19 package org.sleuthkit.autopsy.centralrepository.eventlisteners;
21 import java.beans.PropertyChangeEvent;
22 import java.beans.PropertyChangeListener;
23 import java.util.List;
24 import java.util.logging.Level;
25 import java.util.stream.Collectors;
26 import org.openide.util.NbBundle.Messages;
55 @Messages({
"caseeventlistener.evidencetag=Evidence"})
66 LOGGER.log(Level.SEVERE,
"Failed to get instance of db manager.", ex);
69 switch (
Case.
Events.valueOf(evt.getPropertyName())) {
70 case CONTENT_TAG_ADDED:
71 case CONTENT_TAG_DELETED: {
77 TskData.FileKnown knownStatus;
83 final ContentTag tagAdded = tagAddedEvent.getAddedTag();
85 if(dbManager.
getBadTags().contains(tagAdded.getName().getDisplayName())){
86 if(tagAdded.getContent() instanceof AbstractFile){
87 af = (AbstractFile) tagAdded.getContent();
88 knownStatus = TskData.FileKnown.BAD;
89 comment = tagAdded.getComment();
91 LOGGER.log(Level.WARNING,
"Error updating non-file object");
106 if(! dbManager.
getBadTags().contains(tagName)){
118 .map(tag -> tag.getName().getDisplayName())
120 .collect(Collectors.toList())
124 if(content instanceof AbstractFile){
125 af = (AbstractFile) content;
126 knownStatus = TskData.FileKnown.UNKNOWN;
129 LOGGER.log(Level.WARNING,
"Error updating non-file object");
136 }
catch (TskCoreException ex){
137 LOGGER.log(Level.SEVERE,
"Failed to find content", ex);
143 knownStatus, comment);
145 if(eamArtifact != null){
149 Thread t =
new Thread(r);
155 case BLACKBOARD_ARTIFACT_TAG_DELETED:
156 case BLACKBOARD_ARTIFACT_TAG_ADDED: {
162 BlackboardArtifact bbArtifact;
163 TskData.FileKnown knownStatus;
169 final BlackboardArtifactTag tagAdded = tagAddedEvent.getAddedTag();
171 if(dbManager.
getBadTags().contains(tagAdded.getName().getDisplayName())){
172 content = tagAdded.getContent();
173 bbArtifact = tagAdded.getArtifact();
174 knownStatus = TskData.FileKnown.BAD;
175 comment = tagAdded.getComment();
189 if(! dbManager.
getBadTags().contains(tagName)){
202 .map(tag -> tag.getName().getDisplayName())
204 .collect(Collectors.toList())
208 knownStatus = TskData.FileKnown.UNKNOWN;
215 }
catch (TskCoreException ex){
216 LOGGER.log(Level.SEVERE,
"Failed to find content", ex);
221 if((content instanceof AbstractFile) && (((AbstractFile)content).getKnown() == TskData.FileKnown.KNOWN)){
227 eamArtifact.getInstances().get(0).setComment(comment);
230 Thread t =
new Thread(r);
237 case DATA_SOURCE_ADDED: {
243 Content newDataSource = dataSourceAddedEvent.
getDataSource();
251 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
252 }
catch (TskCoreException | TskDataException ex) {
253 LOGGER.log(Level.SEVERE,
"Error getting data source from DATA_SOURCE_ADDED event content.", ex);
263 if ((null == evt.getOldValue()) && (evt.getNewValue() instanceof
Case)) {
264 Case curCase = (
Case) evt.getNewValue();
270 .map(tag -> tag.getDisplayName())
271 .filter(tagName -> Bundle.caseeventlistener_evidencetag().equals(tagName))
272 .collect(Collectors.toList())
277 LOGGER.info(
"Evidence tag already exists");
278 }
catch (TskCoreException ex) {
279 LOGGER.log(Level.SEVERE,
"Error adding tag.", ex);
303 if (null == existingCase) {
307 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
320 if(evt.getNewValue() instanceof String){
321 String newName = (String)evt.getNewValue();
326 if (null != existingCase) {
331 LOGGER.log(Level.SEVERE,
"Error connecting to Central Repository database.", ex);
CorrelationCase getCaseByUUID(String caseUUID)
DeletedBlackboardArtifactTagInfo getDeletedTagInfo()
void newCase(CorrelationCase eamCase)
void setDisplayName(String displayName)
void updateCase(CorrelationCase eamCase)
TagsManager getTagsManager()
static EamDb getInstance()
List< String > getBadTags()
CorrelationDataSource getDataSourceDetails(String dataSourceDeviceId)
static CorrelationAttribute getEamArtifactFromContent(Content content, TskData.FileKnown knownStatus, String comment)
static boolean isEnabled()
SleuthkitCase getSleuthkitCase()
static CorrelationDataSource fromTSKDataSource(Content dataSource)
BLACKBOARD_ARTIFACT_TAG_ADDED
void propertyChange(PropertyChangeEvent evt)
static Case getCurrentCase()
synchronized static Logger getLogger(String name)
static EamOrganization getDefault()
DeletedContentTagInfo getDeletedTagInfo()
void newDataSource(CorrelationDataSource eamDataSource)
static boolean isCaseOpen()
static List< CorrelationAttribute > getCorrelationAttributeFromBlackboardArtifact(BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled)