api-docs/4.19.1/_domain_search_8java_source.html

 /*

  * Autopsy

  *

  * Copyright 2020-2021 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.discovery.search;


 import java.awt.Image;

 import java.util.ArrayList;

 import java.util.HashMap;

 import java.util.LinkedHashMap;

 import java.util.List;

 import java.util.Map;

 import org.apache.commons.lang3.StringUtils;

 import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;

 import org.sleuthkit.autopsy.coreutils.TimeZoneUtils;

 import org.sleuthkit.autopsy.discovery.search.DiscoveryKeyUtils.GroupKey;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import org.sleuthkit.datamodel.SleuthkitCase;

 import org.sleuthkit.datamodel.TskCoreException;


 public class DomainSearch {


     private final DomainSearchCache searchCache;

     private final DomainSearchThumbnailCache thumbnailCache;

     private final DomainSearchArtifactsCache artifactsCache;


     public DomainSearch() {

         this(new DomainSearchCache(), new DomainSearchThumbnailCache(),

                 new DomainSearchArtifactsCache());

     }


     DomainSearch(DomainSearchCache cache, DomainSearchThumbnailCache thumbnailCache,

             DomainSearchArtifactsCache artifactsCache) {

         this.searchCache = cache;

         this.thumbnailCache = thumbnailCache;

         this.artifactsCache = artifactsCache;

     }


     public Map<GroupKey, Integer> getGroupSizes(String userName,

             List<AbstractFilter> filters,

             DiscoveryAttributes.AttributeType groupAttributeType,

             Group.GroupSortingAlgorithm groupSortingType,

             ResultsSorter.SortingMethod domainSortingMethod,

             SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException {


         final Map<GroupKey, List<Result>> searchResults = searchCache.get(

                 userName, filters, groupAttributeType, groupSortingType,

                 domainSortingMethod, caseDb, centralRepoDb, context);


         // Transform the cached results into a map of group key to group size.

         final LinkedHashMap<GroupKey, Integer> groupSizes = new LinkedHashMap<>();

         for (GroupKey groupKey : searchResults.keySet()) {

             if (context.searchIsCancelled()) {

                 throw new SearchCancellationException("The search was cancelled before group sizes were finished being calculated");

             }

             groupSizes.put(groupKey, searchResults.get(groupKey).size());

         }


         return groupSizes;

     }


     public List<Result> getDomainsInGroup(String userName,

             List<AbstractFilter> filters,

             DiscoveryAttributes.AttributeType groupAttributeType,

             Group.GroupSortingAlgorithm groupSortingType,

             ResultsSorter.SortingMethod domainSortingMethod,

             GroupKey groupKey, int startingEntry, int numberOfEntries,

             SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException {


         final Map<GroupKey, List<Result>> searchResults = searchCache.get(

                 userName, filters, groupAttributeType, groupSortingType,

                 domainSortingMethod, caseDb, centralRepoDb, context);

         final List<Result> domainsInGroup = searchResults.get(groupKey);

         final List<Result> page = new ArrayList<>();

         for (int i = startingEntry; (i < startingEntry + numberOfEntries)

                 && (i < domainsInGroup.size()); i++) {

             page.add(domainsInGroup.get(i));

         }


         return page;

     }


     public Image getThumbnail(DomainSearchThumbnailRequest thumbnailRequest) throws DiscoveryException {

         return thumbnailCache.get(thumbnailRequest);

     }


     public List<BlackboardArtifact> getArtifacts(DomainSearchArtifactsRequest artifactsRequest) throws DiscoveryException {

         return artifactsCache.get(artifactsRequest);

     }


     public List<MiniTimelineResult> getAllArtifactsForDomain(SleuthkitCase sleuthkitCase, String domain) throws DiscoveryException {

         List<BlackboardArtifact> artifacts = new ArrayList<>();

         Map<String, List<BlackboardArtifact>> dateMap = new HashMap<>();

         if (!StringUtils.isBlank(domain)) {

             for (BlackboardArtifact.ARTIFACT_TYPE type : SearchData.Type.DOMAIN.getArtifactTypes()) {


                 artifacts.addAll(getArtifacts(new DomainSearchArtifactsRequest(sleuthkitCase, domain, type)));

             }


             for (BlackboardArtifact artifact : artifacts) {

                 String date;

                 try {

                     date = getDate(artifact);

                 } catch (TskCoreException ex) {

                     throw new DiscoveryException("Unable to get date for artifact with ID: " + artifact.getArtifactID(), ex);

                 }

                 if (!StringUtils.isBlank(date)) {

                     List<BlackboardArtifact> artifactList = dateMap.get(date);

                     if (artifactList == null) {

                         artifactList = new ArrayList<>();

                     }

                     artifactList.add(artifact);

                     dateMap.put(date, artifactList);

                 }

             }

         }

         List<MiniTimelineResult> dateArtifactList = new ArrayList<>();


         for (String date : dateMap.keySet()) {

             dateArtifactList.add(new MiniTimelineResult(date, dateMap.get(date)));

         }

         return dateArtifactList;

     }


     private String getDate(BlackboardArtifact artifact) throws TskCoreException {

         for (BlackboardAttribute attribute : artifact.getAttributes()) {

             if (attribute.getAttributeType().getTypeName().startsWith("TSK_DATETIME")) {

                 String dateString = TimeZoneUtils.getFormattedTime(attribute.getValueLong());

                 if (dateString.length() >= 10) {

                     return dateString.substring(0, 10);

                 }

             }

         }

         return "";

     }


 }

org.sleuthkit

org.sleuthkit.autopsy.discovery.search.DomainSearchArtifactsCache.get
List< BlackboardArtifact > get(DomainSearchArtifactsRequest request)
Definition: DomainSearchArtifactsCache.java:66

org.sleuthkit.autopsy.discovery.search
Definition: AbstractFilter.java:19

org.sleuthkit.autopsy.discovery.search.DomainSearch.getDomainsInGroup
List< Result > getDomainsInGroup(String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, GroupKey groupKey, int startingEntry, int numberOfEntries, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context)
Definition: DomainSearch.java:135

org.sleuthkit.autopsy.discovery.search.Group
Definition: Group.java:29

org.sleuthkit.autopsy.discovery.search.DomainSearch.getGroupSizes
Map< GroupKey, Integer > getGroupSizes(String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context)
Definition: DomainSearch.java:89

org.sleuthkit.autopsy.centralrepository.datamodel
Definition: CentralRepoAccount.java:19

org.sleuthkit.autopsy.discovery.search.DiscoveryException
Definition: DiscoveryException.java:24

org

org.sleuthkit.autopsy.coreutils.TimeZoneUtils.getFormattedTime
static String getFormattedTime(long epochTime)
Definition: TimeZoneUtils.java:145

org.sleuthkit.autopsy.discovery.search.DiscoveryKeyUtils.GroupKey
Definition: DiscoveryKeyUtils.java:234

org.sleuthkit.autopsy.discovery

org.sleuthkit.autopsy.discovery.search.DomainSearch.getArtifacts
List< BlackboardArtifact > getArtifacts(DomainSearchArtifactsRequest artifactsRequest)
Definition: DomainSearch.java:192

org.sleuthkit.autopsy.centralrepository
Definition: AddEditCentralRepoCommentAction.java:19

org.sleuthkit.autopsy.discovery.search.DomainSearch.artifactsCache
final DomainSearchArtifactsCache artifactsCache
Definition: DomainSearch.java:43

org.sleuthkit.autopsy.discovery.search.DomainSearchThumbnailCache
Definition: DomainSearchThumbnailCache.java:29

org.sleuthkit.autopsy.discovery.search.SearchContext
Definition: SearchContext.java:25

org.sleuthkit.autopsy.coreutils
Definition: AppSQLiteDB.java:19

org.sleuthkit.autopsy.discovery.search.ResultsSorter.SortingMethod
Definition: ResultsSorter.java:376

org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes
Definition: DiscoveryAttributes.java:55

org.sleuthkit.autopsy.discovery.search.ResultsSorter
Definition: ResultsSorter.java:32

org.sleuthkit.autopsy.discovery.search.DomainSearch.thumbnailCache
final DomainSearchThumbnailCache thumbnailCache
Definition: DomainSearch.java:42

org.sleuthkit.autopsy.discovery.search.DomainSearchArtifactsCache
Definition: DomainSearchArtifactsCache.java:38

org.sleuthkit.autopsy.discovery.search.DomainSearchArtifactsRequest
Definition: DomainSearchArtifactsRequest.java:29

org.sleuthkit.autopsy.discovery.search.DomainSearchThumbnailRequest
Definition: DomainSearchThumbnailRequest.java:28

org.sleuthkit.autopsy.discovery.search.DomainSearch
Definition: DomainSearch.java:39

org.sleuthkit.autopsy.discovery.search.DomainSearch.searchCache
final DomainSearchCache searchCache
Definition: DomainSearch.java:41

org.sleuthkit.autopsy.coreutils.TimeZoneUtils
Definition: TimeZoneUtils.java:36

org.sleuthkit.autopsy.discovery.search.MiniTimelineResult
Definition: MiniTimelineResult.java:30

org.sleuthkit.autopsy.discovery.search.SearchData.Type
Definition: SearchData.java:453

org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository
Definition: CentralRepository.java:36

org.sleuthkit.autopsy.discovery.search.SearchData
Definition: SearchData.java:36

org.sleuthkit.autopsy.discovery.search.DomainSearchThumbnailCache.get
Image get(DomainSearchThumbnailRequest request)
Definition: DomainSearchThumbnailCache.java:49

org.sleuthkit.autopsy.discovery.search.SearchCancellationException
Definition: SearchCancellationException.java:27

org.sleuthkit.autopsy.discovery.search.SearchData.Type.DOMAIN
DOMAIN
Definition: SearchData.java:460

org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.AttributeType
Definition: DiscoveryAttributes.java:62

org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain
List< MiniTimelineResult > getAllArtifactsForDomain(SleuthkitCase sleuthkitCase, String domain)
Definition: DomainSearch.java:208

org.sleuthkit.autopsy

org.sleuthkit.autopsy.discovery.search.Group.GroupSortingAlgorithm
Definition: Group.java:146

org.sleuthkit.autopsy.discovery.search.DomainSearch.getDate
String getDate(BlackboardArtifact artifact)
Definition: DomainSearch.java:252

org.sleuthkit.autopsy.discovery.search.DomainSearch.getThumbnail
Image getThumbnail(DomainSearchThumbnailRequest thumbnailRequest)
Definition: DomainSearch.java:173

org.sleuthkit.autopsy.discovery.search.DomainSearch.DomainSearch
DomainSearch()
Definition: DomainSearch.java:48

org.sleuthkit.autopsy.discovery.search.DiscoveryKeyUtils
Definition: DiscoveryKeyUtils.java:46