Sleuth Kit Java Bindings (JNI)  4.9.0
Java bindings for using The Sleuth Kit
CaseDatabaseFactory.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.io.File;
22 import java.io.UnsupportedEncodingException;
23 import java.net.URLEncoder;
24 import java.sql.Connection;
25 import java.sql.DriverManager;
26 import java.sql.SQLException;
27 import java.sql.Statement;
28 import java.util.Properties;
29 import java.util.logging.Logger;
30 import java.util.logging.Level;
31 import org.sleuthkit.datamodel.SQLHelper.PostgreSQLHelper;
32 import org.sleuthkit.datamodel.SQLHelper.SQLiteHelper;
33 
37 class CaseDatabaseFactory {
38 
39  private static final Logger logger = Logger.getLogger(CaseDatabaseFactory.class.getName());
40  private final SQLHelper dbQueryHelper;
41  private final DbCreationHelper dbCreationHelper;
42 
48  CaseDatabaseFactory(String dbPath) {
49  this.dbQueryHelper = new SQLiteHelper();
50  this.dbCreationHelper = new SQLiteDbCreationHelper(dbPath);
51  }
52 
63  CaseDatabaseFactory(String caseName, CaseDbConnectionInfo info) {
64  this.dbQueryHelper = new PostgreSQLHelper();
65  this.dbCreationHelper = new PostgreSQLDbCreationHelper(caseName, info);
66  }
67 
74  void createCaseDatabase() throws TskCoreException {
75  createDatabase();
76  initializeSchema();
77  }
78 
84  private void createDatabase() throws TskCoreException {
85  dbCreationHelper.createDatabase();
86  }
87 
93  private void initializeSchema() throws TskCoreException {
94  try (Connection conn = dbCreationHelper.getConnection()) {
95  // Perform any needed steps before creating the tables
96  dbCreationHelper.performPreInitialization(conn);
97 
98  // Add schema version
99  addDbInfo(conn);
100 
101  // Add tables
102  addTables(conn);
103  dbCreationHelper.performPostTableInitialization(conn);
104 
105  // Add indexes
106  addIndexes(conn);
107  } catch (SQLException ex) {
108  throw new TskCoreException("Error initializing case database", ex);
109  }
110  }
111 
119  private void addDbInfo(Connection conn) throws TskCoreException {
120  CaseDbSchemaVersionNumber version = SleuthkitCase.CURRENT_DB_SCHEMA_VERSION;
121  long tskVersionNum = SleuthkitJNI.getSleuthkitVersion(); // This is the current version of TSK
122 
123  try (Statement stmt = conn.createStatement()) {
124  stmt.execute("CREATE TABLE tsk_db_info (schema_ver INTEGER, tsk_ver INTEGER, schema_minor_ver INTEGER)");
125  stmt.execute("INSERT INTO tsk_db_info (schema_ver, tsk_ver, schema_minor_ver) VALUES (" +
126  version.getMajor() + ", " + tskVersionNum + ", " + version.getMinor() + ");");
127 
128  stmt.execute("CREATE TABLE tsk_db_info_extended (name TEXT PRIMARY KEY, value TEXT NOT NULL);");
129  stmt.execute("INSERT INTO tsk_db_info_extended (name, value) VALUES ('TSK_VERSION', '" + tskVersionNum + "');");
130  stmt.execute("INSERT INTO tsk_db_info_extended (name, value) VALUES ('SCHEMA_MAJOR_VERSION', '" + version.getMajor() + "');");
131  stmt.execute("INSERT INTO tsk_db_info_extended (name, value) VALUES ('SCHEMA_MINOR_VERSION', '" + version.getMinor() + "');");
132  stmt.execute("INSERT INTO tsk_db_info_extended (name, value) VALUES ('CREATION_SCHEMA_MAJOR_VERSION', '" + version.getMajor() + "');");
133  stmt.execute("INSERT INTO tsk_db_info_extended (name, value) VALUES ('CREATION_SCHEMA_MINOR_VERSION', '" + version.getMinor() + "');");
134  } catch (SQLException ex) {
135  throw new TskCoreException("Error initializing db_info tables", ex);
136  }
137  }
138 
146  private void addTables(Connection conn) throws TskCoreException {
147  try (Statement stmt = conn.createStatement()) {
148  createFileTables(stmt);
149  createArtifactTables(stmt);
150  createTagTables(stmt);
151  createIngestTables(stmt);
152  createAccountTables(stmt);
153  createEventTables(stmt);
154  } catch (SQLException ex) {
155  throw new TskCoreException("Error initializing tables", ex);
156  }
157  }
158 
159  private void createFileTables(Statement stmt) throws SQLException {
160  // The UNIQUE here on the object ID is to create an index
161  stmt.execute("CREATE TABLE tsk_objects (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, par_obj_id " + dbQueryHelper.getBigIntType()
162  + ", type INTEGER NOT NULL, UNIQUE (obj_id), FOREIGN KEY (par_obj_id) REFERENCES tsk_objects (obj_id) ON DELETE CASCADE)");
163 
164  stmt.execute("CREATE TABLE tsk_image_info (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, type INTEGER, ssize INTEGER, "
165  + "tzone TEXT, size " + dbQueryHelper.getBigIntType() + ", md5 TEXT, sha1 TEXT, sha256 TEXT, display_name TEXT, "
166  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
167 
168  stmt.execute("CREATE TABLE tsk_image_names (obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, name TEXT NOT NULL, "
169  + "sequence INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
170 
171  stmt.execute("CREATE TABLE tsk_vs_info (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, vs_type INTEGER NOT NULL, "
172  + "img_offset " + dbQueryHelper.getBigIntType() + " NOT NULL, block_size " + dbQueryHelper.getBigIntType() + " NOT NULL, "
173  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
174 
175  stmt.execute("CREATE TABLE tsk_vs_parts (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
176  + "addr " + dbQueryHelper.getBigIntType() + " NOT NULL, start " + dbQueryHelper.getBigIntType() + " NOT NULL, "
177  + "length " + dbQueryHelper.getBigIntType() + " NOT NULL, "
178  + dbQueryHelper.getVSDescColName() + " TEXT, "
179  + "flags INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE);");
180 
181  stmt.execute("CREATE TABLE tsk_pool_info (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
182  + "pool_type INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE);");
183 
184  stmt.execute("CREATE TABLE data_source_info (obj_id " + dbQueryHelper.getBigIntType() + " PRIMARY KEY, device_id TEXT NOT NULL, "
185  + "time_zone TEXT NOT NULL, acquisition_details TEXT, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
186 
187  stmt.execute("CREATE TABLE tsk_fs_info (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
188  + "data_source_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
189  + "img_offset " + dbQueryHelper.getBigIntType() + " NOT NULL, fs_type INTEGER NOT NULL, "
190  + "block_size " + dbQueryHelper.getBigIntType() + " NOT NULL, "
191  + "block_count " + dbQueryHelper.getBigIntType() + " NOT NULL, root_inum " + dbQueryHelper.getBigIntType() + " NOT NULL, "
192  + "first_inum " + dbQueryHelper.getBigIntType() + " NOT NULL, last_inum " + dbQueryHelper.getBigIntType() + " NOT NULL, "
193  + "display_name TEXT, "
194  + "FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id) ON DELETE CASCADE, "
195  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
196 
197  stmt.execute("CREATE TABLE tsk_files (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
198  + "fs_obj_id " + dbQueryHelper.getBigIntType() + ", data_source_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
199  + "attr_type INTEGER, attr_id INTEGER, "
200  + "name TEXT NOT NULL, meta_addr " + dbQueryHelper.getBigIntType() + ", meta_seq " + dbQueryHelper.getBigIntType() + ", "
201  + "type INTEGER, has_layout INTEGER, has_path INTEGER, "
202  + "dir_type INTEGER, meta_type INTEGER, dir_flags INTEGER, meta_flags INTEGER, size " + dbQueryHelper.getBigIntType() + ", "
203  + "ctime " + dbQueryHelper.getBigIntType() + ", "
204  + "crtime " + dbQueryHelper.getBigIntType() + ", atime " + dbQueryHelper.getBigIntType() + ", "
205  + "mtime " + dbQueryHelper.getBigIntType() + ", mode INTEGER, uid INTEGER, gid INTEGER, md5 TEXT, known INTEGER, "
206  + "parent_path TEXT, mime_type TEXT, extension TEXT, "
207  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
208  + "FOREIGN KEY(fs_obj_id) REFERENCES tsk_fs_info(obj_id) ON DELETE CASCADE, "
209  + "FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id) ON DELETE CASCADE)");
210 
211  stmt.execute("CREATE TABLE file_encoding_types (encoding_type INTEGER PRIMARY KEY, name TEXT NOT NULL)");
212 
213  stmt.execute("CREATE TABLE tsk_files_path (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, path TEXT NOT NULL, "
214  + "encoding_type INTEGER NOT NULL, FOREIGN KEY(encoding_type) references file_encoding_types(encoding_type), "
215  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
216 
217  stmt.execute("CREATE TABLE tsk_files_derived (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
218  + "derived_id " + dbQueryHelper.getBigIntType() + " NOT NULL, rederive TEXT, "
219  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
220 
221  stmt.execute("CREATE TABLE tsk_files_derived_method (derived_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
222  + "tool_name TEXT NOT NULL, tool_version TEXT NOT NULL, other TEXT)");
223 
224  stmt.execute("CREATE TABLE tsk_file_layout (obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
225  + "byte_start " + dbQueryHelper.getBigIntType() + " NOT NULL, byte_len " + dbQueryHelper.getBigIntType() + " NOT NULL, "
226  + "sequence INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE);");
227 
228  stmt.execute("CREATE TABLE reports (obj_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, path TEXT NOT NULL, "
229  + "crtime INTEGER NOT NULL, src_module_name TEXT NOT NULL, report_name TEXT NOT NULL, "
230  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE);");
231  }
232 
233  private void createArtifactTables(Statement stmt) throws SQLException {
234  stmt.execute("CREATE TABLE blackboard_artifact_types (artifact_type_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
235  + "type_name TEXT NOT NULL, display_name TEXT)");
236 
237  stmt.execute("CREATE TABLE blackboard_attribute_types (attribute_type_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
238  + "type_name TEXT NOT NULL, display_name TEXT, value_type INTEGER NOT NULL)");
239 
240  stmt.execute("CREATE TABLE review_statuses (review_status_id INTEGER PRIMARY KEY, "
241  + "review_status_name TEXT NOT NULL, "
242  + "display_name TEXT NOT NULL)");
243 
244  stmt.execute("CREATE TABLE blackboard_artifacts (artifact_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
245  + "obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
246  + "artifact_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
247  + "data_source_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
248  + "artifact_type_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
249  + "review_status_id INTEGER NOT NULL, "
250  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
251  + "FOREIGN KEY(artifact_obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
252  + "FOREIGN KEY(data_source_obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
253  + "FOREIGN KEY(artifact_type_id) REFERENCES blackboard_artifact_types(artifact_type_id), "
254  + "FOREIGN KEY(review_status_id) REFERENCES review_statuses(review_status_id))");
255 
256  /* Binary representation of BYTEA is a bunch of bytes, which could
257  * include embedded nulls so we have to pay attention to field length.
258  * http://www.postgresql.org/docs/9.4/static/libpq-example.html
259  */
260  stmt.execute("CREATE TABLE blackboard_attributes (artifact_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
261  + "artifact_type_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
262  + "source TEXT, context TEXT, attribute_type_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
263  + "value_type INTEGER NOT NULL, value_byte " + dbQueryHelper.getBlobType() + ", "
264  + "value_text TEXT, value_int32 INTEGER, value_int64 " + dbQueryHelper.getBigIntType() + ", value_double NUMERIC(20, 10), "
265  + "FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id) ON DELETE CASCADE, "
266  + "FOREIGN KEY(artifact_type_id) REFERENCES blackboard_artifact_types(artifact_type_id), "
267  + "FOREIGN KEY(attribute_type_id) REFERENCES blackboard_attribute_types(attribute_type_id))");
268  }
269 
270  private void createTagTables(Statement stmt) throws SQLException {
271  stmt.execute("CREATE TABLE tsk_tag_sets (tag_set_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, name TEXT UNIQUE)");
272  stmt.execute("CREATE TABLE tag_names (tag_name_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, display_name TEXT UNIQUE, "
273  + "description TEXT NOT NULL, color TEXT NOT NULL, knownStatus INTEGER NOT NULL,"
274  + " tag_set_id " + dbQueryHelper.getBigIntType() + ", rank INTEGER, FOREIGN KEY(tag_set_id) REFERENCES tsk_tag_sets(tag_set_id) ON DELETE SET NULL)");
275 
276  stmt.execute("CREATE TABLE tsk_examiners (examiner_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
277  + "login_name TEXT NOT NULL, display_name TEXT, UNIQUE(login_name))");
278 
279  stmt.execute("CREATE TABLE content_tags (tag_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
280  + "obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, tag_name_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
281  + "comment TEXT NOT NULL, begin_byte_offset " + dbQueryHelper.getBigIntType() + " NOT NULL, "
282  + "end_byte_offset " + dbQueryHelper.getBigIntType() + " NOT NULL, "
283  + "examiner_id " + dbQueryHelper.getBigIntType() + ", "
284  + "FOREIGN KEY(examiner_id) REFERENCES tsk_examiners(examiner_id) ON DELETE CASCADE, "
285  + "FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
286  + "FOREIGN KEY(tag_name_id) REFERENCES tag_names(tag_name_id) ON DELETE CASCADE)");
287 
288  stmt.execute("CREATE TABLE blackboard_artifact_tags (tag_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
289  + "artifact_id " + dbQueryHelper.getBigIntType() + " NOT NULL, tag_name_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
290  + "comment TEXT NOT NULL, examiner_id " + dbQueryHelper.getBigIntType() + ", "
291  + "FOREIGN KEY(examiner_id) REFERENCES tsk_examiners(examiner_id) ON DELETE CASCADE, "
292  + "FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id) ON DELETE CASCADE, "
293  + "FOREIGN KEY(tag_name_id) REFERENCES tag_names(tag_name_id) ON DELETE CASCADE)");
294  }
295 
302  private void addIndexes(Connection conn) throws TskCoreException {
303  try (Statement stmt = conn.createStatement()) {
304  // tsk_objects index
305  stmt.execute("CREATE INDEX parObjId ON tsk_objects(par_obj_id)");
306 
307  // file layout index
308  stmt.execute("CREATE INDEX layout_objID ON tsk_file_layout(obj_id)");
309 
310  // blackboard indexes
311  stmt.execute("CREATE INDEX artifact_objID ON blackboard_artifacts(obj_id)");
312  stmt.execute("CREATE INDEX artifact_artifact_objID ON blackboard_artifacts(artifact_obj_id)");
313  stmt.execute("CREATE INDEX artifact_typeID ON blackboard_artifacts(artifact_type_id)");
314  stmt.execute("CREATE INDEX attrsArtifactID ON blackboard_attributes(artifact_id)");
315 
316  //file type indexes
317  stmt.execute("CREATE INDEX mime_type ON tsk_files(dir_type,mime_type,type)");
318  stmt.execute("CREATE INDEX file_extension ON tsk_files(extension)");
319 
320  // account indexes
321  stmt.execute("CREATE INDEX relationships_account1 ON account_relationships(account1_id)");
322  stmt.execute("CREATE INDEX relationships_account2 ON account_relationships(account2_id)");
323  stmt.execute("CREATE INDEX relationships_relationship_source_obj_id ON account_relationships(relationship_source_obj_id)");
324  stmt.execute("CREATE INDEX relationships_date_time ON account_relationships(date_time)");
325  stmt.execute("CREATE INDEX relationships_relationship_type ON account_relationships(relationship_type)");
326  stmt.execute("CREATE INDEX relationships_data_source_obj_id ON account_relationships(data_source_obj_id)");
327 
328  //tsk_events indices
329  stmt.execute("CREATE INDEX events_data_source_obj_id ON tsk_event_descriptions(data_source_obj_id)");
330  stmt.execute("CREATE INDEX events_content_obj_id ON tsk_event_descriptions(content_obj_id)");
331  stmt.execute("CREATE INDEX events_artifact_id ON tsk_event_descriptions(artifact_id)");
332  stmt.execute("CREATE INDEX events_sub_type_time ON tsk_events(event_type_id, time)");
333  stmt.execute("CREATE INDEX events_time ON tsk_events(time)");
334  } catch (SQLException ex) {
335  throw new TskCoreException("Error initializing db_info tables", ex);
336  }
337  }
338 
339  private void createIngestTables(Statement stmt) throws SQLException {
340  stmt.execute("CREATE TABLE ingest_module_types (type_id INTEGER PRIMARY KEY, type_name TEXT NOT NULL)");
341 
342  stmt.execute("CREATE TABLE ingest_job_status_types (type_id INTEGER PRIMARY KEY, type_name TEXT NOT NULL)");
343 
344  stmt.execute("CREATE TABLE ingest_modules (ingest_module_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
345  + "display_name TEXT NOT NULL, unique_name TEXT UNIQUE NOT NULL, type_id INTEGER NOT NULL, "
346  + "version TEXT NOT NULL, FOREIGN KEY(type_id) REFERENCES ingest_module_types(type_id) ON DELETE CASCADE);");
347 
348  stmt.execute("CREATE TABLE ingest_jobs (ingest_job_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
349  + "obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, host_name TEXT NOT NULL, "
350  + "start_date_time " + dbQueryHelper.getBigIntType() + " NOT NULL, "
351  + "end_date_time " + dbQueryHelper.getBigIntType() + " NOT NULL, status_id INTEGER NOT NULL, "
352  + "settings_dir TEXT, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
353  + "FOREIGN KEY(status_id) REFERENCES ingest_job_status_types(type_id) ON DELETE CASCADE);");
354 
355  stmt.execute("CREATE TABLE ingest_job_modules (ingest_job_id INTEGER, ingest_module_id INTEGER, "
356  + "pipeline_position INTEGER, PRIMARY KEY(ingest_job_id, ingest_module_id), "
357  + "FOREIGN KEY(ingest_job_id) REFERENCES ingest_jobs(ingest_job_id) ON DELETE CASCADE, "
358  + "FOREIGN KEY(ingest_module_id) REFERENCES ingest_modules(ingest_module_id) ON DELETE CASCADE);");
359  }
360 
361  private void createAccountTables(Statement stmt) throws SQLException {
362  stmt.execute("CREATE TABLE account_types (account_type_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
363  + "type_name TEXT UNIQUE NOT NULL, display_name TEXT NOT NULL)");
364 
365  stmt.execute("CREATE TABLE accounts (account_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
366  + "account_type_id INTEGER NOT NULL, account_unique_identifier TEXT NOT NULL, "
367  + "UNIQUE(account_type_id, account_unique_identifier), "
368  + "FOREIGN KEY(account_type_id) REFERENCES account_types(account_type_id))");
369 
370  stmt.execute("CREATE TABLE account_relationships (relationship_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
371  + "account1_id INTEGER NOT NULL, account2_id INTEGER NOT NULL, "
372  + "relationship_source_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
373  + "date_time " + dbQueryHelper.getBigIntType() + ", relationship_type INTEGER NOT NULL, "
374  + "data_source_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
375  + "UNIQUE(account1_id, account2_id, relationship_source_obj_id), "
376  + "FOREIGN KEY(account1_id) REFERENCES accounts(account_id), "
377  + "FOREIGN KEY(account2_id) REFERENCES accounts(account_id), "
378  + "FOREIGN KEY(relationship_source_obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
379  + "FOREIGN KEY(data_source_obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
380  }
381 
382  private void createEventTables(Statement stmt) throws SQLException {
383  stmt.execute("CREATE TABLE tsk_event_types ("
384  + " event_type_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY,"
385  + " display_name TEXT UNIQUE NOT NULL , "
386  + " super_type_id INTEGER REFERENCES tsk_event_types(event_type_id) )");
387 
388  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(0, 'Event Types', null)");
389  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(1, 'File System', 0)");
390  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(2, 'Web Activity', 0)");
391  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(3, 'Misc Types', 0)");
392  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(4, 'Modified', 1)");
393  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(5, 'Accessed', 1)");
394  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(6, 'Created', 1)");
395  stmt.execute("INSERT INTO tsk_event_types(event_type_id, display_name, super_type_id) VALUES(7, 'Changed', 1)");
396  /*
397  * Regarding the timeline event tables schema, note that several columns
398  * in the tsk_event_descriptions table seem, at first glance, to be
399  * attributes of events rather than their descriptions and would appear
400  * to belong in tsk_events table instead. The rationale for putting the
401  * data source object ID, content object ID, artifact ID and the flags
402  * indicating whether or not the event source has a hash set hit or is
403  * tagged were motivated by the fact that these attributes are identical
404  * for each event in a set of file system file MAC time events. The
405  * decision was made to avoid duplication and save space by placing this
406  * data in the tsk_event-descriptions table.
407  */
408  stmt.execute(
409  "CREATE TABLE tsk_event_descriptions ( "
410  + " event_description_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
411  + " full_description TEXT NOT NULL, "
412  + " med_description TEXT, "
413  + " short_description TEXT,"
414  + " data_source_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
415  + " content_obj_id " + dbQueryHelper.getBigIntType() + " NOT NULL, "
416  + " artifact_id " + dbQueryHelper.getBigIntType() + ", "
417  + " hash_hit INTEGER NOT NULL, " //boolean
418  + " tagged INTEGER NOT NULL, " //boolean
419  + " FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id) ON DELETE CASCADE, "
420  + " FOREIGN KEY(content_obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE, "
421  + " FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id) ON DELETE CASCADE,"
422  + " UNIQUE (full_description, content_obj_id, artifact_id))");
423 
424  stmt.execute(
425  "CREATE TABLE tsk_events ("
426  + " event_id " + dbQueryHelper.getPrimaryKey() + " PRIMARY KEY, "
427  + " event_type_id " + dbQueryHelper.getBigIntType() + " NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
428  + " event_description_id " + dbQueryHelper.getBigIntType() + " NOT NULL REFERENCES tsk_event_descriptions(event_description_id) ON DELETE CASCADE ,"
429  + " time " + dbQueryHelper.getBigIntType() + " NOT NULL , "
430  + " UNIQUE (event_type_id, event_description_id, time))");
431  }
432 
436  private abstract class DbCreationHelper {
437 
443  abstract void createDatabase() throws TskCoreException;
444 
450  abstract Connection getConnection() throws TskCoreException;
451 
460  abstract void performPreInitialization(Connection conn) throws TskCoreException;
461 
468  abstract void performPostTableInitialization(Connection conn) throws TskCoreException;
469  }
470 
474  private class PostgreSQLDbCreationHelper extends DbCreationHelper {
475 
476  private final static String JDBC_BASE_URI = "jdbc:postgresql://"; // NON-NLS
477  private final static String JDBC_DRIVER = "org.postgresql.Driver"; // NON-NLS
478 
479  final private String caseName;
480  final private CaseDbConnectionInfo info;
481 
482  PostgreSQLDbCreationHelper(String caseName, CaseDbConnectionInfo info) {
483  this.caseName = caseName;
484  this.info = info;
485  }
486 
487  @Override
488  void createDatabase() throws TskCoreException{
489  try(Connection conn = getPostgresConnection();
490  Statement stmt = conn.createStatement()) {
491  stmt.execute("CREATE DATABASE \"" + caseName + "\" WITH ENCODING='UTF8'");
492  } catch (SQLException ex) {
493  throw new TskCoreException("Error creating PostgreSQL case " + caseName, ex);
494  }
495  }
496 
497  @Override
498  Connection getConnection() throws TskCoreException {
499  return getConnection(caseName);
500  }
501 
507  Connection getPostgresConnection() throws TskCoreException {
508  return getConnection("postgres");
509  }
510 
518  Connection getConnection(String databaseName) throws TskCoreException {
519  String encodedDbName;
520  try {
521  encodedDbName = URLEncoder.encode(databaseName, "UTF-8");
522  } catch (UnsupportedEncodingException ex) {
523  // Print the warning and continue with the unencoded name
524  logger.log(Level.WARNING, "Error encoding database name " + databaseName, ex);
525  encodedDbName = databaseName;
526  }
527 
528  StringBuilder url = new StringBuilder();
529  url.append(JDBC_BASE_URI)
530  .append(info.getHost())
531  .append('/') // NON-NLS
532  .append(encodedDbName);
533 
534  Connection conn;
535  try {
536  Properties props = new Properties();
537  props.setProperty("user", info.getUserName()); // NON-NLS
538  props.setProperty("password", info.getPassword()); // NON-NLS
539 
540  Class.forName(JDBC_DRIVER);
541  conn = DriverManager.getConnection(url.toString(), props);
542  } catch (ClassNotFoundException | SQLException ex) {
543  throw new TskCoreException("Failed to acquire ephemeral connection to PostgreSQL database " + databaseName, ex); // NON-NLS
544  }
545  return conn;
546  }
547 
548  @Override
549  void performPreInitialization(Connection conn) throws TskCoreException {
550  // Nothing to do here for PostgreSQL
551  }
552 
553  @Override
554  void performPostTableInitialization(Connection conn) throws TskCoreException {
555  try (Statement stmt = conn.createStatement()) {
556  stmt.execute("ALTER SEQUENCE blackboard_artifacts_artifact_id_seq minvalue -9223372036854775808 restart with -9223372036854775808");
557  } catch (SQLException ex) {
558  throw new TskCoreException("Error altering artifact ID sequence", ex);
559  }
560  }
561  }
562 
566  private class SQLiteDbCreationHelper extends DbCreationHelper {
567 
568  private final static String PRAGMA_SYNC_OFF = "PRAGMA synchronous = OFF"; // NON-NLS
569  private final static String PRAGMA_READ_UNCOMMITTED_TRUE = "PRAGMA read_uncommitted = True"; // NON-NLS
570  private final static String PRAGMA_ENCODING_UTF8 = "PRAGMA encoding = 'UTF-8'"; // NON-NLS
571  private final static String PRAGMA_PAGE_SIZE_4096 = "PRAGMA page_size = 4096"; // NON-NLS
572  private final static String PRAGMA_FOREIGN_KEYS_ON = "PRAGMA foreign_keys = ON"; // NON-NLS
573 
574  private final static String JDBC_DRIVER = "org.sqlite.JDBC"; // NON-NLS
575  private final static String JDBC_BASE_URI = "jdbc:sqlite:"; // NON-NLS
576 
577  String dbPath;
578 
579  SQLiteDbCreationHelper(String dbPath) {
580  this.dbPath = dbPath;
581  }
582 
583  @Override
584  void createDatabase() throws TskCoreException {
585  // SQLite doesn't need to explicitly create the case database but we will
586  // check that the folder exists and the database does not
587  File dbFile = new File(dbPath);
588  if (dbFile.exists()) {
589  throw new TskCoreException("Case database already exists : " + dbPath);
590  }
591 
592  if (dbFile.getParentFile() != null && !dbFile.getParentFile().exists()) {
593  throw new TskCoreException("Case database folder does not exist : " + dbFile.getParent());
594  }
595  }
596 
597  @Override
598  Connection getConnection() throws TskCoreException {
599 
600  StringBuilder url = new StringBuilder();
601  url.append(JDBC_BASE_URI)
602  .append(dbPath);
603 
604  Connection conn;
605  try {
606  Class.forName(JDBC_DRIVER);
607  conn = DriverManager.getConnection(url.toString());
608  } catch (ClassNotFoundException | SQLException ex) {
609  throw new TskCoreException("Failed to acquire ephemeral connection SQLite database " + dbPath, ex); // NON-NLS
610  }
611  return conn;
612  }
613 
614  @Override
615  void performPreInitialization(Connection conn) throws TskCoreException {
616  try (Statement stmt = conn.createStatement()) {
617  stmt.execute(PRAGMA_SYNC_OFF);
618  stmt.execute(PRAGMA_READ_UNCOMMITTED_TRUE);
619  stmt.execute(PRAGMA_ENCODING_UTF8);
620  stmt.execute(PRAGMA_PAGE_SIZE_4096);
621  stmt.execute(PRAGMA_FOREIGN_KEYS_ON);
622  } catch (SQLException ex) {
623  throw new TskCoreException("Error setting pragmas", ex);
624  }
625  }
626 
627  @Override
628  void performPostTableInitialization(Connection conn) throws TskCoreException {
629  // Nothing to do here for SQLite
630  }
631  }
632 }

Copyright © 2011-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.