Autopsy  4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Go to the documentation of this file.
1 /*
2  * Central Repository
3  *
4  * Copyright 2015-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  *
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.centralrepository.datamodel;
21 import;
22 import java.util.ArrayList;
23 import java.util.List;
24 import java.util.Objects;
25 import java.util.regex.Pattern;
26 import org.openide.util.NbBundle.Messages;
36 @Messages({
37  "EamArtifactInstances.knownStatus.bad=Bad",
38  "EamArtifactInstances.knownStatus.known=Known",
39  "EamArtifactInstances.knownStatus.unknown=Unknown"})
40 public class CorrelationAttributeInstance implements Serializable {
42  private static final long serialVersionUID = 1L;
44  private int ID;
45  private String correlationValue;
49  private String filePath;
50  private String comment;
52  private Long objectId;
53  private Long accountId;
56  CorrelationAttributeInstance.Type correlationType,
57  String correlationValue,
58  CorrelationCase eamCase,
59  CorrelationDataSource eamDataSource,
60  String filePath,
61  String comment,
62  TskData.FileKnown knownStatus,
64  this(correlationType, correlationValue, -1, eamCase, eamDataSource, filePath, comment, knownStatus, fileObjectId);
65  }
68  Type type,
69  String value,
70  int instanceId,
71  CorrelationCase eamCase,
72  CorrelationDataSource eamDataSource,
73  String filePath,
74  String comment,
75  TskData.FileKnown knownStatus,
76  Long fileObjectId
78  this(type, value, -1, eamCase, eamDataSource, filePath, comment, knownStatus, fileObjectId, (long)-1);
79  }
81  Type type,
82  String value,
83  int instanceId,
84  CorrelationCase eamCase,
85  CorrelationDataSource eamDataSource,
86  String filePath,
87  String comment,
88  TskData.FileKnown knownStatus,
89  Long fileObjectId,
90  Long accountId
92  if (filePath == null) {
93  throw new CentralRepoException("file path is null");
94  }
96  this.correlationType = type;
97  this.correlationValue = CorrelationAttributeNormalizer.normalize(type, value);
98  this.ID = instanceId;
99  this.correlationCase = eamCase;
100  this.correlationDataSource = eamDataSource;
101  // Lower case paths to normalize paths and improve correlation results, if this causes significant issues on case-sensitive file systems, remove
102  this.filePath = filePath.toLowerCase();
103  this.comment = comment;
104  this.knownStatus = knownStatus;
105  this.objectId = fileObjectId;
106  this.accountId = accountId;
107  }
109  public Boolean equals(CorrelationAttributeInstance otherInstance) {
110  return ((this.getID() == otherInstance.getID())
111  && (this.getCorrelationValue().equals(otherInstance.getCorrelationValue()))
112  && (this.getCorrelationType().equals(otherInstance.getCorrelationType()))
113  && (this.getCorrelationCase().equals(otherInstance.getCorrelationCase()))
114  && (this.getCorrelationDataSource().equals(otherInstance.getCorrelationDataSource()))
115  && (this.getFilePath().equals(otherInstance.getFilePath()))
116  && (this.getKnownStatus().equals(otherInstance.getKnownStatus()))
117  && (this.getComment().equals(otherInstance.getComment()))
118  && (this.getAccountId().equals(otherInstance.getAccountId())));
119  }
121  @Override
122  public String toString() {
123  return this.getID()
124  + this.getCorrelationCase().getCaseUUID()
125  + this.getCorrelationDataSource().getDeviceID()
126  + this.getAccountId()
127  + this.getFilePath()
128  + this.getCorrelationType().toString()
129  + this.getCorrelationValue()
130  + this.getKnownStatus()
131  + this.getComment();
132  }
137  public String getCorrelationValue() {
138  return correlationValue;
139  }
145  return correlationType;
146  }
154  public boolean isDatabaseInstance() {
155  return (ID >= 0);
156  }
161  public int getID() {
162  return ID;
163  }
169  return correlationCase;
170  }
176  return correlationDataSource;
177  }
182  public String getFilePath() {
183  return filePath;
184  }
189  public String getComment() {
190  return null == comment ? "" : comment;
191  }
196  public void setComment(String comment) {
197  this.comment = comment;
198  }
207  return knownStatus;
208  }
217  public void setKnownStatus(TskData.FileKnown knownStatus) {
218  this.knownStatus = knownStatus;
219  }
227  public Long getFileObjectId() {
228  return objectId;
229  }
237  public Long getAccountId() {
238  return accountId;
239  }
245  void setAccountId(Long accountId) {
246  this.accountId = accountId;
247  }
249  // Type ID's for Default Correlation Types
250  public static final int FILES_TYPE_ID = 0;
251  public static final int DOMAIN_TYPE_ID = 1;
252  public static final int EMAIL_TYPE_ID = 2;
253  public static final int PHONE_TYPE_ID = 3;
254  public static final int USBID_TYPE_ID = 4;
255  public static final int SSID_TYPE_ID = 5;
256  public static final int MAC_TYPE_ID = 6;
257  public static final int IMEI_TYPE_ID = 7;
258  public static final int IMSI_TYPE_ID = 8;
259  public static final int ICCID_TYPE_ID = 9;
260  public static final int INSTALLED_PROGS_TYPE_ID = 10;
261  public static final int OSACCOUNT_TYPE_ID = 11;
263  // An offset to assign Ids for additional correlation types.
264  public static final int ADDITIONAL_TYPES_BASE_ID = 1000;
272  @Messages({"CorrelationType.FILES.displayName=File MD5",
273  "CorrelationType.DOMAIN.displayName=Domain",
274  "CorrelationType.EMAIL.displayName=Email Address",
275  "CorrelationType.PHONE.displayName=Phone Number",
276  "CorrelationType.USBID.displayName=USB Device",
277  "CorrelationType.SSID.displayName=Wireless Network",
278  "CorrelationType.MAC.displayName=MAC Address",
279  "CorrelationType.IMEI.displayName=IMEI Number",
280  "CorrelationType.IMSI.displayName=IMSI Number",
281  "CorrelationType.PROG_NAME.displayName=Installed Program",
282  "CorrelationType.ICCID.displayName=ICCID Number",
283  "CorrelationType.OS_ACCOUNT.displayName=Os Account"})
284  public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws CentralRepoException {
285  List<CorrelationAttributeInstance.Type> defaultCorrelationTypes = new ArrayList<>();
287  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(FILES_TYPE_ID, Bundle.CorrelationType_FILES_displayName(), "file", true, true)); // NON-NLS
288  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(DOMAIN_TYPE_ID, Bundle.CorrelationType_DOMAIN_displayName(), "domain", true, true)); // NON-NLS
289  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(EMAIL_TYPE_ID, Bundle.CorrelationType_EMAIL_displayName(), "email_address", true, true)); // NON-NLS
290  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(PHONE_TYPE_ID, Bundle.CorrelationType_PHONE_displayName(), "phone_number", true, true)); // NON-NLS
291  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(USBID_TYPE_ID, Bundle.CorrelationType_USBID_displayName(), "usb_devices", true, true)); // NON-NLS
292  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(SSID_TYPE_ID, Bundle.CorrelationType_SSID_displayName(), "wireless_networks", true, true)); // NON-NLS
293  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(MAC_TYPE_ID, Bundle.CorrelationType_MAC_displayName(), "mac_address", true, true)); //NON-NLS
294  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(IMEI_TYPE_ID, Bundle.CorrelationType_IMEI_displayName(), "imei_number", true, true)); //NON-NLS
295  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(IMSI_TYPE_ID, Bundle.CorrelationType_IMSI_displayName(), "imsi_number", true, true)); //NON-NLS
296  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(ICCID_TYPE_ID, Bundle.CorrelationType_ICCID_displayName(), "iccid_number", true, true)); //NON-NLS
297  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(INSTALLED_PROGS_TYPE_ID, Bundle.CorrelationType_PROG_NAME_displayName(), "installed_programs", true, true)); //NON-NLS
298  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(OSACCOUNT_TYPE_ID, Bundle.CorrelationType_OS_ACCOUNT_displayName(), "os_accounts", true, true)); //NON-NLS
300  // Create Correlation Types for Accounts.
301  int correlationTypeId = ADDITIONAL_TYPES_BASE_ID;
303  // Skip Device account type - we dont want to correlate on those.
304  // Skip Phone and Email accounts as there are already Correlation types defined for those.
305  if (type != Account.Type.DEVICE && type != Account.Type.EMAIL && type != Account.Type.PHONE) {
306  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(correlationTypeId, type.getDisplayName(), type.getTypeName().toLowerCase() + "_acct", true, true)); //NON-NLS
307  correlationTypeId++;
308  }
309  }
311  return defaultCorrelationTypes;
312  }
317  @SuppressWarnings("serial")
318  public static class Type implements Serializable { // NOPMD Avoid short class names like Type
320  private int typeId;
321  private String displayName;
322  private String dbTableName;
323  private Boolean supported;
324  private Boolean enabled;
325  private final static String DB_NAMES_REGEX = "[a-z][a-z0-9_]*";
338  @Messages({"CorrelationAttributeInstance.nullName.message=Database name is null.",
339  "CorrelationAttributeInstance.invalidName.message=Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'."})
340  public Type(int typeId, String displayName, String dbTableName, Boolean supported, Boolean enabled) throws CentralRepoException {
341  if (dbTableName == null) {
342  throw new CentralRepoException("dbTableName is null", Bundle.CorrelationAttributeInstance_nullName_message());
343  }
344  this.typeId = typeId;
345  this.displayName = displayName;
346  this.dbTableName = dbTableName;
347  this.supported = supported;
348  this.enabled = enabled;
349  if (!Pattern.matches(DB_NAMES_REGEX, dbTableName)) {
350  throw new CentralRepoException("Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'.", Bundle.CorrelationAttributeInstance_invalidName_message()); // NON-NLS
351  }
352  }
367  public Type(String displayName, String dbTableName, Boolean supported, Boolean enabled) throws CentralRepoException {
368  this(-1, displayName, dbTableName, supported, enabled);
369  }
378  @Override
379  public boolean equals(Object that) {
380  if (this == that) {
381  return true;
382  } else if (!(that instanceof CorrelationAttributeInstance.Type)) {
383  return false;
384  } else {
385  return ((CorrelationAttributeInstance.Type) that).sameType(this);
386  }
387  }
398  return this.typeId == that.getId()
399  && Objects.equals(this.supported, that.isSupported())
400  && Objects.equals(this.enabled, that.isEnabled());
401  }
403  @Override
404  public int hashCode() {
405  int hash = 7;
406  hash = 67 * hash + Objects.hashCode(this.typeId);
407  hash = 67 * hash + Objects.hashCode(this.supported);
408  hash = 67 * hash + Objects.hashCode(this.enabled);
409  return hash;
410  }
412  @Override
413  public String toString() {
414  StringBuilder str = new StringBuilder(55);
415  str.append("(id=")
416  .append(getId())
417  .append(", displayName=")
418  .append(getDisplayName())
419  .append(", dbTableName=")
420  .append(getDbTableName())
421  .append(", supported=")
422  .append(isSupported().toString())
423  .append(", enabled=")
424  .append(isEnabled().toString())
425  .append(')');
426  return str.toString();
427  }
432  public int getId() {
433  return typeId;
434  }
439  public void setId(int typeId) {
440  this.typeId = typeId;
441  }
448  public Boolean isSupported() {
449  return supported;
450  }
457  public void setSupported(Boolean supported) {
458  this.supported = supported;
459  }
466  public Boolean isEnabled() {
467  return enabled;
468  }
475  public void setEnabled(Boolean enabled) {
476  this.enabled = enabled;
477  }
482  public String getDisplayName() {
483  return displayName;
484  }
489  public void setDisplayName(String displayName) {
490  this.displayName = displayName;
491  }
508  public String getDbTableName() {
509  return dbTableName;
510  }
532  public void setDbTableName(String dbTableName) throws CentralRepoException {
533  if (!Pattern.matches(DB_NAMES_REGEX, dbTableName)) {
534  throw new CentralRepoException("Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'."); // NON-NLS
535  }
536  this.dbTableName = dbTableName;
537  }
538  }
539 }
Type(String displayName, String dbTableName, Boolean supported, Boolean enabled)
CorrelationAttributeInstance(Type type, String value, int instanceId, CorrelationCase eamCase, CorrelationDataSource eamDataSource, String filePath, String comment, TskData.FileKnown knownStatus, Long fileObjectId, Long accountId)
Type(int typeId, String displayName, String dbTableName, Boolean supported, Boolean enabled)
static String normalize(CorrelationAttributeInstance.Type attributeType, String data)
CorrelationAttributeInstance(CorrelationAttributeInstance.Type correlationType, String correlationValue, CorrelationCase eamCase, CorrelationDataSource eamDataSource, String filePath, String comment, TskData.FileKnown knownStatus, long fileObjectId)
static final List< Account.Type > PREDEFINED_ACCOUNT_TYPES
static final Account.Type DEVICE

Copyright © 2012-2024 Sleuth Kit Labs. Generated on: Mon Feb 17 2025
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.