Autopsy  4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
FilteredEventsModel.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.datamodel;
20 
21 import com.google.common.eventbus.EventBus;
22 import java.util.Collection;
23 import java.util.Collections;
24 import java.util.List;
25 import java.util.Map;
26 import java.util.Set;
27 import java.util.logging.Level;
28 import javafx.beans.Observable;
29 import javafx.beans.property.ReadOnlyObjectProperty;
30 import javafx.beans.property.ReadOnlyObjectWrapper;
31 import javafx.collections.ListChangeListener;
32 import javafx.collections.MapChangeListener;
33 import javax.annotation.concurrent.GuardedBy;
34 import org.joda.time.Interval;
65 import org.sleuthkit.datamodel.AbstractFile;
66 import org.sleuthkit.datamodel.BlackboardArtifact;
67 import org.sleuthkit.datamodel.BlackboardArtifactTag;
68 import org.sleuthkit.datamodel.Content;
69 import org.sleuthkit.datamodel.ContentTag;
70 import org.sleuthkit.datamodel.TagName;
71 import org.sleuthkit.datamodel.TskCoreException;
72 
95 public final class FilteredEventsModel {
96 
97  private static final Logger LOGGER = Logger.getLogger(FilteredEventsModel.class.getName());
98 
102  @GuardedBy("this")
103  private final ReadOnlyObjectWrapper<Interval> requestedTimeRange = new ReadOnlyObjectWrapper<>();
104 
105  @GuardedBy("this")
106  private final ReadOnlyObjectWrapper<RootFilter> requestedFilter = new ReadOnlyObjectWrapper<>();
107 
108  @GuardedBy("this")
109  private final ReadOnlyObjectWrapper< EventTypeZoomLevel> requestedTypeZoom = new ReadOnlyObjectWrapper<>(EventTypeZoomLevel.BASE_TYPE);
110 
111  @GuardedBy("this")
112  private final ReadOnlyObjectWrapper< DescriptionLoD> requestedLOD = new ReadOnlyObjectWrapper<>(DescriptionLoD.SHORT);
113 
114  @GuardedBy("this")
115  private final ReadOnlyObjectWrapper<ZoomParams> requestedZoomParamters = new ReadOnlyObjectWrapper<>();
116 
117  private final EventBus eventbus = new EventBus("FilteredEventsModel_EventBus"); //NON-NLS
118 
124  @GuardedBy("this")
125  private final EventsRepository repo;
126  private final Case autoCase;
127 
128  public FilteredEventsModel(EventsRepository repo, ReadOnlyObjectProperty<ZoomParams> currentStateProperty) {
129  this.repo = repo;
130  this.autoCase = repo.getAutoCase();
131  repo.getDatasourcesMap().addListener((MapChangeListener.Change<? extends Long, ? extends String> change) -> {
132  DataSourceFilter dataSourceFilter = new DataSourceFilter(change.getValueAdded(), change.getKey());
133  RootFilter rootFilter = filterProperty().get();
134  rootFilter.getDataSourcesFilter().addSubFilter(dataSourceFilter);
135  requestedFilter.set(rootFilter.copyOf());
136  });
137  repo.getHashSetMap().addListener((MapChangeListener.Change<? extends Long, ? extends String> change) -> {
138  HashSetFilter hashSetFilter = new HashSetFilter(change.getValueAdded(), change.getKey());
139  RootFilter rootFilter = filterProperty().get();
140  rootFilter.getHashHitsFilter().addSubFilter(hashSetFilter);
141  requestedFilter.set(rootFilter.copyOf());
142  });
143  repo.getTagNames().addListener((ListChangeListener.Change<? extends TagName> c) -> {
144  RootFilter rootFilter = filterProperty().get();
145  TagsFilter tagsFilter = rootFilter.getTagsFilter();
146  repo.syncTagsFilter(tagsFilter);
147  requestedFilter.set(rootFilter.copyOf());
148  });
150 
151  //TODO: use bindings to keep these in sync? -jm
152  requestedZoomParamters.addListener((Observable observable) -> {
153  final ZoomParams zoomParams = requestedZoomParamters.get();
154 
155  if (zoomParams != null) {
156  synchronized (FilteredEventsModel.this) {
157  requestedTypeZoom.set(zoomParams.getTypeZoomLevel());
158  requestedFilter.set(zoomParams.getFilter());
159  requestedTimeRange.set(zoomParams.getTimeRange());
160  requestedLOD.set(zoomParams.getDescriptionLOD());
161  }
162  }
163  });
164 
165  requestedZoomParamters.bind(currentStateProperty);
166  }
167 
173  synchronized public ReadOnlyObjectProperty<ZoomParams> zoomParametersProperty() {
174  return requestedZoomParamters.getReadOnlyProperty();
175  }
176 
182  synchronized public ZoomParams getZoomParamaters() {
183  return requestedZoomParamters.get();
184  }
185 
191  synchronized public ReadOnlyObjectProperty<Interval> timeRangeProperty() {
192  if (requestedTimeRange.get() == null) {
194  }
195  return requestedTimeRange.getReadOnlyProperty();
196  }
197 
198  synchronized public ReadOnlyObjectProperty<DescriptionLoD> descriptionLODProperty() {
199  return requestedLOD.getReadOnlyProperty();
200  }
201 
202  synchronized public ReadOnlyObjectProperty<RootFilter> filterProperty() {
203  return requestedFilter.getReadOnlyProperty();
204  }
205 
206  synchronized public ReadOnlyObjectProperty<EventTypeZoomLevel> eventTypeZoomProperty() {
207  return requestedTypeZoom.getReadOnlyProperty();
208  }
209 
215  synchronized public Interval getTimeRange() {
216  return timeRangeProperty().get();
217  }
218 
219  synchronized public DescriptionLoD getDescriptionLOD() {
220  return requestedLOD.get();
221  }
222 
223  synchronized public RootFilter getFilter() {
224  return requestedFilter.get();
225  }
226 
227  synchronized public EventTypeZoomLevel getEventTypeZoom() {
228  return requestedTypeZoom.get();
229  }
230 
235  DataSourcesFilter dataSourcesFilter = new DataSourcesFilter();
236 
237  repo.getDatasourcesMap().entrySet().stream().forEach((Map.Entry<Long, String> t) -> {
238  DataSourceFilter dataSourceFilter = new DataSourceFilter(t.getValue(), t.getKey());
239  dataSourceFilter.setSelected(Boolean.TRUE);
240  dataSourcesFilter.addSubFilter(dataSourceFilter);
241  });
242 
243  HashHitsFilter hashHitsFilter = new HashHitsFilter();
244  repo.getHashSetMap().entrySet().stream().forEach((Map.Entry<Long, String> t) -> {
245  HashSetFilter hashSetFilter = new HashSetFilter(t.getValue(), t.getKey());
246  hashSetFilter.setSelected(Boolean.TRUE);
247  hashHitsFilter.addSubFilter(hashSetFilter);
248  });
249 
250  TagsFilter tagsFilter = new TagsFilter();
251  repo.getTagNames().stream().forEach(t -> {
252  TagNameFilter tagNameFilter = new TagNameFilter(t, autoCase);
253  tagNameFilter.setSelected(Boolean.TRUE);
254  tagsFilter.addSubFilter(tagNameFilter);
255  });
256  return new RootFilter(new HideKnownFilter(), tagsFilter, hashHitsFilter, new TextFilter(), new TypeFilter(RootEventType.getInstance()), dataSourcesFilter, Collections.emptySet());
257  }
258 
259  public Interval getBoundingEventsInterval() {
261  }
262 
263  public SingleEvent getEventById(Long eventID) {
264  return repo.getEventById(eventID);
265  }
266 
267  public Set<SingleEvent> getEventsById(Collection<Long> eventIDs) {
268  return repo.getEventsById(eventIDs);
269  }
270 
279  public Map<String, Long> getTagCountsByTagName(Set<Long> eventIDsWithTags) {
280  return repo.getTagCountsByTagName(eventIDsWithTags);
281  }
282 
283  public List<Long> getEventIDs(Interval timeRange, Filter filter) {
284  final Interval overlap;
285  final RootFilter intersect;
286  synchronized (this) {
287  overlap = getSpanningInterval().overlap(timeRange);
288  intersect = requestedFilter.get().copyOf();
289  }
290  intersect.getSubFilters().add(filter);
291  return repo.getEventIDs(overlap, intersect);
292  }
293 
302  public List<CombinedEvent> getCombinedEvents() {
304  }
305 
316  public Map<EventType, Long> getEventCounts(Interval timeRange) {
317 
318  final RootFilter filter;
319  final EventTypeZoomLevel typeZoom;
320  synchronized (this) {
321  filter = requestedFilter.get();
322  typeZoom = requestedTypeZoom.get();
323  }
324  return repo.countEvents(new ZoomParams(timeRange, typeZoom, filter, null));
325  }
326 
331  public Interval getSpanningInterval() {
332  return new Interval(getMinTime() * 1000, 1000 + getMaxTime() * 1000);
333  }
334 
338  public Interval getSpanningInterval(Collection<Long> eventIDs) {
339  return repo.getSpanningInterval(eventIDs);
340  }
341 
347  public Long getMinTime() {
348  return repo.getMinTime();
349  }
350 
356  public Long getMaxTime() {
357  return repo.getMaxTime();
358  }
359 
365  public List<EventStripe> getEventStripes() {
366  final Interval range;
367  final RootFilter filter;
368  final EventTypeZoomLevel zoom;
369  final DescriptionLoD lod;
370  synchronized (this) {
371  range = requestedTimeRange.get();
372  filter = requestedFilter.get();
373  zoom = requestedTypeZoom.get();
374  lod = requestedLOD.get();
375  }
376  return repo.getEventStripes(new ZoomParams(range, zoom, filter, lod));
377  }
378 
386  public List<EventStripe> getEventStripes(ZoomParams params) {
387  return repo.getEventStripes(params);
388  }
389 
390  synchronized public boolean handleContentTagAdded(ContentTagAddedEvent evt) {
391  ContentTag contentTag = evt.getAddedTag();
392  Content content = contentTag.getContent();
393  Set<Long> updatedEventIDs = repo.addTag(content.getId(), null, contentTag, null);
394  return postTagsAdded(updatedEventIDs);
395  }
396 
397  synchronized public boolean handleArtifactTagAdded(BlackBoardArtifactTagAddedEvent evt) {
398  BlackboardArtifactTag artifactTag = evt.getAddedTag();
399  BlackboardArtifact artifact = artifactTag.getArtifact();
400  Set<Long> updatedEventIDs = repo.addTag(artifact.getObjectID(), artifact.getArtifactID(), artifactTag, null);
401  return postTagsAdded(updatedEventIDs);
402  }
403 
404  synchronized public boolean handleContentTagDeleted(ContentTagDeletedEvent evt) {
405  DeletedContentTagInfo deletedTagInfo = evt.getDeletedTagInfo();
406  try {
407  Content content = autoCase.getSleuthkitCase().getContentById(deletedTagInfo.getContentID());
408  boolean tagged = autoCase.getServices().getTagsManager().getContentTagsByContent(content).isEmpty() == false;
409  Set<Long> updatedEventIDs = repo.deleteTag(content.getId(), null, deletedTagInfo.getTagID(), tagged);
410  return postTagsDeleted(updatedEventIDs);
411  } catch (TskCoreException ex) {
412  LOGGER.log(Level.SEVERE, "unable to determine tagged status of content.", ex); //NON-NLS
413  }
414  return false;
415  }
416 
419  try {
420  BlackboardArtifact artifact = autoCase.getSleuthkitCase().getBlackboardArtifact(deletedTagInfo.getArtifactID());
421  boolean tagged = autoCase.getServices().getTagsManager().getBlackboardArtifactTagsByArtifact(artifact).isEmpty() == false;
422  Set<Long> updatedEventIDs = repo.deleteTag(artifact.getObjectID(), artifact.getArtifactID(), deletedTagInfo.getTagID(), tagged);
423  return postTagsDeleted(updatedEventIDs);
424  } catch (TskCoreException ex) {
425  LOGGER.log(Level.SEVERE, "unable to determine tagged status of artifact.", ex); //NON-NLS
426  }
427  return false;
428  }
429 
445  public List<Long> getEventIDsForFile(AbstractFile file, boolean includeDerivedArtifacts) {
446  return repo.getEventIDsForFile(file, includeDerivedArtifacts);
447  }
448 
458  public List<Long> getEventIDsForArtifact(BlackboardArtifact artifact) {
459  return repo.getEventIDsForArtifact(artifact);
460  }
461 
471  private boolean postTagsAdded(Set<Long> updatedEventIDs) {
472  boolean tagsUpdated = !updatedEventIDs.isEmpty();
473  if (tagsUpdated) {
474  eventbus.post(new TagsAddedEvent(updatedEventIDs));
475  }
476  return tagsUpdated;
477  }
478 
488  private boolean postTagsDeleted(Set<Long> updatedEventIDs) {
489  boolean tagsUpdated = !updatedEventIDs.isEmpty();
490  if (tagsUpdated) {
491  eventbus.post(new TagsDeletedEvent(updatedEventIDs));
492  }
493  return tagsUpdated;
494  }
495 
502  synchronized public void registerForEvents(Object o) {
503  eventbus.register(o);
504  }
505 
511  synchronized public void unRegisterForEvents(Object o) {
512  eventbus.unregister(o);
513  }
514 
518  public void postDBUpdated() {
519  eventbus.post(new DBUpdatedEvent());
520  }
521 
525  public void postRefreshRequest() {
526  eventbus.post(new RefreshRequestedEvent());
527  }
528 
534  eventbus.post(event);
535  }
536 
537 }
List< Long > getEventIDsForArtifact(BlackboardArtifact artifact)
List< Long > getEventIDsForFile(AbstractFile file, boolean includeDerivedArtifacts)
final ReadOnlyObjectWrapper< ZoomParams > requestedZoomParamters
Map< String, Long > getTagCountsByTagName(Set< Long > eventIDsWithTags)
synchronized ObservableMap< Long, String > getHashSetMap()
synchronized Map< EventType, Long > countEvents(ZoomParams params)
synchronized List< EventStripe > getEventStripes(ZoomParams params)
synchronized ObservableMap< Long, String > getDatasourcesMap()
Interval getSpanningInterval(Collection< Long > eventIDs)
synchronized ReadOnlyObjectProperty< EventTypeZoomLevel > eventTypeZoomProperty()
synchronized boolean handleArtifactTagAdded(BlackBoardArtifactTagAddedEvent evt)
List< ContentTag > getContentTagsByContent(Content content)
Map< EventType, Long > getEventCounts(Interval timeRange)
synchronized Set< Long > deleteTag(long objID, Long artifactID, long tagID, boolean tagged)
synchronized boolean handleContentTagDeleted(ContentTagDeletedEvent evt)
List< Long > getEventIDsForFile(AbstractFile file, boolean includeDerivedArtifacts)
synchronized ReadOnlyObjectProperty< ZoomParams > zoomParametersProperty()
synchronized Set< Long > addTag(long objID, Long artifactID, Tag tag, EventDB.EventTransaction trans)
List< Long > getEventIDsForArtifact(BlackboardArtifact artifact)
synchronized ReadOnlyObjectProperty< RootFilter > filterProperty()
synchronized boolean handleContentTagAdded(ContentTagAddedEvent evt)
synchronized Set< SingleEvent > getEventsById(Collection< Long > eventIDs)
List< CombinedEvent > getCombinedEvents(Interval timeRange, RootFilter filter)
Set< SingleEvent > getEventsById(Collection< Long > eventIDs)
final ReadOnlyObjectWrapper< EventTypeZoomLevel > requestedTypeZoom
synchronized boolean handleArtifactTagDeleted(BlackBoardArtifactTagDeletedEvent evt)
Map< String, Long > getTagCountsByTagName(Set< Long > eventIDsWithTags)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
Interval getBoundingEventsInterval(Interval timeRange, RootFilter filter)
synchronized ReadOnlyObjectProperty< DescriptionLoD > descriptionLODProperty()
List< Long > getEventIDs(Interval timeRange, Filter filter)
synchronized ReadOnlyObjectProperty< Interval > timeRangeProperty()
List< Long > getEventIDs(Interval timeRange, RootFilter filter)
final ReadOnlyObjectWrapper< DescriptionLoD > requestedLOD
List< BlackboardArtifactTag > getBlackboardArtifactTagsByArtifact(BlackboardArtifact artifact)

Copyright © 2012-2018 Basis Technology. Generated on: Tue Dec 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.