diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java index 26af02e7e2..520908f125 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java @@ -41,7 +41,6 @@ import java.util.Set; import java.util.concurrent.ExecutionException; import java.util.concurrent.TimeUnit; import java.util.logging.Level; -import org.openide.util.Exceptions; import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.casemodule.Case; import static org.sleuthkit.autopsy.centralrepository.datamodel.EamDbUtil.updateSchemaVersion; @@ -1054,38 +1053,43 @@ abstract class AbstractSqlEamDb implements EamDb { } } - /** - * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. - * - * @param aType The type of the artifact - * @param value The correlation value - * - * @return List of artifact instances for a given type/value - * - * @throws EamDbException - */ @Override public List getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException { return getArtifactInstancesByTypeValues(aType, Arrays.asList(value)); } - - /** - * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. - * - * @param aType The type of the artifact - * @param value The correlation value - * - * @return List of artifact instances for a given type/value - * - * @throws EamDbException - */ + + @Override public List getArtifactInstancesByTypeValues(CorrelationAttributeInstance.Type aType, List values) throws EamDbException, CorrelationAttributeNormalizationException { return getArtifactInstances(prepareGetInstancesSql(aType, values), aType); } - + + @Override + public List getArtifactInstancesByTypeValuesAndCases(CorrelationAttributeInstance.Type aType, List values, List caseIds) throws EamDbException, CorrelationAttributeNormalizationException { + String tableName = EamDbUtil.correlationTypeToInstanceTableName(aType); + String sql + = " and " + + tableName + + ".case_id in ('"; + StringBuilder inValuesBuilder = new StringBuilder(prepareGetInstancesSql(aType, values)); + inValuesBuilder.append(sql); + inValuesBuilder.append(caseIds.stream().map(String::valueOf).collect(Collectors.joining("', '"))); + inValuesBuilder.append("')"); + return getArtifactInstances(inValuesBuilder.toString(), aType); + } + + /** + * Get the select statement for retrieving correlation attribute instances + * from the CR for a given type with values matching the specified values + * + * @param aType The type of the artifact + * @param values The list of correlation values to get + * CorrelationAttributeInstances for + * + * @return the select statement as a String + * + * @throws CorrelationAttributeNormalizationException + */ private String prepareGetInstancesSql(CorrelationAttributeInstance.Type aType, List values) throws CorrelationAttributeNormalizationException { String tableName = EamDbUtil.correlationTypeToInstanceTableName(aType); String sql @@ -1118,6 +1122,20 @@ abstract class AbstractSqlEamDb implements EamDb { return inValuesBuilder.toString(); } + /** + * Retrieves eamArtifact instances from the database that are associated + * with the eamArtifactType and eamArtifactValues of the given eamArtifact. + * + * @param aType The type of the artifact + * @param values The list of correlation values to get + * CorrelationAttributeInstances for + * + * @return List of artifact instances for a given type with the specified + * values + * + * @throws CorrelationAttributeNormalizationException + * @throws EamDbException + */ private List getArtifactInstances(String sql, CorrelationAttributeInstance.Type aType) throws CorrelationAttributeNormalizationException, EamDbException { Connection conn = connect(); List artifactInstances = new ArrayList<>(); @@ -1141,31 +1159,6 @@ abstract class AbstractSqlEamDb implements EamDb { return artifactInstances; } - /** - * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. - * - * @param aType The type of the artifact - * @param value The correlation value - * - * @return List of artifact instances for a given type/value - * - * @throws EamDbException - */ - @Override - public List getArtifactInstancesByTypeValuesAndCases(CorrelationAttributeInstance.Type aType, List values, List caseIds) throws EamDbException, CorrelationAttributeNormalizationException { - String tableName = EamDbUtil.correlationTypeToInstanceTableName(aType); - String sql - = " and " - + tableName - + ".case_id in ('"; - StringBuilder inValuesBuilder = new StringBuilder(prepareGetInstancesSql(aType, values)); - inValuesBuilder.append(sql); - inValuesBuilder.append(caseIds.stream().map(String::valueOf).collect(Collectors.joining("', '"))); - inValuesBuilder.append("')"); - return getArtifactInstances(inValuesBuilder.toString(), aType); - } - /** * Retrieves eamArtifact instances from the database that are associated * with the aType and filePath diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java index ce5052d0a9..1050c01ffc 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java @@ -24,7 +24,6 @@ import java.util.Set; import org.sleuthkit.datamodel.TskData; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.coordinationservice.CoordinationService; -import org.sleuthkit.datamodel.CaseDbSchemaVersionNumber; /** * Main interface for interacting with the database @@ -200,27 +199,29 @@ public interface EamDb { * Creates new Data Source in the database * * @param eamDataSource the data source to add - * - * @return - A CorrelationDataSource object with data source's central repository id + * + * @return - A CorrelationDataSource object with data source's central + * repository id */ CorrelationDataSource newDataSource(CorrelationDataSource eamDataSource) throws EamDbException; - + /** * Updates the MD5 hash value in an existing data source in the database. * * @param eamDataSource The data source to update */ void updateDataSourceMd5Hash(CorrelationDataSource eamDataSource) throws EamDbException; - + /** * Updates the SHA-1 hash value in an existing data source in the database. * * @param eamDataSource The data source to update */ void updateDataSourceSha1Hash(CorrelationDataSource eamDataSource) throws EamDbException; - + /** - * Updates the SHA-256 hash value in an existing data source in the database. + * Updates the SHA-256 hash value in an existing data source in the + * database. * * @param eamDataSource The data source to update */ @@ -257,14 +258,14 @@ public interface EamDb { /** * Changes the name of a data source in the DB - * - * @param eamDataSource The data source - * @param newName The new name - * - * @throws EamDbException + * + * @param eamDataSource The data source + * @param newName The new name + * + * @throws EamDbException */ void updateDataSourceName(CorrelationDataSource eamDataSource, String newName) throws EamDbException; - + /** * Inserts new Artifact(s) into the database. Should add associated Case and * Data Source first. @@ -275,12 +276,17 @@ public interface EamDb { /** * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. + * with the eamArtifactType and eamArtifactValues of the given eamArtifact. * - * @param aType EamArtifact.Type to search for - * @param value Value to search for + * @param aType EamArtifact.Type to search for + * @param values The list of correlation values to get + * CorrelationAttributeInstances for * - * @return List of artifact instances for a given type/value + * @return List of artifact instances for a given type with the specified + * values + * + * @throws CorrelationAttributeNormalizationException + * @throws EamDbException */ List getArtifactInstancesByTypeValues(CorrelationAttributeInstance.Type aType, List values) throws EamDbException, CorrelationAttributeNormalizationException; @@ -288,23 +294,35 @@ public interface EamDb { * Retrieves eamArtifact instances from the database that are associated * with the eamArtifactType and eamArtifactValue of the given eamArtifact. * - * @param aType EamArtifact.Type to search for - * @param value Value to search for + * @param aType The type of the artifact + * @param value The correlation value * * @return List of artifact instances for a given type/value + * + * @throws CorrelationAttributeNormalizationException + * @throws EamDbException */ List getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException; - + /** * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. + * with the eamArtifactType and eamArtifactValues of the given eamArtifact + * for the specified cases. * - * @param aType EamArtifact.Type to search for - * @param value Value to search for + * @param aType The type of the artifact + * @param values The list of correlation values to get + * CorrelationAttributeInstances for + * @param caseIds The list of central repository case ids to get + * CorrelationAttributeInstances for * - * @return List of artifact instances for a given type/value + * @return List of artifact instances for a given type with the specified + * values for the specified cases + * + * @throws CorrelationAttributeNormalizationException + * @throws EamDbException */ List getArtifactInstancesByTypeValuesAndCases(CorrelationAttributeInstance.Type aType, List values, List caseIds) throws EamDbException, CorrelationAttributeNormalizationException; + /** * Retrieves eamArtifact instances from the database that are associated * with the aType and filePath @@ -362,7 +380,7 @@ public interface EamDb { * Retrieves number of eamArtifact instances in the database that are * associated with the given data source. * - * @param correlationDataSource Data source to search for + * @param correlationDataSource Data source to search for * * @return Number of artifact instances having caseDisplayName and * dataSource diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java index aa02a57839..163d747a4f 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java @@ -513,15 +513,6 @@ final class SqliteEamDb extends AbstractSqlEamDb { } } - /** - * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. - * - * @param aType The type of the artifact - * @param value The correlation value - * - * @return List of artifact instances for a given type/value - */ @Override public List getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException { try { @@ -532,15 +523,6 @@ final class SqliteEamDb extends AbstractSqlEamDb { } } - /** - * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. - * - * @param aType The type of the artifact - * @param value The correlation value - * - * @return List of artifact instances for a given type/value - */ @Override public List getArtifactInstancesByTypeValues(CorrelationAttributeInstance.Type aType, List values) throws EamDbException, CorrelationAttributeNormalizationException { try { @@ -551,15 +533,6 @@ final class SqliteEamDb extends AbstractSqlEamDb { } } - /** - * Retrieves eamArtifact instances from the database that are associated - * with the eamArtifactType and eamArtifactValue of the given eamArtifact. - * - * @param aType The type of the artifact - * @param value The correlation value - * - * @return List of artifact instances for a given type/value - */ @Override public List getArtifactInstancesByTypeValuesAndCases(CorrelationAttributeInstance.Type aType, List values, List caseIds) throws EamDbException, CorrelationAttributeNormalizationException { try { diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/AllInterCaseCommonAttributeSearcher.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/AllInterCaseCommonAttributeSearcher.java index e9088dbbb6..ee9c70211f 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/AllInterCaseCommonAttributeSearcher.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/AllInterCaseCommonAttributeSearcher.java @@ -2,7 +2,7 @@ * * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -64,7 +64,6 @@ public class AllInterCaseCommonAttributeSearcher extends InterCaseCommonAttribut mimeTypesToFilterOn.addAll(TEXT_FILES_MIME_TYPES); } Map interCaseCommonFiles = eamDbAttrInst.findInterCaseValuesByCount(Case.getCurrentCase(), mimeTypesToFilterOn); - return new CommonAttributeCountSearchResults(interCaseCommonFiles, this.frequencyPercentageThreshold, this.corAttrType); } diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCaseSearchResults.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCaseSearchResults.java index 317c5a26ab..7b927e4e12 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCaseSearchResults.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCaseSearchResults.java @@ -2,7 +2,7 @@ * * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -107,7 +107,6 @@ final public class CommonAttributeCaseSearchResults { * not be more common than * @param resultTypeId the ID of the result type contained in the * metadata - * @param mimeTypesToFilterOn the mimetypes to include in our results * * @return metadata */ @@ -121,7 +120,7 @@ final public class CommonAttributeCaseSearchResults { } Map currentCaseDataSourceMap = metadata.get(currentCaseName); if (currentCaseDataSourceMap == null) { - throw new EamDbException("No data for current case found in results, indicating there are no results and nothing will be filtered"); + return null; } CorrelationAttributeInstance.Type attributeType = CorrelationAttributeInstance .getDefaultCorrelationTypes() @@ -159,7 +158,6 @@ final public class CommonAttributeCaseSearchResults { * should not be more common than * @param uniqueCaseDataSourceTuples the number of unique data sources in * the CR - * @param mimeTypesToFilterOn the mimetypes to include in our results * * @return a map of correlation value to CommonAttributeValue for results * from the current case @@ -223,7 +221,6 @@ final public class CommonAttributeCaseSearchResults { * should not be more common than * @param uniqueCaseDataSourceTuples the number of unique data sources in * the CR - * @param mimeTypesToInclude the mimetypes to include in our results * * @return true if the value should be filtered and removed from what is * shown to the user, false if the value should not be removed and diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCountSearchResults.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCountSearchResults.java index 4845218680..38da9bec48 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCountSearchResults.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeCountSearchResults.java @@ -2,7 +2,7 @@ * * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -22,18 +22,15 @@ package org.sleuthkit.autopsy.commonpropertiessearch; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.Set; import java.util.logging.Level; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.datamodel.AbstractFile; /** * Stores the results from the various types of common attribute searching @@ -194,7 +191,7 @@ final public class CommonAttributeCountSearchResults { int count = 0; for (CommonAttributeValueList data : this.instanceCountToAttributeValues.values()) { - for (CommonAttributeValue md5 : data.getDelayedMetadataList()) { + for (CommonAttributeValue md5 : data.getDelayedMetadataSet()) { count += md5.getInstanceCount(); } } diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeValueList.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeValueList.java index 50f29dff13..134d750ace 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeValueList.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CommonAttributeValueList.java @@ -1,16 +1,16 @@ /* - * + * * Autopsy Forensic Browser - * - * Copyright 2018 Basis Technology Corp. + * + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,10 +36,10 @@ final public class CommonAttributeValueList { * The list of value nodes, which begins empty. */ private final List metadataList; - + /** - * The backing list of value nodes, which will be dynamically loaded - * when requested. + * The backing list of value nodes, which will be dynamically loaded when + * requested. */ private final List delayedMetadataList; @@ -60,44 +60,38 @@ final public class CommonAttributeValueList { } /** - * Get the list of value nodes. Will be empty if - * displayDelayedMetadata() has not been called for the - * parent InstanceCountNode + * Get the list of value nodes. Will be empty if displayDelayedMetadata() + * has not been called for the parent InstanceCountNode + * * @return metadataList the list of nodes */ public List getMetadataList() { return Collections.unmodifiableList(this.metadataList); } - - public Set getMetadataSet() { - return new HashSet<>(this.metadataList); - } - + /** - * Get the delayed list of value nodes. Only use for - * determining how many CommonAttributeValues - * actually exist in the list. - * @return metadataList the list of nodes + * Get the delayed set of value nodes. Only use for determining which values and how many + * CommonAttributeValues actually exist in the list. + * + * @return metadataList the set of nodes */ - List getDelayedMetadataList() { - return Collections.unmodifiableList(this.delayedMetadataList); - } - - Set getDelayedMetadataSet() { + Set getDelayedMetadataSet() { + //Allows nodes to be de-duped return new HashSet<>(this.delayedMetadataList); } - + void removeMetaData(CommonAttributeValue commonVal) { this.delayedMetadataList.remove(commonVal); } - + /** - * Return the size of the backing list, in case - * displayDelayedMetadata() has not be called yet. + * Return the size of the backing list, in case displayDelayedMetadata() has + * not be called yet. + * * @return int the number of matches for this value */ int getCommonAttributeListSize() { - return this.delayedMetadataList.size(); + return this.delayedMetadataList.size(); } /** @@ -113,6 +107,7 @@ final public class CommonAttributeValueList { /** * A a value node to the list, to be loaded later. + * * @param metadata the node to add */ void addMetadataToList(CommonAttributeValue metadata) { diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InstanceDataSourceNode.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InstanceDataSourceNode.java index 28c08e3c78..fe6b507f7d 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InstanceDataSourceNode.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InstanceDataSourceNode.java @@ -2,7 +2,7 @@ * * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InterCaseSearchResultsProcessor.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InterCaseSearchResultsProcessor.java index 9b3500971f..941e95bf6b 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InterCaseSearchResultsProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/InterCaseSearchResultsProcessor.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,9 +30,6 @@ import java.util.Set; import java.util.List; import java.util.Map; import java.util.logging.Level; -import java.util.stream.Collectors; -import java.util.stream.IntStream; -import org.openide.util.Exceptions; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type; @@ -44,9 +41,6 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; import org.sleuthkit.autopsy.centralrepository.datamodel.InstanceTableCallback; import org.sleuthkit.autopsy.commonpropertiessearch.AbstractCommonAttributeInstance.NODE_TYPE; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.CaseDbAccessManager; import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.HashUtility; @@ -59,21 +53,12 @@ import org.sleuthkit.datamodel.TskCoreException; final class InterCaseSearchResultsProcessor { private static final Logger LOGGER = Logger.getLogger(CommonAttributePanel.class.getName()); + private static final String INTER_CASE_WHERE_CLAUSE = "case_id=%s AND (known_status !=%s OR known_status IS NULL)"; //NON-NLS /** * The CorrelationAttributeInstance.Type this Processor will query on */ private final Type correlationType; - /** - * The initial CorrelationAttributeInstance ids lookup query. - */ - private final String interCaseWhereClause; - - /** - * The single CorrelationAttributeInstance object retrieval query - */ - private final String singleInterCaseWhereClause; - /** * Used in the InterCaseCommonAttributeSearchers to find common attribute * instances and generate nodes at the UI level. @@ -83,16 +68,6 @@ final class InterCaseSearchResultsProcessor { */ InterCaseSearchResultsProcessor(CorrelationAttributeInstance.Type theType) { this.correlationType = theType; - interCaseWhereClause = getInterCaseWhereClause(); - singleInterCaseWhereClause = getSingleInterCaseWhereClause(); - } - - private String getInterCaseWhereClause() { - return "case_id=%s AND (known_status !=%s OR known_status IS NULL)"; - } - - private String getSingleInterCaseWhereClause() { - return "case_id=%s AND (known_status !=%s OR known_status IS NULL)"; } /** @@ -118,6 +93,17 @@ final class InterCaseSearchResultsProcessor { return null; } + /** + * Get the portion of the select query which will get md5 values for files + * from the current case which are potentially being correlated on. + * + * @param mimeTypesToFilterOn the set of mime types to filter on + * + * @return the portion of a query which follows the SELECT keyword for + * finding MD5s which we are correlating on + * + * @throws EamDbException + */ private String getFileQuery(Set mimeTypesToFilterOn) throws EamDbException { String query; query = "md5 as value from tsk_files where known!=" + TskData.FileKnown.KNOWN.getFileKnownValue() + " AND md5 IS NOT NULL"; @@ -132,7 +118,8 @@ final class InterCaseSearchResultsProcessor { * and builds maps of case name to maps of data source name to * CommonAttributeValueList. * - * @param currentCase The current TSK Case. + * @param currentCase The current TSK Case. + * @param mimeTypesToFilterOn the set of mime types to filter on * * @return map of Case name to Maps of Datasources and their * CommonAttributeValueLists @@ -146,25 +133,26 @@ final class InterCaseSearchResultsProcessor { if (correlationType.getId() == CorrelationAttributeInstance.FILES_TYPE_ID) { currentCase.getSleuthkitCase().getCaseDbAccessManager().select(getFileQuery(mimeTypesToFilterOn), instancetableCallback); } else { - dbManager.processInstanceTableWhere(correlationType, String.format(interCaseWhereClause, caseId, + dbManager.processInstanceTableWhere(correlationType, String.format(INTER_CASE_WHERE_CLAUSE, caseId, TskData.FileKnown.KNOWN.getFileKnownValue()), instancetableCallback); } return instancetableCallback.getInstanceCollatedCommonFiles(); - } catch (EamDbException ex) { + } catch (EamDbException | TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error accessing EamDb processing CaseInstancesTable.", ex); - } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); - } + } return new HashMap<>(); } /** * Given the current case, fins all intercase common files from the EamDb - * and builds maps of obj id to md5 and case. + * and builds maps of obj id to value and case. * - * @param currentCase The current TSK Case. + * @param currentCase The current TSK Case. + * @param mimeTypesToFilterOn the set of mime types to filter on + * + * @return map of number of instances to CommonAttributeValueLists */ Map findInterCaseValuesByCount(Case currentCase, Set mimeTypesToFilterOn) { try { @@ -176,27 +164,29 @@ final class InterCaseSearchResultsProcessor { if (correlationType.getId() == CorrelationAttributeInstance.FILES_TYPE_ID) { currentCase.getSleuthkitCase().getCaseDbAccessManager().select(getFileQuery(mimeTypesToFilterOn), instancetableCallback); } else { - dbManager.processInstanceTableWhere(correlationType, String.format(interCaseWhereClause, caseId, + dbManager.processInstanceTableWhere(correlationType, String.format(INTER_CASE_WHERE_CLAUSE, caseId, TskData.FileKnown.KNOWN.getFileKnownValue()), instancetableCallback); } return instancetableCallback.getInstanceCollatedCommonFiles(); - } catch (EamDbException ex) { + } catch (EamDbException | TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error accessing EamDb processing CaseInstancesTable.", ex); - } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); - } + } return new HashMap<>(); } /** * Given the current case, and a specific case of interest, finds common * files which exist between cases from the EamDb. Builds maps of obj id to - * md5 and case. + * value and case. * - * @param currentCase The current TSK Case. - * @param singleCase The case of interest. Matches must exist in this case. + * @param currentCase The current TSK Case. + * @param mimeTypesToFilterOn the set of mime types to filter on + * @param singleCase The case of interest. Matches must exist in + * this case. + * + * @return map of number of instances to CommonAttributeValueLists */ Map findSingleInterCaseValuesByCount(Case currentCase, Set mimeTypesToFilterOn, CorrelationCase singleCase) { try { @@ -207,15 +197,13 @@ final class InterCaseSearchResultsProcessor { if (correlationType.getId() == CorrelationAttributeInstance.FILES_TYPE_ID) { currentCase.getSleuthkitCase().getCaseDbAccessManager().select(getFileQuery(mimeTypesToFilterOn), instancetableCallback); } else { - dbManager.processInstanceTableWhere(correlationType, String.format(interCaseWhereClause, caseId, + dbManager.processInstanceTableWhere(correlationType, String.format(INTER_CASE_WHERE_CLAUSE, caseId, TskData.FileKnown.KNOWN.getFileKnownValue()), instancetableCallback); } return instancetableCallback.getInstanceCollatedCommonFiles(); - } catch (EamDbException ex) { + } catch (EamDbException | TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error accessing EamDb processing CaseInstancesTable.", ex); - } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); } return new HashMap<>(); } @@ -225,13 +213,13 @@ final class InterCaseSearchResultsProcessor { * files which exist between cases from the EamDb. Builds map of case name * to maps of data source name to CommonAttributeValueList. * - * @param currentCase The current TSK Case. + * @param currentCase The current TSK Case. + * @param mimeTypesToFilterOn the set of mime types to filter on + * @param singleCase The case of interest. Matches must exist in + * this case. * * @return map of Case name to Maps of Datasources and their * CommonAttributeValueLists - * - * @param currentCase The current TSK Case. - * @param singleCase The case of interest. Matches must exist in this case. */ Map> findSingleInterCaseValuesByCase(Case currentCase, Set mimeTypesToFilterOn, CorrelationCase singleCase) { try { @@ -243,16 +231,14 @@ final class InterCaseSearchResultsProcessor { if (correlationType.getId() == CorrelationAttributeInstance.FILES_TYPE_ID) { currentCase.getSleuthkitCase().getCaseDbAccessManager().select(getFileQuery(mimeTypesToFilterOn), instancetableCallback); } else { - dbManager.processInstanceTableWhere(correlationType, String.format(interCaseWhereClause, caseId, + dbManager.processInstanceTableWhere(correlationType, String.format(INTER_CASE_WHERE_CLAUSE, caseId, TskData.FileKnown.KNOWN.getFileKnownValue()), instancetableCallback); } return instancetableCallback.getInstanceCollatedCommonFiles(); - } catch (EamDbException ex) { + } catch (EamDbException | TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error accessing EamDb processing CaseInstancesTable.", ex); - } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); - } + } return new HashMap<>(); } @@ -319,13 +305,9 @@ final class InterCaseSearchResultsProcessor { } } } - } catch (SQLException ex) { + } catch (SQLException | EamDbException | CorrelationAttributeNormalizationException ex) { LOGGER.log(Level.WARNING, "Error getting artifact instances from database.", ex); // NON-NLS - } catch (EamDbException ex) { - Exceptions.printStackTrace(ex); - } catch (CorrelationAttributeNormalizationException ex) { - Exceptions.printStackTrace(ex); - } + } } Map getInstanceCollatedCommonFiles() { @@ -334,7 +316,7 @@ final class InterCaseSearchResultsProcessor { } /** - * Callback to use with findInterCaseValuesByCount which generates a list of + * Callback to use with findInterCaseValuesByCase which generates a map of maps of * values for common property search */ private class InterCaseByCaseCallback implements CaseDbAccessManager.CaseDbAccessQueryCallback, InstanceTableCallback { @@ -401,11 +383,9 @@ final class InterCaseSearchResultsProcessor { } } } - } catch (EamDbException | SQLException ex) { + } catch (EamDbException | SQLException | CorrelationAttributeNormalizationException ex) { LOGGER.log(Level.WARNING, "Error getting artifact instances from database.", ex); // NON-NLS - } catch (CorrelationAttributeNormalizationException ex) { - Exceptions.printStackTrace(ex); - } + } } Map> getInstanceCollatedCommonFiles() { diff --git a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/SingleInterCaseCommonAttributeSearcher.java b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/SingleInterCaseCommonAttributeSearcher.java index e098c1ea3d..8d0cca8412 100644 --- a/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/SingleInterCaseCommonAttributeSearcher.java +++ b/Core/src/org/sleuthkit/autopsy/commonpropertiessearch/SingleInterCaseCommonAttributeSearcher.java @@ -2,7 +2,7 @@ * * Autopsy Forensic Browser * - * Copyright 2018 Basis Technology Corp. + * Copyright 2018-2019 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -76,7 +76,7 @@ public class SingleInterCaseCommonAttributeSearcher extends InterCaseCommonAttri CorrelationCase correlationCase = this.getCorrelationCaseFromId(this.corrleationCaseId); this.correlationCaseName = correlationCase.getDisplayName(); InterCaseSearchResultsProcessor eamDbAttrInst = new InterCaseSearchResultsProcessor(this.corAttrType); - Set mimeTypesToFilterOn = new HashSet<>(); + Set mimeTypesToFilterOn = new HashSet<>(); if (isFilterByMedia()) { mimeTypesToFilterOn.addAll(MEDIA_PICS_VIDEO_MIME_TYPES); }