Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
KdbHashSetParser.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011 - 2017 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.hashdatabase;
20 
21 import java.sql.Connection;
22 import java.sql.DriverManager;
23 import java.sql.ResultSet;
24 import java.sql.SQLException;
25 import java.sql.Statement;
26 import java.util.logging.Level;
28 import org.sleuthkit.datamodel.HashEntry;
29 import org.sleuthkit.datamodel.TskCoreException;
30 
34 public class KdbHashSetParser implements HashSetParser {
35 
36  private final String JDBC_DRIVER = "org.sqlite.JDBC"; // NON-NLS
37  private final String JDBC_BASE_URI = "jdbc:sqlite:"; // NON-NLS
38 
39  private final String filename; // Name of the input file (saved for logging)
40  private final long totalHashes; // Estimated number of hashes
41  private int totalHashesRead = 0; // Number of hashes that have been read
42  private Connection conn;
43  private Statement statement;
44  private ResultSet resultSet;
45 
46  KdbHashSetParser(String filename) throws TskCoreException {
47  this.filename = filename;
48 
49  conn = null;
50  statement = null;
51  resultSet = null;
52 
53  try {
54  // Open the database
55  StringBuilder connectionURL = new StringBuilder();
56  connectionURL.append(JDBC_BASE_URI);
57  connectionURL.append(filename);
58  Class.forName(JDBC_DRIVER);
59  conn = DriverManager.getConnection(connectionURL.toString());
60 
61  // Get the number of hashes in the table
62  statement = conn.createStatement();
63  resultSet = statement.executeQuery("SELECT count(*) AS count FROM hashes");
64  if (resultSet.next()) {
65  totalHashes = resultSet.getLong("count");
66  } else {
67  close();
68  throw new TskCoreException("Error getting hash count from hash set " + filename);
69  }
70 
71  // Get the hashes
72  resultSet = statement.executeQuery("SELECT h.md5 as md5, " +
73  " (SELECT group_concat(c.comment, ' ') FROM comments c WHERE h.id = c.hash_id) as comment " +
74  " from hashes h");
75 
76  // At this point, getNextHash can read each hash from the result set
77  } catch (ClassNotFoundException | SQLException ex) {
78  throw new TskCoreException("Error opening/reading hash set " + filename, ex);
79  }
80 
81  }
82 
83 
91  @Override
92  public String getNextHash() throws TskCoreException {
93  return getNextHashEntry().getMd5Hash();
94  }
95 
96  @Override
97  public HashEntry getNextHashEntry() throws TskCoreException {
98  try {
99  if (resultSet.next()) {
100  byte[] hashBytes = resultSet.getBytes("md5");
101  StringBuilder sb = new StringBuilder();
102  for (byte b : hashBytes) {
103  sb.append(String.format("%02x", b));
104  }
105 
106  if (sb.toString().length() != 32) {
107  throw new TskCoreException("Hash has incorrect length: " + sb.toString());
108  }
109 
110  String md5Hash = sb.toString();
111  String comment = resultSet.getString("comment");
112  totalHashesRead++;
113  return new HashEntry(null, md5Hash, null, null, comment);
114  } else {
115  throw new TskCoreException("Could not read expected number of hashes from hash set " + filename);
116  }
117  } catch (SQLException ex) {
118  throw new TskCoreException("Error opening/reading hash set " + filename, ex);
119  }
120  }
121 
127  @Override
128  public boolean doneReading() {
129  return (totalHashesRead >= totalHashes);
130  }
131 
137  @Override
138  public long getExpectedHashCount() {
139  return totalHashes;
140  }
141 
145  @Override
146  public final void close() {
147  if (statement != null) {
148  try {
149  statement.close();
150  } catch (SQLException ex) {
151  Logger.getLogger(KdbHashSetParser.class.getName()).log(Level.SEVERE, "Error closing prepared statement.", ex);
152  }
153  }
154 
155  if (resultSet != null) {
156  try {
157  resultSet.close();
158  } catch (SQLException ex) {
159  Logger.getLogger(KdbHashSetParser.class.getName()).log(Level.SEVERE, "Error closing result set.", ex);
160  }
161  }
162 
163  if (conn != null) {
164  try {
165  conn.close();
166  } catch (SQLException ex) {
167  Logger.getLogger(KdbHashSetParser.class.getName()).log(Level.SEVERE, "Error closing connection.", ex);
168  }
169  }
170  }
171 }
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.