From a549951eb39a502a8d3ab3ef063422652a5320b4 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Mon, 17 May 2021 13:56:11 -0400 Subject: [PATCH 1/5] initial changes --- .../autopsy/datamodel/AbstractContentNode.java | 14 ++++++++++++-- .../org/sleuthkit/autopsy/datamodel/ImageNode.java | 14 -------------- .../sleuthkit/autopsy/datamodel/OsAccounts.java | 5 ----- .../org/sleuthkit/autopsy/datamodel/PoolNode.java | 14 -------------- .../autopsy/datamodel/UnsupportedContentNode.java | 14 -------------- .../sleuthkit/autopsy/datamodel/VolumeNode.java | 14 -------------- 6 files changed, 12 insertions(+), 63 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java index 8b1d22d349..e551a62b14 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java @@ -40,6 +40,7 @@ import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.Content; +import org.sleuthkit.datamodel.Score; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.Tag; import org.sleuthkit.datamodel.TskCoreException; @@ -57,7 +58,7 @@ public abstract class AbstractContentNode extends ContentNode /** * Underlying Sleuth Kit Content object */ - T content; + protected final T content; private static final Logger logger = Logger.getLogger(AbstractContentNode.class.getName()); /** @@ -339,7 +340,16 @@ public abstract class AbstractContentNode extends ContentNode * * @return Score property for the underlying content of the node. */ - abstract protected Pair getScorePropertyAndDescription(List tags); + protected Pair getScorePropertyAndDescription(List tags) { + Score score = null; + try { + score = this.content.getAggregateScore(); + } catch (TskCoreException ex) { + logger.log(Level.WARNING, "Unable to get aggregate score for content with id: " + this.content.getId(), ex); + } + + + } /** * Returns comment property for the node. diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java index 06a50eb788..ea0e2bb347 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java @@ -282,20 +282,6 @@ public class ImageNode extends AbstractContentNode { return null; } - /** - * Returns Score property for the node. - * - * Null implementation of an abstract method. - * - * @param tags list of tags. - * - * @return Score property for the underlying content of the node. - */ - @Override - protected Pair getScorePropertyAndDescription(List tags) { - return Pair.of(DataResultViewerTable.Score.NO_SCORE, NO_DESCR); - } - /** * Returns comment property for the node. * diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java index 170251bd13..be36f0a062 100755 --- a/Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java @@ -333,11 +333,6 @@ public final class OsAccounts implements AutopsyVisitableItem { return null; } - @Override - protected Pair getScorePropertyAndDescription(List tags) { - return null; - } - @Override protected DataResultViewerTable.HasCommentStatus getCommentProperty(List tags, CorrelationAttributeInstance attribute) { return DataResultViewerTable.HasCommentStatus.NO_COMMENT; diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/PoolNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/PoolNode.java index 9bc7736952..3050e25712 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/PoolNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/PoolNode.java @@ -156,20 +156,6 @@ public class PoolNode extends AbstractContentNode { return null; } - /** - * Returns Score property for the node. - * - * Null implementation of an abstract method. - * - * @param tags list of tags. - * - * @return Score property for the underlying content of the node. - */ - @Override - protected Pair getScorePropertyAndDescription(List tags) { - return Pair.of(DataResultViewerTable.Score.NO_SCORE, NO_DESCR); - } - /** * Returns comment property for the node. * diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/UnsupportedContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/UnsupportedContentNode.java index 4d8a3473e6..6d4b9fe5c6 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/UnsupportedContentNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/UnsupportedContentNode.java @@ -138,20 +138,6 @@ public class UnsupportedContentNode extends AbstractContentNode getScorePropertyAndDescription(List tags) { - return Pair.of(DataResultViewerTable.Score.NO_SCORE, NO_DESCR); - } - /** * Returns comment property for the node. * diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/VolumeNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/VolumeNode.java index f8a6f2e5df..709c8375a9 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/VolumeNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/VolumeNode.java @@ -258,20 +258,6 @@ public class VolumeNode extends AbstractContentNode { return null; } - /** - * Returns Score property for the node. - * - * Null implementation of an abstract method. - * - * @param tags list of tags. - * - * @return Score property for the underlying content of the node. - */ - @Override - protected Pair getScorePropertyAndDescription(List tags) { - return Pair.of(DataResultViewerTable.Score.NO_SCORE, NO_DESCR); - } - /** * Returns comment property for the node. * From d69d7216b51e7030a4de11f6857aa6b2ca28eb08 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Mon, 17 May 2021 16:13:14 -0400 Subject: [PATCH 2/5] first draft; description needs to be done --- .../corecomponents/DataResultViewerTable.java | 40 +++++--- .../datamodel/AbstractAbstractFileNode.java | 41 +------- .../datamodel/AbstractContentNode.java | 7 +- .../datamodel/BlackboardArtifactNode.java | 94 +------------------ .../sleuthkit/autopsy/datamodel/SCOData.java | 7 +- 5 files changed, 38 insertions(+), 151 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java index 48e7427172..8464969920 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java @@ -87,6 +87,8 @@ import org.sleuthkit.autopsy.datamodel.BaseChildFactory; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageChangeEvent; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageCountChangeEvent; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageSizeChangeEvent; +import org.sleuthkit.datamodel.Score; +import org.sleuthkit.datamodel.Score.Significance; /** * A tabular result viewer that displays the children of the given root node @@ -1263,6 +1265,29 @@ public class DataResultViewerTable extends AbstractDataResultViewer { private static final long serialVersionUID = 1L; + /** + * Returns the icon denoted by the Score's Significance. + * @param significance The Score's Significance. + * @return The icon (or null) related to that significance. + */ + private ImageIcon getIcon(Significance significance) { + if (significance == null) { + return null; + } + + switch (significance) { + case NOTABLE: + return NOTABLE_ICON_SCORE; + case LIKELY_NOTABLE: + return INTERESTING_SCORE_ICON; + case LIKELY_NONE: + case NONE: + case UNKNOWN: + default: + return null; + } + } + @Override public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) { Component component = super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column); @@ -1283,19 +1308,8 @@ public class DataResultViewerTable extends AbstractDataResultViewer { switchValue = value; } setText(""); - if ((switchValue instanceof Score)) { - - switch ((Score) switchValue) { - case INTERESTING_SCORE: - setIcon(INTERESTING_SCORE_ICON); - break; - case NOTABLE_SCORE: - setIcon(NOTABLE_ICON_SCORE); - break; - case NO_SCORE: - default: - setIcon(null); - } + if ((switchValue instanceof org.sleuthkit.datamodel.Score)) { + setIcon(getIcon(((org.sleuthkit.datamodel.Score) switchValue).getSignificance())); } else { setIcon(null); } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java index ee862eee96..2bd4e702c3 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java @@ -46,7 +46,6 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoException; import org.sleuthkit.autopsy.core.UserPreferences; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.HasCommentStatus; -import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.Score; import org.sleuthkit.autopsy.coreutils.Logger; import static org.sleuthkit.autopsy.datamodel.Bundle.*; import static org.sleuthkit.autopsy.datamodel.AbstractAbstractFileNode.AbstractFilePropertyType.*; @@ -59,14 +58,13 @@ import org.sleuthkit.autopsy.texttranslation.NoServiceProviderException; import org.sleuthkit.autopsy.texttranslation.TextTranslationService; import org.sleuthkit.autopsy.texttranslation.TranslationException; import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.ContentTag; import org.sleuthkit.datamodel.Tag; import org.sleuthkit.datamodel.TskCoreException; -import org.sleuthkit.datamodel.TskData; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; import org.sleuthkit.autopsy.texttranslation.utils.FileNameTranslationUtil; +import org.sleuthkit.datamodel.Score; /** * An abstract node that encapsulates AbstractFile data @@ -432,43 +430,6 @@ public abstract class AbstractAbstractFileNode extends A return Pair.of(count, description); } - @NbBundle.Messages({ - "AbstractAbstractFileNode.createSheet.score.displayName=S", - "AbstractAbstractFileNode.createSheet.notableFile.description=File recognized as notable.", - "AbstractAbstractFileNode.createSheet.interestingResult.description=File has interesting result associated with it.", - "AbstractAbstractFileNode.createSheet.taggedFile.description=File has been tagged.", - "AbstractAbstractFileNode.createSheet.notableTaggedFile.description=File tagged with notable tag.", - "AbstractAbstractFileNode.createSheet.noScore.description=No score"}) - @Override - protected Pair getScorePropertyAndDescription(List tags) { - DataResultViewerTable.Score score = DataResultViewerTable.Score.NO_SCORE; - String description = Bundle.AbstractAbstractFileNode_createSheet_noScore_description(); - if (content.getKnown() == TskData.FileKnown.BAD) { - score = DataResultViewerTable.Score.NOTABLE_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_notableFile_description(); - } - try { - if (score == DataResultViewerTable.Score.NO_SCORE && !content.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT).isEmpty()) { - score = DataResultViewerTable.Score.INTERESTING_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_interestingResult_description(); - } - } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Error getting artifacts for file: " + content.getName(), ex); - } - if (!tags.isEmpty() && (score == DataResultViewerTable.Score.NO_SCORE || score == DataResultViewerTable.Score.INTERESTING_SCORE)) { - score = DataResultViewerTable.Score.INTERESTING_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_taggedFile_description(); - for (Tag tag : tags) { - if (tag.getName().getKnownStatus() == TskData.FileKnown.BAD) { - score = DataResultViewerTable.Score.NOTABLE_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_notableTaggedFile_description(); - break; - } - } - } - return Pair.of(score, description); - } - @NbBundle.Messages({ "AbstractAbstractFileNode.createSheet.comment.displayName=C"}) @Override diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java index e551a62b14..ee9d4a425e 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java @@ -340,15 +340,16 @@ public abstract class AbstractContentNode extends ContentNode * * @return Score property for the underlying content of the node. */ - protected Pair getScorePropertyAndDescription(List tags) { - Score score = null; + protected Pair getScorePropertyAndDescription(List tags) { + Score score = Score.SCORE_UNKNOWN; try { score = this.content.getAggregateScore(); } catch (TskCoreException ex) { logger.log(Level.WARNING, "Unable to get aggregate score for content with id: " + this.content.getId(), ex); } - + score.getSignificance().getDisplayName(); + return Pair.of(score, ); } /** diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 5bfca75425..8e52e6d8b7 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -59,12 +59,10 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUti import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoException; import org.sleuthkit.autopsy.core.UserPreferences; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; -import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.Score; import org.sleuthkit.autopsy.coreutils.Logger; import static org.sleuthkit.autopsy.datamodel.DisplayableItemNode.findLinked; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.HasCommentStatus; import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.backgroundTasksPool; -import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager; import org.sleuthkit.autopsy.timeline.actions.ViewArtifactInTimelineAction; import org.sleuthkit.autopsy.timeline.actions.ViewFileInTimelineAction; import org.sleuthkit.datamodel.AbstractFile; @@ -75,12 +73,12 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Tag; import org.sleuthkit.datamodel.TskCoreException; -import org.sleuthkit.datamodel.TskData; import org.sleuthkit.autopsy.datamodel.utils.IconsUtil; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR; import org.sleuthkit.autopsy.texttranslation.TextTranslationService; import org.sleuthkit.autopsy.datamodel.utils.FileNameTransTask; +import org.sleuthkit.datamodel.Score; /** * A BlackboardArtifactNode is an AbstractNode implementation that can be used @@ -843,94 +841,6 @@ public class BlackboardArtifactNode extends AbstractContentNode getScorePropertyAndDescription(List tags) { - /* - * Is the artifact's source content marked as notable? - */ - Score score = Score.NO_SCORE; - String description = Bundle.BlackboardArtifactNode_createSheet_noScore_description(); - if (srcContent instanceof AbstractFile) { - if (((AbstractFile) srcContent).getKnown() == TskData.FileKnown.BAD) { - score = Score.NOTABLE_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_notableFile_description(); - } - } - - /* - * If the artifact is a hash set hit, is the hash set a notable hashes - * hash set? - */ - if (score == Score.NO_SCORE && artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { - try { - BlackboardAttribute attr = artifact.getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SET_NAME)); - List notableHashsets = HashDbManager.getInstance().getKnownBadFileHashSets(); - for (HashDbManager.HashDb hashDb : notableHashsets) { - if (hashDb.getHashSetName().equals(attr.getValueString())) { - score = Score.NOTABLE_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_notableFile_description(); - break; - } - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, MessageFormat.format("Error getting TSK_SET_NAME attribute for TSK_HASHSET_HIT artifact (artifact objID={0})", artifact.getId()), ex); - } - } - - /* - * Is the artifact's source content notable? - */ - if (score == Score.NO_SCORE) { - try { - if (!srcContent.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT).isEmpty()) { - score = Score.INTERESTING_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_interestingResult_description(); - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, MessageFormat.format("Error getting TSK_INTERESTING_ARTIFACT_HIT artifacts for source content (artifact objID={0})", artifact.getId()), ex); - } - } - - /* - * Analyze any tags applied to the artifact or its source content. If - * there are tags, tha artifact is at least interesting. If one of the - * tags is a notable tag, the artifact is notable. - */ - if (tags.size() > 0 && (score == Score.NO_SCORE || score == Score.INTERESTING_SCORE)) { - score = Score.INTERESTING_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_taggedItem_description(); - for (Tag tag : tags) { - if (tag.getName().getKnownStatus() == TskData.FileKnown.BAD) { - score = Score.NOTABLE_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_notableTaggedItem_description(); - break; - } - } - } - - return Pair.of(score, description); - } - /** * Computes the value of the other occurrences property ("O" in S, C, O) for * the artifact represented by this node. The value of the other occurrences @@ -1146,7 +1056,7 @@ public class BlackboardArtifactNode extends AbstractContentNode tags) { - Pair scoreAndDescription = getScorePropertyAndDescription(tags); + Pair scoreAndDescription = getScorePropertyAndDescription(tags); sheetSet.put(new NodeProperty<>(Bundle.BlackboardArtifactNode_createSheet_score_name(), Bundle.BlackboardArtifactNode_createSheet_score_displayName(), scoreAndDescription.getRight(), scoreAndDescription.getLeft())); } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java b/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java index a9dd99369d..ed9d232034 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java @@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.datamodel; import org.apache.commons.lang3.tuple.Pair; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; +import org.sleuthkit.datamodel.Score; /** * Container to bag the S C & O data for an abstract file node. @@ -27,11 +28,11 @@ import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; */ class SCOData { - private Pair scoreAndDescription = null; + private Pair scoreAndDescription = null; private DataResultViewerTable.HasCommentStatus comment = null; private Pair countAndDescription = null; - Pair getScoreAndDescription() { + Pair getScoreAndDescription() { return scoreAndDescription; } @@ -43,7 +44,7 @@ class SCOData { return countAndDescription; } - void setScoreAndDescription(Pair scoreAndDescription) { + void setScoreAndDescription(Pair scoreAndDescription) { this.scoreAndDescription = scoreAndDescription; } void setComment(DataResultViewerTable.HasCommentStatus comment) { From 711095725256430ee7aebe1375fdad76ffc07efd Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 18 May 2021 08:55:22 -0400 Subject: [PATCH 3/5] updates in Discovery --- .../corecomponents/DataResultViewerTable.java | 1 - .../datamodel/AbstractContentNode.java | 10 ++- .../datamodel/Bundle.properties-MERGED | 8 +-- .../discovery/search/Bundle.properties-MERGED | 6 +- .../autopsy/discovery/search/ResultFile.java | 67 +++++-------------- .../discovery/ui/DiscoveryUiUtils.java | 35 ++++++---- 6 files changed, 50 insertions(+), 77 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java index 8464969920..e8c5ae4aea 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java @@ -87,7 +87,6 @@ import org.sleuthkit.autopsy.datamodel.BaseChildFactory; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageChangeEvent; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageCountChangeEvent; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageSizeChangeEvent; -import org.sleuthkit.datamodel.Score; import org.sleuthkit.datamodel.Score.Significance; /** diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java index ee9d4a425e..bf9a7669c1 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java @@ -32,6 +32,7 @@ import org.openide.nodes.Sheet; import org.openide.util.lookup.Lookups; import org.openide.util.Lookup; import org.openide.util.NbBundle; +import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance; @@ -340,6 +341,10 @@ public abstract class AbstractContentNode extends ContentNode * * @return Score property for the underlying content of the node. */ + @Messages({ + "# {0} - significanceDisplayName", + "AbstractContentNode_getScorePropertyAndDescription_description=Has an {0} analysis result score" + }) protected Pair getScorePropertyAndDescription(List tags) { Score score = Score.SCORE_UNKNOWN; try { @@ -348,8 +353,9 @@ public abstract class AbstractContentNode extends ContentNode logger.log(Level.WARNING, "Unable to get aggregate score for content with id: " + this.content.getId(), ex); } - score.getSignificance().getDisplayName(); - return Pair.of(score, ); + String significanceDisplay = score.getSignificance().getDisplayName(); + String description = Bundle.AbstractContentNode_getScorePropertyAndDescription_description(significanceDisplay); + return Pair.of(score, description); } /** diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/datamodel/Bundle.properties-MERGED index 2feefb56c7..3aa5e90bd3 100755 --- a/Core/src/org/sleuthkit/autopsy/datamodel/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/datamodel/Bundle.properties-MERGED @@ -9,13 +9,7 @@ AbstractAbstractFileNode.createSheet.count.description=There were {0} datasource AbstractAbstractFileNode.createSheet.count.displayName=O AbstractAbstractFileNode.createSheet.count.hashLookupNotRun.description=Hash lookup had not been run on this file when the column was populated AbstractAbstractFileNode.createSheet.count.name=O -AbstractAbstractFileNode.createSheet.interestingResult.description=File has interesting result associated with it. -AbstractAbstractFileNode.createSheet.noScore.description=No score -AbstractAbstractFileNode.createSheet.notableFile.description=File recognized as notable. -AbstractAbstractFileNode.createSheet.notableTaggedFile.description=File tagged with notable tag. -AbstractAbstractFileNode.createSheet.score.displayName=S AbstractAbstractFileNode.createSheet.score.name=S -AbstractAbstractFileNode.createSheet.taggedFile.description=File has been tagged. AbstractAbstractFileNode.extensionColLbl=Extension AbstractAbstractFileNode.flagsDirColLbl=Flags(Dir) AbstractAbstractFileNode.flagsMetaColLbl=Flags(Meta) @@ -38,6 +32,8 @@ AbstractAbstractFileNode.typeMetaColLbl=Type(Meta) AbstractAbstractFileNode.useridColLbl=UserID AbstractContentNode.nodescription=no description AbstractContentNode.valueLoading=value loading +# {0} - significanceDisplayName +AbstractContentNode_getScorePropertyAndDescription_description=Has an {0} analysis result score AbstractFsContentNode.noDesc.text=no description AnalysisResults_name=Analysis Results ArtifactStringContent.attrsTableHeader.sources=Source(s) diff --git a/Core/src/org/sleuthkit/autopsy/discovery/search/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/discovery/search/Bundle.properties-MERGED index ac2756ea33..2115f5256b 100644 --- a/Core/src/org/sleuthkit/autopsy/discovery/search/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/discovery/search/Bundle.properties-MERGED @@ -58,10 +58,8 @@ FileSorter.SortingMethod.keywordlist.displayName=Keyword List Names FileSorter.SortingMethod.pageViews.displayName=Page Views ResultDomain_getDefaultCategory=Uncategorized ResultDomain_noAccountTypes=Unknown -ResultFile.score.interestingResult.description=At least one instance of the file has an interesting result associated with it. -ResultFile.score.notableFile.description=At least one instance of the file was recognized as notable. -ResultFile.score.notableTaggedFile.description=At least one instance of the file is tagged with a notable tag. -ResultFile.score.taggedFile.description=At least one instance of the file has been tagged. +# {0} - significanceDisplayName +ResultFile_updateScoreAndDescription_description=Has an {0} analysis result score SearchData.AttributeType.Domain.displayName=Domain SearchData.FileSize.100kbto1mb=: 100KB-1MB SearchData.FileSize.100mbto1gb=: 100MB-1GB diff --git a/Core/src/org/sleuthkit/autopsy/discovery/search/ResultFile.java b/Core/src/org/sleuthkit/autopsy/discovery/search/ResultFile.java index 59bfbf48f2..24237bed64 100644 --- a/Core/src/org/sleuthkit/autopsy/discovery/search/ResultFile.java +++ b/Core/src/org/sleuthkit/autopsy/discovery/search/ResultFile.java @@ -23,18 +23,15 @@ import org.sleuthkit.datamodel.AbstractFile; import java.util.ArrayList; import java.util.Collections; import java.util.List; -import java.util.logging.Level; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; import org.sleuthkit.autopsy.coreutils.Logger; import static org.sleuthkit.autopsy.discovery.search.SearchData.Type.OTHER; -import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.Content; -import org.sleuthkit.datamodel.ContentTag; import org.sleuthkit.datamodel.HashUtility; -import org.sleuthkit.datamodel.Tag; +import org.sleuthkit.datamodel.Score; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; @@ -49,7 +46,7 @@ public class ResultFile extends Result { private final List interestingSetNames; private final List objectDetectedNames; private final List instances = new ArrayList<>(); - private DataResultViewerTable.Score currentScore = DataResultViewerTable.Score.NO_SCORE; + private Score currentScore = Score.SCORE_UNKNOWN; private String scoreDescription = null; private boolean deleted = false; private Type fileType; @@ -108,7 +105,7 @@ public class ResultFile extends Result { * * @return The score of this ResultFile. */ - public DataResultViewerTable.Score getScore() { + public Score getScore() { return currentScore; } @@ -286,56 +283,22 @@ public class ResultFile extends Result { } } - /** - * Get all tags from the case database that are associated with the file - * - * @return a list of tags that are associated with the file - */ - private List getContentTagsFromDatabase(AbstractFile file) { - List tags = new ArrayList<>(); - try { - tags.addAll(Case.getCurrentCaseThrows().getServices().getTagsManager().getContentTagsByContent(file)); - } catch (TskCoreException | NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "Failed to get tags for file " + file.getName(), ex); - } - return tags; - } - + @NbBundle.Messages({ - "ResultFile.score.notableFile.description=At least one instance of the file was recognized as notable.", - "ResultFile.score.interestingResult.description=At least one instance of the file has an interesting result associated with it.", - "ResultFile.score.taggedFile.description=At least one instance of the file has been tagged.", - "ResultFile.score.notableTaggedFile.description=At least one instance of the file is tagged with a notable tag."}) + "# {0} - significanceDisplayName", + "ResultFile_updateScoreAndDescription_description=Has an {0} analysis result score" + }) private void updateScoreAndDescription(AbstractFile file) { - if (currentScore == DataResultViewerTable.Score.NOTABLE_SCORE) { - //already notable can return - return; - } - if (file.getKnown() == TskData.FileKnown.BAD) { - currentScore = DataResultViewerTable.Score.NOTABLE_SCORE; - scoreDescription = Bundle.ResultFile_score_notableFile_description(); - return; - } + Score score = Score.SCORE_UNKNOWN; try { - if (currentScore == DataResultViewerTable.Score.NO_SCORE && !file.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT).isEmpty()) { - currentScore = DataResultViewerTable.Score.INTERESTING_SCORE; - scoreDescription = Bundle.ResultFile_score_interestingResult_description(); - } - } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Error getting artifacts for file: " + file.getName(), ex); - } - List tags = getContentTagsFromDatabase(file); - if (!tags.isEmpty()) { - currentScore = DataResultViewerTable.Score.INTERESTING_SCORE; - scoreDescription = Bundle.ResultFile_score_taggedFile_description(); - for (Tag tag : tags) { - if (tag.getName().getKnownStatus() == TskData.FileKnown.BAD) { - currentScore = DataResultViewerTable.Score.NOTABLE_SCORE; - scoreDescription = Bundle.ResultFile_score_notableTaggedFile_description(); - return; - } - } + score = Case.getCurrentCaseThrows().getSleuthkitCase().getScoringManager().getAggregateScore(file.getId()); + } catch (NoCurrentCaseException | TskCoreException ex) { + } + + this.currentScore = score; + String significanceDisplay = score.getSignificance().getDisplayName(); + this.scoreDescription = Bundle.ResultFile_updateScoreAndDescription_description(significanceDisplay); } /** diff --git a/Core/src/org/sleuthkit/autopsy/discovery/ui/DiscoveryUiUtils.java b/Core/src/org/sleuthkit/autopsy/discovery/ui/DiscoveryUiUtils.java index 7b4287a0b6..e94ca0c1a0 100644 --- a/Core/src/org/sleuthkit/autopsy/discovery/ui/DiscoveryUiUtils.java +++ b/Core/src/org/sleuthkit/autopsy/discovery/ui/DiscoveryUiUtils.java @@ -60,6 +60,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.DataSource; import org.sleuthkit.datamodel.IngestJobInfo; +import org.sleuthkit.datamodel.Score; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; @@ -208,21 +209,31 @@ final class DiscoveryUiUtils { */ @ThreadConfined(type = ThreadConfined.ThreadType.AWT) static void setScoreIcon(ResultFile resultFile, javax.swing.JLabel scoreLabel) { - switch (resultFile.getScore()) { - case NOTABLE_SCORE: - scoreLabel.setIcon(NOTABLE_SCORE_ICON); - break; - case INTERESTING_SCORE: - scoreLabel.setIcon(INTERESTING_SCORE_ICON); - break; - case NO_SCORE: // empty case - this is interpreted as an intentional fall-through - default: - scoreLabel.setIcon(null); - break; + ImageIcon icon = null; + + Score score = resultFile.getScore(); + if (score != null && score.getSignificance() != null) { + switch (score.getSignificance()) { + case NOTABLE: + icon = NOTABLE_SCORE_ICON; + break; + case LIKELY_NOTABLE: + icon = INTERESTING_SCORE_ICON; + break; + case LIKELY_NONE: + case NONE: + case UNKNOWN: + default: + icon = null; + break; + } } + + scoreLabel.setIcon(icon); scoreLabel.setToolTipText(resultFile.getScoreDescription()); } - + + /** * Get the size of the icons used by the UI. * From 204c3390d5bd70e2c35640ff7a6594942e8fa49a Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Tue, 25 May 2021 16:29:40 -0400 Subject: [PATCH 4/5] updates for analysis results --- .../datamodel/AbstractContentNode.java | 7 +++++- .../autopsy/datamodel/Artifacts.java | 25 +++++++++++++++---- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java index bf9a7669c1..7e0ee1a883 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java @@ -39,6 +39,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeIns import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; import org.sleuthkit.autopsy.coreutils.Logger; +import org.sleuthkit.datamodel.AnalysisResult; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Score; @@ -348,7 +349,11 @@ public abstract class AbstractContentNode extends ContentNode protected Pair getScorePropertyAndDescription(List tags) { Score score = Score.SCORE_UNKNOWN; try { - score = this.content.getAggregateScore(); + if (content instanceof AnalysisResult) { + score = ((AnalysisResult) content).getScore(); + } else { + score = this.content.getAggregateScore(); + } } catch (TskCoreException ex) { logger.log(Level.WARNING, "Unable to get aggregate score for content with id: " + this.content.getId(), ex); } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java b/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java index d39bef3ee9..976cc7dc3d 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java @@ -50,6 +50,7 @@ import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.autopsy.guiutils.RefreshThrottler; import org.sleuthkit.datamodel.BlackboardArtifact.Category; import org.python.google.common.collect.Sets; +import org.sleuthkit.datamodel.Blackboard; import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_ACCOUNT; import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_DATA_SOURCE_USAGE; import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_EMAIL_MSG; @@ -644,17 +645,31 @@ public class Artifacts { @Override protected List makeKeys() { try { - List arts; - arts = (filteringDSObjId > 0) - ? Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard().getArtifacts(type.getTypeID(), filteringDSObjId) - : Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboardArtifacts(type.getTypeID()); + List arts; + Blackboard blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); + switch (this.type.getCategory()) { + + case ANALYSIS_RESULT: + arts = (filteringDSObjId > 0) + ? blackboard.getAnalysisResultsByType(type.getTypeID(), filteringDSObjId) + : blackboard.getAnalysisResultsByType(type.getTypeID()); + case DATA_ARTIFACT: + default: + arts = (filteringDSObjId > 0) + ? blackboard.getDataArtifacts(type.getTypeID(), filteringDSObjId) + : blackboard.getDataArtifacts(type.getTypeID()); + } + for (BlackboardArtifact art : arts) { //Cache attributes while we are off the EDT. //See JIRA-5969 art.getAttributes(); } - return arts; + + @SuppressWarnings("unchecked") + List toRet = (List)(List)arts; + return toRet; } catch (NoCurrentCaseException ex) { logger.log(Level.WARNING, "Trying to access case when no case is open.", ex); //NON-NLS } catch (TskCoreException ex) { From 90af83505a4f13986fc7ac1379a83ece382e6fc4 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 26 May 2021 08:13:36 -0400 Subject: [PATCH 5/5] fixes for special viewers --- .../autopsy/datamodel/Artifacts.java | 3 ++- .../autopsy/datamodel/EmailExtracted.java | 17 +++++++++-------- .../autopsy/datamodel/HashsetHits.java | 17 +++++++++-------- .../autopsy/datamodel/InterestingHits.java | 17 +++++++++-------- .../autopsy/datamodel/KeywordHits.java | 19 ++++++++++--------- .../autopsy/datamodel/accounts/Accounts.java | 9 +++++---- 6 files changed, 44 insertions(+), 38 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java b/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java index 976cc7dc3d..796be557fd 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/Artifacts.java @@ -653,14 +653,15 @@ public class Artifacts { arts = (filteringDSObjId > 0) ? blackboard.getAnalysisResultsByType(type.getTypeID(), filteringDSObjId) : blackboard.getAnalysisResultsByType(type.getTypeID()); + break; case DATA_ARTIFACT: default: arts = (filteringDSObjId > 0) ? blackboard.getDataArtifacts(type.getTypeID(), filteringDSObjId) : blackboard.getDataArtifacts(type.getTypeID()); + break; } - for (BlackboardArtifact art : arts) { //Cache attributes while we are off the EDT. //See JIRA-5969 diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java b/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java index 357f6ec153..0acd6a8bf3 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java @@ -50,6 +50,7 @@ import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode; +import org.sleuthkit.datamodel.DataArtifact; /** * Support for TSK_EMAIL_MSG nodes and displaying emails in the directory tree. @@ -161,7 +162,7 @@ public class EmailExtracted implements AutopsyVisitableItem { int pathAttrId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID(); String query = "SELECT \n" - + " art.artifact_id AS artifact_id,\n" + + " art.artifact_obj_id AS artifact_obj_id,\n" + " (SELECT value_text FROM blackboard_attributes attr\n" + " WHERE attr.artifact_id = art.artifact_id AND attr.attribute_type_id = " + pathAttrId + "\n" + " LIMIT 1) AS value_text\n" @@ -176,14 +177,14 @@ public class EmailExtracted implements AutopsyVisitableItem { try (CaseDbQuery dbQuery = skCase.executeQuery(query)) { ResultSet resultSet = dbQuery.getResultSet(); while (resultSet.next()) { - Long artifactId = resultSet.getLong("artifact_id"); + Long artifactObjId = resultSet.getLong("artifact_obj_id"); Map accountFolderMap = parsePath(resultSet.getString("value_text")); String account = accountFolderMap.get(MAIL_ACCOUNT); String folder = accountFolderMap.get(MAIL_FOLDER); Map> folders = newMapping.computeIfAbsent(account, (str) -> new LinkedHashMap<>()); List messages = folders.computeIfAbsent(folder, (str) -> new ArrayList<>()); - messages.add(artifactId); + messages.add(artifactObjId); } } catch (TskCoreException | SQLException ex) { logger.log(Level.WARNING, "Cannot initialize email extraction: ", ex); //NON-NLS @@ -499,7 +500,7 @@ public class EmailExtracted implements AutopsyVisitableItem { /** * Node representing mail folder content (mail messages) */ - private class MessageFactory extends BaseChildFactory implements Observer { + private class MessageFactory extends BaseChildFactory implements Observer { private final String accountName; private final String folderName; @@ -512,7 +513,7 @@ public class EmailExtracted implements AutopsyVisitableItem { } @Override - protected Node createNodeForKey(BlackboardArtifact art) { + protected Node createNodeForKey(DataArtifact art) { return new BlackboardArtifactNode(art); } @@ -522,13 +523,13 @@ public class EmailExtracted implements AutopsyVisitableItem { } @Override - protected List makeKeys() { - List keys = new ArrayList<>(); + protected List makeKeys() { + List keys = new ArrayList<>(); if (skCase != null) { emailResults.getArtifactIds(accountName, folderName).forEach((id) -> { try { - BlackboardArtifact art = skCase.getBlackboardArtifact(id); + DataArtifact art = skCase.getBlackboard().getDataArtifactById(id); //Cache attributes while we are off the EDT. //See JIRA-5969 art.getAttributes(); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/HashsetHits.java b/Core/src/org/sleuthkit/autopsy/datamodel/HashsetHits.java index 5906b01a78..e98b154ff0 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/HashsetHits.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/HashsetHits.java @@ -52,6 +52,7 @@ import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode; +import org.sleuthkit.datamodel.AnalysisResult; /** * Hash set hits node support. Inner classes have all of the nodes in the tree. @@ -136,7 +137,7 @@ public class HashsetHits implements AutopsyVisitableItem { int setNameId = ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(); int artId = TSK_HASHSET_HIT.getTypeID(); - String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS + String query = "SELECT value_text,blackboard_artifacts.artifact_obj_id,attribute_type_id " //NON-NLS + "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS + "attribute_type_id=" + setNameId //NON-NLS + " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS @@ -150,11 +151,11 @@ public class HashsetHits implements AutopsyVisitableItem { synchronized (hashSetHitsMap) { while (resultSet.next()) { String setName = resultSet.getString("value_text"); //NON-NLS - long artifactId = resultSet.getLong("artifact_id"); //NON-NLS + long artifactObjId = resultSet.getLong("artifact_obj_id"); //NON-NLS if (!hashSetHitsMap.containsKey(setName)) { hashSetHitsMap.put(setName, new HashSet<>()); } - hashSetHitsMap.get(setName).add(artifactId); + hashSetHitsMap.get(setName).add(artifactObjId); } } } catch (TskCoreException | SQLException ex) { @@ -380,10 +381,10 @@ public class HashsetHits implements AutopsyVisitableItem { /** * Creates the nodes for the hits in a given set. */ - private class HitFactory extends BaseChildFactory implements Observer { + private class HitFactory extends BaseChildFactory implements Observer { private final String hashsetName; - private final Map artifactHits = new HashMap<>(); + private final Map artifactHits = new HashMap<>(); private HitFactory(String hashsetName) { super(hashsetName); @@ -401,7 +402,7 @@ public class HashsetHits implements AutopsyVisitableItem { } @Override - protected Node createNodeForKey(BlackboardArtifact key) { + protected Node createNodeForKey(AnalysisResult key) { return new BlackboardArtifactNode(key); } @@ -411,13 +412,13 @@ public class HashsetHits implements AutopsyVisitableItem { } @Override - protected List makeKeys() { + protected List makeKeys() { if (skCase != null) { hashsetResults.getArtifactIds(hashsetName).forEach((id) -> { try { if (!artifactHits.containsKey(id)) { - BlackboardArtifact art = skCase.getBlackboardArtifact(id); + AnalysisResult art = skCase.getBlackboard().getAnalysisResultById(id); //Cache attributes while we are off the EDT. //See JIRA-5969 art.getAttributes(); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/InterestingHits.java b/Core/src/org/sleuthkit/autopsy/datamodel/InterestingHits.java index 22525854ca..57f2524ff9 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/InterestingHits.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/InterestingHits.java @@ -51,6 +51,7 @@ import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode; +import org.sleuthkit.datamodel.AnalysisResult; public class InterestingHits implements AutopsyVisitableItem { @@ -129,7 +130,7 @@ public class InterestingHits implements AutopsyVisitableItem { int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(); int artId = artType.getTypeID(); - String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS + String query = "SELECT value_text,blackboard_artifacts.artifact_obj_id,attribute_type_id " //NON-NLS + "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS + "attribute_type_id=" + setNameId //NON-NLS + " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS @@ -143,13 +144,13 @@ public class InterestingHits implements AutopsyVisitableItem { ResultSet resultSet = dbQuery.getResultSet(); while (resultSet.next()) { String value = resultSet.getString("value_text"); //NON-NLS - long artifactId = resultSet.getLong("artifact_id"); //NON-NLS + long artifactObjId = resultSet.getLong("artifact_obj_id"); //NON-NLS if (!interestingItemsMap.containsKey(value)) { interestingItemsMap.put(value, new LinkedHashMap<>()); interestingItemsMap.get(value).put(BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT.getDisplayName(), new HashSet<>()); interestingItemsMap.get(value).put(BlackboardArtifact.Type.TSK_INTERESTING_ARTIFACT_HIT.getDisplayName(), new HashSet<>()); } - interestingItemsMap.get(value).get(artType.getDisplayName()).add(artifactId); + interestingItemsMap.get(value).get(artType.getDisplayName()).add(artifactObjId); } } } catch (TskCoreException | SQLException ex) { @@ -459,11 +460,11 @@ public class InterestingHits implements AutopsyVisitableItem { } } - private class HitFactory extends BaseChildFactory implements Observer { + private class HitFactory extends BaseChildFactory implements Observer { private final String setName; private final String typeName; - private final Map artifactHits = new HashMap<>(); + private final Map artifactHits = new HashMap<>(); private HitFactory(String setName, String typeName) { /** @@ -478,13 +479,13 @@ public class InterestingHits implements AutopsyVisitableItem { } @Override - protected List makeKeys() { + protected List makeKeys() { if (skCase != null) { interestingResults.getArtifactIds(setName, typeName).forEach((id) -> { try { if (!artifactHits.containsKey(id)) { - BlackboardArtifact art = skCase.getBlackboardArtifact(id); + AnalysisResult art = skCase.getBlackboard().getAnalysisResultById(id); //Cache attributes while we are off the EDT. //See JIRA-5969 art.getAttributes(); @@ -501,7 +502,7 @@ public class InterestingHits implements AutopsyVisitableItem { } @Override - protected Node createNodeForKey(BlackboardArtifact art) { + protected Node createNodeForKey(AnalysisResult art) { return new BlackboardArtifactNode(art); } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java b/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java index eab8a07d3a..a129e3ff30 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java @@ -57,6 +57,7 @@ import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery; import org.sleuthkit.datamodel.TskCoreException; import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_KEYWORD_HIT; import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode; +import org.sleuthkit.datamodel.AnalysisResult; /** * Keyword hits node support @@ -91,7 +92,7 @@ public class KeywordHits implements AutopsyVisitableItem { */ private static final String KEYWORD_HIT_ATTRIBUTES_QUERY = "SELECT blackboard_attributes.value_text, "//NON-NLS + "blackboard_attributes.value_int32, "//NON-NLS - + "blackboard_attributes.artifact_id, " //NON-NLS + + "blackboard_artifacts.artifact_obj_id, " //NON-NLS + "blackboard_attributes.attribute_type_id "//NON-NLS + "FROM blackboard_attributes, blackboard_artifacts "//NON-NLS + "WHERE blackboard_attributes.artifact_id = blackboard_artifacts.artifact_id "//NON-NLS @@ -349,12 +350,12 @@ public class KeywordHits implements AutopsyVisitableItem { try (CaseDbQuery dbQuery = skCase.executeQuery(queryStr)) { ResultSet resultSet = dbQuery.getResultSet(); while (resultSet.next()) { - long artifactId = resultSet.getLong("artifact_id"); //NON-NLS + long artifactObjId = resultSet.getLong("artifact_obj_id"); //NON-NLS long typeId = resultSet.getLong("attribute_type_id"); //NON-NLS String valueStr = resultSet.getString("value_text"); //NON-NLS //get the map of attributes for this artifact - Map attributesByTypeMap = artifactIds.computeIfAbsent(artifactId, ai -> new LinkedHashMap<>()); + Map attributesByTypeMap = artifactIds.computeIfAbsent(artifactObjId, ai -> new LinkedHashMap<>()); if (StringUtils.isNotEmpty(valueStr)) { attributesByTypeMap.put(typeId, valueStr); } else { @@ -858,7 +859,7 @@ public class KeywordHits implements AutopsyVisitableItem { "KeywordHits.createNodeForKey.chgTime.name=ChangeTime", "KeywordHits.createNodeForKey.chgTime.displayName=Change Time", "KeywordHits.createNodeForKey.chgTime.desc=Change Time"}) - private BlackboardArtifactNode createBlackboardArtifactNode(BlackboardArtifact art) { + private BlackboardArtifactNode createBlackboardArtifactNode(AnalysisResult art) { if (skCase == null) { return null; } @@ -905,12 +906,12 @@ public class KeywordHits implements AutopsyVisitableItem { /** * Creates nodes for individual files that had hits */ - private class HitsFactory extends BaseChildFactory implements Observer { + private class HitsFactory extends BaseChildFactory implements Observer { private final String keyword; private final String setName; private final String instance; - private final Map artifactHits = new HashMap<>(); + private final Map artifactHits = new HashMap<>(); private HitsFactory(String setName, String keyword, String instance) { /** @@ -926,12 +927,12 @@ public class KeywordHits implements AutopsyVisitableItem { } @Override - protected List makeKeys() { + protected List makeKeys() { if (skCase != null) { keywordResults.getArtifactIds(setName, keyword, instance).forEach((id) -> { try { if (!artifactHits.containsKey(id)) { - BlackboardArtifact art = skCase.getBlackboardArtifact(id); + AnalysisResult art = skCase.getBlackboard().getAnalysisResultById(id); //Cache attributes while we are off the EDT. //See JIRA-5969 art.getAttributes(); @@ -948,7 +949,7 @@ public class KeywordHits implements AutopsyVisitableItem { } @Override - protected Node createNodeForKey(BlackboardArtifact art) { + protected Node createNodeForKey(AnalysisResult art) { return createBlackboardArtifactNode(art); } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java index 18136db99e..3b3cb0ce9f 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/accounts/Accounts.java @@ -81,6 +81,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact.Type; import static org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_ACCOUNT; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.Content; +import org.sleuthkit.datamodel.DataArtifact; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData.DbType; @@ -569,7 +570,7 @@ final public class Accounts implements AutopsyVisitableItem { @Override protected boolean createKeys(List list) { String query - = "SELECT blackboard_artifacts.artifact_id " //NON-NLS + = "SELECT blackboard_artifacts.artifact_obj_id " //NON-NLS + " FROM blackboard_artifacts " //NON-NLS + " JOIN blackboard_attributes ON blackboard_artifacts.artifact_id = blackboard_attributes.artifact_id " //NON-NLS + " WHERE blackboard_artifacts.artifact_type_id = " + BlackboardArtifact.Type.TSK_ACCOUNT.getTypeID() //NON-NLS @@ -581,7 +582,7 @@ final public class Accounts implements AutopsyVisitableItem { ResultSet rs = results.getResultSet();) { List tempList = new ArrayList<>(); while (rs.next()) { - tempList.add(rs.getLong("artifact_id")); // NON-NLS + tempList.add(rs.getLong("artifact_obj_id")); // NON-NLS } list.addAll(tempList); } catch (TskCoreException | SQLException ex) { @@ -594,7 +595,7 @@ final public class Accounts implements AutopsyVisitableItem { @Override protected Node[] createNodesForKey(Long t) { try { - return new Node[]{new BlackboardArtifactNode(skCase.getBlackboardArtifact(t))}; + return new Node[]{new BlackboardArtifactNode(skCase.getBlackboard().getDataArtifactById(t))}; } catch (TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error get black board artifact with id " + t, ex); return new Node[0]; @@ -1520,7 +1521,7 @@ final public class Accounts implements AutopsyVisitableItem { } try { - BlackboardArtifact art = skCase.getBlackboardArtifact(artifactID); + DataArtifact art = skCase.getBlackboard().getDataArtifactById(artifactID); return new Node[]{new AccountArtifactNode(art)}; } catch (TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error creating BlackboardArtifactNode for artifact with ID " + artifactID, ex); //NON-NLS