19 package org.sleuthkit.autopsy.datasourcesummary.datamodel;
22 import java.nio.file.Paths;
23 import java.text.DateFormat;
24 import java.text.SimpleDateFormat;
25 import java.util.ArrayList;
26 import java.util.Arrays;
27 import java.util.Collections;
28 import java.util.HashSet;
29 import java.util.List;
30 import java.util.Locale;
31 import java.util.Objects;
33 import java.util.SortedMap;
34 import java.util.TreeMap;
43 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
50 private final static BlackboardAttribute.Type
DATETIME_ACCESSED_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED);
51 private final static BlackboardAttribute.Type
DOMAIN_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN);
52 private final static BlackboardAttribute.Type
PATH_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH);
53 private final static BlackboardAttribute.Type
DATETIME_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME);
54 private final static BlackboardAttribute.Type
ASSOCATED_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT);
55 private final static BlackboardAttribute.Type
EMAIL_FROM_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM);
56 private final static BlackboardAttribute.Type
MSG_DATEIME_SENT_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT);
57 private final static BlackboardArtifact.Type
ASSOCATED_OBJ_ART =
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT);
59 private static final DateFormat
DATETIME_FORMAT =
new SimpleDateFormat(
"yyyy/MM/dd HH:mm:ss", Locale.getDefault());
62 ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID(),
63 ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID(),
64 ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID(),
65 ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(),
66 ARTIFACT_TYPE.TSK_MESSAGE.getTypeID()
84 if (provider == null) {
85 throw new IllegalArgumentException(
"Unable to construct RecentFileSummary object. SleuthkitCaseProvider cannot be null");
111 if (dataSource == null) {
112 return Collections.emptyList();
115 List<BlackboardArtifact> artifactList
116 = DataSourceInfoUtilities.getArtifacts(provider.
get(),
117 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_RECENT_OBJECT),
120 DataSourceInfoUtilities.SortOrder.DESCENDING,
123 List<RecentFileDetails> fileDetails =
new ArrayList<>();
124 for (BlackboardArtifact artifact : artifactList) {
125 Long accessedTime = null;
129 List<BlackboardAttribute> attributeList = artifact.getAttributes();
130 for (BlackboardAttribute attribute : attributeList) {
132 if (attribute.getAttributeType().equals(DATETIME_ATT)) {
133 accessedTime = attribute.getValueLong();
134 }
else if (attribute.getAttributeType().equals(
PATH_ATT)) {
135 path = attribute.getValueString();
138 if (accessedTime != null) {
162 public List<RecentDownloadDetails>
getRecentDownloads(DataSource dataSource,
int maxCount)
throws TskCoreException, SleuthkitCaseProviderException {
163 if (dataSource == null) {
164 return Collections.emptyList();
167 List<BlackboardArtifact> artifactList
168 = DataSourceInfoUtilities.getArtifacts(provider.
get(),
169 new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD),
172 DataSourceInfoUtilities.SortOrder.DESCENDING,
175 List<RecentDownloadDetails> fileDetails =
new ArrayList<>();
176 for (BlackboardArtifact artifact : artifactList) {
178 Long accessedTime = null;
182 List<BlackboardAttribute> attributeList = artifact.getAttributes();
183 for (BlackboardAttribute attribute : attributeList) {
185 if (attribute.getAttributeType().equals(DATETIME_ACCESSED_ATT)) {
186 accessedTime = attribute.getValueLong();
187 }
else if (attribute.getAttributeType().equals(
DOMAIN_ATT)) {
188 domain = attribute.getValueString();
189 }
else if (attribute.getAttributeType().equals(
PATH_ATT)) {
190 path = attribute.getValueString();
193 if (accessedTime != null) {
213 public List<RecentAttachmentDetails>
getRecentAttachments(DataSource dataSource,
int maxCount)
throws SleuthkitCaseProviderException, TskCoreException {
214 if (dataSource == null) {
215 return Collections.emptyList();
232 private SortedMap<Long, List<RecentAttachmentDetails>>
buildAttachmentMap(DataSource dataSource)
throws SleuthkitCaseProviderException, TskCoreException {
233 SleuthkitCase skCase = provider.
get();
234 TreeMap<Long, List<RecentAttachmentDetails>> sortedMap =
new TreeMap<>();
236 List<BlackboardArtifact> associatedArtifacts = skCase.getBlackboard().getArtifacts(
ASSOCATED_OBJ_ART.getTypeID(), dataSource.getId());
237 for (BlackboardArtifact artifact : associatedArtifacts) {
238 BlackboardAttribute attribute = artifact.getAttribute(
ASSOCATED_ATT);
239 if (attribute == null) {
243 BlackboardArtifact messageArtifact = skCase.getBlackboardArtifact(attribute.getValueLong());
245 Content content = artifact.getParent();
246 if (content instanceof AbstractFile) {
251 BlackboardAttribute senderAttribute = messageArtifact.getAttribute(
EMAIL_FROM_ATT);
252 if (senderAttribute != null) {
253 sender = senderAttribute.getValueString();
258 if (senderAttribute != null) {
259 date = senderAttribute.getValueLong();
262 AbstractFile abstractFile = (AbstractFile) content;
264 path = Paths.get(abstractFile.getParentPath(), abstractFile.getName()).toString();
266 if (date != null && date != 0) {
267 List<RecentAttachmentDetails> list = sortedMap.get(date);
269 list =
new ArrayList<>();
270 sortedMap.put(date, list);
273 if (!list.contains(details)) {
280 return sortedMap.descendingMap();
293 private List<RecentAttachmentDetails>
createListFromMap(SortedMap<Long, List<RecentAttachmentDetails>> sortedMap,
int maxCount) {
294 List<RecentAttachmentDetails> fileList =
new ArrayList<>();
296 for (List<RecentAttachmentDetails> mapList : sortedMap.values()) {
297 if (maxCount == 0 || fileList.size() + mapList.size() <= maxCount) {
298 fileList.addAll(mapList);
302 if (maxCount == fileList.size()) {
307 if (fileList.size() < maxCount) {
308 fileList.add(details);
327 final int artifactTypeID = nodeArtifact.getArtifactTypeID();
328 return artifactTypeID == ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID()
329 || artifactTypeID == ARTIFACT_TYPE.TSK_MESSAGE.getTypeID();
358 return DATETIME_FORMAT.format(date * 1000);
366 Long getDateAsLong() {
447 RecentAttachmentDetails compareObj = (RecentAttachmentDetails) obj;
449 return compareObj.
getSender().equals(this.sender)
451 && compareObj.getDateAsLong().equals(this.getDateAsLong());
457 hash = 73 * hash + Objects.hashCode(this.sender);
SleuthkitCaseProvider DEFAULT
Set< Integer > getArtifactTypeIdsForRefresh()
SortedMap< Long, List< RecentAttachmentDetails > > buildAttachmentMap(DataSource dataSource)
List< RecentFileDetails > getRecentlyOpenedDocuments(DataSource dataSource, int maxCount)
static final Set< Integer > ARTIFACT_UPDATE_TYPE_IDS
List< RecentAttachmentDetails > createListFromMap(SortedMap< Long, List< RecentAttachmentDetails >> sortedMap, int maxCount)
static final DateFormat DATETIME_FORMAT
List< RecentDownloadDetails > getRecentDownloads(DataSource dataSource, int maxCount)
static final BlackboardAttribute.Type DOMAIN_ATT
static final BlackboardArtifact.Type ASSOCATED_OBJ_ART
List< RecentAttachmentDetails > getRecentAttachments(DataSource dataSource, int maxCount)
RecentFilesSummary(SleuthkitCaseProvider provider)
boolean isMessageArtifact(BlackboardArtifact nodeArtifact)
static final BlackboardAttribute.Type ASSOCATED_ATT
static final BlackboardAttribute.Type DATETIME_ATT
final SleuthkitCaseProvider provider
static final BlackboardAttribute.Type MSG_DATEIME_SENT_ATT
boolean equals(Object obj)
static final BlackboardAttribute.Type DATETIME_ACCESSED_ATT
static final BlackboardAttribute.Type PATH_ATT
static final BlackboardAttribute.Type EMAIL_FROM_ATT