Autopsy  4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CommonAttributeCountSearchResults.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2018-2019 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.commonpropertiessearch;
21 
22 import java.util.ArrayList;
23 import java.util.Collections;
24 import java.util.HashMap;
25 import java.util.List;
26 import java.util.Map;
27 import java.util.Map.Entry;
28 import java.util.TreeMap;
29 import java.util.logging.Level;
35 
41 
42  private static final Logger LOGGER = Logger.getLogger(CommonAttributeCountSearchResults.class.getName());
43 
44  // maps instance count to list of attribute values.
45  private final Map<Integer, CommonAttributeValueList> instanceCountToAttributeValues;
46  private final int percentageThreshold;
47  private final int resultTypeId;
48 
60  CommonAttributeCountSearchResults(Map<Integer, CommonAttributeValueList> metadata, int percentageThreshold, CorrelationAttributeInstance.Type resultType) {
61  //wrap in a new object in case any client code has used an unmodifiable collection
62  this.instanceCountToAttributeValues = new TreeMap<>(metadata);
63  this.percentageThreshold = percentageThreshold;
64  this.resultTypeId = resultType.getId();
65  }
66 
75  CommonAttributeCountSearchResults(Map<Integer, CommonAttributeValueList> metadata, int percentageThreshold) {
76  //wrap in a new object in case any client code has used an unmodifiable collection
77  this.instanceCountToAttributeValues = new TreeMap<>(metadata);
78  this.percentageThreshold = percentageThreshold;
79  this.resultTypeId = CorrelationAttributeInstance.FILES_TYPE_ID;
80  }
81 
92  CommonAttributeValueList getAttributeValuesForInstanceCount(Integer instanceCount) {
93  return this.instanceCountToAttributeValues.get(instanceCount);
94  }
95 
103  public Map<Integer, CommonAttributeValueList> getMetadata() {
104  return Collections.unmodifiableMap(this.instanceCountToAttributeValues);
105  }
106 
112  public void filterMetadata() throws CentralRepoException {
113  filterMetadata(this.percentageThreshold);
114  }
115 
126  private void filterMetadata(int maximumPercentageThreshold) throws CentralRepoException {
127  if (!CentralRepository.isEnabled()) {
128  return;
129  }
130 
133  .stream()
134  .filter(filterType -> filterType.getId() == this.resultTypeId)
135  .findFirst().get();
136 
137 
138  Map<Integer, List<CommonAttributeValue>> itemsToRemove = new HashMap<>();
139  //Call countUniqueDataSources once to reduce the number of DB queries needed to get
140  //the frequencyPercentage
141  Double uniqueCaseDataSourceTuples = eamDb.getCountUniqueDataSources().doubleValue();
142 
143  for (Entry<Integer, CommonAttributeValueList> listOfValues : Collections.unmodifiableMap(this.instanceCountToAttributeValues).entrySet()) {
144 
145  final Integer key = listOfValues.getKey();
146  final CommonAttributeValueList values = listOfValues.getValue();
147 
148  for (CommonAttributeValue value : values.getDelayedMetadataSet()) { // Need the real metadata
149  if (maximumPercentageThreshold != 0) { //only do the frequency filtering when a max % was set
150  try {
151  Double uniqueTypeValueTuples = eamDb.getCountUniqueCaseDataSourceTuplesHavingTypeValue(
152  attributeType, value.getValue()).doubleValue();
153  Double commonalityPercentage = uniqueTypeValueTuples / uniqueCaseDataSourceTuples * 100;
154  int frequencyPercentage = commonalityPercentage.intValue();
155  if (frequencyPercentage > maximumPercentageThreshold) {
156  if (itemsToRemove.containsKey(key)) {
157  itemsToRemove.get(key).add(value);
158  } else {
159  List<CommonAttributeValue> toRemove = new ArrayList<>();
160  toRemove.add(value);
161  itemsToRemove.put(key, toRemove);
162  }
163  }
165  LOGGER.log(Level.WARNING, "Unable to determine frequency percentage attribute - frequency filter may not be accurate for these results.", ex);
166  }
167  }
168  }
169  }
170  for (Entry<Integer, List<CommonAttributeValue>> valuesToRemove : itemsToRemove.entrySet()) {
171  final Integer key = valuesToRemove.getKey();
172  final List<CommonAttributeValue> values = valuesToRemove.getValue();
173  for (CommonAttributeValue value : values) {
174  final CommonAttributeValueList instanceCountValue = this.instanceCountToAttributeValues.get(key);
175  if (instanceCountValue != null) {
176  instanceCountValue.removeMetaData(value);
177  if (instanceCountValue.getDelayedMetadataSet().isEmpty()) { // Check the real metadata
178  this.instanceCountToAttributeValues.remove(key);
179  }
180  }
181  }
182  }
183  }
184 
190  public int size() {
191 
192  int count = 0;
193  for (CommonAttributeValueList data : this.instanceCountToAttributeValues.values()) {
194  for (CommonAttributeValue md5 : data.getDelayedMetadataSet()) {
195  count += md5.getInstanceCount();
196  }
197  }
198  return count;
199  }
200 }
List< CorrelationAttributeInstance.Type > getDefinedCorrelationTypes()
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value)

Copyright © 2012-2020 Basis Technology. Generated on: Mon Jul 6 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.