeQry(query);
157  while (temprs.next()) {
158  if (temprs.getString("name") == null ? column == null : temprs.getString("name").equals(column)) { //NON-NLS
159  found = true;
160  }
161  }
162  } catch (Exception ex) {
163  logger.log(Level.WARNING, "Error while trying to get columns from sqlite db." + connection, ex); //NON-NLS
164  }
165  finally{
166  if (tempdbconnect != null) {
167  tempdbconnect.closeConnection();
168  }
169  }
170  return found;
171  }
172 
173  public static ResultSet runQuery(String query, String connection) {
174  ResultSet results = null;
175  try {
176  SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + connection); //NON-NLS
177  results = tempdbconnect.executeQry(query);
178  tempdbconnect.closeConnection();
179  } catch (Exception ex) {
180  logger.log(Level.WARNING, "Error while trying to run sql query: " + query + " : " + connection, ex); //NON-NLS
181  }
182  return results;
183  }
184 
192  static long filetimeToMillis(final long filetime) {
193  return (filetime / FILETIME_ONE_MILLISECOND) - FILETIME_EPOCH_DIFF;
194  }
195 
196 }

Copyright © 2012-2022 Basis Technology. Generated on: Tue Aug 1 2023
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.