From 2dd64c940d8fe225417a3415af56c10a92afe574 Mon Sep 17 00:00:00 2001 From: raman-bt Date: Wed, 11 Dec 2013 12:41:10 -0500 Subject: [PATCH 1/4] Display Interesting Items (Interesting Files, Interesting Artifacts) directly in the "Results" tree instead of under "Extracted Content". --- .../datamodel/AbstractContentChildren.java | 7 +- .../autopsy/datamodel/AutopsyItemVisitor.java | 8 +- .../datamodel/BlackboardArtifactNode.java | 1 + .../datamodel/DisplayableItemNodeVisitor.java | 16 ++ .../datamodel/ExtractedContentChildren.java | 2 + .../autopsy/datamodel/InterestingItems.java | 222 ++++++++++++++++++ .../autopsy/datamodel/ResultsNode.java | 1 + .../datamodel/RootContentChildren.java | 11 +- .../directorytree/DataResultFilterNode.java | 14 +- .../DirectoryTreeTopComponent.java | 17 ++ .../autopsy/images/interesting_item.png | Bin 0 -> 668 bytes 11 files changed, 294 insertions(+), 5 deletions(-) create mode 100644 Core/src/org/sleuthkit/autopsy/datamodel/InterestingItems.java create mode 100644 Core/src/org/sleuthkit/autopsy/images/interesting_item.png diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java index eaccbc35e2..445bf6540c 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java @@ -149,7 +149,12 @@ abstract class AbstractContentChildren extends Keys { public AbstractNode visit(HashsetHits hh) { return hh.new HashsetHitsRootNode(); } - + + @Override + public AbstractNode visit(InterestingItems ii) { + return ii.new InterestingItemsRootNode(); + } + @Override public AbstractNode visit(EmailExtracted ee) { return ee.new EmailExtractedRootNode(); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java index f57388ae65..4620f70f57 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java @@ -53,6 +53,8 @@ public interface AutopsyItemVisitor { T visit(EmailExtracted ee); T visit(TagsNodeKey tagsNodeKey); + + T visit(InterestingItems ii); T visit(DataSources i); @@ -128,7 +130,11 @@ public interface AutopsyItemVisitor { public T visit(HashsetHits hh) { return defaultVisit(hh); } - + + @Override + public T visit(InterestingItems ii) { + return defaultVisit(ii); + } @Override public T visit(EmailExtracted ee) { return defaultVisit(ee); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 77249b1a1d..0d43d81fbd 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -55,6 +55,7 @@ public class BlackboardArtifactNode extends DisplayableItemNode { BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID(), BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID(), + BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID(), }; /** diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java index e2cef3846e..bbce5daedc 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java @@ -27,6 +27,8 @@ import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootChildren.FileSizeNod import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsSetNode; +import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsRootNode; +import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsSetNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsKeywordNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsListNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsRootNode; @@ -84,7 +86,11 @@ public interface DisplayableItemNodeVisitor { T visit(EmailExtractedFolderNode eefn); T visit(TagsNode node); + + T visit(InterestingItemsRootNode iarn); + T visit(InterestingItemsSetNode iasn); + T visit(TagNameNode node); T visit(ContentTagTypeNode node); @@ -237,7 +243,17 @@ public interface DisplayableItemNodeVisitor { public T visit(HashsetHitsSetNode hhsn) { return defaultVisit(hhsn); } + + @Override + public T visit(InterestingItemsRootNode iarn) { + return defaultVisit(iarn); + } + @Override + public T visit(InterestingItemsSetNode iasn) { + return defaultVisit(iasn); + } + @Override public T visit(EmailExtractedRootNode eern) { return defaultVisit(eern); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java index 3559ad1395..1e74f4208f 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java @@ -53,6 +53,8 @@ public class ExtractedContentChildren extends ChildFactory sleuthkit org + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.sleuthkit.autopsy.datamodel; + + +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.HashSet; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.logging.Level; +import org.sleuthkit.autopsy.coreutils.Logger; +import org.openide.nodes.ChildFactory; +import org.openide.nodes.Children; +import org.openide.nodes.Node; +import org.openide.nodes.Sheet; +import org.openide.util.lookup.Lookups; +import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.SleuthkitCase; +import org.sleuthkit.datamodel.TskException; + + +public class InterestingItems implements AutopsyVisitableItem { + + private static final String INTERESTING_ITEMS = "INTERESTING ITEMS"; + private static final String DISPLAY_NAME = "Interesting Items"; + private static final Logger logger = Logger.getLogger(InterestingItems.class.getName()); + private SleuthkitCase skCase; + private Map> interestingItemsMap; + + public InterestingItems(SleuthkitCase skCase) { + this.skCase = skCase; + interestingItemsMap = new LinkedHashMap<>(); + } + + @SuppressWarnings("deprecation") + private void initArtifacts() { + interestingItemsMap.clear(); + loadArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); + loadArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT); + } + + /* + * Reads the artifacts of specified type, grouped by Set, and loads into the interestingItemsMap + */ + private void loadArtifacts(BlackboardArtifact.ARTIFACT_TYPE artType) { + ResultSet rs = null; + try { + int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(); + int artId = artType.getTypeID(); + String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " + + "FROM blackboard_attributes,blackboard_artifacts WHERE " + + "attribute_type_id=" + setNameId + + " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" + + " AND blackboard_artifacts.artifact_type_id=" + artId; + rs = skCase.runQuery(query); + while (rs.next()) { + String value = rs.getString("value_text"); + long artifactId = rs.getLong("artifact_id"); + if (!interestingItemsMap.containsKey(value)) { + interestingItemsMap.put(value, new HashSet()); + } + interestingItemsMap.get(value).add(artifactId); + } + } catch (SQLException ex) { + logger.log(Level.WARNING, "SQL Exception occurred: ", ex); + } + finally { + if (rs != null) { + try { + skCase.closeRunQuery(rs); + } catch (SQLException ex) { + logger.log(Level.WARNING, "Error closing result set after getting artifacts", ex); + } + } + } + } + + @Override + public T accept(AutopsyItemVisitor v) { + return v.visit(this); + } + + /** + * Node for the interesting items + */ + public class InterestingItemsRootNode extends DisplayableItemNode { + + public InterestingItemsRootNode() { + super(Children.create(new InterestingItemsRootChildren(), true), Lookups.singleton(DISPLAY_NAME)); + super.setName(INTERESTING_ITEMS); + super.setDisplayName(DISPLAY_NAME); + this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/interesting_item.png"); + initArtifacts(); + } + + @Override + public boolean isLeafTypeNode() { + return false; + } + + @Override + public T accept(DisplayableItemNodeVisitor v) { + return v.visit(this); + } + + @Override + protected Sheet createSheet() { + Sheet s = super.createSheet(); + Sheet.Set ss = s.get(Sheet.PROPERTIES); + if (ss == null) { + ss = Sheet.createPropertiesSet(); + s.put(ss); + } + + ss.put(new NodeProperty("Name", + "Name", + "no description", + getName())); + + return s; + } + } + + private class InterestingItemsRootChildren extends ChildFactory { + + @Override + protected boolean createKeys(List list) { + list.addAll(interestingItemsMap.keySet()); + return true; + } + + @Override + protected Node createNodeForKey(String key) { + return new InterestingItemsSetNode(key, interestingItemsMap.get(key)); + } + } + + public class InterestingItemsSetNode extends DisplayableItemNode { + + public InterestingItemsSetNode(String name, Set children) { + super(Children.create(new InterestingItemsSetChildren(children), true), Lookups.singleton(name)); + super.setName(name); + super.setDisplayName(name + " (" + children.size() + ")"); + this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/interesting_item.png"); + } + + @Override + public boolean isLeafTypeNode() { + return true; + } + + @Override + protected Sheet createSheet() { + Sheet s = super.createSheet(); + Sheet.Set ss = s.get(Sheet.PROPERTIES); + if (ss == null) { + ss = Sheet.createPropertiesSet(); + s.put(ss); + } + + ss.put(new NodeProperty("Name", + "Name", + "no description", + getName())); + + return s; + } + + @Override + public T accept(DisplayableItemNodeVisitor v) { + return v.visit(this); + } + } + + private class InterestingItemsSetChildren extends ChildFactory { + + private Set children; + + private InterestingItemsSetChildren(Set children) { + super(); + this.children = children; + } + + @Override + protected boolean createKeys(List list) { + for (long l : children) { + try { + //TODO: bulk artifact gettings + list.add(skCase.getBlackboardArtifact(l)); + } catch (TskException ex) { + logger.log(Level.WARNING, "TSK Exception occurred", ex); + } + } + return true; + } + + @Override + protected Node createNodeForKey(BlackboardArtifact artifact) { + return new BlackboardArtifactNode(artifact); + } + } +} diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java index d87f1f2670..b1bc5970b8 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java @@ -35,6 +35,7 @@ public class ResultsNode extends DisplayableItemNode { new KeywordHits(sleuthkitCase), new HashsetHits(sleuthkitCase), new EmailExtracted(sleuthkitCase), + new InterestingItems(sleuthkitCase), new TagsNodeKey() )), Lookups.singleton(NAME)); setName(NAME); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java index 8b1e2ecc47..ef951794a3 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java @@ -84,7 +84,12 @@ public class RootContentChildren extends AbstractContentChildren { case TSK_TAG_ARTIFACT: if (o instanceof TagsNodeKey) this.refreshKey(o); - break; + break; + case TSK_INTERESTING_FILE_HIT: + case TSK_INTERESTING_ARTIFACT: + if (o instanceof InterestingItems) + this.refreshKey(o); + break; default: if (o instanceof ExtractedContent) this.refreshKey(o); @@ -96,9 +101,11 @@ public class RootContentChildren extends AbstractContentChildren { this.refreshKey(o); else if (o instanceof KeywordHits) this.refreshKey(o); + else if (o instanceof TagsNodeKey) + this.refreshKey(o); else if (o instanceof EmailExtracted) this.refreshKey(o); - else if (o instanceof TagsNodeKey) + else if (o instanceof InterestingItems) this.refreshKey(o); else if (o instanceof ExtractedContent) this.refreshKey(o); diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java index 833f7e97e6..5d473043b4 100755 --- a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java @@ -56,6 +56,8 @@ import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootChildren.FileSizeNod import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsSetNode; +import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsRootNode; +import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsSetNode; import org.sleuthkit.autopsy.datamodel.ImageNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsKeywordNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsListNode; @@ -184,7 +186,7 @@ public class DataResultFilterNode extends FilterNode { final int artifactTypeID = ba.getArtifactTypeID(); if (artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID() - || artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { + || artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() ) { actions.add(new ViewContextAction("View File in Directory", ban)); } else { // if the artifact links to another file, add an action to go to @@ -365,7 +367,17 @@ public class DataResultFilterNode extends FilterNode { public AbstractAction visit(HashsetHitsSetNode hhsn) { return openChild(hhsn); } + + @Override + public AbstractAction visit(InterestingItemsRootNode iarn) { + return openChild(iarn); + } + @Override + public AbstractAction visit(InterestingItemsSetNode iasn) { + return openChild(iasn); + } + @Override public AbstractAction visit(EmailExtractedRootNode eern) { return openChild(eern); diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java index b50a5c2122..74875e230a 100644 --- a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java @@ -964,6 +964,23 @@ public final class DirectoryTreeTopComponent extends TopComponent implements Dat } catch (TskException ex) { logger.log(Level.WARNING, "Error retrieving attributes", ex); } + } else if ( type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT) || + type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT) ) { + Node interestingItemsRootNode = resultsChilds.findChild(type.getLabel()); + Children interestingItemsRootChildren = interestingItemsRootNode.getChildren(); + try { + String setName = null; + List attributes = art.getAttributes(); + for (BlackboardAttribute att : attributes) { + int typeId = att.getAttributeTypeID(); + if (typeId == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()) { + setName = att.getValueString(); + } + } + treeNode = interestingItemsRootChildren.findChild(setName); + } catch (TskException ex) { + logger.log(Level.WARNING, "Error retrieving attributes", ex); + } } else { Node extractedContent = resultsChilds.findChild(ExtractedContentNode.NAME); Children extractedChilds = extractedContent.getChildren(); diff --git a/Core/src/org/sleuthkit/autopsy/images/interesting_item.png b/Core/src/org/sleuthkit/autopsy/images/interesting_item.png new file mode 100644 index 0000000000000000000000000000000000000000..f5388041327d6d38df094aff131c689bf9c85328 GIT binary patch literal 668 zcmV;N0%QG&P)Px#1ZP1_K>z@;j|==^1poj532;bRa{vGi!~g&e!~vBn4jTXf0x?NMK~y+Tb(7C) z6G0TmzdIYFN!!>o!KzfDRVa$!QK(lB{sZdCViBqcBJ`jbuwXBG@~8;)(s~g@5cQy* zEiE2IEd?>PQ2QfEZFZB|ZZezM=iAwht#12)86Mwx@5`Hcy9P1X0m@JKJB*{J17SOS zgKe3cB9-eQb?Y$Euenf+B0`@Co*4%v(?B8(Pne+^MH|q<7pT`GT4=&|gHkRUyo~=Y zsb1U$cco)(ARk?T`t%aDJIA5)y%{scnI5;If|yY=?@-J2qA~Lx^5HqHX#+3a1+`X& zNOnMuUPO%#)w%`ZdM<}&Eu!||EacPcFj84~l@e(00l(DmG?;>#{|skr5Td%mNf~%m zHcb0T1kWx&w6SIvfowMt15Y42kN9Pq22C2XlW?BrARLSPi@{(6QVNvXkHq==Fb|y! zGXo-1AeKD8KrfGDPsfVi!i%PFcHsW}inYi65Y{|QZrA;7V^@2pPLh=(;w@=3szuPj z6G#n?A-1nap9#OZe76skky9|;bu`>MWJfoW*PcPzCCKs;+HSl;J(=My44Bmd?A$Sw z@0|$@4BqMs(-84J*sxd7I`jsan{Rm{?I72Ik`ByF7qY_>Xt^?ujnyK=?pDafX>FiC z<@)SLvc`w}@GrIe6csNgY57u|+|rLw4Okt$N^<$Tj(7YQoctse2I92TFGv>uHP}k@ zS)2H8VM(}Ue+q6WMu~g}TXDX9;N3u?w=WPP0Dl0&C6JK77 Date: Fri, 13 Dec 2013 15:48:55 -0500 Subject: [PATCH 2/4] Content viewer displays the "associated artifact", in case the selected node has an artifact with ASSOCAITED_ARTIFACT attribute. --- .../DataContentViewerArtifact.java | 26 ++++++++++++++++++- .../datamodel/BlackboardArtifactNode.java | 3 ++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java index 8a3fbdae88..3943ea94aa 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java @@ -34,12 +34,16 @@ import javax.swing.SwingWorker; import org.openide.nodes.Node; import org.openide.util.Lookup; import org.openide.util.lookup.ServiceProvider; +import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.contentviewers.Utilities; import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer; import org.sleuthkit.autopsy.datamodel.ArtifactStringContent; import org.sleuthkit.datamodel.BlackboardArtifact; +import org.sleuthkit.datamodel.BlackboardAttribute; +import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.TskException; +import org.sleuthkit.datamodel.TskCoreException; /** * Instances of this class display the BlackboardArtifacts associated with the Content represented by a Node. @@ -471,7 +475,27 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat index = artifacts.indexOf(artifact); if (index == -1) { index = 0; - } + } else { + SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); + // if the artifact has an ASSOCIATED ARTIFACT, then we display the associated artifact instead + try { + for (BlackboardAttribute attr : artifact.getAttributes()) { + if (attr.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()) { + long assocArtifactId = attr.getValueLong(); + BlackboardArtifact assocArtifact = skCase.getBlackboardArtifact(assocArtifactId); + int assocArtifactIndex = artifacts.indexOf(assocArtifact); + if (assocArtifactIndex >= 0) { + index = assocArtifactIndex; + } + break; + } + } + } + catch (TskCoreException ex) { + logger.log(Level.WARNING, "Couldn't get associated artifact to display in Content Viewer.", ex); + } + } + } if (isCancelled()) { diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 0d43d81fbd..9b1a545bd1 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -203,7 +203,8 @@ public class BlackboardArtifactNode extends DisplayableItemNode { final int attributeTypeID = attribute.getAttributeTypeID(); //skip some internal attributes that user shouldn't see if (attributeTypeID == ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID()) { + || attributeTypeID == ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()) { continue; } else { switch (attribute.getValueType()) { From 57331675633812bc5e23fe58dce9c69c965481bc Mon Sep 17 00:00:00 2001 From: raman-bt Date: Fri, 20 Dec 2013 08:42:49 -0500 Subject: [PATCH 3/4] Fixed a NullPtrException under a race condition. --- .../autopsy/keywordsearch/KeywordSearchIngestModule.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 592e363c28..e25b21cb84 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -302,7 +302,7 @@ public final class KeywordSearchIngestModule extends IngestModuleAbstractFile { commitTimer.stop(); searchTimer.stop(); commitTimer = null; - searchTimer = null; + //searchTimer = null; // do not collect, final searcher might still be running, in which case it throws an exception textExtractors.clear(); textExtractors = null; From 236e1bcfeca6f0e26793f6a4427fe672691a7eb7 Mon Sep 17 00:00:00 2001 From: raman-bt Date: Fri, 20 Dec 2013 16:33:46 -0500 Subject: [PATCH 4/4] Addressing review comments to "Interesting Artifacts" related changes earlier. Mainly: - Renamed InterestingItems* to InterestingHits* - Renamed artifact TSK_INTERESTING_ARTIFACT to TSK_INTERESTING_ARTIFACT_HIT --- .../DataContentViewerArtifact.java | 10 +++++-- .../datamodel/AbstractContentChildren.java | 4 +-- .../autopsy/datamodel/AutopsyItemVisitor.java | 6 ++-- .../datamodel/DisplayableItemNodeVisitor.java | 16 +++++----- .../datamodel/ExtractedContentChildren.java | 2 +- ...restingItems.java => InterestingHits.java} | 29 +++++++++---------- .../autopsy/datamodel/ResultsNode.java | 2 +- .../datamodel/RootContentChildren.java | 6 ++-- .../directorytree/DataResultFilterNode.java | 8 ++--- .../DirectoryTreeTopComponent.java | 2 +- 10 files changed, 44 insertions(+), 41 deletions(-) rename Core/src/org/sleuthkit/autopsy/datamodel/{InterestingItems.java => InterestingHits.java} (86%) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java index 3943ea94aa..945d1018e7 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java @@ -476,14 +476,18 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat if (index == -1) { index = 0; } else { - SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); // if the artifact has an ASSOCIATED ARTIFACT, then we display the associated artifact instead try { for (BlackboardAttribute attr : artifact.getAttributes()) { if (attr.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()) { long assocArtifactId = attr.getValueLong(); - BlackboardArtifact assocArtifact = skCase.getBlackboardArtifact(assocArtifactId); - int assocArtifactIndex = artifacts.indexOf(assocArtifact); + int assocArtifactIndex = -1; + for (BlackboardArtifact art: artifacts) { + if (assocArtifactId == art.getArtifactID()) { + assocArtifactIndex = artifacts.indexOf(art); + break; + } + } if (assocArtifactIndex >= 0) { index = assocArtifactIndex; } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java index 445bf6540c..87494f2e1f 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java @@ -151,8 +151,8 @@ abstract class AbstractContentChildren extends Keys { } @Override - public AbstractNode visit(InterestingItems ii) { - return ii.new InterestingItemsRootNode(); + public AbstractNode visit(InterestingHits ih) { + return ih.new InterestingHitsRootNode(); } @Override diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java index 4620f70f57..27d505b489 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java @@ -54,7 +54,7 @@ public interface AutopsyItemVisitor { T visit(TagsNodeKey tagsNodeKey); - T visit(InterestingItems ii); + T visit(InterestingHits ih); T visit(DataSources i); @@ -132,8 +132,8 @@ public interface AutopsyItemVisitor { } @Override - public T visit(InterestingItems ii) { - return defaultVisit(ii); + public T visit(InterestingHits ih) { + return defaultVisit(ih); } @Override public T visit(EmailExtracted ee) { diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java index bbce5daedc..88921891fd 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java @@ -27,8 +27,8 @@ import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootChildren.FileSizeNod import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsSetNode; -import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsRootNode; -import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsSetNode; +import org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingHitsRootNode; +import org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingHitsSetNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsKeywordNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsListNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsRootNode; @@ -87,9 +87,9 @@ public interface DisplayableItemNodeVisitor { T visit(TagsNode node); - T visit(InterestingItemsRootNode iarn); + T visit(InterestingHitsRootNode ihrn); - T visit(InterestingItemsSetNode iasn); + T visit(InterestingHitsSetNode ihsn); T visit(TagNameNode node); @@ -245,13 +245,13 @@ public interface DisplayableItemNodeVisitor { } @Override - public T visit(InterestingItemsRootNode iarn) { - return defaultVisit(iarn); + public T visit(InterestingHitsRootNode ihrn) { + return defaultVisit(ihrn); } @Override - public T visit(InterestingItemsSetNode iasn) { - return defaultVisit(iasn); + public T visit(InterestingHitsSetNode ihsn) { + return defaultVisit(ihsn); } @Override diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java index 1e74f4208f..41ae98a2d0 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContentChildren.java @@ -54,7 +54,7 @@ public class ExtractedContentChildren extends ChildFactory> interestingItemsMap; - public InterestingItems(SleuthkitCase skCase) { + public InterestingHits(SleuthkitCase skCase) { this.skCase = skCase; interestingItemsMap = new LinkedHashMap<>(); } @@ -56,7 +56,7 @@ public class InterestingItems implements AutopsyVisitableItem { private void initArtifacts() { interestingItemsMap.clear(); loadArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); - loadArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT); + loadArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT); } /* @@ -103,10 +103,10 @@ public class InterestingItems implements AutopsyVisitableItem { /** * Node for the interesting items */ - public class InterestingItemsRootNode extends DisplayableItemNode { + public class InterestingHitsRootNode extends DisplayableItemNode { - public InterestingItemsRootNode() { - super(Children.create(new InterestingItemsRootChildren(), true), Lookups.singleton(DISPLAY_NAME)); + public InterestingHitsRootNode() { + super(Children.create(new InterestingHitsRootChildren(), true), Lookups.singleton(DISPLAY_NAME)); super.setName(INTERESTING_ITEMS); super.setDisplayName(DISPLAY_NAME); this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/interesting_item.png"); @@ -141,7 +141,7 @@ public class InterestingItems implements AutopsyVisitableItem { } } - private class InterestingItemsRootChildren extends ChildFactory { + private class InterestingHitsRootChildren extends ChildFactory { @Override protected boolean createKeys(List list) { @@ -151,14 +151,14 @@ public class InterestingItems implements AutopsyVisitableItem { @Override protected Node createNodeForKey(String key) { - return new InterestingItemsSetNode(key, interestingItemsMap.get(key)); + return new InterestingHitsSetNode(key, interestingItemsMap.get(key)); } } - public class InterestingItemsSetNode extends DisplayableItemNode { + public class InterestingHitsSetNode extends DisplayableItemNode { - public InterestingItemsSetNode(String name, Set children) { - super(Children.create(new InterestingItemsSetChildren(children), true), Lookups.singleton(name)); + public InterestingHitsSetNode(String name, Set children) { + super(Children.create(new InterestingHitsSetChildren(children), true), Lookups.singleton(name)); super.setName(name); super.setDisplayName(name + " (" + children.size() + ")"); this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/interesting_item.png"); @@ -192,11 +192,11 @@ public class InterestingItems implements AutopsyVisitableItem { } } - private class InterestingItemsSetChildren extends ChildFactory { + private class InterestingHitsSetChildren extends ChildFactory { private Set children; - private InterestingItemsSetChildren(Set children) { + private InterestingHitsSetChildren(Set children) { super(); this.children = children; } @@ -205,7 +205,6 @@ public class InterestingItems implements AutopsyVisitableItem { protected boolean createKeys(List list) { for (long l : children) { try { - //TODO: bulk artifact gettings list.add(skCase.getBlackboardArtifact(l)); } catch (TskException ex) { logger.log(Level.WARNING, "TSK Exception occurred", ex); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java index b1bc5970b8..cbd1d941ea 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/ResultsNode.java @@ -35,7 +35,7 @@ public class ResultsNode extends DisplayableItemNode { new KeywordHits(sleuthkitCase), new HashsetHits(sleuthkitCase), new EmailExtracted(sleuthkitCase), - new InterestingItems(sleuthkitCase), + new InterestingHits(sleuthkitCase), new TagsNodeKey() )), Lookups.singleton(NAME)); setName(NAME); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java index ef951794a3..da6843c8d2 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/RootContentChildren.java @@ -86,8 +86,8 @@ public class RootContentChildren extends AbstractContentChildren { this.refreshKey(o); break; case TSK_INTERESTING_FILE_HIT: - case TSK_INTERESTING_ARTIFACT: - if (o instanceof InterestingItems) + case TSK_INTERESTING_ARTIFACT_HIT: + if (o instanceof InterestingHits) this.refreshKey(o); break; default: @@ -105,7 +105,7 @@ public class RootContentChildren extends AbstractContentChildren { this.refreshKey(o); else if (o instanceof EmailExtracted) this.refreshKey(o); - else if (o instanceof InterestingItems) + else if (o instanceof InterestingHits) this.refreshKey(o); else if (o instanceof ExtractedContent) this.refreshKey(o); diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java index c8fe4a1d95..b4e52a0f3c 100755 --- a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java @@ -56,8 +56,8 @@ import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootChildren.FileSizeNod import org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsRootNode; import org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetHitsSetNode; -import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsRootNode; -import org.sleuthkit.autopsy.datamodel.InterestingItems.InterestingItemsSetNode; +import org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingHitsRootNode; +import org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingHitsSetNode; import org.sleuthkit.autopsy.datamodel.ImageNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsKeywordNode; import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsListNode; @@ -369,12 +369,12 @@ public class DataResultFilterNode extends FilterNode { } @Override - public AbstractAction visit(InterestingItemsRootNode iarn) { + public AbstractAction visit(InterestingHitsRootNode iarn) { return openChild(iarn); } @Override - public AbstractAction visit(InterestingItemsSetNode iasn) { + public AbstractAction visit(InterestingHitsSetNode iasn) { return openChild(iasn); } diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java index e310cab76a..250bc12bca 100644 --- a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java @@ -970,7 +970,7 @@ public final class DirectoryTreeTopComponent extends TopComponent implements Dat logger.log(Level.WARNING, "Error retrieving attributes", ex); } } else if ( type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT) || - type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT) ) { + type.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT) ) { Node interestingItemsRootNode = resultsChilds.findChild(type.getLabel()); Children interestingItemsRootChildren = interestingItemsRootNode.getChildren(); try {