19 package org.sleuthkit.autopsy.datasourcesummary.datamodel;
21 import java.util.ArrayList;
22 import java.util.Arrays;
23 import java.util.Collection;
24 import java.util.Collections;
25 import java.util.HashSet;
26 import java.util.List;
28 import java.util.logging.Level;
29 import java.util.stream.Collectors;
30 import java.util.stream.Stream;
31 import org.apache.commons.lang3.tuple.Pair;
36 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
38 import org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
81 public PastCasesResult(List<Pair<String, Long>> sameIdsResults, List<Pair<String, Long>> taggedNotable) {
102 ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(),
103 ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getTypeID()
107 private static final BlackboardAttribute.Type
TYPE_COMMENT =
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_COMMENT);
108 private static final BlackboardAttribute.Type
TYPE_ASSOCIATED_ARTIFACT =
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT);
111 ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID(),
112 ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID(),
113 ARTIFACT_TYPE.TSK_SIM_ATTACHED.getTypeID(),
114 ARTIFACT_TYPE.TSK_WIFI_NETWORK_ADAPTER.getTypeID()
121 private final java.util.logging.Logger
logger;
144 java.util.logging.Logger
logger) {
146 this.caseProvider = provider;
165 if (sources == null) {
169 return sources.stream().anyMatch((str) -> {
170 return str != null && CENTRAL_REPO_INGEST_NAME.equalsIgnoreCase(str.trim());
184 if (artifact == null) {
185 return Collections.emptyList();
188 BlackboardAttribute commentAttr = null;
191 }
catch (TskCoreException ignored) {
195 if (commentAttr == null) {
196 return Collections.emptyList();
200 return Collections.emptyList();
203 String commentStr = commentAttr.getValueString();
205 int prefixCharIdx = commentStr.indexOf(PREFIX_END);
206 if (prefixCharIdx < 0 || prefixCharIdx >= commentStr.length() - 1) {
207 return Collections.emptyList();
210 String justCasesStr = commentStr.substring(prefixCharIdx + 1).trim();
211 return Stream.of(justCasesStr.split(CASE_SEPARATOR))
213 .collect(Collectors.toList());
228 Collection<List<String>> groupedCases = cases
230 .collect(Collectors.groupingBy((caseStr) -> caseStr.toUpperCase().trim()))
236 .filter((lst) -> lst != null && lst.size() > 0)
238 .map((lst) -> Pair.of(lst.get(0), (long) lst.size()))
240 .sorted((a, b) -> -Long.compare(a.getValue(), b.getValue()))
241 .collect(Collectors.toList());
256 if (parentId == null) {
260 SleuthkitCase skCase = caseProvider.
get();
262 return skCase.getArtifactByArtifactId(parentId);
263 }
catch (TskCoreException ex) {
265 String.format(
"There was an error fetching the parent artifact of a TSK_INTERESTING_ARTIFACT_HIT (parent id: %d)", parentId),
282 if (parent == null) {
286 return CR_DEVICE_TYPE_IDS.contains(parent.getArtifactTypeID());
302 if (dataSource == null) {
306 SleuthkitCase skCase = caseProvider.
get();
308 List<String> deviceArtifactCases =
new ArrayList<>();
309 List<String> nonDeviceArtifactCases =
new ArrayList<>();
311 for (BlackboardArtifact artifact : skCase.getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getTypeID(), dataSource.getId())) {
313 if (cases == null || cases.isEmpty()) {
318 deviceArtifactCases.addAll(cases);
320 nonDeviceArtifactCases.addAll(cases);
324 Stream<String> filesCases = skCase.getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(), dataSource.getId()).stream()
329 getCaseCounts(Stream.concat(filesCases, nonDeviceArtifactCases.stream()))
static final BlackboardAttribute.Type TYPE_ASSOCIATED_ARTIFACT
static final Set< Integer > ARTIFACT_UPDATE_TYPE_IDS
SleuthkitCaseProvider DEFAULT
List< Pair< String, Long > > getSameIdsResults()
static final String CENTRAL_REPO_INGEST_NAME
PastCasesResult getPastCasesData(DataSource dataSource)
final List< Pair< String, Long > > sameIdsResults
BlackboardArtifact getParentArtifact(BlackboardArtifact artifact)
static final String PREFIX_END
boolean hasDeviceAssociatedArtifact(BlackboardArtifact artifact)
final SleuthkitCaseProvider caseProvider
PastCasesResult(List< Pair< String, Long >> sameIdsResults, List< Pair< String, Long >> taggedNotable)
static boolean isCentralRepoGenerated(List< String > sources)
static final String CASE_SEPARATOR
List< Pair< String, Long > > getCaseCounts(Stream< String > cases)
final java.util.logging.Logger logger
Set< Integer > getArtifactTypeIdsForRefresh()
static String getModuleName()
static List< String > getCasesFromArtifact(BlackboardArtifact artifact)
List< Pair< String, Long > > getTaggedNotable()
synchronized static Logger getLogger(String name)
static final Set< Integer > CR_DEVICE_TYPE_IDS
static final BlackboardAttribute.Type TYPE_COMMENT
PastCasesSummary(SleuthkitCaseProvider provider, java.util.logging.Logger logger)
final List< Pair< String, Long > > taggedNotable