From 3cbd8960aa580f3e79931467f1471064d1344dd3 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Mon, 15 Jul 2019 15:19:47 -0400 Subject: [PATCH 01/18] Delayed JFileChooser configuration until the action is invoked on the EDT --- .../autopsy/casemodule/CaseOpenAction.java | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java index 1b553c91ed..6268404b35 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java @@ -63,7 +63,7 @@ public final class CaseOpenAction extends CallableSystemAction implements Action private static final String PROP_BASECASE = "LBL_BaseCase_PATH"; //NON-NLS private static final Logger LOGGER = Logger.getLogger(CaseOpenAction.class.getName()); private static JDialog multiUserCaseWindow; - private final JFileChooser fileChooser = new JFileChooser(); + private volatile JFileChooser fileChooser; private final FileFilter caseMetadataFileFilter; /** @@ -74,13 +74,6 @@ public final class CaseOpenAction extends CallableSystemAction implements Action */ public CaseOpenAction() { caseMetadataFileFilter = new FileNameExtensionFilter(NbBundle.getMessage(CaseOpenAction.class, "CaseOpenAction.autFilter.title", Version.getName(), CaseMetadata.getFileExtension()), CaseMetadata.getFileExtension().substring(1)); - fileChooser.setDragEnabled(false); - fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY); - fileChooser.setMultiSelectionEnabled(false); - fileChooser.setFileFilter(caseMetadataFileFilter); - if (null != ModuleSettings.getConfigSetting(ModuleSettings.MAIN_SETTINGS, PROP_BASECASE)) { - fileChooser.setCurrentDirectory(new File(ModuleSettings.getConfigSetting("Case", PROP_BASECASE))); //NON-NLS - } } /** @@ -89,6 +82,18 @@ public final class CaseOpenAction extends CallableSystemAction implements Action * to open the case described by the file. */ void openCaseSelectionWindow() { + if(fileChooser == null) { + //Configure fileChooser, details JIRA-4930 + fileChooser = new JFileChooser(); + fileChooser.setDragEnabled(false); + fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY); + fileChooser.setMultiSelectionEnabled(false); + fileChooser.setFileFilter(caseMetadataFileFilter); + if (null != ModuleSettings.getConfigSetting(ModuleSettings.MAIN_SETTINGS, PROP_BASECASE)) { + fileChooser.setCurrentDirectory(new File(ModuleSettings.getConfigSetting("Case", PROP_BASECASE))); //NON-NLS + } + } + String optionsDlgTitle = NbBundle.getMessage(Case.class, "CloseCaseWhileIngesting.Warning.title"); String optionsDlgMessage = NbBundle.getMessage(Case.class, "CloseCaseWhileIngesting.Warning"); if (IngestRunningCheck.checkAndConfirmProceed(optionsDlgTitle, optionsDlgMessage)) { From 5be1a10c69c7c140c8e4105c1eda71ca27b53872 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Mon, 15 Jul 2019 16:23:46 -0400 Subject: [PATCH 02/18] PR comments " --- .../autopsy/casemodule/CaseOpenAction.java | 30 +++++++------------ 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java index 6268404b35..aa2a065dbd 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java @@ -27,6 +27,7 @@ import java.util.logging.Level; import javax.swing.JDialog; import javax.swing.JFileChooser; import javax.swing.JOptionPane; +import javax.swing.SwingUtilities; import javax.swing.SwingWorker; import javax.swing.filechooser.FileFilter; import javax.swing.filechooser.FileNameExtensionFilter; @@ -62,8 +63,6 @@ public final class CaseOpenAction extends CallableSystemAction implements Action private static final String DISPLAY_NAME = Bundle.CTL_CaseOpenAction(); private static final String PROP_BASECASE = "LBL_BaseCase_PATH"; //NON-NLS private static final Logger LOGGER = Logger.getLogger(CaseOpenAction.class.getName()); - private static JDialog multiUserCaseWindow; - private volatile JFileChooser fileChooser; private final FileFilter caseMetadataFileFilter; /** @@ -81,17 +80,14 @@ public final class CaseOpenAction extends CallableSystemAction implements Action * metadata file (.aut file). Upon confirming the selection, it will attempt * to open the case described by the file. */ - void openCaseSelectionWindow() { - if(fileChooser == null) { - //Configure fileChooser, details JIRA-4930 - fileChooser = new JFileChooser(); - fileChooser.setDragEnabled(false); - fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY); - fileChooser.setMultiSelectionEnabled(false); - fileChooser.setFileFilter(caseMetadataFileFilter); - if (null != ModuleSettings.getConfigSetting(ModuleSettings.MAIN_SETTINGS, PROP_BASECASE)) { - fileChooser.setCurrentDirectory(new File(ModuleSettings.getConfigSetting("Case", PROP_BASECASE))); //NON-NLS - } + void openCaseSelectionWindow() { + JFileChooser fileChooser = new JFileChooser(); + fileChooser.setDragEnabled(false); + fileChooser.setFileSelectionMode(JFileChooser.FILES_ONLY); + fileChooser.setMultiSelectionEnabled(false); + fileChooser.setFileFilter(caseMetadataFileFilter); + if (null != ModuleSettings.getConfigSetting(ModuleSettings.MAIN_SETTINGS, PROP_BASECASE)) { + fileChooser.setCurrentDirectory(new File(ModuleSettings.getConfigSetting("Case", PROP_BASECASE))); //NON-NLS } String optionsDlgTitle = NbBundle.getMessage(Case.class, "CloseCaseWhileIngesting.Warning.title"); @@ -111,9 +107,7 @@ public final class CaseOpenAction extends CallableSystemAction implements Action /* * Close the Open Multi-User Case window, if it is open. */ - if (multiUserCaseWindow != null) { - multiUserCaseWindow.setVisible(false); - } + OpenMultiUserCaseDialog.getInstance().setVisible(false); /* * Try to open the case associated with the case metadata file @@ -165,9 +159,7 @@ public final class CaseOpenAction extends CallableSystemAction implements Action if (UserPreferences.getIsMultiUserModeEnabled()) { WindowManager.getDefault().getMainWindow().setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR)); - if (multiUserCaseWindow == null) { - multiUserCaseWindow = OpenMultiUserCaseDialog.getInstance(); - } + OpenMultiUserCaseDialog multiUserCaseWindow = OpenMultiUserCaseDialog.getInstance(); multiUserCaseWindow.setLocationRelativeTo(WindowManager.getDefault().getMainWindow()); multiUserCaseWindow.setVisible(true); From 0528e6233debebc5a8eec9595a8289247e69bcf5 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Mon, 15 Jul 2019 16:24:27 -0400 Subject: [PATCH 03/18] Removed unused imports --- Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java b/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java index aa2a065dbd..cc07148ba0 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseOpenAction.java @@ -24,10 +24,8 @@ import java.awt.event.ActionListener; import java.io.File; import java.util.concurrent.ExecutionException; import java.util.logging.Level; -import javax.swing.JDialog; import javax.swing.JFileChooser; import javax.swing.JOptionPane; -import javax.swing.SwingUtilities; import javax.swing.SwingWorker; import javax.swing.filechooser.FileFilter; import javax.swing.filechooser.FileNameExtensionFilter; From c34aba3fd4951f5cef7b67e86b3ea09b2a3983f5 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Wed, 14 Aug 2019 16:22:03 -0400 Subject: [PATCH 04/18] initial commit, export skeleton --- .../report/caseuco/CaseUcoFormatExporter.java | 66 ++++++++++++++++++- 1 file changed, 65 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index 7c09ef3cb5..d707bae440 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -23,24 +23,32 @@ import com.fasterxml.jackson.core.JsonFactory; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.core.util.DefaultIndenter; import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; +import java.io.File; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Paths; import java.sql.ResultSet; import java.sql.SQLException; +import java.util.List; import java.util.SimpleTimeZone; import java.util.logging.Level; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; +import org.sleuthkit.autopsy.casemodule.services.TagsManager; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.report.ReportProgressPanel; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardArtifactTag; +import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.ContentTag; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; +import org.sleuthkit.datamodel.TagName; /** * Generates CASE-UCO report file for a data source @@ -48,7 +56,10 @@ import org.sleuthkit.datamodel.TskData; public final class CaseUcoFormatExporter { private static final Logger logger = Logger.getLogger(CaseUcoFormatExporter.class.getName()); - + private static final BlackboardAttribute.Type SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME); + private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT; + private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT; + private CaseUcoFormatExporter() { } @@ -177,6 +188,59 @@ public final class CaseUcoFormatExporter { } } + /** + * + * + * + * @param tagTypes + * @param interestingItemSets + * @param outputFilePath + * @param progressPanel + */ + public static void export(List tagTypes, List interestingItemSets, + File caseReportFolder, ReportProgressPanel progressPanel) { + + try { + File outputFolder = Paths.get(caseReportFolder.toString(), ReportCaseUco.getReportFileName()).toFile(); + if(!outputFolder.mkdir()) { + //log + return; + } + + SleuthkitCase currentCase = Case.getCurrentCaseThrows().getSleuthkitCase(); + TagsManager tagsManager = Case.getCurrentCaseThrows().getServices().getTagsManager(); + + for(TagName tn : tagTypes) { + for(ContentTag ct : tagsManager.getContentTagsByTagName(tn)) { + //copy content tag + } + + for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn)) { + //copy content + //copy associated content + } + } + + if(!interestingItemSets.isEmpty()) { + for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_FILE_HIT)) { + BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + if (interestingItemSets.contains(setAttr.getValueString())) { + + } + } + + for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT)) { + BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + if (interestingItemSets.contains(setAttr.getValueString())) { + + } + } + } + } catch (NoCurrentCaseException | TskCoreException ex) { + //log oh no + } + } + private static void initializeJsonOutputFile(JsonGenerator catalog) throws IOException { catalog.writeStartObject(); catalog.writeFieldName("@graph"); From 82b5002b2a8497ff3e94e06a510b516a9070ef42 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Wed, 14 Aug 2019 16:49:30 -0400 Subject: [PATCH 05/18] Removed any exception catching and adding in some case-uco boilerplate code --- .../report/caseuco/CaseUcoFormatExporter.java | 80 ++++++++++--------- 1 file changed, 43 insertions(+), 37 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index d707bae440..d659a040af 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -198,47 +198,53 @@ public final class CaseUcoFormatExporter { * @param progressPanel */ public static void export(List tagTypes, List interestingItemSets, - File caseReportFolder, ReportProgressPanel progressPanel) { + File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, + NoCurrentCaseException, TskCoreException { - try { - File outputFolder = Paths.get(caseReportFolder.toString(), ReportCaseUco.getReportFileName()).toFile(); - if(!outputFolder.mkdir()) { - //log - return; + SleuthkitCase currentCase = Case.getCurrentCaseThrows().getSleuthkitCase(); + TagsManager tagsManager = Case.getCurrentCaseThrows().getServices().getTagsManager(); + + String reportFileName = ReportCaseUco.getReportFileName(); + File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile(); + + JsonGenerator jsonGenerator = createJsonGenerator(reportFile); + initializeJsonOutputFile(jsonGenerator); + String caseTraceId = saveCaseInfo(currentCase, jsonGenerator); + + for(TagName tn : tagTypes) { + for(ContentTag ct : tagsManager.getContentTagsByTagName(tn)) { + //copy content tag } - - SleuthkitCase currentCase = Case.getCurrentCaseThrows().getSleuthkitCase(); - TagsManager tagsManager = Case.getCurrentCaseThrows().getServices().getTagsManager(); - - for(TagName tn : tagTypes) { - for(ContentTag ct : tagsManager.getContentTagsByTagName(tn)) { - //copy content tag - } - - for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn)) { - //copy content - //copy associated content - } + + for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn)) { + //copy content + //copy associated content } - - if(!interestingItemSets.isEmpty()) { - for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_FILE_HIT)) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { - - } - } - - for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT)) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { - - } - } - } - } catch (NoCurrentCaseException | TskCoreException ex) { - //log oh no } + + if(!interestingItemSets.isEmpty()) { + for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_FILE_HIT)) { + BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + if (interestingItemSets.contains(setAttr.getValueString())) { + + } + } + + for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT)) { + BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + if (interestingItemSets.contains(setAttr.getValueString())) { + + } + } + } + } + + private static JsonGenerator createJsonGenerator(File reportFile) throws IOException { + JsonFactory jsonGeneratorFactory = new JsonFactory(); + JsonGenerator jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); + // instert \n after each field for more readable formatting + jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n"))); + return jsonGenerator; } private static void initializeJsonOutputFile(JsonGenerator catalog) throws IOException { From c8269001ebdd53a3e9208afd9b72c7839c84212c Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Thu, 15 Aug 2019 13:34:34 -0400 Subject: [PATCH 06/18] Change approach to be driven by data source --- .../report/caseuco/CaseUcoFormatExporter.java | 44 ++++++++++--------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index d659a040af..d2518cecad 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -45,6 +45,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifactTag; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.ContentTag; +import org.sleuthkit.datamodel.DataSource; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; @@ -210,30 +211,33 @@ public final class CaseUcoFormatExporter { JsonGenerator jsonGenerator = createJsonGenerator(reportFile); initializeJsonOutputFile(jsonGenerator); String caseTraceId = saveCaseInfo(currentCase, jsonGenerator); - - for(TagName tn : tagTypes) { - for(ContentTag ct : tagsManager.getContentTagsByTagName(tn)) { - //copy content tag - } - - for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn)) { - //copy content - //copy associated content - } - } - - if(!interestingItemSets.isEmpty()) { - for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_FILE_HIT)) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { - + + for(DataSource ds : currentCase.getDataSources()) { + String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, currentCase, jsonGenerator); + for(TagName tn : tagTypes) { + for(ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { + // copy content tag. + } + + for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { + //copy content + //copy associated content } } + + if(!interestingItemSets.isEmpty()) { + for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { + BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + if (interestingItemSets.contains(setAttr.getValueString())) { - for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT)) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { + } + } + for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { + BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + if (interestingItemSets.contains(setAttr.getValueString())) { + + } } } } From 80b1be07fe417493e0c23193824033e420048b60 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Thu, 15 Aug 2019 14:10:26 -0400 Subject: [PATCH 07/18] Fill in the code for tagged files --- .../report/caseuco/CaseUcoFormatExporter.java | 61 ++++++++++++++++--- 1 file changed, 52 insertions(+), 9 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index d2518cecad..54fb2a2b01 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -26,12 +26,14 @@ import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; import java.io.File; import java.io.IOException; import java.nio.file.Files; +import java.nio.file.Path; import java.nio.file.Paths; import java.sql.ResultSet; import java.sql.SQLException; import java.util.List; import java.util.SimpleTimeZone; import java.util.logging.Level; +import org.apache.commons.io.FileUtils; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; @@ -41,9 +43,11 @@ import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.report.ReportProgressPanel; +import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifactTag; import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.ContentTag; import org.sleuthkit.datamodel.DataSource; import org.sleuthkit.datamodel.SleuthkitCase; @@ -57,9 +61,11 @@ import org.sleuthkit.datamodel.TagName; public final class CaseUcoFormatExporter { private static final Logger logger = Logger.getLogger(CaseUcoFormatExporter.class.getName()); + private static final BlackboardAttribute.Type SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME); private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT; private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT; + private static final String TEMP_DIR_NAME = "case_uco_tmp"; private CaseUcoFormatExporter() { } @@ -202,21 +208,56 @@ public final class CaseUcoFormatExporter { File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, NoCurrentCaseException, TskCoreException { - SleuthkitCase currentCase = Case.getCurrentCaseThrows().getSleuthkitCase(); - TagsManager tagsManager = Case.getCurrentCaseThrows().getServices().getTagsManager(); + //Acquire references for file discovery + Case currentCase = Case.getCurrentCaseThrows(); + String caseTempDirectory = currentCase.getTempDirectory(); + SleuthkitCase skCase = currentCase.getSleuthkitCase(); + TagsManager tagsManager = currentCase.getServices().getTagsManager(); + //Create temp directory to filter out duplicate files. + Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME); + FileUtils.deleteDirectory(tmpDir.toFile()); + tmpDir.toFile().mkdir(); + + //Create the case-uco generator String reportFileName = ReportCaseUco.getReportFileName(); File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile(); - JsonGenerator jsonGenerator = createJsonGenerator(reportFile); initializeJsonOutputFile(jsonGenerator); - String caseTraceId = saveCaseInfo(currentCase, jsonGenerator); - for(DataSource ds : currentCase.getDataSources()) { - String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, currentCase, jsonGenerator); + //Make the case the first entity in the report file. + String caseTraceId = saveCaseInfo(skCase, jsonGenerator); + + SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); + + //Process by data source so that data source entities in the report file + //appear before any files from that data source. + for(DataSource ds : skCase.getDataSources()) { + String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, skCase, jsonGenerator); for(TagName tn : tagTypes) { for(ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { - // copy content tag. + Content content = ct.getContent(); + if (content instanceof AbstractFile) { + AbstractFile absFile = (AbstractFile) content; + Path filePath = tmpDir.resolve(absFile.getMd5Hash()); + if(!Files.exists(filePath)) { + saveFileInCaseUcoFormat( + absFile.getId(), + absFile.getName(), + absFile.getParentPath(), + absFile.getMd5Hash(), + absFile.getMIMEType(), + absFile.getSize(), + ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), + absFile.getNameExtension(), + jsonGenerator, + dataSourceTraceId + ); + filePath.toFile().createNewFile(); + } + } } for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { @@ -226,14 +267,14 @@ public final class CaseUcoFormatExporter { } if(!interestingItemSets.isEmpty()) { - for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { + for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); if (interestingItemSets.contains(setAttr.getValueString())) { } } - for(BlackboardArtifact bArt : currentCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { + for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); if (interestingItemSets.contains(setAttr.getValueString())) { @@ -241,6 +282,8 @@ public final class CaseUcoFormatExporter { } } } + + finilizeJsonOutputFile(jsonGenerator); } private static JsonGenerator createJsonGenerator(File reportFile) throws IOException { From ab75f7e046feab5a2689186bd2916557c658865c Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Thu, 15 Aug 2019 16:01:03 -0400 Subject: [PATCH 08/18] Tags working, laid out code for artifacts --- .../report/caseuco/CaseUcoFormatExporter.java | 357 ++++++++++-------- 1 file changed, 200 insertions(+), 157 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index 54fb2a2b01..8631c27565 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -34,6 +34,7 @@ import java.util.List; import java.util.SimpleTimeZone; import java.util.logging.Level; import org.apache.commons.io.FileUtils; +import org.openide.util.Exceptions; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; @@ -90,108 +91,119 @@ public final class CaseUcoFormatExporter { @SuppressWarnings("deprecation") public static void generateReport(Long selectedDataSourceId, String reportOutputPath, ReportProgressPanel progressPanel) { - // Start the progress bar and setup the report - progressPanel.setIndeterminate(false); - progressPanel.start(); - progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing()); - - // Create the JSON generator - JsonFactory jsonGeneratorFactory = new JsonFactory(); - java.io.File reportFile = Paths.get(reportOutputPath).toFile(); + // // Start the progress bar and setup the report +// progressPanel.setIndeterminate(false); +// progressPanel.start(); +// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing()); +// +// // Create the JSON generator +// JsonFactory jsonGeneratorFactory = new JsonFactory(); +// java.io.File reportFile = Paths.get(reportOutputPath).toFile(); +// try { +// Files.createDirectories(Paths.get(reportFile.getParent())); +// } catch (IOException ex) { +// logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS +// MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories()); +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// return; +// } +// +// // Check if ingest has finished +// if (IngestManager.getInstance().isIngestRunning()) { +// MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning()); +// } +// +// JsonGenerator jsonGenerator = null; +// SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); +// try { +// jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); +// // instert \n after each field for more readable formatting +// jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n"))); +// +// SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase(); +// +// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying()); +// +// // create the required CASE-UCO entries at the beginning of the output file +// initializeJsonOutputFile(jsonGenerator); +// +// // create CASE-UCO entry for the Autopsy case +// String caseTraceId = saveCaseInfo(skCase, jsonGenerator); +// +// // create CASE-UCO data source entry +// String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator); +// +// // Run getAllFilesQuery to get all files, exclude directories +// final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where " +// + "data_source_obj_id = " + Long.toString(selectedDataSourceId) +// + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue() +// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() +// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS +// +// try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) { +// ResultSet resultSet = queryResult.getResultSet(); +// +// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing()); +// +// // Loop files and write info to CASE-UCO report +// while (resultSet.next()) { +// +// if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) { +// break; +// } +// +// Long objectId = resultSet.getLong(1); +// String fileName = resultSet.getString(2); +// long size = resultSet.getLong("size"); +// String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone); +// String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone); +// String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone); +// String md5Hash = resultSet.getString("md5"); +// String parent_path = resultSet.getString("parent_path"); +// String mime_type = resultSet.getString("mime_type"); +// String extension = resultSet.getString("extension"); +// +// saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId); +// } +// } +// +// // create the required CASE-UCO entries at the end of the output file +// finilizeJsonOutputFile(jsonGenerator); +// +// Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), ""); +// +// progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); +// } catch (TskCoreException ex) { +// logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } catch (IOException ex) { +// logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } catch (SQLException ex) { +// logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } catch (NoCurrentCaseException ex) { +// logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS +// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); +// } finally { +// if (jsonGenerator != null) { +// try { +// jsonGenerator.close(); +// } catch (IOException ex) { +// logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS +// } +// } +// } try { - Files.createDirectories(Paths.get(reportFile.getParent())); + export(null, null, Paths.get("C:", "Users", "dsmyda", "Desktop").toFile(), progressPanel); } catch (IOException ex) { - logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS - MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories()); - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); - return; - } - - // Check if ingest has finished - if (IngestManager.getInstance().isIngestRunning()) { - MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning()); - } - - JsonGenerator jsonGenerator = null; - SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); - try { - jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); - // instert \n after each field for more readable formatting - jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n"))); - - SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase(); - - progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying()); - - // create the required CASE-UCO entries at the beginning of the output file - initializeJsonOutputFile(jsonGenerator); - - // create CASE-UCO entry for the Autopsy case - String caseTraceId = saveCaseInfo(skCase, jsonGenerator); - - // create CASE-UCO data source entry - String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator); - - // Run getAllFilesQuery to get all files, exclude directories - final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where " - + "data_source_obj_id = " + Long.toString(selectedDataSourceId) - + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue() - + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() - + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS - - try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) { - ResultSet resultSet = queryResult.getResultSet(); - - progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing()); - - // Loop files and write info to CASE-UCO report - while (resultSet.next()) { - - if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) { - break; - } - - Long objectId = resultSet.getLong(1); - String fileName = resultSet.getString(2); - long size = resultSet.getLong("size"); - String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone); - String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone); - String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone); - String md5Hash = resultSet.getString("md5"); - String parent_path = resultSet.getString("parent_path"); - String mime_type = resultSet.getString("mime_type"); - String extension = resultSet.getString("extension"); - - saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId); - } - } - - // create the required CASE-UCO entries at the end of the output file - finilizeJsonOutputFile(jsonGenerator); - - Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), ""); - - progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); - } catch (IOException ex) { - logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + Exceptions.printStackTrace(ex); } catch (SQLException ex) { - logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + Exceptions.printStackTrace(ex); } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS - progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); - } finally { - if (jsonGenerator != null) { - try { - jsonGenerator.close(); - } catch (IOException ex) { - logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS - } - } + Exceptions.printStackTrace(ex); + } catch (TskCoreException ex) { + Exceptions.printStackTrace(ex); } } @@ -208,84 +220,115 @@ public final class CaseUcoFormatExporter { File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, NoCurrentCaseException, TskCoreException { + progressPanel.start(); //Acquire references for file discovery Case currentCase = Case.getCurrentCaseThrows(); String caseTempDirectory = currentCase.getTempDirectory(); SleuthkitCase skCase = currentCase.getSleuthkitCase(); TagsManager tagsManager = currentCase.getServices().getTagsManager(); + + tagTypes = tagsManager.getAllTagNames(); //Create temp directory to filter out duplicate files. Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME); FileUtils.deleteDirectory(tmpDir.toFile()); tmpDir.toFile().mkdir(); - //Create the case-uco generator - String reportFileName = ReportCaseUco.getReportFileName(); - File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile(); - JsonGenerator jsonGenerator = createJsonGenerator(reportFile); - initializeJsonOutputFile(jsonGenerator); - - //Make the case the first entity in the report file. - String caseTraceId = saveCaseInfo(skCase, jsonGenerator); - - SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); - - //Process by data source so that data source entities in the report file - //appear before any files from that data source. - for(DataSource ds : skCase.getDataSources()) { - String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, skCase, jsonGenerator); - for(TagName tn : tagTypes) { - for(ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { - Content content = ct.getContent(); - if (content instanceof AbstractFile) { - AbstractFile absFile = (AbstractFile) content; - Path filePath = tmpDir.resolve(absFile.getMd5Hash()); - if(!Files.exists(filePath)) { - saveFileInCaseUcoFormat( - absFile.getId(), - absFile.getName(), - absFile.getParentPath(), - absFile.getMd5Hash(), - absFile.getMIMEType(), - absFile.getSize(), - ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), - absFile.getNameExtension(), - jsonGenerator, - dataSourceTraceId - ); - filePath.toFile().createNewFile(); + JsonGenerator jsonGenerator = null; + try { + //Create the case-uco generator + String reportFileName = ReportCaseUco.getReportFileName(); + File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile(); + jsonGenerator = createJsonGenerator(reportFile); + initializeJsonOutputFile(jsonGenerator); + + //Make the case the first entity in the report file. + String caseTraceId = saveCaseInfo(skCase, jsonGenerator); + + SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); + + //Process by data source so that data source entities in the report file + //appear before any files from that data source. + for(DataSource ds : skCase.getDataSources()) { + String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, skCase, jsonGenerator); + for(TagName tn : tagTypes) { + for(ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { + Content content = ct.getContent(); + if (content instanceof AbstractFile) { + AbstractFile absFile = (AbstractFile) content; + Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); + if(!Files.exists(filePath)) { + saveFileInCaseUcoFormat( + absFile.getId(), + absFile.getName(), + absFile.getParentPath(), + absFile.getMd5Hash(), + absFile.getMIMEType(), + absFile.getSize(), + ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), + absFile.getNameExtension(), + jsonGenerator, + dataSourceTraceId + ); + filePath.toFile().createNewFile(); + } + } + } + + for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { + Content content = bat.getContent(); + if (content instanceof AbstractFile) { + AbstractFile absFile = (AbstractFile) content; + Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); + if(!Files.exists(filePath)) { + saveFileInCaseUcoFormat( + absFile.getId(), + absFile.getName(), + absFile.getParentPath(), + absFile.getMd5Hash(), + absFile.getMIMEType(), + absFile.getSize(), + ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), + absFile.getNameExtension(), + jsonGenerator, + dataSourceTraceId + ); + filePath.toFile().createNewFile(); + } } } } - - for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { - //copy content - //copy associated content - } + + // if(!interestingItemSets.isEmpty()) { + // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { + // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + // if (interestingItemSets.contains(setAttr.getValueString())) { + // + // } + // } + // + // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { + // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + // if (interestingItemSets.contains(setAttr.getValueString())) { + // + // } + // } + // } } - - if(!interestingItemSets.isEmpty()) { - for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { - } - } - - for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { - BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - if (interestingItemSets.contains(setAttr.getValueString())) { - - } - } + finilizeJsonOutputFile(jsonGenerator); + } finally { + if (jsonGenerator != null) { + jsonGenerator.close(); } } - - finilizeJsonOutputFile(jsonGenerator); + progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); } - + private static JsonGenerator createJsonGenerator(File reportFile) throws IOException { JsonFactory jsonGeneratorFactory = new JsonFactory(); JsonGenerator jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); From 4301f7bb459c22f827aed1734bffe7fea773c440 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Thu, 15 Aug 2019 16:39:22 -0400 Subject: [PATCH 09/18] Refactored and code clean up --- .../report/caseuco/CaseUcoFormatExporter.java | 177 +++++++++--------- 1 file changed, 86 insertions(+), 91 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index 8631c27565..5b971c0fd4 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -32,6 +32,7 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.util.List; import java.util.SimpleTimeZone; +import java.util.TimeZone; import java.util.logging.Level; import org.apache.commons.io.FileUtils; import org.openide.util.Exceptions; @@ -62,12 +63,12 @@ import org.sleuthkit.datamodel.TagName; public final class CaseUcoFormatExporter { private static final Logger logger = Logger.getLogger(CaseUcoFormatExporter.class.getName()); - + private static final BlackboardAttribute.Type SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME); private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT; private static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT; private static final String TEMP_DIR_NAME = "case_uco_tmp"; - + private CaseUcoFormatExporter() { } @@ -91,7 +92,7 @@ public final class CaseUcoFormatExporter { @SuppressWarnings("deprecation") public static void generateReport(Long selectedDataSourceId, String reportOutputPath, ReportProgressPanel progressPanel) { - // // Start the progress bar and setup the report + // // Start the progress bar and setup the report // progressPanel.setIndeterminate(false); // progressPanel.start(); // progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing()); @@ -208,16 +209,16 @@ public final class CaseUcoFormatExporter { } /** - * - * - * + * + * + * * @param tagTypes * @param interestingItemSets * @param outputFilePath - * @param progressPanel + * @param progressPanel */ public static void export(List tagTypes, List interestingItemSets, - File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, + File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, NoCurrentCaseException, TskCoreException { progressPanel.start(); @@ -226,109 +227,103 @@ public final class CaseUcoFormatExporter { String caseTempDirectory = currentCase.getTempDirectory(); SleuthkitCase skCase = currentCase.getSleuthkitCase(); TagsManager tagsManager = currentCase.getServices().getTagsManager(); - + tagTypes = tagsManager.getAllTagNames(); //Create temp directory to filter out duplicate files. Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME); FileUtils.deleteDirectory(tmpDir.toFile()); - tmpDir.toFile().mkdir(); - - JsonGenerator jsonGenerator = null; - try { - //Create the case-uco generator - String reportFileName = ReportCaseUco.getReportFileName(); - File reportFile = Paths.get(caseReportFolder.toString(), reportFileName).toFile(); - jsonGenerator = createJsonGenerator(reportFile); - initializeJsonOutputFile(jsonGenerator); + Files.createDirectory(tmpDir); + //Create our report file + Path reportFile = Paths.get(caseReportFolder.toString(), + ReportCaseUco.getReportFileName()); + + //Timezone for formatting file creation, modification, and accessed times + SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); + + try (JsonGenerator jsonGenerator = + createJsonGenerator(reportFile.toFile())) { + + initializeJsonOutputFile(jsonGenerator); //Make the case the first entity in the report file. String caseTraceId = saveCaseInfo(skCase, jsonGenerator); - SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); - - //Process by data source so that data source entities in the report file - //appear before any files from that data source. - for(DataSource ds : skCase.getDataSources()) { - String dataSourceTraceId = saveDataSourceInfo(ds.getId(), caseTraceId, skCase, jsonGenerator); - for(TagName tn : tagTypes) { - for(ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { - Content content = ct.getContent(); - if (content instanceof AbstractFile) { - AbstractFile absFile = (AbstractFile) content; - Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); - if(!Files.exists(filePath)) { - saveFileInCaseUcoFormat( - absFile.getId(), - absFile.getName(), - absFile.getParentPath(), - absFile.getMd5Hash(), - absFile.getMIMEType(), - absFile.getSize(), - ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), - absFile.getNameExtension(), - jsonGenerator, - dataSourceTraceId - ); - filePath.toFile().createNewFile(); - } - } + for (DataSource ds : skCase.getDataSources()) { + String dataSourceTraceId = saveDataSourceInfo(ds.getId(), + caseTraceId, skCase, jsonGenerator); + + for (TagName tn : tagTypes) { + for (ContentTag ct : tagsManager.getContentTagsByTagName(tn, ds.getId())) { + saveUniqueFilesToCaseUcoFormat(ct.getContent(), tmpDir, + jsonGenerator, timeZone, dataSourceTraceId); } - for(BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { - Content content = bat.getContent(); - if (content instanceof AbstractFile) { - AbstractFile absFile = (AbstractFile) content; - Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); - if(!Files.exists(filePath)) { - saveFileInCaseUcoFormat( - absFile.getId(), - absFile.getName(), - absFile.getParentPath(), - absFile.getMd5Hash(), - absFile.getMIMEType(), - absFile.getSize(), - ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), - ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), - absFile.getNameExtension(), - jsonGenerator, - dataSourceTraceId - ); - filePath.toFile().createNewFile(); - } - } + for (BlackboardArtifactTag bat : tagsManager.getBlackboardArtifactTagsByTagName(tn, ds.getId())) { + saveUniqueFilesToCaseUcoFormat(bat.getContent(), tmpDir, + jsonGenerator, timeZone, dataSourceTraceId); } } - // if(!interestingItemSets.isEmpty()) { - // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { - // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - // if (interestingItemSets.contains(setAttr.getValueString())) { - // - // } - // } - // - // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { - // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - // if (interestingItemSets.contains(setAttr.getValueString())) { - // - // } - // } - // } + // if(!interestingItemSets.isEmpty()) { + // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { + // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + // if (interestingItemSets.contains(setAttr.getValueString())) { + // + // } + // } + // + // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { + // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + // if (interestingItemSets.contains(setAttr.getValueString())) { + // + // } + // } + // } } finilizeJsonOutputFile(jsonGenerator); - } finally { - if (jsonGenerator != null) { - jsonGenerator.close(); - } } progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); } - + + /** + * Saves only unique abstract files to the case uco report file. Uniqueness is + * determined by object id. A folder in the case temp directory is used to + * store object id's that have already been visited. + * + * @param content + * @param tmpDir + * @param jsonGenerator + * @param timeZone + * @param dataSourceTraceId + * @throws IOException + */ + private static void saveUniqueFilesToCaseUcoFormat(Content content, Path tmpDir, JsonGenerator jsonGenerator, + TimeZone timeZone, String dataSourceTraceId) throws IOException { + if (content instanceof AbstractFile) { + AbstractFile absFile = (AbstractFile) content; + Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); + if (!Files.exists(filePath)) { + saveFileInCaseUcoFormat( + absFile.getId(), + absFile.getName(), + absFile.getParentPath(), + absFile.getMd5Hash(), + absFile.getMIMEType(), + absFile.getSize(), + ContentUtils.getStringTimeISO8601(absFile.getCtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getAtime(), timeZone), + ContentUtils.getStringTimeISO8601(absFile.getMtime(), timeZone), + absFile.getNameExtension(), + jsonGenerator, + dataSourceTraceId + ); + filePath.toFile().createNewFile(); + } + } + } + private static JsonGenerator createJsonGenerator(File reportFile) throws IOException { JsonFactory jsonGeneratorFactory = new JsonFactory(); JsonGenerator jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); From eef551b1be23ee0d0186edcc3002e72c5bb29a0a Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dsmyda" Date: Fri, 16 Aug 2019 18:06:42 -0400 Subject: [PATCH 10/18] Restored generateReprot and finished export method. Testing --- .../report/caseuco/CaseUcoFormatExporter.java | 253 +++++++++--------- 1 file changed, 121 insertions(+), 132 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java index 5b971c0fd4..75296b9aac 100755 --- a/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java +++ b/Core/src/org/sleuthkit/autopsy/report/caseuco/CaseUcoFormatExporter.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.core.JsonFactory; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.core.util.DefaultIndenter; import com.fasterxml.jackson.core.util.DefaultPrettyPrinter; +import com.google.common.collect.Lists; import java.io.File; import java.io.IOException; import java.nio.file.Files; @@ -39,6 +40,7 @@ import org.openide.util.Exceptions; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; +import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.casemodule.services.TagsManager; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; @@ -92,119 +94,108 @@ public final class CaseUcoFormatExporter { @SuppressWarnings("deprecation") public static void generateReport(Long selectedDataSourceId, String reportOutputPath, ReportProgressPanel progressPanel) { - // // Start the progress bar and setup the report -// progressPanel.setIndeterminate(false); -// progressPanel.start(); -// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing()); -// -// // Create the JSON generator -// JsonFactory jsonGeneratorFactory = new JsonFactory(); -// java.io.File reportFile = Paths.get(reportOutputPath).toFile(); -// try { -// Files.createDirectories(Paths.get(reportFile.getParent())); -// } catch (IOException ex) { -// logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS -// MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories()); -// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); -// return; -// } -// -// // Check if ingest has finished -// if (IngestManager.getInstance().isIngestRunning()) { -// MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning()); -// } -// -// JsonGenerator jsonGenerator = null; -// SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); -// try { -// jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); -// // instert \n after each field for more readable formatting -// jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n"))); -// -// SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase(); -// -// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying()); -// -// // create the required CASE-UCO entries at the beginning of the output file -// initializeJsonOutputFile(jsonGenerator); -// -// // create CASE-UCO entry for the Autopsy case -// String caseTraceId = saveCaseInfo(skCase, jsonGenerator); -// -// // create CASE-UCO data source entry -// String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator); -// -// // Run getAllFilesQuery to get all files, exclude directories -// final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where " -// + "data_source_obj_id = " + Long.toString(selectedDataSourceId) -// + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue() -// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() -// + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS -// -// try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) { -// ResultSet resultSet = queryResult.getResultSet(); -// -// progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing()); -// -// // Loop files and write info to CASE-UCO report -// while (resultSet.next()) { -// -// if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) { -// break; -// } -// -// Long objectId = resultSet.getLong(1); -// String fileName = resultSet.getString(2); -// long size = resultSet.getLong("size"); -// String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone); -// String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone); -// String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone); -// String md5Hash = resultSet.getString("md5"); -// String parent_path = resultSet.getString("parent_path"); -// String mime_type = resultSet.getString("mime_type"); -// String extension = resultSet.getString("extension"); -// -// saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId); -// } -// } -// -// // create the required CASE-UCO entries at the end of the output file -// finilizeJsonOutputFile(jsonGenerator); -// -// Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), ""); -// -// progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); -// } catch (TskCoreException ex) { -// logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS -// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); -// } catch (IOException ex) { -// logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS -// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); -// } catch (SQLException ex) { -// logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS -// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); -// } catch (NoCurrentCaseException ex) { -// logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS -// progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); -// } finally { -// if (jsonGenerator != null) { -// try { -// jsonGenerator.close(); -// } catch (IOException ex) { -// logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS -// } -// } -// } + // Start the progress bar and setup the report + progressPanel.setIndeterminate(false); + progressPanel.start(); + progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing()); + + // Create the JSON generator + JsonFactory jsonGeneratorFactory = new JsonFactory(); + java.io.File reportFile = Paths.get(reportOutputPath).toFile(); try { - export(null, null, Paths.get("C:", "Users", "dsmyda", "Desktop").toFile(), progressPanel); + Files.createDirectories(Paths.get(reportFile.getParent())); } catch (IOException ex) { - Exceptions.printStackTrace(ex); - } catch (SQLException ex) { - Exceptions.printStackTrace(ex); - } catch (NoCurrentCaseException ex) { - Exceptions.printStackTrace(ex); + logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS + MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories()); + progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + return; + } + + // Check if ingest has finished + if (IngestManager.getInstance().isIngestRunning()) { + MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning()); + } + + JsonGenerator jsonGenerator = null; + SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT"); + try { + jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8); + // instert \n after each field for more readable formatting + jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter(" ", "\n"))); + + SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase(); + + progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying()); + + // create the required CASE-UCO entries at the beginning of the output file + initializeJsonOutputFile(jsonGenerator); + + // create CASE-UCO entry for the Autopsy case + String caseTraceId = saveCaseInfo(skCase, jsonGenerator); + + // create CASE-UCO data source entry + String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator); + + // Run getAllFilesQuery to get all files, exclude directories + final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where " + + "data_source_obj_id = " + Long.toString(selectedDataSourceId) + + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue() + + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() + + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS + + try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) { + ResultSet resultSet = queryResult.getResultSet(); + + progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing()); + + // Loop files and write info to CASE-UCO report + while (resultSet.next()) { + + if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) { + break; + } + + Long objectId = resultSet.getLong(1); + String fileName = resultSet.getString(2); + long size = resultSet.getLong("size"); + String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone); + String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone); + String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone); + String md5Hash = resultSet.getString("md5"); + String parent_path = resultSet.getString("parent_path"); + String mime_type = resultSet.getString("mime_type"); + String extension = resultSet.getString("extension"); + + saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId); + } + } + + // create the required CASE-UCO entries at the end of the output file + finilizeJsonOutputFile(jsonGenerator); + + Case.getCurrentCaseThrows().addReport(reportOutputPath, Bundle.ReportCaseUco_srcModuleName_text(), ""); + + progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); + logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS + progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + } catch (IOException ex) { + logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS + progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + } catch (SQLException ex) { + logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS + progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + } catch (NoCurrentCaseException ex) { + logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS + progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR); + } finally { + if (jsonGenerator != null) { + try { + jsonGenerator.close(); + } catch (IOException ex) { + logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS + } + } } } @@ -221,15 +212,13 @@ public final class CaseUcoFormatExporter { File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, NoCurrentCaseException, TskCoreException { - progressPanel.start(); + progressPanel.updateStatusLabel("Generating CASE-UCO Report"); //Acquire references for file discovery Case currentCase = Case.getCurrentCaseThrows(); String caseTempDirectory = currentCase.getTempDirectory(); SleuthkitCase skCase = currentCase.getSleuthkitCase(); TagsManager tagsManager = currentCase.getServices().getTagsManager(); - tagTypes = tagsManager.getAllTagNames(); - //Create temp directory to filter out duplicate files. Path tmpDir = Paths.get(caseTempDirectory, TEMP_DIR_NAME); FileUtils.deleteDirectory(tmpDir.toFile()); @@ -264,27 +253,27 @@ public final class CaseUcoFormatExporter { jsonGenerator, timeZone, dataSourceTraceId); } } - - // if(!interestingItemSets.isEmpty()) { - // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_FILE_HIT, ds.getId())) { - // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - // if (interestingItemSets.contains(setAttr.getValueString())) { - // - // } - // } - // - // for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(INTERESTING_ARTIFACT_HIT, ds.getId())) { - // BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); - // if (interestingItemSets.contains(setAttr.getValueString())) { - // - // } - // } - // } + + if(!interestingItemSets.isEmpty()) { + List typesToQuery = Lists.newArrayList( + INTERESTING_FILE_HIT, INTERESTING_ARTIFACT_HIT); + for(BlackboardArtifact.ARTIFACT_TYPE artType : typesToQuery) { + for(BlackboardArtifact bArt : skCase.getBlackboardArtifacts(artType)) { + if(bArt.getDataSource().getId() == ds.getId()) { + BlackboardAttribute setAttr = bArt.getAttribute(SET_NAME); + if (interestingItemSets.contains(setAttr.getValueString())) { + Content content = skCase.getContentById(bArt.getObjectID()); + saveUniqueFilesToCaseUcoFormat(content, tmpDir, + jsonGenerator, timeZone, dataSourceTraceId); + } + } + } + } + } } finilizeJsonOutputFile(jsonGenerator); } - progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE); } /** @@ -301,10 +290,10 @@ public final class CaseUcoFormatExporter { */ private static void saveUniqueFilesToCaseUcoFormat(Content content, Path tmpDir, JsonGenerator jsonGenerator, TimeZone timeZone, String dataSourceTraceId) throws IOException { - if (content instanceof AbstractFile) { + if (content instanceof AbstractFile && !(content instanceof DataSource)) { AbstractFile absFile = (AbstractFile) content; Path filePath = tmpDir.resolve(Long.toString(absFile.getId())); - if (!Files.exists(filePath)) { + if (!Files.exists(filePath) && !absFile.isDir()) { saveFileInCaseUcoFormat( absFile.getId(), absFile.getName(), From 09fdfc91e41360da6eeac6d3d76d346612726e28 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Fri, 16 Aug 2019 19:22:47 -0400 Subject: [PATCH 11/18] Better document which fields are used --- .../solr/configsets/AutopsyConfig/conf/schema.xml | 9 ++++++--- .../sleuthkit/autopsy/keywordsearch/Server.java | 14 +++++++++----- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/KeywordSearch/solr/solr/configsets/AutopsyConfig/conf/schema.xml b/KeywordSearch/solr/solr/configsets/AutopsyConfig/conf/schema.xml index d2109cab8a..05ea8891a5 100644 --- a/KeywordSearch/solr/solr/configsets/AutopsyConfig/conf/schema.xml +++ b/KeywordSearch/solr/solr/configsets/AutopsyConfig/conf/schema.xml @@ -561,10 +561,13 @@ leading wildcard queries. --> - - + + +