mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-20 03:24:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

backing out eventlog node changes

Browse Source
This commit is contained in:
Jason Letourneau 2013-10-30 22:20:33 -04:00
parent f1b26f7a43
commit e924e5ca11
5 changed files with 0 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
View File

@ -135,12 +135,6 @@ abstract class AbstractContentChildren<T> extends Keys<T> {
public AbstractNode visit(DeletedContent dc) { public AbstractNode visit(DeletedContent dc) {
return new DeletedContent.DeletedContentsNode(dc.getSleuthkitCase()); return new DeletedContent.DeletedContentsNode(dc.getSleuthkitCase());
} }
@Override
public AbstractNode visit(EventLogs evt) {
return new EventLogs.EventLogsNode(evt.getSleuthkitCase());
}
@Override @Override
public AbstractNode visit(FileSize dc) { public AbstractNode visit(FileSize dc) {

14
Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java
View File

@ -39,10 +39,6 @@ public interface AutopsyItemVisitor<T> {
T visit(RecentFiles.RecentFilesFilter rff); T visit(RecentFiles.RecentFilesFilter rff);
T visit(DeletedContent dc); T visit(DeletedContent dc);
T visit(EventLogs.EventLogFilter evt);
T visit(EventLogs evt);
T visit(DeletedContent.DeletedContentFilter dcf); T visit(DeletedContent.DeletedContentFilter dcf);
@ -97,16 +93,6 @@ public interface AutopsyItemVisitor<T> {
public T visit(DeletedContent dc) { public T visit(DeletedContent dc) {
return defaultVisit(dc); return defaultVisit(dc);
} }
@Override
public T visit(EventLogs.EventLogFilter evt) {
return defaultVisit(evt);
}
@Override
public T visit(EventLogs evt) {
return defaultVisit(evt);
}
@Override @Override
public T visit(DeletedContent.DeletedContentFilter dcf) { public T visit(DeletedContent.DeletedContentFilter dcf) {

16
Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java
View File

@ -20,8 +20,6 @@ package org.sleuthkit.autopsy.datamodel;
import org.sleuthkit.autopsy.datamodel.DeletedContent.DeletedContentsChildren.DeletedContentNode; import org.sleuthkit.autopsy.datamodel.DeletedContent.DeletedContentsChildren.DeletedContentNode;
import org.sleuthkit.autopsy.datamodel.DeletedContent.DeletedContentsNode; import org.sleuthkit.autopsy.datamodel.DeletedContent.DeletedContentsNode;
import org.sleuthkit.autopsy.datamodel.EventLogs.EventLogsChildren.EventLogNode;
import org.sleuthkit.autopsy.datamodel.EventLogs.EventLogsNode;
import org.sleuthkit.autopsy.datamodel.EmailExtracted.EmailExtractedAccountNode; import org.sleuthkit.autopsy.datamodel.EmailExtracted.EmailExtractedAccountNode;
import org.sleuthkit.autopsy.datamodel.EmailExtracted.EmailExtractedFolderNode; import org.sleuthkit.autopsy.datamodel.EmailExtracted.EmailExtractedFolderNode;
import org.sleuthkit.autopsy.datamodel.EmailExtracted.EmailExtractedRootNode; import org.sleuthkit.autopsy.datamodel.EmailExtracted.EmailExtractedRootNode;
@ -60,10 +58,6 @@ public interface DisplayableItemNodeVisitor<T> {
T visit(DeletedContentNode dcn); T visit(DeletedContentNode dcn);
T visit(DeletedContentsNode dcn); T visit(DeletedContentsNode dcn);
T visit(EventLogsNode evt);
T visit(EventLogNode evt);
T visit(FileSizeRootNode fsrn); T visit(FileSizeRootNode fsrn);
@ -169,16 +163,6 @@ public interface DisplayableItemNodeVisitor<T> {
public T visit(DeletedContentNode dcn) { public T visit(DeletedContentNode dcn) {
return defaultVisit(dcn); return defaultVisit(dcn);
} }
@Override
public T visit(EventLogsNode evt) {
return defaultVisit(evt);
}
@Override
public T visit(EventLogNode evt) {
return defaultVisit(evt);
}
@Override @Override
public T visit(DeletedContentsNode dcn) { public T visit(DeletedContentsNode dcn) {

311
Core/src/org/sleuthkit/autopsy/datamodel/EventLogs.java
View File

@ -1,311 +0,0 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.datamodel;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
import org.openide.nodes.AbstractNode;
import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children;
import org.openide.nodes.Node;
import org.openide.nodes.Sheet;
import org.openide.util.lookup.Lookups;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.ContentVisitor;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.FsContent;
import org.sleuthkit.datamodel.LayoutFile;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
/**
* event logs view nodes
*/
public class EventLogs implements AutopsyVisitableItem {
private SleuthkitCase skCase;
public enum EventLogFilter implements AutopsyVisitableItem {
FS_EVENT_LOG_FILTER(0, "FS_EVENT_LOG_FILTER", "Windows"),
ALL_EVENT_LOG_FILTER(1, "ALL_EVENT_LOG_FILTER", "Other");
private int id;
private String name;
private String displayName;
private EventLogFilter(int id, String name, String displayName) {
this.id = id;
this.name = name;
this.displayName = displayName;
}
public String getName() {
return this.name;
}
public int getId() {
return this.id;
}
public String getDisplayName() {
return this.displayName;
}
@Override
public <T> T accept(AutopsyItemVisitor<T> v) {
return v.visit(this);
}
}
public EventLogs(SleuthkitCase skCase) {
this.skCase = skCase;
}
@Override
public <T> T accept(AutopsyItemVisitor<T> v) {
return v.visit(this);
}
public SleuthkitCase getSleuthkitCase() {
return this.skCase;
}
public static class EventLogsNode extends DisplayableItemNode {
private static final String NAME = "Event Logs";
private SleuthkitCase skCase;
EventLogsNode(SleuthkitCase skCase) {
super(Children.create(new EventLogsChildren(skCase), true), Lookups.singleton(NAME));
super.setName(NAME);
super.setDisplayName(NAME);
this.skCase = skCase;
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/text-file.png");
}
@Override
public TYPE getDisplayableItemNodeType() {
return TYPE.META;
}
@Override
public <T> T accept(DisplayableItemNodeVisitor<T> v) {
return v.visit(this);
}
@Override
protected Sheet createSheet() {
Sheet s = super.createSheet();
Sheet.Set ss = s.get(Sheet.PROPERTIES);
if (ss == null) {
ss = Sheet.createPropertiesSet();
s.put(ss);
}
ss.put(new NodeProperty("Name",
"Name",
"no description",
NAME));
return s;
}
}
public static class EventLogsChildren extends ChildFactory<EventLogs.EventLogFilter> {
private SleuthkitCase skCase;
public EventLogsChildren(SleuthkitCase skCase) {
this.skCase = skCase;
}
@Override
protected boolean createKeys(List<EventLogs.EventLogFilter> list) {
list.addAll(Arrays.asList(EventLogs.EventLogFilter.values()));
return true;
}
@Override
protected Node createNodeForKey(EventLogs.EventLogFilter key) {
return new EventLogNode(skCase, key);
}
public class EventLogNode extends DisplayableItemNode {
private SleuthkitCase skCase;
private EventLogs.EventLogFilter filter;
private final Logger logger = Logger.getLogger(EventLogNode.class.getName());
EventLogNode(SleuthkitCase skCase, EventLogs.EventLogFilter filter) {
super(Children.create(new EventLogChildren(filter, skCase), true), Lookups.singleton(filter.getDisplayName()));
super.setName(filter.getName());
this.skCase = skCase;
this.filter = filter;
String tooltip = filter.getDisplayName();
this.setShortDescription(tooltip);
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/text-file.png.png");
//get count of children without preloading all children nodes
final long count = new EventLogChildren(filter, skCase).calculateItems();
//final long count = getChildren().getNodesCount(true);
super.setDisplayName(filter.getDisplayName() + " (" + count + ")");
}
@Override
public <T> T accept(DisplayableItemNodeVisitor<T> v) {
return v.visit(this);
}
@Override
protected Sheet createSheet() {
Sheet s = super.createSheet();
Sheet.Set ss = s.get(Sheet.PROPERTIES);
if (ss == null) {
ss = Sheet.createPropertiesSet();
s.put(ss);
}
ss.put(new NodeProperty("Filter Type",
"Filter Type",
"no description",
filter.getDisplayName()));
return s;
}
@Override
public TYPE getDisplayableItemNodeType() {
return TYPE.META;
}
@Override
public boolean isLeafTypeNode() {
return true;
}
}
class EventLogChildren extends ChildFactory<AbstractFile> {
private SleuthkitCase skCase;
private EventLogs.EventLogFilter filter;
private final Logger logger = Logger.getLogger(EventLogsChildren.class.getName());
EventLogChildren(EventLogs.EventLogFilter filter, SleuthkitCase skCase) {
this.skCase = skCase;
this.filter = filter;
}
@Override
protected boolean createKeys(List<AbstractFile> list) {
list.addAll(runFsQuery());
return true;
}
private String makeQuery() {
String query = "";
switch (filter) {
case FS_EVENT_LOG_FILTER:
query = "name like '%.evt'";
break;
case ALL_EVENT_LOG_FILTER:
query = "name like '%.log'";
break;
default:
logger.log(Level.SEVERE, "Unsupported filter type to get log content: " + filter);
}
return query;
}
private List<AbstractFile> runFsQuery() {
List<AbstractFile> ret = new ArrayList<AbstractFile>();
String query = makeQuery();
try {
ret = skCase.findAllFilesWhere(query);
} catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error getting files for the event log content view using: " + query, e);
}
return ret;
}
/**
* Get children count without actually loading all nodes
*
* @return
*/
long calculateItems() {
try {
return skCase.countFilesWhere(makeQuery());
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error getting event log files search view count", ex);
return 0;
}
}
@Override
protected Node createNodeForKey(AbstractFile key) {
return key.accept(new ContentVisitor.Default<AbstractNode>() {
public FileNode visit(AbstractFile f) {
return new FileNode(f, false);
}
public FileNode visit(FsContent f) {
return new FileNode(f, false);
}
@Override
public FileNode visit(LayoutFile f) {
return new FileNode(f, false);
}
@Override
public FileNode visit(File f) {
return new FileNode(f, false);
}
@Override
public FileNode visit(Directory f) {
return new FileNode(f, false);
}
@Override
protected AbstractNode defaultVisit(Content di) {
throw new UnsupportedOperationException("Not supported for this type of Displayable Item: " + di.toString());
}
});
}
}
}
}

1
Core/src/org/sleuthkit/autopsy/datamodel/ViewsNode.java
View File

@ -37,7 +37,6 @@ public class ViewsNode extends DisplayableItemNode {
new FileTypeExtensionFilters(sleuthkitCase), new FileTypeExtensionFilters(sleuthkitCase),
new RecentFiles(sleuthkitCase), new RecentFiles(sleuthkitCase),
new DeletedContent(sleuthkitCase), new DeletedContent(sleuthkitCase),
new EventLogs(sleuthkitCase),
new FileSize(sleuthkitCase) new FileSize(sleuthkitCase)
)), )),
Lookups.singleton(NAME)); Lookups.singleton(NAME));