Allow events to be associated with data source

2025-07-19 11:07:43 +00:00 · 2018-09-19 12:45:07 -04:00 · 2018-09-19 12:45:07 -04:00 · 547a3da74c
commit 547a3da74c
parent bb8ed180f9
4 changed files with 39 additions and 22 deletions
--- a/Core/src/org/sleuthkit/autopsy/timeline/explorernodes/EventNode.java
+++ b/Core/src/org/sleuthkit/autopsy/timeline/explorernodes/EventNode.java
@ -47,6 +47,7 @@ import org.sleuthkit.autopsy.timeline.ui.EventTypeUtils;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.timeline.TimelineEvent;
@ -62,13 +63,13 @@ public class EventNode extends DisplayableItemNode {
    private final TimelineEvent event;
-    EventNode(TimelineEvent event, AbstractFile file, BlackboardArtifact artifact) {
+    EventNode(TimelineEvent event, Content file, BlackboardArtifact artifact) {
        super(Children.LEAF, Lookups.fixed(event, file, artifact));
        this.event = event;
        this.setIconBaseWithExtension(EventTypeUtils.getImagePath(event.getEventType())); // NON-NLS
    }
-    EventNode(TimelineEvent event, AbstractFile file) {
+    EventNode(TimelineEvent event, Content file) {
        super(Children.LEAF, Lookups.fixed(event, file));
        this.event = event;
        this.setIconBaseWithExtension(EventTypeUtils.getImagePath(event.getEventType())); // NON-NLS
@ -227,7 +228,7 @@ public class EventNode extends DisplayableItemNode {
             */
        final TimelineEvent eventById = eventsModel.getEventById(eventID);
-            AbstractFile file = sleuthkitCase.getAbstractFileById(eventById.getFileID());
+            Content file = sleuthkitCase.getContentById(eventById.getFileObjID());
            if (eventById.getArtifactID().isPresent()) {
                BlackboardArtifact blackboardArtifact = sleuthkitCase.getBlackboardArtifact(eventById.getArtifactID().get());
--- a/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/EventNodeBase.java
+++ b/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/EventNodeBase.java
@ -298,7 +298,7 @@ public abstract class EventNodeBase<Type extends DetailViewEvent> extends StackP
                        try {
                            //TODO:push this to DB
                            for (TimelineEvent tle : eventsModel.getEventsById(tlEvent.getEventIDsWithHashHits())) {
-                                Set<String> hashSetNames = sleuthkitCase.getAbstractFileById(tle.getFileID()).getHashSetNames();
+                                Set<String> hashSetNames = sleuthkitCase.getContentById(tle.getFileObjID()).getHashSetNames();
                                for (String hashSetName : hashSetNames) {
                                    hashSetCounts.merge(hashSetName, 1L, Long::sum);
                                }
--- a/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/datamodel/SingleDetailsViewEvent.java
+++ b/Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/datamodel/SingleDetailsViewEvent.java
@ -38,9 +38,9 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
    private final long eventID;
    /**
-     * The TSK object ID of the file this event is derived from.
+     * The TSK object ID of the file (could be data source) this event is derived from.
     */
-    private final long objID;
+    private final long fileObjId;
    /**
     * The TSK artifact ID of the file this event is derived from. Null, if this
@ -51,7 +51,7 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
    /**
     * The TSK datasource ID of the datasource this event belongs to.
     */
-    private final long dataSourceID;
+    private final long dataSourceObjId;
    /**
     * The time of this event in second from the Unix epoch.
@ -90,10 +90,25 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
     */
    private MultiEvent<?> parent = null;
-    public SingleDetailsViewEvent(long eventID, long dataSourceID, long objID, Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) {
+    /**
     * 
     * @param eventID
     * @param dataSourceObjId
     * @param fileObjId Object Id of file (could be a data source) that event is associated with
     * @param artifactID
     * @param time
     * @param type
     * @param fullDescription
     * @param medDescription
     * @param shortDescription
     * @param known
     * @param hashHit
     * @param tagged 
     */
    public SingleDetailsViewEvent(long eventID, long dataSourceObjId, long fileObjId, Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) {
        this.eventID = eventID;
-        this.dataSourceID = dataSourceID;
+        this.dataSourceObjId = dataSourceObjId;
-        this.objID = objID;
+        this.fileObjId = fileObjId;
        this.artifactID = Long.valueOf(0).equals(artifactID) ? null : artifactID;
        this.time = time;
        this.type = type;
@ -107,8 +122,8 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
    public SingleDetailsViewEvent(TimelineEvent singleEvent) {
        this(singleEvent.getEventID(),
-                singleEvent.getDataSourceID(),
+                singleEvent.getDataSourceObjID(),
-                singleEvent.getFileID(),
+                singleEvent.getFileObjID(),
                singleEvent.getArtifactID().orElse(null),
                singleEvent.getTime(),
                singleEvent.getEventType(),
@ -130,7 +145,7 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
     *         with the given parent.
     */
    public SingleDetailsViewEvent withParent(MultiEvent<?> newParent) {
-        SingleDetailsViewEvent singleEvent = new SingleDetailsViewEvent(eventID, dataSourceID, objID, artifactID, time, type, descriptions.get(DescriptionLoD.FULL), descriptions.get(DescriptionLoD.MEDIUM), descriptions.get(DescriptionLoD.SHORT), known, hashHit, tagged);
+        SingleDetailsViewEvent singleEvent = new SingleDetailsViewEvent(eventID, dataSourceObjId, fileObjId, artifactID, time, type, descriptions.get(DescriptionLoD.FULL), descriptions.get(DescriptionLoD.MEDIUM), descriptions.get(DescriptionLoD.SHORT), known, hashHit, tagged);
        singleEvent.parent = newParent;
        return singleEvent;
    }
@ -176,12 +191,12 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
    }
    /**
-     * Get the obj id of the file this event is derived from.
+     * Get the obj id of the file (which could be a data source) this event is derived from.
     *
     * @return the object id.
     */
    public long getFileID() {
-        return objID;
+        return fileObjId;
    }
    /**
@ -250,8 +265,8 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
     *
     * @return the datasource id.
     */
-    public long getDataSourceID() {
+    public long getDataSourceObjID() {
-        return dataSourceID;
+        return dataSourceObjId;
    }
    @Override
--- a/Core/src/org/sleuthkit/autopsy/timeline/ui/listvew/ListTimeline.java
+++ b/Core/src/org/sleuthkit/autopsy/timeline/ui/listvew/ListTimeline.java
@ -90,6 +90,7 @@ import static org.sleuthkit.autopsy.timeline.ui.EventTypeUtils.getImagePath;
 import org.sleuthkit.autopsy.timeline.ui.listvew.datamodel.CombinedEvent;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.DescriptionLoD;
@ -457,13 +458,13 @@ class ListTimeline extends BorderPane {
                SortedSet<String> tagNames = new TreeSet<>();
                try {
                    //get file tags
-                    AbstractFile abstractFileById = sleuthkitCase.getAbstractFileById(getEvent().getFileID());
+                    Content file = sleuthkitCase.getContentById(getEvent().getFileObjID());
-                    tagsManager.getContentTagsByContent(abstractFileById).stream()
+                    tagsManager.getContentTagsByContent(file).stream()
                            .map(tag -> tag.getName().getDisplayName())
                            .forEach(tagNames::add);
                } catch (TskCoreException ex) {
-                    logger.log(Level.SEVERE, "Failed to lookup tags for obj id " + getEvent().getFileID(), ex); //NON-NLS
+                    logger.log(Level.SEVERE, "Failed to lookup tags for obj id " + getEvent().getFileObjID(), ex); //NON-NLS
                    Platform.runLater(() -> {
                        Notifications.create()
                                .owner(getScene().getWindow())
@ -527,12 +528,12 @@ class ListTimeline extends BorderPane {
                 */
                setGraphic(new ImageView(HASH_HIT));
                try {
-                    Set<String> hashSetNames = new TreeSet<>(sleuthkitCase.getAbstractFileById(getEvent().getFileID()).getHashSetNames());
+                    Set<String> hashSetNames = new TreeSet<>(sleuthkitCase.getContentById(getEvent().getFileObjID()).getHashSetNames());
                    Tooltip tooltip = new Tooltip(Bundle.ListTimeline_hashHitTooltip_text(String.join("\n", hashSetNames))); //NON-NLS
                    tooltip.setGraphic(new ImageView(HASH_HIT));
                    setTooltip(tooltip);
                } catch (TskCoreException ex) {
-                    logger.log(Level.SEVERE, "Failed to lookup hash set names for obj id " + getEvent().getFileID(), ex); //NON-NLS
+                    logger.log(Level.SEVERE, "Failed to lookup hash set names for obj id " + getEvent().getFileObjID(), ex); //NON-NLS
                    Platform.runLater(() -> {
                        Notifications.create()
                                .owner(getScene().getWindow())