Autopsy  4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
ResultFile.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.discovery.search;
20 
21 import org.sleuthkit.autopsy.discovery.search.SearchData.Type;
22 import org.sleuthkit.datamodel.AbstractFile;
23 import java.util.ArrayList;
24 import java.util.Collections;
25 import java.util.List;
26 import org.openide.util.NbBundle;
27 import org.sleuthkit.autopsy.casemodule.Case;
28 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
29 import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
30 import org.sleuthkit.autopsy.coreutils.Logger;
31 import static org.sleuthkit.autopsy.discovery.search.SearchData.Type.OTHER;
32 import org.sleuthkit.datamodel.Content;
33 import org.sleuthkit.datamodel.HashUtility;
34 import org.sleuthkit.datamodel.Score;
35 import org.sleuthkit.datamodel.TskCoreException;
36 import org.sleuthkit.datamodel.TskData;
37 
41 public class ResultFile extends Result {
42 
43  private final static Logger logger = Logger.getLogger(ResultFile.class.getName());
44  private final List<String> keywordListNames;
45  private final List<String> hashSetNames;
46  private final List<String> interestingSetNames;
47  private final List<String> objectDetectedNames;
48  private final List<AbstractFile> instances = new ArrayList<>();
49  private Score currentScore = Score.SCORE_UNKNOWN;
50  private String scoreDescription = null;
51  private boolean deleted = false;
52  private Type fileType;
53 
59  public ResultFile(AbstractFile abstractFile) {
60  try {
61  //call get uniquePath to cache the path
62  abstractFile.getUniquePath();
63  } catch (TskCoreException ignored) {
64  //path wasnt cached will likely be called on EDT later JIRA-5972
65  }
66  //store the file the ResultFile was created for as the first value in the instances list
67  instances.add(abstractFile);
68  if (abstractFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
69  deleted = true;
70  }
71  updateScoreAndDescription(abstractFile);
72  keywordListNames = new ArrayList<>();
73  hashSetNames = new ArrayList<>();
74  interestingSetNames = new ArrayList<>();
75  objectDetectedNames = new ArrayList<>();
76  fileType = fromMIMEtype(abstractFile.getMIMEType());
77  }
78 
85  public void addDuplicate(AbstractFile duplicate) {
86  if (deleted && !duplicate.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC)) {
87  deleted = false;
88  }
89  if (fileType == Type.OTHER) {
90  fileType = fromMIMEtype(duplicate.getMIMEType());
91  }
92  updateScoreAndDescription(duplicate);
93  try {
94  //call get uniquePath to cache the path
95  duplicate.getUniquePath();
96  } catch (TskCoreException ignored) {
97  //path wasnt cached will likely be called on EDT later JIRA-5972
98  }
99  instances.add(duplicate);
100  }
101 
108  public Score getScore() {
109  return currentScore;
110  }
111 
117  public String getScoreDescription() {
118  return scoreDescription;
119  }
120 
127  public boolean isDeleted() {
128  return deleted;
129  }
130 
138  public List<AbstractFile> getAllInstances() {
139  return Collections.unmodifiableList(instances);
140  }
141 
147  public Type getFileType() {
148  return fileType;
149  }
150 
156  public void addKeywordListName(String keywordListName) {
157  if (!keywordListNames.contains(keywordListName)) {
158  keywordListNames.add(keywordListName);
159  }
160 
161  // Sort the list so the getKeywordListNames() will be consistent regardless of the order added
162  Collections.sort(keywordListNames);
163  }
164 
170  public List<String> getKeywordListNames() {
171  return Collections.unmodifiableList(keywordListNames);
172  }
173 
179  public void addHashSetName(String hashSetName) {
180  if (!hashSetNames.contains(hashSetName)) {
181  hashSetNames.add(hashSetName);
182  }
183 
184  // Sort the list so the getHashHitNames() will be consistent regardless of the order added
185  Collections.sort(hashSetNames);
186  }
187 
193  public List<String> getHashSetNames() {
194  return Collections.unmodifiableList(hashSetNames);
195  }
196 
202  public void addInterestingSetName(String interestingSetName) {
203  if (!interestingSetNames.contains(interestingSetName)) {
204  interestingSetNames.add(interestingSetName);
205  }
206 
207  // Sort the list so the getInterestingSetNames() will be consistent regardless of the order added
208  Collections.sort(interestingSetNames);
209  }
210 
216  public List<String> getInterestingSetNames() {
217  return Collections.unmodifiableList(interestingSetNames);
218  }
219 
225  public void addObjectDetectedName(String objectDetectedName) {
226  if (!objectDetectedNames.contains(objectDetectedName)) {
227  objectDetectedNames.add(objectDetectedName);
228  }
229 
230  // Sort the list so the getObjectDetectedNames() will be consistent regardless of the order added
231  Collections.sort(objectDetectedNames);
232  }
233 
239  public List<String> getObjectDetectedNames() {
240  return Collections.unmodifiableList(objectDetectedNames);
241  }
242 
248  public AbstractFile getFirstInstance() {
249  return instances.get(0);
250  }
251 
252  @Override
253  public String toString() {
254  return getFirstInstance().getName() + "(" + getFirstInstance().getId() + ") - "
255  + getFirstInstance().getSize() + ", " + getFirstInstance().getParentPath() + ", "
256  + getFirstInstance().getDataSourceObjectId() + ", " + getFrequency().toString() + ", "
257  + String.join(",", keywordListNames) + ", " + getFirstInstance().getMIMEType();
258  }
259 
260  @Override
261  public int hashCode() {
262  if (this.getFirstInstance().getMd5Hash() == null
263  || HashUtility.isNoDataMd5(this.getFirstInstance().getMd5Hash())
264  || !HashUtility.isValidMd5Hash(this.getFirstInstance().getMd5Hash())) {
265  return super.hashCode();
266  } else {
267  //if the file has a valid MD5 use the hashcode of the MD5 for deduping files with the same MD5
268  return this.getFirstInstance().getMd5Hash().hashCode();
269  }
270 
271  }
272 
273  @Override
274  public boolean equals(Object obj) {
275  if (!(obj instanceof ResultFile)
276  || this.getFirstInstance().getMd5Hash() == null
277  || HashUtility.isNoDataMd5(this.getFirstInstance().getMd5Hash())
278  || !HashUtility.isValidMd5Hash(this.getFirstInstance().getMd5Hash())) {
279  return super.equals(obj);
280  } else {
281  //if the file has a valid MD5 compare use the MD5 for equality check
282  return this.getFirstInstance().getMd5Hash().equals(((ResultFile) obj).getFirstInstance().getMd5Hash());
283  }
284  }
285 
286 
287  @NbBundle.Messages({
288  "# {0} - significanceDisplayName",
289  "ResultFile_updateScoreAndDescription_description=Has an {0} analysis result score"
290  })
291  private void updateScoreAndDescription(AbstractFile file) {
292  Score score = Score.SCORE_UNKNOWN;
293  try {
294  score = Case.getCurrentCaseThrows().getSleuthkitCase().getScoringManager().getAggregateScore(file.getId());
295  } catch (NoCurrentCaseException | TskCoreException ex) {
296 
297  }
298 
299  this.currentScore = score;
300  String significanceDisplay = score.getSignificance().getDisplayName();
301  this.scoreDescription = Bundle.ResultFile_updateScoreAndDescription_description(significanceDisplay);
302  }
303 
311  public static Type fromMIMEtype(String mimeType) {
312  for (Type type : Type.values()) {
313  if (type.getMediaTypes().contains(mimeType)) {
314  return type;
315  }
316  }
317  return OTHER;
318  }
319 
320  @Override
321  public long getDataSourceObjectId() {
322  return getFirstInstance().getDataSourceObjectId();
323  }
324 
325  @Override
326  public Content getDataSource() throws TskCoreException {
327  return getFirstInstance().getDataSource();
328  }
329 
330  @Override
331  public TskData.FileKnown getKnown() {
332  return getFirstInstance().getKnown();
333  }
334 
335  @Override
336  public Type getType() {
337  return fileType;
338  }
339 }
org.sleuthkit.autopsy.discovery.search.ResultFile.addKeywordListName
void addKeywordListName(String keywordListName)
Definition: ResultFile.java:156
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
org.sleuthkit.autopsy.discovery.search.ResultFile.addInterestingSetName
void addInterestingSetName(String interestingSetName)
Definition: ResultFile.java:202
org.sleuthkit.autopsy.discovery.search.ResultFile.addObjectDetectedName
void addObjectDetectedName(String objectDetectedName)
Definition: ResultFile.java:225

Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.