Autopsy  4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2012-2019 Basis Technology Corp.
6  * Copyright 2012 42six Solutions.
7  * Contact: aebadirad <at> 42six <dot> com
8  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License");
11  * you may not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  *
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS,
18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  * TODO (AUT-2158): This class should not extend Closeable.
23  */
24 package;
26 import;
27 import;
28 import java.util.ArrayList;
29 import java.util.Collection;
30 import java.util.List;
31 import java.util.logging.Level;
32 import org.openide.util.NbBundle;
36 import org.sleuthkit.datamodel.AbstractFile;
37 import org.sleuthkit.datamodel.Content;
38 import org.sleuthkit.datamodel.DerivedFile;
39 import org.sleuthkit.datamodel.LayoutFile;
40 import org.sleuthkit.datamodel.LocalDirectory;
41 import org.sleuthkit.datamodel.SleuthkitCase;
42 import org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction;
43 import org.sleuthkit.datamodel.SpecialDirectory;
44 import org.sleuthkit.datamodel.TskCoreException;
45 import org.sleuthkit.datamodel.TskFileRange;
46 import org.sleuthkit.datamodel.VirtualDirectory;
47 import org.sleuthkit.datamodel.LocalFilesDataSource;
48 import org.sleuthkit.datamodel.TskDataException;
49 import org.apache.commons.lang3.StringUtils;
51 import org.sleuthkit.datamodel.CarvingResult;
52 import org.sleuthkit.datamodel.TskData;
59 public class FileManager implements Closeable {
61  private static final Logger LOGGER = Logger.getLogger(FileManager.class.getName());
62  private SleuthkitCase caseDb;
71  public FileManager(SleuthkitCase caseDb) {
72  this.caseDb = caseDb;
73  }
85  public synchronized List<AbstractFile> findFilesByMimeType(Collection<String> mimeTypes) throws TskCoreException {
86  if (null == caseDb) {
87  throw new TskCoreException("File manager has been closed");
88  }
89  return caseDb.findAllFilesWhere(createFileTypeInCondition(mimeTypes));
90  }
104  public synchronized List<AbstractFile> findFilesByParentPath(long dataSourceObjectID, String parentPath) throws TskCoreException {
105  if (null == caseDb) {
106  throw new TskCoreException("File manager has been closed");
107  }
108  return caseDb.findAllFilesWhere(createParentPathCondition(dataSourceObjectID, parentPath));
109  }
123  public synchronized List<AbstractFile> findFilesByMimeType(Content dataSource, Collection<String> mimeTypes) throws TskCoreException {
124  if (null == caseDb) {
125  throw new TskCoreException("File manager has been closed");
126  }
127  return caseDb.findAllFilesWhere("data_source_obj_id = " + dataSource.getId() + " AND " + createFileTypeInCondition(mimeTypes));
128  }
137  private static String createFileTypeInCondition(Collection<String> mimeTypes) {
138  String types = StringUtils.join(mimeTypes, "', '");
139  return "mime_type IN ('" + types + "')";
140  }
151  private static String createParentPathCondition(long dataSourceObjectID, String parentPath) {
152  return "data_source_obj_id = " + dataSourceObjectID + " AND parent_path LIKE '" + parentPath + "%'";
153  }
167  public synchronized List<AbstractFile> findFiles(String fileName) throws TskCoreException {
168  if (null == caseDb) {
169  throw new TskCoreException("File manager has been closed");
170  }
171  List<AbstractFile> result = new ArrayList<>();
172  List<Content> dataSources = caseDb.getRootObjects();
173  for (Content dataSource : dataSources) {
174  result.addAll(findFiles(dataSource, fileName));
175  }
176  return result;
177  }
195  public synchronized List<AbstractFile> findFiles(String fileName, String parentSubString) throws TskCoreException {
196  if (null == caseDb) {
197  throw new TskCoreException("File manager has been closed");
198  }
199  List<AbstractFile> result = new ArrayList<>();
200  List<Content> dataSources = caseDb.getRootObjects();
201  for (Content dataSource : dataSources) {
202  result.addAll(findFiles(dataSource, fileName, parentSubString));
203  }
204  return result;
205  }
221  public synchronized List<AbstractFile> findFiles(String fileName, AbstractFile parent) throws TskCoreException {
222  if (null == caseDb) {
223  throw new TskCoreException("File manager has been closed");
224  }
225  List<AbstractFile> result = new ArrayList<>();
226  List<Content> dataSources = caseDb.getRootObjects();
227  for (Content dataSource : dataSources) {
228  result.addAll(findFiles(dataSource, fileName, parent));
229  }
230  return result;
231  }
247  public synchronized List<AbstractFile> findFiles(Content dataSource, String fileName) throws TskCoreException {
248  if (null == caseDb) {
249  throw new TskCoreException("File manager has been closed");
250  }
251  return caseDb.findFiles(dataSource, fileName);
252  }
272  public synchronized List<AbstractFile> findFiles(Content dataSource, String fileName, String parentSubString) throws TskCoreException {
273  if (null == caseDb) {
274  throw new TskCoreException("File manager has been closed");
275  }
276  return caseDb.findFiles(dataSource, fileName, parentSubString);
277  }
295  public synchronized List<AbstractFile> findFiles(Content dataSource, String fileName, AbstractFile parent) throws TskCoreException {
296  if (null == caseDb) {
297  throw new TskCoreException("File manager has been closed");
298  }
299  return findFiles(dataSource, fileName, parent.getName());
300  }
318  public synchronized List<AbstractFile> openFiles(Content dataSource, String filePath) throws TskCoreException {
319  if (null == caseDb) {
320  throw new TskCoreException("File manager has been closed");
321  }
322  return caseDb.openFiles(dataSource, filePath);
323  }
354  public synchronized DerivedFile addDerivedFile(String fileName,
355  String localPath,
356  long size,
357  long ctime, long crtime, long atime, long mtime,
358  boolean isFile,
359  Content parentObj,
360  String rederiveDetails, String toolName, String toolVersion, String otherDetails,
361  TskData.EncodingType encodingType) throws TskCoreException {
362  if (null == caseDb) {
363  throw new TskCoreException("File manager has been closed");
364  }
365  return caseDb.addDerivedFile(fileName, localPath, size,
366  ctime, crtime, atime, mtime,
367  isFile, parentObj, rederiveDetails, toolName, toolVersion, otherDetails, encodingType);
368  }
400  public synchronized DerivedFile updateDerivedFile(DerivedFile derivedFile, String localPath,
401  long size,
402  long ctime, long crtime, long atime, long mtime,
403  boolean isFile, String mimeType,
404  String rederiveDetails, String toolName, String toolVersion, String otherDetails,
405  TskData.EncodingType encodingType) throws TskCoreException {
406  if (null == caseDb) {
407  throw new TskCoreException("File manager has been closed");
408  }
409  return caseDb.updateDerivedFile(derivedFile, localPath, size,
410  ctime, crtime, atime, mtime,
411  isFile, mimeType, rederiveDetails, toolName, toolVersion, otherDetails, encodingType);
412  }
425  public synchronized List<LayoutFile> addCarvedFiles(CarvingResult carvingResult) throws TskCoreException {
426  if (null == caseDb) {
427  throw new TskCoreException("File manager has been closed");
428  }
429  return caseDb.addCarvedFiles(carvingResult);
430  }
436  public interface FileAddProgressUpdater {
443  void fileAdded(AbstractFile newFile);
444  }
474  public synchronized LocalFilesDataSource addLocalFilesDataSource(String deviceId, String rootVirtualDirectoryName, String timeZone, List<String> localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException, TskDataException {
475  if (null == caseDb) {
476  throw new TskCoreException("File manager has been closed");
477  }
478  List<> localFiles = getFilesAndDirectories(localFilePaths);
479  CaseDbTransaction trans = null;
480  try {
481  String rootDirectoryName = rootVirtualDirectoryName;
482  if (rootDirectoryName.isEmpty()) {
483  rootDirectoryName = generateFilesDataSourceName(caseDb);
484  }
486  /*
487  * Add the root virtual directory and its local/logical file
488  * children to the case database.
489  */
490  trans = caseDb.beginTransaction();
491  LocalFilesDataSource dataSource = caseDb.addLocalFilesDataSource(deviceId, rootDirectoryName, timeZone, trans);
492  List<AbstractFile> filesAdded = new ArrayList<>();
493  for ( localFile : localFiles) {
494  AbstractFile fileAdded = addLocalFile(trans, dataSource, localFile, TskData.EncodingType.NONE, progressUpdater);
495  if (null != fileAdded) {
496  filesAdded.add(fileAdded);
497  } else {
498  throw new TskCoreException(NbBundle.getMessage(this.getClass(), "FileManager.addLocalFilesDirs.exception.cantAdd.msg", localFile.getAbsolutePath()));
499  }
500  }
501  trans.commit();
502  trans = null;
504  /*
505  * Publish content added events for the added files and directories.
506  */
507  for (AbstractFile fileAdded : filesAdded) {
509  }
511  return dataSource;
513  } finally {
514  if (null != trans) {
515  try {
516  trans.rollback();
517  } catch (TskCoreException ex) {
518  LOGGER.log(Level.SEVERE, "Failed to rollback transaction after exception", ex);
519  }
520  }
521  }
522  }
537  private static synchronized String generateFilesDataSourceName(SleuthkitCase caseDb) throws TskCoreException {
538  int localFileDataSourcesCounter = 0;
539  try {
540  List<VirtualDirectory> localFileDataSources = caseDb.getVirtualDirectoryRoots();
541  for (VirtualDirectory vd : localFileDataSources) {
542  if (vd.getName().startsWith(VirtualDirectoryNode.LOGICAL_FILE_SET_PREFIX)) {
543  ++localFileDataSourcesCounter;
544  }
545  }
546  return VirtualDirectoryNode.LOGICAL_FILE_SET_PREFIX + (localFileDataSourcesCounter + 1);
547  } catch (TskCoreException ex) {
548  throw new TskCoreException("Error querying for existing local file data sources with defualt names", ex);
549  }
550  }
564  private List<> getFilesAndDirectories(List<String> localFilePaths) throws TskDataException {
565  List<> localFiles = new ArrayList<>();
566  for (String path : localFilePaths) {
567 localFile = new;
568  if (!localFile.exists() || !localFile.canRead()) {
569  throw new TskDataException(String.format("File at %s does not exist or cannot be read", localFile.getAbsolutePath()));
570  }
571  localFiles.add(localFile);
572  }
573  return localFiles;
574  }
593  private AbstractFile addLocalFile(CaseDbTransaction trans, SpecialDirectory parentDirectory, localFile,
594  TskData.EncodingType encodingType, FileAddProgressUpdater progressUpdater) throws TskCoreException {
595  if (localFile.isDirectory()) {
596  /*
597  * Add the directory as a local directory.
598  */
599  LocalDirectory localDirectory = caseDb.addLocalDirectory(parentDirectory.getId(), localFile.getName(), trans);
600  progressUpdater.fileAdded(localDirectory);
602  /*
603  * Add its children, if any.
604  */
605  final[] childFiles = localFile.listFiles();
606  if (childFiles != null && childFiles.length > 0) {
607  for ( childFile : childFiles) {
608  addLocalFile(trans, localDirectory, childFile, progressUpdater);
609  }
610  }
612  return localDirectory;
613  } else {
614  return caseDb.addLocalFile(localFile.getName(), localFile.getAbsolutePath(), localFile.length(),
615  0, 0, 0, 0,
616  localFile.isFile(), encodingType, parentDirectory, trans);
617  }
618  }
626  @Deprecated
627  @Override
628  public synchronized void close() throws IOException {
629  /*
630  * No-op maintained for backwards compatibility. Clients should not
631  * attempt to close case services.
632  */
633  }
653  @Deprecated
654  public synchronized VirtualDirectory addLocalFilesDirs(List<String> localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException {
655  if (null == caseDb) {
656  throw new TskCoreException("File manager has been closed");
657  }
658  try {
659  return addLocalFilesDataSource("", "", "", localFilePaths, progressUpdater).getRootDirectory();
660  } catch (TskDataException ex) {
661  throw new TskCoreException(ex.getLocalizedMessage(), ex);
662  }
663  }
683  @Deprecated
684  public synchronized LayoutFile addCarvedFile(String fileName, long fileSize, long parentObjId, List<TskFileRange> layout) throws TskCoreException {
685  if (null == caseDb) {
686  throw new TskCoreException("File manager has been closed");
687  }
688  Content parent = caseDb.getContentById(parentObjId);
689  List<CarvingResult.CarvedFile> carvedFiles = new ArrayList<>();
690  carvedFiles.add(new CarvingResult.CarvedFile(fileName, fileSize, layout));
691  List<LayoutFile> layoutFiles = caseDb.addCarvedFiles(new CarvingResult(parent, carvedFiles));
692  return layoutFiles.get(0);
693  }
710  @Deprecated
711  public synchronized List<LayoutFile> addCarvedFiles(List<org.sleuthkit.datamodel.CarvedFileContainer> filesToAdd) throws TskCoreException {
712  if (null == caseDb) {
713  throw new TskCoreException("File manager has been closed");
714  }
715  return caseDb.addCarvedFiles(filesToAdd);
716  }
748  @Deprecated
749  public synchronized DerivedFile addDerivedFile(String fileName,
750  String localPath,
751  long size,
752  long ctime, long crtime, long atime, long mtime,
753  boolean isFile,
754  AbstractFile parentFile,
755  String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException {
756  return addDerivedFile(fileName, localPath, size, ctime, crtime, atime, mtime, isFile, parentFile,
757  rederiveDetails, toolName, toolVersion, otherDetails, TskData.EncodingType.NONE);
758  }
779  @Deprecated
780  private AbstractFile addLocalFile(CaseDbTransaction trans, SpecialDirectory parentDirectory, localFile, FileAddProgressUpdater progressUpdater) throws TskCoreException {
781  return addLocalFile(trans, parentDirectory, localFile, TskData.EncodingType.NONE, progressUpdater);
782  }
784 }
static String createFileTypeInCondition(Collection< String > mimeTypes)
synchronized VirtualDirectory addLocalFilesDirs(List< String > localFilePaths, FileAddProgressUpdater progressUpdater)
synchronized LayoutFile addCarvedFile(String fileName, long fileSize, long parentObjId, List< TskFileRange > layout)
synchronized List< AbstractFile > findFiles(String fileName, String parentSubString)
synchronized List< AbstractFile > findFiles(Content dataSource, String fileName)
synchronized DerivedFile addDerivedFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType)
synchronized DerivedFile addDerivedFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails)
AbstractFile addLocalFile(CaseDbTransaction trans, SpecialDirectory parentDirectory, localFile, FileAddProgressUpdater progressUpdater)
synchronized List< AbstractFile > findFilesByMimeType(Collection< String > mimeTypes)
synchronized List< LayoutFile > addCarvedFiles(List< org.sleuthkit.datamodel.CarvedFileContainer > filesToAdd)
synchronized List< AbstractFile > openFiles(Content dataSource, String filePath)
static String createParentPathCondition(long dataSourceObjectID, String parentPath)
synchronized LocalFilesDataSource addLocalFilesDataSource(String deviceId, String rootVirtualDirectoryName, String timeZone, List< String > localFilePaths, FileAddProgressUpdater progressUpdater)
static synchronized String generateFilesDataSourceName(SleuthkitCase caseDb)
synchronized List< AbstractFile > findFilesByMimeType(Content dataSource, Collection< String > mimeTypes)
synchronized List< AbstractFile > findFilesByParentPath(long dataSourceObjectID, String parentPath)
void fireModuleContentEvent(ModuleContentEvent moduleContentEvent)
synchronized List< AbstractFile > findFiles(String fileName)
AbstractFile addLocalFile(CaseDbTransaction trans, SpecialDirectory parentDirectory, localFile, TskData.EncodingType encodingType, FileAddProgressUpdater progressUpdater)
synchronized static Logger getLogger(String name)
synchronized List< LayoutFile > addCarvedFiles(CarvingResult carvingResult)
synchronized DerivedFile updateDerivedFile(DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType)
synchronized List< AbstractFile > findFiles(Content dataSource, String fileName, String parentSubString)
synchronized List< AbstractFile > findFiles(Content dataSource, String fileName, AbstractFile parent)
synchronized List< AbstractFile > findFiles(String fileName, AbstractFile parent)
List< > getFilesAndDirectories(List< String > localFilePaths)
static synchronized IngestServices getInstance()

Copyright © 2012-2020 Basis Technology. Generated on: Mon Jul 6 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.