diff --git a/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/ArtifactEventType.java b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/ArtifactEventType.java index 505855ac4c..ccf482e7ec 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/ArtifactEventType.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/ArtifactEventType.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014 Basis Technology Corp. + * Copyright 2014-16 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,10 +18,9 @@ */ package org.sleuthkit.autopsy.timeline.datamodel.eventtype; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.function.BiFunction; +import java.text.MessageFormat; +import java.util.Optional; +import java.util.function.Function; import java.util.logging.Level; import org.apache.commons.lang3.StringUtils; import org.sleuthkit.autopsy.coreutils.Logger; @@ -34,56 +33,56 @@ import org.sleuthkit.datamodel.TskCoreException; */ public interface ArtifactEventType extends EventType { + public static final Logger LOGGER = Logger.getLogger(ArtifactEventType.class.getName()); + static final EmptyExtractor EMPTY_EXTRACTOR = new EmptyExtractor(); + /** - * @return the Artifact type this event type is derived form, or null if - * there is no artifact type (eg file system events) + * @return the Artifact type this event type is derived from */ - public BlackboardArtifact.ARTIFACT_TYPE getArtifactType(); + public BlackboardArtifact.Type getArtifactType(); - public BlackboardAttribute.ATTRIBUTE_TYPE getDateTimeAttrubuteType(); + public BlackboardAttribute.Type getDateTimeAttrubuteType(); /** - * given an artifact, and a map from attribute types to attributes, pull out - * the time stamp, and compose the descriptions. Each implementation of - * {@link ArtifactEventType} needs to implement parseAttributesHelper() as - * hook for {@link buildEventDescription(org.sleuthkit.datamodel.BlackboardArtifact) + * given an artifact, pull out the time stamp, and compose the descriptions. + * Each implementation of {@link ArtifactEventType} needs to implement + * parseAttributesHelper() as hook for {@link buildEventDescription(org.sleuthkit.datamodel.BlackboardArtifact) * to invoke. Most subtypes can use this default implementation. * * @param artf - * @param attrMap * * @return an {@link AttributeEventDescription} containing the timestamp * and description information * * @throws TskCoreException */ - default AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf, Map attrMap) throws TskCoreException { - final BlackboardAttribute dateTimeAttr = attrMap.get(getDateTimeAttrubuteType()); + default AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf) throws TskCoreException { + final BlackboardAttribute dateTimeAttr = artf.getAttribute(getDateTimeAttrubuteType()); long time = dateTimeAttr.getValueLong(); - String shortDescription = getShortExtractor().apply(artf, attrMap); - String medDescription = shortDescription + " : " + getMedExtractor().apply(artf, attrMap); - String fullDescription = medDescription + " : " + getFullExtractor().apply(artf, attrMap); + String shortDescription = getShortExtractor().apply(artf); + String medDescription = shortDescription + " : " + getMedExtractor().apply(artf); + String fullDescription = medDescription + " : " + getFullExtractor().apply(artf); return new AttributeEventDescription(time, shortDescription, medDescription, fullDescription); } /** - * @return a function from an artifact and a map of its attributes, to a - * String to use as part of the full event description + * @return a function from an artifact to a String to use as part of the + * full event description */ - BiFunction, String> getFullExtractor(); + Function getFullExtractor(); /** - * @return a function from an artifact and a map of its attributes, to a - * String to use as part of the medium event description + * @return a function from an artifact to a String to use as part of the + * medium event description */ - BiFunction, String> getMedExtractor(); + Function getMedExtractor(); /** - * @return a function from an artifact and a map of its attributes, to a - * String to use as part of the short event description + * @return a function from an artifact to a String to use as part of the + * short event description */ - BiFunction, String> getShortExtractor(); + Function getShortExtractor(); /** * bundles the per event information derived from a BlackBoard Artifact into @@ -124,14 +123,13 @@ public interface ArtifactEventType extends EventType { this.medDescription = medDescription; this.fullDescription = fullDescription; } - } /** * Build a {@link AttributeEventDescription} derived from a * {@link BlackboardArtifact}. This is a template method that relies on each - * {@link SubType}'s implementation of - * {@link SubType#parseAttributesHelper()} to know how to go from + * {@link ArtifactEventType}'s implementation of + * {@link ArtifactEventType#parseAttributesHelper()} to know how to go from * {@link BlackboardAttribute}s to the event description. * * @param artf the {@link BlackboardArtifact} to derive the event @@ -149,47 +147,45 @@ public interface ArtifactEventType extends EventType { if (type.getArtifactType().getTypeID() != artf.getArtifactTypeID()) { throw new IllegalArgumentException(); } - - /* - * build a map from attribute type to attribute, this makes implementing - * the parseAttributeHelper easier but could be ineffecient if we don't - * need most of the attributes. This would be unnessecary if there was - * an api on Blackboard artifacts to get specific attributes by type - */ - List attributes = artf.getAttributes(); - Map attrMap = new HashMap<>(); - for (BlackboardAttribute attr : attributes) { - attrMap.put(BlackboardAttribute.ATTRIBUTE_TYPE.fromLabel(attr.getAttributeType().getTypeName()), attr); - } - - if (attrMap.get(type.getDateTimeAttrubuteType()) == null) { - Logger.getLogger(AttributeEventDescription.class.getName()).log(Level.WARNING, "Artifact {0} has no date/time attribute, skipping it.", artf.getArtifactID()); // NON-NLS + if (artf.getAttribute(type.getDateTimeAttrubuteType()) == null) { + LOGGER.log(Level.WARNING, "Artifact {0} has no date/time attribute, skipping it.", artf.getArtifactID()); // NON-NLS return null; } //use the hook provided by this subtype implementation - return type.parseAttributesHelper(artf, attrMap); + return type.parseAttributesHelper(artf); } - public static class AttributeExtractor implements BiFunction, String> { + static class AttributeExtractor implements Function { - @Override - public String apply(BlackboardArtifact artf, Map attrMap) { - final BlackboardAttribute attr = attrMap.get(attribute); - return (attr != null) ? StringUtils.defaultString(attr.getDisplayString()) : " "; + public String apply(BlackboardArtifact artf) { + return Optional.ofNullable(getAttributeSafe(artf, attributeType)) + .map(BlackboardAttribute::getDisplayString) + .map(StringUtils::defaultString) + .orElse(""); } - private final BlackboardAttribute.ATTRIBUTE_TYPE attribute; + private final BlackboardAttribute.Type attributeType; - public AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE attribute) { - this.attribute = attribute; + public AttributeExtractor(BlackboardAttribute.Type attribute) { + this.attributeType = attribute; } + } - public static class EmptyExtractor implements BiFunction, String> { + static class EmptyExtractor implements Function { @Override - public String apply(BlackboardArtifact t, Map u) { + public String apply(BlackboardArtifact t) { return ""; } } + + static BlackboardAttribute getAttributeSafe(BlackboardArtifact artf, BlackboardAttribute.Type attrType) { + try { + return artf.getAttribute(attrType); + } catch (TskCoreException ex) { + LOGGER.log(Level.SEVERE, MessageFormat.format("Error getting extracting attribute from artifact {0}.", artf.getArtifactID()), ex); // NON-NLS + return null; + } + } } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/MiscTypes.java b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/MiscTypes.java index 35e49360d3..3d73982bf5 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/MiscTypes.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/MiscTypes.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014 Basis Technology Corp. + * Copyright 2014-16 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,17 +21,19 @@ package org.sleuthkit.autopsy.timeline.datamodel.eventtype; import java.util.Arrays; import java.util.Collections; import java.util.List; -import java.util.Map; -import java.util.function.BiFunction; +import java.util.Optional; +import java.util.function.Function; import java.util.logging.Level; import javafx.scene.image.Image; import org.apache.commons.lang3.StringUtils; import org.openide.util.NbBundle; -import org.sleuthkit.autopsy.coreutils.Logger; +import static org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getAttributeSafe; import org.sleuthkit.autopsy.timeline.zooming.EventTypeZoomLevel; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.TskCoreException; /** @@ -40,116 +42,113 @@ import org.sleuthkit.datamodel.TskCoreException; public enum MiscTypes implements EventType, ArtifactEventType { MESSAGE(NbBundle.getMessage(MiscTypes.class, "MiscTypes.message.name"), "message.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE), - (artf, attrMap) -> { - final BlackboardAttribute dir = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION); - final BlackboardAttribute readStatus = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS); - final BlackboardAttribute name = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME); - final BlackboardAttribute phoneNumber = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER); - final BlackboardAttribute subject = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT); + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_MESSAGE), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE)), + artf -> { + final BlackboardAttribute dir = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DIRECTION)); + final BlackboardAttribute readStatus = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_READ_STATUS)); + final BlackboardAttribute name = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_NAME)); + final BlackboardAttribute phoneNumber = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER)); + final BlackboardAttribute subject = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SUBJECT)); List asList = Arrays.asList(stringValueOf(dir), stringValueOf(readStatus), name != null || phoneNumber != null ? toFrom(dir) : "", stringValueOf(name != null ? name : phoneNumber), (subject == null ? "" : stringValueOf(subject))); return StringUtils.join(asList, " "); }, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_TEXT))), GPS_ROUTE(NbBundle.getMessage(MiscTypes.class, "MiscTypes.GPSRoutes.name"), "gps-search.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION), - (artf, attrMap) -> { - final BlackboardAttribute latStart = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START); - final BlackboardAttribute longStart = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START); - final BlackboardAttribute latEnd = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END); - final BlackboardAttribute longEnd = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END); - return String.format("from %1$g %2$g to %3$g %4$g", latStart.getValueDouble(), longStart.getValueDouble(), latEnd.getValueDouble(), longEnd.getValueDouble()); // NON-NLS + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_GPS_ROUTE), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_LOCATION)), + artf -> { + final BlackboardAttribute latStart = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START)); + final BlackboardAttribute longStart = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START)); + final BlackboardAttribute latEnd = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END)); + final BlackboardAttribute longEnd = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END)); + return String.format("from %1$s %2$s to %3$s %4$s", stringValueOf(latStart), stringValueOf(longStart), stringValueOf(latEnd), stringValueOf(longEnd)); // NON-NLS }), GPS_TRACKPOINT(NbBundle.getMessage(MiscTypes.class, "MiscTypes.GPSTrackpoint.name"), "gps-trackpoint.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME), - (artf, attrMap) -> { - final BlackboardAttribute longitude = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE); - final BlackboardAttribute latitude = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE); - return (latitude != null ? latitude.getValueDouble() : "") + " " + (longitude != null ? longitude.getValueDouble() : ""); // NON-NLS + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_GPS_TRACKPOINT), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME)), + artf -> { + final BlackboardAttribute longitude = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE)); + final BlackboardAttribute latitude = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE)); + return stringValueOf(latitude) + " " + stringValueOf(longitude); // NON-NLS }, - (artf, attrMap) -> ""), + EMPTY_EXTRACTOR), CALL_LOG(NbBundle.getMessage(MiscTypes.class, "MiscTypes.Calls.name"), "calllog.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION)), + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_CALLLOG), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_START), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_NAME)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DIRECTION))), EMAIL(NbBundle.getMessage(MiscTypes.class, "MiscTypes.Email.name"), "mail-icon-16.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT, - (artifact, attrMap) -> { - final BlackboardAttribute emailFrom = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM); - final BlackboardAttribute emailTo = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_TO); - return (emailFrom != null ? emailFrom.getValueString() : "") + " to " + (emailTo != null ? emailTo.getValueString() : ""); // NON-NLS + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_EMAIL_MSG), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_SENT), + artf -> { + final BlackboardAttribute emailFrom = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_FROM)); + final BlackboardAttribute emailTo = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_TO)); + return stringValueOf(emailFrom) + " to " + stringValueOf(emailTo); // NON-NLS }, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SUBJECT)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN))), RECENT_DOCUMENTS(NbBundle.getMessage(MiscTypes.class, "MiscTypes.recentDocuments.name"), "recent_docs.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH).andThen( + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_RECENT_OBJECT), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH)).andThen( (String t) -> (StringUtils.substringBeforeLast(StringUtils.substringBeforeLast(t, "\\"), "\\"))), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH).andThen( + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH)).andThen( (String t) -> StringUtils.substringBeforeLast(t, "\\")), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH)) { + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH))) { - /** - * Override - * {@link ArtifactEventType#parseAttributesHelper(org.sleuthkit.datamodel.BlackboardArtifact, java.util.Map)} - * with non-default description construction - */ @Override - public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf, Map attrMap) throws TskCoreException { - final BlackboardAttribute dateTimeAttr = attrMap.get(getDateTimeAttrubuteType()); + public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf) throws TskCoreException { + final BlackboardAttribute dateTimeAttr = artf.getAttribute(getDateTimeAttrubuteType()); long time = dateTimeAttr.getValueLong(); //Non-default description construction - String shortDescription = getShortExtractor().apply(artf, attrMap); - String medDescription = getMedExtractor().apply(artf, attrMap); - String fullDescription = getFullExtractor().apply(artf, attrMap); + String shortDescription = getShortExtractor().apply(artf); + String medDescription = getMedExtractor().apply(artf); + String fullDescription = getFullExtractor().apply(artf); return new AttributeEventDescription(time, shortDescription, medDescription, fullDescription); } }, INSTALLED_PROGRAM(NbBundle.getMessage(MiscTypes.class, "MiscTypes.installedPrograms.name"), "programs.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME), - new EmptyExtractor(), - new EmptyExtractor()), + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_INSTALLED_PROG), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME)), + EMPTY_EXTRACTOR, + EMPTY_EXTRACTOR), EXIF(NbBundle.getMessage(MiscTypes.class, "MiscTypes.exif.name"), "camera-icon-16.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL), - (artifact, attributeMap) -> { + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_METADATA_EXIF), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL)), + artf -> { try { - AbstractFile file = artifact.getSleuthkitCase().getAbstractFileById(artifact.getObjectID()); + AbstractFile file = artf.getSleuthkitCase().getAbstractFileById(artf.getObjectID()); if (file != null) { return file.getName(); } } catch (TskCoreException ex) { - Logger.getLogger(MiscTypes.class.getName()).log(Level.SEVERE, "Exif event type failed to look up backing file name", ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Exif event type failed to look up backing file name", ex); //NON-NLS } - return " error loading file name"; // NON-NLS + return "error loading file name"; }), DEVICES_ATTACHED(NbBundle.getMessage(MiscTypes.class, "MiscTypes.devicesAttached.name"), "usb_devices.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID)); + TypeUtils.fromEnum(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED), + new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL)), + new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID))); static public String stringValueOf(BlackboardAttribute attr) { - return attr != null ? attr.getDisplayString() : ""; + return Optional.ofNullable(attr) + .map(BlackboardAttribute::getDisplayString) + .orElse(""); } public static String toFrom(BlackboardAttribute dir) { @@ -167,7 +166,7 @@ public enum MiscTypes implements EventType, ArtifactEventType { } } - private final BlackboardAttribute.ATTRIBUTE_TYPE dateTimeAttributeType; + private final BlackboardAttribute.Type dateTimeAttributeType; private final String iconBase; @@ -178,47 +177,32 @@ public enum MiscTypes implements EventType, ArtifactEventType { return image; } - private final BiFunction, String> longExtractor; + private final Function longExtractor; - private final BiFunction, String> medExtractor; + private final Function medExtractor; - private final BiFunction, String> shortExtractor; + private final Function shortExtractor; - /** - * {@inheritDoc } - */ @Override - public BiFunction, String> getFullExtractor() { + public Function getFullExtractor() { return longExtractor; } - /** - * {@inheritDoc } - */ @Override - public BiFunction, String> getMedExtractor() { + public Function getMedExtractor() { return medExtractor; } - /** - * {@inheritDoc } - */ @Override - public BiFunction, String> getShortExtractor() { + public Function getShortExtractor() { return shortExtractor; } - /** - * {@inheritDoc } - */ @Override - public BlackboardAttribute.ATTRIBUTE_TYPE getDateTimeAttrubuteType() { + public BlackboardAttribute.Type getDateTimeAttrubuteType() { return dateTimeAttributeType; } - /** - * {@inheritDoc } - */ @Override public EventTypeZoomLevel getZoomLevel() { return EventTypeZoomLevel.SUB_TYPE; @@ -226,7 +210,7 @@ public enum MiscTypes implements EventType, ArtifactEventType { private final String displayName; - private final BlackboardArtifact.ARTIFACT_TYPE artifactType; + private final BlackboardArtifact.Type artifactType; @Override public String getDisplayName() { @@ -243,11 +227,11 @@ public enum MiscTypes implements EventType, ArtifactEventType { return MiscTypes.valueOf(string); } - private MiscTypes(String displayName, String iconBase, BlackboardArtifact.ARTIFACT_TYPE artifactType, - BlackboardAttribute.ATTRIBUTE_TYPE dateTimeAttributeType, - BiFunction, String> shortExtractor, - BiFunction, String> medExtractor, - BiFunction, String> longExtractor) { + private MiscTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType, + BlackboardAttribute.Type dateTimeAttributeType, + Function shortExtractor, + Function medExtractor, + Function longExtractor) { this.displayName = displayName; this.iconBase = iconBase; this.artifactType = artifactType; @@ -269,7 +253,7 @@ public enum MiscTypes implements EventType, ArtifactEventType { } @Override - public BlackboardArtifact.ARTIFACT_TYPE getArtifactType() { + public BlackboardArtifact.Type getArtifactType() { return artifactType; } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/TypeUtils.java b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/TypeUtils.java new file mode 100644 index 0000000000..889511f037 --- /dev/null +++ b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/TypeUtils.java @@ -0,0 +1,35 @@ +/* + * Autopsy Forensic Browser + * + * Copyright 2016 Basis Technology Corp. + * Contact: carrier sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.timeline.datamodel.eventtype; + +import org.sleuthkit.datamodel.BlackboardArtifact; + +/** + * + */ +class TypeUtils { + +//TODO: this will be unncessary once their is BlackboardArtifact.Type constructr that takes a BlackboardArtifact.ARTIFACT_TYPE + static BlackboardArtifact.Type fromEnum(BlackboardArtifact.ARTIFACT_TYPE type) { + return new BlackboardArtifact.Type(type.getTypeID(), type.getLabel(), type.getDisplayName()); + } + + private TypeUtils() { + } +} diff --git a/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/WebTypes.java b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/WebTypes.java index 1876a35381..2bb3b92ef4 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/WebTypes.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/datamodel/eventtype/WebTypes.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014 Basis Technology Corp. + * Copyright 2014-16 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,14 +21,14 @@ package org.sleuthkit.autopsy.timeline.datamodel.eventtype; import com.google.common.net.InternetDomainName; import java.util.Collections; import java.util.List; -import java.util.Map; -import java.util.function.BiFunction; +import java.util.function.Function; import javafx.scene.image.Image; import org.apache.commons.lang3.StringUtils; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.timeline.zooming.EventTypeZoomLevel; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.TskCoreException; /** * @@ -37,24 +37,19 @@ public enum WebTypes implements EventType, ArtifactEventType { WEB_DOWNLOADS(NbBundle.getMessage(WebTypes.class, "WebTypes.webDownloads.name"), "downloads.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED, + TypeUtils.fromEnum(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD), + new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED), TopPrivateDomainExtractor.getInstance(), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)) { + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH)), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL))) { - /** - * Override - * {@link ArtifactEventType#parseAttributesHelper(org.sleuthkit.datamodel.BlackboardArtifact, java.util.Map)} - * with non default description construction - */ @Override - public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf, Map attrMap) { - long time = attrMap.get(getDateTimeAttrubuteType()).getValueLong(); - String domain = getShortExtractor().apply(artf, attrMap); - String path = getMedExtractor().apply(artf, attrMap); + public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf) throws TskCoreException { + long time = artf.getAttribute(getDateTimeAttrubuteType()).getValueLong(); + String domain = getShortExtractor().apply(artf); + String path = getMedExtractor().apply(artf); String fileName = StringUtils.substringAfterLast(path, "/"); - String url = getFullExtractor().apply(artf, attrMap); + String url = getFullExtractor().apply(artf); //TODO: review non default description construction String shortDescription = fileName + " from " + domain; // NON-NLS @@ -66,37 +61,37 @@ public enum WebTypes implements EventType, ArtifactEventType { //TODO: review description separators WEB_COOKIE(NbBundle.getMessage(WebTypes.class, "WebTypes.webCookies.name"), "cookies.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, + TypeUtils.fromEnum(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE), + new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME), TopPrivateDomainExtractor.getInstance(), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE)), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME)), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE))), //TODO: review description separators WEB_BOOKMARK(NbBundle.getMessage(WebTypes.class, "WebTypes.webBookmarks.name"), "bookmarks.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED, + TypeUtils.fromEnum(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), + new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED), TopPrivateDomainExtractor.getInstance(), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE)), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE))), //TODO: review description separators WEB_HISTORY(NbBundle.getMessage(WebTypes.class, "WebTypes.webHistory.name"), "history.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED, + TypeUtils.fromEnum(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY), + new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED), TopPrivateDomainExtractor.getInstance(), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE)), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE))), //TODO: review description separators WEB_SEARCH(NbBundle.getMessage(WebTypes.class, "WebTypes.webSearch.name"), "searchquery.png", // NON-NLS - BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY, - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED, - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT), + TypeUtils.fromEnum(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY), + new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED), + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT)), TopPrivateDomainExtractor.getInstance(), - new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME)); + new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME))); - private final BlackboardAttribute.ATTRIBUTE_TYPE dateTimeAttributeType; + private final BlackboardAttribute.Type dateTimeAttributeType; private final String iconBase; @@ -108,7 +103,7 @@ public enum WebTypes implements EventType, ArtifactEventType { } @Override - public BlackboardAttribute.ATTRIBUTE_TYPE getDateTimeAttrubuteType() { + public BlackboardAttribute.Type getDateTimeAttrubuteType() { return dateTimeAttributeType; } @@ -117,30 +112,30 @@ public enum WebTypes implements EventType, ArtifactEventType { return EventTypeZoomLevel.SUB_TYPE; } - private final BiFunction, String> longExtractor; + private final Function longExtractor; - private final BiFunction, String> medExtractor; + private final Function medExtractor; - private final BiFunction, String> shortExtractor; + private final Function shortExtractor; @Override - public BiFunction, String> getFullExtractor() { + public Function getFullExtractor() { return longExtractor; } @Override - public BiFunction, String> getMedExtractor() { + public Function getMedExtractor() { return medExtractor; } @Override - public BiFunction, String> getShortExtractor() { + public Function getShortExtractor() { return shortExtractor; } private final String displayName; - BlackboardArtifact.ARTIFACT_TYPE artifactType; + private final BlackboardArtifact.Type artifactType; @Override public String getIconBase() { @@ -148,15 +143,15 @@ public enum WebTypes implements EventType, ArtifactEventType { } @Override - public BlackboardArtifact.ARTIFACT_TYPE getArtifactType() { + public BlackboardArtifact.Type getArtifactType() { return artifactType; } - private WebTypes(String displayName, String iconBase, BlackboardArtifact.ARTIFACT_TYPE artifactType, - BlackboardAttribute.ATTRIBUTE_TYPE dateTimeAttributeType, - BiFunction, String> shortExtractor, - BiFunction, String> medExtractor, - BiFunction, String> longExtractor) { + private WebTypes(String displayName, String iconBase, BlackboardArtifact.Type artifactType, + BlackboardAttribute.Type dateTimeAttributeType, + Function shortExtractor, + Function medExtractor, + Function longExtractor) { this.displayName = displayName; this.iconBase = iconBase; this.artifactType = artifactType; @@ -196,8 +191,8 @@ public enum WebTypes implements EventType, ArtifactEventType { } @Override - public String apply(BlackboardArtifact artf, Map attrMap) { - String domainString = StringUtils.substringBefore(super.apply(artf, attrMap), "/"); + public String apply(BlackboardArtifact artf) { + String domainString = StringUtils.substringBefore(super.apply(artf), "/"); if (InternetDomainName.isValid(domainString)) { InternetDomainName domain = InternetDomainName.from(domainString); return (domain.isUnderPublicSuffix()) @@ -209,8 +204,7 @@ public enum WebTypes implements EventType, ArtifactEventType { } TopPrivateDomainExtractor() { - super(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN); + super(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN)); } } - } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/db/EventsRepository.java b/Core/src/org/sleuthkit/autopsy/timeline/db/EventsRepository.java index c34b5dba12..6946ded64d 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/db/EventsRepository.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/db/EventsRepository.java @@ -655,7 +655,7 @@ public class EventsRepository { private void populateEventType(final ArtifactEventType type, EventDB.EventTransaction trans) { try { //get all the blackboard artifacts corresponding to the given event sub_type - final ArrayList blackboardArtifacts = skCase.getBlackboardArtifacts(type.getArtifactType()); + final ArrayList blackboardArtifacts = skCase.getBlackboardArtifacts(type.getArtifactType().getTypeID()); final int numArtifacts = blackboardArtifacts.size(); restartProgressHandle(Bundle.progressWindow_populatingXevents(type.getDisplayName()), "", 0D, numArtifacts, true); for (int i = 0; i < numArtifacts; i++) { diff --git a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/DrawableFile.java b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/DrawableFile.java index e02e752930..678069db9d 100644 --- a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/DrawableFile.java +++ b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/DrawableFile.java @@ -189,8 +189,8 @@ public abstract class DrawableFile { for (BlackboardArtifact artf : artifacts) { if (artf.getArtifactTypeID() == artType.getTypeID()) { for (BlackboardAttribute attr : artf.getAttributes()) { - if (attr.getAttributeTypeID() == attrType.getTypeID()) { - switch (attr.getValueType()) { + if (attr.getAttributeType().getTypeID() == attrType.getTypeID()) { + switch (attr.getAttributeType().getValueType()) { case BYTE: return attr.getValueBytes(); case DOUBLE: