From 547a3da74cb721903ae44e9a2d24b58abf08829b Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Wed, 19 Sep 2018 12:45:07 -0400 Subject: [PATCH] Allow events to be associated with data source --- .../timeline/explorernodes/EventNode.java | 7 ++-- .../timeline/ui/detailview/EventNodeBase.java | 2 +- .../datamodel/SingleDetailsViewEvent.java | 41 +++++++++++++------ .../timeline/ui/listvew/ListTimeline.java | 11 ++--- 4 files changed, 39 insertions(+), 22 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/timeline/explorernodes/EventNode.java b/Core/src/org/sleuthkit/autopsy/timeline/explorernodes/EventNode.java index 95d5635fca..b72b8a4101 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/explorernodes/EventNode.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/explorernodes/EventNode.java @@ -47,6 +47,7 @@ import org.sleuthkit.autopsy.timeline.ui.EventTypeUtils; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.timeline.TimelineEvent; @@ -62,13 +63,13 @@ public class EventNode extends DisplayableItemNode { private final TimelineEvent event; - EventNode(TimelineEvent event, AbstractFile file, BlackboardArtifact artifact) { + EventNode(TimelineEvent event, Content file, BlackboardArtifact artifact) { super(Children.LEAF, Lookups.fixed(event, file, artifact)); this.event = event; this.setIconBaseWithExtension(EventTypeUtils.getImagePath(event.getEventType())); // NON-NLS } - EventNode(TimelineEvent event, AbstractFile file) { + EventNode(TimelineEvent event, Content file) { super(Children.LEAF, Lookups.fixed(event, file)); this.event = event; this.setIconBaseWithExtension(EventTypeUtils.getImagePath(event.getEventType())); // NON-NLS @@ -227,7 +228,7 @@ public class EventNode extends DisplayableItemNode { */ final TimelineEvent eventById = eventsModel.getEventById(eventID); - AbstractFile file = sleuthkitCase.getAbstractFileById(eventById.getFileID()); + Content file = sleuthkitCase.getContentById(eventById.getFileObjID()); if (eventById.getArtifactID().isPresent()) { BlackboardArtifact blackboardArtifact = sleuthkitCase.getBlackboardArtifact(eventById.getArtifactID().get()); diff --git a/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/EventNodeBase.java b/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/EventNodeBase.java index 4bdd4470d6..b8b17e8089 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/EventNodeBase.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/EventNodeBase.java @@ -298,7 +298,7 @@ public abstract class EventNodeBase extends StackP try { //TODO:push this to DB for (TimelineEvent tle : eventsModel.getEventsById(tlEvent.getEventIDsWithHashHits())) { - Set hashSetNames = sleuthkitCase.getAbstractFileById(tle.getFileID()).getHashSetNames(); + Set hashSetNames = sleuthkitCase.getContentById(tle.getFileObjID()).getHashSetNames(); for (String hashSetName : hashSetNames) { hashSetCounts.merge(hashSetName, 1L, Long::sum); } diff --git a/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/datamodel/SingleDetailsViewEvent.java b/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/datamodel/SingleDetailsViewEvent.java index 87e9896c2a..7a2df66a4d 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/datamodel/SingleDetailsViewEvent.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/datamodel/SingleDetailsViewEvent.java @@ -38,9 +38,9 @@ public class SingleDetailsViewEvent implements DetailViewEvent { private final long eventID; /** - * The TSK object ID of the file this event is derived from. + * The TSK object ID of the file (could be data source) this event is derived from. */ - private final long objID; + private final long fileObjId; /** * The TSK artifact ID of the file this event is derived from. Null, if this @@ -51,7 +51,7 @@ public class SingleDetailsViewEvent implements DetailViewEvent { /** * The TSK datasource ID of the datasource this event belongs to. */ - private final long dataSourceID; + private final long dataSourceObjId; /** * The time of this event in second from the Unix epoch. @@ -90,10 +90,25 @@ public class SingleDetailsViewEvent implements DetailViewEvent { */ private MultiEvent parent = null; - public SingleDetailsViewEvent(long eventID, long dataSourceID, long objID, Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) { + /** + * + * @param eventID + * @param dataSourceObjId + * @param fileObjId Object Id of file (could be a data source) that event is associated with + * @param artifactID + * @param time + * @param type + * @param fullDescription + * @param medDescription + * @param shortDescription + * @param known + * @param hashHit + * @param tagged + */ + public SingleDetailsViewEvent(long eventID, long dataSourceObjId, long fileObjId, Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) { this.eventID = eventID; - this.dataSourceID = dataSourceID; - this.objID = objID; + this.dataSourceObjId = dataSourceObjId; + this.fileObjId = fileObjId; this.artifactID = Long.valueOf(0).equals(artifactID) ? null : artifactID; this.time = time; this.type = type; @@ -107,8 +122,8 @@ public class SingleDetailsViewEvent implements DetailViewEvent { public SingleDetailsViewEvent(TimelineEvent singleEvent) { this(singleEvent.getEventID(), - singleEvent.getDataSourceID(), - singleEvent.getFileID(), + singleEvent.getDataSourceObjID(), + singleEvent.getFileObjID(), singleEvent.getArtifactID().orElse(null), singleEvent.getTime(), singleEvent.getEventType(), @@ -130,7 +145,7 @@ public class SingleDetailsViewEvent implements DetailViewEvent { * with the given parent. */ public SingleDetailsViewEvent withParent(MultiEvent newParent) { - SingleDetailsViewEvent singleEvent = new SingleDetailsViewEvent(eventID, dataSourceID, objID, artifactID, time, type, descriptions.get(DescriptionLoD.FULL), descriptions.get(DescriptionLoD.MEDIUM), descriptions.get(DescriptionLoD.SHORT), known, hashHit, tagged); + SingleDetailsViewEvent singleEvent = new SingleDetailsViewEvent(eventID, dataSourceObjId, fileObjId, artifactID, time, type, descriptions.get(DescriptionLoD.FULL), descriptions.get(DescriptionLoD.MEDIUM), descriptions.get(DescriptionLoD.SHORT), known, hashHit, tagged); singleEvent.parent = newParent; return singleEvent; } @@ -176,12 +191,12 @@ public class SingleDetailsViewEvent implements DetailViewEvent { } /** - * Get the obj id of the file this event is derived from. + * Get the obj id of the file (which could be a data source) this event is derived from. * * @return the object id. */ public long getFileID() { - return objID; + return fileObjId; } /** @@ -250,8 +265,8 @@ public class SingleDetailsViewEvent implements DetailViewEvent { * * @return the datasource id. */ - public long getDataSourceID() { - return dataSourceID; + public long getDataSourceObjID() { + return dataSourceObjId; } @Override diff --git a/Core/src/org/sleuthkit/autopsy/timeline/ui/listvew/ListTimeline.java b/Core/src/org/sleuthkit/autopsy/timeline/ui/listvew/ListTimeline.java index 6ed6463046..50acc565a9 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/ui/listvew/ListTimeline.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/ui/listvew/ListTimeline.java @@ -90,6 +90,7 @@ import static org.sleuthkit.autopsy.timeline.ui.EventTypeUtils.getImagePath; import org.sleuthkit.autopsy.timeline.ui.listvew.datamodel.CombinedEvent; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.DescriptionLoD; @@ -457,13 +458,13 @@ class ListTimeline extends BorderPane { SortedSet tagNames = new TreeSet<>(); try { //get file tags - AbstractFile abstractFileById = sleuthkitCase.getAbstractFileById(getEvent().getFileID()); - tagsManager.getContentTagsByContent(abstractFileById).stream() + Content file = sleuthkitCase.getContentById(getEvent().getFileObjID()); + tagsManager.getContentTagsByContent(file).stream() .map(tag -> tag.getName().getDisplayName()) .forEach(tagNames::add); } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to lookup tags for obj id " + getEvent().getFileID(), ex); //NON-NLS + logger.log(Level.SEVERE, "Failed to lookup tags for obj id " + getEvent().getFileObjID(), ex); //NON-NLS Platform.runLater(() -> { Notifications.create() .owner(getScene().getWindow()) @@ -527,12 +528,12 @@ class ListTimeline extends BorderPane { */ setGraphic(new ImageView(HASH_HIT)); try { - Set hashSetNames = new TreeSet<>(sleuthkitCase.getAbstractFileById(getEvent().getFileID()).getHashSetNames()); + Set hashSetNames = new TreeSet<>(sleuthkitCase.getContentById(getEvent().getFileObjID()).getHashSetNames()); Tooltip tooltip = new Tooltip(Bundle.ListTimeline_hashHitTooltip_text(String.join("\n", hashSetNames))); //NON-NLS tooltip.setGraphic(new ImageView(HASH_HIT)); setTooltip(tooltip); } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to lookup hash set names for obj id " + getEvent().getFileID(), ex); //NON-NLS + logger.log(Level.SEVERE, "Failed to lookup hash set names for obj id " + getEvent().getFileObjID(), ex); //NON-NLS Platform.runLater(() -> { Notifications.create() .owner(getScene().getWindow())