Sleuth Kit Java Bindings (JNI)  4.6
Java bindings for using The Sleuth Kit
BlackboardArtifact.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011-2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.io.Serializable;
22 import java.io.UnsupportedEncodingException;
23 import java.text.MessageFormat;
24 import java.util.ArrayList;
25 import java.util.Collection;
26 import java.util.HashMap;
27 import java.util.HashSet;
28 import java.util.List;
29 import java.util.Map;
30 import java.util.Objects;
31 import java.util.ResourceBundle;
32 import java.util.Set;
33 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
34 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
35 import org.sleuthkit.datamodel.SleuthkitCase.ObjectInfo;
36 
46 public class BlackboardArtifact implements Content {
47 
48  private static final ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
49  private final long artifactId;
50  private final long sourceObjId; // refers to objID of parent/source object
51  private final long artifactObjId; // objId of the artifact in tsk_objects. TBD: replace artifactID with this
52  private final long dataSourceObjId; // objId of the data source in tsk_objects.
53  private final int artifactTypeId;
54  private final String artifactTypeName;
55  private final String displayName;
56  private ReviewStatus reviewStatus;
57  private final SleuthkitCase sleuthkitCase;
58  private final List<BlackboardAttribute> attrsCache = new ArrayList<BlackboardAttribute>();
59  private boolean loadedCacheFromDb = false;
60  private Content parent;
61  private String uniquePath;
62 
63  private byte[] contentBytes = null;
64 
65  private volatile boolean checkedHasChildren;
66  private volatile boolean hasChildren;
67  private volatile int childrenCount;
68 
89  BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long sourceObjId, long artifactObjId, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName, ReviewStatus reviewStatus) {
90 
91  this.sleuthkitCase = sleuthkitCase;
92  this.artifactId = artifactID;
93  this.sourceObjId = sourceObjId;
94  this.artifactObjId = artifactObjId;
95  this.artifactTypeId = artifactTypeID;
96  this.dataSourceObjId = dataSourceObjId;
97  this.artifactTypeName = artifactTypeName;
98  this.displayName = displayName;
99  this.reviewStatus = reviewStatus;
100 
101  this.checkedHasChildren = false;
102  this.hasChildren = false;
103  this.childrenCount = -1;
104 
105  }
106 
126  BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long sourceObjId, long artifactObjID, long dataSourceObjID, int artifactTypeID, String artifactTypeName, String displayName, ReviewStatus reviewStatus, boolean isNew) {
127  this(sleuthkitCase, artifactID, sourceObjId, artifactObjID, dataSourceObjID, artifactTypeID, artifactTypeName, displayName, reviewStatus);
128  if (isNew) {
129  /*
130  * If this object represents a newly created artifact, then its
131  * collection of attributes has already been populated and there is
132  * no need to fetch them form the case database.
133  */
134  this.loadedCacheFromDb = true;
135  }
136  }
137 
144  public SleuthkitCase getSleuthkitCase() {
145  return sleuthkitCase;
146  }
147 
153  public long getArtifactID() {
154  return this.artifactId;
155  }
156 
163  public long getObjectID() {
164  return this.sourceObjId;
165  }
166 
172  long getDataSourceObjectID() {
173  return this.dataSourceObjId;
174  }
175 
181  public int getArtifactTypeID() {
182  return this.artifactTypeId;
183  }
184 
190  public String getArtifactTypeName() {
191  return this.artifactTypeName;
192  }
193 
199  public String getDisplayName() {
200  return this.displayName;
201  }
202 
210  public String getShortDescription() throws TskCoreException {
211  BlackboardAttribute attr = null;
212  StringBuilder shortDescription = new StringBuilder("");
213  switch (ARTIFACT_TYPE.fromID(artifactTypeId)) {
214  case TSK_WEB_BOOKMARK: //web_bookmark, web_cookie, web_download, and web_history are the same attribute for now
215  case TSK_WEB_COOKIE:
216  case TSK_WEB_DOWNLOAD:
217  case TSK_WEB_HISTORY:
218  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DOMAIN));
219  break;
220  case TSK_KEYWORD_HIT:
221  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW));
222  break;
223  case TSK_DEVICE_ATTACHED:
224  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID));
225  break;
226  case TSK_CONTACT: //contact, message, and calllog are the same attributes for now
227  case TSK_MESSAGE:
228  case TSK_CALLLOG:
229  //get the first of these attributes which exists and is non null
230  final ATTRIBUTE_TYPE[] typesThatCanHaveName = {ATTRIBUTE_TYPE.TSK_NAME,
231  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
232  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
233  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO,
234  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME,
235  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE,
236  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_OFFICE,
237  ATTRIBUTE_TYPE.TSK_EMAIL,
238  ATTRIBUTE_TYPE.TSK_EMAIL_FROM,
239  ATTRIBUTE_TYPE.TSK_EMAIL_TO,
240  ATTRIBUTE_TYPE.TSK_EMAIL_HOME,
241  ATTRIBUTE_TYPE.TSK_EMAIL_OFFICE}; //in the order we want to use them
242  for (ATTRIBUTE_TYPE t : typesThatCanHaveName) {
243  attr = getAttribute(new BlackboardAttribute.Type(t));
244  if (attr != null && !attr.getDisplayString().isEmpty()) {
245  break;
246  }
247  }
248  break;
249  default:
250  break;
251  }
252  if (attr != null) {
253  shortDescription.append(attr.getAttributeType().getDisplayName()).append(": ").append(attr.getDisplayString());
254  } else {
255  shortDescription.append(getDisplayName());
256  }
257  //get the first of these date attributes which exists and is non null
258  final ATTRIBUTE_TYPE[] typesThatCanHaveDate = {ATTRIBUTE_TYPE.TSK_DATETIME,
259  ATTRIBUTE_TYPE.TSK_DATETIME_SENT,
260  ATTRIBUTE_TYPE.TSK_DATETIME_RCVD,
261  ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
262  ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED,
263  ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
264  ATTRIBUTE_TYPE.TSK_DATETIME_START,
265  ATTRIBUTE_TYPE.TSK_DATETIME_END}; //in the order we want to use them
266  BlackboardAttribute date;
267  for (ATTRIBUTE_TYPE t : typesThatCanHaveDate) {
268  date = getAttribute(new BlackboardAttribute.Type(t));
269  if (date != null && !date.getDisplayString().isEmpty()) {
270  shortDescription.append(" ");
271  shortDescription.append(MessageFormat.format(bundle.getString("BlackboardArtifact.shortDescriptionDate.text"), date.getDisplayString())); //NON-NLS
272  break;
273  }
274  }
275  return shortDescription.toString();
276  }
277 
284  public ReviewStatus getReviewStatus() {
285  return reviewStatus;
286  }
287 
296  public void setReviewStatus(ReviewStatus newStatus) throws TskCoreException {
297  getSleuthkitCase().setReviewStatus(this, newStatus);
298  reviewStatus = newStatus;
299  }
300 
312  public void addAttribute(BlackboardAttribute attribute) throws TskCoreException {
313  attribute.setArtifactId(artifactId);
314  attribute.setCaseDatabase(getSleuthkitCase());
315  getSleuthkitCase().addBlackboardAttribute(attribute, this.artifactTypeId);
316  attrsCache.add(attribute);
317  }
318 
327  public List<BlackboardAttribute> getAttributes() throws TskCoreException {
328  ArrayList<BlackboardAttribute> attributes;
329  if (false == loadedCacheFromDb) {
330  attributes = getSleuthkitCase().getBlackboardAttributes(this);
331  attrsCache.clear();
332  attrsCache.addAll(attributes);
333  loadedCacheFromDb = true;
334  } else {
335  attributes = new ArrayList<BlackboardAttribute>(attrsCache);
336  }
337  return attributes;
338  }
339 
354  public BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType) throws TskCoreException {
355  List<BlackboardAttribute> attributes = this.getAttributes();
356  for (BlackboardAttribute attribute : attributes) {
357  if (attribute.getAttributeType().equals(attributeType)) {
358  return attribute;
359  }
360  }
361  return null;
362  }
363 
373  public void addAttributes(Collection<BlackboardAttribute> attributes) throws TskCoreException {
374  if (attributes.isEmpty()) {
375  return;
376  }
377  for (BlackboardAttribute attribute : attributes) {
378  attribute.setArtifactId(artifactId);
379  attribute.setCaseDatabase(getSleuthkitCase());
380  }
381  getSleuthkitCase().addBlackboardAttributes(attributes, artifactTypeId);
382  attrsCache.addAll(attributes);
383  }
384 
391  @Override
392  public synchronized String getUniquePath() throws TskCoreException {
393 
394  // Return the path of the parrent file
395  if (uniquePath == null) {
396  uniquePath = "";
397  Content myParent = getParent();
398  if (myParent != null) {
399  uniquePath = myParent.getUniquePath();
400  }
401  }
402  return uniquePath;
403  }
404 
405  @Override
406  public synchronized Content getParent() throws TskCoreException {
407  if (parent == null) {
408  ObjectInfo parentInfo;
409  parentInfo = getSleuthkitCase().getParentInfo(this);
410  if (parentInfo == null) {
411  parent = null;
412  } else {
413  parent = getSleuthkitCase().getContentById(parentInfo.getId());
414  }
415  }
416  return parent;
417  }
418 
426  @Override
427  public ArrayList<BlackboardArtifact> getAllArtifacts() throws TskCoreException {
428  // Currently we don't have any artifacts derived from an artifact.
429  return new ArrayList<BlackboardArtifact>();
430  }
431 
442  @Override
443  public ArrayList<BlackboardArtifact> getArtifacts(String artifactTypeName) throws TskCoreException {
444  // Currently we don't have any artifacts derived from an artifact.
445  return new ArrayList<BlackboardArtifact>();
446  }
447 
458  @Override
459  public ArrayList<BlackboardArtifact> getArtifacts(int artifactTypeID) throws TskCoreException {
460  // Currently we don't have any artifacts derived from an artifact.
461  return new ArrayList<BlackboardArtifact>();
462  }
463 
473  @Override
474  public ArrayList<BlackboardArtifact> getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
475  // Currently we don't have any artifacts derived from an artifact.
476  return new ArrayList<BlackboardArtifact>();
477  }
478 
486  @Override
487  public long getAllArtifactsCount() throws TskCoreException {
488  // Currently we don't have any artifacts derived from an artifact.
489  return 0;
490  }
491 
502  @Override
503  public long getArtifactsCount(String artifactTypeName) throws TskCoreException {
504  // Currently we don't have any artifacts derived from an artifact.
505  return 0;
506  }
507 
518  @Override
519  public long getArtifactsCount(int artifactTypeID) throws TskCoreException {
520  // Currently we don't have any artifacts derived from an artifact.
521  return 0;
522  }
523 
534  @Override
535  public long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
536  // Currently we don't have any artifacts derived from an artifact.
537  return 0;
538  }
539 
548  @Override
549  public BlackboardArtifact getGenInfoArtifact() throws TskCoreException {
550  // Currently we don't have any artifacts derived from an artifact.
551  return null;
552  }
553 
567  @Override
568  public BlackboardArtifact getGenInfoArtifact(boolean create) throws TskCoreException {
569  // Currently we don't have any artifacts derived from an artifact.
570  if (create) {
571  throw new TskCoreException("Artifacts of artifacts are not supported.");
572  }
573 
574  return null;
575  }
576 
587  @Override
588  public ArrayList<BlackboardAttribute> getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException {
589  // Currently we don't have any artifacts derived from an artifact.
590  return new ArrayList<>();
591  }
592 
600  @Override
601  public Set<String> getHashSetNames() throws TskCoreException {
602  // Currently we don't have any artifacts derived from an artifact.
603  return new HashSet<String>();
604  }
605 
617  @Override
618  public BlackboardArtifact newArtifact(int artifactTypeID) throws TskCoreException {
619  throw new TskCoreException("Cannot create artifact of an artifact. Not supported.");
620  }
621 
632  @Override
633  public BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
634  throw new TskCoreException("Cannot create artifact of an artifact. Not supported.");
635  }
636 
645  @Override
646  public <T> T accept(ContentVisitor<T> visitor) {
647  return visitor.visit(this);
648  }
649 
657  @Override
658  public boolean equals(Object object) {
659  if (object == null) {
660  return false;
661  }
662  if (getClass() != object.getClass()) {
663  return false;
664  }
665  final BlackboardArtifact other = (BlackboardArtifact) object;
666  return artifactId == other.getArtifactID();
667  }
668 
674  @Override
675  public int hashCode() {
676  int hash = 7;
677  hash = 41 * hash + (int) (this.artifactId ^ (this.artifactId >>> 32));
678  return hash;
679  }
680 
686  @Override
687  public String toString() {
688  return "BlackboardArtifact{" + "artifactID=" + artifactId + ", objID=" + getObjectID() + ", artifactObjID=" + artifactObjId + ", artifactTypeID=" + artifactTypeId + ", artifactTypeName=" + artifactTypeName + ", displayName=" + displayName + ", Case=" + getSleuthkitCase() + '}'; //NON-NLS
689  }
690 
701  @Override
702  public <T> T accept(SleuthkitItemVisitor<T> visitor) {
703  return visitor.visit(this);
704  }
705 
712  @Override
713  public long getSize() {
714 
715  if (contentBytes == null) {
716  try {
717  loadArtifactContent();
718  } catch (TskCoreException ex) {
719  return 0;
720  }
721  }
722 
723  return contentBytes.length;
724  }
725 
729  @Override
730  public void close() {
731  contentBytes = null;
732  }
733 
747  @Override
748  public final int read(byte[] buf, long offset, long len) throws TskCoreException {
749 
750  if (contentBytes == null) {
751  loadArtifactContent();
752  }
753 
754  if (0 == contentBytes.length) {
755  return 0;
756  }
757 
758  // Copy bytes
759  long readLen = Math.min(contentBytes.length - offset, len);
760  System.arraycopy(contentBytes, 0, buf, 0, (int) readLen);
761 
762  return (int) readLen;
763  }
764 
765  @Override
766  public String getName() {
767  return this.displayName + getArtifactID();
768  }
769 
770  @Override
771  public Content getDataSource() throws TskCoreException {
772  Content myParent = getParent();
773  if (myParent == null) {
774  return null;
775  }
776 
777  return myParent.getDataSource();
778  }
779 
786  private void loadArtifactContent() throws TskCoreException {
787  StringBuilder artifactContents = new StringBuilder();
788 
789  Content dataSource = null;
790  try {
791  dataSource = getDataSource();
792  } catch (TskCoreException ex) {
793  throw new TskCoreException("Unable to get datasource for artifact: " + this.toString(), ex);
794  }
795  if (dataSource == null) {
796  throw new TskCoreException("Datasource was null for artifact: " + this.toString());
797  }
798 
799  try {
800  for (BlackboardAttribute attribute : getAttributes()) {
801  artifactContents.append(attribute.getAttributeType().getDisplayName());
802  artifactContents.append(" : ");
803  artifactContents.append(attribute.getDisplayString());
804  artifactContents.append(System.lineSeparator());
805  }
806  } catch (TskCoreException ex) {
807  throw new TskCoreException("Unable to get attributes for artifact: " + this.toString(), ex);
808  }
809 
810  try {
811  contentBytes = artifactContents.toString().getBytes("UTF-8");
812  } catch (UnsupportedEncodingException ex) {
813  throw new TskCoreException("Failed to convert artifact string to bytes for artifact: " + this.toString(), ex);
814  }
815 
816  }
817 
821  public static final class Type implements Serializable {
822 
823  private static final long serialVersionUID = 1L;
824  private final String typeName;
825  private final int typeID;
826  private final String displayName;
827 
835  public Type(int typeID, String typeName, String displayName) {
836  this.typeID = typeID;
837  this.typeName = typeName;
838  this.displayName = displayName;
839  }
840 
846  public Type(ARTIFACT_TYPE type) {
847  this(type.getTypeID(), type.getLabel(), type.getDisplayName());
848  }
849 
855  public String getTypeName() {
856  return this.typeName;
857  }
858 
864  public int getTypeID() {
865  return this.typeID;
866  }
867 
873  public String getDisplayName() {
874  return this.displayName;
875  }
876 
884  @Override
885  public boolean equals(Object that) {
886  if (this == that) {
887  return true;
888  } else if (!(that instanceof Type)) {
889  return false;
890  } else {
891  return ((Type) that).sameType(this);
892  }
893  }
894 
902  private boolean sameType(Type that) {
903  return this.typeName.equals(that.getTypeName())
904  && this.displayName.equals(that.getDisplayName())
905  && this.typeID == that.getTypeID();
906  }
907 
913  @Override
914  public int hashCode() {
915  int hash = 11;
916  hash = 83 * hash + Objects.hashCode(this.typeID);
917  hash = 83 * hash + Objects.hashCode(this.displayName);
918  hash = 83 * hash + Objects.hashCode(this.typeName);
919  return hash;
920  }
921  }
922 
928  public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
929 
933  TSK_GEN_INFO(1, "TSK_GEN_INFO", //NON-NLS
934  bundle.getString("BlackboardArtifact.tskGenInfo.text")),
938  TSK_WEB_BOOKMARK(2, "TSK_WEB_BOOKMARK", //NON-NLS
939  bundle.getString("BlackboardArtifact.tskWebBookmark.text")),
943  TSK_WEB_COOKIE(3, "TSK_WEB_COOKIE",
944  bundle.getString("BlackboardArtifact.tskWebCookie.text")), //NON-NLS
948  TSK_WEB_HISTORY(4, "TSK_WEB_HISTORY", //NON-NLS
949  bundle.getString("BlackboardArtifact.tskWebHistory.text")),
953  TSK_WEB_DOWNLOAD(5, "TSK_WEB_DOWNLOAD", //NON-NLS
954  bundle.getString("BlackboardArtifact.tskWebDownload.text")),
958  TSK_RECENT_OBJECT(6, "TSK_RECENT_OBJ", //NON-NLS
959  bundle.getString("BlackboardArtifact.tsk.recentObject.text")),
963  TSK_GPS_TRACKPOINT(7, "TSK_GPS_TRACKPOINT", //NON-NLS
964  bundle.getString("BlackboardArtifact.tskGpsTrackpoint.text")),
968  TSK_INSTALLED_PROG(8, "TSK_INSTALLED_PROG", //NON-NLS
969  bundle.getString("BlackboardArtifact.tskInstalledProg.text")),
973  TSK_KEYWORD_HIT(9, "TSK_KEYWORD_HIT",
974  bundle.getString("BlackboardArtifact.tskKeywordHits.text")),
978  TSK_HASHSET_HIT(10, "TSK_HASHSET_HIT", //NON-NLS
979  bundle.getString("BlackboardArtifact.tskHashsetHit.text")),
983  TSK_DEVICE_ATTACHED(11, "TSK_DEVICE_ATTACHED", //NON-NLS
984  bundle.getString("BlackboardArtifact.tskDeviceAttached.text")),
989  TSK_INTERESTING_FILE_HIT(12, "TSK_INTERESTING_FILE_HIT", //NON-NLS
990  bundle.getString("BlackboardArtifact.tskInterestingFileHit.text")),
991 
994  TSK_EMAIL_MSG(13, "TSK_EMAIL_MSG", //NON-NLS
995  bundle.getString("BlackboardArtifact.tskEmailMsg.text")),
999  TSK_EXTRACTED_TEXT(14, "TSK_EXTRACTED_TEXT", //NON-NLS
1000  bundle.getString("BlackboardArtifact.tskExtractedText.text")),
1004  TSK_WEB_SEARCH_QUERY(15, "TSK_WEB_SEARCH_QUERY", //NON-NLS
1005  bundle.getString("BlackboardArtifact.tskWebSearchQuery.text")),
1009  TSK_METADATA_EXIF(16, "TSK_METADATA_EXIF", //NON-NLS
1010  bundle.getString("BlackboardArtifact.tskMetadataExif.text")),
1016  @Deprecated
1017  TSK_TAG_FILE(17, "TSK_TAG_FILE", //NON-NLS
1018  bundle.getString("BlackboardArtifact.tagFile.text")),
1024  @Deprecated
1025  TSK_TAG_ARTIFACT(18, "TSK_TAG_ARTIFACT", //NON-NLS
1026  bundle.getString("BlackboardArtifact.tskTagArtifact.text")),
1030  TSK_OS_INFO(19, "TSK_OS_INFO", //NON-NLS
1031  bundle.getString("BlackboardArtifact.tskOsInfo.text")),
1035  TSK_OS_ACCOUNT(20, "TSK_OS_ACCOUNT", //NON-NLS
1036  bundle.getString("BlackboardArtifact.tskOsAccount.text")),
1040  TSK_SERVICE_ACCOUNT(21, "TSK_SERVICE_ACCOUNT", //NON-NLS
1041  bundle.getString("BlackboardArtifact.tskServiceAccount.text")),
1047  @Deprecated
1048  TSK_TOOL_OUTPUT(22, "TSK_TOOL_OUTPUT", //NON-NLS
1049  bundle.getString("BlackboardArtifact.tskToolOutput.text")),
1054  TSK_CONTACT(23, "TSK_CONTACT", //NON-NLS
1055  bundle.getString("BlackboardArtifact.tskContact.text")),
1060  TSK_MESSAGE(24, "TSK_MESSAGE", //NON-NLS
1061  bundle.getString("BlackboardArtifact.tskMessage.text")),
1065  TSK_CALLLOG(25, "TSK_CALLLOG", //NON-NLS
1066  bundle.getString("BlackboardArtifact.tskCalllog.text")),
1070  TSK_CALENDAR_ENTRY(26, "TSK_CALENDAR_ENTRY", //NON-NLS
1071  bundle.getString("BlackboardArtifact.tskCalendarEntry.text")),
1075  TSK_SPEED_DIAL_ENTRY(27, "TSK_SPEED_DIAL_ENTRY", //NON-NLS
1076  bundle.getString("BlackboardArtifact.tskSpeedDialEntry.text")),
1080  TSK_BLUETOOTH_PAIRING(28, "TSK_BLUETOOTH_PAIRING", //NON-NLS
1081  bundle.getString("BlackboardArtifact.tskBluetoothPairing.text")),
1085  TSK_GPS_BOOKMARK(29, "TSK_GPS_BOOKMARK", //NON-NLS
1086  bundle.getString("BlackboardArtifact.tskGpsBookmark.text")),
1090  TSK_GPS_LAST_KNOWN_LOCATION(30, "TSK_GPS_LAST_KNOWN_LOCATION", //NON-NLS
1091  bundle.getString("BlackboardArtifact.tskGpsLastKnownLocation.text")),
1095  TSK_GPS_SEARCH(31, "TSK_GPS_SEARCH", //NON-NLS
1096  bundle.getString("BlackboardArtifact.tskGpsSearch.text")),
1100  TSK_PROG_RUN(32, "TSK_PROG_RUN", //NON-NLS
1101  bundle.getString("BlackboardArtifact.tskProgRun.text")),
1105  TSK_ENCRYPTION_DETECTED(33, "TSK_ENCRYPTION_DETECTED", //NON-NLS
1106  bundle.getString("BlackboardArtifact.tskEncryptionDetected.text")),
1110  TSK_EXT_MISMATCH_DETECTED(34, "TSK_EXT_MISMATCH_DETECTED", //NON-NLS
1111  bundle.getString("BlackboardArtifact.tskExtMismatchDetected.text")),
1116  TSK_INTERESTING_ARTIFACT_HIT(35, "TSK_INTERESTING_ARTIFACT_HIT", //NON-NLS
1117  bundle.getString("BlackboardArtifact.tskInterestingArtifactHit.text")),
1121  TSK_GPS_ROUTE(36, "TSK_GPS_ROUTE", //NON-NLS
1122  bundle.getString("BlackboardArtifact.tskGpsRoute.text")),
1126  TSK_REMOTE_DRIVE(37, "TSK_REMOTE_DRIVE", //NON-NLS
1127  bundle.getString("BlackboardArtifact.tskRemoteDrive.text")),
1131  TSK_FACE_DETECTED(38, "TSK_FACE_DETECTED", //NON-NLS
1132  bundle.getString("BlackboardArtifact.tskFaceDetected.text")),
1136  TSK_ACCOUNT(39, "TSK_ACCOUNT", //NON-NLS
1137  bundle.getString("BlackboardArtifact.tskAccount.text")),
1141  TSK_ENCRYPTION_SUSPECTED(40, "TSK_ENCRYPTION_SUSPECTED", //NON-NLS
1142  bundle.getString("BlackboardArtifact.tskEncryptionSuspected.text")),
1143  /*
1144  * A classifier detected an object in a media file.
1145  */
1146  TSK_OBJECT_DETECTED(41, "TSK_OBJECT_DETECTED", //NON-NLS
1147  bundle.getString("BlackboardArtifact.tskObjectDetected.text")),
1151  TSK_WIFI_NETWORK(42, "TSK_WIFI_NETWORK", //NON-NLS
1152  bundle.getString("BlackboardArtifact.tskWIFINetwork.text")),
1156  TSK_DEVICE_INFO(43, "TSK_DEVICE_INFO", //NON-NLS
1157  bundle.getString("BlackboardArtifact.tskDeviceInfo.text")),
1161  TSK_SIM_ATTACHED(44, "TSK_SIM_ATTACHED", //NON-NLS
1162  bundle.getString("BlackboardArtifact.tskSimAttached.text")),
1166  TSK_BLUETOOTH_ADAPTER(45, "TSK_BLUETOOTH_ADAPTER", //NON-NLS
1167  bundle.getString("BlackboardArtifact.tskBluetoothAdapter.text")),
1171  TSK_WIFI_NETWORK_ADAPTER(46, "TSK_WIFI_NETWORK_ADAPTER", //NON-NLS
1172  bundle.getString("BlackboardArtifact.tskWIFINetworkAdapter.text")),
1176  TSK_VERIFICATION_FAILED(47, "TSK_VERIFICATION_FAILED", //NON-NLS
1177  bundle.getString("BlackboardArtifact.tskVerificationFailed.text")),
1181  TSK_DATA_SOURCE_USAGE(48, "TSK_DATA_SOURCE_USAGE", //NON-NLS
1182  bundle.getString("BlackboardArtifact.tskDataSourceUsage.text")),
1186  TSK_WEB_FORM_AUTOFILL(49, "TSK_WEB_FORM_AUTOFILL", //NON-NLS
1187  bundle.getString("BlackboardArtifact.tskWebFormAutofill.text")),
1191  TSK_WEB_FORM_ADDRESS(50, "TSK_WEB_FORM_ADDRESSES ", //NON-NLS
1192  bundle.getString("BlackboardArtifact.tskWebFormAddresses.text")),
1199  @Deprecated
1200  TSK_DOWNLOAD_SOURCE(51, "TSK_DOWNLOAD_SOURCE", //NON-NLS
1201  bundle.getString("BlackboardArtifact.tskDownloadSource.text")),
1205  TSK_WEB_CACHE(52, "TSK_WEB_CACHE", //NON-NLS
1206  bundle.getString("BlackboardArtifact.tskWebCache.text")),
1210  TSK_TL_EVENT(53, "TSK_TL_EVENT", //NON-NLS
1211  bundle.getString("BlackboardArtifact.tskTLEvent.text")),
1215  TSK_CLIPBOARD_CONTENT(54, "TSK_CLIPBOARD_CONTENT", //NON-NLS
1216  bundle.getString("BlackboardArtifact.tskClipboardContent.text")),
1220  TSK_ASSOCIATED_OBJECT(55, "TSK_ASSOCIATED_OBJECT", //NON-NLS
1221  bundle.getString("BlackboardArtifact.tskAssociatedObject.text")),
1225  TSK_USER_CONTENT_SUSPECTED(56, "TSK_USER_CONTENT_SUSPECTED", //NON-NLS
1226  bundle.getString("BlackboardArtifact.tskUserContentSuspected.text")),
1230  TSK_METADATA(57, "TSK_METADATA", //NON-NLS
1231  bundle.getString("BlackboardArtifact.tskMetadata.text"));
1232 
1233  private final String label;
1234  private final int typeId;
1235  private final String displayName;
1236 
1244  private ARTIFACT_TYPE(int typeId, String label, String displayName) {
1245  this.typeId = typeId;
1246  this.label = label;
1247  this.displayName = displayName;
1248  }
1249 
1255  public int getTypeID() {
1256  return this.typeId;
1257  }
1258 
1264  public String getLabel() {
1265  return this.label;
1266  }
1267 
1276  static public ARTIFACT_TYPE fromLabel(String label) {
1277  for (ARTIFACT_TYPE value : ARTIFACT_TYPE.values()) {
1278  if (value.getLabel().equals(label)) {
1279  return value;
1280  }
1281  }
1282  throw new IllegalArgumentException("No ARTIFACT_TYPE matching type: " + label);
1283  }
1284 
1295  static public ARTIFACT_TYPE fromID(int id) {
1296  for (ARTIFACT_TYPE value : ARTIFACT_TYPE.values()) {
1297  if (value.getTypeID() == id) {
1298  return value;
1299  }
1300  }
1301  throw new IllegalArgumentException("No ARTIFACT_TYPE matching type: " + id);
1302  }
1303 
1309  public String getDisplayName() {
1310  return displayName;
1311  }
1312 
1324  @Override
1325  public <T> T accept(SleuthkitItemVisitor<T> visitor) {
1326  return visitor.visit(this);
1327  }
1328 
1329  }
1330 
1334  public enum ReviewStatus {
1335 
1336  APPROVED(1, "APPROVED", "ReviewStatus.Approved"), //approved by human user
1337  REJECTED(2, "REJECTED", "ReviewStatus.Rejected"), //rejected by humna user
1338  UNDECIDED(3, "UNDECIDED", "ReviewStatus.Undecided"); // not yet reviewed by human user
1339 
1340  private final Integer id;
1341  private final String name;
1342  private final String displayName;
1343  private final static Map<Integer, ReviewStatus> idToStatus = new HashMap<Integer, ReviewStatus>();
1344 
1345  static {
1346  for (ReviewStatus status : values()) {
1347  idToStatus.put(status.getID(), status);
1348  }
1349  }
1350 
1359  private ReviewStatus(Integer id, String name, String displayNameKey) {
1360  this.id = id;
1361  this.name = name;
1362  this.displayName = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle").getString(displayNameKey);
1363  }
1364 
1372  public static ReviewStatus withID(int id) {
1373  return idToStatus.get(id);
1374  }
1375 
1381  public Integer getID() {
1382  return id;
1383  }
1384 
1390  String getName() {
1391  return name;
1392  }
1393 
1399  public String getDisplayName() {
1400  return displayName;
1401  }
1402  }
1403 
1425  @Deprecated
1426  protected BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName) {
1427  this(sleuthkitCase, artifactID, objID, artifactObjID, dataSourceObjId, artifactTypeID, artifactTypeName, displayName, ReviewStatus.UNDECIDED);
1428  }
1429 
1444  @Deprecated
1445  public List<BlackboardAttribute> getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType) throws TskCoreException {
1446  if (loadedCacheFromDb == false) {
1447  List<BlackboardAttribute> attrs = getSleuthkitCase().getBlackboardAttributes(this);
1448  attrsCache.clear();
1449  attrsCache.addAll(attrs);
1450  loadedCacheFromDb = true;
1451  }
1452  ArrayList<BlackboardAttribute> filteredAttributes = new ArrayList<BlackboardAttribute>();
1453  for (BlackboardAttribute attr : attrsCache) {
1454  if (attr.getAttributeType().getTypeID() == attributeType.getTypeID()) {
1455  filteredAttributes.add(attr);
1456  }
1457  }
1458  return filteredAttributes;
1459  }
1460 
1461  @Override
1462  public long getId() {
1463  return this.artifactObjId;
1464  }
1465 
1474  @Override
1475  public List<Long> getChildrenIds() throws TskCoreException {
1476  List<Long> childrenIDs = new ArrayList<Long>();
1477  childrenIDs.addAll(getSleuthkitCase().getAbstractFileChildrenIds(this));
1478  childrenIDs.addAll(getSleuthkitCase().getBlackboardArtifactChildrenIds(this));
1479 
1480  return childrenIDs;
1481  }
1482 
1483  @Override
1484  public int getChildrenCount() throws TskCoreException {
1485  if (childrenCount != -1) {
1486  return childrenCount;
1487  }
1488 
1489  childrenCount = this.getSleuthkitCase().getContentChildrenCount(this);
1490 
1491  hasChildren = childrenCount > 0;
1492  checkedHasChildren = true;
1493 
1494  return childrenCount;
1495  }
1496 
1497  @Override
1498  public boolean hasChildren() throws TskCoreException {
1499  if (checkedHasChildren == true) {
1500  return hasChildren;
1501  }
1502 
1503  childrenCount = this.getSleuthkitCase().getContentChildrenCount(this);
1504 
1505  hasChildren = childrenCount > 0;
1506  checkedHasChildren = true;
1507 
1508  return hasChildren;
1509  }
1510 
1519  @Override
1520  public List<Content> getChildren() throws TskCoreException {
1521  List<Content> children = new ArrayList<>();
1522  children.addAll(getSleuthkitCase().getAbstractFileChildren(this));
1523  children.addAll(getSleuthkitCase().getBlackboardArtifactChildren(this));
1524 
1525  return children;
1526  }
1527 }
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromID
static ARTIFACT_TYPE fromID(int id)
Definition: BlackboardArtifact.java:1295
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(int artifactTypeID)
Definition: BlackboardArtifact.java:459
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO
TSK_PHONE_NUMBER_TO
Definition: BlackboardAttribute.java:1170
org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
Definition: SleuthkitCase.java:4193
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromLabel
static ARTIFACT_TYPE fromLabel(String label)
Definition: BlackboardArtifact.java:1276
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW
TSK_KEYWORD_PREVIEW
Definition: BlackboardAttribute.java:938
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME
TSK_NAME
Definition: BlackboardAttribute.java:917
org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes
void addBlackboardAttributes(Collection< BlackboardAttribute > attributes, int artifactTypeId)
Definition: SleuthkitCase.java:3745
org.sleuthkit.datamodel.BlackboardArtifact.Type.Type
Type(int typeID, String typeName, String displayName)
Definition: BlackboardArtifact.java:835
org.sleuthkit.datamodel.BlackboardArtifact.addAttributes
void addAttributes(Collection< BlackboardAttribute > attributes)
Definition: BlackboardArtifact.java:373
org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute
void addBlackboardAttribute(BlackboardAttribute attr, int artifactTypeId)
Definition: SleuthkitCase.java:3723
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN
TSK_DOMAIN
Definition: BlackboardAttribute.java:951
org.sleuthkit.datamodel.BlackboardArtifact.getAttributes
List< BlackboardAttribute > getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType)
Definition: BlackboardArtifact.java:1445
org.sleuthkit.datamodel.Content.getDataSource
Content getDataSource()
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER
TSK_PHONE_NUMBER
Definition: BlackboardAttribute.java:1019
org.sleuthkit.datamodel.ContentVisitor.visit
T visit(Directory d)
org.sleuthkit.datamodel.BlackboardArtifact.read
final int read(byte[] buf, long offset, long len)
Definition: BlackboardArtifact.java:748
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START
TSK_DATETIME_START
Definition: BlackboardAttribute.java:1182
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_OFFICE
TSK_EMAIL_OFFICE
Definition: BlackboardAttribute.java:1179
org.sleuthkit.datamodel.BlackboardArtifact.addAttribute
void addAttribute(BlackboardAttribute attribute)
Definition: BlackboardArtifact.java:312
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID
TSK_DEVICE_ID
Definition: BlackboardAttribute.java:966
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:474
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_HOME
TSK_EMAIL_HOME
Definition: BlackboardAttribute.java:1176
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME
TSK_DATETIME
Definition: BlackboardAttribute.java:914
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE
TSK_PHONE_NUMBER_MOBILE
Definition: BlackboardAttribute.java:1164
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.accept
public< T > T accept(SleuthkitItemVisitor< T > visitor)
Definition: BlackboardArtifact.java:1325
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_RCVD
TSK_DATETIME_RCVD
Definition: BlackboardAttribute.java:1068
org.sleuthkit.datamodel.BlackboardArtifact.newArtifact
BlackboardArtifact newArtifact(int artifactTypeID)
Definition: BlackboardArtifact.java:618
org.sleuthkit.datamodel.BlackboardArtifact.getAttribute
BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType)
Definition: BlackboardArtifact.java:354
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT
TSK_DATETIME_SENT
Definition: BlackboardAttribute.java:1071
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_OFFICE
TSK_PHONE_NUMBER_OFFICE
Definition: BlackboardAttribute.java:1161
org.sleuthkit.datamodel.BlackboardArtifact.getArtifactsCount
long getArtifactsCount(String artifactTypeName)
Definition: BlackboardArtifact.java:503
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME
TSK_PHONE_NUMBER_HOME
Definition: BlackboardAttribute.java:1158
org.sleuthkit.datamodel.Content
Definition: Content.java:32
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END
TSK_DATETIME_END
Definition: BlackboardAttribute.java:1185
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL
TSK_EMAIL
Definition: BlackboardAttribute.java:969
org.sleuthkit.datamodel.ContentVisitor
Definition: ContentVisitor.java:32
org.sleuthkit.datamodel.BlackboardArtifact.getGenInfoArtifact
BlackboardArtifact getGenInfoArtifact(boolean create)
Definition: BlackboardArtifact.java:568
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getDisplayName
String getDisplayName()
Definition: BlackboardArtifact.java:1309
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getLabel
String getLabel()
Definition: BlackboardArtifact.java:1264
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(String artifactTypeName)
Definition: BlackboardArtifact.java:443
org.sleuthkit.datamodel.BlackboardArtifact.BlackboardArtifact
BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName)
Definition: BlackboardArtifact.java:1426
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED
TSK_DATETIME_ACCESSED
Definition: BlackboardAttribute.java:1013
org.sleuthkit.datamodel.BlackboardArtifact.getAllArtifacts
ArrayList< BlackboardArtifact > getAllArtifacts()
Definition: BlackboardArtifact.java:427
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM
TSK_PHONE_NUMBER_FROM
Definition: BlackboardAttribute.java:1167
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED
TSK_DATETIME_CREATED
Definition: BlackboardAttribute.java:1137
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getTypeID
int getTypeID()
Definition: BlackboardArtifact.java:1255
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE
Definition: BlackboardAttribute.java:909
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED
TSK_DATETIME_MODIFIED
Definition: BlackboardAttribute.java:1140
org.sleuthkit.datamodel.BlackboardArtifact.getArtifactsCount
long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:535
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_TO
TSK_EMAIL_TO
Definition: BlackboardAttribute.java:1041
org.sleuthkit.datamodel.BlackboardArtifact.getGenInfoAttributes
ArrayList< BlackboardAttribute > getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type)
Definition: BlackboardArtifact.java:588
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE
Definition: BlackboardArtifact.java:928
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM
TSK_EMAIL_FROM
Definition: BlackboardAttribute.java:1050
org.sleuthkit.datamodel.Content.getUniquePath
String getUniquePath()
org.sleuthkit.datamodel.BlackboardArtifact.newArtifact
BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:633
org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus
void setReviewStatus(BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus)
Definition: SleuthkitCase.java:9303

Copyright © 2011-2018 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.