19 package org.sleuthkit.autopsy.datasourcesummary.datamodel;
22 import java.nio.file.Paths;
23 import java.text.DateFormat;
24 import java.text.SimpleDateFormat;
25 import java.util.ArrayList;
26 import java.util.Arrays;
27 import java.util.Collections;
28 import java.util.HashSet;
29 import java.util.List;
30 import java.util.Locale;
32 import java.util.Objects;
34 import java.util.stream.Collectors;
35 import org.apache.commons.lang.StringUtils;
44 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
51 private final static BlackboardAttribute.Type
DATETIME_ACCESSED_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED);
52 private final static BlackboardAttribute.Type
DOMAIN_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN);
53 private final static BlackboardAttribute.Type
PATH_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH);
54 private final static BlackboardAttribute.Type
ASSOCATED_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT);
55 private final static BlackboardAttribute.Type
EMAIL_FROM_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM);
56 private final static BlackboardAttribute.Type
MSG_DATEIME_SENT_ATT =
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT);
57 private final static BlackboardArtifact.Type
ASSOCATED_OBJ_ART =
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT);
59 private static final DateFormat
DATETIME_FORMAT =
new SimpleDateFormat(
"yyyy/MM/dd HH:mm:ss", Locale.getDefault());
62 ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID(),
63 ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID(),
64 ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT.getTypeID(),
65 ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(),
66 ARTIFACT_TYPE.TSK_MESSAGE.getTypeID()
84 if (provider == null) {
85 throw new IllegalArgumentException(
"Unable to construct RecentFileSummary object. SleuthkitCaseProvider cannot be null");
104 private <T extends RecentFileDetails> List<T> getSortedLimited(List<T> fileDetails,
int limit) {
105 Map<String, T> fileDetailsMap = fileDetails.stream()
106 .filter(details -> details != null)
107 .collect(Collectors.toMap(
108 d -> d.getPath().toUpperCase(),
110 (d1, d2) -> Long.compare(d1.getDateAsLong(), d2.getDateAsLong()) > 0 ? d1 : d2));
112 return fileDetailsMap.values().stream()
113 .sorted((a, b) -> -Long.compare(a.getDateAsLong(), b.getDateAsLong()))
115 .collect(Collectors.toList());
126 String path = DataSourceInfoUtilities.getStringOrNull(artifact,
PATH_ATT);
129 if (StringUtils.isBlank(path) || lastOpened == null || lastOpened == 0) {
151 if (dataSource == null) {
152 return Collections.emptyList();
157 List<RecentFileDetails> details = provider.
get().getBlackboard()
158 .getArtifacts(ARTIFACT_TYPE.TSK_RECENT_OBJECT.getTypeID(), dataSource.getId()).stream()
160 .filter(d -> d != null)
161 .collect(Collectors.toList());
163 return getSortedLimited(details, maxCount);
175 String domain = DataSourceInfoUtilities.getStringOrNull(artifact,
DOMAIN_ATT);
176 String path = DataSourceInfoUtilities.getStringOrNull(artifact,
PATH_ATT);
178 if (StringUtils.isBlank(path) || accessedTime == null || accessedTime == 0) {
192 throw new IllegalArgumentException(
"Invalid count: value must be greater than 0.");
210 public List<RecentDownloadDetails>
getRecentDownloads(DataSource dataSource,
int maxCount)
throws TskCoreException, SleuthkitCaseProviderException {
211 if (dataSource == null) {
212 return Collections.emptyList();
217 List<RecentDownloadDetails> details = provider.
get().getBlackboard()
218 .getArtifacts(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID(), dataSource.getId()).stream()
220 .filter(d -> d != null)
221 .collect(Collectors.toList());
223 return getSortedLimited(details, maxCount);
238 public List<RecentAttachmentDetails>
getRecentAttachments(DataSource dataSource,
int maxCount)
throws SleuthkitCaseProviderException, TskCoreException {
239 if (dataSource == null) {
240 return Collections.emptyList();
245 SleuthkitCase skCase = provider.
get();
247 List<BlackboardArtifact> associatedArtifacts = skCase.getBlackboard()
250 List<RecentAttachmentDetails> details =
new ArrayList<>();
251 for (BlackboardArtifact artifact : associatedArtifacts) {
254 if (thisDetails != null) {
255 details.add(thisDetails);
259 return getSortedLimited(details, maxCount);
273 BlackboardAttribute attribute = artifact.getAttribute(
ASSOCATED_ATT);
274 if (attribute == null) {
279 BlackboardArtifact messageArtifact = skCase.getBlackboardArtifact(attribute.getValueLong());
285 Content content = artifact.getParent();
286 if (!(content instanceof AbstractFile)) {
290 AbstractFile abstractFile = (AbstractFile) content;
293 String path = Paths.get(abstractFile.getParentPath(), abstractFile.getName()).toString();
294 String sender = DataSourceInfoUtilities.getStringOrNull(messageArtifact,
EMAIL_FROM_ATT);
297 if (date == null || date == 0 || StringUtils.isBlank(path)) {
313 final int artifactTypeID = nodeArtifact.getArtifactTypeID();
314 return artifactTypeID == ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID()
315 || artifactTypeID == ARTIFACT_TYPE.TSK_MESSAGE.getTypeID();
348 return DATETIME_FORMAT.format(date * 1000);
393 super(artifact, path, date);
426 super(artifact, path, date);
445 RecentAttachmentDetails compareObj = (RecentAttachmentDetails) obj;
447 return compareObj.
getSender().equals(this.sender)
455 hash = 73 * hash + Objects.hashCode(this.sender);
SleuthkitCaseProvider DEFAULT
Set< Integer > getArtifactTypeIdsForRefresh()
List< RecentFileDetails > getRecentlyOpenedDocuments(DataSource dataSource, int maxCount)
static final Set< Integer > ARTIFACT_UPDATE_TYPE_IDS
RecentDownloadDetails getRecentDownload(BlackboardArtifact artifact)
BlackboardArtifact getArtifact()
static final DateFormat DATETIME_FORMAT
List< RecentDownloadDetails > getRecentDownloads(DataSource dataSource, int maxCount)
static final BlackboardAttribute.Type DOMAIN_ATT
final BlackboardArtifact artifact
static final BlackboardArtifact.Type ASSOCATED_OBJ_ART
RecentAttachmentDetails getRecentAttachment(BlackboardArtifact artifact, SleuthkitCase skCase)
List< RecentAttachmentDetails > getRecentAttachments(DataSource dataSource, int maxCount)
RecentFilesSummary(SleuthkitCaseProvider provider)
RecentFileDetails getRecentlyOpenedDocument(BlackboardArtifact artifact)
boolean isMessageArtifact(BlackboardArtifact nodeArtifact)
static final BlackboardAttribute.Type ASSOCATED_ATT
final SleuthkitCaseProvider provider
static final BlackboardAttribute.Type MSG_DATEIME_SENT_ATT
void throwOnNonPositiveCount(int count)
boolean equals(Object obj)
static final BlackboardAttribute.Type DATETIME_ACCESSED_ATT
static final BlackboardAttribute.Type PATH_ATT
static final BlackboardAttribute.Type EMAIL_FROM_ATT