20 package org.sleuthkit.autopsy.geolocation.datamodel;
22 import java.sql.ResultSet;
23 import java.sql.SQLException;
24 import java.util.ArrayList;
25 import java.util.Arrays;
26 import java.util.List;
27 import java.util.logging.Level;
30 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
46 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),
47 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID());
50 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(),
51 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START.getTypeID(),
52 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_WAYPOINTS.getTypeID());
57 =
"SELECT artifact_id, artifact_type_id "
58 +
"FROM blackboard_attributes "
59 +
"WHERE attribute_type_id IN (%s) ";
63 =
"SELECT artifact_id "
64 +
"FROM blackboard_attributes "
65 +
"WHERE attribute_type_id IN (%s) ";
69 =
"SELECT blackboard_attributes.artifact_id "
70 +
"FROM blackboard_attributes, blackboard_artifacts "
71 +
"WHERE blackboard_attributes.artifact_id = blackboard_artifacts.artifact_id "
72 +
"AND blackboard_attributes.attribute_type_id IN(%s) "
73 +
"AND data_source_obj_id IN (%s)";
77 =
"SELECT MAX(value_int64) - (%d * 86400)"
78 +
"FROM blackboard_attributes "
79 +
"WHERE attribute_type_id IN(%s) "
87 =
"SELECT DISTINCT artifact_id, artifact_type_id "
88 +
"FROM blackboard_attributes "
89 +
"WHERE artifact_id NOT IN (%s) "
90 +
"AND artifact_id IN (%s)";
127 List<Waypoint> points =
new ArrayList<>();
145 public static List<Route>
getRoutes(List<Waypoint> waypoints) {
146 List<Route> routeList =
new ArrayList<>();
148 GeoPath path = point.getParentGeoPath();
149 if (path instanceof
Route) {
150 Route route = (Route) path;
151 if (!routeList.contains(route)) {
152 routeList.add(route);
167 public static List<Track>
getTracks(List<Waypoint> waypoints) {
168 List<Track> trackList =
new ArrayList<>();
170 GeoPath path = point.getParentGeoPath();
171 if (path instanceof
Track) {
172 Track route = (Track) path;
173 if (!trackList.contains(route)) {
174 trackList.add(route);
189 public static List<Area>
getAreas(List<Waypoint> waypoints) {
190 List<Area> areaList =
new ArrayList<>();
192 GeoPath path = point.getParentGeoPath();
193 if (path instanceof
Area) {
194 Area area = (Area) path;
195 if (!areaList.contains(area)) {
213 @SuppressWarnings(
"deprecation")
215 List<BlackboardArtifact> artifacts = null;
217 artifacts = skCase.getBlackboardArtifacts(ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);
218 }
catch (TskCoreException ex) {
219 throw new GeoLocationDataException(
"Unable to get artifacts for type: TSK_GPS_TRACKPOINT", ex);
222 List<Waypoint> points =
new ArrayList<>();
223 for (BlackboardArtifact artifact : artifacts) {
225 Waypoint point =
new TrackpointWaypoint(artifact);
227 }
catch (GeoLocationDataException ex) {
228 logger.log(Level.WARNING, String.format(
"No longitude or latitude available for TSK_GPS_TRACKPOINT artifactID: %d", artifact.getArtifactID()));
242 List<Waypoint> specificPoints =
new ArrayList<>();
245 if (point instanceof TrackpointWaypoint) {
246 specificPoints.add(point);
250 return specificPoints;
263 List<BlackboardArtifact> artifacts = null;
265 artifacts = skCase.getBlackboardArtifacts(ARTIFACT_TYPE.TSK_METADATA_EXIF);
266 }
catch (TskCoreException ex) {
270 List<Waypoint> points =
new ArrayList<>();
271 if (artifacts != null) {
272 for (BlackboardArtifact artifact : artifacts) {
274 Waypoint point =
new EXIFWaypoint(artifact);
294 List<Waypoint> specificPoints =
new ArrayList<>();
297 if (point instanceof EXIFWaypoint) {
298 specificPoints.add(point);
302 return specificPoints;
315 List<BlackboardArtifact> artifacts = null;
317 artifacts = skCase.getBlackboardArtifacts(ARTIFACT_TYPE.TSK_GPS_SEARCH);
318 }
catch (TskCoreException ex) {
322 List<Waypoint> points =
new ArrayList<>();
323 if (artifacts != null) {
324 for (BlackboardArtifact artifact : artifacts) {
326 Waypoint point =
new SearchWaypoint(artifact);
329 logger.log(Level.WARNING, String.format(
"No longitude or latitude available for TSK_GPS_SEARCH artifactID: %d", artifact.getArtifactID()));
344 List<Waypoint> specificPoints =
new ArrayList<>();
347 if (point instanceof SearchWaypoint) {
348 specificPoints.add(point);
352 return specificPoints;
365 List<BlackboardArtifact> artifacts = null;
367 artifacts = skCase.getBlackboardArtifacts(ARTIFACT_TYPE.TSK_GPS_LAST_KNOWN_LOCATION);
368 }
catch (TskCoreException ex) {
372 List<Waypoint> points =
new ArrayList<>();
373 if (artifacts != null) {
374 for (BlackboardArtifact artifact : artifacts) {
376 Waypoint point =
new LastKnownWaypoint(artifact);
379 logger.log(Level.WARNING, String.format(
"No longitude or latitude available for TSK_GPS_LAST_KNOWN_LOCATION artifactID: %d", artifact.getArtifactID()));
395 List<Waypoint> specificPoints =
new ArrayList<>();
398 if (point instanceof LastKnownWaypoint) {
399 specificPoints.add(point);
403 return specificPoints;
416 List<BlackboardArtifact> artifacts = null;
418 artifacts = skCase.getBlackboardArtifacts(ARTIFACT_TYPE.TSK_GPS_BOOKMARK);
419 }
catch (TskCoreException ex) {
423 List<Waypoint> points =
new ArrayList<>();
424 if (artifacts != null) {
425 for (BlackboardArtifact artifact : artifacts) {
427 Waypoint point =
new BookmarkWaypoint(artifact);
430 logger.log(Level.WARNING, String.format(
"No longitude or latitude available for TSK_GPS_BOOKMARK artifactID: %d", artifact.getArtifactID()), ex);
446 List<Waypoint> specificPoints =
new ArrayList<>();
449 if (point instanceof BookmarkWaypoint) {
450 specificPoints.add(point);
454 return specificPoints;
491 String query =
buildQuery(dataSources, showAll, cntDaysFromRecent, noTimeStamp);
496 if (query.startsWith(
"SELECT")) {
497 query = query.replaceFirst(
"SELECT",
"");
500 skCase.getCaseDbAccessManager().select(query,
new CaseDbAccessManager.CaseDbAccessQueryCallback() {
502 public void process(ResultSet rs) {
506 int artifact_type_id = rs.getInt(
"artifact_type_id");
507 long artifact_id = rs.getLong(
"artifact_id");
509 ARTIFACT_TYPE type = ARTIFACT_TYPE.fromID(artifact_type_id);
510 if (artifactTypes.contains(type)) {
516 queryCallBack.process(waypointResults);
517 }
catch (SQLException | TskCoreException ex) {
518 logger.log(Level.WARNING,
"Failed to filter waypoint.", ex);
523 }
catch (TskCoreException ex) {
524 logger.log(Level.WARNING,
"Failed to filter waypoint.", ex);
574 static private String
buildQuery(List<DataSource> dataSources,
boolean showAll,
int cntDaysFromRecent,
boolean noTimeStamp) {
575 String mostRecentQuery =
"";
577 if (!showAll && cntDaysFromRecent > 0) {
585 mostRecentQuery = String.format(
"AND value_int64 > (%s)",
587 cntDaysFromRecent, TIME_TYPE_IDS,
600 query += mostRecentQuery;
602 if (showAll || noTimeStamp) {
623 if (dataSources == null || dataSources.isEmpty()) {
631 String dataSourceList =
"";
632 for (DataSource source : dataSources) {
633 dataSourceList += Long.toString(source.getId()) +
",";
636 if (!dataSourceList.isEmpty()) {
638 dataSourceList = dataSourceList.substring(0, dataSourceList.length() - 1);
701 case TSK_METADATA_EXIF:
704 case TSK_GPS_BOOKMARK:
707 case TSK_GPS_TRACKPOINT:
716 case TSK_GPS_LAST_KNOWN_LOCATION:
static List< Waypoint > getLastKnownWaypoints(List< Waypoint > waypoints)
static final String TIME_TYPE_IDS
static String buildQuery(List< DataSource > dataSources, boolean showAll, int cntDaysFromRecent, boolean noTimeStamp)
static final Logger logger
static List< Waypoint > getBookmarkWaypoints(SleuthkitCase skCase)
void process(GeoLocationParseResult< Waypoint > waypoints)
static List< Waypoint > getBookmarkWaypoints(List< Waypoint > waypoints)
static void getAllWaypoints(SleuthkitCase skCase, List< DataSource > dataSources, List< ARTIFACT_TYPE > artifactTypes, boolean showAll, int cntDaysFromRecent, boolean noTimeStamp, WaypointFilterQueryCallBack queryCallBack)
static GeoLocationParseResult< Waypoint > parseWaypoints(ParserWithError< List< Waypoint >> parser, BlackboardArtifact artifact)
static GeoLocationParseResult< Waypoint > getWaypointForArtifact(BlackboardArtifact artifact, ARTIFACT_TYPE type)
static List< Waypoint > getSearchWaypoints(SleuthkitCase skCase)
void add(GeoLocationParseResult< T > toAdd)
static final String GEO_ATTRIBUTE_TYPE_IDS
static List< Waypoint > getSearchWaypoints(List< Waypoint > waypoints)
static List< Track > getTracks(List< Waypoint > waypoints)
static List< Waypoint > getTrackpointWaypoints(SleuthkitCase skCase)
static final String GEO_ARTIFACT_QUERY_ID_ONLY
static final String GEO_ARTIFACT_WITH_DATA_SOURCES_QUERY
T parse(BlackboardArtifact artifact)
static List< Route > getRoutes(List< Waypoint > waypoints)
static List< Waypoint > getAllWaypoints(SleuthkitCase skCase)
static String getWaypointListQuery(List< DataSource > dataSources)
static final String MOST_RECENT_TIME
static GeoLocationParseResult< Waypoint > parseWaypoint(ParserWithError< Waypoint > parser, BlackboardArtifact artifact)
static List< Waypoint > getEXIFWaypoints(List< Waypoint > waypoints)
static List< Waypoint > getTrackpointWaypoints(List< Waypoint > waypoints)
static String buildQueryForWaypointsWOTimeStamps(List< DataSource > dataSources)
static final String GEO_ARTIFACT_QUERY
static final String SELECT_WO_TIMESTAMP
synchronized static Logger getLogger(String name)
static List< Waypoint > getLastKnownWaypoints(SleuthkitCase skCase)
static List< Waypoint > getEXIFWaypoints(SleuthkitCase skCase)
static List< Area > getAreas(List< Waypoint > waypoints)