From 426fc0a881996174656022ea320c43836b38554c Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 17 Jan 2018 09:59:06 -0500 Subject: [PATCH 01/33] Updated error messages and surrounding logic for KWS. --- .../autopsy/keywordsearch/AccountsText.java | 18 ++-- .../autopsy/keywordsearch/Bundle.properties | 6 -- .../keywordsearch/Bundle_ja.properties | 4 +- .../keywordsearch/ExtractedContentPanel.java | 4 +- .../keywordsearch/ExtractedContentViewer.java | 6 ++ .../keywordsearch/HighlightedText.java | 15 ++-- .../autopsy/keywordsearch/RawText.java | 88 ++++++++----------- 7 files changed, 58 insertions(+), 83 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java index e5f17cef12..812a16bbbf 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -35,6 +35,7 @@ import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrRequest.METHOD; import org.apache.solr.client.solrj.response.QueryResponse; import org.openide.util.NbBundle; +import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Version; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -52,7 +53,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ class AccountsText implements IndexedText { - private static final Logger logger = Logger.getLogger(AccountsText.class.getName()); + private static final Logger LOGGER = Logger.getLogger(AccountsText.class.getName()); private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT); private static final String CCN_REGEX = "(%?)(B?)([0-9][ \\-]*?){12,19}(\\^?)"; @@ -284,15 +285,6 @@ class AccountsText implements IndexedText { } @Override - @NbBundle.Messages({"AccountsText.getMarkup.noMatchMsg=" - + "
There were no keyword hits on this page. 
"
-        + "The keyword could have been in the file name."
-        + " 
Advance to another page if present, or to view the original text, choose File Text"
-        + " 
in the drop down menu to the right...
", - "AccountsText.getMarkup.queryFailedMsg=" - + "
Failed to retrieve keyword hit results."
-        + " 
Confirm that Autopsy can connect to the Solr server. "
-        + "
"}) public String getText() { try { loadPageInfo(); //inits once @@ -320,8 +312,8 @@ class AccountsText implements IndexedText { // extracted content (minus highlight tags) is HTML-escaped return "
" + highlightedText + "
"; //NON-NLS } catch (Exception ex) { - logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + this.solrObjectId + ", chunkID " + this.currentPage, ex); //NON-NLS - return Bundle.AccountsText_getMarkup_queryFailedMsg(); + LOGGER.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + this.solrObjectId + ", chunkID " + this.currentPage, ex); //NON-NLS + return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getText.error.msg"); } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties index 8be786efda..2730c08b5c 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties @@ -54,11 +54,6 @@ AbstractKeywordSearchPerformer.search.noFilesInIdxMsg=No files are in inde AbstractKeywordSearchPerformer.search.noFilesIdxdMsg=No files were indexed.
Re-ingest the image with the Keyword Search Module enabled. ExtractedContentViewer.toolTip=Displays extracted text from files and keyword-search results. Requires Keyword Search ingest to be run on a file to activate this viewer. ExtractedContentViewer.getTitle=Indexed Text -ExtractedContentViewer.getSolrContent.knownFileMsg=

{0} is a known file (based on MD5 hash) and does not have text in the index.

-ExtractedContentViewer.getSolrContent.noTxtYetMsg=

{0} does not have text in the index.
It may have no text, not been analyzed yet, or keyword search was not enabled during ingest.

-ExtractedContentViewer.getSolrContent.txtBodyItal={0} -HighlightedMatchesSource.getMarkup.noMatchMsg=Failed to retrieve indexed text for keyword hit. Advance to another page if present, or to view the original text, choose File Text in the drop down menu to the right. Alternatively, you may choose to extract file content and search for the hit using an external application (e.g. a text editor). -HighlightedMatchesSource.getMarkup.queryFailedMsg=
Failed to retrieve keyword hit results. 
Confirm that Autopsy can connect to the Solr server.
HighlightedMatchesSource.toString=Search Results Installer.reportPortError=Indexing server port {0} is not available. Check if your security software does not block {1} and consider changing {2} in {3} property file in the application user folder. Then try rebooting your system if another process was causing the conflict. Installer.reportStopPortError=Indexing server stop port {0} is not available. Consider changing {1} in {2} property file in the application user folder. @@ -272,7 +267,6 @@ KeywordSearchGlobalSearchSettingsPanel.timeRadioButton5.text=No periodic searche SolrConnectionCheck.HostnameOrPort=Invalid hostname and/or port number. SolrConnectionCheck.Hostname=Invalid hostname. SolrConnectionCheck.MissingHostname=Missing hostname. -RawText.getText.error.msg=Error getting text GlobalListsManagementPanel.newListButton.text=New List GlobalListsManagementPanel.importButton.text=Import List GlobalListsManagementPanel.keywordListsLabel.text=Keyword Lists: diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties index bdcc19f6f6..dbaae76b16 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties @@ -46,7 +46,6 @@ AbstractKeywordSearchPerformer.search.noFilesIdxdMsg=\u30a4\u30f3\u30c7\u3 ExtractedContentPanel.setMarkup.panelTxt=\u30c6\u30ad\u30b9\u30c8\u30ed\u30fc\u30c9\u4e2d...\u3057\u3070\u3089\u304f\u304a\u5f85\u3061\u304f\u3060\u3055\u3044\u3002 ExtractedContentViewer.toolTip=\u30d5\u30a1\u30a4\u30eb\u3084\u30ad\u30fc\u30ef\u30fc\u30c9\u691c\u7d22\u7d50\u679c\u304b\u3089\u62bd\u51fa\u3055\u308c\u305f\u30c6\u30ad\u30b9\u30c8\u3092\u8868\u793a\u3002\u3053\u306e\u30d3\u30e5\u30fc\u30a2\u3092\u6709\u52b9\u5316\u3059\u308b\u306b\u306f\u3001\u30d5\u30a1\u30a4\u30eb\u306b\u5bfe\u3057\u3066\u30ad\u30fc\u30ef\u30fc\u30c9\u691c\u7d22\u30a4\u30f3\u30b8\u30a7\u30b9\u30c8\u3092\u5b9f\u884c\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002 ExtractedContentViewer.getTitle=\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u5316\u3055\u308c\u305f\u30c6\u30ad\u30b9\u30c8 -ExtractedContentViewer.getSolrContent.knownFileMsg=

{0}\u306f\u65e2\u77e5\u30d5\u30a1\u30a4\u30eb\u3067\u3059\uff08MDS\u30cf\u30c3\u30b7\u30e5\u306b\u57fa\u3065\u304f\u3068\uff09\u3002\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u306b\u30c6\u30ad\u30b9\u30c8\u304c\u3042\u308a\u307e\u305b\u3093\u3002

ExtractedContentViewer.getSolrContent.noTxtYetMsg=

{0}\u306e\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u306b\u30c6\u30ad\u30b9\u30c8\u304c\u3042\u308a\u307e\u305b\u3093\u3002
\u30c6\u30ad\u30b9\u30c8\u304c\u7121\u3044\u304b\u3001\u307e\u3060\u89e3\u6790\u3055\u308c\u3066\u3044\u306a\u3044\u304b\u3001\u30ad\u30fc\u30ef\u30fc\u30c9\u691c\u7d22\u304c\u30a4\u30f3\u30b8\u30a7\u30b9\u30c8\u4e2d\u306b\u6709\u52b9\u5316\u3055\u308c\u3066\u3044\u306a\u304b\u3063\u305f\u304b\u3082\u3057\u308c\u307e\u305b\u3093\u3002

HighlightedMatchesSource.toString=\u691c\u7d22\u7d50\u679c Installer.reportPortError=\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u30b5\u30fc\u30d0\u30fc\u30dd\u30fc\u30c8 {0} \u306f\u5229\u7528\u3067\u304d\u307e\u305b\u3093\u3002\u4f7f\u7528\u3057\u3066\u3044\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c {1} \u3092\u30d6\u30ed\u30c3\u30af\u3057\u3066\u3044\u306a\u3044\u304b\u78ba\u8a8d\u3057\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e6\u30fc\u30b6\u30fc\u30d5\u30a9\u30eb\u30c0\u30fc\u5185\u306e{3}\u30d7\u30ed\u30d1\u30c6\u30a3\u30d5\u30a1\u30a4\u30eb\u306e{2}\u3092\u5909\u66f4\u3059\u308b\u691c\u8a0e\u3092\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u3082\u3057\u4ed6\u306e\u51e6\u7406\u304c\u554f\u984c\u306e\u539f\u56e0\u3067\u3042\u308c\u3070\u3001\u30b7\u30b9\u30c6\u30e0\u3092\u518d\u8d77\u52d5\u3057\u3066\u4e0b\u3055\u3044\u3002 @@ -261,7 +260,6 @@ KeywordSearchModuleFactory.getIngestJobSettingsPanel.exception.msg=\u8a2d\u5b9a\ SearchRunner.Searcher.done.err.msg=\u30ad\u30fc\u30ef\u30fc\u30c9\u691c\u7d22\u3092\u5b9f\u884c\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f KeywordSearchGlobalSearchSettingsPanel.timeRadioButton5.text=\u5b9a\u671f\u7684\u691c\u7d22\u7121\u3057 KeywordSearchGlobalSearchSettingsPanel.timeRadioButton5.toolTipText=\u5168\u4f53\u7684\u306b\u4e00\u756a\u901f\u3044\u3067\u3059\u304c\u3001\u51e6\u7406\u304c\u5b8c\u4e86\u3059\u308b\u307e\u3067\u7d50\u679c\u306f\u8868\u793a\u3055\u308c\u307e\u305b\u3093 -HighlightedMatchesSource.getMarkup.queryFailedMsg=
\u30ad\u30fc\u30ef\u30fc\u30c9\u306b\u30d2\u30c3\u30c8\u3057\u305f\u7d50\u679c\u3092\u53d6\u5f97\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002
Autopsy\u304cSolr\u30b5\u30fc\u30d0\u30fc\u306b\u63a5\u7d9a\u3067\u304d\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002
\ KeywordSearch.openCore.notification.msg=\u30ad\u30fc\u30ef\u30fc\u30c9\u691c\u7d22\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u3092\u958b\u3051\u307e\u305b\u3093\u3067\u3057\u305f KeywordSearch.closeCore.notification.msg=\u30ad\u30fc\u30ef\u30fc\u30c9\u691c\u7d22\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u3092\u9589\u3058\u308b\u969b\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f KeywordSearchListsManagementPanel.fileExtensionFilterLb2=\u30ad\u30fc\u30ef\u30fc\u30c9\u30ea\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u30a8\u30f3\u30b1\u30fc\u30b9\u3059\u308b(txt) @@ -272,7 +270,7 @@ SolrConnectionCheck.HostnameOrPort=hostname\u3084\u30dd\u30fc\u30c8\u756a\u53f7\ SolrConnectionCheck.Hostname=hostname\u304c\u7121\u52b9\u3067\u3059\u3002 SolrConnectionCheck.Port=\u30dd\u30fc\u30c8\u756a\u53f7\u304c\u7121\u52b9\u3067\u3059\u3002 SolrConnectionCheck.MissingHostname=hostname\u304c\u6b20\u3051\u3066\u307e\u3059\u3002 -RawText.getText.error.msg=\u30c6\u30ad\u30b9\u30c8\u3092\u53d6\u5f97\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f +ExtractedContentViewer.getText.error.msg=\u30c6\u30ad\u30b9\u30c8\u3092\u53d6\u5f97\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f GlobalListsManagementPanel.exportButton.text=\u30ea\u30b9\u30c8\u3092\u30a8\u30af\u30b9\u30dd\u30fc\u30c8 GlobalListsManagementPanel.deleteListButton.text=\u30ea\u30b9\u30c8\u3092\u524a\u9664 GlobalListsManagementPanel.copyListButton.text=\u30ea\u30b9\u30c8\u3092\u30b3\u30d4\u30fc diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java index 01647f2a46..fd8966e254 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java @@ -648,7 +648,7 @@ class ExtractedContentPanel extends javax.swing.JPanel { } @NbBundle.Messages({ - "ExtractedContentPanel.SetMarkup.error=There was an error getting the text for the selected source."}) + "ExtractedContentPanel.SetMarkup.error.msg=Error getting text."}) @Override protected void done() { super.done(); @@ -665,7 +665,7 @@ class ExtractedContentPanel extends javax.swing.JPanel { } catch (InterruptedException | ExecutionException ex) { logger.log(Level.SEVERE, "Error getting marked up text", ex); //NON-NLS - setPanelText(Bundle.ExtractedContentPanel_SetMarkup_error(), true); + setPanelText(NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentPanel.getText.error.msg"), true); } // catch and ignore if we were cancelled catch (java.util.concurrent.CancellationException ex) { } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index dbed68e660..27c5ae6b72 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -29,6 +29,7 @@ import java.util.logging.Level; import org.openide.nodes.Node; import org.openide.util.Lookup; import org.openide.util.NbBundle; +import org.openide.util.NbBundle.Messages; import org.openide.util.lookup.ServiceProvider; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer; @@ -47,6 +48,11 @@ import org.sleuthkit.datamodel.TskCoreException; * A content viewer that displays the indexed text associated with a file or an * artifact, possibly marked up with HTML to highlight keyword hits. */ +@Messages({ + "ExtractedContentViewer.getText.error.msg=Error getting text.", + "ExtractedContentViewer.getSolrContent.noTxtYetMsg=

There is currently no text in the index for this {0}. It may have no text, it may not have been analyzed yet, there may have been an error extracting text, or keyword search was not enabled during ingest.

", + "ExtractedContentViewer.getSolrContent.txtBodyItal={0}" +}) @ServiceProvider(service = DataContentViewer.class, position = 4) public class ExtractedContentViewer implements DataContentViewer { diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java index 70d2e69194..06f79de439 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,6 @@ package org.sleuthkit.autopsy.keywordsearch; import com.google.common.collect.Iterators; import com.google.common.collect.Range; -import com.google.common.collect.RangeSet; import com.google.common.collect.TreeRangeSet; import java.util.Arrays; import java.util.Collection; @@ -55,7 +54,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ class HighlightedText implements IndexedText { - private static final Logger logger = Logger.getLogger(HighlightedText.class.getName()); + private static final Logger LOGGER = Logger.getLogger(HighlightedText.class.getName()); private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT); @@ -140,7 +139,6 @@ class HighlightedText implements IndexedText { * This method figures out which pages / chunks have hits. Invoking it a * second time has no effect. */ - @Messages({"HighlightedText.query.exception.msg=Could not perform the query to get chunk info and get highlights:"}) synchronized private void loadPageInfo() throws TskCoreException, KeywordSearchModuleException, NoOpenCoreException { if (isPageInfoLoaded) { return; @@ -158,7 +156,6 @@ class HighlightedText implements IndexedText { this.numberPages = 1; this.currentPage = 1; numberOfHitsPerPage.put(1, 0); - pages.add(1); currentHitPerPage.put(1, 0); isPageInfoLoaded = true; } @@ -401,7 +398,7 @@ class HighlightedText implements IndexedText { // either be a single chunk containing hits or we narrow our // query down to the current page/chunk. if (response.getResults().size() > 1) { - logger.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS + LOGGER.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS } String highlightedContent; Map>> responseHighlight = response.getHighlighting(); @@ -427,8 +424,8 @@ class HighlightedText implements IndexedText { return "
" + highlightedContent + "
"; //NON-NLS } catch (TskCoreException | KeywordSearchModuleException | NoOpenCoreException ex) { - logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + objectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS - return NbBundle.getMessage(this.getClass(), "HighlightedMatchesSource.getMarkup.queryFailedMsg"); + LOGGER.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + objectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS + return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getText.error.msg"); } } @@ -471,7 +468,7 @@ class HighlightedText implements IndexedText { */ static String attemptManualHighlighting(SolrDocumentList solrDocumentList, String highlightField, Collection keywords) { if (solrDocumentList.isEmpty()) { - return NbBundle.getMessage(HighlightedText.class, "HighlightedMatchesSource.getMarkup.noMatchMsg"); + return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "document"); // DLG: } // It doesn't make sense for there to be more than a single document in diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java index 043738ae30..25a32401ef 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,16 +18,14 @@ */ package org.sleuthkit.autopsy.keywordsearch; -import java.util.LinkedHashMap; import java.util.logging.Level; import org.apache.solr.client.solrj.SolrServerException; import org.openide.util.NbBundle; +import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.coreutils.EscapeUtil; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.Content; -import org.sleuthkit.datamodel.TskData; /** * A "source" for the extracted content viewer that displays "raw" (not @@ -44,7 +42,7 @@ class RawText implements IndexedText { //keep last content cached private String cachedString; private int cachedChunk; - private static final Logger logger = Logger.getLogger(RawText.class.getName()); + private static final Logger LOGGER = Logger.getLogger(RawText.class.getName()); /** * Construct a new RawText object for the given content and object id. This @@ -153,10 +151,10 @@ class RawText implements IndexedText { } else if (this.blackboardArtifact != null) { return getArtifactText(); } - } catch (SolrServerException ex) { - logger.log(Level.SEVERE, "Couldn't get extracted content", ex); //NON-NLS + } catch (SolrServerException | NoOpenCoreException ex) { + LOGGER.log(Level.SEVERE, "Couldn't get extracted text", ex); //NON-NLS } - return NbBundle.getMessage(this.getClass(), "RawText.getText.error.msg"); + return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewerRawText.getText.error.msg"); } @NbBundle.Messages({ @@ -208,10 +206,10 @@ class RawText implements IndexedText { hasChunks = true; } } catch (KeywordSearchModuleException ex) { - logger.log(Level.WARNING, "Could not get number of chunks: ", ex); //NON-NLS + LOGGER.log(Level.WARNING, "Could not get number of chunks: ", ex); //NON-NLS } catch (NoOpenCoreException ex) { - logger.log(Level.WARNING, "Could not get number of chunks: ", ex); //NON-NLS + LOGGER.log(Level.WARNING, "Could not get number of chunks: ", ex); //NON-NLS } } @@ -225,30 +223,20 @@ class RawText implements IndexedText { * chunks. This means we need to address the content * pages specially. * - * @return the extracted content + * @return the extracted text * - * @throws SolrServerException if something goes wrong + * @throws NoOpenCoreException If no Solr core is available. + * @throws SolrServerException If there's a Solr communication or parsing issue. */ - private String getContentText(int currentPage, boolean hasChunks) throws SolrServerException { + private String getContentText(int currentPage, boolean hasChunks) throws NoOpenCoreException, SolrServerException { final Server solrServer = KeywordSearch.getServer(); if (hasChunks == false) { //if no chunks, it is safe to assume there is no text content //because we are storing extracted text in chunks only //and the non-chunk stores meta-data only - String name = content.getName(); - String msg = null; - if (content instanceof AbstractFile) { - //we know it's AbstractFile, but do quick check to make sure if we index other objects in future - boolean isKnown = TskData.FileKnown.KNOWN.equals(((AbstractFile) content).getKnown()); - if (isKnown && KeywordSearchSettings.getSkipKnown()) { - msg = NbBundle.getMessage(this.getClass(), "ExtractedContentViewer.getSolrContent.knownFileMsg", name); - } - } - if (msg == null) { - msg = NbBundle.getMessage(this.getClass(), "ExtractedContentViewer.getSolrContent.noTxtYetMsg", name); - } - String htmlMsg = NbBundle.getMessage(this.getClass(), "ExtractedContentViewer.getSolrContent.txtBodyItal", msg); + String msg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "file"); + String htmlMsg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.txtBodyItal", msg); return htmlMsg; } @@ -262,33 +250,33 @@ class RawText implements IndexedText { } //not cached - try { - String indexedText = solrServer.getSolrContent(this.objectId, chunkId); - if (indexedText == null) indexedText = ""; - cachedString = EscapeUtil.escapeHtml(indexedText).trim(); - StringBuilder sb = new StringBuilder(cachedString.length() + 20); - sb.append("
").append(cachedString).append("
"); //NON-NLS - cachedString = sb.toString(); - cachedChunk = chunkId; - } catch (NoOpenCoreException ex) { - logger.log(Level.SEVERE, "No open core", ex); //NON-NLS - return ""; - } + String indexedText = solrServer.getSolrContent(this.objectId, chunkId); + if (indexedText == null) indexedText = ""; + cachedString = EscapeUtil.escapeHtml(indexedText).trim(); + StringBuilder sb = new StringBuilder(cachedString.length() + 20); + sb.append("
").append(cachedString).append("
"); //NON-NLS + cachedString = sb.toString(); + cachedChunk = chunkId; + return cachedString; } - private String getArtifactText() throws SolrServerException{ - try { - String indexedText = KeywordSearch.getServer().getSolrContent(this.objectId, 1); - if (indexedText == null) indexedText = ""; - indexedText = EscapeUtil.escapeHtml(indexedText).trim(); - StringBuilder sb = new StringBuilder(indexedText.length() + 20); - sb.append("
").append(indexedText).append("
"); //NON-NLS - return sb.toString(); - } catch (NoOpenCoreException ex) { - logger.log(Level.SEVERE, "No open core", ex); //NON-NLS - return ""; - } + /** + * Get extracted artifact for a node from Solr + * + * @return the extracted text + * + * @throws NoOpenCoreException If no Solr core is available. + * @throws SolrServerException If there's a Solr communication or parsing issue. + */ + private String getArtifactText() throws NoOpenCoreException, SolrServerException{ + String indexedText = KeywordSearch.getServer().getSolrContent(this.objectId, 1); + if (indexedText == null) indexedText = ""; + indexedText = EscapeUtil.escapeHtml(indexedText).trim(); + StringBuilder sb = new StringBuilder(indexedText.length() + 20); + sb.append("
").append(indexedText).append("
"); //NON-NLS + + return sb.toString(); } } From 3c59ea12e99914357793470f920eef930dbb5f5b Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 17 Jan 2018 10:17:08 -0500 Subject: [PATCH 02/33] Cleanup --- .../autopsy/keywordsearch/AccountsText.java | 1 - .../keywordsearch/ExtractedContentViewer.java | 16 ++++++++-------- .../autopsy/keywordsearch/HighlightedText.java | 3 +-- .../sleuthkit/autopsy/keywordsearch/RawText.java | 1 - 4 files changed, 9 insertions(+), 12 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java index 812a16bbbf..995a267758 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java @@ -35,7 +35,6 @@ import org.apache.solr.client.solrj.SolrQuery; import org.apache.solr.client.solrj.SolrRequest.METHOD; import org.apache.solr.client.solrj.response.QueryResponse; import org.openide.util.NbBundle; -import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Version; import org.sleuthkit.datamodel.BlackboardArtifact; diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 27c5ae6b72..c8383f2e4c 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -56,7 +56,7 @@ import org.sleuthkit.datamodel.TskCoreException; @ServiceProvider(service = DataContentViewer.class, position = 4) public class ExtractedContentViewer implements DataContentViewer { - private static final Logger logger = Logger.getLogger(ExtractedContentViewer.class.getName()); + private static final Logger LOGGER = Logger.getLogger(ExtractedContentViewer.class.getName()); private static final long INVALID_DOCUMENT_ID = 0L; private static final BlackboardAttribute.Type TSK_ASSOCIATED_ARTIFACT_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT); @@ -124,7 +124,7 @@ public class ExtractedContentViewer implements DataContentViewer { // if the artifact is an account artifact, get an account text . highlightedHitText = getAccountsText(content, nodeLookup); } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS } } else if (artifact != null @@ -133,7 +133,7 @@ public class ExtractedContentViewer implements DataContentViewer { //if there is kwh artifact use that to construct the HighlightedText highlightedHitText = new HighlightedText(artifact); } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS } } @@ -157,7 +157,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { rawArtifactText = getRawArtifactText(nodeLookup); } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS } if (rawArtifactText != null) { @@ -294,7 +294,7 @@ public class ExtractedContentViewer implements DataContentViewer { return true; } } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); + LOGGER.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); } } else if (artifactTypeID == TSK_KEYWORD_HIT.getTypeID()) { return true; @@ -358,7 +358,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { return solrServer.queryIsIndexed(objectId); } catch (NoOpenCoreException | KeywordSearchModuleException ex) { - logger.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS return false; } } @@ -392,7 +392,7 @@ public class ExtractedContentViewer implements DataContentViewer { return blackboardAttribute.getValueLong(); } } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS } } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java index 06f79de439..61dfcfcdc8 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java @@ -40,7 +40,6 @@ import org.apache.solr.client.solrj.SolrRequest.METHOD; import org.apache.solr.client.solrj.response.QueryResponse; import org.apache.solr.common.SolrDocumentList; import org.openide.util.NbBundle; -import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Version; import org.sleuthkit.autopsy.keywordsearch.KeywordQueryFilter.FilterType; @@ -468,7 +467,7 @@ class HighlightedText implements IndexedText { */ static String attemptManualHighlighting(SolrDocumentList solrDocumentList, String highlightField, Collection keywords) { if (solrDocumentList.isEmpty()) { - return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "document"); // DLG: + return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "document"); } // It doesn't make sense for there to be more than a single document in diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java index 25a32401ef..1f721f004c 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java @@ -21,7 +21,6 @@ package org.sleuthkit.autopsy.keywordsearch; import java.util.logging.Level; import org.apache.solr.client.solrj.SolrServerException; import org.openide.util.NbBundle; -import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.coreutils.EscapeUtil; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.BlackboardArtifact; From 4cdf2b919efaed651f2c9f69917f71271cd60a4d Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 17 Jan 2018 10:21:53 -0500 Subject: [PATCH 03/33] Fixed log level. --- .../src/org/sleuthkit/autopsy/keywordsearch/RawText.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java index 1f721f004c..5d885feef3 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java @@ -204,11 +204,8 @@ class RawText implements IndexedText { } else { hasChunks = true; } - } catch (KeywordSearchModuleException ex) { - LOGGER.log(Level.WARNING, "Could not get number of chunks: ", ex); //NON-NLS - - } catch (NoOpenCoreException ex) { - LOGGER.log(Level.WARNING, "Could not get number of chunks: ", ex); //NON-NLS + } catch (KeywordSearchModuleException | NoOpenCoreException ex) { + LOGGER.log(Level.SEVERE, "Could not get number of chunks: ", ex); //NON-NLS } } From e6d269396dc46c572d928950846768d4c717075e Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 19 Jan 2018 01:07:51 -0500 Subject: [PATCH 04/33] Different message for known files. --- .../keywordsearch/ExtractedContentViewer.java | 1 + .../autopsy/keywordsearch/RawText.java | 25 ++++++++++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index c8383f2e4c..8f8ae75b8d 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -50,6 +50,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ @Messages({ "ExtractedContentViewer.getText.error.msg=Error getting text.", + "ExtractedContentViewer.getSolrContent.knownFileMsg=

{0} is a known file (based on MD5 hash) and does not have text in the index.

", "ExtractedContentViewer.getSolrContent.noTxtYetMsg=

There is currently no text in the index for this {0}. It may have no text, it may not have been analyzed yet, there may have been an error extracting text, or keyword search was not enabled during ingest.

", "ExtractedContentViewer.getSolrContent.txtBodyItal={0}" }) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java index 5d885feef3..dc281ce100 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java @@ -23,8 +23,10 @@ import org.apache.solr.client.solrj.SolrServerException; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.coreutils.EscapeUtil; import org.sleuthkit.autopsy.coreutils.Logger; +import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.Content; +import org.sleuthkit.datamodel.TskData; /** * A "source" for the extracted content viewer that displays "raw" (not @@ -231,7 +233,18 @@ class RawText implements IndexedText { //if no chunks, it is safe to assume there is no text content //because we are storing extracted text in chunks only //and the non-chunk stores meta-data only - String msg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "file"); + String msg = null; + + if (content instanceof AbstractFile) { + //we know it's AbstractFile, but do quick check to make sure if we index other objects in future + boolean isKnown = TskData.FileKnown.KNOWN.equals(((AbstractFile)content).getKnown()); + if (isKnown && KeywordSearchSettings.getSkipKnown()) { + msg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.knownFileMsg", content.getName()); + } + } + if(msg == null) { + msg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "file"); + } String htmlMsg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.txtBodyItal", msg); return htmlMsg; } @@ -247,7 +260,10 @@ class RawText implements IndexedText { //not cached String indexedText = solrServer.getSolrContent(this.objectId, chunkId); - if (indexedText == null) indexedText = ""; + if (indexedText == null || indexedText.isEmpty()) { + return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "file"); + } + cachedString = EscapeUtil.escapeHtml(indexedText).trim(); StringBuilder sb = new StringBuilder(cachedString.length() + 20); sb.append("
").append(cachedString).append("
"); //NON-NLS @@ -267,7 +283,10 @@ class RawText implements IndexedText { */ private String getArtifactText() throws NoOpenCoreException, SolrServerException{ String indexedText = KeywordSearch.getServer().getSolrContent(this.objectId, 1); - if (indexedText == null) indexedText = ""; + if (indexedText == null || indexedText.isEmpty()) { + return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "artifact"); + } + indexedText = EscapeUtil.escapeHtml(indexedText).trim(); StringBuilder sb = new StringBuilder(indexedText.length() + 20); sb.append("
").append(indexedText).append("
"); //NON-NLS From c49e33e5b68723c12866db256be2b7b817e40089 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 24 Jan 2018 17:20:01 -0500 Subject: [PATCH 05/33] Updated logic to properly handle artifact and content nodes. --- .../keywordsearch/ExtractedContentViewer.java | 104 +++++++++++------- .../keywordsearch/HighlightedText.java | 31 +++--- .../KeywordSearchFilterNode.java | 15 ++- .../KeywordSearchResultFactory.java | 57 +++++++++- 4 files changed, 143 insertions(+), 64 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index dbed68e660..222ca18ebd 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -33,6 +33,8 @@ import org.openide.util.lookup.ServiceProvider; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer; import org.sleuthkit.autopsy.coreutils.Logger; +import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.QueryContent; +import org.sleuthkit.datamodel.AbstractContent; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -50,7 +52,7 @@ import org.sleuthkit.datamodel.TskCoreException; @ServiceProvider(service = DataContentViewer.class, position = 4) public class ExtractedContentViewer implements DataContentViewer { - private static final Logger logger = Logger.getLogger(ExtractedContentViewer.class.getName()); + private static final Logger LOGGER = Logger.getLogger(ExtractedContentViewer.class.getName()); private static final long INVALID_DOCUMENT_ID = 0L; private static final BlackboardAttribute.Type TSK_ASSOCIATED_ARTIFACT_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT); @@ -93,7 +95,7 @@ public class ExtractedContentViewer implements DataContentViewer { } Lookup nodeLookup = node.getLookup(); - AbstractFile content = nodeLookup.lookup(AbstractFile.class); + AbstractContent content = nodeLookup.lookup(AbstractFile.class); /* * Assemble a collection of all of the indexed text "sources" for the @@ -104,41 +106,56 @@ public class ExtractedContentViewer implements DataContentViewer { IndexedText rawContentText = null; if (null != content && solrHasContent(content.getId())) { - QueryResults hits = nodeLookup.lookup(QueryResults.class); - BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); - if (hits != null) { - /* - * if there is a QueryReslt object, in the lookup use that. This - * happens when a user selects a row in an ad-hoc search result - */ - highlightedHitText = new HighlightedText(content.getId(), hits); - } else if (artifact != null - && artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID()) { - try { - // if the artifact is an account artifact, get an account text . - highlightedHitText = getAccountsText(content, nodeLookup); - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS - - } - } else if (artifact != null - && artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) { - try { - //if there is kwh artifact use that to construct the HighlightedText - highlightedHitText = new HighlightedText(artifact); - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS - } - } - - if (highlightedHitText != null) { - sources.add(highlightedHitText); - } - /* - * Next, add the "raw" (not highlighted) text, if any, for any - * content associated with the node. + * Results for Keyword Hits. */ + BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); + if (artifact != null) { + if (artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID()) { + try { + // if the artifact is an account artifact, get an account text. + highlightedHitText = getAccountsText(content, nodeLookup); + } catch (TskCoreException ex) { + LOGGER.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS + } + } else if (artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) { + try { + //if there is kwh artifact use that to construct the HighlightedText + highlightedHitText = new HighlightedText(artifact); + } catch (TskCoreException ex) { + LOGGER.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS + } + } + } + } else { + /* + * Results for ad-hoc search. + */ + QueryContent queryContent = nodeLookup.lookup(QueryContent.class); + content = (AbstractFile) queryContent.getContent(); + + if (null != content && solrHasContent(content.getId())) { + QueryResults queryResults = queryContent.getResults(); + if (queryResults != null) { + /* + * If there's a QueryContent object in the lookup, use that. + * This happens when a user selects a row in an ad-hoc + * search result. + */ + highlightedHitText = new HighlightedText(queryContent.getSolrObjectId(), queryResults); + } + } + } + + if (highlightedHitText != null) { + sources.add(highlightedHitText); + } + + /* + * Next, add the "raw" (not highlighted) text, if any, for any + * content associated with the node. + */ + if (content != null) { rawContentText = new RawText(content, content.getId()); sources.add(rawContentText); } @@ -151,7 +168,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { rawArtifactText = getRawArtifactText(nodeLookup); } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS } if (rawArtifactText != null) { @@ -288,7 +305,7 @@ public class ExtractedContentViewer implements DataContentViewer { return true; } } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); + LOGGER.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); } } else if (artifactTypeID == TSK_KEYWORD_HIT.getTypeID()) { return true; @@ -352,7 +369,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { return solrServer.queryIsIndexed(objectId); } catch (NoOpenCoreException | KeywordSearchModuleException ex) { - logger.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS return false; } } @@ -386,7 +403,7 @@ public class ExtractedContentViewer implements DataContentViewer { return blackboardAttribute.getValueLong(); } } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS } } } @@ -398,6 +415,13 @@ public class ExtractedContentViewer implements DataContentViewer { * handled above. */ Content content = node.getLookup().lookup(Content.class); + if (content == null) { + QueryContent queryContent = node.getLookup().lookup(QueryContent.class); + if (queryContent != null) { + content = queryContent.getContent(); + } + } + if (content != null) { return content.getId(); } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java index 70d2e69194..9bcbdd7b2a 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -20,7 +20,6 @@ package org.sleuthkit.autopsy.keywordsearch; import com.google.common.collect.Iterators; import com.google.common.collect.Range; -import com.google.common.collect.RangeSet; import com.google.common.collect.TreeRangeSet; import java.util.Arrays; import java.util.Collection; @@ -55,7 +54,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ class HighlightedText implements IndexedText { - private static final Logger logger = Logger.getLogger(HighlightedText.class.getName()); + private static final Logger LOGGER = Logger.getLogger(HighlightedText.class.getName()); private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT); @@ -70,7 +69,7 @@ class HighlightedText implements IndexedText { final private Server solrServer = KeywordSearch.getServer(); - private final long objectId; + private final long solrObjectId; /* * The keywords to highlight */ @@ -106,14 +105,14 @@ class HighlightedText implements IndexedText { * search results. In that case we have the entire QueryResults object and need to arrange the paging. * - * @param objectId The objectID of the content whose text will be + * @param solrObjectId The solrObjectId of the content whose text will be * highlighted. * @param QueryResults The QueryResults for the ad-hoc search from whose results a selection was made leading to this HighlightedText. */ - HighlightedText(long objectId, QueryResults hits) { - this.objectId = objectId; + HighlightedText(long solrObjectId, QueryResults hits) { + this.solrObjectId = solrObjectId; this.hits = hits; } @@ -129,9 +128,9 @@ class HighlightedText implements IndexedText { this.artifact = artifact; BlackboardAttribute attribute = artifact.getAttribute(TSK_ASSOCIATED_ARTIFACT); if (attribute != null) { - this.objectId = attribute.getValueLong(); + this.solrObjectId = attribute.getValueLong(); } else { - this.objectId = artifact.getObjectID(); + this.solrObjectId = artifact.getObjectID(); } } @@ -146,7 +145,7 @@ class HighlightedText implements IndexedText { return; } - this.numberPages = solrServer.queryNumFileChunks(this.objectId); + this.numberPages = solrServer.queryNumFileChunks(this.solrObjectId); if (artifact != null) { loadPageInfoFromArtifact(); @@ -194,7 +193,7 @@ class HighlightedText implements IndexedText { // Run a query to figure out which chunks for the current object have // hits for this keyword. - chunksQuery.addFilter(new KeywordQueryFilter(FilterType.CHUNK, this.objectId)); + chunksQuery.addFilter(new KeywordQueryFilter(FilterType.CHUNK, this.solrObjectId)); hits = chunksQuery.performQuery(); loadPageInfoFromHits(); @@ -216,7 +215,7 @@ class HighlightedText implements IndexedText { for (KeywordHit hit : hits.getResults(k)) { int chunkID = hit.getChunkId(); if (artifact != null) { - if (chunkID != 0 && this.objectId == hit.getSolrObjectId()) { + if (chunkID != 0 && this.solrObjectId == hit.getSolrObjectId()) { String hit1 = hit.getHit(); if (keywords.stream().anyMatch(hit1::contains)) { numberOfHitsPerPage.put(chunkID, 0); //unknown number of matches in the page @@ -225,7 +224,7 @@ class HighlightedText implements IndexedText { } } } else { - if (chunkID != 0 && this.objectId == hit.getSolrObjectId()) { + if (chunkID != 0 && this.solrObjectId == hit.getSolrObjectId()) { numberOfHitsPerPage.put(chunkID, 0); //unknown number of matches in the page currentHitPerPage.put(chunkID, 0); //set current hit to 0th @@ -354,7 +353,7 @@ class HighlightedText implements IndexedText { SolrQuery q = new SolrQuery(); q.setShowDebugInfo(DEBUG); //debug - String contentIdStr = Long.toString(this.objectId); + String contentIdStr = Long.toString(this.solrObjectId); if (numberPages != 0) { chunkID = Integer.toString(this.currentPage); contentIdStr += "0".equals(chunkID) ? "" : "_" + chunkID; @@ -401,7 +400,7 @@ class HighlightedText implements IndexedText { // either be a single chunk containing hits or we narrow our // query down to the current page/chunk. if (response.getResults().size() > 1) { - logger.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS + LOGGER.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS } String highlightedContent; Map>> responseHighlight = response.getHighlighting(); @@ -427,7 +426,7 @@ class HighlightedText implements IndexedText { return "
" + highlightedContent + "
"; //NON-NLS } catch (TskCoreException | KeywordSearchModuleException | NoOpenCoreException ex) { - logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + objectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + solrObjectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS return NbBundle.getMessage(this.getClass(), "HighlightedMatchesSource.getMarkup.queryFailedMsg"); } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java index 7674ee5e34..b848892691 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2013-2017 Basis Technology Corp. + * Copyright 2013-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -39,6 +39,7 @@ import org.sleuthkit.autopsy.actions.AddContentTagAction; import org.sleuthkit.autopsy.actions.DeleteFileContentTagAction; import org.sleuthkit.autopsy.directorytree.HashSearchAction; import org.sleuthkit.autopsy.directorytree.NewWindowViewAction; +import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.QueryContent; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.ContentVisitor; @@ -52,12 +53,18 @@ import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.VirtualDirectory; /** - * + * FilterNode containing data pertaining to keyword search. */ class KeywordSearchFilterNode extends FilterNode { - KeywordSearchFilterNode(QueryResults highlights, Node original) { - super(original, null, new ProxyLookup(Lookups.singleton(highlights), original.getLookup())); + /** + * Instantiate a KeywordSearchFilterNode. + * + * @param queryContent The query content. + * @param original The original source node. + */ + KeywordSearchFilterNode(QueryContent queryContent, Node original) { + super(original, null, new ProxyLookup(Lookups.singleton(queryContent), original.getLookup())); } @Override diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java index a8bc995eae..c8c1c07b15 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java @@ -250,13 +250,12 @@ class KeywordSearchResultFactory extends ChildFactory { Node resultNode; if (key instanceof KeyValueQueryContent) { - final Content content = ((KeyValueQueryContent) key).getContent(); - QueryResults hits = ((KeyValueQueryContent) key).getHits(); + QueryContent queryContent = new QueryContent((KeyValueQueryContent) key); - Node kvNode = new KeyValueNode(key, Children.LEAF, Lookups.singleton(content)); + Node kvNode = new KeyValueNode(key, Children.LEAF, Lookups.singleton(queryContent)); //wrap in KeywordSearchFilterNode for the markup content, might need to override FilterNode for more customization - resultNode = new KeywordSearchFilterNode(hits, kvNode); + resultNode = new KeywordSearchFilterNode(queryContent, kvNode); } else { resultNode = new EmptyNode("This Node Is Empty"); resultNode.setDisplayName(NbBundle.getMessage(this.getClass(), "KeywordSearchResultFactory.createNodeForKey.noResultsFound.text")); @@ -265,6 +264,56 @@ class KeywordSearchResultFactory extends ChildFactory { return resultNode; } + + /** + * This class encapsulates content, query results, and an associated Solr + * object ID for storing in the Lookup to be read later. + */ + class QueryContent { + private final long solrObjectId; + private final Content content; + private final QueryResults results; + + /** + * Instantiate a QueryContent object. + * + * @param solrObjectId The Solr object ID associated with the content. + * @param content The content for the query result. + * @param results The query results. + */ + QueryContent(KeyValueQueryContent key) { + this.solrObjectId = key.getSolrObjectId(); + this.content = key.getContent(); + this.results = key.getHits(); + } + + /** + * Get the Solr object ID associated with the content. + * + * @return The Solr object ID. + */ + long getSolrObjectId() { + return solrObjectId; + } + + /** + * Get the content for the query result. + * + * @return The content. + */ + Content getContent() { + return content; + } + + /** + * Get the query results. + * + * @return The query results. + */ + QueryResults getResults() { + return results; + } + } /** * Used to display keyword search results in table. Eventually turned into a From eeb83e270ce10a21f3d6e1a1529a1db808eab435 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 24 Jan 2018 17:31:32 -0500 Subject: [PATCH 06/33] Revised some code comments. --- .../keywordsearch/ExtractedContentViewer.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 222ca18ebd..bf4b2eb317 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -113,14 +113,18 @@ public class ExtractedContentViewer implements DataContentViewer { if (artifact != null) { if (artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID()) { try { - // if the artifact is an account artifact, get an account text. + /* + * Generate AccountsText for the account artifact. + */ highlightedHitText = getAccountsText(content, nodeLookup); } catch (TskCoreException ex) { LOGGER.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS } } else if (artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) { try { - //if there is kwh artifact use that to construct the HighlightedText + /* + * Generate HighlightedText for the keyword hit artifact. + */ highlightedHitText = new HighlightedText(artifact); } catch (TskCoreException ex) { LOGGER.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS @@ -137,11 +141,6 @@ public class ExtractedContentViewer implements DataContentViewer { if (null != content && solrHasContent(content.getId())) { QueryResults queryResults = queryContent.getResults(); if (queryResults != null) { - /* - * If there's a QueryContent object in the lookup, use that. - * This happens when a user selects a row in an ad-hoc - * search result. - */ highlightedHitText = new HighlightedText(queryContent.getSolrObjectId(), queryResults); } } From a33e4c9b3bb478863ba87561346bf8f04e90aeea Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 24 Jan 2018 17:35:50 -0500 Subject: [PATCH 07/33] Corrected typo. --- .../autopsy/keywordsearch/ExtractedContentViewer.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index bf4b2eb317..43f0d7baf8 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -34,7 +34,6 @@ import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.QueryContent; -import org.sleuthkit.datamodel.AbstractContent; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -95,7 +94,7 @@ public class ExtractedContentViewer implements DataContentViewer { } Lookup nodeLookup = node.getLookup(); - AbstractContent content = nodeLookup.lookup(AbstractFile.class); + AbstractFile content = nodeLookup.lookup(AbstractFile.class); /* * Assemble a collection of all of the indexed text "sources" for the From fc63d677402da5598a4548fa56576468fa9177ae Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Mon, 29 Jan 2018 12:15:39 -0500 Subject: [PATCH 08/33] Moved interesting file artifact creation logic. --- .../modules/filetypeid/FileTypeDetector.java | 53 +++--------- .../filetypeid/FileTypeIdIngestModule.java | 83 ++++++++++++++++--- 2 files changed, 85 insertions(+), 51 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index c742110f6b..dafae9a42b 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,22 +19,16 @@ package org.sleuthkit.autopsy.modules.filetypeid; import java.util.ArrayList; -import java.util.Collection; import java.util.Collections; import java.util.List; import java.util.SortedSet; import java.util.TreeSet; -import java.util.logging.Level; import java.util.stream.Collectors; import org.apache.tika.Tika; import org.apache.tika.io.TikaInputStream; import org.apache.tika.mime.MimeTypes; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.casemodule.services.Blackboard; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.ReadContentInputStream; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; @@ -48,8 +42,8 @@ import org.sleuthkit.datamodel.TskData; */ public class FileTypeDetector { - private static final Logger logger = Logger.getLogger(FileTypeDetector.class.getName()); - private static final Tika tika = new Tika(); + private static final Logger LOGGER = Logger.getLogger(FileTypeDetector.class.getName()); + private static final Tika TIKA = new Tika(); private static final int SLACK_FILE_THRESHOLD = 4096; private final List userDefinedFileTypes; private final List autopsyDefinedFileTypes; @@ -227,7 +221,7 @@ public class FileTypeDetector { ReadContentInputStream stream = new ReadContentInputStream(file); try (TikaInputStream tikaInputStream = TikaInputStream.get(stream)) { - String tikaType = tika.detect(tikaInputStream, file.getName()); + String tikaType = TIKA.detect(tikaInputStream, file.getName()); /* * Remove the Tika suffix from the MIME type name. @@ -270,52 +264,29 @@ public class FileTypeDetector { } /** - * Determines whether or not the a file matches a user-defined custom file - * type. If the file matches and corresponds to an interesting files type - * rule, this method has the side effect of creating an interesting files - * hit artifact and indexing that artifact for keyword search. + * Determines whether or not a file matches a user-defined custom file type. * * @param file The file to test. * - * @return The file type name string or null, if no match is detected. - * - * @throws TskCoreException + * @return The MIME type as a string if a match is found; otherwise null. */ private String detectUserDefinedType(AbstractFile file) { + String retValue = null; + for (FileType fileType : userDefinedFileTypes) { if (fileType.matches(file)) { - if (fileType.createInterestingFileHit()) { - try { - BlackboardArtifact artifact; - artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); - Collection attributes = new ArrayList<>(); - BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName()); - attributes.add(setNameAttribute); - BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()); - attributes.add(ruleNameAttribute); - artifact.addAttributes(attributes); - try { - Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact); - } catch (Blackboard.BlackboardException ex) { - logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS - } - } - return fileType.getMimeType(); + retValue = fileType.getMimeType(); } } - return null; + return retValue; } /** - * Determines whether or not the a file matches a custom file type defined - * by Autopsy. + * Determines whether or not a file matches a custom file type defined by Autopsy. * * @param file The file to test. * - * @return The file type name string or null, if no match is detected. + * @return The MIME type as a string if a match is found; otherwise null. */ private String detectAutopsyDefinedType(AbstractFile file) { for (FileType fileType : autopsyDefinedFileTypes) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 64650ed0c4..4e1843ccf3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -1,15 +1,15 @@ /* * Autopsy Forensic Browser - * - * Copyright 2013-2015 Basis Technology Corp. + * + * Copyright 2013-2018 Basis Technology Corp. * Contact: carrier sleuthkit org - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -18,9 +18,14 @@ */ package org.sleuthkit.autopsy.modules.filetypeid; +import java.util.ArrayList; +import java.util.Collection; import java.util.HashMap; +import java.util.List; import java.util.logging.Level; import org.openide.util.NbBundle; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.casemodule.services.Blackboard; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.ingest.FileIngestModule; import org.sleuthkit.autopsy.ingest.IngestJobContext; @@ -29,17 +34,20 @@ import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult; import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.TskCoreException; /** * Detects the type of a file based on signature (magic) values. Posts results * to the blackboard. */ @NbBundle.Messages({ - "CannotRunFileTypeDetection=Unable to run file type detection." + "CannotRunFileTypeDetection=Unable to run file type detection." }) public class FileTypeIdIngestModule implements FileIngestModule { - private static final Logger logger = Logger.getLogger(FileTypeIdIngestModule.class.getName()); + private static final Logger LOGGER = Logger.getLogger(FileTypeIdIngestModule.class.getName()); private long jobId; private static final HashMap totalsForIngestJobs = new HashMap<>(); private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); @@ -59,7 +67,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { try { return new FileTypeDetector().isDetectable(mimeType); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { - logger.log(Level.SEVERE, "Failed to create file type detector", ex); //NON-NLS + LOGGER.log(Level.SEVERE, "Failed to create file type detector", ex); //NON-NLS return false; } } @@ -91,15 +99,70 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - file.setMIMEType(fileTypeDetector.detectMIMEType(file)); + String mimeType = fileTypeDetector.detectMIMEType(file); + file.setMIMEType(mimeType); + FileType fileType = detectUserDefinedFileType(file); + if (fileType != null && fileType.createInterestingFileHit()) { + createInterestingFileHit(file, fileType); + } addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { - logger.log(Level.WARNING, String.format("Error while attempting to determine file type of file %d", file.getId()), e); //NON-NLS + LOGGER.log(Level.WARNING, String.format("Error while attempting to determine file type of file %d", file.getId()), e); //NON-NLS return ProcessResult.ERROR; } } + /** + * Determines whether or not a file matches a user-defined custom file type. + * + * @param file The file to test. + * + * @return The file type if a match is found; otherwise null. + * + * @throws CustomFileTypesException If there is an issue getting an instance + * of CustomFileTypesManager. + */ + private FileType detectUserDefinedFileType(AbstractFile file) throws CustomFileTypesManager.CustomFileTypesException { + FileType retValue = null; + + CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance(); + List fileTypesList = customFileTypesManager.getUserDefinedFileTypes(); + for (FileType fileType : fileTypesList) { + if (fileType.matches(file)) { + retValue = fileType; + } + } + + return retValue; + } + + /** + * Create an Interesting File hit using the specified file type rule. + * + * @param file The file from which to generate an artifact. + * @param fileType The file type rule for categorizing the hit. + */ + private void createInterestingFileHit(AbstractFile file, FileType fileType) { + try { + BlackboardArtifact artifact; + artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); + Collection attributes = new ArrayList<>(); + BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName()); + attributes.add(setNameAttribute); + BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()); + attributes.add(ruleNameAttribute); + artifact.addAttributes(attributes); + try { + Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact); + } catch (Blackboard.BlackboardException ex) { + LOGGER.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS + } + } catch (TskCoreException ex) { + LOGGER.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS + } + } + @Override public void shutDown() { /** From 9c9d85a5029fa04cee893a130337dee66f386dc6 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Mon, 29 Jan 2018 12:21:45 -0500 Subject: [PATCH 09/33] Minor tweaks. --- .../modules/filetypeid/FileTypeDetector.java | 1 + .../filetypeid/FileTypeIdIngestModule.java | 17 +++++++++-------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index dafae9a42b..21f16941ab 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -276,6 +276,7 @@ public class FileTypeDetector { for (FileType fileType : userDefinedFileTypes) { if (fileType.matches(file)) { retValue = fileType.getMimeType(); + break; } } return retValue; diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 4e1843ccf3..13c68cd53f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -49,8 +49,8 @@ public class FileTypeIdIngestModule implements FileIngestModule { private static final Logger LOGGER = Logger.getLogger(FileTypeIdIngestModule.class.getName()); private long jobId; - private static final HashMap totalsForIngestJobs = new HashMap<>(); - private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); + private static final HashMap INGEST_JOB_TOTALS = new HashMap<>(); + private static final IngestModuleReferenceCounter REF_COUNTER = new IngestModuleReferenceCounter(); private FileTypeDetector fileTypeDetector; /** @@ -82,7 +82,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { @Override public void startUp(IngestJobContext context) throws IngestModuleException { jobId = context.getJobId(); - refCounter.incrementAndGet(jobId); + REF_COUNTER.incrementAndGet(jobId); try { fileTypeDetector = new FileTypeDetector(); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { @@ -131,6 +131,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { for (FileType fileType : fileTypesList) { if (fileType.matches(file)) { retValue = fileType; + break; } } @@ -169,10 +170,10 @@ public class FileTypeIdIngestModule implements FileIngestModule { * If this is the instance of this module for this ingest job, post a * summary message to the ingest messages box. */ - if (refCounter.decrementAndGet(jobId) == 0) { + if (REF_COUNTER.decrementAndGet(jobId) == 0) { IngestJobTotals jobTotals; synchronized (this) { - jobTotals = totalsForIngestJobs.remove(jobId); + jobTotals = INGEST_JOB_TOTALS.remove(jobId); } if (jobTotals != null) { StringBuilder detailsSb = new StringBuilder(); @@ -201,15 +202,15 @@ public class FileTypeIdIngestModule implements FileIngestModule { * @param matchTimeInc Amount of time to add. */ private static synchronized void addToTotals(long jobId, long matchTimeInc) { - IngestJobTotals ingestJobTotals = totalsForIngestJobs.get(jobId); + IngestJobTotals ingestJobTotals = INGEST_JOB_TOTALS.get(jobId); if (ingestJobTotals == null) { ingestJobTotals = new IngestJobTotals(); - totalsForIngestJobs.put(jobId, ingestJobTotals); + INGEST_JOB_TOTALS.put(jobId, ingestJobTotals); } ingestJobTotals.matchTime += matchTimeInc; ingestJobTotals.numFiles++; - totalsForIngestJobs.put(jobId, ingestJobTotals); + INGEST_JOB_TOTALS.put(jobId, ingestJobTotals); } private static class IngestJobTotals { From ce995690626f71b6ab1cc90158953cf033d784ff Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 31 Jan 2018 13:33:40 -0500 Subject: [PATCH 10/33] 3445 Date Filter option added for files created or modified in last N days --- .../interestingitems/Bundle.properties | 9 +- .../modules/interestingitems/FilesSet.java | 64 ++++- .../interestingitems/FilesSetDefsPanel.form | 213 ++++++++------- .../interestingitems/FilesSetDefsPanel.java | 178 ++++++------ .../interestingitems/FilesSetRulePanel.form | 176 +++++++----- .../interestingitems/FilesSetRulePanel.java | 257 ++++++++++++------ .../interestingitems/FilesSetsManager.java | 6 +- .../InterestingItemsFilesSetSettings.java | 56 +++- 8 files changed, 605 insertions(+), 354 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties index f38bcbc815..0a415c8ca8 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties @@ -38,8 +38,6 @@ FilesSetRulePanel.interesting.jLabel5.text=Enter information about files that yo FilesSetRulePanel.ingest.jLabel5.text=Enter information about files that you want to run ingest on. FilesSetRulePanel.nameCheck.text=Name Pattern: FilesSetRulePanel.pathCheck.text=Path Pattern: -FilesSetRulePanel.mimeCheck.text=MIME Type: -FilesSetRulePanel.fileSizeCheck.text=File Size: FilesSetRulePanel.filesRadioButton.text=Files FilesSetRulePanel.dirsRadioButton.text=Directories FilesSetDefsPanel.interesting.setsListLabel.text=Rule Sets: @@ -79,3 +77,10 @@ FilesSetDefsPanel.ingoreUnallocCheckbox.text=Ignore Unallocated Space FilesSetDefsPanel.ingoreUnallocCheckbox.toolTipText=Ignores unallocated space, such as deleted files. May run faster but produce less complete results. FilesSetDefsPanel.ingestWarningLabel.text=Ingest is ongoing, some settings will be unavailable until it finishes. FilesSetDefsPanel.allRadioButton.text=All +FilesSetRulePanel.dateCheck.text=Modified Within: +FilesSetRulePanel.daysAgoLabel.text=day(s) +FilesSetRulePanel.fileSizeCheck.text=File Size: +FilesSetRulePanel.mimeCheck.text=MIME Type: +FilesSetDefsPanel.daysAgoTextField.text= +FilesSetDefsPanel.modifiedDateLabel.text=Modified Within: +FilesSetDefsPanel.daysAgoLabel.text=day(s) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java index 38d7285fc1..913db37528 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -25,6 +25,7 @@ import java.util.List; import java.util.Map; import java.util.UUID; import java.util.regex.Pattern; +import org.openide.util.NbBundle; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.TskData; @@ -169,6 +170,7 @@ public final class FilesSet implements Serializable { private final ParentPathCondition pathCondition; private final MimeTypeCondition mimeTypeCondition; private final FileSizeCondition fileSizeCondition; + private final DateCondition dateCondition; private final List conditions = new ArrayList<>(); /** @@ -180,8 +182,10 @@ public final class FilesSet implements Serializable { * @param pathCondition A file path condition, may be null. * @param mimeTypeCondition A file mime type condition, may be null. * @param fileSizeCondition A file size condition, may be null. + * @param dateCondition A file date created or modified condition, + * may be null */ - Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition, ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition, FileSizeCondition fileSizeCondition) { + Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition, ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition, FileSizeCondition fileSizeCondition, DateCondition dateCondition) { // since ruleName is optional, ruleUUID can be used to uniquely identify a rule. this.uuid = UUID.randomUUID().toString(); if (metaTypeCondition == null) { @@ -216,6 +220,10 @@ public final class FilesSet implements Serializable { if (this.pathCondition != null) { this.conditions.add(this.pathCondition); } + this.dateCondition = dateCondition; + if (this.dateCondition != null) { + this.conditions.add(this.dateCondition); + } } /** @@ -254,6 +262,10 @@ public final class FilesSet implements Serializable { return this.pathCondition; } + DateCondition getDateCondition() { + return this.dateCondition; + } + /** * Determines whether or not a file satisfies the rule. * @@ -270,6 +282,10 @@ public final class FilesSet implements Serializable { return true; } + @NbBundle.Messages({ + "# {0} - daysAgo", + "FilesSet.rule.dateRule.toString=(modified within {0} day(s))" + }) @Override public String toString() { // This override is designed to provide a display name for use with @@ -283,6 +299,8 @@ public final class FilesSet implements Serializable { } else if (this.fileSizeCondition != null) { return this.ruleName + " (" + fileSizeCondition.getComparator().getSymbol() + " " + fileSizeCondition.getSizeValue() + " " + fileSizeCondition.getUnit().getName() + ")"; + } else if (this.dateCondition != null) { + return this.ruleName + Bundle.FilesSet_rule_dateRule_toString(dateCondition.getDaysAgo()); } else { return this.ruleName + " ()"; } @@ -537,7 +555,7 @@ public final class FilesSet implements Serializable { case FILES: return file.isFile(); case DIRECTORIES: - return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR + return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR; case FILES_AND_DIRECTORIES: return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG @@ -737,6 +755,46 @@ public final class FilesSet implements Serializable { } + /** + * A class for checking whether a file's creation or modification + * occured in a specific range of time + */ + static final class DateCondition implements FileAttributeCondition { + + private final static long DAY_IN_S = 60 * 60 * 24; + + private int daysAgo; + + /** + * Construct a new DateCondition + * + * @param days - files created or modified more recently than this + * number of days will pass + */ + DateCondition(int days) { + daysAgo = days; + } + + /** + * Get the number of days which this condition allows to pass + * + * @return integer value of the number days which will pass + */ + int getDaysAgo() { + return daysAgo; + } + + @Override + public boolean passes(AbstractFile file) { + long dateThreshold = System.currentTimeMillis() / 1000 - daysAgo * DAY_IN_S; + if (file.getCrtime() > dateThreshold || file.getMtime() > dateThreshold) { + return true; + } + return false; + } + + } + /** * A file name extension condition for an interesting files set * membership rule. The immutability of a file name extension condition diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form index bffb00f33b..02d4cec624 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form @@ -90,11 +90,69 @@ + - + + + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -102,97 +160,22 @@ - - - - - - - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -213,8 +196,8 @@ - - + + @@ -223,7 +206,7 @@ - + @@ -232,14 +215,14 @@ - + - + @@ -250,26 +233,32 @@ - + - + - + - + - + + + + + + + @@ -996,6 +985,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java index c67051be97..4afdf6d91e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -251,6 +251,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp this.fileNameRegexCheckbox.setSelected(false); this.filesRadioButton.setSelected(true); this.rulePathConditionTextField.setText(""); + this.daysAgoTextField.setText(""); this.rulePathConditionRegexCheckBox.setSelected(false); this.mimeTypeComboBox.setSelectedIndex(0); this.equalitySignComboBox.setSelectedIndex(2); @@ -326,7 +327,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp FilesSet.Rule.ParentPathCondition pathCondition = rule.getPathCondition(); FilesSet.Rule.MimeTypeCondition mimeTypeCondition = rule.getMimeTypeCondition(); FilesSet.Rule.FileSizeCondition fileSizeCondition = rule.getFileSizeCondition(); - + FilesSet.Rule.DateCondition dateCondition = rule.getDateCondition(); // Populate the components that display the properties of the // selected rule. if (nameCondition != null) { @@ -372,7 +373,12 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp FilesSetDefsPanel.this.equalitySignComboBox.setSelectedIndex(2); FilesSetDefsPanel.this.fileSizeSpinner.setValue(0); } - + if (dateCondition != null){ + FilesSetDefsPanel.this.daysAgoTextField.setText(Integer.toString(dateCondition.getDaysAgo())); + } + else { + FilesSetDefsPanel.this.daysAgoTextField.setText(""); + } // Enable the new, edit and delete rule buttons. FilesSetDefsPanel.this.newRuleButton.setEnabled(true && canBeEnabled); FilesSetDefsPanel.this.editRuleButton.setEnabled(true && canBeEnabled); @@ -477,7 +483,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp if (selectedRule != null) { rules.remove(selectedRule.getUuid()); } - FilesSet.Rule newRule = new FilesSet.Rule(panel.getRuleName(), panel.getFileNameCondition(), panel.getMetaTypeCondition(), panel.getPathCondition(), panel.getMimeTypeCondition(), panel.getFileSizeCondition()); + FilesSet.Rule newRule = new FilesSet.Rule(panel.getRuleName(), panel.getFileNameCondition(), panel.getMetaTypeCondition(), panel.getPathCondition(), panel.getMimeTypeCondition(), panel.getFileSizeCondition(), panel.getDateCondition()); rules.put(newRule.getUuid(), newRule); // Add the new/edited files set definition, replacing any previous @@ -590,6 +596,9 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp copySetButton = new javax.swing.JButton(); importSetButton = new javax.swing.JButton(); exportSetButton = new javax.swing.JButton(); + modifiedDateLabel = new javax.swing.JLabel(); + daysAgoTextField = new javax.swing.JTextField(); + daysAgoLabel = new javax.swing.JLabel(); setFont(getFont().deriveFont(getFont().getStyle() & ~java.awt.Font.BOLD, 11)); @@ -841,6 +850,17 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp } }); + org.openide.awt.Mnemonics.setLocalizedText(modifiedDateLabel, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.modifiedDateLabel.text")); // NOI18N + + daysAgoTextField.setEditable(false); + daysAgoTextField.setHorizontalAlignment(javax.swing.JTextField.TRAILING); + daysAgoTextField.setText(org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.daysAgoTextField.text")); // NOI18N + daysAgoTextField.setMinimumSize(new java.awt.Dimension(60, 20)); + daysAgoTextField.setPreferredSize(new java.awt.Dimension(60, 20)); + + org.openide.awt.Mnemonics.setLocalizedText(daysAgoLabel, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.daysAgoLabel.text")); // NOI18N + daysAgoLabel.setEnabled(false); + javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1); jPanel1.setLayout(jPanel1Layout); jPanel1Layout.setHorizontalGroup( @@ -867,83 +887,75 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addComponent(setsListLabel)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(separator, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(jPanel1Layout.createSequentialGroup() .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(rulesListScrollPane, javax.swing.GroupLayout.Alignment.TRAILING) + .addComponent(setDescScrollPanel, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addGroup(jPanel1Layout.createSequentialGroup() - .addGap(101, 101, 101) + .addGap(16, 16, 16) + .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false) + .addComponent(jLabel7) + .addComponent(jLabel8) + .addComponent(jLabel2) + .addComponent(jLabel4) + .addComponent(modifiedDateLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(jLabel3, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(rulePathConditionTextField) + .addComponent(fileNameTextField, javax.swing.GroupLayout.Alignment.TRAILING) + .addComponent(mimeTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addGroup(jPanel1Layout.createSequentialGroup() + .addComponent(equalitySignComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 60, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(fileSizeSpinner, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(fileSizeUnitComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 79, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(jPanel1Layout.createSequentialGroup() + .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(fileNameRadioButton) + .addComponent(rulePathConditionRegexCheckBox) + .addGroup(jPanel1Layout.createSequentialGroup() + .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(daysAgoLabel))) + .addGap(0, 0, Short.MAX_VALUE))))) + .addGap(8, 8, 8)) + .addGroup(jPanel1Layout.createSequentialGroup() + .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(rulesListLabel) + .addGroup(jPanel1Layout.createSequentialGroup() + .addComponent(ignoreKnownFilesCheckbox) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(ingoreUnallocCheckbox, javax.swing.GroupLayout.PREFERRED_SIZE, 158, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(jPanel1Layout.createSequentialGroup() + .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jLabel5) + .addComponent(jLabel6)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(ingestWarningLabel)) + .addGroup(jPanel1Layout.createSequentialGroup() + .addGap(95, 95, 95) .addComponent(filesRadioButton, javax.swing.GroupLayout.PREFERRED_SIZE, 47, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(dirsRadioButton) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(allRadioButton)) .addGroup(jPanel1Layout.createSequentialGroup() - .addGap(105, 105, 105) - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(jPanel1Layout.createSequentialGroup() - .addComponent(fileNameRadioButton) - .addGap(4, 4, 4) - .addComponent(fileNameExtensionRadioButton) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(fileNameRegexCheckbox)) - .addComponent(rulePathConditionRegexCheckBox))) + .addGap(174, 174, 174) + .addComponent(fileNameExtensionRadioButton) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(fileNameRegexCheckbox)) + .addComponent(jLabel1) .addGroup(jPanel1Layout.createSequentialGroup() - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(rulesListLabel) - .addComponent(jLabel1) - .addGroup(jPanel1Layout.createSequentialGroup() - .addComponent(newRuleButton) - .addGap(18, 18, 18) - .addComponent(editRuleButton) - .addGap(18, 18, 18) - .addComponent(deleteRuleButton)) - .addGroup(jPanel1Layout.createSequentialGroup() - .addComponent(ignoreKnownFilesCheckbox) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(ingoreUnallocCheckbox, javax.swing.GroupLayout.PREFERRED_SIZE, 158, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(jPanel1Layout.createSequentialGroup() - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jLabel5) - .addComponent(jLabel6)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(ingestWarningLabel))))) - .addGap(24, 28, Short.MAX_VALUE)) - .addGroup(jPanel1Layout.createSequentialGroup() - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(jPanel1Layout.createSequentialGroup() - .addGap(22, 22, 22) - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(jPanel1Layout.createSequentialGroup() - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jLabel7) - .addComponent(jLabel8)) - .addGap(18, 18, 18)) - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(jPanel1Layout.createSequentialGroup() - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jLabel3) - .addComponent(jLabel2)) - .addGap(6, 6, 6)) - .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel1Layout.createSequentialGroup() - .addComponent(jLabel4) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)))) - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(jPanel1Layout.createSequentialGroup() - .addComponent(equalitySignComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 44, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(fileSizeSpinner, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(fileSizeUnitComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 79, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addComponent(rulePathConditionTextField) - .addComponent(fileNameTextField, javax.swing.GroupLayout.Alignment.TRAILING) - .addComponent(mimeTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))) - .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel1Layout.createSequentialGroup() - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(rulesListScrollPane, javax.swing.GroupLayout.Alignment.TRAILING) - .addComponent(setDescScrollPanel, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))) - .addGap(8, 8, 8)))) + .addComponent(newRuleButton) + .addGap(18, 18, 18) + .addComponent(editRuleButton) + .addGap(18, 18, 18) + .addComponent(deleteRuleButton))) + .addGap(24, 28, Short.MAX_VALUE)))) ); jPanel1Layout.linkSize(javax.swing.SwingConstants.HORIZONTAL, new java.awt.Component[] {copySetButton, deleteSetButton, editSetButton, exportSetButton, importSetButton, newSetButton}); @@ -963,7 +975,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addGap(1, 1, 1)) .addComponent(ingestWarningLabel, javax.swing.GroupLayout.Alignment.TRAILING)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(setDescScrollPanel, javax.swing.GroupLayout.PREFERRED_SIZE, 45, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(setDescScrollPanel, javax.swing.GroupLayout.DEFAULT_SIZE, 45, Short.MAX_VALUE) .addGap(6, 6, 6) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(ignoreKnownFilesCheckbox) @@ -971,7 +983,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(rulesListLabel) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(rulesListScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 82, Short.MAX_VALUE) + .addComponent(rulesListScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 81, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(newRuleButton) @@ -979,13 +991,13 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addComponent(deleteRuleButton)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(jLabel1) - .addGap(8, 8, 8) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel2) .addComponent(filesRadioButton) .addComponent(dirsRadioButton) .addComponent(allRadioButton)) - .addGap(8, 8, 8) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel3) .addComponent(fileNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 20, javax.swing.GroupLayout.PREFERRED_SIZE)) @@ -994,23 +1006,28 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addComponent(fileNameRadioButton) .addComponent(fileNameExtensionRadioButton) .addComponent(fileNameRegexCheckbox)) - .addGap(8, 8, 8) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel4) .addComponent(rulePathConditionTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 20, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGap(6, 6, 6) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(rulePathConditionRegexCheckBox) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel7) .addComponent(mimeTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel8) .addComponent(equalitySignComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(fileSizeSpinner, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(fileSizeUnitComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGap(5, 5, 5)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(modifiedDateLabel) + .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(daysAgoLabel)) + .addContainerGap()) .addGroup(jPanel1Layout.createSequentialGroup() .addComponent(jScrollPane2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) @@ -1262,6 +1279,8 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JRadioButton allRadioButton; private javax.swing.JButton copySetButton; + private javax.swing.JLabel daysAgoLabel; + private javax.swing.JTextField daysAgoTextField; private javax.swing.JButton deleteRuleButton; private javax.swing.JButton deleteSetButton; private javax.swing.JRadioButton dirsRadioButton; @@ -1294,6 +1313,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp private javax.swing.JScrollPane jScrollPane2; private javax.swing.JTextArea jTextArea1; private javax.swing.JComboBox mimeTypeComboBox; + private javax.swing.JLabel modifiedDateLabel; private javax.swing.JButton newRuleButton; private javax.swing.JButton newSetButton; private javax.swing.JCheckBox rulePathConditionRegexCheckBox; diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form index 4777c108b4..3d7513f6bc 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form @@ -23,82 +23,80 @@ - - + + - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + - - - - - - - - - - - + - + @@ -106,17 +104,22 @@ - - - - - - - - - - - + + + + + + + + + + + + + + + + @@ -134,7 +137,7 @@ - + @@ -146,7 +149,13 @@ - + + + + + + + @@ -170,9 +179,6 @@ - - - @@ -380,5 +386,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java index d70a5474ee..cbca5fd600 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014-2017 Basis Technology Corp. + * Copyright 2014-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,7 +19,6 @@ package org.sleuthkit.autopsy.modules.interestingitems; import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; import java.util.List; import java.util.SortedSet; import java.util.logging.Level; @@ -50,6 +49,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { "FilesSetRulePanel.NoMimeTypeError=Please select a valid MIME type.", "FilesSetRulePanel.NoNameError=Name cannot be empty", "FilesSetRulePanel.NoPathError=Path cannot be empty", + "FilesSetRulePanel.DaysAgoEmptyError=Number of days ago cannot be empty.", + "FilesSetRulePanel.DaysAgoInvalidError=Number of days ago must be a positive integer.", "FilesSetRulePanel.ZeroFileSizeError=File size condition value must not be 0 (Unless = is selected)." }) @@ -82,6 +83,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } else { populateMimeTypesComboBox(); } + this.dateCheckActionPerformed(null); populateComponentsWithDefaultValues(); this.setButtons(okButton, cancelButton); } @@ -108,12 +110,14 @@ final class FilesSetRulePanel extends javax.swing.JPanel { populateMimeTypesComboBox(); populateMimeConditionComponents(rule); populateSizeConditionComponents(rule); + } populateMimeTypesComboBox(); populateRuleNameComponent(rule); populateTypeConditionComponents(rule); populateNameConditionComponents(rule); populatePathConditionComponents(rule); + populateDateConditionComponents(rule); this.setButtons(okButton, cancelButton); } @@ -176,7 +180,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { private void setOkButton() { if (this.okButton != null) { this.okButton.setEnabled(this.fileSizeCheck.isSelected() || this.mimeCheck.isSelected() - || this.nameCheck.isSelected() || this.pathCheck.isSelected()); + || this.nameCheck.isSelected() || this.pathCheck.isSelected() || this.dateCheck.isSelected()); } } @@ -274,6 +278,21 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } } + /** + * Populates the UI components that display the optional date condition for + * a rule. + * + * @param rule The files set rule to be edited. + */ + private void populateDateConditionComponents(FilesSet.Rule rule) { + FilesSet.Rule.DateCondition dateCondition = rule.getDateCondition(); + if (dateCondition != null) { + this.dateCheck.setSelected(true); + this.dateCheckActionPerformed(null); + this.daysAgoTextField.setText(Integer.toString(dateCondition.getDaysAgo())); + } + } + /** * Returns whether or not the data entered in the panel constitutes a valid * files set membership rule definition, displaying a dialog explaining the @@ -283,7 +302,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { */ boolean isValidRuleDefinition() { - if (!(this.mimeCheck.isSelected() || this.fileSizeCheck.isSelected() || this.pathCheck.isSelected() || this.nameCheck.isSelected())) { + if (!(this.mimeCheck.isSelected() || this.fileSizeCheck.isSelected() || this.pathCheck.isSelected() || this.nameCheck.isSelected() || this.dateCheck.isSelected())) { NotifyDescriptor notifyDesc = new NotifyDescriptor.Message( Bundle.FilesSetRulePanel_NoConditionError(), NotifyDescriptor.WARNING_MESSAGE); @@ -367,6 +386,25 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } } + if (this.dateCheck.isSelected()) { + if (this.daysAgoTextField.getText().isEmpty()) { + NotifyDescriptor notifyDesc = new NotifyDescriptor.Message( + Bundle.FilesSetRulePanel_DaysAgoEmptyError(), + NotifyDescriptor.WARNING_MESSAGE); + DialogDisplayer.getDefault().notify(notifyDesc); + return false; + } + try { + Integer.parseInt(daysAgoTextField.getText()); + } catch (NumberFormatException e) { + //field did not contain an integer + NotifyDescriptor notifyDesc = new NotifyDescriptor.Message( + Bundle.FilesSetRulePanel_DaysAgoInvalidError(), + NotifyDescriptor.WARNING_MESSAGE); + DialogDisplayer.getDefault().notify(notifyDesc); + return false; + } + } return true; } @@ -504,6 +542,23 @@ final class FilesSetRulePanel extends javax.swing.JPanel { return condition; } + /** + * Gets the optional date condition for the rule that was created or edited. + * Should only be called if isValidDefintion() returns true. + * + * @return A date condition or null if no date condition was specified. + * + * @throws IllegalStateException if the specified date condition is not + * valid. + */ + FilesSet.Rule.DateCondition getDateCondition() { + FilesSet.Rule.DateCondition dateCondition = null; + if (!daysAgoTextField.getText().isEmpty()) { + dateCondition = new FilesSet.Rule.DateCondition(Integer.parseInt(daysAgoTextField.getText())); + } + return dateCondition; + } + /** * Checks an input string for the use of illegal characters. * @@ -582,15 +637,13 @@ final class FilesSetRulePanel extends javax.swing.JPanel { filesRadioButton = new javax.swing.JRadioButton(); dirsRadioButton = new javax.swing.JRadioButton(); allRadioButton = new javax.swing.JRadioButton(); + daysAgoTextField = new javax.swing.JTextField(); + daysAgoLabel = new javax.swing.JLabel(); + dateCheck = new javax.swing.JCheckBox(); org.openide.awt.Mnemonics.setLocalizedText(ruleNameLabel, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.ruleNameLabel.text")); // NOI18N ruleNameTextField.setText(org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.ruleNameTextField.text")); // NOI18N - ruleNameTextField.addActionListener(new java.awt.event.ActionListener() { - public void actionPerformed(java.awt.event.ActionEvent evt) { - ruleNameTextFieldActionPerformed(evt); - } - }); org.openide.awt.Mnemonics.setLocalizedText(jLabel1, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.jLabel1.text")); // NOI18N @@ -685,85 +738,99 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } }); + daysAgoTextField.setEnabled(false); + daysAgoTextField.setMinimumSize(new java.awt.Dimension(60, 20)); + daysAgoTextField.setPreferredSize(new java.awt.Dimension(60, 20)); + + org.openide.awt.Mnemonics.setLocalizedText(daysAgoLabel, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.daysAgoLabel.text")); // NOI18N + + org.openide.awt.Mnemonics.setLocalizedText(dateCheck, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.dateCheck.text")); // NOI18N + dateCheck.addActionListener(new java.awt.event.ActionListener() { + public void actionPerformed(java.awt.event.ActionEvent evt) { + dateCheckActionPerformed(evt); + } + }); + javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); this.setLayout(layout); layout.setHorizontalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() .addGap(8, 8, 8) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addComponent(ruleNameLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(ruleNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 234, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() + .addComponent(ruleNameLabel) + .addGap(5, 5, 5) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(mimeTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(pathTextField) + .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() + .addComponent(equalitySymbolComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(fileSizeSpinner) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(fileSizeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + .addGroup(layout.createSequentialGroup() + .addComponent(pathRegexCheckBox) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(pathSeparatorInfoLabel)) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 69, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(daysAgoLabel)) + .addComponent(ruleNameTextField, javax.swing.GroupLayout.DEFAULT_SIZE, 249, Short.MAX_VALUE) + .addGroup(layout.createSequentialGroup() + .addComponent(fullNameRadioButton) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(extensionRadioButton, javax.swing.GroupLayout.PREFERRED_SIZE, 98, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(nameRegexCheckbox))) + .addGap(1, 1, 1)))) + .addComponent(jLabel5) .addGroup(layout.createSequentialGroup() .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jLabel5) + .addComponent(nameCheck, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 95, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(jLabel1)) + .addGap(16, 16, 16) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() - .addComponent(jLabel1) - .addGap(65, 65, 65) .addComponent(filesRadioButton) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(dirsRadioButton) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(allRadioButton))) - .addGap(0, 0, Short.MAX_VALUE)))) - .addGroup(layout.createSequentialGroup() - .addContainerGap() - .addComponent(nameCheck) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addComponent(nameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 249, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup() - .addContainerGap() - .addComponent(pathCheck) - .addGap(4, 4, 4) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addComponent(pathRegexCheckBox) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addComponent(pathSeparatorInfoLabel)) - .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() - .addGap(0, 0, Short.MAX_VALUE) - .addComponent(pathTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 250, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(layout.createSequentialGroup() - .addComponent(fullNameRadioButton) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(extensionRadioButton, javax.swing.GroupLayout.PREFERRED_SIZE, 114, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(nameRegexCheckbox) - .addGap(0, 0, Short.MAX_VALUE)))) + .addComponent(allRadioButton)) + .addComponent(nameTextField))))) .addGroup(layout.createSequentialGroup() .addContainerGap() .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(pathCheck) .addComponent(mimeCheck) - .addComponent(fileSizeCheck)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING) - .addGroup(layout.createSequentialGroup() - .addComponent(equalitySymbolComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 36, javax.swing.GroupLayout.PREFERRED_SIZE) - .addGap(18, 18, 18) - .addComponent(fileSizeSpinner, javax.swing.GroupLayout.PREFERRED_SIZE, 94, javax.swing.GroupLayout.PREFERRED_SIZE) - .addGap(18, 18, 18) - .addComponent(fileSizeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 82, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addComponent(mimeTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 250, javax.swing.GroupLayout.PREFERRED_SIZE)))) + .addComponent(fileSizeCheck) + .addComponent(dateCheck)) + .addGap(0, 0, Short.MAX_VALUE))) .addContainerGap()) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() .addComponent(jLabel5) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(jLabel1) - .addComponent(filesRadioButton) - .addComponent(dirsRadioButton) - .addComponent(allRadioButton)) - .addGap(5, 5, 5) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(nameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 20, javax.swing.GroupLayout.PREFERRED_SIZE) - .addComponent(nameCheck)) + .addGap(3, 3, 3) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING) + .addGroup(layout.createSequentialGroup() + .addComponent(jLabel1) + .addGap(10, 10, 10) + .addComponent(nameCheck)) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(filesRadioButton) + .addComponent(dirsRadioButton) + .addComponent(allRadioButton)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(nameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 20, javax.swing.GroupLayout.PREFERRED_SIZE))) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(fullNameRadioButton) @@ -777,7 +844,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(pathRegexCheckBox) .addComponent(pathSeparatorInfoLabel)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 8, Short.MAX_VALUE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(mimeTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(mimeCheck)) @@ -787,7 +854,12 @@ final class FilesSetRulePanel extends javax.swing.JPanel { .addComponent(fileSizeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(fileSizeSpinner, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(fileSizeCheck)) - .addGap(15, 15, 15) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(daysAgoLabel) + .addComponent(dateCheck)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(ruleNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(ruleNameLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) @@ -795,10 +867,6 @@ final class FilesSetRulePanel extends javax.swing.JPanel { ); }// //GEN-END:initComponents - private void ruleNameTextFieldActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_ruleNameTextFieldActionPerformed - // TODO add your handling code here: - }//GEN-LAST:event_ruleNameTextFieldActionPerformed - private void nameCheckActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_nameCheckActionPerformed if (!this.nameCheck.isSelected()) { this.nameTextField.setEnabled(false); @@ -831,15 +899,30 @@ final class FilesSetRulePanel extends javax.swing.JPanel { this.setOkButton(); }//GEN-LAST:event_pathCheckActionPerformed - private void mimeCheckActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_mimeCheckActionPerformed - if (!this.mimeCheck.isSelected()) { - this.mimeTypeComboBox.setEnabled(false); - this.mimeTypeComboBox.setSelectedIndex(0); + private void filesRadioButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_filesRadioButtonActionPerformed + + this.setComponentsForSearchType(); + }//GEN-LAST:event_filesRadioButtonActionPerformed + + private void dirsRadioButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_dirsRadioButtonActionPerformed + this.setComponentsForSearchType(); + }//GEN-LAST:event_dirsRadioButtonActionPerformed + + private void allRadioButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_allRadioButtonActionPerformed + this.setComponentsForSearchType(); + }//GEN-LAST:event_allRadioButtonActionPerformed + + private void dateCheckActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_dateCheckActionPerformed + if (!this.dateCheck.isSelected()) { + this.daysAgoTextField.setEnabled(false); + this.daysAgoLabel.setEnabled(false); + this.daysAgoTextField.setText(""); } else { - this.mimeTypeComboBox.setEnabled(true); + this.daysAgoTextField.setEnabled(true); + this.daysAgoLabel.setEnabled(true); } this.setOkButton(); - }//GEN-LAST:event_mimeCheckActionPerformed + }//GEN-LAST:event_dateCheckActionPerformed private void fileSizeCheckActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_fileSizeCheckActionPerformed if (!this.fileSizeCheck.isSelected()) { @@ -855,21 +938,21 @@ final class FilesSetRulePanel extends javax.swing.JPanel { this.setOkButton(); }//GEN-LAST:event_fileSizeCheckActionPerformed - private void filesRadioButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_filesRadioButtonActionPerformed - - this.setComponentsForSearchType(); - }//GEN-LAST:event_filesRadioButtonActionPerformed - - private void dirsRadioButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_dirsRadioButtonActionPerformed - this.setComponentsForSearchType(); - }//GEN-LAST:event_dirsRadioButtonActionPerformed - - private void allRadioButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_allRadioButtonActionPerformed - this.setComponentsForSearchType(); - }//GEN-LAST:event_allRadioButtonActionPerformed + private void mimeCheckActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_mimeCheckActionPerformed + if (!this.mimeCheck.isSelected()) { + this.mimeTypeComboBox.setEnabled(false); + this.mimeTypeComboBox.setSelectedIndex(0); + } else { + this.mimeTypeComboBox.setEnabled(true); + } + this.setOkButton(); + }//GEN-LAST:event_mimeCheckActionPerformed // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JRadioButton allRadioButton; + private javax.swing.JCheckBox dateCheck; + private javax.swing.JLabel daysAgoLabel; + private javax.swing.JTextField daysAgoTextField; private javax.swing.JRadioButton dirsRadioButton; private javax.swing.JComboBox equalitySymbolComboBox; private javax.swing.JRadioButton extensionRadioButton; diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java index 6350805ee6..8397d77c72 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2014 Basis Technology Corp. + * Copyright 2014-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -52,7 +52,7 @@ public final class FilesSetsManager extends Observable { { put(Bundle.FilesSetsManager_allFilesAndDirectories(), new Rule(Bundle.FilesSetsManager_allFilesAndDirectories(), null, - new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null)); + new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null, null)); } }); private static final FilesSet FILES_DIRS_UNALLOC_INGEST_FILTER = new FilesSet( @@ -61,7 +61,7 @@ public final class FilesSetsManager extends Observable { { put(Bundle.FilesSetsManager_allFilesDirectoriesAndUnallocated(), new Rule(Bundle.FilesSetsManager_allFilesDirectoriesAndUnallocated(), null, - new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null)); + new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null, null)); } }); diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java index de88aee68e..d9a7393a95 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -44,6 +44,7 @@ import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCond import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition; import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition; import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition; +import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -67,6 +68,7 @@ class InterestingItemsFilesSetSettings implements Serializable { private static final String FILE_SET_TAG = "INTERESTING_FILE_SET"; //NON-NLS private static final String NAME_RULE_TAG = "NAME"; //NON-NLS private static final String NAME_ATTR = "name"; //NON-NLS + private static final String DAYS_AGO_ATTR = "daysAgo"; private static final String MIME_ATTR = "mimeType"; private static final String FS_COMPARATOR_ATTR = "comparatorSymbol"; private static final String FS_SIZE_ATTR = "sizeValue"; @@ -166,6 +168,35 @@ class InterestingItemsFilesSetSettings implements Serializable { return pathCondition; } + /** + * Construct a date condition for a FilesSet membership rule from data in an + * XML element. + * + * @param ruleElement The XML element. + * + * @return The date condition, or null if there is an error (logged). + * + * @throws + * org.sleuthkit.autopsy.modules.interestingitems.FilesSetsManager.FilesSetsManagerException + */ + private static DateCondition readDateCondition(Element ruleElement) throws FilesSetsManager.FilesSetsManagerException { + // Read in the optional path condition. Null is o.k., but if the attribute + // is there, be sure it is not malformed. + DateCondition dateCondition = null; + if (!ruleElement.getAttribute(DAYS_AGO_ATTR).isEmpty()) { + String daysAgo = ruleElement.getAttribute(DAYS_AGO_ATTR); + if (!daysAgo.isEmpty()) { + try { + dateCondition = new DateCondition(Integer.parseInt(daysAgo)); + } catch (NumberFormatException ex) { + logger.log(Level.SEVERE, "Error creating condition for " + daysAgo + ", ignoring malformed date condition definition", ex); // NON-NLS + throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex", DAYS_AGO_ATTR), ex); + } + } + } + return dateCondition; + } + /** * Attempts to compile a regular expression. * @@ -183,12 +214,13 @@ class InterestingItemsFilesSetSettings implements Serializable { } /** - * Construct a fileset membership rule from the data in an xml element for + * Construct a fileset membership rule from the data in an xml element for * use in a FilesSet. * * @param elem The XML element. * - * @return A file set constructed from the conditions available in the XML element + * @return A file set constructed from the conditions available in the XML + * element * * @throws * org.sleuthkit.autopsy.modules.interestingitems.FilesSetsManager.FilesSetsManagerException @@ -200,17 +232,17 @@ class InterestingItemsFilesSetSettings implements Serializable { ParentPathCondition pathCondition = readPathCondition(elem); MimeTypeCondition mimeCondition = readMimeCondition(elem); FileSizeCondition sizeCondition = readSizeCondition(elem); - //if meta type condition or all four types of conditions the user can create are all null then don't make the rule - if (metaCondition == null || (nameCondition == null && pathCondition == null && mimeCondition == null && sizeCondition == null)) { + DateCondition dateCondition = readDateCondition(elem); //if meta type condition or all four types of conditions the user can create are all null then don't make the rule + if (metaCondition == null || (nameCondition == null && pathCondition == null && mimeCondition == null && sizeCondition == null && dateCondition == null)) { logger.log(Level.WARNING, "Error Reading Rule, " + ruleName + " was either missing a meta condition or contained only a meta condition. No rule was imported."); // NON-NLS throw new FilesSetsManager.FilesSetsManagerException(String.format("Invalid Rule in FilesSet xml, missing necessary conditions for %s", ruleName)); } - return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition); + return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition, dateCondition); } /** - * Construct a file name condition for a FilesSet membership rule from data in an - * XML element. + * Construct a file name condition for a FilesSet membership rule from data + * in an XML element. * * @param ruleElement The XML element. * @@ -256,8 +288,8 @@ class InterestingItemsFilesSetSettings implements Serializable { } /** - * Construct a MIME type condition for a FilesSet membership rule from data in an - * XML element. + * Construct a MIME type condition for a FilesSet membership rule from data + * in an XML element. * * @param ruleElement The XML element. * @@ -275,8 +307,8 @@ class InterestingItemsFilesSetSettings implements Serializable { } /** - * Construct a file size condition for a FilesSet membership rule from data in an - * XML element. + * Construct a file size condition for a FilesSet membership rule from data + * in an XML element. * * @param ruleElement The XML element. * From 1bee51ee593e0e45eddf7bd9e6fccbe767ed1e10 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 31 Jan 2018 14:00:11 -0500 Subject: [PATCH 11/33] 3445 adjust date filter gui changes --- .../interestingitems/FilesSetDefsPanel.form | 17 ++++++++--------- .../interestingitems/FilesSetDefsPanel.java | 17 ++++++++--------- 2 files changed, 16 insertions(+), 18 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form index 02d4cec624..e4d5d64d47 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form @@ -127,6 +127,13 @@ + + + + + + + @@ -151,14 +158,6 @@ - - - - - - - - @@ -426,7 +425,7 @@ - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java index 4afdf6d91e..0834698a65 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java @@ -652,7 +652,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp setDescriptionTextArea.setColumns(20); setDescriptionTextArea.setFont(setDescriptionTextArea.getFont().deriveFont(setDescriptionTextArea.getFont().getStyle() & ~java.awt.Font.BOLD, 13)); setDescriptionTextArea.setLineWrap(true); - setDescriptionTextArea.setRows(10); + setDescriptionTextArea.setRows(8); setDescriptionTextArea.setMinimumSize(new java.awt.Dimension(10, 22)); setDescScrollPanel.setViewportView(setDescriptionTextArea); @@ -920,7 +920,13 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addGroup(jPanel1Layout.createSequentialGroup() .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(daysAgoLabel))) + .addComponent(daysAgoLabel)) + .addGroup(jPanel1Layout.createSequentialGroup() + .addComponent(filesRadioButton, javax.swing.GroupLayout.PREFERRED_SIZE, 47, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(dirsRadioButton) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(allRadioButton))) .addGap(0, 0, Short.MAX_VALUE))))) .addGap(8, 8, 8)) .addGroup(jPanel1Layout.createSequentialGroup() @@ -936,13 +942,6 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addComponent(jLabel6)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addComponent(ingestWarningLabel)) - .addGroup(jPanel1Layout.createSequentialGroup() - .addGap(95, 95, 95) - .addComponent(filesRadioButton, javax.swing.GroupLayout.PREFERRED_SIZE, 47, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(dirsRadioButton) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(allRadioButton)) .addGroup(jPanel1Layout.createSequentialGroup() .addGap(174, 174, 174) .addComponent(fileNameExtensionRadioButton) From 8e0354d9005f4c95b16efda0916b6267bfd1bab0 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 31 Jan 2018 14:24:11 -0500 Subject: [PATCH 12/33] 3445 adjust sizing of FilesSetDefsPanel elements after Date filter changes --- .../modules/interestingitems/FilesSetDefsPanel.form | 8 ++++---- .../modules/interestingitems/FilesSetDefsPanel.java | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form index e4d5d64d47..2658d8c167 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form @@ -196,8 +196,8 @@ - - + + @@ -205,7 +205,7 @@ - + @@ -425,7 +425,7 @@ - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java index 0834698a65..ec610d6ff1 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java @@ -652,7 +652,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp setDescriptionTextArea.setColumns(20); setDescriptionTextArea.setFont(setDescriptionTextArea.getFont().deriveFont(setDescriptionTextArea.getFont().getStyle() & ~java.awt.Font.BOLD, 13)); setDescriptionTextArea.setLineWrap(true); - setDescriptionTextArea.setRows(8); + setDescriptionTextArea.setRows(6); setDescriptionTextArea.setMinimumSize(new java.awt.Dimension(10, 22)); setDescScrollPanel.setViewportView(setDescriptionTextArea); @@ -974,15 +974,15 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addGap(1, 1, 1)) .addComponent(ingestWarningLabel, javax.swing.GroupLayout.Alignment.TRAILING)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(setDescScrollPanel, javax.swing.GroupLayout.DEFAULT_SIZE, 45, Short.MAX_VALUE) - .addGap(6, 6, 6) + .addComponent(setDescScrollPanel, javax.swing.GroupLayout.DEFAULT_SIZE, 69, Short.MAX_VALUE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(ignoreKnownFilesCheckbox) .addComponent(ingoreUnallocCheckbox, javax.swing.GroupLayout.PREFERRED_SIZE, 23, javax.swing.GroupLayout.PREFERRED_SIZE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(rulesListLabel) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(rulesListScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 81, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(rulesListScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 61, Short.MAX_VALUE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(newRuleButton) From e1cc0e7859a1e2dc2a17b73d6ad918fa800963a1 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 31 Jan 2018 14:47:18 -0500 Subject: [PATCH 13/33] 3445 refactor variable and method names for Date Filter option --- .../interestingitems/Bundle.properties | 6 +-- .../modules/interestingitems/FilesSet.java | 14 ++--- .../interestingitems/FilesSetDefsPanel.form | 16 +++--- .../interestingitems/FilesSetDefsPanel.java | 36 ++++++------- .../interestingitems/FilesSetRulePanel.form | 14 ++--- .../interestingitems/FilesSetRulePanel.java | 52 +++++++++---------- .../InterestingItemsFilesSetSettings.java | 14 ++--- 7 files changed, 76 insertions(+), 76 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties index 0a415c8ca8..830901a6d9 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties @@ -78,9 +78,9 @@ FilesSetDefsPanel.ingoreUnallocCheckbox.toolTipText=Ignores unallocated space, s FilesSetDefsPanel.ingestWarningLabel.text=Ingest is ongoing, some settings will be unavailable until it finishes. FilesSetDefsPanel.allRadioButton.text=All FilesSetRulePanel.dateCheck.text=Modified Within: -FilesSetRulePanel.daysAgoLabel.text=day(s) FilesSetRulePanel.fileSizeCheck.text=File Size: FilesSetRulePanel.mimeCheck.text=MIME Type: -FilesSetDefsPanel.daysAgoTextField.text= FilesSetDefsPanel.modifiedDateLabel.text=Modified Within: -FilesSetDefsPanel.daysAgoLabel.text=day(s) +FilesSetDefsPanel.daysIncludedTextField.text= +FilesSetDefsPanel.daysIncludedLabel.text=day(s) +FilesSetRulePanel.daysIncludedLabel.text=day(s) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java index 913db37528..94697d4fc6 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java @@ -283,7 +283,7 @@ public final class FilesSet implements Serializable { } @NbBundle.Messages({ - "# {0} - daysAgo", + "# {0} - daysIncluded", "FilesSet.rule.dateRule.toString=(modified within {0} day(s))" }) @Override @@ -300,7 +300,7 @@ public final class FilesSet implements Serializable { return this.ruleName + " (" + fileSizeCondition.getComparator().getSymbol() + " " + fileSizeCondition.getSizeValue() + " " + fileSizeCondition.getUnit().getName() + ")"; } else if (this.dateCondition != null) { - return this.ruleName + Bundle.FilesSet_rule_dateRule_toString(dateCondition.getDaysAgo()); + return this.ruleName + Bundle.FilesSet_rule_dateRule_toString(dateCondition.getDaysIncluded()); } else { return this.ruleName + " ()"; } @@ -763,7 +763,7 @@ public final class FilesSet implements Serializable { private final static long DAY_IN_S = 60 * 60 * 24; - private int daysAgo; + private int daysIncluded; /** * Construct a new DateCondition @@ -772,7 +772,7 @@ public final class FilesSet implements Serializable { * number of days will pass */ DateCondition(int days) { - daysAgo = days; + daysIncluded = days; } /** @@ -780,13 +780,13 @@ public final class FilesSet implements Serializable { * * @return integer value of the number days which will pass */ - int getDaysAgo() { - return daysAgo; + int getDaysIncluded() { + return daysIncluded; } @Override public boolean passes(AbstractFile file) { - long dateThreshold = System.currentTimeMillis() / 1000 - daysAgo * DAY_IN_S; + long dateThreshold = System.currentTimeMillis() / 1000 - daysIncluded * DAY_IN_S; if (file.getCrtime() > dateThreshold || file.getMtime() > dateThreshold) { return true; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form index 2658d8c167..4d8f94589f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form @@ -123,9 +123,9 @@ - + - + @@ -254,8 +254,8 @@ - - + + @@ -991,12 +991,12 @@ - + - + @@ -1006,10 +1006,10 @@ - + - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java index ec610d6ff1..4fd933b167 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java @@ -251,7 +251,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp this.fileNameRegexCheckbox.setSelected(false); this.filesRadioButton.setSelected(true); this.rulePathConditionTextField.setText(""); - this.daysAgoTextField.setText(""); + this.daysIncludedTextField.setText(""); this.rulePathConditionRegexCheckBox.setSelected(false); this.mimeTypeComboBox.setSelectedIndex(0); this.equalitySignComboBox.setSelectedIndex(2); @@ -374,10 +374,10 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp FilesSetDefsPanel.this.fileSizeSpinner.setValue(0); } if (dateCondition != null){ - FilesSetDefsPanel.this.daysAgoTextField.setText(Integer.toString(dateCondition.getDaysAgo())); + FilesSetDefsPanel.this.daysIncludedTextField.setText(Integer.toString(dateCondition.getDaysIncluded())); } else { - FilesSetDefsPanel.this.daysAgoTextField.setText(""); + FilesSetDefsPanel.this.daysIncludedTextField.setText(""); } // Enable the new, edit and delete rule buttons. FilesSetDefsPanel.this.newRuleButton.setEnabled(true && canBeEnabled); @@ -597,8 +597,8 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp importSetButton = new javax.swing.JButton(); exportSetButton = new javax.swing.JButton(); modifiedDateLabel = new javax.swing.JLabel(); - daysAgoTextField = new javax.swing.JTextField(); - daysAgoLabel = new javax.swing.JLabel(); + daysIncludedTextField = new javax.swing.JTextField(); + daysIncludedLabel = new javax.swing.JLabel(); setFont(getFont().deriveFont(getFont().getStyle() & ~java.awt.Font.BOLD, 11)); @@ -852,14 +852,14 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp org.openide.awt.Mnemonics.setLocalizedText(modifiedDateLabel, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.modifiedDateLabel.text")); // NOI18N - daysAgoTextField.setEditable(false); - daysAgoTextField.setHorizontalAlignment(javax.swing.JTextField.TRAILING); - daysAgoTextField.setText(org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.daysAgoTextField.text")); // NOI18N - daysAgoTextField.setMinimumSize(new java.awt.Dimension(60, 20)); - daysAgoTextField.setPreferredSize(new java.awt.Dimension(60, 20)); + daysIncludedTextField.setEditable(false); + daysIncludedTextField.setHorizontalAlignment(javax.swing.JTextField.TRAILING); + daysIncludedTextField.setText(org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.daysIncludedTextField.text")); // NOI18N + daysIncludedTextField.setMinimumSize(new java.awt.Dimension(60, 20)); + daysIncludedTextField.setPreferredSize(new java.awt.Dimension(60, 20)); - org.openide.awt.Mnemonics.setLocalizedText(daysAgoLabel, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.daysAgoLabel.text")); // NOI18N - daysAgoLabel.setEnabled(false); + org.openide.awt.Mnemonics.setLocalizedText(daysIncludedLabel, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.daysIncludedLabel.text")); // NOI18N + daysIncludedLabel.setEnabled(false); javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1); jPanel1.setLayout(jPanel1Layout); @@ -918,9 +918,9 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addComponent(fileNameRadioButton) .addComponent(rulePathConditionRegexCheckBox) .addGroup(jPanel1Layout.createSequentialGroup() - .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(daysIncludedTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(daysAgoLabel)) + .addComponent(daysIncludedLabel)) .addGroup(jPanel1Layout.createSequentialGroup() .addComponent(filesRadioButton, javax.swing.GroupLayout.PREFERRED_SIZE, 47, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) @@ -1024,8 +1024,8 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(modifiedDateLabel) - .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) - .addComponent(daysAgoLabel)) + .addComponent(daysIncludedTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(daysIncludedLabel)) .addContainerGap()) .addGroup(jPanel1Layout.createSequentialGroup() .addComponent(jScrollPane2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) @@ -1278,8 +1278,8 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JRadioButton allRadioButton; private javax.swing.JButton copySetButton; - private javax.swing.JLabel daysAgoLabel; - private javax.swing.JTextField daysAgoTextField; + private javax.swing.JLabel daysIncludedLabel; + private javax.swing.JTextField daysIncludedTextField; private javax.swing.JButton deleteRuleButton; private javax.swing.JButton deleteSetButton; private javax.swing.JRadioButton dirsRadioButton; diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form index 3d7513f6bc..b91bb34d36 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form @@ -48,9 +48,9 @@ - + - + @@ -151,8 +151,8 @@ - - + + @@ -386,7 +386,7 @@ - + @@ -397,10 +397,10 @@ - + - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java index cbca5fd600..bead96c5ed 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java @@ -49,8 +49,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { "FilesSetRulePanel.NoMimeTypeError=Please select a valid MIME type.", "FilesSetRulePanel.NoNameError=Name cannot be empty", "FilesSetRulePanel.NoPathError=Path cannot be empty", - "FilesSetRulePanel.DaysAgoEmptyError=Number of days ago cannot be empty.", - "FilesSetRulePanel.DaysAgoInvalidError=Number of days ago must be a positive integer.", + "FilesSetRulePanel.DaysIncludedEmptyError=Number of days included cannot be empty.", + "FilesSetRulePanel.DaysIncludedInvalidError=Number of days included must be a positive integer.", "FilesSetRulePanel.ZeroFileSizeError=File size condition value must not be 0 (Unless = is selected)." }) @@ -289,7 +289,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { if (dateCondition != null) { this.dateCheck.setSelected(true); this.dateCheckActionPerformed(null); - this.daysAgoTextField.setText(Integer.toString(dateCondition.getDaysAgo())); + this.daysIncludedTextField.setText(Integer.toString(dateCondition.getDaysIncluded())); } } @@ -387,19 +387,19 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } if (this.dateCheck.isSelected()) { - if (this.daysAgoTextField.getText().isEmpty()) { + if (this.daysIncludedTextField.getText().isEmpty()) { NotifyDescriptor notifyDesc = new NotifyDescriptor.Message( - Bundle.FilesSetRulePanel_DaysAgoEmptyError(), + Bundle.FilesSetRulePanel_DaysIncludedEmptyError(), NotifyDescriptor.WARNING_MESSAGE); DialogDisplayer.getDefault().notify(notifyDesc); return false; } try { - Integer.parseInt(daysAgoTextField.getText()); + Integer.parseInt(daysIncludedTextField.getText()); } catch (NumberFormatException e) { //field did not contain an integer NotifyDescriptor notifyDesc = new NotifyDescriptor.Message( - Bundle.FilesSetRulePanel_DaysAgoInvalidError(), + Bundle.FilesSetRulePanel_DaysIncludedInvalidError(), NotifyDescriptor.WARNING_MESSAGE); DialogDisplayer.getDefault().notify(notifyDesc); return false; @@ -553,8 +553,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { */ FilesSet.Rule.DateCondition getDateCondition() { FilesSet.Rule.DateCondition dateCondition = null; - if (!daysAgoTextField.getText().isEmpty()) { - dateCondition = new FilesSet.Rule.DateCondition(Integer.parseInt(daysAgoTextField.getText())); + if (!daysIncludedTextField.getText().isEmpty()) { + dateCondition = new FilesSet.Rule.DateCondition(Integer.parseInt(daysIncludedTextField.getText())); } return dateCondition; } @@ -637,8 +637,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { filesRadioButton = new javax.swing.JRadioButton(); dirsRadioButton = new javax.swing.JRadioButton(); allRadioButton = new javax.swing.JRadioButton(); - daysAgoTextField = new javax.swing.JTextField(); - daysAgoLabel = new javax.swing.JLabel(); + daysIncludedTextField = new javax.swing.JTextField(); + daysIncludedLabel = new javax.swing.JLabel(); dateCheck = new javax.swing.JCheckBox(); org.openide.awt.Mnemonics.setLocalizedText(ruleNameLabel, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.ruleNameLabel.text")); // NOI18N @@ -738,11 +738,11 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } }); - daysAgoTextField.setEnabled(false); - daysAgoTextField.setMinimumSize(new java.awt.Dimension(60, 20)); - daysAgoTextField.setPreferredSize(new java.awt.Dimension(60, 20)); + daysIncludedTextField.setEnabled(false); + daysIncludedTextField.setMinimumSize(new java.awt.Dimension(60, 20)); + daysIncludedTextField.setPreferredSize(new java.awt.Dimension(60, 20)); - org.openide.awt.Mnemonics.setLocalizedText(daysAgoLabel, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.daysAgoLabel.text")); // NOI18N + org.openide.awt.Mnemonics.setLocalizedText(daysIncludedLabel, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.daysIncludedLabel.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(dateCheck, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.dateCheck.text")); // NOI18N dateCheck.addActionListener(new java.awt.event.ActionListener() { @@ -779,9 +779,9 @@ final class FilesSetRulePanel extends javax.swing.JPanel { .addGroup(layout.createSequentialGroup() .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createSequentialGroup() - .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 69, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(daysIncludedTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 69, javax.swing.GroupLayout.PREFERRED_SIZE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(daysAgoLabel)) + .addComponent(daysIncludedLabel)) .addComponent(ruleNameTextField, javax.swing.GroupLayout.DEFAULT_SIZE, 249, Short.MAX_VALUE) .addGroup(layout.createSequentialGroup() .addComponent(fullNameRadioButton) @@ -856,8 +856,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { .addComponent(fileSizeCheck)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(daysAgoTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) - .addComponent(daysAgoLabel) + .addComponent(daysIncludedTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(daysIncludedLabel) .addComponent(dateCheck)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) @@ -914,12 +914,12 @@ final class FilesSetRulePanel extends javax.swing.JPanel { private void dateCheckActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_dateCheckActionPerformed if (!this.dateCheck.isSelected()) { - this.daysAgoTextField.setEnabled(false); - this.daysAgoLabel.setEnabled(false); - this.daysAgoTextField.setText(""); + this.daysIncludedTextField.setEnabled(false); + this.daysIncludedLabel.setEnabled(false); + this.daysIncludedTextField.setText(""); } else { - this.daysAgoTextField.setEnabled(true); - this.daysAgoLabel.setEnabled(true); + this.daysIncludedTextField.setEnabled(true); + this.daysIncludedLabel.setEnabled(true); } this.setOkButton(); }//GEN-LAST:event_dateCheckActionPerformed @@ -951,8 +951,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JRadioButton allRadioButton; private javax.swing.JCheckBox dateCheck; - private javax.swing.JLabel daysAgoLabel; - private javax.swing.JTextField daysAgoTextField; + private javax.swing.JLabel daysIncludedLabel; + private javax.swing.JTextField daysIncludedTextField; private javax.swing.JRadioButton dirsRadioButton; private javax.swing.JComboBox equalitySymbolComboBox; private javax.swing.JRadioButton extensionRadioButton; diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java index d9a7393a95..0e1bfff033 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java @@ -68,7 +68,7 @@ class InterestingItemsFilesSetSettings implements Serializable { private static final String FILE_SET_TAG = "INTERESTING_FILE_SET"; //NON-NLS private static final String NAME_RULE_TAG = "NAME"; //NON-NLS private static final String NAME_ATTR = "name"; //NON-NLS - private static final String DAYS_AGO_ATTR = "daysAgo"; + private static final String DAYS_INCLUDED_ATTR = "daysIncluded"; private static final String MIME_ATTR = "mimeType"; private static final String FS_COMPARATOR_ATTR = "comparatorSymbol"; private static final String FS_SIZE_ATTR = "sizeValue"; @@ -183,14 +183,14 @@ class InterestingItemsFilesSetSettings implements Serializable { // Read in the optional path condition. Null is o.k., but if the attribute // is there, be sure it is not malformed. DateCondition dateCondition = null; - if (!ruleElement.getAttribute(DAYS_AGO_ATTR).isEmpty()) { - String daysAgo = ruleElement.getAttribute(DAYS_AGO_ATTR); - if (!daysAgo.isEmpty()) { + if (!ruleElement.getAttribute(DAYS_INCLUDED_ATTR).isEmpty()) { + String daysIncluded = ruleElement.getAttribute(DAYS_INCLUDED_ATTR); + if (!daysIncluded.isEmpty()) { try { - dateCondition = new DateCondition(Integer.parseInt(daysAgo)); + dateCondition = new DateCondition(Integer.parseInt(daysIncluded)); } catch (NumberFormatException ex) { - logger.log(Level.SEVERE, "Error creating condition for " + daysAgo + ", ignoring malformed date condition definition", ex); // NON-NLS - throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex", DAYS_AGO_ATTR), ex); + logger.log(Level.SEVERE, "Error creating condition for " + daysIncluded + ", ignoring malformed date condition definition", ex); // NON-NLS + throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex", DAYS_INCLUDED_ATTR), ex); } } } From 5942ae6a9b601362d8231a2206b6f696357b75d0 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\zhaohui" Date: Fri, 2 Feb 2018 12:19:55 -0500 Subject: [PATCH 14/33] 3281: Use Hash Set instead of Hash Database --- .../optionspanel/Bundle.properties | 2 +- .../AddContentToHashDbAction.java | 2 +- .../modules/hashdatabase/Bundle.properties | 94 +++++++++---------- .../HashDatabaseOptionsPanelController.java | 2 +- .../hashdatabase/HashDbIngestModule.java | 8 +- .../modules/hashdatabase/HashDbManager.java | 20 ++-- .../HashLookupModuleSettings.java | 8 +- .../hashdatabase/HashLookupSettings.java | 4 +- .../hashdatabase/HashLookupSettingsPanel.java | 12 +-- .../taggedhashes/AddTaggedHashesToHashDb.java | 8 +- .../configuration/SharedConfiguration.java | 10 +- .../autopsy/keywordsearch/Bundle.properties | 2 +- .../autopsy/testing/AutopsyTestCases.java | 2 +- 13 files changed, 87 insertions(+), 87 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties b/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties index 72ecac2866..5864aca9d3 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties @@ -23,7 +23,7 @@ ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this database ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Database Version Number GlobalSettingsPanel.tbOops.text= GlobalSettingsPanel.lbDatabaseSettings.text=Database Settings -GlobalSettingsPanel.bnImportDatabase.label=Import Hash Database +GlobalSettingsPanel.bnImportDatabase.label=Import Hash Set AddNewOrganizationDialog.lbPocPhone.text=Phone: AddNewOrganizationDialog.lbPocEmail.text=Email: AddNewOrganizationDialog.lbPocName.text=Name: diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java index 5ec70ce3b9..bad70c82ae 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java @@ -162,7 +162,7 @@ final class AddContentToHashDbAction extends AbstractAction implements Presenter try { hashSet.addHashes(file); } catch (TskCoreException ex) { - Logger.getLogger(AddContentToHashDbAction.class.getName()).log(Level.SEVERE, "Error adding to hash database", ex); //NON-NLS + Logger.getLogger(AddContentToHashDbAction.class.getName()).log(Level.SEVERE, "Error adding to hash set", ex); //NON-NLS JOptionPane.showMessageDialog(null, NbBundle.getMessage(this.getClass(), "AddContentToHashDbAction.addFilesToHashSet.unableToAddFileMsg", diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties index 7e4b10fc5d..b9c1df8c9a 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties @@ -1,11 +1,11 @@ OpenIDE-Module-Display-Category=Ingest Module OpenIDE-Module-Long-Description=\ - Hash Database ingest module. \n\n\ + Hash Set ingest module. \n\n\ The ingest module analyzes files in the disk image and marks them as "known" (based on NSRL database lookup for "known" files) and "bad / interesting" (based on one or more databases supplied by the user).\n\n\ - The module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash database configuration. + The module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration. OpenIDE-Module-Name=HashDatabases -OptionsCategory_Name_HashDatabase=Hash Databases -OptionsCategory_Keywords_HashDatabase=Hash Databases +OptionsCategory_Name_HashDatabase=Hash Sets +OptionsCategory_Keywords_HashDatabase=Hash Sets HashDbSearchPanel.hashTable.columnModel.title0=MD5 Hashes HashDbSearchPanel.addButton.text=Add Hash HashDbSearchPanel.hashField.text= @@ -16,7 +16,7 @@ HashDbSearchPanel.titleLabel.text=Search for files with the following MD5 hash(e HashDbSearchPanel.errorField.text=Error: Not all files have been hashed. HashDbSearchPanel.saveBox.text=Remember Hashes HashDbSearchPanel.cancelButton.text=Cancel -OpenIDE-Module-Short-Description=Hash Database Ingest Module and hash db tools +OpenIDE-Module-Short-Description=Hash Set Ingest Module and hash set tools HashDbImportDatabaseDialog.jLabel1.text=Name: HashDbImportDatabaseDialog.databasePathTextField.text= HashDbImportDatabaseDialog.knownBadRadioButton.text=Notable @@ -28,7 +28,7 @@ HashDbCreateDatabaseDialog.knownBadRadioButton.text=Notable HashDbCreateDatabaseDialog.cancelButton.text=Cancel ModalNoButtons.CURRENTDB_LABEL.text=(CurrentDb) ModalNoButtons.CURRENTLYON_LABEL.text=Currently Indexing x of y -ModalNoButtons.GO_GET_COFFEE_LABEL.text=Hash databases are currently being indexed, this may take some time. +ModalNoButtons.GO_GET_COFFEE_LABEL.text=Hash sets are currently being indexed, this may take some time. ModalNoButtons.CANCEL_BUTTON.text=Cancel HashDbImportDatabaseDialog.knownRadioButton.text=Known (NSRL or other) HashDbCreateDatabaseDialog.knownRadioButton.text=Known @@ -42,14 +42,14 @@ HashDbImportDatabaseDialog.openButton.text=Open... HashDbCreateDatabaseDialog.jLabel3.text=Name: HashDbCreateDatabaseDialog.okButton.text=OK HashDbCreateDatabaseDialog.databasePathTextField.text= -AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=No hash databases configured -AddContentToHashDbAction.ContentMenu.createDbItem=Create database... -AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr1.text=Add to Hash Database Error -AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr2.text=Add to Hash Database Error -AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr3.text=Add to Hash Database Error -AddContentToHashDbAction.addFilesToHashSet.unableToAddFileMsg=Unable to add {0} to the hash database. -AddContentToHashDbAction.addFilesToHashSet.unableToAddFileEmptyMsg=Unable to add {0} to the hash database. File has no content. -AddContentToHashDbAction.addFilesToHashSet.unableToAddFileSzMsg=Unable to add the {0} to the hash database. Hashes have not been calculated. Please configure and run an appropriate ingest module. +AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=No hash sets configured +AddContentToHashDbAction.ContentMenu.createDbItem=Create hash set... +AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr1.text=Add to Hash Set Error +AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr2.text=Add to Hash Set Error +AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr3.text=Add to Hash Set Error +AddContentToHashDbAction.addFilesToHashSet.unableToAddFileMsg=Unable to add {0} to the hash set. +AddContentToHashDbAction.addFilesToHashSet.unableToAddFileEmptyMsg=Unable to add {0} to the hash set. File has no content. +AddContentToHashDbAction.addFilesToHashSet.unableToAddFileSzMsg=Unable to add the {0} to the hash set. Hashes have not been calculated. Please configure and run an appropriate ingest module. HashDatabaseOptionsPanelController.moduleErr=Module Error HashDatabaseOptionsPanelController.moduleErrMsg=A module caused an error listening to HashDatabaseOptionsPanelController updates. See log to determine which module. Some data could be incomplete. HashDbConfigPanel.noSelectionText=No database selected @@ -68,29 +68,29 @@ HashDbConfigPanel.unindexedDbsMsg=Unindexed databases HashDbConfigPanel.allUnindexedDbsRmFromListMsg=All unindexed databases will be removed from the list HashDbConfigPanel.nameColLbl=Name HashDbConfigPanel.editingCellsNotSupportedMsg=Editing of cells is not supported -HashDbConfigPanel.deleteDbActionConfirmMsg=This will remove the hash database for all cases. Do you want to proceed? -HashDbConfigPanel.deleteDbActionMsg=Delete Hash Database from Configuration +HashDbConfigPanel.deleteDbActionConfirmMsg=This will remove the hash set for all cases. Do you want to proceed? +HashDbConfigPanel.deleteDbActionMsg=Delete Hash Set from Configuration HashDbCreateDatabaseDialog.defaultFileName=hashset -HashDbCreateDatabaseDialog.createHashDbMsg=Create Hash Database -HashDbCreateDatabaseDialog.hashDbMustHaveFileExtensionMsg=The hash database file must have a .{0} extension. +HashDbCreateDatabaseDialog.createHashDbMsg=Create Hash Set +HashDbCreateDatabaseDialog.hashDbMustHaveFileExtensionMsg=The hash set file must have a .{0} extension. HashDbCreateDatabaseDialog.fileNameErr=File Name Error HashDbCreateDatabaseDialog.fileNameAlreadyExistsMsg=A file with this name already exists. Please choose a new file name. HashDbCreateDatabaseDialog.fileExistsErr=File Already Exists Error HashDbCreateDatabaseDialog.mustEnterHashSetNameMsg=A hash set name must be entered. -HashDbCreateDatabaseDialog.createHashDbErr=Create Hash Database Error +HashDbCreateDatabaseDialog.createHashDbErr=Create Hash Set Error HashDbCreateDatabaseDialog.mustEnterHashDbPathMsg=A database path must be entered. -HashDbCreateDatabaseDialog.errMsg.hashDbCreationErr=Hash database creation error -HashDbCreateDatabaseDialog.cannotCreateFileAtLocMsg=Cannot create a hash database file at the selected location. -HashDbCreateDatabaseDialog.failedToCreateHashDbMsg=Failed to create the hash database. -HashDbImportDatabaseDialog.importHashDbMsg=Import Hash Database -HashDbImportDatabaseDialog.fileNameExtFilter.text=Hash Database File +HashDbCreateDatabaseDialog.errMsg.hashDbCreationErr=Hash set creation error +HashDbCreateDatabaseDialog.cannotCreateFileAtLocMsg=Cannot create a hash set file at the selected location. +HashDbCreateDatabaseDialog.failedToCreateHashDbMsg=Failed to create the hash set. +HashDbImportDatabaseDialog.importHashDbMsg=Import Hash Set +HashDbImportDatabaseDialog.fileNameExtFilter.text=Hash Set File HashDbImportDatabaseDialog.failedToGetDbPathMsg=Failed to get the path of the selected database. -HashDbImportDatabaseDialog.importHashDbErr=Import Hash Database Error -HashDbImportDatabaseDialog.mustSelectHashDbFilePathMsg=A hash database file path must be selected. -HashDbImportDatabaseDialog.hashDbDoesNotExistMsg=The selected hash database does not exist. -HashDbImportDatabaseDialog.errorMessage.failedToOpenHashDbMsg=Failed to open hash database at {0}. +HashDbImportDatabaseDialog.importHashDbErr=Import Hash Set Error +HashDbImportDatabaseDialog.mustSelectHashDbFilePathMsg=A hash set file path must be selected. +HashDbImportDatabaseDialog.hashDbDoesNotExistMsg=The selected hash set does not exist. +HashDbImportDatabaseDialog.errorMessage.failedToOpenHashDbMsg=Failed to open hash set at {0}. HashDbIngestModule.moduleName=Hash Lookup -HashDbIngestModule.moduleDescription=Identifies known and notable files using supplied hash databases, such as a standard NSRL database. +HashDbIngestModule.moduleDescription=Identifies known and notable files using supplied hash sets, such as a standard NSRL database. HashDbIngestModule.fileReadErrorMsg=Read Error\: {0} HashDbIngestModule.calcHashValueErr=Error encountered while calculating the hash value for {0}. HashDbIngestModule.hashLookupErrorMsg=Hash Lookup Error\: {0} @@ -108,16 +108,16 @@ HashDbIngestModule.complete.databasesUsed=Databases Used\: HashDbIngestModule.complete.hashLookupResults=Hash Lookup Results HashDbManager.moduleErrorListeningToUpdatesMsg=A module caused an error listening to HashDbManager updates. See log to determine which module. Some data could be incomplete. HashDbManager.replacingDuplicateHashsetNameMsg=Duplicate hash set name {0} found.\nReplacing with {1}. -HashDbManager.openHashDbErr=Open Hash Database Error -HashDbManager.unableToOpenHashDbMsg=Unable to open {0} hash database. +HashDbManager.openHashDbErr=Open Hash Set Error +HashDbManager.unableToOpenHashDbMsg=Unable to open {0} hash set. HashDbManager.savedBackupOfOldConfigMsg={0}\nA backup copy of the old configuration has been saved as\n{1} -HashDbManager.baseMessage.updatedFormatHashDbConfig=The format of the hash database configuration file has been updated. +HashDbManager.baseMessage.updatedFormatHashDbConfig=The format of the hash set configuration file has been updated. HashDbManager.msgBoxTitle.confFileFmtChanged=Configuration File Format Changed HashDbManager.dlgMsg.dbNotFoundAtLoc=Database {0} could not be found at location\n{1}\nWould you like to search for the file? HashDbManager.dlgTitle.MissingDb=Missing Database HashDbManager.progress.indexingHashSet=Indexing {0} -HashDbManager.dlgMsg.errorIndexingHashSet=Error indexing {0} hash database. -HashDbManager.hashDbIndexingErr=Hash Database Indexing Error +HashDbManager.dlgMsg.errorIndexingHashSet=Error indexing {0} hash set. +HashDbManager.hashDbIndexingErr=Hash Set Indexing Error HashDbPanelSearchAction.actionName=File Search by MD5 Hash HashDbSearchAction.dlgMsg.noFilesHaveMD5Calculated=No files currently have an MD5 hash calculated, run HashDB ingest first. HashDbSearchManager.MD5HashSearch=MD5 Hash Search @@ -132,7 +132,7 @@ HashDbSearchThread.name.searching=Searching HashDbSearchThread.noMoreFilesWithMD5Msg=No other files with the same MD5 hash were found. ModalNoButtons.indexingDbsTitle=Indexing databases ModalNoButtons.indexingDbTitle=Indexing database -ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash databases. \n\ +ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \n\ The generated index will be left unusable. If you choose to continue,\n\ please delete the corresponding -md5.idx file in the hash folder.\n\ Exit indexing? @@ -140,36 +140,36 @@ ModalNoButtons.dlgTitle.unfinishedIndexing=Unfinished Indexing ModalNoButtons.indexThis.currentlyIndexing1Db=Currently indexing 1 database ModalNoButtons.indexThese.currentlyIndexing1OfNDbs=Currently indexing 1 of {0} ModalNoButtons.propChg.currentlyIndexingXofN=Currently indexing {0} of {1} -HashDbManager.duplicateHashSetNameExceptionMsg=The hash set name ''{0}'' has already been used for another hash database. -HashDbManager.hashDbDoesNotExistExceptionMsg=No hash database found at\n{0} +HashDbManager.duplicateHashSetNameExceptionMsg=The hash set name ''{0}'' has already been used for another hash set. +HashDbManager.hashDbDoesNotExistExceptionMsg=No hash set found at\n{0} HashDbManager.hashDbFileExistsExceptionMsg=A file already exists at\n{0} -HashDbManager.hashDbAlreadyAddedExceptionMsg=The hash database at\n{0}\nhas already been created or imported. -HashDbManager.illegalHashDbFileNameExtensionMsg=The hash database file name must have a .{0} extension. +HashDbManager.hashDbAlreadyAddedExceptionMsg=The hash set at\n{0}\nhas already been created or imported. +HashDbManager.illegalHashDbFileNameExtensionMsg=The hash set file name must have a .{0} extension. HashDbManager.moduleErr=Module Error HashDbManager.knownBad.text=Notable HashDbManager.known.text=Known -HashDbManager.fileNameExtensionFilter.title=Hash Database File +HashDbManager.fileNameExtensionFilter.title=Hash Set File HashDbSearchAction.dlgMsg.title=File Search by MD5 Hash HashDbSearchAction.getName.text=Hash Search HashDbSearchPanel.dlgMsg.title=File Search by MD5 Hash -AddContentToHashDbAction.singleSelectionName=Add file to hash database -AddContentToHashDbAction.multipleSelectionName=Add files to hash database +AddContentToHashDbAction.singleSelectionName=Add file to hash set +AddContentToHashDbAction.multipleSelectionName=Add files to hash set HashDbManager.ingestRunningExceptionMsg=Ingest is ongoing; this service will be unavailable until it finishes. HashDbManager.saveErrorExceptionMsg=Error saving hash configuration HashLookupSettingsPanel.jButton3.text=Import Database HashLookupSettingsPanel.jLabel6.text=Type: HashLookupSettingsPanel.jLabel4.text=Location: HashLookupSettingsPanel.jLabel2.text=Name: -HashLookupModuleSettingsPanel.alwaysCalcHashesCheckbox.text=Calculate MD5 even if no hash database is selected -HashLookupModuleSettingsPanel.knownHashDbsLabel.text=Select known hash databases to use: -HashLookupModuleSettingsPanel.knownBadHashDbsLabel.text=Select notable hash databases to use: +HashLookupModuleSettingsPanel.alwaysCalcHashesCheckbox.text=Calculate MD5 even if no hash set is selected +HashLookupModuleSettingsPanel.knownHashDbsLabel.text=Select known hash sets to use: +HashLookupModuleSettingsPanel.knownBadHashDbsLabel.text=Select notable hash sets to use: AddContentToHashDbAction.addFilesToHashSet.files=files AddContentToHashDbAction.addFilesToHashSet.file=file HashDbManager.errCreatingIndex.title=Error creating index HashDbManager.errCreatingIndex.msg=Error creating index\: {0} HashLookupModuleFactory.getIngestJobSettingsPanel.exception.msg=Expected settings argument to be instanceof HashLookupModuleSettings HashLookupModuleFactory.createFileIngestModule.exception.msg=Expected settings argument to be instanceof HashLookupModuleSettings -HashLookupModuleSettingsPanel.alwaysCalcHashesCheckbox.toolTipText=Calculate MD5 even if no hash database is selected +HashLookupModuleSettingsPanel.alwaysCalcHashesCheckbox.toolTipText=Calculate MD5 even if no hash set is selected HashDbSearchPanel.hashTable.defaultModel.title.text=MD5 Hashes AddHashValuesToDatabaseDialog.JDialog.Title=Add Hashes to Database AddHashValuesToDatabaseDialog.instructionLabel.text_1=Paste MD5 hash values (one per line) below: @@ -206,7 +206,7 @@ HashLookupSettingsPanel.locationLabel.text=Database Path: HashLookupSettingsPanel.hashDbLocationLabel.text=No database selected HashLookupSettingsPanel.hashDbNameLabel.text=No database selected HashLookupSettingsPanel.nameLabel.text=Name: -HashLookupSettingsPanel.hashDatabasesLabel.text=Hash Databases: +HashLookupSettingsPanel.hashDatabasesLabel.text=Hash Sets: HashLookupSettingsPanel.importDatabaseButton.toolTipText= HashLookupSettingsPanel.importDatabaseButton.text=Import database HashLookupSettingsPanel.deleteDatabaseButton.text=Delete database diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDatabaseOptionsPanelController.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDatabaseOptionsPanelController.java index ed77c459c5..a4d85eef9b 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDatabaseOptionsPanelController.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDatabaseOptionsPanelController.java @@ -35,7 +35,7 @@ import org.sleuthkit.autopsy.coreutils.Logger; keywordsCategory = "HashDatabase", id = "HashDatabase") // moved messages to Bundle.properties -//@org.openide.util.NbBundle.Messages({"OptionsCategory_Name_HashDatabase=Hash Database", "OptionsCategory_Keywords_HashDatabase=Hash Database"}) +//@org.openide.util.NbBundle.Messages({"OptionsCategory_Name_HashDatabase=Hash Set", "OptionsCategory_Keywords_HashDatabase=Hash Set"}) public final class HashDatabaseOptionsPanelController extends OptionsPanelController { private HashLookupSettingsPanel panel; diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 696a105416..022cda8a9c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -51,9 +51,9 @@ import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskException; @NbBundle.Messages({ - "HashDbIngestModule.noKnownBadHashDbSetMsg=No notable hash database set.", + "HashDbIngestModule.noKnownBadHashDbSetMsg=No notable hash set.", "HashDbIngestModule.knownBadFileSearchWillNotExecuteWarn=Notable file search will not be executed.", - "HashDbIngestModule.noKnownHashDbSetMsg=No known hash database set.", + "HashDbIngestModule.noKnownHashDbSetMsg=No known hash set.", "HashDbIngestModule.knownFileSearchWillNotExecuteWarn=Known file search will not be executed." }) public class HashDbIngestModule implements FileIngestModule { @@ -95,7 +95,7 @@ public class HashDbIngestModule implements FileIngestModule { public void startUp(org.sleuthkit.autopsy.ingest.IngestJobContext context) throws IngestModuleException { jobId = context.getJobId(); if (!hashDbManager.verifyAllDatabasesLoadedCorrectly()) { - throw new IngestModuleException("Could not load all hash databases"); + throw new IngestModuleException("Could not load all hash sets"); } updateEnabledHashSets(hashDbManager.getKnownBadFileHashSets(), knownBadHashSets); updateEnabledHashSets(hashDbManager.getKnownFileHashSets(), knownHashSets); @@ -136,7 +136,7 @@ public class HashDbIngestModule implements FileIngestModule { enabledHashSets.add(db); } } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Error getting index status for " + db.getDisplayName()+ " hash database", ex); //NON-NLS + logger.log(Level.WARNING, "Error getting index status for " + db.getDisplayName()+ " hash set", ex); //NON-NLS } } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java index c032bdc83e..9395f77246 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java @@ -320,7 +320,7 @@ public class HashDbManager implements PropertyChangeListener { hashSetPaths.add(indexPath); } } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDb.getHashSetName() + " hash database after indexing", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDb.getHashSetName() + " hash set after indexing", ex); //NON-NLS } } } @@ -363,7 +363,7 @@ public class HashDbManager implements PropertyChangeListener { hashSetPaths.remove(hashDatabase.getIndexPath()); } } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDatabase.getHashSetName() + " hash database when removing the database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDatabase.getHashSetName() + " hash set when removing the database", ex); //NON-NLS } try { @@ -371,13 +371,13 @@ public class HashDbManager implements PropertyChangeListener { hashSetPaths.remove(hashDatabase.getDatabasePath()); } } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting database path of " + hashDatabase.getHashSetName() + " hash database when removing the database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting database path of " + hashDatabase.getHashSetName() + " hash set when removing the database", ex); //NON-NLS } try { hashDatabase.close(); } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + hashDb.getHashSetName() + " hash database when removing the database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + hashDb.getHashSetName() + " hash set when removing the database", ex); //NON-NLS } } @@ -480,7 +480,7 @@ public class HashDbManager implements PropertyChangeListener { updateableDbs.add(db); } } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error checking updateable status of " + db.getHashSetName() + " hash database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error checking updateable status of " + db.getHashSetName() + " hash set", ex); //NON-NLS } } return updateableDbs; @@ -532,7 +532,7 @@ public class HashDbManager implements PropertyChangeListener { try { ((SleuthkitHashSet)database).close(); } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + database.getHashSetName() + " hash database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + database.getHashSetName() + " hash set", ex); //NON-NLS } } } @@ -578,7 +578,7 @@ public class HashDbManager implements PropertyChangeListener { } } } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error opening hash database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error opening hash set", ex); //NON-NLS JOptionPane.showMessageDialog(null, NbBundle.getMessage(this.getClass(), "HashDbManager.unableToOpenHashDbMsg", hashDbInfo.getHashSetName()), @@ -592,7 +592,7 @@ public class HashDbManager implements PropertyChangeListener { try{ updateHashSetsFromCentralRepository(); } catch (TskCoreException ex){ - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error opening hash database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error opening hash set", ex); //NON-NLS JOptionPane.showMessageDialog(null, Bundle.HashDbManager_centralRepoLoadError_message(), @@ -615,7 +615,7 @@ public class HashDbManager implements PropertyChangeListener { allDatabasesLoadedCorrectly = true; } catch (HashLookupSettings.HashLookupSettingsException ex) { allDatabasesLoadedCorrectly = false; - logger.log(Level.SEVERE, "Could not overwrite hash database settings.", ex); + logger.log(Level.SEVERE, "Could not overwrite hash set settings.", ex); } } } @@ -1344,7 +1344,7 @@ public class HashDbManager implements PropertyChangeListener { try{ return EamDb.getInstance().referenceSetIsValid(this.referenceSetID, this.hashSetName, this.version); } catch (EamDbException ex){ - Logger.getLogger(CentralRepoHashSet.class.getName()).log(Level.SEVERE, "Error validating hash database " + hashSetName, ex); //NON-NLS + Logger.getLogger(CentralRepoHashSet.class.getName()).log(Level.SEVERE, "Error validating hash set " + hashSetName, ex); //NON-NLS return false; } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupModuleSettings.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupModuleSettings.java index 99dd50d291..99204ab1ca 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupModuleSettings.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupModuleSettings.java @@ -47,7 +47,7 @@ final class HashLookupModuleSettings implements IngestModuleIngestJobSettings { try{ databaseInfoList = HashLookupSettings.convertHashSetList(hashDbList); } catch (HashLookupSettings.HashLookupSettingsException ex){ - Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error creating hash database settings.", ex); //NON-NLS + Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error creating hash set settings.", ex); //NON-NLS databaseInfoList = new ArrayList<>(); } } @@ -87,7 +87,7 @@ final class HashLookupModuleSettings implements IngestModuleIngestJobSettings { dbInfo.setSearchDuringIngest(true); databaseInfoList.add(dbInfo); } catch (TskCoreException ex){ - Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error creating hash database settings for " + db.getHashSetName(), ex); //NON-NLS + Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error creating hash set settings for " + db.getHashSetName(), ex); //NON-NLS } } for(HashDb db:disabledHashSets){ @@ -96,7 +96,7 @@ final class HashLookupModuleSettings implements IngestModuleIngestJobSettings { dbInfo.setSearchDuringIngest(false); databaseInfoList.add(dbInfo); } catch (TskCoreException ex){ - Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error creating hash database settings for " + db.getHashSetName(), ex); //NON-NLS + Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error creating hash set settings for " + db.getHashSetName(), ex); //NON-NLS } } @@ -152,7 +152,7 @@ final class HashLookupModuleSettings implements IngestModuleIngestJobSettings { try{ databaseInfoList = HashLookupSettings.convertHashSetList(HashDbManager.getInstance().getAllHashSets()); } catch (HashLookupSettings.HashLookupSettingsException ex){ - Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error updating hash database settings.", ex); //NON-NLS + Logger.getLogger(HashLookupModuleSettings.class.getName()).log(Level.SEVERE, "Error updating hash set settings.", ex); //NON-NLS return; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java index 948f18451d..7ba87b1cd3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java @@ -128,7 +128,7 @@ final class HashLookupSettings implements Serializable { return filesSetsSettings; } } catch (IOException | ClassNotFoundException ex) { - throw new HashLookupSettingsException("Could not read hash database settings.", ex); + throw new HashLookupSettingsException("Could not read hash set settings.", ex); } } @@ -285,7 +285,7 @@ final class HashLookupSettings implements Serializable { out.writeObject(settings); return true; } catch (Exception ex) { - logger.log(Level.SEVERE, "Could not write hash database settings."); + logger.log(Level.SEVERE, "Could not write hash set settings."); return false; } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java index 1adb75594d..ac1fb3fef6 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java @@ -192,14 +192,14 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan try { hashDbLocationLabel.setText(shortenPath(db.getDatabasePath())); } catch (TskCoreException ex) { - Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting database path of " + db.getHashSetName() + " hash database", ex); //NON-NLS + Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting database path of " + db.getHashSetName() + " hash set", ex); //NON-NLS hashDbLocationLabel.setText(ERROR_GETTING_PATH_TEXT); } try { indexPathLabel.setText(shortenPath(hashDb.getIndexPath())); } catch (TskCoreException ex) { - Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting index path of " + db.getHashSetName() + " hash database", ex); //NON-NLS + Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting index path of " + db.getHashSetName() + " hash set", ex); //NON-NLS indexPathLabel.setText(ERROR_GETTING_PATH_TEXT); } @@ -237,7 +237,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan indexButton.setEnabled(true); } } catch (TskCoreException ex) { - Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting index state of hash database", ex); //NON-NLS + Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting index state of hash set", ex); //NON-NLS hashDbIndexStatusLabel.setText(ERROR_GETTING_INDEX_STATUS_TEXT); hashDbIndexStatusLabel.setForeground(Color.red); indexButton.setText(NbBundle.getMessage(this.getClass(), "HashDbConfigPanel.indexButtonText.index")); @@ -299,7 +299,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan } @Override - @Messages({"HashLookupSettingsPanel.saveFail.message=Couldn't save hash db settings.", + @Messages({"HashLookupSettingsPanel.saveFail.message=Couldn't save hash set settings.", "HashLookupSettingsPanel.saveFail.title=Save Fail"}) public void saveSettings() { // Clear out the list of new central repo hash sets. They don't need to be @@ -316,7 +316,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan unindexed.add(hashDatabase); } } catch (TskCoreException ex) { - Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting index info for hash database", ex); //NON-NLS + Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting index info for hash set", ex); //NON-NLS } } } @@ -515,7 +515,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan try { return hashSets.get(rowIndex).isValid(); } catch (TskCoreException ex) { - Logger.getLogger(HashSetTableModel.class.getName()).log(Level.SEVERE, "Error getting index info for hash database", ex); //NON-NLS + Logger.getLogger(HashSetTableModel.class.getName()).log(Level.SEVERE, "Error getting index info for hash set", ex); //NON-NLS return false; } } diff --git a/Core/src/org/sleuthkit/autopsy/report/taggedhashes/AddTaggedHashesToHashDb.java b/Core/src/org/sleuthkit/autopsy/report/taggedhashes/AddTaggedHashesToHashDb.java index 1de1db7eaa..d3560c514c 100644 --- a/Core/src/org/sleuthkit/autopsy/report/taggedhashes/AddTaggedHashesToHashDb.java +++ b/Core/src/org/sleuthkit/autopsy/report/taggedhashes/AddTaggedHashesToHashDb.java @@ -55,7 +55,7 @@ public class AddTaggedHashesToHashDb implements GeneralReportModule { @Override public String getDescription() { - return "Adds hashes of tagged files to a hash database."; + return "Adds hashes of tagged files to a hash set."; } @Override @@ -92,17 +92,17 @@ public class AddTaggedHashesToHashDb implements GeneralReportModule { try { hashSet.addHashes(tag.getContent(), Case.getCurrentCase().getDisplayName()); } catch (TskCoreException ex) { - Logger.getLogger(AddTaggedHashesToHashDb.class.getName()).log(Level.SEVERE, "Error adding hash for obj_id = " + tag.getContent().getId() + " to hash database " + hashSet.getHashSetName(), ex); + Logger.getLogger(AddTaggedHashesToHashDb.class.getName()).log(Level.SEVERE, "Error adding hash for obj_id = " + tag.getContent().getId() + " to hash set " + hashSet.getHashSetName(), ex); failedExports.add(tag.getContent().getName()); } } else { - JOptionPane.showMessageDialog(null, "Unable to add the " + (tags.size() > 1 ? "files" : "file") + " to the hash database. Hashes have not been calculated. Please configure and run an appropriate ingest module.", "Add to Hash Database Error", JOptionPane.ERROR_MESSAGE); + JOptionPane.showMessageDialog(null, "Unable to add the " + (tags.size() > 1 ? "files" : "file") + " to the hash set. Hashes have not been calculated. Please configure and run an appropriate ingest module.", "Add to Hash Set Error", JOptionPane.ERROR_MESSAGE); break; } } } } catch (TskCoreException ex) { - Logger.getLogger(AddTaggedHashesToHashDb.class.getName()).log(Level.SEVERE, "Error adding to hash database", ex); + Logger.getLogger(AddTaggedHashesToHashDb.class.getName()).log(Level.SEVERE, "Error adding to hash set", ex); JOptionPane.showMessageDialog(null, "Error getting selected tags for case.", "Hash Export Error", JOptionPane.ERROR_MESSAGE); } } diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/configuration/SharedConfiguration.java b/Experimental/src/org/sleuthkit/autopsy/experimental/configuration/SharedConfiguration.java index 1720b4b647..860019238b 100644 --- a/Experimental/src/org/sleuthkit/autopsy/experimental/configuration/SharedConfiguration.java +++ b/Experimental/src/org/sleuthkit/autopsy/experimental/configuration/SharedConfiguration.java @@ -876,7 +876,7 @@ public class SharedConfiguration { if (!sharedDbPath.exists()) { if (!sharedDbPath.mkdirs()) { - throw new SharedConfigurationException("Error creating shared hash database directory " + sharedDbPath.getAbsolutePath()); + throw new SharedConfigurationException("Error creating shared hash set directory " + sharedDbPath.getAbsolutePath()); } } @@ -1010,7 +1010,7 @@ public class SharedConfiguration { if (!localDb.getParentFile().exists()) { if (!localDb.getParentFile().mkdirs()) { - throw new SharedConfigurationException("Error creating hash database directory " + localDb.getParentFile().getAbsolutePath()); + throw new SharedConfigurationException("Error creating hash set directory " + localDb.getParentFile().getAbsolutePath()); } } @@ -1025,7 +1025,7 @@ public class SharedConfiguration { break; } } catch (TskCoreException ex) { - throw new SharedConfigurationException(String.format("Error getting hash database path info for %s", localDb.getParentFile().getAbsolutePath()), ex); + throw new SharedConfigurationException(String.format("Error getting hash set path info for %s", localDb.getParentFile().getAbsolutePath()), ex); } } @@ -1033,7 +1033,7 @@ public class SharedConfiguration { try { HashDbManager.getInstance().removeHashDatabase(matchingDb); } catch (HashDbManager.HashDbManagerException ex) { - throw new SharedConfigurationException(String.format("Error updating hash database info for %s", localDb.getAbsolutePath()), ex); + throw new SharedConfigurationException(String.format("Error updating hash set info for %s", localDb.getAbsolutePath()), ex); } } @@ -1130,7 +1130,7 @@ public class SharedConfiguration { } } } catch (TskCoreException ex) { - throw new SharedConfigurationException("Unable to read hash databases", ex); + throw new SharedConfigurationException("Unable to read hash sets", ex); } return results; } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties index 8be786efda..9b99148f1e 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties @@ -229,7 +229,7 @@ KeywordSearchGlobalSearchSettingsPanel.timeRadioButton1.text=20 minutes (slowest KeywordSearchGlobalSearchSettingsPanel.timeRadioButton2.toolTipText=10 minutes (faster overall ingest time than default) KeywordSearchGlobalSearchSettingsPanel.timeRadioButton2.text=10 minutes (slower feedback, faster ingest) KeywordSearchGlobalSearchSettingsPanel.frequencyLabel.text=Results update frequency during ingest: -KeywordSearchGlobalSearchSettingsPanel.skipNSRLCheckBox.toolTipText=Requires Hash DB service to had run previously, or be selected for next ingest. +KeywordSearchGlobalSearchSettingsPanel.skipNSRLCheckBox.toolTipText=Requires Hash Set service to had run previously, or be selected for next ingest. KeywordSearchGlobalSearchSettingsPanel.skipNSRLCheckBox.text=Do not add files in NSRL (known files) to keyword index during ingest KeywordSearchGlobalSearchSettingsPanel.informationLabel.text=Information KeywordSearchGlobalSearchSettingsPanel.settingsLabel.text=Settings diff --git a/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java b/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java index c716081672..d1860120a6 100644 --- a/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java +++ b/Testing/src/org/sleuthkit/autopsy/testing/AutopsyTestCases.java @@ -208,7 +208,7 @@ public class AutopsyTestCases { databases.stream().map((database) -> { JButtonOperator importButtonOperator = new JButtonOperator(hashMainDialogOperator, "Import"); importButtonOperator.pushNoBlock(); - JDialog addDatabaseDialog = JDialogOperator.waitJDialog("Import Hash Database", false, false); + JDialog addDatabaseDialog = JDialogOperator.waitJDialog("Import Hash Set", false, false); JDialogOperator addDatabaseDialogOperator = new JDialogOperator(addDatabaseDialog); JButtonOperator browseButtonOperator = new JButtonOperator(addDatabaseDialogOperator, "Open...", 0); browseButtonOperator.pushNoBlock(); From 54627154ee6aaa20b20445db491aff75c8b88c17 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 2 Feb 2018 12:25:37 -0500 Subject: [PATCH 15/33] Initial checkin. --- .../hashdatabase/HashLookupSettingsPanel.java | 50 ++++++++++++------- 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java index 1adb75594d..d122911d7f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011 - 2015 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -301,7 +301,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan @Override @Messages({"HashLookupSettingsPanel.saveFail.message=Couldn't save hash db settings.", "HashLookupSettingsPanel.saveFail.title=Save Fail"}) - public void saveSettings() { + public void saveSettings() { // Clear out the list of new central repo hash sets. They don't need to be // indexed so will all be saved on both code paths. newReferenceSetIDs.clear(); @@ -399,7 +399,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan * unindexed, along with solutions. This method is related to * ModalNoButtons, to be removed at a later date. * - * @param plural Whether or not there are multiple unindexed databases + * @param plural Whether or not there are multiple unindexed databases * @param unindexed The list of unindexed databases. Can be of size 1. */ private void showInvalidIndex(boolean plural, List unindexed) { @@ -998,24 +998,40 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan } }//GEN-LAST:event_importDatabaseButtonActionPerformed - @Messages({}) + @Messages({ + "HashLookupSettingsPanel.promptTitle.deleteHashDb=Delete Hash Database from Configuration", + "HashLookupSettingsPanel.promptTitle.deleteCentralRepoHashDb=Delete Hash Database", + "HashLookupSettingsPanel.promptMessage.deleteHashDb=This will make the hash database unavailable for lookup. Do you want to proceed?\n\nNote: The hash database can still be re-added later.", + "HashLookupSettingsPanel.promptMessage.deleteCentralRepoHashDb=This will permanently remove the central repository hash database. Do you want to proceed?" + }) private void deleteDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_deleteDatabaseButtonActionPerformed - if (JOptionPane.showConfirmDialog(null, - NbBundle.getMessage(this.getClass(), - "HashDbConfigPanel.deleteDbActionConfirmMsg"), - NbBundle.getMessage(this.getClass(), "HashDbConfigPanel.deleteDbActionMsg"), + HashDb hashDb = ((HashSetTable) hashSetTable).getSelection(); + + if (hashDb == null) { + return; + } + + String dialogTitle; + String dialogMessage; + + if (hashDb instanceof CentralRepoHashSet) { + dialogTitle = Bundle.HashLookupSettingsPanel_promptTitle_deleteCentralRepoHashDb(); + dialogMessage = Bundle.HashLookupSettingsPanel_promptMessage_deleteCentralRepoHashDb(); + } else { + dialogTitle = Bundle.HashLookupSettingsPanel_promptTitle_deleteHashDb(); + dialogMessage = Bundle.HashLookupSettingsPanel_promptMessage_deleteHashDb(); + } + + if (JOptionPane.showConfirmDialog(null, dialogMessage, dialogTitle, JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE) == JOptionPane.YES_OPTION) { - HashDb hashDb = ((HashSetTable) hashSetTable).getSelection(); - if (hashDb != null) { - try { - hashSetManager.removeHashDatabaseNoSave(hashDb); - } catch (HashDbManager.HashDbManagerException ex) { - JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_removeDatabaseFailure_message(hashDb.getHashSetName())); - } - hashSetTableModel.refreshModel(); - firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null); + try { + hashSetManager.removeHashDatabaseNoSave(hashDb); + } catch (HashDbManager.HashDbManagerException ex) { + JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_removeDatabaseFailure_message(hashDb.getHashSetName())); } + hashSetTableModel.refreshModel(); + firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null); } }//GEN-LAST:event_deleteDatabaseButtonActionPerformed From cb99e39c45be30154e907be1c7176e7f0f065a55 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 2 Feb 2018 13:26:07 -0500 Subject: [PATCH 16/33] Simplified logic for retrieving content name. --- .../DeleteFileBlackboardArtifactTagAction.java | 17 +++++------------ .../actions/DeleteFileContentTagAction.java | 16 +++++----------- .../imagegallery/actions/DeleteTagAction.java | 16 +++++----------- 3 files changed, 15 insertions(+), 34 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/actions/DeleteFileBlackboardArtifactTagAction.java b/Core/src/org/sleuthkit/autopsy/actions/DeleteFileBlackboardArtifactTagAction.java index 86696b0c63..dd2108c1fc 100644 --- a/Core/src/org/sleuthkit/autopsy/actions/DeleteFileBlackboardArtifactTagAction.java +++ b/Core/src/org/sleuthkit/autopsy/actions/DeleteFileBlackboardArtifactTagAction.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017 Basis Technology Corp. + * Copyright 2017-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -38,7 +38,6 @@ import org.openide.util.actions.Presenter; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.services.TagsManager; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifactTag; import org.sleuthkit.datamodel.TagName; @@ -54,7 +53,7 @@ import org.sleuthkit.datamodel.TskData; }) public class DeleteFileBlackboardArtifactTagAction extends AbstractAction implements Presenter.Popup { - private static final Logger LOGGER = Logger.getLogger(DeleteFileBlackboardArtifactTagAction.class.getName()); + private static final Logger logger = Logger.getLogger(DeleteFileBlackboardArtifactTagAction.class.getName()); private static final long serialVersionUID = 1L; private static final String MENU_TEXT = NbBundle.getMessage(DeleteFileBlackboardArtifactTagAction.class, @@ -98,17 +97,11 @@ public class DeleteFileBlackboardArtifactTagAction extends AbstractAction implem protected Void doInBackground() throws Exception { TagsManager tagsManager = Case.getCurrentCase().getServices().getTagsManager(); - // Pull the from the global context to avoid unnecessary calls - // to the database. - final Collection selectedFilesList - = new HashSet<>(Utilities.actionsGlobalContext().lookupAll(AbstractFile.class)); - AbstractFile file = selectedFilesList.iterator().next(); - try { - LOGGER.log(Level.INFO, "Removing tag {0} from {1}", new Object[]{tagName.getDisplayName(), file.getName()}); //NON-NLS + logger.log(Level.INFO, "Removing tag {0} from {1}", new Object[]{tagName.getDisplayName(), artifactTag.getContent().getName()}); //NON-NLS tagsManager.deleteBlackboardArtifactTag(artifactTag); } catch (TskCoreException tskCoreException) { - LOGGER.log(Level.SEVERE, "Error untagging artifact", tskCoreException); //NON-NLS + logger.log(Level.SEVERE, "Error untagging artifact", tskCoreException); //NON-NLS Platform.runLater(() -> new Alert(Alert.AlertType.ERROR, Bundle.DeleteFileBlackboardArtifactTagAction_deleteTag_alert(artifactId)).show() ); @@ -122,7 +115,7 @@ public class DeleteFileBlackboardArtifactTagAction extends AbstractAction implem try { get(); } catch (InterruptedException | ExecutionException ex) { - LOGGER.log(Level.SEVERE, "Unexpected exception while untagging artifact", ex); //NON-NLS + logger.log(Level.SEVERE, "Unexpected exception while untagging artifact", ex); //NON-NLS } } }.execute(); diff --git a/Core/src/org/sleuthkit/autopsy/actions/DeleteFileContentTagAction.java b/Core/src/org/sleuthkit/autopsy/actions/DeleteFileContentTagAction.java index 5c8d4abb74..c11ffd39fa 100644 --- a/Core/src/org/sleuthkit/autopsy/actions/DeleteFileContentTagAction.java +++ b/Core/src/org/sleuthkit/autopsy/actions/DeleteFileContentTagAction.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017 Basis Technology Corp. + * Copyright 2017-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -52,7 +52,7 @@ import org.sleuthkit.datamodel.TskData; }) public class DeleteFileContentTagAction extends AbstractAction implements Presenter.Popup { - private static final Logger LOGGER = Logger.getLogger(DeleteFileContentTagAction.class.getName()); + private static final Logger logger = Logger.getLogger(DeleteFileContentTagAction.class.getName()); private static final long serialVersionUID = 1L; private static final String MENU_TEXT = NbBundle.getMessage(DeleteFileContentTagAction.class, @@ -97,17 +97,11 @@ public class DeleteFileContentTagAction extends AbstractAction implements Presen protected Void doInBackground() throws Exception { TagsManager tagsManager = Case.getCurrentCase().getServices().getTagsManager(); - // Pull the from the global context to avoid unnecessary calls - // to the database. - final Collection selectedFilesList = - new HashSet<>(Utilities.actionsGlobalContext().lookupAll(AbstractFile.class)); - AbstractFile file = selectedFilesList.iterator().next(); - try { - LOGGER.log(Level.INFO, "Removing tag {0} from {1}", new Object[]{tagName.getDisplayName(), file.getName()}); //NON-NLS + logger.log(Level.INFO, "Removing tag {0} from {1}", new Object[]{tagName.getDisplayName(), contentTag.getContent().getName()}); //NON-NLS tagsManager.deleteContentTag(contentTag); } catch (TskCoreException tskCoreException) { - LOGGER.log(Level.SEVERE, "Error untagging file", tskCoreException); //NON-NLS + logger.log(Level.SEVERE, "Error untagging file", tskCoreException); //NON-NLS Platform.runLater(() -> new Alert(Alert.AlertType.ERROR, Bundle.DeleteFileContentTagAction_deleteTag_alert(fileId)).show() ); @@ -121,7 +115,7 @@ public class DeleteFileContentTagAction extends AbstractAction implements Presen try { get(); } catch (InterruptedException | ExecutionException ex) { - LOGGER.log(Level.SEVERE, "Unexpected exception while untagging file", ex); //NON-NLS + logger.log(Level.SEVERE, "Unexpected exception while untagging file", ex); //NON-NLS } } }.execute(); diff --git a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/actions/DeleteTagAction.java b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/actions/DeleteTagAction.java index a21d163fdc..40451e8443 100644 --- a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/actions/DeleteTagAction.java +++ b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/actions/DeleteTagAction.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2017 Basis Technology Corp. + * Copyright 2017-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -51,7 +51,7 @@ import org.sleuthkit.datamodel.TskData; */ public class DeleteTagAction extends Action { - private static final Logger LOGGER = Logger.getLogger(DeleteTagAction.class.getName()); + private static final Logger logger = Logger.getLogger(DeleteTagAction.class.getName()); private final ImageGalleryController controller; private final long fileId; @@ -83,17 +83,11 @@ public class DeleteTagAction extends Action { protected Void doInBackground() throws Exception { DrawableTagsManager tagsManager = controller.getTagsManager(); - // Pull the from the global context to avoid unnecessary calls - // to the database. - final Collection selectedFilesList - = new HashSet<>(Utilities.actionsGlobalContext().lookupAll(AbstractFile.class)); - AbstractFile file = selectedFilesList.iterator().next(); - try { - LOGGER.log(Level.INFO, "Removing tag {0} from {1}", new Object[]{tagName.getDisplayName(), file.getName()}); //NON-NLS + logger.log(Level.INFO, "Removing tag {0} from {1}", new Object[]{tagName.getDisplayName(), contentTag.getContent().getName()}); //NON-NLS tagsManager.deleteContentTag(contentTag); } catch (TskCoreException tskCoreException) { - LOGGER.log(Level.SEVERE, "Error untagging file", tskCoreException); //NON-NLS + logger.log(Level.SEVERE, "Error untagging file", tskCoreException); //NON-NLS Platform.runLater(() -> new Alert(Alert.AlertType.ERROR, Bundle.DeleteDrawableTagAction_deleteTag_alert(fileId)).show() ); @@ -107,7 +101,7 @@ public class DeleteTagAction extends Action { try { get(); } catch (InterruptedException | ExecutionException ex) { - LOGGER.log(Level.SEVERE, "Unexpected exception while untagging file", ex); //NON-NLS + logger.log(Level.SEVERE, "Unexpected exception while untagging file", ex); //NON-NLS } } }.execute(); From b4705d2aaa14477a810a456c3159aabf11062fd2 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 2 Feb 2018 13:46:47 -0500 Subject: [PATCH 17/33] Modified hash database removal prompt. --- .../modules/hashdatabase/Bundle.properties | 2 - .../modules/hashdatabase/Bundle_ja.properties | 2 - .../hashdatabase/HashLookupSettingsPanel.java | 40 ++++++------------- 3 files changed, 13 insertions(+), 31 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties index 7e4b10fc5d..9c402d98d4 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties @@ -68,8 +68,6 @@ HashDbConfigPanel.unindexedDbsMsg=Unindexed databases HashDbConfigPanel.allUnindexedDbsRmFromListMsg=All unindexed databases will be removed from the list HashDbConfigPanel.nameColLbl=Name HashDbConfigPanel.editingCellsNotSupportedMsg=Editing of cells is not supported -HashDbConfigPanel.deleteDbActionConfirmMsg=This will remove the hash database for all cases. Do you want to proceed? -HashDbConfigPanel.deleteDbActionMsg=Delete Hash Database from Configuration HashDbCreateDatabaseDialog.defaultFileName=hashset HashDbCreateDatabaseDialog.createHashDbMsg=Create Hash Database HashDbCreateDatabaseDialog.hashDbMustHaveFileExtensionMsg=The hash database file must have a .{0} extension. diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle_ja.properties index 983b48e2a7..828b027bdb 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle_ja.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle_ja.properties @@ -58,8 +58,6 @@ HashDbConfigPanel.unindexedDbsMsg=\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u5316\u30 HashDbConfigPanel.allUnindexedDbsRmFromListMsg=\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u5316\u3055\u308c\u3066\u3044\u306a\u3044\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306f\u30ea\u30b9\u30c8\u304b\u3089\u524a\u9664\u3055\u308c\u307e\u3059 HashDbConfigPanel.nameColLbl=\u540d\u524d HashDbConfigPanel.editingCellsNotSupportedMsg=\u30bb\u30eb\u306f\u7de8\u96c6\u4e0d\u53ef\u3067\u3059 -HashDbConfigPanel.deleteDbActionConfirmMsg=\u5168\u3066\u306e\u30b1\u30fc\u30b9\u306b\u304a\u3051\u308b\u30cf\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u524a\u9664\u3057\u307e\u3059\u3002\u5b9f\u884c\u3057\u307e\u3059\u304b\uff1f -HashDbConfigPanel.deleteDbActionMsg=\u8a2d\u5b9a\u304b\u3089\u30cf\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u524a\u9664 HashDbCreateDatabaseDialog.createHashDbMsg=\u30cf\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u4f5c\u6210 HashDbCreateDatabaseDialog.hashDbMustHaveFileExtensionMsg=\u30cf\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb\u306f .{0} \u306e\u62e1\u5f35\u5b50\u304c\u5fc5\u8981\u3067\u3059\u3002 HashDbCreateDatabaseDialog.fileNameErr=\u30d5\u30a1\u30a4\u30eb\u540d\u30a8\u30e9\u30fc diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java index d122911d7f..d0530bb2f9 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java @@ -1000,38 +1000,24 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan @Messages({ "HashLookupSettingsPanel.promptTitle.deleteHashDb=Delete Hash Database from Configuration", - "HashLookupSettingsPanel.promptTitle.deleteCentralRepoHashDb=Delete Hash Database", - "HashLookupSettingsPanel.promptMessage.deleteHashDb=This will make the hash database unavailable for lookup. Do you want to proceed?\n\nNote: The hash database can still be re-added later.", - "HashLookupSettingsPanel.promptMessage.deleteCentralRepoHashDb=This will permanently remove the central repository hash database. Do you want to proceed?" + "HashLookupSettingsPanel.promptMessage.deleteHashDb=This will make the hash database unavailable for lookup. Do you want to proceed?\n\nNote: The hash database can still be re-imported later." }) private void deleteDatabaseButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_deleteDatabaseButtonActionPerformed - HashDb hashDb = ((HashSetTable) hashSetTable).getSelection(); - - if (hashDb == null) { - return; - } - - String dialogTitle; - String dialogMessage; - - if (hashDb instanceof CentralRepoHashSet) { - dialogTitle = Bundle.HashLookupSettingsPanel_promptTitle_deleteCentralRepoHashDb(); - dialogMessage = Bundle.HashLookupSettingsPanel_promptMessage_deleteCentralRepoHashDb(); - } else { - dialogTitle = Bundle.HashLookupSettingsPanel_promptTitle_deleteHashDb(); - dialogMessage = Bundle.HashLookupSettingsPanel_promptMessage_deleteHashDb(); - } - - if (JOptionPane.showConfirmDialog(null, dialogMessage, dialogTitle, + if (JOptionPane.showConfirmDialog(null, + Bundle.HashLookupSettingsPanel_promptMessage_deleteHashDb(), + Bundle.HashLookupSettingsPanel_promptTitle_deleteHashDb(), JOptionPane.YES_NO_OPTION, JOptionPane.WARNING_MESSAGE) == JOptionPane.YES_OPTION) { - try { - hashSetManager.removeHashDatabaseNoSave(hashDb); - } catch (HashDbManager.HashDbManagerException ex) { - JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_removeDatabaseFailure_message(hashDb.getHashSetName())); + HashDb hashDb = ((HashSetTable) hashSetTable).getSelection(); + if (hashDb != null) { + try { + hashSetManager.removeHashDatabaseNoSave(hashDb); + } catch (HashDbManager.HashDbManagerException ex) { + JOptionPane.showMessageDialog(null, Bundle.HashLookupSettingsPanel_removeDatabaseFailure_message(hashDb.getHashSetName())); + } + hashSetTableModel.refreshModel(); + firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null); } - hashSetTableModel.refreshModel(); - firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null); } }//GEN-LAST:event_deleteDatabaseButtonActionPerformed From 0dc530427baad99390c18ce4ea9bf3890d94f5c1 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\zhaohui" Date: Fri, 2 Feb 2018 17:06:37 -0500 Subject: [PATCH 18/33] 3281: More updates of the name Hash set replacing hash database --- .../optionspanel/Bundle.properties | 8 +- .../AddContentToHashDbAction.java | 2 +- .../modules/hashdatabase/Bundle.properties | 86 +++++++++---------- .../HashDbImportDatabaseDialog.java | 2 +- .../modules/hashdatabase/HashDbManager.java | 12 +-- .../hashdatabase/HashLookupSettings.java | 2 +- .../hashdatabase/HashLookupSettingsPanel.java | 4 +- .../hashdatabase/KdbHashSetParser.java | 8 +- 8 files changed, 62 insertions(+), 62 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties b/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties index 5864aca9d3..9faba7a7b3 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/optionspanel/Bundle.properties @@ -17,10 +17,10 @@ EamSqliteSettingsDialog.bnDatabasePathFileOpen.text=Browse... EamSqliteSettingsDialog.tfDatabasePath.toolTipText=Filename and path to store SQLite db file EamSqliteSettingsDialog.tfDatabasePath.text= EamSqliteSettingsDialog.lbDatabasePath.text=Database Path : -ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this database -ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Database Version Number -ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this database -ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Database Version Number +ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this hash set +ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash Set Version Number +ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this hash set +ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash Set Version Number GlobalSettingsPanel.tbOops.text= GlobalSettingsPanel.lbDatabaseSettings.text=Database Settings GlobalSettingsPanel.bnImportDatabase.label=Import Hash Set diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java index bad70c82ae..6488661987 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/AddContentToHashDbAction.java @@ -149,7 +149,7 @@ final class AddContentToHashDbAction extends AbstractAction implements Presenter if (null != md5Hash) { // don't let them add the hash for an empty file to the DB if (HashUtility.isNoDataMd5(md5Hash)) { //NON-NLS - Logger.getLogger(AddContentToHashDbAction.class.getName()).log(Level.INFO, "Not adding " + file.getName() + " to database (empty content)"); //NON-NLS + Logger.getLogger(AddContentToHashDbAction.class.getName()).log(Level.INFO, "Not adding " + file.getName() + " to hash set (empty content)"); //NON-NLS JOptionPane.showMessageDialog(null, NbBundle.getMessage(this.getClass(), "AddContentToHashDbAction.addFilesToHashSet.unableToAddFileEmptyMsg", diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties index b9c1df8c9a..3e2947afb8 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties @@ -1,7 +1,7 @@ OpenIDE-Module-Display-Category=Ingest Module OpenIDE-Module-Long-Description=\ Hash Set ingest module. \n\n\ - The ingest module analyzes files in the disk image and marks them as "known" (based on NSRL database lookup for "known" files) and "bad / interesting" (based on one or more databases supplied by the user).\n\n\ + The ingest module analyzes files in the disk image and marks them as "known" (based on NSRL hashset lookup for "known" files) and "bad / interesting" (based on one or more hash sets supplied by the user).\n\n\ The module also contains additional non-ingest tools that are integrated in the GUI, such as file lookup by hash and hash set configuration. OpenIDE-Module-Name=HashDatabases OptionsCategory_Name_HashDatabase=Hash Sets @@ -20,7 +20,7 @@ OpenIDE-Module-Short-Description=Hash Set Ingest Module and hash set tools HashDbImportDatabaseDialog.jLabel1.text=Name: HashDbImportDatabaseDialog.databasePathTextField.text= HashDbImportDatabaseDialog.knownBadRadioButton.text=Notable -HashDbImportDatabaseDialog.jLabel2.text=Type of database\: +HashDbImportDatabaseDialog.jLabel2.text=Type of hash set\: HashDbImportDatabaseDialog.okButton.text=OK HashDbImportDatabaseDialog.cancelButton.text=Cancel HashDbCreateDatabaseDialog.jLabel2.text=Type: @@ -34,7 +34,7 @@ HashDbImportDatabaseDialog.knownRadioButton.text=Known (NSRL or other) HashDbCreateDatabaseDialog.knownRadioButton.text=Known HashDbCreateDatabaseDialog.saveAsButton.text=Save As... HashDbCreateDatabaseDialog.hashSetNameTextField.text= -HashDbImportDatabaseDialog.jLabel3.text=Database Path: +HashDbImportDatabaseDialog.jLabel3.text=Hash set Path: HashDbCreateDatabaseDialog.sendIngestMessagesCheckbox.text=Send ingest inbox messages for each hit HashDbImportDatabaseDialog.sendIngestMessagesCheckbox.text=Send ingest inbox message for each hit HashDbImportDatabaseDialog.hashSetNameTextField.text= @@ -52,7 +52,7 @@ AddContentToHashDbAction.addFilesToHashSet.unableToAddFileEmptyMsg=Unable to add AddContentToHashDbAction.addFilesToHashSet.unableToAddFileSzMsg=Unable to add the {0} to the hash set. Hashes have not been calculated. Please configure and run an appropriate ingest module. HashDatabaseOptionsPanelController.moduleErr=Module Error HashDatabaseOptionsPanelController.moduleErrMsg=A module caused an error listening to HashDatabaseOptionsPanelController updates. See log to determine which module. Some data could be incomplete. -HashDbConfigPanel.noSelectionText=No database selected +HashDbConfigPanel.noSelectionText= HashDbConfigPanel.errorGettingPathText=Error occurred getting path HashDbConfigPanel.errorGettingIndexStatusText=Error occurred getting status HashDbConfigPanel.indexButtonText.index=Index @@ -62,10 +62,10 @@ HashDbConfigPanel.indexStatusText.indexOnly=Index only HashDbConfigPanel.indexStatusText.indexed=Indexed HashDbConfigPanel.indexButtonText.reIndex=Re-Index HashDbConfigPanel.indexStatusText.noIndex=No index -HashDbConfigPanel.dbsNotIndexedMsg=The following databases are not indexed, would you like to index them now? \n {0} -HashDbConfigPanel.dbNotIndexedMsg=The following database is not indexed, would you like to index it now? \n{0} -HashDbConfigPanel.unindexedDbsMsg=Unindexed databases -HashDbConfigPanel.allUnindexedDbsRmFromListMsg=All unindexed databases will be removed from the list +HashDbConfigPanel.dbsNotIndexedMsg=The following hash sets are not indexed, would you like to index them now? \n {0} +HashDbConfigPanel.dbNotIndexedMsg=The following hash set is not indexed, would you like to index it now? \n{0} +HashDbConfigPanel.unindexedDbsMsg=Unindexed hash sets +HashDbConfigPanel.allUnindexedDbsRmFromListMsg=All unindexed hashsets will be removed from the list HashDbConfigPanel.nameColLbl=Name HashDbConfigPanel.editingCellsNotSupportedMsg=Editing of cells is not supported HashDbConfigPanel.deleteDbActionConfirmMsg=This will remove the hash set for all cases. Do you want to proceed? @@ -78,19 +78,19 @@ HashDbCreateDatabaseDialog.fileNameAlreadyExistsMsg=A file with this name alread HashDbCreateDatabaseDialog.fileExistsErr=File Already Exists Error HashDbCreateDatabaseDialog.mustEnterHashSetNameMsg=A hash set name must be entered. HashDbCreateDatabaseDialog.createHashDbErr=Create Hash Set Error -HashDbCreateDatabaseDialog.mustEnterHashDbPathMsg=A database path must be entered. +HashDbCreateDatabaseDialog.mustEnterHashDbPathMsg=A hash set path must be entered. HashDbCreateDatabaseDialog.errMsg.hashDbCreationErr=Hash set creation error HashDbCreateDatabaseDialog.cannotCreateFileAtLocMsg=Cannot create a hash set file at the selected location. HashDbCreateDatabaseDialog.failedToCreateHashDbMsg=Failed to create the hash set. HashDbImportDatabaseDialog.importHashDbMsg=Import Hash Set HashDbImportDatabaseDialog.fileNameExtFilter.text=Hash Set File -HashDbImportDatabaseDialog.failedToGetDbPathMsg=Failed to get the path of the selected database. +HashDbImportDatabaseDialog.failedToGetDbPathMsg=Failed to get the path of the selected hash set. HashDbImportDatabaseDialog.importHashDbErr=Import Hash Set Error HashDbImportDatabaseDialog.mustSelectHashDbFilePathMsg=A hash set file path must be selected. HashDbImportDatabaseDialog.hashDbDoesNotExistMsg=The selected hash set does not exist. HashDbImportDatabaseDialog.errorMessage.failedToOpenHashDbMsg=Failed to open hash set at {0}. HashDbIngestModule.moduleName=Hash Lookup -HashDbIngestModule.moduleDescription=Identifies known and notable files using supplied hash sets, such as a standard NSRL database. +HashDbIngestModule.moduleDescription=Identifies known and notable files using supplied hash sets, such as a standard NSRL hash set. HashDbIngestModule.fileReadErrorMsg=Read Error\: {0} HashDbIngestModule.calcHashValueErr=Error encountered while calculating the hash value for {0}. HashDbIngestModule.hashLookupErrorMsg=Hash Lookup Error\: {0} @@ -104,7 +104,7 @@ HashDbIngestModule.postToBB.knownBadMsg=Notable\: {0} HashDbIngestModule.complete.knownBadsFound=Notables found\: HashDbIngestModule.complete.totalCalcTime=Total Calculation Time HashDbIngestModule.complete.totalLookupTime=Total Lookup Time -HashDbIngestModule.complete.databasesUsed=Databases Used\: +HashDbIngestModule.complete.databasesUsed=Hash sets Used\: HashDbIngestModule.complete.hashLookupResults=Hash Lookup Results HashDbManager.moduleErrorListeningToUpdatesMsg=A module caused an error listening to HashDbManager updates. See log to determine which module. Some data could be incomplete. HashDbManager.replacingDuplicateHashsetNameMsg=Duplicate hash set name {0} found.\nReplacing with {1}. @@ -113,8 +113,8 @@ HashDbManager.unableToOpenHashDbMsg=Unable to open {0} hash set. HashDbManager.savedBackupOfOldConfigMsg={0}\nA backup copy of the old configuration has been saved as\n{1} HashDbManager.baseMessage.updatedFormatHashDbConfig=The format of the hash set configuration file has been updated. HashDbManager.msgBoxTitle.confFileFmtChanged=Configuration File Format Changed -HashDbManager.dlgMsg.dbNotFoundAtLoc=Database {0} could not be found at location\n{1}\nWould you like to search for the file? -HashDbManager.dlgTitle.MissingDb=Missing Database +HashDbManager.dlgMsg.dbNotFoundAtLoc=Hash set {0} could not be found at location\n{1}\nWould you like to search for the file? +HashDbManager.dlgTitle.MissingDb=Missing Hash set HashDbManager.progress.indexingHashSet=Indexing {0} HashDbManager.dlgMsg.errorIndexingHashSet=Error indexing {0} hash set. HashDbManager.hashDbIndexingErr=Hash Set Indexing Error @@ -130,14 +130,14 @@ HashDbSearchPanel.errorText.invalidMD5HashMsg=Error\: That is not a valid MD5 ha HashDbSearchThread.progress.cancellingSearch={0} (Cancelling...) HashDbSearchThread.name.searching=Searching HashDbSearchThread.noMoreFilesWithMD5Msg=No other files with the same MD5 hash were found. -ModalNoButtons.indexingDbsTitle=Indexing databases -ModalNoButtons.indexingDbTitle=Indexing database +ModalNoButtons.indexingDbsTitle=Indexing hash sets +ModalNoButtons.indexingDbTitle=Indexing hash set ModalNoButtons.exitHashDbIndexingMsg=You are about to exit out of indexing your hash sets. \n\ The generated index will be left unusable. If you choose to continue,\n\ please delete the corresponding -md5.idx file in the hash folder.\n\ Exit indexing? ModalNoButtons.dlgTitle.unfinishedIndexing=Unfinished Indexing -ModalNoButtons.indexThis.currentlyIndexing1Db=Currently indexing 1 database +ModalNoButtons.indexThis.currentlyIndexing1Db=Currently indexing 1 hash set ModalNoButtons.indexThese.currentlyIndexing1OfNDbs=Currently indexing 1 of {0} ModalNoButtons.propChg.currentlyIndexingXofN=Currently indexing {0} of {1} HashDbManager.duplicateHashSetNameExceptionMsg=The hash set name ''{0}'' has already been used for another hash set. @@ -156,7 +156,7 @@ AddContentToHashDbAction.singleSelectionName=Add file to hash set AddContentToHashDbAction.multipleSelectionName=Add files to hash set HashDbManager.ingestRunningExceptionMsg=Ingest is ongoing; this service will be unavailable until it finishes. HashDbManager.saveErrorExceptionMsg=Error saving hash configuration -HashLookupSettingsPanel.jButton3.text=Import Database +HashLookupSettingsPanel.jButton3.text=Import Hash set HashLookupSettingsPanel.jLabel6.text=Type: HashLookupSettingsPanel.jLabel4.text=Location: HashLookupSettingsPanel.jLabel2.text=Name: @@ -171,15 +171,15 @@ HashLookupModuleFactory.getIngestJobSettingsPanel.exception.msg=Expected setting HashLookupModuleFactory.createFileIngestModule.exception.msg=Expected settings argument to be instanceof HashLookupModuleSettings HashLookupModuleSettingsPanel.alwaysCalcHashesCheckbox.toolTipText=Calculate MD5 even if no hash set is selected HashDbSearchPanel.hashTable.defaultModel.title.text=MD5 Hashes -AddHashValuesToDatabaseDialog.JDialog.Title=Add Hashes to Database +AddHashValuesToDatabaseDialog.JDialog.Title=Add Hashes to Hash set AddHashValuesToDatabaseDialog.instructionLabel.text_1=Paste MD5 hash values (one per line) below: AddHashValuesToDatabaseDialog.cancelButton.text_2=Cancel -AddHashValuesToDatabaseDialog.AddValuesToHashDatabaseButton.text_2=Add Hashes to Database +AddHashValuesToDatabaseDialog.AddValuesToHashDatabaseButton.text_2=Add Hashes to Hash set AddHashValuesToDatabaseDialog.pasteFromClipboardButton.text_2=Paste From Clipboard AddHashValuesToDatabaseProgressDialog.okButton.text=OK AddHashValuesToDatabaseProgressDialog.statusLabel.text=status -AddHashValuesToDatabaseProgressDialog.title=Add Hashes to Database Progress -AddHashValuesToDatabaseDialog.title=Add Hashes to Database +AddHashValuesToDatabaseProgressDialog.title=Add Hashes to Hash set Progress +AddHashValuesToDatabaseDialog.title=Add Hashes to Hash set AddHashValuesToDatabaseProgressDialog.showErrorsButton.text=Show Errors AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.parsing=Parsing text for MD5 hashes... AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.invalidHash=The input contains invalid hash. @@ -187,47 +187,47 @@ AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.invaliHash.msg=Inv AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.noHashesToAdd=There are no hashes to add. AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.success={0} Hashes added successfully. AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.errorAddingValidHash=There is an error adding valid hashes. -AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.errorAddingValidHash.msg=Error adding valid hashes to the database: +AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.errorAddingValidHash.msg=Error adding valid hashes to the hash set: HashLookupSettingsPanel.ingestWarningLabel.text=Ingest is ongoing, some settings will be unavailable until it finishes. -HashLookupSettingsPanel.addHashesToDatabaseButton.text=Add Hashes to Database -HashLookupSettingsPanel.indexPathLabel.text=No database selected +HashLookupSettingsPanel.addHashesToDatabaseButton.text=Add Hashes to Hash set +HashLookupSettingsPanel.indexPathLabel.text= HashLookupSettingsPanel.indexPathLabelLabel.text=Index Path: HashLookupSettingsPanel.createDatabaseButton.toolTipText= -HashLookupSettingsPanel.createDatabaseButton.text=New database +HashLookupSettingsPanel.createDatabaseButton.text=New hash set HashLookupSettingsPanel.optionsLabel.text=Options HashLookupSettingsPanel.informationLabel.text=Information HashLookupSettingsPanel.sendIngestMessagesCheckBox.text=Send ingest inbox message for each hit HashLookupSettingsPanel.indexButton.text=Index HashLookupSettingsPanel.indexLabel.text=Index Status: -HashLookupSettingsPanel.hashDbIndexStatusLabel.text=No database selected -HashLookupSettingsPanel.hashDbTypeLabel.text=No database selected +HashLookupSettingsPanel.hashDbIndexStatusLabel.text= +HashLookupSettingsPanel.hashDbTypeLabel.text= HashLookupSettingsPanel.typeLabel.text=Type: -HashLookupSettingsPanel.locationLabel.text=Database Path: -HashLookupSettingsPanel.hashDbLocationLabel.text=No database selected -HashLookupSettingsPanel.hashDbNameLabel.text=No database selected +HashLookupSettingsPanel.locationLabel.text=Hash set Path: +HashLookupSettingsPanel.hashDbLocationLabel.text= +HashLookupSettingsPanel.hashDbNameLabel.text= HashLookupSettingsPanel.nameLabel.text=Name: HashLookupSettingsPanel.hashDatabasesLabel.text=Hash Sets: HashLookupSettingsPanel.importDatabaseButton.toolTipText= -HashLookupSettingsPanel.importDatabaseButton.text=Import database -HashLookupSettingsPanel.deleteDatabaseButton.text=Delete database -ImportHashDatabaseDialog.lbFilePath.text=Database Path: -ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this database -ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Database Version Number -ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this database -ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Database Version Number +HashLookupSettingsPanel.importDatabaseButton.text=Import hash set +HashLookupSettingsPanel.deleteDatabaseButton.text=Delete hash set +ImportHashDatabaseDialog.lbFilePath.text=Hash set Path: +ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this hash set +ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash set Version Number +ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this hash set +ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash set Version Number ImportCentralRepoDbProgressDialog.lbProgress.text=Starting import... ImportCentralRepoDbProgressDialog.bnOk.text=OK ImportCentralRepoDbProgressDialog.bnCancel.text=Cancel HashLookupSettingsPanel.versionLabel.text_1=Version: -HashLookupSettingsPanel.hashDbVersionLabel.text_1=No database selected +HashLookupSettingsPanel.hashDbVersionLabel.text_1= HashLookupSettingsPanel.orgLabel.text_1=Organization: -HashLookupSettingsPanel.hashDbOrgLabel.text_1=No database selected +HashLookupSettingsPanel.hashDbOrgLabel.text_1= HashLookupSettingsPanel.readOnlyLabel.text_1=Read only: -HashLookupSettingsPanel.hashDbReadOnlyLabel.text_1=No database selected +HashLookupSettingsPanel.hashDbReadOnlyLabel.text_1= ImportCentralRepoDbProgressDialog.jLabel1.text=Importing hash set into the central repository HashDbImportDatabaseDialog.lbVersion.text=Version: HashDbImportDatabaseDialog.lbOrg.text=Source Organization: -HashDbImportDatabaseDialog.readOnlyCheckbox.text=Make database read-only +HashDbImportDatabaseDialog.readOnlyCheckbox.text=Make hash set read-only HashDbImportDatabaseDialog.orgButton.text=Manage Organizations HashDbImportDatabaseDialog.versionTextField.text=1.0 HashDbImportDatabaseDialog.fileTypeRadioButton.text=Local @@ -238,4 +238,4 @@ HashDbCreateDatabaseDialog.fileTypeRadioButton.text=Local HashDbCreateDatabaseDialog.centralRepoRadioButton.text=Remote (Central Repository) HashDbCreateDatabaseDialog.lbOrg.text=Source Organization: HashDbCreateDatabaseDialog.orgButton.text=Manage Organizations -HashDbCreateDatabaseDialog.databasePathLabel.text=Database Path: +HashDbCreateDatabaseDialog.databasePathLabel.text=Hash set Path: diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbImportDatabaseDialog.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbImportDatabaseDialog.java index 0c5d94277b..aff3e7d196 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbImportDatabaseDialog.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbImportDatabaseDialog.java @@ -420,7 +420,7 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog { } ModuleSettings.setConfigSetting(ModuleSettings.MAIN_SETTINGS, LAST_FILE_PATH_KEY, databaseFile.getParent()); } catch (IOException ex) { - Logger.getLogger(HashDbImportDatabaseDialog.class.getName()).log(Level.SEVERE, "Failed to get path of selected database", ex); //NON-NLS + Logger.getLogger(HashDbImportDatabaseDialog.class.getName()).log(Level.SEVERE, "Failed to get path of selected hash set", ex); //NON-NLS JOptionPane.showMessageDialog(this, NbBundle.getMessage(this.getClass(), "HashDbImportDatabaseDialog.failedToGetDbPathMsg")); diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java index 9395f77246..1a43facd7a 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java @@ -276,14 +276,14 @@ public class HashDbManager implements PropertyChangeListener { boolean readOnly) throws TskCoreException{ if(! EamDb.isEnabled()){ - throw new TskCoreException("Could not load central repository database " + hashSetName + " - central repository is not enabled"); + throw new TskCoreException("Could not load central repository hash set " + hashSetName + " - central repository is not enabled"); } CentralRepoHashSet db = new CentralRepoHashSet(hashSetName, version, referenceSetID, searchDuringIngest, sendIngestMessages, knownFilesType, readOnly); if(! db.isValid()){ - throw new TskCoreException("Error finding database " + hashSetName + " in central repository"); + throw new TskCoreException("Error finding hash set " + hashSetName + " in central repository"); } // Add the hash database to the collection @@ -363,7 +363,7 @@ public class HashDbManager implements PropertyChangeListener { hashSetPaths.remove(hashDatabase.getIndexPath()); } } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDatabase.getHashSetName() + " hash set when removing the database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting index path of " + hashDatabase.getHashSetName() + " hash set when removing the hash set", ex); //NON-NLS } try { @@ -371,13 +371,13 @@ public class HashDbManager implements PropertyChangeListener { hashSetPaths.remove(hashDatabase.getDatabasePath()); } } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting database path of " + hashDatabase.getHashSetName() + " hash set when removing the database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error getting hash set path of " + hashDatabase.getHashSetName() + " hash set when removing the hash set", ex); //NON-NLS } try { hashDatabase.close(); } catch (TskCoreException ex) { - Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + hashDb.getHashSetName() + " hash set when removing the database", ex); //NON-NLS + Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error closing " + hashDb.getHashSetName() + " hash set when removing the hash set", ex); //NON-NLS } } @@ -554,7 +554,7 @@ public class HashDbManager implements PropertyChangeListener { * * @param settings The settings to configure. */ - @Messages({"# {0} - database name", "HashDbManager.noDbPath.message=Couldn't get valid database path for: {0}", + @Messages({"# {0} - hash set name", "HashDbManager.noDbPath.message=Couldn't get valid hash set path for: {0}", "HashDbManager.centralRepoLoadError.message=Error loading central repository hash sets"}) private void configureSettings(HashLookupSettings settings) { allDatabasesLoadedCorrectly = true; diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java index 7ba87b1cd3..68bf4a32b2 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java @@ -80,7 +80,7 @@ final class HashLookupSettings implements Serializable { try{ dbInfoList.add(new HashDbInfo(db)); } catch (TskCoreException ex){ - logger.log(Level.SEVERE, "Could not load database settings for {0}", db.getHashSetName()); + logger.log(Level.SEVERE, "Could not load hash set settings for {0}", db.getHashSetName()); } } return dbInfoList; diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java index ac1fb3fef6..5b5a199e2f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettingsPanel.java @@ -175,7 +175,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan try { addHashesToDatabaseButton.setEnabled(!ingestIsRunning && db.isUpdateable()); } catch (TskCoreException ex) { - Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error identifying if the database is updateable.", ex); //NON-NLS + Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error identifying if the hash set is updateable.", ex); //NON-NLS addHashesToDatabaseButton.setEnabled(false); } @@ -192,7 +192,7 @@ public final class HashLookupSettingsPanel extends IngestModuleGlobalSettingsPan try { hashDbLocationLabel.setText(shortenPath(db.getDatabasePath())); } catch (TskCoreException ex) { - Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting database path of " + db.getHashSetName() + " hash set", ex); //NON-NLS + Logger.getLogger(HashLookupSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting hash set path of " + db.getHashSetName() + " hash set", ex); //NON-NLS hashDbLocationLabel.setText(ERROR_GETTING_PATH_TEXT); } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java index 5935784087..94d2724995 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/KdbHashSetParser.java @@ -64,7 +64,7 @@ public class KdbHashSetParser implements HashSetParser { totalHashes = resultSet.getLong("count"); } else { close(); - throw new TskCoreException("Error getting hash count from database " + filename); + throw new TskCoreException("Error getting hash count from hash set " + filename); } // Get the hashes @@ -72,7 +72,7 @@ public class KdbHashSetParser implements HashSetParser { // At this point, getNextHash can read each hash from the result set } catch (ClassNotFoundException | SQLException ex) { - throw new TskCoreException("Error opening/reading database " + filename, ex); + throw new TskCoreException("Error opening/reading hash set " + filename, ex); } } @@ -101,10 +101,10 @@ public class KdbHashSetParser implements HashSetParser { totalHashesRead++; return sb.toString(); } else { - throw new TskCoreException("Could not read expected number of hashes from database " + filename); + throw new TskCoreException("Could not read expected number of hashes from hash set " + filename); } } catch (SQLException ex) { - throw new TskCoreException("Error reading hash from result set for database " + filename, ex); + throw new TskCoreException("Error reading hash from result set for hash set " + filename, ex); } } From 6b82917d4ad459303e15e182f0fcbd6ff4852654 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\zhaohui" Date: Mon, 5 Feb 2018 11:45:51 -0500 Subject: [PATCH 19/33] 3281: One more update from by using 'hash set'. --- .../sleuthkit/autopsy/modules/hashdatabase/Bundle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties index 3e2947afb8..fd6f3222e7 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties @@ -65,7 +65,7 @@ HashDbConfigPanel.indexStatusText.noIndex=No index HashDbConfigPanel.dbsNotIndexedMsg=The following hash sets are not indexed, would you like to index them now? \n {0} HashDbConfigPanel.dbNotIndexedMsg=The following hash set is not indexed, would you like to index it now? \n{0} HashDbConfigPanel.unindexedDbsMsg=Unindexed hash sets -HashDbConfigPanel.allUnindexedDbsRmFromListMsg=All unindexed hashsets will be removed from the list +HashDbConfigPanel.allUnindexedDbsRmFromListMsg=All unindexed hash sets will be removed from the list HashDbConfigPanel.nameColLbl=Name HashDbConfigPanel.editingCellsNotSupportedMsg=Editing of cells is not supported HashDbConfigPanel.deleteDbActionConfirmMsg=This will remove the hash set for all cases. Do you want to proceed? From 144360a886506d0dfff6aef26f610cce0c0a06ef Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Tue, 6 Feb 2018 22:42:49 -0500 Subject: [PATCH 20/33] Revisions. --- .../autopsy/keywordsearch/AccountsText.java | 6 +++--- .../keywordsearch/ExtractedContentPanel.java | 12 ++++++------ .../keywordsearch/ExtractedContentViewer.java | 14 +++++++------- .../autopsy/keywordsearch/HighlightedText.java | 12 ++++++------ .../sleuthkit/autopsy/keywordsearch/RawText.java | 16 ++++++++-------- 5 files changed, 30 insertions(+), 30 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java index 995a267758..4796730565 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java @@ -52,7 +52,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ class AccountsText implements IndexedText { - private static final Logger LOGGER = Logger.getLogger(AccountsText.class.getName()); + private static final Logger logger = Logger.getLogger(AccountsText.class.getName()); private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT); private static final String CCN_REGEX = "(%?)(B?)([0-9][ \\-]*?){12,19}(\\^?)"; @@ -311,8 +311,8 @@ class AccountsText implements IndexedText { // extracted content (minus highlight tags) is HTML-escaped return "
" + highlightedText + "
"; //NON-NLS } catch (Exception ex) { - LOGGER.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + this.solrObjectId + ", chunkID " + this.currentPage, ex); //NON-NLS - return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getText.error.msg"); + logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + this.solrObjectId + ", chunkID " + this.currentPage, ex); //NON-NLS + return Bundle.ExtractedContentViewer_getText_error_msg(); } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java index fd8966e254..d6a81371b2 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-17 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -24,6 +24,7 @@ import java.awt.event.ActionListener; import java.awt.event.ItemEvent; import java.util.ArrayList; import java.util.List; +import java.util.concurrent.CancellationException; import java.util.concurrent.ExecutionException; import java.util.logging.Level; import javax.swing.JTextPane; @@ -648,7 +649,8 @@ class ExtractedContentPanel extends javax.swing.JPanel { } @NbBundle.Messages({ - "ExtractedContentPanel.SetMarkup.error.msg=Error getting text."}) + "ExtractedContentPanel.getText.error=Error getting text." + }) @Override protected void done() { super.done(); @@ -663,11 +665,9 @@ class ExtractedContentPanel extends javax.swing.JPanel { setPanelText("", false); } - } catch (InterruptedException | ExecutionException ex) { + } catch (InterruptedException | CancellationException | ExecutionException ex) { logger.log(Level.SEVERE, "Error getting marked up text", ex); //NON-NLS - setPanelText(NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentPanel.getText.error.msg"), true); - } // catch and ignore if we were cancelled - catch (java.util.concurrent.CancellationException ex) { + setPanelText(Bundle.ExtractedContentPanel_getText_error(), true); } updateControls(source); diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 8f8ae75b8d..624e8c497c 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -57,7 +57,7 @@ import org.sleuthkit.datamodel.TskCoreException; @ServiceProvider(service = DataContentViewer.class, position = 4) public class ExtractedContentViewer implements DataContentViewer { - private static final Logger LOGGER = Logger.getLogger(ExtractedContentViewer.class.getName()); + private static final Logger logger = Logger.getLogger(ExtractedContentViewer.class.getName()); private static final long INVALID_DOCUMENT_ID = 0L; private static final BlackboardAttribute.Type TSK_ASSOCIATED_ARTIFACT_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT); @@ -125,7 +125,7 @@ public class ExtractedContentViewer implements DataContentViewer { // if the artifact is an account artifact, get an account text . highlightedHitText = getAccountsText(content, nodeLookup); } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS + logger.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS } } else if (artifact != null @@ -134,7 +134,7 @@ public class ExtractedContentViewer implements DataContentViewer { //if there is kwh artifact use that to construct the HighlightedText highlightedHitText = new HighlightedText(artifact); } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS + logger.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS } } @@ -158,7 +158,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { rawArtifactText = getRawArtifactText(nodeLookup); } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS + logger.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS } if (rawArtifactText != null) { @@ -295,7 +295,7 @@ public class ExtractedContentViewer implements DataContentViewer { return true; } } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); + logger.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); } } else if (artifactTypeID == TSK_KEYWORD_HIT.getTypeID()) { return true; @@ -359,7 +359,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { return solrServer.queryIsIndexed(objectId); } catch (NoOpenCoreException | KeywordSearchModuleException ex) { - LOGGER.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS + logger.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS return false; } } @@ -393,7 +393,7 @@ public class ExtractedContentViewer implements DataContentViewer { return blackboardAttribute.getValueLong(); } } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS + logger.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS } } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java index 61dfcfcdc8..030519b3da 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java @@ -53,7 +53,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ class HighlightedText implements IndexedText { - private static final Logger LOGGER = Logger.getLogger(HighlightedText.class.getName()); + private static final Logger logger = Logger.getLogger(HighlightedText.class.getName()); private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT); @@ -397,7 +397,7 @@ class HighlightedText implements IndexedText { // either be a single chunk containing hits or we narrow our // query down to the current page/chunk. if (response.getResults().size() > 1) { - LOGGER.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS + logger.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS } String highlightedContent; Map>> responseHighlight = response.getHighlighting(); @@ -423,14 +423,14 @@ class HighlightedText implements IndexedText { return "
" + highlightedContent + "
"; //NON-NLS } catch (TskCoreException | KeywordSearchModuleException | NoOpenCoreException ex) { - LOGGER.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + objectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS - return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getText.error.msg"); + logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + objectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS + return Bundle.ExtractedContentViewer_getText_error(); } } @Override public String toString() { - return NbBundle.getMessage(this.getClass(), "HighlightedMatchesSource.toString"); + return Bundle.HighlightedMatchesSource_toString(); } @Override @@ -467,7 +467,7 @@ class HighlightedText implements IndexedText { */ static String attemptManualHighlighting(SolrDocumentList solrDocumentList, String highlightField, Collection keywords) { if (solrDocumentList.isEmpty()) { - return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "document"); + return Bundle.ExtractedContentViewer_getSolrContent_noTxtYetMsg("document"); } // It doesn't make sense for there to be more than a single document in diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java index dc281ce100..af1d6bc01f 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java @@ -43,7 +43,7 @@ class RawText implements IndexedText { //keep last content cached private String cachedString; private int cachedChunk; - private static final Logger LOGGER = Logger.getLogger(RawText.class.getName()); + private static final Logger logger = Logger.getLogger(RawText.class.getName()); /** * Construct a new RawText object for the given content and object id. This @@ -153,9 +153,9 @@ class RawText implements IndexedText { return getArtifactText(); } } catch (SolrServerException | NoOpenCoreException ex) { - LOGGER.log(Level.SEVERE, "Couldn't get extracted text", ex); //NON-NLS + logger.log(Level.SEVERE, "Couldn't get extracted text", ex); //NON-NLS } - return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewerRawText.getText.error.msg"); + return Bundle.ExtractedContentViewer_getText_error_msg(); } @NbBundle.Messages({ @@ -207,7 +207,7 @@ class RawText implements IndexedText { hasChunks = true; } } catch (KeywordSearchModuleException | NoOpenCoreException ex) { - LOGGER.log(Level.SEVERE, "Could not get number of chunks: ", ex); //NON-NLS + logger.log(Level.SEVERE, "Could not get number of chunks: ", ex); //NON-NLS } } @@ -239,13 +239,13 @@ class RawText implements IndexedText { //we know it's AbstractFile, but do quick check to make sure if we index other objects in future boolean isKnown = TskData.FileKnown.KNOWN.equals(((AbstractFile)content).getKnown()); if (isKnown && KeywordSearchSettings.getSkipKnown()) { - msg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.knownFileMsg", content.getName()); + msg = Bundle.ExtractedContentViewer_getSolrContent_knownFileMsg(content.getName()); } } if(msg == null) { - msg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "file"); + msg = Bundle.ExtractedContentViewer_getSolrContent_noTxtYetMsg("file"); } - String htmlMsg = NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.txtBodyItal", msg); + String htmlMsg = Bundle.ExtractedContentViewer_getSolrContent_txtBodyItal(msg); return htmlMsg; } @@ -284,7 +284,7 @@ class RawText implements IndexedText { private String getArtifactText() throws NoOpenCoreException, SolrServerException{ String indexedText = KeywordSearch.getServer().getSolrContent(this.objectId, 1); if (indexedText == null || indexedText.isEmpty()) { - return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "artifact"); + return Bundle.ExtractedContentViewer_getSolrContent_noTxtYetMsg("artifact"); } indexedText = EscapeUtil.escapeHtml(indexedText).trim(); From a7a2c86ab3758d3dab826510bf0d96707294632e Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 7 Feb 2018 01:31:04 -0500 Subject: [PATCH 21/33] Revisions. --- .../autopsy/keywordsearch/AccountsText.java | 2 +- .../keywordsearch/Bundle_ja.properties | 1 - .../keywordsearch/ExtractedContentViewer.java | 7 --- .../keywordsearch/HighlightedText.java | 25 +++++----- .../autopsy/keywordsearch/IndexedText.java | 10 +++- .../autopsy/keywordsearch/RawText.java | 49 +++++++++++-------- 6 files changed, 51 insertions(+), 43 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java index 4796730565..00d5670151 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/AccountsText.java @@ -312,7 +312,7 @@ class AccountsText implements IndexedText { return "
" + highlightedText + "
"; //NON-NLS } catch (Exception ex) { logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + this.solrObjectId + ", chunkID " + this.currentPage, ex); //NON-NLS - return Bundle.ExtractedContentViewer_getText_error_msg(); + return Bundle.IndexedText_errorMessage_errorGettingText(); } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties index dbaae76b16..2442e5bbc4 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle_ja.properties @@ -199,7 +199,6 @@ KeywordSearchIngestModule.doInBackGround.finalizeMsg=- \u6700\u7d42\u51e6\u7406\ KeywordSearchIngestModule.doInBackGround.pendingMsg=\uff08\u30da\u30f3\u30c7\u30a3\u30f3\u30b0\uff09 SearchRunner.doInBackGround.cancelMsg=\uff08\u30ad\u30e3\u30f3\u30bb\u30eb\u4e2d\u2026\uff09 Server.addDoc.exception.msg2=\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u30cf\u30f3\u30c9\u30e9\u30fc\u3092\u4f7f\u7528\u3057\u307e\u3057\u305f\u304c\u3001\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u306b\u6b21\u306e\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u3092\u8ffd\u52a0\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\uff1a{0} -ExtractedContentViewer.getSolrContent.txtBodyItal={0} KeywordSearchJobSettingsPanel.keywordSearchEncodings.text=- KeywordSearchJobSettingsPanel.languagesValLabel.text=- KeywordSearchJobSettingsPanel.encodingsLabel.text=\u30a8\u30f3\u30b3\u30fc\u30c7\u30a3\u30f3\u30b0\uff1a diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 624e8c497c..b13e1fbca4 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -29,7 +29,6 @@ import java.util.logging.Level; import org.openide.nodes.Node; import org.openide.util.Lookup; import org.openide.util.NbBundle; -import org.openide.util.NbBundle.Messages; import org.openide.util.lookup.ServiceProvider; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer; @@ -48,12 +47,6 @@ import org.sleuthkit.datamodel.TskCoreException; * A content viewer that displays the indexed text associated with a file or an * artifact, possibly marked up with HTML to highlight keyword hits. */ -@Messages({ - "ExtractedContentViewer.getText.error.msg=Error getting text.", - "ExtractedContentViewer.getSolrContent.knownFileMsg=

{0} is a known file (based on MD5 hash) and does not have text in the index.

", - "ExtractedContentViewer.getSolrContent.noTxtYetMsg=

There is currently no text in the index for this {0}. It may have no text, it may not have been analyzed yet, there may have been an error extracting text, or keyword search was not enabled during ingest.

", - "ExtractedContentViewer.getSolrContent.txtBodyItal={0}" -}) @ServiceProvider(service = DataContentViewer.class, position = 4) public class ExtractedContentViewer implements DataContentViewer { diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java index 030519b3da..14298a044a 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java @@ -102,13 +102,13 @@ class HighlightedText implements IndexedText { /** * This constructor is used when keyword hits are accessed from the ad-hoc * search results. In that case we have the entire QueryResults object and - need to arrange the paging. + * need to arrange the paging. * * @param objectId The objectID of the content whose text will be * highlighted. * @param QueryResults The QueryResults for the ad-hoc search from whose - results a selection was made leading to this - HighlightedText. + * results a selection was made leading to this + * HighlightedText. */ HighlightedText(long objectId, QueryResults hits) { this.objectId = objectId; @@ -203,10 +203,10 @@ class HighlightedText implements IndexedText { isLiteral = hits.getQuery().isLiteral(); /** - * Organize the hits by page, filter as needed. - * We process *every* keyword here because in the case of a regular - * expression search there may be multiple different keyword - * hits located in different chunks for the same file/artifact. + * Organize the hits by page, filter as needed. We process *every* + * keyword here because in the case of a regular expression search there + * may be multiple different keyword hits located in different chunks + * for the same file/artifact. */ for (Keyword k : hits.getKeywords()) { for (KeywordHit hit : hits.getResults(k)) { @@ -424,13 +424,13 @@ class HighlightedText implements IndexedText { return "
" + highlightedContent + "
"; //NON-NLS } catch (TskCoreException | KeywordSearchModuleException | NoOpenCoreException ex) { logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + objectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS - return Bundle.ExtractedContentViewer_getText_error(); + return Bundle.IndexedText_errorMessage_errorGettingText(); } } @Override public String toString() { - return Bundle.HighlightedMatchesSource_toString(); + return NbBundle.getMessage(this.getClass(), "HighlightedMatchesSource.toString"); } @Override @@ -462,12 +462,13 @@ class HighlightedText implements IndexedText { * to a Solr query. We expect there to only ever be * a single document. * - * @return Either a string with the keyword highlighted via HTML span tags or a string - * indicating that we did not find a hit in the document. + * @return Either a string with the keyword highlighted via HTML span tags + * or a string indicating that we did not find a hit in the + * document. */ static String attemptManualHighlighting(SolrDocumentList solrDocumentList, String highlightField, Collection keywords) { if (solrDocumentList.isEmpty()) { - return Bundle.ExtractedContentViewer_getSolrContent_noTxtYetMsg("document"); + return Bundle.IndexedText_errorMessage_errorGettingText(); } // It doesn't make sense for there to be more than a single document in diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java index 6bf6a4f3ef..9095788c6a 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2017 Basis Technology Corp. + * Copyright 2011-2018 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -18,12 +18,20 @@ */ package org.sleuthkit.autopsy.keywordsearch; +import org.openide.util.NbBundle; + /** * Interface to provide HTML text to display in ExtractedContentViewer. There is * a SOLR implementation of this that interfaces with SOLR to highlight the * keyword hits and a version that does not do markup so that you can simply * view the stored text. */ +@NbBundle.Messages({ + "IndexedText.errorMessage.errorGettingText=

Error retrieving indexed text.

", + "IndexedText.warningMessage.knownFile=

This file is a known file (based on MD5 hash) and does not have indexed text.

", + "IndexedText.warningMessage.noTextAvailable=

No indexed text for this file.

", + "IndexedText.htmlStyle.textBodyItalics={0}" +}) interface IndexedText { /** diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java index af1d6bc01f..c7c263ce48 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java @@ -155,7 +155,7 @@ class RawText implements IndexedText { } catch (SolrServerException | NoOpenCoreException ex) { logger.log(Level.SEVERE, "Couldn't get extracted text", ex); //NON-NLS } - return Bundle.ExtractedContentViewer_getText_error_msg(); + return Bundle.IndexedText_errorMessage_errorGettingText(); } @NbBundle.Messages({ @@ -185,7 +185,6 @@ class RawText implements IndexedText { return 0; } - @Override public int getNumberPages() { return numPages; @@ -224,7 +223,8 @@ class RawText implements IndexedText { * @return the extracted text * * @throws NoOpenCoreException If no Solr core is available. - * @throws SolrServerException If there's a Solr communication or parsing issue. + * @throws SolrServerException If there's a Solr communication or parsing + * issue. */ private String getContentText(int currentPage, boolean hasChunks) throws NoOpenCoreException, SolrServerException { final Server solrServer = KeywordSearch.getServer(); @@ -234,18 +234,18 @@ class RawText implements IndexedText { //because we are storing extracted text in chunks only //and the non-chunk stores meta-data only String msg = null; - + if (content instanceof AbstractFile) { //we know it's AbstractFile, but do quick check to make sure if we index other objects in future - boolean isKnown = TskData.FileKnown.KNOWN.equals(((AbstractFile)content).getKnown()); + boolean isKnown = TskData.FileKnown.KNOWN.equals(((AbstractFile) content).getKnown()); if (isKnown && KeywordSearchSettings.getSkipKnown()) { - msg = Bundle.ExtractedContentViewer_getSolrContent_knownFileMsg(content.getName()); + msg = Bundle.IndexedText_warningMessage_knownFile(); } } - if(msg == null) { - msg = Bundle.ExtractedContentViewer_getSolrContent_noTxtYetMsg("file"); + if (msg == null) { + msg = Bundle.IndexedText_warningMessage_noTextAvailable(); } - String htmlMsg = Bundle.ExtractedContentViewer_getSolrContent_txtBodyItal(msg); + String htmlMsg = Bundle.IndexedText_htmlStyle_textBodyItalics(msg); return htmlMsg; } @@ -260,38 +260,45 @@ class RawText implements IndexedText { //not cached String indexedText = solrServer.getSolrContent(this.objectId, chunkId); - if (indexedText == null || indexedText.isEmpty()) { - return NbBundle.getMessage(ExtractedContentViewer.class, "ExtractedContentViewer.getSolrContent.noTxtYetMsg", "file"); + if (indexedText == null) { + if (content instanceof AbstractFile) { + return Bundle.IndexedText_errorMessage_errorGettingText(); + } else { + return Bundle.IndexedText_warningMessage_noTextAvailable(); + } + } else if (indexedText.isEmpty()) { + return Bundle.IndexedText_warningMessage_noTextAvailable(); } - + cachedString = EscapeUtil.escapeHtml(indexedText).trim(); StringBuilder sb = new StringBuilder(cachedString.length() + 20); sb.append("
").append(cachedString).append("
"); //NON-NLS cachedString = sb.toString(); cachedChunk = chunkId; - + return cachedString; } - + /** * Get extracted artifact for a node from Solr * * @return the extracted text - * + * * @throws NoOpenCoreException If no Solr core is available. - * @throws SolrServerException If there's a Solr communication or parsing issue. + * @throws SolrServerException If there's a Solr communication or parsing + * issue. */ - private String getArtifactText() throws NoOpenCoreException, SolrServerException{ + private String getArtifactText() throws NoOpenCoreException, SolrServerException { String indexedText = KeywordSearch.getServer().getSolrContent(this.objectId, 1); if (indexedText == null || indexedText.isEmpty()) { - return Bundle.ExtractedContentViewer_getSolrContent_noTxtYetMsg("artifact"); + return Bundle.IndexedText_errorMessage_errorGettingText(); } - + indexedText = EscapeUtil.escapeHtml(indexedText).trim(); StringBuilder sb = new StringBuilder(indexedText.length() + 20); sb.append("
").append(indexedText).append("
"); //NON-NLS - + return sb.toString(); } - + } From bb0a7c26c7cc5c9538417512f5ca06e51b9ba56e Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Wed, 7 Feb 2018 11:41:44 -0500 Subject: [PATCH 22/33] Revisions. --- .../autopsy/keywordsearch/ExtractedContentPanel.java | 5 +---- .../org/sleuthkit/autopsy/keywordsearch/IndexedText.java | 7 +++---- .../src/org/sleuthkit/autopsy/keywordsearch/RawText.java | 3 +-- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java index d6a81371b2..bc68962693 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java @@ -648,9 +648,6 @@ class ExtractedContentPanel extends javax.swing.JPanel { return source.getText(); } - @NbBundle.Messages({ - "ExtractedContentPanel.getText.error=Error getting text." - }) @Override protected void done() { super.done(); @@ -667,7 +664,7 @@ class ExtractedContentPanel extends javax.swing.JPanel { } catch (InterruptedException | CancellationException | ExecutionException ex) { logger.log(Level.SEVERE, "Error getting marked up text", ex); //NON-NLS - setPanelText(Bundle.ExtractedContentPanel_getText_error(), true); + setPanelText(Bundle.IndexedText_errorMessage_errorGettingText(), true); } updateControls(source); diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java index 9095788c6a..17366483e3 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/IndexedText.java @@ -27,10 +27,9 @@ import org.openide.util.NbBundle; * view the stored text. */ @NbBundle.Messages({ - "IndexedText.errorMessage.errorGettingText=

Error retrieving indexed text.

", - "IndexedText.warningMessage.knownFile=

This file is a known file (based on MD5 hash) and does not have indexed text.

", - "IndexedText.warningMessage.noTextAvailable=

No indexed text for this file.

", - "IndexedText.htmlStyle.textBodyItalics={0}" + "IndexedText.errorMessage.errorGettingText=Error retrieving indexed text.", + "IndexedText.warningMessage.knownFile=This file is a known file (based on MD5 hash) and does not have indexed text.", + "IndexedText.warningMessage.noTextAvailable=No indexed text for this file." }) interface IndexedText { diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java index c7c263ce48..789de3fd50 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RawText.java @@ -245,8 +245,7 @@ class RawText implements IndexedText { if (msg == null) { msg = Bundle.IndexedText_warningMessage_noTextAvailable(); } - String htmlMsg = Bundle.IndexedText_htmlStyle_textBodyItalics(msg); - return htmlMsg; + return msg; } int chunkId = currentPage; From e03173c46bf247b9c95b6a038f39b3ac5a0e677b Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Fri, 9 Feb 2018 12:26:48 -0500 Subject: [PATCH 23/33] 3445 make Date Filter condition reject negative day value --- .../autopsy/modules/interestingitems/FilesSetRulePanel.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java index bead96c5ed..4965652c5f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java @@ -395,7 +395,10 @@ final class FilesSetRulePanel extends javax.swing.JPanel { return false; } try { - Integer.parseInt(daysIncludedTextField.getText()); + int value = Integer.parseInt(daysIncludedTextField.getText()); + if (value < 0) { + throw new NumberFormatException("Negative numbers are not allowed for the within N days condition"); + } } catch (NumberFormatException e) { //field did not contain an integer NotifyDescriptor notifyDesc = new NotifyDescriptor.Message( From a7ef9f7e54d5bc7c255d34915389dc8f368ef606 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Fri, 9 Feb 2018 12:30:42 -0500 Subject: [PATCH 24/33] 3445 rename varialbe DAY_IN_S to SECS_PER_DAY for clarity --- .../sleuthkit/autopsy/modules/interestingitems/FilesSet.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java index 94697d4fc6..3a3e9b2360 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java @@ -761,7 +761,7 @@ public final class FilesSet implements Serializable { */ static final class DateCondition implements FileAttributeCondition { - private final static long DAY_IN_S = 60 * 60 * 24; + private final static long SECS_PER_DAY = 60 * 60 * 24; private int daysIncluded; @@ -786,7 +786,7 @@ public final class FilesSet implements Serializable { @Override public boolean passes(AbstractFile file) { - long dateThreshold = System.currentTimeMillis() / 1000 - daysIncluded * DAY_IN_S; + long dateThreshold = System.currentTimeMillis() / 1000 - daysIncluded * SECS_PER_DAY; if (file.getCrtime() > dateThreshold || file.getMtime() > dateThreshold) { return true; } From 1b371c026ea218a8f2fea628e08b4bca66cd78fe Mon Sep 17 00:00:00 2001 From: "U-BASIS\\zhaohui" Date: Fri, 9 Feb 2018 13:56:07 -0500 Subject: [PATCH 25/33] 3281: Capitalize the word 'Hash Set' for the GUI items. --- .../modules/hashdatabase/Bundle.properties | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties index fd6f3222e7..bc62102682 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties @@ -28,13 +28,13 @@ HashDbCreateDatabaseDialog.knownBadRadioButton.text=Notable HashDbCreateDatabaseDialog.cancelButton.text=Cancel ModalNoButtons.CURRENTDB_LABEL.text=(CurrentDb) ModalNoButtons.CURRENTLYON_LABEL.text=Currently Indexing x of y -ModalNoButtons.GO_GET_COFFEE_LABEL.text=Hash sets are currently being indexed, this may take some time. +ModalNoButtons.GO_GET_COFFEE_LABEL.text=Hash Sets are currently being indexed, this may take some time. ModalNoButtons.CANCEL_BUTTON.text=Cancel HashDbImportDatabaseDialog.knownRadioButton.text=Known (NSRL or other) HashDbCreateDatabaseDialog.knownRadioButton.text=Known HashDbCreateDatabaseDialog.saveAsButton.text=Save As... HashDbCreateDatabaseDialog.hashSetNameTextField.text= -HashDbImportDatabaseDialog.jLabel3.text=Hash set Path: +HashDbImportDatabaseDialog.jLabel3.text=Hash Set Path: HashDbCreateDatabaseDialog.sendIngestMessagesCheckbox.text=Send ingest inbox messages for each hit HashDbImportDatabaseDialog.sendIngestMessagesCheckbox.text=Send ingest inbox message for each hit HashDbImportDatabaseDialog.hashSetNameTextField.text= @@ -42,8 +42,8 @@ HashDbImportDatabaseDialog.openButton.text=Open... HashDbCreateDatabaseDialog.jLabel3.text=Name: HashDbCreateDatabaseDialog.okButton.text=OK HashDbCreateDatabaseDialog.databasePathTextField.text= -AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=No hash sets configured -AddContentToHashDbAction.ContentMenu.createDbItem=Create hash set... +AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=No Hash Sets configured +AddContentToHashDbAction.ContentMenu.createDbItem=Create Hash Set... AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr1.text=Add to Hash Set Error AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr2.text=Add to Hash Set Error AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr3.text=Add to Hash Set Error @@ -79,7 +79,7 @@ HashDbCreateDatabaseDialog.fileExistsErr=File Already Exists Error HashDbCreateDatabaseDialog.mustEnterHashSetNameMsg=A hash set name must be entered. HashDbCreateDatabaseDialog.createHashDbErr=Create Hash Set Error HashDbCreateDatabaseDialog.mustEnterHashDbPathMsg=A hash set path must be entered. -HashDbCreateDatabaseDialog.errMsg.hashDbCreationErr=Hash set creation error +HashDbCreateDatabaseDialog.errMsg.hashDbCreationErr=Hash Set creation error HashDbCreateDatabaseDialog.cannotCreateFileAtLocMsg=Cannot create a hash set file at the selected location. HashDbCreateDatabaseDialog.failedToCreateHashDbMsg=Failed to create the hash set. HashDbImportDatabaseDialog.importHashDbMsg=Import Hash Set @@ -99,12 +99,12 @@ HashDbIngestModule.lookingUpKnownBadHashValueErr=Error encountered while looking HashDbIngestModule.lookingUpKnownHashValueErr=Error encountered while looking up known hash value for {0}. HashDbIngestModule.postToBB.fileName=File Name HashDbIngestModule.postToBB.md5Hash=MD5 Hash -HashDbIngestModule.postToBB.hashsetName=Hashset Name +HashDbIngestModule.postToBB.hashsetName=Hash Set Name HashDbIngestModule.postToBB.knownBadMsg=Notable\: {0} HashDbIngestModule.complete.knownBadsFound=Notables found\: HashDbIngestModule.complete.totalCalcTime=Total Calculation Time HashDbIngestModule.complete.totalLookupTime=Total Lookup Time -HashDbIngestModule.complete.databasesUsed=Hash sets Used\: +HashDbIngestModule.complete.databasesUsed=Hash Sets Used\: HashDbIngestModule.complete.hashLookupResults=Hash Lookup Results HashDbManager.moduleErrorListeningToUpdatesMsg=A module caused an error listening to HashDbManager updates. See log to determine which module. Some data could be incomplete. HashDbManager.replacingDuplicateHashsetNameMsg=Duplicate hash set name {0} found.\nReplacing with {1}. @@ -113,8 +113,8 @@ HashDbManager.unableToOpenHashDbMsg=Unable to open {0} hash set. HashDbManager.savedBackupOfOldConfigMsg={0}\nA backup copy of the old configuration has been saved as\n{1} HashDbManager.baseMessage.updatedFormatHashDbConfig=The format of the hash set configuration file has been updated. HashDbManager.msgBoxTitle.confFileFmtChanged=Configuration File Format Changed -HashDbManager.dlgMsg.dbNotFoundAtLoc=Hash set {0} could not be found at location\n{1}\nWould you like to search for the file? -HashDbManager.dlgTitle.MissingDb=Missing Hash set +HashDbManager.dlgMsg.dbNotFoundAtLoc=Hash Set {0} could not be found at location\n{1}\nWould you like to search for the file? +HashDbManager.dlgTitle.MissingDb=Missing Hash Set HashDbManager.progress.indexingHashSet=Indexing {0} HashDbManager.dlgMsg.errorIndexingHashSet=Error indexing {0} hash set. HashDbManager.hashDbIndexingErr=Hash Set Indexing Error @@ -156,7 +156,7 @@ AddContentToHashDbAction.singleSelectionName=Add file to hash set AddContentToHashDbAction.multipleSelectionName=Add files to hash set HashDbManager.ingestRunningExceptionMsg=Ingest is ongoing; this service will be unavailable until it finishes. HashDbManager.saveErrorExceptionMsg=Error saving hash configuration -HashLookupSettingsPanel.jButton3.text=Import Hash set +HashLookupSettingsPanel.jButton3.text=Import Hash Set HashLookupSettingsPanel.jLabel6.text=Type: HashLookupSettingsPanel.jLabel4.text=Location: HashLookupSettingsPanel.jLabel2.text=Name: @@ -171,15 +171,15 @@ HashLookupModuleFactory.getIngestJobSettingsPanel.exception.msg=Expected setting HashLookupModuleFactory.createFileIngestModule.exception.msg=Expected settings argument to be instanceof HashLookupModuleSettings HashLookupModuleSettingsPanel.alwaysCalcHashesCheckbox.toolTipText=Calculate MD5 even if no hash set is selected HashDbSearchPanel.hashTable.defaultModel.title.text=MD5 Hashes -AddHashValuesToDatabaseDialog.JDialog.Title=Add Hashes to Hash set +AddHashValuesToDatabaseDialog.JDialog.Title=Add Hashes to Hash Set AddHashValuesToDatabaseDialog.instructionLabel.text_1=Paste MD5 hash values (one per line) below: AddHashValuesToDatabaseDialog.cancelButton.text_2=Cancel -AddHashValuesToDatabaseDialog.AddValuesToHashDatabaseButton.text_2=Add Hashes to Hash set +AddHashValuesToDatabaseDialog.AddValuesToHashDatabaseButton.text_2=Add Hashes to Hash Set AddHashValuesToDatabaseDialog.pasteFromClipboardButton.text_2=Paste From Clipboard AddHashValuesToDatabaseProgressDialog.okButton.text=OK AddHashValuesToDatabaseProgressDialog.statusLabel.text=status -AddHashValuesToDatabaseProgressDialog.title=Add Hashes to Hash set Progress -AddHashValuesToDatabaseDialog.title=Add Hashes to Hash set +AddHashValuesToDatabaseProgressDialog.title=Add Hashes to Hash Set Progress +AddHashValuesToDatabaseDialog.title=Add Hashes to Hash Set AddHashValuesToDatabaseProgressDialog.showErrorsButton.text=Show Errors AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.parsing=Parsing text for MD5 hashes... AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.invalidHash=The input contains invalid hash. @@ -189,11 +189,11 @@ AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.success={0} Hashes AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.errorAddingValidHash=There is an error adding valid hashes. AddHashValuesToDatabaseProgressDialog.addHashValuesToDatabase.errorAddingValidHash.msg=Error adding valid hashes to the hash set: HashLookupSettingsPanel.ingestWarningLabel.text=Ingest is ongoing, some settings will be unavailable until it finishes. -HashLookupSettingsPanel.addHashesToDatabaseButton.text=Add Hashes to Hash set +HashLookupSettingsPanel.addHashesToDatabaseButton.text=Add Hashes to Hash Set HashLookupSettingsPanel.indexPathLabel.text= HashLookupSettingsPanel.indexPathLabelLabel.text=Index Path: HashLookupSettingsPanel.createDatabaseButton.toolTipText= -HashLookupSettingsPanel.createDatabaseButton.text=New hash set +HashLookupSettingsPanel.createDatabaseButton.text=New Hash Set HashLookupSettingsPanel.optionsLabel.text=Options HashLookupSettingsPanel.informationLabel.text=Information HashLookupSettingsPanel.sendIngestMessagesCheckBox.text=Send ingest inbox message for each hit @@ -202,19 +202,19 @@ HashLookupSettingsPanel.indexLabel.text=Index Status: HashLookupSettingsPanel.hashDbIndexStatusLabel.text= HashLookupSettingsPanel.hashDbTypeLabel.text= HashLookupSettingsPanel.typeLabel.text=Type: -HashLookupSettingsPanel.locationLabel.text=Hash set Path: +HashLookupSettingsPanel.locationLabel.text=Hash Set Path: HashLookupSettingsPanel.hashDbLocationLabel.text= HashLookupSettingsPanel.hashDbNameLabel.text= HashLookupSettingsPanel.nameLabel.text=Name: HashLookupSettingsPanel.hashDatabasesLabel.text=Hash Sets: HashLookupSettingsPanel.importDatabaseButton.toolTipText= -HashLookupSettingsPanel.importDatabaseButton.text=Import hash set -HashLookupSettingsPanel.deleteDatabaseButton.text=Delete hash set -ImportHashDatabaseDialog.lbFilePath.text=Hash set Path: +HashLookupSettingsPanel.importDatabaseButton.text=Import Hash Set +HashLookupSettingsPanel.deleteDatabaseButton.text=Delete Hash Set +ImportHashDatabaseDialog.lbFilePath.text=Hash Set Path: ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this hash set -ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash set Version Number +ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash Set Version Number ImportHashDatabaseDialog.tfDatabaseName.tooltip=Name for this hash set -ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash set Version Number +ImportHashDatabaseDialog.tfDatabaseVersion.tooltip.text=Hash Set Version Number ImportCentralRepoDbProgressDialog.lbProgress.text=Starting import... ImportCentralRepoDbProgressDialog.bnOk.text=OK ImportCentralRepoDbProgressDialog.bnCancel.text=Cancel @@ -238,4 +238,4 @@ HashDbCreateDatabaseDialog.fileTypeRadioButton.text=Local HashDbCreateDatabaseDialog.centralRepoRadioButton.text=Remote (Central Repository) HashDbCreateDatabaseDialog.lbOrg.text=Source Organization: HashDbCreateDatabaseDialog.orgButton.text=Manage Organizations -HashDbCreateDatabaseDialog.databasePathLabel.text=Hash set Path: +HashDbCreateDatabaseDialog.databasePathLabel.text=Hash Set Path: From 2b3359912231a4b0b03e5b10a592feafda09f05f Mon Sep 17 00:00:00 2001 From: "U-BASIS\\zhaohui" Date: Fri, 9 Feb 2018 14:08:06 -0500 Subject: [PATCH 26/33] 3281: Capitalization correction --- .../autopsy/modules/hashdatabase/Bundle.properties | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties index bc62102682..bbd32ecd8c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/Bundle.properties @@ -28,7 +28,7 @@ HashDbCreateDatabaseDialog.knownBadRadioButton.text=Notable HashDbCreateDatabaseDialog.cancelButton.text=Cancel ModalNoButtons.CURRENTDB_LABEL.text=(CurrentDb) ModalNoButtons.CURRENTLYON_LABEL.text=Currently Indexing x of y -ModalNoButtons.GO_GET_COFFEE_LABEL.text=Hash Sets are currently being indexed, this may take some time. +ModalNoButtons.GO_GET_COFFEE_LABEL.text=Hash sets are currently being indexed, this may take some time. ModalNoButtons.CANCEL_BUTTON.text=Cancel HashDbImportDatabaseDialog.knownRadioButton.text=Known (NSRL or other) HashDbCreateDatabaseDialog.knownRadioButton.text=Known @@ -42,8 +42,8 @@ HashDbImportDatabaseDialog.openButton.text=Open... HashDbCreateDatabaseDialog.jLabel3.text=Name: HashDbCreateDatabaseDialog.okButton.text=OK HashDbCreateDatabaseDialog.databasePathTextField.text= -AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=No Hash Sets configured -AddContentToHashDbAction.ContentMenu.createDbItem=Create Hash Set... +AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=No hash sets configured +AddContentToHashDbAction.ContentMenu.createDbItem=Create hash set... AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr1.text=Add to Hash Set Error AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr2.text=Add to Hash Set Error AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr3.text=Add to Hash Set Error @@ -79,7 +79,7 @@ HashDbCreateDatabaseDialog.fileExistsErr=File Already Exists Error HashDbCreateDatabaseDialog.mustEnterHashSetNameMsg=A hash set name must be entered. HashDbCreateDatabaseDialog.createHashDbErr=Create Hash Set Error HashDbCreateDatabaseDialog.mustEnterHashDbPathMsg=A hash set path must be entered. -HashDbCreateDatabaseDialog.errMsg.hashDbCreationErr=Hash Set creation error +HashDbCreateDatabaseDialog.errMsg.hashDbCreationErr=Hash set creation error HashDbCreateDatabaseDialog.cannotCreateFileAtLocMsg=Cannot create a hash set file at the selected location. HashDbCreateDatabaseDialog.failedToCreateHashDbMsg=Failed to create the hash set. HashDbImportDatabaseDialog.importHashDbMsg=Import Hash Set @@ -113,7 +113,7 @@ HashDbManager.unableToOpenHashDbMsg=Unable to open {0} hash set. HashDbManager.savedBackupOfOldConfigMsg={0}\nA backup copy of the old configuration has been saved as\n{1} HashDbManager.baseMessage.updatedFormatHashDbConfig=The format of the hash set configuration file has been updated. HashDbManager.msgBoxTitle.confFileFmtChanged=Configuration File Format Changed -HashDbManager.dlgMsg.dbNotFoundAtLoc=Hash Set {0} could not be found at location\n{1}\nWould you like to search for the file? +HashDbManager.dlgMsg.dbNotFoundAtLoc=Hash set {0} could not be found at location\n{1}\nWould you like to search for the file? HashDbManager.dlgTitle.MissingDb=Missing Hash Set HashDbManager.progress.indexingHashSet=Indexing {0} HashDbManager.dlgMsg.errorIndexingHashSet=Error indexing {0} hash set. From 1621cd5d43fccad3669eaf50ed770c8cf0fb8ddf Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 9 Feb 2018 14:23:39 -0500 Subject: [PATCH 27/33] Partial changes. --- .../keywordsearch/ExtractedContentViewer.java | 194 ++++++++---------- .../keywordsearch/HighlightedText.java | 6 +- .../KeywordSearchFilterNode.java | 10 +- .../KeywordSearchResultFactory.java | 28 +-- 4 files changed, 106 insertions(+), 132 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 43f0d7baf8..b8fef30f01 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -27,13 +27,14 @@ import java.util.Collection; import java.util.List; import java.util.logging.Level; import org.openide.nodes.Node; +import org.openide.util.Exceptions; import org.openide.util.Lookup; import org.openide.util.NbBundle; import org.openide.util.lookup.ServiceProvider; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.QueryContent; +import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.AdHocQueryResult; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.BlackboardArtifact; @@ -51,7 +52,7 @@ import org.sleuthkit.datamodel.TskCoreException; @ServiceProvider(service = DataContentViewer.class, position = 4) public class ExtractedContentViewer implements DataContentViewer { - private static final Logger LOGGER = Logger.getLogger(ExtractedContentViewer.class.getName()); + private static final Logger logger = Logger.getLogger(ExtractedContentViewer.class.getName()); private static final long INVALID_DOCUMENT_ID = 0L; private static final BlackboardAttribute.Type TSK_ASSOCIATED_ARTIFACT_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT); @@ -93,9 +94,6 @@ public class ExtractedContentViewer implements DataContentViewer { currentNode = node; } - Lookup nodeLookup = node.getLookup(); - AbstractFile content = nodeLookup.lookup(AbstractFile.class); - /* * Assemble a collection of all of the indexed text "sources" for the * node. @@ -104,44 +102,37 @@ public class ExtractedContentViewer implements DataContentViewer { IndexedText highlightedHitText = null; IndexedText rawContentText = null; - if (null != content && solrHasContent(content.getId())) { - /* - * Results for Keyword Hits. - */ - BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); - if (artifact != null) { - if (artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID()) { - try { - /* - * Generate AccountsText for the account artifact. - */ - highlightedHitText = getAccountsText(content, nodeLookup); - } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS - } - } else if (artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) { - try { - /* - * Generate HighlightedText for the keyword hit artifact. - */ - highlightedHitText = new HighlightedText(artifact); - } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS - } + Lookup nodeLookup = node.getLookup(); + + AdHocQueryResult adHocQueryResult = nodeLookup.lookup(AdHocQueryResult.class); + BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); + AbstractFile content = nodeLookup.lookup(AbstractFile.class); + + if (adHocQueryResult != null) { + highlightedHitText = new HighlightedText(adHocQueryResult.getSolrObjectId(), adHocQueryResult.getResults()); + } else if (artifact != null) { + if (artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) { + try { + highlightedHitText = new HighlightedText(artifact); + } catch (TskCoreException ex) { + Exceptions.printStackTrace(ex); + } + } else if (artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID() && content != null) { + try { + highlightedHitText = getAccountsText(content, nodeLookup); + } catch (TskCoreException ex) { + Exceptions.printStackTrace(ex); } } - } else { - /* - * Results for ad-hoc search. - */ - QueryContent queryContent = nodeLookup.lookup(QueryContent.class); - content = (AbstractFile) queryContent.getContent(); - - if (null != content && solrHasContent(content.getId())) { - QueryResults queryResults = queryContent.getResults(); - if (queryResults != null) { - highlightedHitText = new HighlightedText(queryContent.getSolrObjectId(), queryResults); - } + } + + if (content != null) { + rawContentText = new RawText(content, content.getId()); + } else if (artifact != null) { + try { + rawContentText = getRawArtifactText(nodeLookup); + } catch (TskCoreException ex) { + Exceptions.printStackTrace(ex); } } @@ -150,11 +141,10 @@ public class ExtractedContentViewer implements DataContentViewer { } /* - * Next, add the "raw" (not highlighted) text, if any, for any - * content associated with the node. + * Next, add the "raw" (not highlighted) text, if any, for any content + * associated with the node. */ - if (content != null) { - rawContentText = new RawText(content, content.getId()); + if (rawContentText != null) { sources.add(rawContentText); } @@ -166,7 +156,7 @@ public class ExtractedContentViewer implements DataContentViewer { try { rawArtifactText = getRawArtifactText(nodeLookup); } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS + logger.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS } if (rawArtifactText != null) { @@ -289,6 +279,11 @@ public class ExtractedContentViewer implements DataContentViewer { return false; } + AdHocQueryResult adHocQueryResult = node.getLookup().lookup(AdHocQueryResult.class); + if (adHocQueryResult != null) { + return true; + } + /* * Is there a credit card or keyword hit artifact in the lookup */ @@ -296,26 +291,63 @@ public class ExtractedContentViewer implements DataContentViewer { if (artifacts != null) { for (BlackboardArtifact art : artifacts) { final int artifactTypeID = art.getArtifactTypeID(); - if (artifactTypeID == TSK_ACCOUNT.getTypeID()) { + if (artifactTypeID == TSK_KEYWORD_HIT.getTypeID()) { + return true; + } else if (artifactTypeID == TSK_ACCOUNT.getTypeID()) { try { BlackboardAttribute attribute = art.getAttribute(TSK_ACCOUNT_TYPE); if (attribute != null && Account.Type.CREDIT_CARD.getTypeName().equals(attribute.getValueString())) { return true; } } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); + logger.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); + return true; } - } else if (artifactTypeID == TSK_KEYWORD_HIT.getTypeID()) { - return true; } } } + /** + * If the node is a Blackboard artifact node for anything other than a + * keyword hit, the document ID for the text extracted from the artifact + * (the concatenation of its attributes) is the artifact ID, a large, + * negative integer. If it is a keyword hit, see if there is an + * associated artifact. If there is, get the associated artifact's ID + * and return it. + */ + long documentID = INVALID_DOCUMENT_ID; + + BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class); + if (null != artifact) { + if (artifact.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + documentID = artifact.getArtifactID(); + } else { + try { + // Get the associated artifact attribute and return its value as the ID + BlackboardAttribute blackboardAttribute = artifact.getAttribute(TSK_ASSOCIATED_ARTIFACT_TYPE); + if (blackboardAttribute != null) { + documentID = blackboardAttribute.getValueLong(); + } + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS + } + } + } + + /* + * For keyword search hit artifact nodes and all other nodes, the + * document ID for the extracted text is the ID of the associated + * content, if any, unless there is an associated artifact, which is + * handled above. + */ + Content content = node.getLookup().lookup(Content.class); + if (content != null) { + documentID = content.getId(); + } /* * No highlighted text for a keyword hit, so is there any indexed text * at all for this node? */ - long documentID = getDocumentId(node); if (INVALID_DOCUMENT_ID == documentID) { return false; } @@ -367,69 +399,11 @@ public class ExtractedContentViewer implements DataContentViewer { try { return solrServer.queryIsIndexed(objectId); } catch (NoOpenCoreException | KeywordSearchModuleException ex) { - LOGGER.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS + logger.log(Level.SEVERE, "Error querying Solr server", ex); //NON-NLS return false; } } - /** - * Gets the object ID to use as the document ID for accessing any indexed - * text for the given node. - * - * @param node The node. - * - * @return The document ID or zero, which is an invalid document ID. - */ - private Long getDocumentId(Node node) { - /** - * If the node is a Blackboard artifact node for anything other than a - * keyword hit, the document ID for the text extracted from the artifact - * (the concatenation of its attributes) is the artifact ID, a large, - * negative integer. If it is a keyword hit, see if there is an - * associated artifact. If there is, get the associated artifact's ID - * and return it. - */ - BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class); - if (null != artifact) { - if (artifact.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { - return artifact.getArtifactID(); - } else { - try { - // Get the associated artifact attribute and return its value as the ID - BlackboardAttribute blackboardAttribute = artifact.getAttribute(TSK_ASSOCIATED_ARTIFACT_TYPE); - if (blackboardAttribute != null) { - return blackboardAttribute.getValueLong(); - } - } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS - } - } - } - - /* - * For keyword search hit artifact nodes and all other nodes, the - * document ID for the extracted text is the ID of the associated - * content, if any, unless there is an associated artifact, which is - * handled above. - */ - Content content = node.getLookup().lookup(Content.class); - if (content == null) { - QueryContent queryContent = node.getLookup().lookup(QueryContent.class); - if (queryContent != null) { - content = queryContent.getContent(); - } - } - - if (content != null) { - return content.getId(); - } - - /* - * No extracted text, return an invalid docuemnt ID. - */ - return 0L; - } - private class NextFindActionListener implements ActionListener { @Override diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java index 9bcbdd7b2a..2fa4bbf999 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/HighlightedText.java @@ -54,7 +54,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ class HighlightedText implements IndexedText { - private static final Logger LOGGER = Logger.getLogger(HighlightedText.class.getName()); + private static final Logger logger = Logger.getLogger(HighlightedText.class.getName()); private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT); @@ -400,7 +400,7 @@ class HighlightedText implements IndexedText { // either be a single chunk containing hits or we narrow our // query down to the current page/chunk. if (response.getResults().size() > 1) { - LOGGER.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS + logger.log(Level.WARNING, "Unexpected number of results for Solr highlighting query: {0}", q); //NON-NLS } String highlightedContent; Map>> responseHighlight = response.getHighlighting(); @@ -426,7 +426,7 @@ class HighlightedText implements IndexedText { return "
" + highlightedContent + "
"; //NON-NLS } catch (TskCoreException | KeywordSearchModuleException | NoOpenCoreException ex) { - LOGGER.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + solrObjectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS + logger.log(Level.SEVERE, "Error getting highlighted text for Solr doc id " + solrObjectId + ", chunkID " + chunkID + ", highlight query: " + highlightField, ex); //NON-NLS return NbBundle.getMessage(this.getClass(), "HighlightedMatchesSource.getMarkup.queryFailedMsg"); } } diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java index b848892691..58876870e5 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java @@ -39,7 +39,7 @@ import org.sleuthkit.autopsy.actions.AddContentTagAction; import org.sleuthkit.autopsy.actions.DeleteFileContentTagAction; import org.sleuthkit.autopsy.directorytree.HashSearchAction; import org.sleuthkit.autopsy.directorytree.NewWindowViewAction; -import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.QueryContent; +import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.AdHocQueryResult; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.ContentVisitor; @@ -60,11 +60,11 @@ class KeywordSearchFilterNode extends FilterNode { /** * Instantiate a KeywordSearchFilterNode. * - * @param queryContent The query content. - * @param original The original source node. + * @param adHocQueryResult The query content. + * @param original The original source node. */ - KeywordSearchFilterNode(QueryContent queryContent, Node original) { - super(original, null, new ProxyLookup(Lookups.singleton(queryContent), original.getLookup())); + KeywordSearchFilterNode(AdHocQueryResult adHocQueryResult, Node original) { + super(original, null, new ProxyLookup(Lookups.singleton(adHocQueryResult), original.getLookup())); } @Override diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java index c8c1c07b15..fb37a84e59 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java @@ -66,7 +66,7 @@ import org.sleuthkit.datamodel.TskCoreException; */ class KeywordSearchResultFactory extends ChildFactory { - private static final Logger LOGGER = Logger.getLogger(KeywordSearchResultFactory.class.getName()); + private static final Logger logger = Logger.getLogger(KeywordSearchResultFactory.class.getName()); //common properties (superset of all Node properties) to be displayed as columns static final List COMMON_PROPERTIES @@ -140,7 +140,7 @@ class KeywordSearchResultFactory extends ChildFactory { try { queryResults = queryRequest.performQuery(); } catch (KeywordSearchModuleException | NoOpenCoreException ex) { - LOGGER.log(Level.SEVERE, "Could not perform the query " + queryRequest.getQueryString(), ex); //NON-NLS + logger.log(Level.SEVERE, "Could not perform the query " + queryRequest.getQueryString(), ex); //NON-NLS MessageNotifyUtil.Notify.error(Bundle.KeywordSearchResultFactory_query_exception_msg() + queryRequest.getQueryString(), ex.getCause().getMessage()); return false; } @@ -148,7 +148,7 @@ class KeywordSearchResultFactory extends ChildFactory { try { tskCase = Case.getCurrentCase().getSleuthkitCase(); } catch (IllegalStateException ex) { - LOGGER.log(Level.SEVERE, "There was no case open.", ex); //NON-NLS + logger.log(Level.SEVERE, "There was no case open.", ex); //NON-NLS return false; } @@ -165,11 +165,11 @@ class KeywordSearchResultFactory extends ChildFactory { try { content = tskCase.getContentById(hit.getContentID()); if (content == null) { - LOGGER.log(Level.SEVERE, "There was a error getting content by id."); //NON-NLS + logger.log(Level.SEVERE, "There was a error getting content by id."); //NON-NLS return false; } } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "There was a error getting content by id.", ex); //NON-NLS + logger.log(Level.SEVERE, "There was a error getting content by id.", ex); //NON-NLS return false; } @@ -192,7 +192,7 @@ class KeywordSearchResultFactory extends ChildFactory { try { hitName = tskCase.getBlackboardArtifact(hit.getArtifactID().get()).getDisplayName() + " Artifact"; //NON-NLS } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error getting blckboard artifact by id", ex); + logger.log(Level.SEVERE, "Error getting blckboard artifact by id", ex); return false; } } else { @@ -250,12 +250,12 @@ class KeywordSearchResultFactory extends ChildFactory { Node resultNode; if (key instanceof KeyValueQueryContent) { - QueryContent queryContent = new QueryContent((KeyValueQueryContent) key); + AdHocQueryResult adHocQueryResult = new AdHocQueryResult((KeyValueQueryContent) key); - Node kvNode = new KeyValueNode(key, Children.LEAF, Lookups.singleton(queryContent)); + Node kvNode = new KeyValueNode(key, Children.LEAF); //wrap in KeywordSearchFilterNode for the markup content, might need to override FilterNode for more customization - resultNode = new KeywordSearchFilterNode(queryContent, kvNode); + resultNode = new KeywordSearchFilterNode(adHocQueryResult, kvNode); } else { resultNode = new EmptyNode("This Node Is Empty"); resultNode.setDisplayName(NbBundle.getMessage(this.getClass(), "KeywordSearchResultFactory.createNodeForKey.noResultsFound.text")); @@ -269,19 +269,19 @@ class KeywordSearchResultFactory extends ChildFactory { * This class encapsulates content, query results, and an associated Solr * object ID for storing in the Lookup to be read later. */ - class QueryContent { + final class AdHocQueryResult { private final long solrObjectId; private final Content content; private final QueryResults results; /** - * Instantiate a QueryContent object. + * Instantiate a AdHocQueryResult object. * * @param solrObjectId The Solr object ID associated with the content. * @param content The content for the query result. * @param results The query results. */ - QueryContent(KeyValueQueryContent key) { + AdHocQueryResult(KeyValueQueryContent key) { this.solrObjectId = key.getSolrObjectId(); this.content = key.getContent(); this.results = key.getHits(); @@ -407,9 +407,9 @@ class KeywordSearchResultFactory extends ChildFactory { try { get(); } catch (InterruptedException | CancellationException ex) { - LOGGER.log(Level.WARNING, "User cancelled writing of ad hoc search query results for '{0}' to the blackboard", query.getQueryString()); //NON-NLS + logger.log(Level.WARNING, "User cancelled writing of ad hoc search query results for '{0}' to the blackboard", query.getQueryString()); //NON-NLS } catch (ExecutionException ex) { - LOGGER.log(Level.SEVERE, "Error writing of ad hoc search query results for " + query.getQueryString() + " to the blackboard", ex); //NON-NLS + logger.log(Level.SEVERE, "Error writing of ad hoc search query results for " + query.getQueryString() + " to the blackboard", ex); //NON-NLS } } From ebc8d5b73c29af3504cb4355b4c448ac0bac76bc Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 9 Feb 2018 15:15:20 -0500 Subject: [PATCH 28/33] Minor changes to 'setNode()'. --- .../keywordsearch/ExtractedContentViewer.java | 31 ++++++++----------- 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index b8fef30f01..4647892cdc 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -27,7 +27,6 @@ import java.util.Collection; import java.util.List; import java.util.logging.Level; import org.openide.nodes.Node; -import org.openide.util.Exceptions; import org.openide.util.Lookup; import org.openide.util.NbBundle; import org.openide.util.lookup.ServiceProvider; @@ -108,6 +107,10 @@ public class ExtractedContentViewer implements DataContentViewer { BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); AbstractFile content = nodeLookup.lookup(AbstractFile.class); + /* + * Add the highlighted text, if any, for any artifact associated with the + * node. + */ if (adHocQueryResult != null) { highlightedHitText = new HighlightedText(adHocQueryResult.getSolrObjectId(), adHocQueryResult.getResults()); } else if (artifact != null) { @@ -115,27 +118,16 @@ public class ExtractedContentViewer implements DataContentViewer { try { highlightedHitText = new HighlightedText(artifact); } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); + logger.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS } } else if (artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID() && content != null) { try { highlightedHitText = getAccountsText(content, nodeLookup); } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); + logger.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS } } } - - if (content != null) { - rawContentText = new RawText(content, content.getId()); - } else if (artifact != null) { - try { - rawContentText = getRawArtifactText(nodeLookup); - } catch (TskCoreException ex) { - Exceptions.printStackTrace(ex); - } - } - if (highlightedHitText != null) { sources.add(highlightedHitText); } @@ -144,7 +136,9 @@ public class ExtractedContentViewer implements DataContentViewer { * Next, add the "raw" (not highlighted) text, if any, for any content * associated with the node. */ - if (rawContentText != null) { + + if (content != null) { + rawContentText = new RawText(content, content.getId()); sources.add(rawContentText); } @@ -155,13 +149,14 @@ public class ExtractedContentViewer implements DataContentViewer { IndexedText rawArtifactText = null; try { rawArtifactText = getRawArtifactText(nodeLookup); + + if (rawArtifactText != null) { + sources.add(rawArtifactText); + } } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS } - if (rawArtifactText != null) { - sources.add(rawArtifactText); - } // Now set the default source to be displayed. if (null != highlightedHitText) { From b28694743d56fa8089fba96f81a76ecd3804babb Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 9 Feb 2018 23:23:52 -0500 Subject: [PATCH 29/33] Fixes. --- .../keywordsearch/ExtractedContentViewer.java | 148 +++++++++--------- 1 file changed, 72 insertions(+), 76 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 4647892cdc..d66617edd2 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -53,7 +53,6 @@ public class ExtractedContentViewer implements DataContentViewer { private static final Logger logger = Logger.getLogger(ExtractedContentViewer.class.getName()); - private static final long INVALID_DOCUMENT_ID = 0L; private static final BlackboardAttribute.Type TSK_ASSOCIATED_ARTIFACT_TYPE = new BlackboardAttribute.Type(TSK_ASSOCIATED_ARTIFACT); public static final BlackboardAttribute.Type TSK_ACCOUNT_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE); @@ -98,33 +97,42 @@ public class ExtractedContentViewer implements DataContentViewer { * node. */ List sources = new ArrayList<>(); - IndexedText highlightedHitText = null; - IndexedText rawContentText = null; - Lookup nodeLookup = node.getLookup(); - AdHocQueryResult adHocQueryResult = nodeLookup.lookup(AdHocQueryResult.class); BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); - AbstractFile content = nodeLookup.lookup(AbstractFile.class); + AbstractFile file = nodeLookup.lookup(AbstractFile.class); /* - * Add the highlighted text, if any, for any artifact associated with the - * node. + * First, get text with highlighted hits if this node is for a search + * result. */ + IndexedText highlightedHitText = null; if (adHocQueryResult != null) { + /* + * The node is an ad hoc search result node. + */ highlightedHitText = new HighlightedText(adHocQueryResult.getSolrObjectId(), adHocQueryResult.getResults()); } else if (artifact != null) { if (artifact.getArtifactTypeID() == TSK_KEYWORD_HIT.getTypeID()) { + /* + * The node is a keyword hit artifact node. + */ try { highlightedHitText = new HighlightedText(artifact); } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Failed to create HighlightedText for " + artifact, ex); //NON-NLS } - } else if (artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID() && content != null) { + } else if (artifact.getArtifactTypeID() == TSK_ACCOUNT.getTypeID() && file != null) { try { - highlightedHitText = getAccountsText(content, nodeLookup); + BlackboardAttribute attribute = artifact.getAttribute(TSK_ACCOUNT_TYPE); + if (attribute != null && Account.Type.CREDIT_CARD.getTypeName().equals(attribute.getValueString())) { + /* + * The node is an credit card account node. + */ + highlightedHitText = getAccountsText(file, nodeLookup); + } } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to create AccountsText for " + content, ex); //NON-NLS + logger.log(Level.SEVERE, "Failed to create AccountsText for " + file, ex); //NON-NLS } } } @@ -133,12 +141,12 @@ public class ExtractedContentViewer implements DataContentViewer { } /* - * Next, add the "raw" (not highlighted) text, if any, for any content + * Next, add the "raw" (not highlighted) text, if any, for any file * associated with the node. */ - - if (content != null) { - rawContentText = new RawText(content, content.getId()); + IndexedText rawContentText = null; + if (file != null) { + rawContentText = new RawText(file, file.getId()); sources.add(rawContentText); } @@ -149,22 +157,20 @@ public class ExtractedContentViewer implements DataContentViewer { IndexedText rawArtifactText = null; try { rawArtifactText = getRawArtifactText(nodeLookup); - if (rawArtifactText != null) { sources.add(rawArtifactText); } } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error creating RawText for " + content, ex); //NON-NLS - + logger.log(Level.SEVERE, "Error creating RawText for " + file, ex); //NON-NLS } // Now set the default source to be displayed. - if (null != highlightedHitText) { + if (highlightedHitText != null) { currentSource = highlightedHitText; - } else if (null != rawContentText) { - currentSource = rawContentText; - } else { + } else if (rawArtifactText != null) { currentSource = rawArtifactText; + } else { + currentSource = rawContentText; } // Push the text sources into the panel. @@ -177,8 +183,8 @@ public class ExtractedContentViewer implements DataContentViewer { panel.updateControls(currentSource); String contentName = ""; - if (content != null) { - contentName = content.getName(); + if (file != null) { + contentName = file.getName(); } setPanel(contentName, sources); @@ -274,80 +280,70 @@ public class ExtractedContentViewer implements DataContentViewer { return false; } + /* + * If the lookup of the node contains an ad hoc search result object, + * then there must be indexed text that produced the hit. + */ AdHocQueryResult adHocQueryResult = node.getLookup().lookup(AdHocQueryResult.class); if (adHocQueryResult != null) { return true; } /* - * Is there a credit card or keyword hit artifact in the lookup + * If the lookup of the node contains either a keyword hit artifact or + * one to many credit card account artifacts from a credit card account + * numbers search, then there must be indexed text that produced the + * hit(s). */ - Collection artifacts = node.getLookup().lookupAll(BlackboardArtifact.class); - if (artifacts != null) { - for (BlackboardArtifact art : artifacts) { - final int artifactTypeID = art.getArtifactTypeID(); - if (artifactTypeID == TSK_KEYWORD_HIT.getTypeID()) { - return true; - } else if (artifactTypeID == TSK_ACCOUNT.getTypeID()) { - try { - BlackboardAttribute attribute = art.getAttribute(TSK_ACCOUNT_TYPE); - if (attribute != null && Account.Type.CREDIT_CARD.getTypeName().equals(attribute.getValueString())) { - return true; - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + art.getArtifactID(), ex); + BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class); + if (artifact != null) { + final int artifactTypeID = artifact.getArtifactTypeID(); + if (artifactTypeID == TSK_KEYWORD_HIT.getTypeID()) { + return true; + } else if (artifactTypeID == TSK_ACCOUNT.getTypeID()) { + try { + BlackboardAttribute attribute = artifact.getAttribute(TSK_ACCOUNT_TYPE); + if (attribute != null && Account.Type.CREDIT_CARD.getTypeName().equals(attribute.getValueString())) { return true; } - } - } - } - /** - * If the node is a Blackboard artifact node for anything other than a - * keyword hit, the document ID for the text extracted from the artifact - * (the concatenation of its attributes) is the artifact ID, a large, - * negative integer. If it is a keyword hit, see if there is an - * associated artifact. If there is, get the associated artifact's ID - * and return it. - */ - long documentID = INVALID_DOCUMENT_ID; - - BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class); - if (null != artifact) { - if (artifact.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { - documentID = artifact.getArtifactID(); - } else { - try { - // Get the associated artifact attribute and return its value as the ID - BlackboardAttribute blackboardAttribute = artifact.getAttribute(TSK_ASSOCIATED_ARTIFACT_TYPE); - if (blackboardAttribute != null) { - documentID = blackboardAttribute.getValueLong(); - } } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Error getting associated artifact attributes", ex); //NON-NLS + /* + * If there is an error, log it and return true. The reason + * for returning true is so that the user will have an + * opportunity to see an error message in the panel when + * this query fails again when setNode is called, instead of + * having an unexpectedly disabled content viewer with no + * other feedback. + */ + logger.log(Level.SEVERE, "Error getting TSK_ACCOUNT_TYPE attribute from artifact " + artifact.getArtifactID(), ex); + return true; } } } /* - * For keyword search hit artifact nodes and all other nodes, the - * document ID for the extracted text is the ID of the associated - * content, if any, unless there is an associated artifact, which is - * handled above. + * If the lookup of the node contains an artifact that is neither a + * keyword hit artifact nor a credit card account artifact, check to see + * if there is indexed text for the artifact. */ - Content content = node.getLookup().lookup(Content.class); - if (content != null) { - documentID = content.getId(); + if (artifact != null) { + return solrHasContent(artifact.getArtifactID()); } /* - * No highlighted text for a keyword hit, so is there any indexed text - * at all for this node? + * If the lookup of the node contains no artifacts but does contain a + * file, check to see if there is indexed text for the file. */ - if (INVALID_DOCUMENT_ID == documentID) { - return false; + AbstractFile file = node.getLookup().lookup(AbstractFile.class); + if (file != null) { + return solrHasContent(file.getId()); } - return solrHasContent(documentID); + /* + * If the lookup of the node contains neither ad hoc search results, nor + * artifacts, nor a file, there is no indexed text. + */ + return false; } @Override From dca73677b3208a76158c60a2b86229fe6e3670be Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Fri, 9 Feb 2018 23:35:34 -0500 Subject: [PATCH 30/33] Fixed merge. --- .../modules/filetypeid/FileTypeDetector.java | 12 ++++---- .../filetypeid/FileTypeIdIngestModule.java | 28 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index f13dd8f223..795afd0838 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -42,8 +42,8 @@ import org.sleuthkit.datamodel.TskData; */ public class FileTypeDetector { - private static final Logger LOGGER = Logger.getLogger(FileTypeDetector.class.getName()); - private static final Tika TIKA = new Tika(); + private static final Logger logger = Logger.getLogger(FileTypeDetector.class.getName()); + private static final Tika tika = new Tika(); private static final int SLACK_FILE_THRESHOLD = 4096; private final List userDefinedFileTypes; private final List autopsyDefinedFileTypes; @@ -224,7 +224,7 @@ public class FileTypeDetector { ReadContentInputStream stream = new ReadContentInputStream(file); try (TikaInputStream tikaInputStream = TikaInputStream.get(stream)) { - String tikaType = TIKA.detect(tikaInputStream, file.getName()); + String tikaType = tika.detect(tikaInputStream, file.getName()); /* * Remove the Tika suffix from the MIME type name. @@ -367,7 +367,7 @@ public class FileTypeDetector { * * @throws TskCoreException if detection is required and there is a problem * writing the result to the case database. - * @deprecated Use detectMIMEType instead, and call AbstractFile.setMIMEType + * @deprecated Use getMIMEType instead, and call AbstractFile.setMIMEType * and AbstractFile.save to save the result to the file object and the * database. */ @@ -391,7 +391,7 @@ public class FileTypeDetector { * @throws TskCoreException if detection is required and there is a problem * writing the result to the case database. * - * @deprecated Use detectMIMEType instead, and call AbstractFile.setMIMEType + * @deprecated Use getMIMEType instead, and call AbstractFile.setMIMEType * and AbstractFile.save to save the result to the file object and the * database. */ @@ -413,7 +413,7 @@ public class FileTypeDetector { * were uncertain, octet-stream is returned. * * @throws TskCoreException - * @deprecated Use detectMIMEType instead. + * @deprecated Use getMIMEType instead. */ @Deprecated public String detect(AbstractFile file) throws TskCoreException { diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 13c68cd53f..be0bcdfbb3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -47,10 +47,10 @@ import org.sleuthkit.datamodel.TskCoreException; }) public class FileTypeIdIngestModule implements FileIngestModule { - private static final Logger LOGGER = Logger.getLogger(FileTypeIdIngestModule.class.getName()); + private static final Logger logger = Logger.getLogger(FileTypeIdIngestModule.class.getName()); private long jobId; - private static final HashMap INGEST_JOB_TOTALS = new HashMap<>(); - private static final IngestModuleReferenceCounter REF_COUNTER = new IngestModuleReferenceCounter(); + private static final HashMap totalsForIngestJobs = new HashMap<>(); + private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); private FileTypeDetector fileTypeDetector; /** @@ -67,7 +67,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { try { return new FileTypeDetector().isDetectable(mimeType); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { - LOGGER.log(Level.SEVERE, "Failed to create file type detector", ex); //NON-NLS + logger.log(Level.SEVERE, "Failed to create file type detector", ex); //NON-NLS return false; } } @@ -82,7 +82,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { @Override public void startUp(IngestJobContext context) throws IngestModuleException { jobId = context.getJobId(); - REF_COUNTER.incrementAndGet(jobId); + refCounter.incrementAndGet(jobId); try { fileTypeDetector = new FileTypeDetector(); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { @@ -99,7 +99,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - String mimeType = fileTypeDetector.detectMIMEType(file); + String mimeType = fileTypeDetector.getMIMEType(file); file.setMIMEType(mimeType); FileType fileType = detectUserDefinedFileType(file); if (fileType != null && fileType.createInterestingFileHit()) { @@ -108,7 +108,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { - LOGGER.log(Level.WARNING, String.format("Error while attempting to determine file type of file %d", file.getId()), e); //NON-NLS + logger.log(Level.WARNING, String.format("Error while attempting to determine file type of file %d", file.getId()), e); //NON-NLS return ProcessResult.ERROR; } } @@ -157,10 +157,10 @@ public class FileTypeIdIngestModule implements FileIngestModule { try { Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact); } catch (Blackboard.BlackboardException ex) { - LOGGER.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS + logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS } } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS + logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS } } @@ -170,10 +170,10 @@ public class FileTypeIdIngestModule implements FileIngestModule { * If this is the instance of this module for this ingest job, post a * summary message to the ingest messages box. */ - if (REF_COUNTER.decrementAndGet(jobId) == 0) { + if (refCounter.decrementAndGet(jobId) == 0) { IngestJobTotals jobTotals; synchronized (this) { - jobTotals = INGEST_JOB_TOTALS.remove(jobId); + jobTotals = totalsForIngestJobs.remove(jobId); } if (jobTotals != null) { StringBuilder detailsSb = new StringBuilder(); @@ -202,15 +202,15 @@ public class FileTypeIdIngestModule implements FileIngestModule { * @param matchTimeInc Amount of time to add. */ private static synchronized void addToTotals(long jobId, long matchTimeInc) { - IngestJobTotals ingestJobTotals = INGEST_JOB_TOTALS.get(jobId); + IngestJobTotals ingestJobTotals = totalsForIngestJobs.get(jobId); if (ingestJobTotals == null) { ingestJobTotals = new IngestJobTotals(); - INGEST_JOB_TOTALS.put(jobId, ingestJobTotals); + totalsForIngestJobs.put(jobId, ingestJobTotals); } ingestJobTotals.matchTime += matchTimeInc; ingestJobTotals.numFiles++; - INGEST_JOB_TOTALS.put(jobId, ingestJobTotals); + totalsForIngestJobs.put(jobId, ingestJobTotals); } private static class IngestJobTotals { From eb3987f8006f9d012d18f96e22397e98109de141 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Mon, 12 Feb 2018 13:19:18 -0500 Subject: [PATCH 31/33] Fixed bugs; cleanup. --- .../keywordsearch/ExtractedContentViewer.java | 22 +++-- .../KeywordSearchFilterNode.java | 2 +- .../KeywordSearchResultFactory.java | 86 ++++++++++++------- 3 files changed, 73 insertions(+), 37 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index d66617edd2..97066a61c8 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -98,9 +98,22 @@ public class ExtractedContentViewer implements DataContentViewer { */ List sources = new ArrayList<>(); Lookup nodeLookup = node.getLookup(); + AdHocQueryResult adHocQueryResult = nodeLookup.lookup(AdHocQueryResult.class); - BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); - AbstractFile file = nodeLookup.lookup(AbstractFile.class); + AbstractFile file; + BlackboardArtifact artifact; + + /* + * If we have an ad hoc query result, pull the file and artifact objects + * from that. Otherwise, pull them from the lookup. + */ + if (adHocQueryResult != null) { + artifact = adHocQueryResult.getArtifact(); + file = adHocQueryResult.getFile(); + } else { + artifact = nodeLookup.lookup(BlackboardArtifact.class); + file = nodeLookup.lookup(AbstractFile.class); + } /* * First, get text with highlighted hits if this node is for a search @@ -156,7 +169,7 @@ public class ExtractedContentViewer implements DataContentViewer { */ IndexedText rawArtifactText = null; try { - rawArtifactText = getRawArtifactText(nodeLookup); + rawArtifactText = getRawArtifactText(artifact); if (rawArtifactText != null) { sources.add(rawArtifactText); } @@ -190,9 +203,8 @@ public class ExtractedContentViewer implements DataContentViewer { } - static private IndexedText getRawArtifactText(Lookup nodeLookup) throws TskCoreException { + static private IndexedText getRawArtifactText(BlackboardArtifact artifact) throws TskCoreException { IndexedText rawArtifactText = null; - BlackboardArtifact artifact = nodeLookup.lookup(BlackboardArtifact.class); if (null != artifact) { /* * For keyword hit artifacts, add the text of the artifact that hit, diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java index 58876870e5..98c7ca0969 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java @@ -53,7 +53,7 @@ import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.VirtualDirectory; /** - * FilterNode containing data pertaining to keyword search. + * FilterNode containing properties and actions for keyword search. */ class KeywordSearchFilterNode extends FilterNode { diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java index fb37a84e59..6725c647cc 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java @@ -37,7 +37,6 @@ import org.openide.nodes.ChildFactory; import org.openide.nodes.Children; import org.openide.nodes.Node; import org.openide.util.NbBundle; -import org.openide.util.lookup.Lookups; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; @@ -49,6 +48,7 @@ import org.sleuthkit.autopsy.datamodel.KeyValue; import org.sleuthkit.autopsy.datamodel.KeyValueNode; import org.sleuthkit.autopsy.keywordsearch.KeywordSearchResultFactory.KeyValueQueryContent; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD; import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW; @@ -75,10 +75,10 @@ class KeywordSearchResultFactory extends ChildFactory { TSK_KEYWORD, TSK_KEYWORD_REGEXP, TSK_KEYWORD_PREVIEW) - .map(BlackboardAttribute.ATTRIBUTE_TYPE::getDisplayName), + .map(BlackboardAttribute.ATTRIBUTE_TYPE::getDisplayName), Arrays.stream(AbstractAbstractFileNode.AbstractFilePropertyType.values()) - .map(Object::toString)) - .collect(Collectors.toList()); + .map(Object::toString)) + .collect(Collectors.toList()); private final Collection queryRequests; @@ -188,9 +188,11 @@ class KeywordSearchResultFactory extends ChildFactory { } String hitName; + BlackboardArtifact artifact = null; if (hit.isArtifactHit()) { try { - hitName = tskCase.getBlackboardArtifact(hit.getArtifactID().get()).getDisplayName() + " Artifact"; //NON-NLS + artifact = tskCase.getBlackboardArtifact(hit.getArtifactID().get()); + hitName = artifact.getDisplayName() + " Artifact"; //NON-NLS } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Error getting blckboard artifact by id", ex); return false; @@ -199,7 +201,7 @@ class KeywordSearchResultFactory extends ChildFactory { hitName = contentName; } hitNumber++; - tempList.add(new KeyValueQueryContent(hitName, properties, hitNumber, hit.getSolrObjectId(), content, queryRequest, queryResults)); + tempList.add(new KeyValueQueryContent(hitName, properties, hitNumber, hit.getSolrObjectId(), (AbstractFile) content, artifact, queryRequest, queryResults)); } @@ -264,50 +266,65 @@ class KeywordSearchResultFactory extends ChildFactory { return resultNode; } - + /** * This class encapsulates content, query results, and an associated Solr * object ID for storing in the Lookup to be read later. */ final class AdHocQueryResult { + private final long solrObjectId; - private final Content content; + private final AbstractFile file; + private final BlackboardArtifact artifact; private final QueryResults results; - + /** * Instantiate a AdHocQueryResult object. - * - * @param solrObjectId The Solr object ID associated with the content. - * @param content The content for the query result. - * @param results The query results. + * + * @param solrObjectId The Solr object ID associated with the object in + * which the hit was found. + * @param file The file for the query result. + * @param artifact The artifact associated with the query result. + * @param results The query results. */ AdHocQueryResult(KeyValueQueryContent key) { this.solrObjectId = key.getSolrObjectId(); - this.content = key.getContent(); + this.file = key.getFile(); + this.artifact = key.getArtifact(); this.results = key.getHits(); } - + /** - * Get the Solr object ID associated with the content. - * + * Get the Solr object ID associated with the object in which the hit + * was found. This could be a file or an artifact. + * * @return The Solr object ID. */ long getSolrObjectId() { return solrObjectId; } - + /** - * Get the content for the query result. - * + * Get the file for the query result. + * * @return The content. */ - Content getContent() { - return content; + AbstractFile getFile() { + return file; } - + + /** + * Get the artifact for the query result. + * + * @return The artifact. + */ + BlackboardArtifact getArtifact() { + return artifact; + } + /** * Get the query results. - * + * * @return The query results. */ QueryResults getResults() { @@ -323,7 +340,8 @@ class KeywordSearchResultFactory extends ChildFactory { private final long solrObjectId; - private final Content content; + private final AbstractFile file; + private final BlackboardArtifact artifact; private final QueryResults hits; private final KeywordSearchQuery query; @@ -335,22 +353,28 @@ class KeywordSearchResultFactory extends ChildFactory { * @param map Contains content metadata, snippets, etc. * (property map) * @param id User incremented ID - * @param solrObjectId - * @param content File that had the hit. + * @param solrObjectId The ID of the object. + * @param file File that had the hit. + * @param artifact The blackboard artifact. * @param query Query used in search * @param hits Full set of search results (for all files! @@@) */ - KeyValueQueryContent(String name, Map map, int id, long solrObjectId, Content content, KeywordSearchQuery query, QueryResults hits) { + KeyValueQueryContent(String name, Map map, int id, long solrObjectId, AbstractFile file, BlackboardArtifact artifact, KeywordSearchQuery query, QueryResults hits) { super(name, map, id); this.solrObjectId = solrObjectId; - this.content = content; + this.file = file; + this.artifact = artifact; this.hits = hits; this.query = query; } - Content getContent() { - return content; + AbstractFile getFile() { + return file; + } + + BlackboardArtifact getArtifact() { + return artifact; } long getSolrObjectId() { From d8be685908b28e29143e389efa3762a2c01eb3f1 Mon Sep 17 00:00:00 2001 From: "U-BASIS\\dgrove" Date: Mon, 12 Feb 2018 15:31:38 -0500 Subject: [PATCH 32/33] Changed AbstractFile to Content to account for data sources. --- .../keywordsearch/ExtractedContentViewer.java | 7 ++-- .../KeywordSearchResultFactory.java | 32 +++++++++++-------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java index 97066a61c8..0f05f3df99 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java @@ -100,7 +100,7 @@ public class ExtractedContentViewer implements DataContentViewer { Lookup nodeLookup = node.getLookup(); AdHocQueryResult adHocQueryResult = nodeLookup.lookup(AdHocQueryResult.class); - AbstractFile file; + AbstractFile file = null; BlackboardArtifact artifact; /* @@ -109,7 +109,10 @@ public class ExtractedContentViewer implements DataContentViewer { */ if (adHocQueryResult != null) { artifact = adHocQueryResult.getArtifact(); - file = adHocQueryResult.getFile(); + Content content = adHocQueryResult.getContent(); + if (content instanceof AbstractFile) { + file = (AbstractFile) content; + } } else { artifact = nodeLookup.lookup(BlackboardArtifact.class); file = nodeLookup.lookup(AbstractFile.class); diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java index 6725c647cc..fbeb4268b7 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchResultFactory.java @@ -201,7 +201,7 @@ class KeywordSearchResultFactory extends ChildFactory { hitName = contentName; } hitNumber++; - tempList.add(new KeyValueQueryContent(hitName, properties, hitNumber, hit.getSolrObjectId(), (AbstractFile) content, artifact, queryRequest, queryResults)); + tempList.add(new KeyValueQueryContent(hitName, properties, hitNumber, hit.getSolrObjectId(), content, artifact, queryRequest, queryResults)); } @@ -274,7 +274,7 @@ class KeywordSearchResultFactory extends ChildFactory { final class AdHocQueryResult { private final long solrObjectId; - private final AbstractFile file; + private final Content content; private final BlackboardArtifact artifact; private final QueryResults results; @@ -283,13 +283,13 @@ class KeywordSearchResultFactory extends ChildFactory { * * @param solrObjectId The Solr object ID associated with the object in * which the hit was found. - * @param file The file for the query result. + * @param content The content for the query result. * @param artifact The artifact associated with the query result. * @param results The query results. */ AdHocQueryResult(KeyValueQueryContent key) { this.solrObjectId = key.getSolrObjectId(); - this.file = key.getFile(); + this.content = key.getContent(); this.artifact = key.getArtifact(); this.results = key.getHits(); } @@ -305,12 +305,16 @@ class KeywordSearchResultFactory extends ChildFactory { } /** - * Get the file for the query result. + * Get the content for the query result. This can be either a file or a + * data source, and it may or may not be the content in which the hit + * occurred. If the hit is in a file, the Content object represents that + * file. But if the hit is in an artifact, the Content object represents + * the source file or data source of the artifact. * - * @return The content. + * @return The content object. */ - AbstractFile getFile() { - return file; + Content getContent() { + return content; } /** @@ -340,7 +344,7 @@ class KeywordSearchResultFactory extends ChildFactory { private final long solrObjectId; - private final AbstractFile file; + private final Content content; private final BlackboardArtifact artifact; private final QueryResults hits; private final KeywordSearchQuery query; @@ -354,23 +358,23 @@ class KeywordSearchResultFactory extends ChildFactory { * (property map) * @param id User incremented ID * @param solrObjectId The ID of the object. - * @param file File that had the hit. + * @param content The content object. * @param artifact The blackboard artifact. * @param query Query used in search * @param hits Full set of search results (for all files! @@@) */ - KeyValueQueryContent(String name, Map map, int id, long solrObjectId, AbstractFile file, BlackboardArtifact artifact, KeywordSearchQuery query, QueryResults hits) { + KeyValueQueryContent(String name, Map map, int id, long solrObjectId, Content content, BlackboardArtifact artifact, KeywordSearchQuery query, QueryResults hits) { super(name, map, id); this.solrObjectId = solrObjectId; - this.file = file; + this.content = content; this.artifact = artifact; this.hits = hits; this.query = query; } - AbstractFile getFile() { - return file; + Content getContent() { + return content; } BlackboardArtifact getArtifact() { From be21b664a422d28a242e28a2b6d70dc828cb5f34 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Mon, 12 Feb 2018 16:07:45 -0500 Subject: [PATCH 33/33] 3445 add Date condition xml writing for exporting rules to xml --- .../interestingitems/InterestingItemsFilesSetSettings.java | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java index 0e1bfff033..3f4cca4465 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java @@ -576,6 +576,13 @@ class InterestingItemsFilesSetSettings implements Serializable { ruleElement.setAttribute(FS_SIZE_ATTR, Integer.toString(sizeCondition.getSizeValue())); ruleElement.setAttribute(FS_UNITS_ATTR, sizeCondition.getUnit().getName()); } + + //Add the optional date condition + DateCondition dateCondition = rule.getDateCondition(); + if (dateCondition != null) { + ruleElement.setAttribute(DAYS_INCLUDED_ATTR, Integer.toString(dateCondition.getDaysIncluded())); + } + setElement.appendChild(ruleElement); } rootElement.appendChild(setElement);