diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java index fbc955ca72..ad642a9cbc 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java @@ -433,36 +433,6 @@ public class DataContentViewerOtherCases extends javax.swing.JPanel implements D return Collections.emptyList(); } - /** - * Get the global file instances matching the given eamArtifact and convert - * them to central repository artifact instances. - * - * @param eamArtifact Artifact to use for ArtifactTypeEnum matching - * - * @return List of central repository artifact instances, empty list if none - * found - */ - public Collection getReferenceInstancesAsArtifactInstances(CorrelationAttribute eamArtifact) { - Collection eamArtifactInstances = new ArrayList<>(); - // FUTURE: support other reference types - if (eamArtifact.getCorrelationType().getId() != CorrelationAttribute.FILES_TYPE_ID) { - return Collections.emptyList(); - } - try { - EamDb dbManager = EamDb.getInstance(); - Collection eamGlobalFileInstances = dbManager.getReferenceInstancesByTypeValue(eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue()); - eamGlobalFileInstances.forEach((eamGlobalFileInstance) -> { - eamArtifactInstances.add(new CorrelationAttributeInstance( - null, null, "", eamGlobalFileInstance.getComment(), eamGlobalFileInstance.getKnownStatus(), CorrelationAttributeInstance.GlobalStatus.GLOBAL - )); - }); - return eamArtifactInstances; - } catch (EamDbException ex) { - LOGGER.log(Level.SEVERE, "Error getting reference instances from database.", ex); // NON-NLS - } - return Collections.emptyList(); - } - @Override public boolean isSupported(Node node) { if (!EamDb.isEnabled()) { @@ -517,7 +487,6 @@ public class DataContentViewerOtherCases extends javax.swing.JPanel implements D // get correlation and reference set instances from DB corAttrInstances.addAll(getCorrelatedInstances(corAttr, dataSourceName, deviceId)); - corAttrInstances.addAll(getReferenceInstancesAsArtifactInstances(corAttr)); corAttrInstances.forEach((corAttrInstance) -> { CorrelationAttribute newCeArtifact = new CorrelationAttribute( diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCasesTableModel.java b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCasesTableModel.java index 58395b7ad5..61bcd68211 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCasesTableModel.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCasesTableModel.java @@ -36,8 +36,7 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel { "DataContentViewerOtherCasesTableModel.path=Path", "DataContentViewerOtherCasesTableModel.type=Correlation Type", "DataContentViewerOtherCasesTableModel.value=Correlation Value", - "DataContentViewerOtherCasesTableModel.scope=Scope", - "DataContentViewerOtherCasesTableModel.known=Known", + "DataContentViewerOtherCasesTableModel.known=Tagged", "DataContentViewerOtherCasesTableModel.comment=Comment", "DataContentViewerOtherCasesTableModel.noData=No Data.",}) enum TableColumns { @@ -48,7 +47,6 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel { TYPE(Bundle.DataContentViewerOtherCasesTableModel_type(), 100), VALUE(Bundle.DataContentViewerOtherCasesTableModel_value(), 200), KNOWN(Bundle.DataContentViewerOtherCasesTableModel_known(), 50), - SCOPE(Bundle.DataContentViewerOtherCasesTableModel_scope(), 50), FILE_PATH(Bundle.DataContentViewerOtherCasesTableModel_path(), 450), COMMENT(Bundle.DataContentViewerOtherCasesTableModel_comment(), 200), DEVICE(Bundle.DataContentViewerOtherCasesTableModel_device(), 250); @@ -156,9 +154,6 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel { case VALUE: value = eamArtifact.getCorrelationValue(); break; - case SCOPE: - value = eamArtifactInstance.getGlobalStatus().toString(); - break; case KNOWN: value = eamArtifactInstance.getKnownStatus().getName(); break; diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java index 1dc372f81a..6930dda326 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java @@ -2172,8 +2172,7 @@ public abstract class AbstractSqlEamDb implements EamDb { new CorrelationDataSource(-1, resultSet.getInt("case_id"), resultSet.getString("device_id"), resultSet.getString("name")), resultSet.getString("file_path"), resultSet.getString("comment"), - TskData.FileKnown.valueOf(resultSet.getByte("known_status")), - CorrelationAttributeInstance.GlobalStatus.LOCAL + TskData.FileKnown.valueOf(resultSet.getByte("known_status")) ); return eamArtifactInstance; diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java index 196d5ab388..f75364c580 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java @@ -28,29 +28,12 @@ import org.sleuthkit.datamodel.TskData; * CorrelationAttribute. Includes its data source, path, etc. * */ -@Messages({"EamArtifactInstances.globalStatus.local=Local", - "EamArtifactInstances.globalStatus.global=Global", +@Messages({ "EamArtifactInstances.knownStatus.bad=Bad", "EamArtifactInstances.knownStatus.known=Known", "EamArtifactInstances.knownStatus.unknown=Unknown"}) public class CorrelationAttributeInstance implements Serializable { - public enum GlobalStatus { - LOCAL(Bundle.EamArtifactInstances_globalStatus_local()), - GLOBAL(Bundle.EamArtifactInstances_globalStatus_global()); - - private final String globalStatus; - - private GlobalStatus(String globalStatus) { - this.globalStatus = globalStatus; - } - - @Override - public String toString() { - return globalStatus; - } - } - private static final long serialVersionUID = 1L; private int ID; @@ -59,13 +42,12 @@ public class CorrelationAttributeInstance implements Serializable { private String filePath; private String comment; private TskData.FileKnown knownStatus; - private GlobalStatus globalStatus; public CorrelationAttributeInstance( CorrelationCase eamCase, CorrelationDataSource eamDataSource ) { - this(-1, eamCase, eamDataSource, "", null, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL); + this(-1, eamCase, eamDataSource, "", null, TskData.FileKnown.UNKNOWN); } public CorrelationAttributeInstance( @@ -73,7 +55,7 @@ public class CorrelationAttributeInstance implements Serializable { CorrelationDataSource eamDataSource, String filePath ) { - this(-1, eamCase, eamDataSource, filePath, null, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL); + this(-1, eamCase, eamDataSource, filePath, null, TskData.FileKnown.UNKNOWN); } public CorrelationAttributeInstance( @@ -82,7 +64,7 @@ public class CorrelationAttributeInstance implements Serializable { String filePath, String comment ) { - this(-1, eamCase, eamDataSource, filePath, comment, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL); + this(-1, eamCase, eamDataSource, filePath, comment, TskData.FileKnown.UNKNOWN); } public CorrelationAttributeInstance( @@ -90,20 +72,18 @@ public class CorrelationAttributeInstance implements Serializable { CorrelationDataSource eamDataSource, String filePath, String comment, - TskData.FileKnown knownStatus, - GlobalStatus globalStatus + TskData.FileKnown knownStatus ) { - this(-1, eamCase, eamDataSource, filePath, comment, knownStatus, globalStatus); + this(-1, eamCase, eamDataSource, filePath, comment, knownStatus); } - public CorrelationAttributeInstance( + CorrelationAttributeInstance( int ID, CorrelationCase eamCase, CorrelationDataSource eamDataSource, String filePath, String comment, - TskData.FileKnown knownStatus, - GlobalStatus globalStatus + TskData.FileKnown knownStatus ) { this.ID = ID; this.correlationCase = eamCase; @@ -112,7 +92,6 @@ public class CorrelationAttributeInstance implements Serializable { this.filePath = filePath.toLowerCase(); this.comment = comment; this.knownStatus = knownStatus; - this.globalStatus = globalStatus; } public Boolean equals(CorrelationAttributeInstance otherInstance) { @@ -120,7 +99,6 @@ public class CorrelationAttributeInstance implements Serializable { && (this.getCorrelationCase().equals(otherInstance.getCorrelationCase())) && (this.getCorrelationDataSource().equals(otherInstance.getCorrelationDataSource())) && (this.getFilePath().equals(otherInstance.getFilePath())) - && (this.getGlobalStatus().equals(otherInstance.getGlobalStatus())) && (this.getKnownStatus().equals(otherInstance.getKnownStatus())) && (this.getComment().equals(otherInstance.getComment()))); } @@ -131,7 +109,6 @@ public class CorrelationAttributeInstance implements Serializable { + this.getCorrelationCase().getCaseUUID() + this.getCorrelationDataSource().getName() + this.getFilePath() - + this.getGlobalStatus() + this.getKnownStatus() + this.getComment(); } @@ -197,19 +174,4 @@ public class CorrelationAttributeInstance implements Serializable { public void setKnownStatus(TskData.FileKnown knownStatus) { this.knownStatus = knownStatus; } - - /** - * @return the globalStatus - */ - public GlobalStatus getGlobalStatus() { - return globalStatus; - } - - /** - * @param globalStatus the globalStatus to set - */ - public void setGlobalStatus(GlobalStatus globalStatus) { - this.globalStatus = globalStatus; - } - } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java index c2bb0e0016..60908aea77 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java @@ -105,8 +105,7 @@ public class EamArtifactUtil { CorrelationDataSource.fromTSKDataSource(correlationCase, bbSourceFile.getDataSource()), bbSourceFile.getParentPath() + bbSourceFile.getName(), "", - TskData.FileKnown.UNKNOWN, - CorrelationAttributeInstance.GlobalStatus.LOCAL + TskData.FileKnown.UNKNOWN ); // add the instance details @@ -227,7 +226,7 @@ public class EamArtifactUtil { * * @return The new EamArtifact or null if creation failed */ - public static CorrelationAttribute getEamArtifactFromContent(Content content, TskData.FileKnown knownStatus, String comment) { + public static CorrelationAttribute getCorrelationAttributeFromContent(Content content, TskData.FileKnown knownStatus, String comment) { if (!(content instanceof AbstractFile)) { return null; @@ -241,6 +240,7 @@ public class EamArtifactUtil { // We need a hash to make the artifact String md5 = af.getMd5Hash(); + // @@@ Should also check for empty data hash if (md5 == null || md5.isEmpty()) { return null; } @@ -258,8 +258,7 @@ public class EamArtifactUtil { CorrelationDataSource.fromTSKDataSource(correlationCase, af.getDataSource()), af.getParentPath() + af.getName(), comment, - TskData.FileKnown.BAD, - CorrelationAttributeInstance.GlobalStatus.LOCAL + knownStatus ); eamArtifact.addInstance(cei); return eamArtifact; diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java index 88cf1ed59e..b053d9df17 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java @@ -191,7 +191,7 @@ final class CaseEventListener implements PropertyChangeListener { } } - final CorrelationAttribute eamArtifact = EamArtifactUtil.getEamArtifactFromContent(af, + final CorrelationAttribute eamArtifact = EamArtifactUtil.getCorrelationAttributeFromContent(af, knownStatus, comment); if (eamArtifact != null) { @@ -394,7 +394,7 @@ final class CaseEventListener implements PropertyChangeListener { } //if the file will have no tags with a status which would prevent the current status from being changed if (!hasTagWithConflictingKnownStatus) { - final CorrelationAttribute eamArtifact = EamArtifactUtil.getEamArtifactFromContent(contentTag.getContent(), + final CorrelationAttribute eamArtifact = EamArtifactUtil.getCorrelationAttributeFromContent(contentTag.getContent(), tagName.getKnownStatus(), ""); if (eamArtifact != null) { EamDb.getInstance().setArtifactInstanceKnownStatus(eamArtifact, tagName.getKnownStatus()); diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java index 5e933453dc..09f3c63449 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java @@ -104,22 +104,21 @@ class IngestModule implements FileIngestModule { return ProcessResult.OK; } - // If unknown to both the hash module and as a globally known artifact in the EAM DB, correlate to other cases - if (af.getKnown() == TskData.FileKnown.UNKNOWN) { - // query db for artifact instances having this MD5 and knownStatus = "Bad". + /* Search the central repo to see if this file was previously + * marked as being bad. Create artifact if it was. */ + if (af.getKnown() != TskData.FileKnown.KNOWN) { try { - // if af.getKnown() is "UNKNOWN" and this artifact instance was marked bad in a previous case, - // create TSK_INTERESTING_FILE artifact on BB. List caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5); if (!caseDisplayNames.isEmpty()) { postCorrelatedBadFileToBlackboard(af, caseDisplayNames); } } catch (EamDbException ex) { - LOGGER.log(Level.SEVERE, "Error counting notable artifacts.", ex); // NON-NLS + LOGGER.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS return ProcessResult.ERROR; } } + // insert this file into the central repository try { CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5); CorrelationAttributeInstance cefi = new CorrelationAttributeInstance( @@ -127,8 +126,7 @@ class IngestModule implements FileIngestModule { eamDataSource, af.getParentPath() + af.getName(), null, - TskData.FileKnown.UNKNOWN, - CorrelationAttributeInstance.GlobalStatus.LOCAL + TskData.FileKnown.UNKNOWN // NOTE: Known status in the CR is based on tagging, not hashes like the Case Database. ); eamArtifact.addInstance(cefi); dbManager.prepareBulkArtifact(eamArtifact);