From 3a51d2e35aea70a31e83c944347b84654469d8cc Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Wed, 30 May 2012 13:54:19 -0400
Subject: [PATCH] Ingest manager global setting to process unalloc space Inbox
 adjustment to disable navigation to unalloc file dir Add pagefile to medium
 priority

---
 .../ingest/GetAllFilesContentVisitor.java     | 20 ++++++--
 .../autopsy/ingest/IngestDialogPanel.form     | 40 ++++++++++++----
 .../autopsy/ingest/IngestDialogPanel.java     | 47 +++++++++++++++----
 .../autopsy/ingest/IngestManager.java         | 33 ++++++++++---
 .../ingest/IngestMessageDetailsPanel.java     | 35 ++++++++++----
 5 files changed, 136 insertions(+), 39 deletions(-)

diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/GetAllFilesContentVisitor.java b/Ingest/src/org/sleuthkit/autopsy/ingest/GetAllFilesContentVisitor.java
index 38c566cabc..16154128b7 100644
--- a/Ingest/src/org/sleuthkit/autopsy/ingest/GetAllFilesContentVisitor.java
+++ b/Ingest/src/org/sleuthkit/autopsy/ingest/GetAllFilesContentVisitor.java
@@ -43,6 +43,11 @@ import org.sleuthkit.datamodel.TskData.FileKnown;
 class GetAllFilesContentVisitor extends GetFilesContentVisitor {
 
     private static final Logger logger = Logger.getLogger(GetAllFilesContentVisitor.class.getName());
+    private boolean getUnallocatedFiles;
+    
+    GetAllFilesContentVisitor(boolean getUnallocatedFiles) {
+        this.getUnallocatedFiles = getUnallocatedFiles;
+    }
 
     @Override
     public Collection<AbstractFile> visit(File file) {
@@ -61,11 +66,18 @@ class GetAllFilesContentVisitor extends GetFilesContentVisitor {
 
         SleuthkitCase sc = Case.getCurrentCase().getSleuthkitCase();
 
-        String query = "SELECT * FROM tsk_files WHERE fs_obj_id = " + fs.getId()
-                + " AND (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType()
-                + ") AND (size > 0)";
+        StringBuilder queryB = new StringBuilder();
+        queryB.append("SELECT * FROM tsk_files WHERE fs_obj_id = ").append(fs.getId());
+        queryB.append(" AND (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType());
+        queryB.append(") AND (size > 0)");
+        if (getUnallocatedFiles == false) {
+            queryB.append( "AND (type = ");
+            queryB.append(TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType());
+            queryB.append(")");
+        }
+        
         try {
-            ResultSet rs = sc.runQuery(query);
+            ResultSet rs = sc.runQuery(queryB.toString());
             List<AbstractFile> contents = sc.resultSetToAbstractFiles(rs);
             Statement s = rs.getStatement();
             rs.close();
diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.form b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.form
index 714f890c4e..739e379216 100644
--- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.form
+++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.form
@@ -44,7 +44,7 @@
               <Group type="103" groupAlignment="0" attributes="0">
                   <Component id="jPanel1" alignment="0" pref="235" max="32767" attributes="0"/>
                   <Group type="102" alignment="0" attributes="0">
-                      <Component id="servicesScrollPane" pref="111" max="32767" attributes="0"/>
+                      <Component id="servicesScrollPane" pref="90" max="32767" attributes="0"/>
                       <EmptySpace max="32767" attributes="0"/>
                       <Component id="timePanel" min="-2" max="-2" attributes="0"/>
                   </Group>
@@ -174,22 +174,35 @@
       <Layout>
         <DimensionLayout dim="0">
           <Group type="103" groupAlignment="0" attributes="0">
-              <Group type="102" alignment="0" attributes="0">
-                  <EmptySpace max="-2" attributes="0"/>
+              <Group type="102" attributes="0">
                   <Group type="103" groupAlignment="0" attributes="0">
-                      <Component id="timeRadioButton3" alignment="0" min="-2" max="-2" attributes="0"/>
-                      <Component id="timeRadioButton1" alignment="0" min="-2" max="-2" attributes="0"/>
-                      <Component id="timeLabel" alignment="0" min="-2" max="-2" attributes="0"/>
-                      <Component id="timeRadioButton2" alignment="0" min="-2" max="-2" attributes="0"/>
+                      <Group type="102" attributes="0">
+                          <EmptySpace max="-2" attributes="0"/>
+                          <Group type="103" groupAlignment="0" attributes="0">
+                              <Component id="timeRadioButton2" alignment="0" min="-2" max="-2" attributes="0"/>
+                              <Component id="timeRadioButton3" alignment="0" min="-2" max="-2" attributes="0"/>
+                          </Group>
+                      </Group>
+                      <Group type="102" alignment="0" attributes="0">
+                          <EmptySpace max="-2" attributes="0"/>
+                          <Component id="timeLabel" min="-2" max="-2" attributes="0"/>
+                      </Group>
+                      <Component id="processUnallocCheckbox" alignment="0" min="-2" max="-2" attributes="0"/>
+                      <Group type="102" alignment="0" attributes="0">
+                          <EmptySpace max="-2" attributes="0"/>
+                          <Component id="timeRadioButton1" min="-2" max="-2" attributes="0"/>
+                      </Group>
                   </Group>
-                  <EmptySpace max="32767" attributes="0"/>
+                  <EmptySpace pref="10" max="32767" attributes="0"/>
               </Group>
           </Group>
         </DimensionLayout>
         <DimensionLayout dim="1">
           <Group type="103" groupAlignment="0" attributes="0">
               <Group type="102" alignment="1" attributes="0">
-                  <EmptySpace max="32767" attributes="0"/>
+                  <EmptySpace max="-2" attributes="0"/>
+                  <Component id="processUnallocCheckbox" min="-2" max="-2" attributes="0"/>
+                  <EmptySpace pref="15" max="32767" attributes="0"/>
                   <Component id="timeLabel" min="-2" max="-2" attributes="0"/>
                   <EmptySpace max="-2" attributes="0"/>
                   <Component id="timeRadioButton1" min="-2" max="-2" attributes="0"/>
@@ -197,7 +210,7 @@
                   <Component id="timeRadioButton2" min="-2" max="-2" attributes="0"/>
                   <EmptySpace max="-2" attributes="0"/>
                   <Component id="timeRadioButton3" min="-2" max="-2" attributes="0"/>
-                  <EmptySpace min="-2" pref="20" max="-2" attributes="0"/>
+                  <EmptySpace max="-2" attributes="0"/>
               </Group>
           </Group>
         </DimensionLayout>
@@ -246,6 +259,13 @@
             </Property>
           </Properties>
         </Component>
+        <Component class="javax.swing.JCheckBox" name="processUnallocCheckbox">
+          <Properties>
+            <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+              <ResourceString bundle="org/sleuthkit/autopsy/ingest/Bundle.properties" key="IngestDialogPanel.processUnallocCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+            </Property>
+          </Properties>
+        </Component>
       </SubComponents>
     </Container>
   </SubComponents>
diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java
index be071a4394..1c25beff8e 100644
--- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java
+++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestDialogPanel.java
@@ -148,6 +148,8 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
                 }
             }
         });
+        
+        processUnallocCheckbox.setSelected(manager.getProcessUnallocSpace());
 
     }
 
@@ -156,15 +158,21 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
         timeRadioButton2.setEnabled(enabled);
         timeRadioButton3.setEnabled(enabled);
     }
+    
+    private void setProcessUnallocSpaceEnabled(boolean enabled) {
+        processUnallocCheckbox.setEnabled(enabled);
+    }
 
     @Override
     public void paint(Graphics g) {
         super.paint(g);
         if (manager.isIngestRunning()) {
             setTimeSettingEnabled(false);
+            setProcessUnallocSpaceEnabled(false);
 
         } else {
             setTimeSettingEnabled(true);
+            setProcessUnallocSpaceEnabled(true);
         }
     }
 
@@ -196,6 +204,7 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
         timeRadioButton2 = new javax.swing.JRadioButton();
         timeRadioButton1 = new javax.swing.JRadioButton();
         timeLabel = new javax.swing.JLabel();
+        processUnallocCheckbox = new javax.swing.JCheckBox();
 
         setPreferredSize(new java.awt.Dimension(522, 257));
 
@@ -273,23 +282,34 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
         timeLabel.setText(org.openide.util.NbBundle.getMessage(IngestDialogPanel.class, "IngestDialogPanel.timeLabel.text")); // NOI18N
         timeLabel.setToolTipText(org.openide.util.NbBundle.getMessage(IngestDialogPanel.class, "IngestDialogPanel.timeLabel.toolTipText")); // NOI18N
 
+        processUnallocCheckbox.setText(org.openide.util.NbBundle.getMessage(IngestDialogPanel.class, "IngestDialogPanel.processUnallocCheckbox.text")); // NOI18N
+
         javax.swing.GroupLayout timePanelLayout = new javax.swing.GroupLayout(timePanel);
         timePanel.setLayout(timePanelLayout);
         timePanelLayout.setHorizontalGroup(
             timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
             .addGroup(timePanelLayout.createSequentialGroup()
-                .addContainerGap()
                 .addGroup(timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
-                    .addComponent(timeRadioButton3)
-                    .addComponent(timeRadioButton1)
-                    .addComponent(timeLabel)
-                    .addComponent(timeRadioButton2))
-                .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+                    .addGroup(timePanelLayout.createSequentialGroup()
+                        .addContainerGap()
+                        .addGroup(timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                            .addComponent(timeRadioButton2)
+                            .addComponent(timeRadioButton3)))
+                    .addGroup(timePanelLayout.createSequentialGroup()
+                        .addContainerGap()
+                        .addComponent(timeLabel))
+                    .addComponent(processUnallocCheckbox)
+                    .addGroup(timePanelLayout.createSequentialGroup()
+                        .addContainerGap()
+                        .addComponent(timeRadioButton1)))
+                .addContainerGap(10, Short.MAX_VALUE))
         );
         timePanelLayout.setVerticalGroup(
             timePanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
             .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, timePanelLayout.createSequentialGroup()
-                .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+                .addContainerGap()
+                .addComponent(processUnallocCheckbox)
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 15, Short.MAX_VALUE)
                 .addComponent(timeLabel)
                 .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                 .addComponent(timeRadioButton1)
@@ -297,7 +317,7 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
                 .addComponent(timeRadioButton2)
                 .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                 .addComponent(timeRadioButton3)
-                .addGap(20, 20, 20))
+                .addContainerGap())
         );
 
         javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
@@ -320,7 +340,7 @@ public class IngestDialogPanel extends javax.swing.JPanel implements IngestConfi
                 .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
                     .addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, 235, Short.MAX_VALUE)
                     .addGroup(layout.createSequentialGroup()
-                        .addComponent(servicesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 111, Short.MAX_VALUE)
+                        .addComponent(servicesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 90, Short.MAX_VALUE)
                         .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
                         .addComponent(timePanel, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)))
                 .addContainerGap())
@@ -350,6 +370,7 @@ private void timeRadioButton1ActionPerformed(java.awt.event.ActionEvent evt) {//
     private javax.swing.JPanel jPanel1;
     private javax.swing.JScrollPane jScrollPane1;
     private javax.swing.JSeparator jSeparator2;
+    private javax.swing.JCheckBox processUnallocCheckbox;
     private javax.swing.JScrollPane servicesScrollPane;
     private javax.swing.JTable servicesTable;
     private javax.swing.JPanel simplePanel;
@@ -416,6 +437,10 @@ private void timeRadioButton1ActionPerformed(java.awt.event.ActionEvent evt) {//
     private boolean timeSelectionEnabled() {
         return timeRadioButton1.isEnabled() && timeRadioButton2.isEnabled() && timeRadioButton3.isEnabled();
     }
+    
+    private boolean processUnallocSpaceEnabled() {
+        return processUnallocCheckbox.isEnabled();
+    }
 
     private UpdateFrequency getSelectedTimeValue() {
         if (timeRadioButton1.isSelected()) {
@@ -470,6 +495,10 @@ private void timeRadioButton1ActionPerformed(java.awt.event.ActionEvent evt) {//
         if (timeSelectionEnabled()) {
             manager.setUpdateFrequency(getSelectedTimeValue());
         }
+        //update ingest proc. unalloc space
+        if (processUnallocSpaceEnabled() ) {
+            manager.setProcessUnallocSpace(processUnallocCheckbox.isSelected());
+        }
     }
 
     @Override
diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java
index 8a2a50c042..484bccc3b7 100755
--- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java
+++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestManager.java
@@ -76,6 +76,7 @@ public class IngestManager {
     private static final Logger logger = Logger.getLogger(IngestManager.class.getName());
     private IngestManagerStats stats;
     private volatile UpdateFrequency updateFrequency = UpdateFrequency.AVG;
+    private boolean processUnallocSpace = true;
     //queues
     private final ImageQueue imageQueue = new ImageQueue();   // list of services and images to analyze
     private final AbstractFileQueue AbstractFileQueue = new AbstractFileQueue();
@@ -446,6 +447,22 @@ public class IngestManager {
     void setUpdateFrequency(UpdateFrequency frequency) {
         this.updateFrequency = frequency;
     }
+    
+    /**
+     * returns if manager is currently configured to process unalloc space
+     * @return true if process unaloc space is set
+     */
+    boolean getProcessUnallocSpace() {
+        return processUnallocSpace;
+    }
+    
+    /**
+     * Sets process unalloc space setting on the manager
+     * @param processUnallocSpace 
+     */
+    void setProcessUnallocSpace(boolean processUnallocSpace) {
+        this.processUnallocSpace = processUnallocSpace;
+    }
 
     /**
      * returns ingest summary report (how many files ingested, any errors, etc)
@@ -613,6 +630,8 @@ public class IngestManager {
             lowPriorityPaths.add(Pattern.compile("^\\/Windows", Pattern.CASE_INSENSITIVE));
 
             mediumPriorityPaths.add(Pattern.compile("^\\/Program Files", Pattern.CASE_INSENSITIVE));
+            mediumPriorityPaths.add(Pattern.compile("^pagefile", Pattern.CASE_INSENSITIVE));
+            mediumPriorityPaths.add(Pattern.compile("^hiberfil", Pattern.CASE_INSENSITIVE));
 
             highPriorityPaths.add(Pattern.compile("^\\/Users", Pattern.CASE_INSENSITIVE));
             highPriorityPaths.add(Pattern.compile("^\\/Documents and Settings", Pattern.CASE_INSENSITIVE));
@@ -1138,7 +1157,7 @@ public class IngestManager {
             int processed = 0;
             for (Image image : images) {
                 final String imageName = image.getName();
-                Collection<AbstractFile> AbstractFiles = null;
+                Collection<AbstractFile> files = null;
                 for (IngestServiceAbstract service : services) {
                     if (isCancelled()) {
                         logger.log(Level.INFO, "Terminating ingest queueing due to cancellation.");
@@ -1162,22 +1181,22 @@ public class IngestManager {
                             //addImage((IngestServiceImage) service, image);
                             break;
                         case AbstractFile:
-                            if (AbstractFiles == null) {
+                            if (files == null) {
                                 long start = System.currentTimeMillis();
-                                AbstractFiles = new GetAllFilesContentVisitor().visit(image);
+                                files = new GetAllFilesContentVisitor(processUnallocSpace).visit(image);
                                 logger.info("Get all files took " + (System.currentTimeMillis() - start) + "ms");
                             }
                             //enqueue the same singleton AbstractFile service
-                            logger.log(Level.INFO, "Adding image " + image.getName() + " with " + AbstractFiles.size() + " number of AbstractFile to service " + service.getName());
-                            addAbstractFile((IngestServiceAbstractFile) service, AbstractFiles);
+                            logger.log(Level.INFO, "Adding image " + image.getName() + " with " + files.size() + " number of AbstractFile to service " + service.getName());
+                            addAbstractFile((IngestServiceAbstractFile) service, files);
                             break;
                         default:
                             logger.log(Level.SEVERE, "Unexpected service type: " + service.getType().name());
                     }
                     progress.progress(serviceName + " " + imageName, ++processed);
                 }
-                if (AbstractFiles != null) {
-                    AbstractFiles.clear();
+                if (files != null) {
+                    files.clear();
                 }
             }
 
diff --git a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageDetailsPanel.java b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageDetailsPanel.java
index 1877b9569c..930ab382b1 100644
--- a/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageDetailsPanel.java
+++ b/Ingest/src/org/sleuthkit/autopsy/ingest/IngestMessageDetailsPanel.java
@@ -24,10 +24,15 @@ import java.awt.event.ActionListener;
 import java.beans.PropertyChangeEvent;
 import java.beans.PropertyChangeListener;
 import javax.swing.JMenuItem;
+import org.openide.util.Exceptions;
 import org.openide.util.Lookup;
+import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.corecomponentinterfaces.BlackboardResultViewer;
 import org.sleuthkit.autopsy.ingest.IngestMessagePanel.IngestMessageGroup;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.BlackboardArtifact;
+import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
+import org.sleuthkit.datamodel.TskException;
 
 /**
  * Details panel within IngestMessagePanel
@@ -53,14 +58,7 @@ class IngestMessageDetailsPanel extends javax.swing.JPanel {
             @Override
             public void propertyChange(PropertyChangeEvent evt) {
                 if (evt.getPropertyName().equals(BlackboardResultViewer.FINISHED_DISPLAY_EVT)) {
-                   // SwingUtilities.invokeLater(new Runnable() {
-                     //   @Override
-                       // public void run() {
                             artifactViewerFinished();
-                        //}
-                        
-                   
-                    //});
                 }
             }
             
@@ -259,9 +257,27 @@ class IngestMessageDetailsPanel extends javax.swing.JPanel {
                 this.messageDetailsPane.setText("");
             }
             //show artifact/content only for a message group with a single message
-            if (messageGroup.getData() != null && messageGroup.getCount() == 1) {
+            BlackboardArtifact artifact = messageGroup.getData();;
+            if (artifact != null && messageGroup.getCount() == 1) {
                 viewArtifactButton.setEnabled(true);
-                viewContentButton.setEnabled(true);
+                
+                //check file type
+                long objId = artifact.getObjectID();
+                AbstractFile file = null;
+                try {
+                    file = Case.getCurrentCase().getSleuthkitCase().getAbstractFileById(objId);
+                } catch (TskException ex) {
+                   
+                }
+                if (file == null) {
+                    viewContentButton.setEnabled(false);
+                } 
+                else if (! file.getType().equals(TSK_DB_FILES_TYPE_ENUM.FS)) {
+                    viewContentButton.setEnabled(false);
+                }
+                else {
+                    viewContentButton.setEnabled(true);
+                }
             } else {
                 viewArtifactButton.setEnabled(false);
                 viewContentButton.setEnabled(false);
@@ -271,5 +287,6 @@ class IngestMessageDetailsPanel extends javax.swing.JPanel {
             viewContentButton.setEnabled(false);
             messageDetailsPane.setText("");
         }
+        
     }
 }