Autopsy  4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CentralRepoCommonAttributeInstance.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2018 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.commonpropertiessearch;
21 
22 import java.io.File;
23 import java.util.ArrayList;
24 import java.util.List;
25 import java.util.Optional;
26 import java.util.logging.Level;
32 import org.sleuthkit.datamodel.AbstractFile;
33 import org.sleuthkit.datamodel.DataSource;
34 import org.sleuthkit.datamodel.SleuthkitCase;
35 import org.sleuthkit.datamodel.TskCoreException;
36 
43 
44  private static final Logger LOGGER = Logger.getLogger(CentralRepoCommonAttributeInstance.class.getName());
45  private final Integer crFileId;
46  private final NODE_TYPE nodeType;
49 
51  super();
52  this.crFileId = attrInstId;
54  this.nodeType = nodeType;
55  }
56 
57  @Override
59  return this.correlationType;
60  }
61 
62  void setCurrentAttributeInst(CorrelationAttributeInstance attribute) {
63  this.currentAttribute = attribute;
64  }
65 
66  @Override
67  AbstractFile getAbstractFile() {
68  if (this.abstractFile != null) {
69  return this.abstractFile;
70  }
71 
72  Case currentCase;
73  if (this.currentAttribute != null) {
74 
75  final CorrelationAttributeInstance currentAttributeInstance = this.currentAttribute;
76 
77  try {
78  String currentFullPath = currentAttributeInstance.getFilePath();
79  currentCase = Case.getCurrentCaseThrows();
80 
81  // Only attempt to make the abstract file if the attribute is from the current case
82  if (currentCase.getName().equals(currentAttributeInstance.getCorrelationCase().getCaseUUID())) {
83  SleuthkitCase tskDb = currentCase.getSleuthkitCase();
84 
85  // Find the correct data source
86  Optional<DataSource> dataSource = tskDb.getDataSources().stream()
87  .filter(p -> p.getId() == currentAttribute.getCorrelationDataSource().getDataSourceObjectID())
88  .findFirst();
89  if (!dataSource.isPresent()) {
90  LOGGER.log(Level.WARNING, String.format("Unable to find data source with device ID %s in the current case", currentAttribute.getCorrelationDataSource().getDeviceID()));
91  return null;
92  }
93 
94  // First try to find the file in the current case using the file object id
95  // we get from the CR (if available).
96  Long fileId = currentAttribute.getFileObjectId();
97  if (fileId != null && fileId != 0) {
98  AbstractFile file = tskDb.getAbstractFileById(fileId);
99  if (file == null) {
100  LOGGER.log(Level.WARNING, String.format("Failed to find file with id %s in current case. Will attempt to find file based on path.", fileId));
101  } else {
102  this.abstractFile = file;
103  }
104  }
105 
106  if (this.abstractFile == null) {
107 
108  if (currentFullPath == null || currentFullPath.isEmpty()) {
109  return null;
110  }
111 
112  // We failed to find the file using the file id so now we
113  // will try using the file name, parent path and data source id.
114  File fileFromPath = new File(currentFullPath);
115  String fileName = fileFromPath.getName();
116  fileName = SleuthkitCase.escapeSingleQuotes(fileName);
117 
118  // Create the parent path. Make sure not to add a separator if there is already one there.
119  String parentPath = fileFromPath.getParent();
120  if (parentPath == null) {
121  return null;
122  }
123  if (!parentPath.endsWith(File.separator)) {
124  parentPath += File.separator;
125  }
126  parentPath = parentPath.replace("\\", "/");
127  parentPath = SleuthkitCase.escapeSingleQuotes(parentPath);
128  final String whereClause = String.format("lower(name) = '%s' AND lower(parent_path) = '%s' AND data_source_obj_id = %s", fileName, parentPath, dataSource.get().getId());
129  List<AbstractFile> potentialAbstractFiles = tskDb.findAllFilesWhere(whereClause);
130 
131  if (potentialAbstractFiles.isEmpty()) {
132  LOGGER.log(Level.SEVERE, String.format("Unable to find AbstractFile for record with filePath: %s.", new Object[]{currentAttributeInstance.getFilePath()}));
133  } else if (potentialAbstractFiles.size() > 1) {
134  LOGGER.log(Level.WARNING, String.format("Unable to find an exact match for AbstractFile for record with filePath: %s. May have returned the wrong file.", new Object[]{currentFullPath}));
135  this.abstractFile = potentialAbstractFiles.get(0);
136  } else {
137  this.abstractFile = potentialAbstractFiles.get(0);
138  }
139  }
140  }
141  } catch (TskCoreException | NoCurrentCaseException ex) {
142  LOGGER.log(Level.SEVERE, String.format("Unable to find AbstractFile for record with filePath: %s. Node not created.", new Object[]{currentAttributeInstance.getFilePath()}), ex);
143  }
144  }
145 
146  return this.abstractFile;
147  }
148 
149  @Override
151  List<DisplayableItemNode> attrInstNodeList = new ArrayList<>(0);
152  String currCaseDbName = Case.getCurrentCase().getDisplayName();
153  try {
154  DisplayableItemNode generatedInstNode = AbstractCommonAttributeInstance.createNode(currentAttribute, this.getAbstractFile(), currCaseDbName, nodeType);
155  attrInstNodeList.add(generatedInstNode);
156  } catch (TskCoreException ex) {
157  LOGGER.log(Level.SEVERE, String.format("Unable to get DataSource for record with md5: %s. Node not created.", new Object[]{currentAttribute.getCorrelationValue()}), ex);
158  }
159 
160  return attrInstNodeList.toArray(new DisplayableItemNode[attrInstNodeList.size()]);
161  }
162 }
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

Copyright © 2012-2022 Basis Technology. Generated on: Tue Feb 6 2024
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.