Autopsy  4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
AbstractCommonAttributeSearcher.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2018 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.commonfilesearch;
21 
22 import java.sql.SQLException;
23 import java.util.ArrayList;
24 import java.util.List;
25 import java.util.Map;
26 import java.util.Set;
27 import java.util.TreeMap;
28 import java.util.stream.Collectors;
29 import java.util.stream.Stream;
30 import org.openide.util.NbBundle;
33 import org.sleuthkit.datamodel.TskCoreException;
34 
39 public abstract class AbstractCommonAttributeSearcher {
40 
41  private boolean filterByMedia;
42  private boolean filterByDoc;
43  final int frequencyPercentageThreshold;
44 
45  AbstractCommonAttributeSearcher(boolean filterByMedia, boolean filterByDoc, int percentageThreshold) {
46  this.filterByDoc = filterByDoc;
47  this.filterByMedia = filterByMedia;
48  this.frequencyPercentageThreshold = percentageThreshold;
49  }
50 
65  public abstract CommonAttributeCountSearchResults findMatchesByCount() throws TskCoreException, NoCurrentCaseException, SQLException, EamDbException;
66 
83  public abstract CommonAttributeCaseSearchResults findMatchesByCase() throws TskCoreException, NoCurrentCaseException, SQLException, EamDbException;
84 
91  abstract String getTabTitle();
92 
93  @NbBundle.Messages({
94  "AbstractCommonFilesMetadataBuilder.buildCategorySelectionString.doc=Documents",
95  "AbstractCommonFilesMetadataBuilder.buildCategorySelectionString.media=Media",
96  "AbstractCommonFilesMetadataBuilder.buildCategorySelectionString.all=All File Categories"
97  })
98 
99  String buildCategorySelectionString() {
100  if (!this.isFilterByDoc() && !this.isFilterByMedia()) {
101  return Bundle.AbstractCommonFilesMetadataBuilder_buildCategorySelectionString_all();
102  } else {
103  List<String> filters = new ArrayList<>();
104  if (this.isFilterByDoc()) {
105  filters.add(Bundle.AbstractCommonFilesMetadataBuilder_buildCategorySelectionString_doc());
106  }
107  if (this.isFilterByMedia()) {
108  filters.add(Bundle.AbstractCommonFilesMetadataBuilder_buildCategorySelectionString_media());
109  }
110  return String.join(", ", filters);
111  }
112  }
113 
122  @NbBundle.Messages({
123  "# {0} - threshold percent",
124  "AbstractCommonFilesMetadataBuilder.getPercentFilter.thresholdPercent=, Threshold {0}%"})
125  String getPercentThresholdString() {
126  if (frequencyPercentageThreshold == 0) {
127  return "";
128  } else {
129  return Bundle.AbstractCommonFilesMetadataBuilder_getPercentFilter_thresholdPercent(frequencyPercentageThreshold);
130  }
131  }
132 
133  static Map<Integer, CommonAttributeValueList> collateMatchesByNumberOfInstances(Map<String, CommonAttributeValue> commonFiles) {
134  //collate matches by number of matching instances - doing this in sql doesnt seem efficient
135  Map<Integer, CommonAttributeValueList> instanceCollatedCommonFiles = new TreeMap<>();
136 
137  for (CommonAttributeValue md5Metadata : commonFiles.values()) {
138  Integer size = md5Metadata.getInstanceCount();
139 
140  if (instanceCollatedCommonFiles.containsKey(size)) {
141  instanceCollatedCommonFiles.get(size).addMetadataToList(md5Metadata);
142  } else {
143  CommonAttributeValueList value = new CommonAttributeValueList();
144  value.addMetadataToList(md5Metadata);
145  instanceCollatedCommonFiles.put(size, value);
146  }
147  }
148  return instanceCollatedCommonFiles;
149  }
150 
151  /*
152  * The set of the MIME types that will be checked for extension mismatches
153  * when checkType is ONLY_MEDIA. ".jpg", ".jpeg", ".png", ".psd", ".nef",
154  * ".tiff", ".bmp", ".tec" ".aaf", ".3gp", ".asf", ".avi", ".m1v", ".m2v",
155  * //NON-NLS ".m4v", ".mp4", ".mov", ".mpeg", ".mpg", ".mpe", ".mp4", ".rm",
156  * ".wmv", ".mpv", ".flv", ".swf"
157  */
158  static final Set<String> MEDIA_PICS_VIDEO_MIME_TYPES = Stream.of(
159  "image/bmp", //NON-NLS
160  "image/gif", //NON-NLS
161  "image/jpeg", //NON-NLS
162  "image/png", //NON-NLS
163  "image/tiff", //NON-NLS
164  "image/vnd.adobe.photoshop", //NON-NLS
165  "image/x-raw-nikon", //NON-NLS
166  "image/x-ms-bmp", //NON-NLS
167  "image/x-icon", //NON-NLS
168  "video/webm", //NON-NLS
169  "video/3gpp", //NON-NLS
170  "video/3gpp2", //NON-NLS
171  "video/ogg", //NON-NLS
172  "video/mpeg", //NON-NLS
173  "video/mp4", //NON-NLS
174  "video/quicktime", //NON-NLS
175  "video/x-msvideo", //NON-NLS
176  "video/x-flv", //NON-NLS
177  "video/x-m4v", //NON-NLS
178  "video/x-ms-wmv", //NON-NLS
179  "application/vnd.ms-asf", //NON-NLS
180  "application/vnd.rn-realmedia", //NON-NLS
181  "application/x-shockwave-flash" //NON-NLS
182  ).collect(Collectors.toSet());
183 
184  /*
185  * The set of the MIME types that will be checked for extension mismatches
186  * when checkType is ONLY_TEXT_FILES. ".doc", ".docx", ".odt", ".xls",
187  * ".xlsx", ".ppt", ".pptx" ".txt", ".rtf", ".log", ".text", ".xml" ".html",
188  * ".htm", ".css", ".js", ".php", ".aspx" ".pdf"
189  */
190  static final Set<String> TEXT_FILES_MIME_TYPES = Stream.of(
191  "text/plain", //NON-NLS
192  "application/rtf", //NON-NLS
193  "application/pdf", //NON-NLS
194  "text/css", //NON-NLS
195  "text/html", //NON-NLS
196  "text/csv", //NON-NLS
197  "application/json", //NON-NLS
198  "application/javascript", //NON-NLS
199  "application/xml", //NON-NLS
200  "text/calendar", //NON-NLS
201  "application/x-msoffice", //NON-NLS
202  "application/x-ooxml", //NON-NLS
203  "application/msword", //NON-NLS
204  "application/vnd.openxmlformats-officedocument.wordprocessingml.document", //NON-NLS
205  "application/vnd.ms-powerpoint", //NON-NLS
206  "application/vnd.openxmlformats-officedocument.presentationml.presentation", //NON-NLS
207  "application/vnd.ms-excel", //NON-NLS
208  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet", //NON-NLS
209  "application/vnd.oasis.opendocument.presentation", //NON-NLS
210  "application/vnd.oasis.opendocument.spreadsheet", //NON-NLS
211  "application/vnd.oasis.opendocument.text" //NON-NLS
212  ).collect(Collectors.toSet());
213 
217  boolean isFilterByMedia() {
218  return filterByMedia;
219  }
220 
224  void setFilterByMedia(boolean filterByMedia) {
225  this.filterByMedia = filterByMedia;
226  }
227 
231  boolean isFilterByDoc() {
232  return filterByDoc;
233  }
234 
238  void setFilterByDoc(boolean filterByDoc) {
239  this.filterByDoc = filterByDoc;
240  }
241 }
abstract CommonAttributeCountSearchResults findMatchesByCount()
abstract CommonAttributeCaseSearchResults findMatchesByCase()

Copyright © 2012-2018 Basis Technology. Generated on: Tue Dec 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.