From 1fbce1d52924ce28f1dd5520515c714a6b4ba194 Mon Sep 17 00:00:00 2001 From: Alex Ebadirad Date: Mon, 4 Jun 2012 09:23:54 -0700 Subject: [PATCH 1/2] Modification of reports to use TSK_SET_NAME instead of hashset name or keyword set --- Report/src/org/sleuthkit/autopsy/report/ReportHTML.java | 2 +- Report/src/org/sleuthkit/autopsy/report/ReportXLS.java | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java index 3031422c7b..50ed381579 100644 --- a/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java +++ b/Report/src/org/sleuthkit/autopsy/report/ReportHTML.java @@ -367,7 +367,7 @@ public class ReportHTML implements ReportModule { artifact.append("").append(file.getName().toString()).append(""); artifact.append("").append(filesize.toString()).append(""); //artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_INTERESTING_FILE.getTypeID())).append(""); - artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID())).append(""); + artifact.append("").append(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID())).append(""); artifact.append(""); nodeHash.append(artifact); } diff --git a/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java b/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java index 4fb656d952..a23845b823 100644 --- a/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java +++ b/Report/src/org/sleuthkit/autopsy/report/ReportXLS.java @@ -370,14 +370,14 @@ public class ReportXLS implements ReportModule { temp.createCell(0).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID())); temp.createCell(1).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID())); - temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SET.getTypeID())); + temp.createCell(3).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID())); } if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { countedHash++; Row temp = sheetHash.createRow(countedHash); temp.createCell(0).setCellValue(file.getName().toString()); temp.createCell(1).setCellValue(filesize.toString()); - temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HASHSET_NAME.getTypeID())); + temp.createCell(2).setCellValue(attributes.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID())); } if (entry.getKey().getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID()) { countedDevice++; From 018a1ac1abcc21c0eb8c07684e62415b91ab176f Mon Sep 17 00:00:00 2001 From: Alex Ebadirad Date: Mon, 4 Jun 2012 09:47:04 -0700 Subject: [PATCH 2/2] SQL query modification to Report.java to use attr type enum --- Report/src/org/sleuthkit/autopsy/report/Report.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Report/src/org/sleuthkit/autopsy/report/Report.java b/Report/src/org/sleuthkit/autopsy/report/Report.java index 1df3949616..cfb4790d79 100644 --- a/Report/src/org/sleuthkit/autopsy/report/Report.java +++ b/Report/src/org/sleuthkit/autopsy/report/Report.java @@ -58,10 +58,10 @@ public class Report { tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_list;"); tempdbconnect.executeStmt("DROP TABLE IF EXISTS report_name;"); tempdbconnect.executeStmt("DROP TABLE IF EXISTS report;"); - String temp1 = "CREATE TABLE report_keyword AS SELECT value_text as keyword,blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 10;"; - String temp2 = "CREATE TABLE report_preview AS SELECT value_text as preview, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 12;"; - String temp3 = "CREATE TABLE report_exp AS SELECT value_text as exp, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 11;"; - String temp4 = "CREATE TABLE report_list AS SELECT value_text as list, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = 13;"; + String temp1 = "CREATE TABLE report_keyword AS SELECT value_text as keyword,blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID() + ";"; + String temp2 = "CREATE TABLE report_preview AS SELECT value_text as preview, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID() + ";"; + String temp3 = "CREATE TABLE report_exp AS SELECT value_text as exp, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID() + ";"; + String temp4 = "CREATE TABLE report_list AS SELECT value_text as list, blackboard_attributes.attribute_type_id, blackboard_attributes.artifact_id FROM blackboard_attributes WHERE attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + ";"; String temp5 = "CREATE TABLE report_name AS SELECT name, report_keyword.artifact_id from tsk_files,blackboard_artifacts, report_keyword WHERE blackboard_artifacts.artifact_id = report_keyword.artifact_id AND blackboard_artifacts.obj_id = tsk_files.obj_id;"; String temp6 = "CREATE TABLE report AS SELECT keyword,preview,exp,list,name from report_keyword INNER JOIN report_preview ON report_keyword.artifact_id=report_preview.artifact_id INNER JOIN report_exp ON report_preview.artifact_id=report_exp.artifact_id INNER JOIN report_list ON report_exp.artifact_id=report_list.artifact_id INNER JOIN report_name ON report_list.artifact_id=report_name.artifact_id;"; tempdbconnect.executeStmt(temp1);