mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-19 11:07:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

worked through queries

Browse Source
This commit is contained in:
Greg DiCristofaro 2020-08-05 15:40:38 -04:00
parent 034b51943c
commit ed4cb22bac
3 changed files with 47 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
Core/src/org/sleuthkit/autopsy/casemodule/datasourcesummary/DataSourceInfoUtilities.java
View File

@ -37,6 +37,8 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.DataSource; import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM;
import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM; import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
/** /**
@ -62,9 +64,9 @@ final class DataSourceInfoUtilities {
try { try {
SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
return skCase.countFilesWhere( return skCase.countFilesWhere(
"dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue() "data_source_obj_id=" + currentDataSource.getId()
+ " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue()
+ " AND name<>''" + " AND name<>''"
+ " AND data_source_obj_id=" + currentDataSource.getId()
+ (StringUtils.isBlank(additionalWhere) ? "" : (" AND " + additionalWhere))); + (StringUtils.isBlank(additionalWhere) ? "" : (" AND " + additionalWhere)));
} catch (TskCoreException | NoCurrentCaseException ex) { } catch (TskCoreException | NoCurrentCaseException ex) {
logger.log(Level.WARNING, onError, ex); logger.log(Level.WARNING, onError, ex);
@ -87,7 +89,7 @@ final class DataSourceInfoUtilities {
private static Long getCountOfRegularFiles(DataSource currentDataSource, String additionalWhere, String onError) { private static Long getCountOfRegularFiles(DataSource currentDataSource, String additionalWhere, String onError) {
String whereClause = "meta_type=" + TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() String whereClause = "meta_type=" + TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
+ " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType(); + " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType();
if (StringUtils.isNotBlank(additionalWhere)) { if (StringUtils.isNotBlank(additionalWhere)) {
whereClause += " AND " + additionalWhere; whereClause += " AND " + additionalWhere;
} }
@ -107,6 +109,19 @@ final class DataSourceInfoUtilities {
"Unable to get count of files, providing empty results"); "Unable to get count of files, providing empty results");
} }
/**
* Get count of allocated files in a data source.
*
* @param currentDataSource The data source.
*
* @return The count.
*/
static Long getCountOfAllocatedFiles(DataSource currentDataSource) {
return getCountOfRegularFiles(currentDataSource,
getMetaFlagsContainsStatement(TSK_FS_META_FLAG_ENUM.ALLOC),
"Unable to get counts of unallocated files for datasource, providing empty results");
}
/** /**
* Get count of unallocated files in a data source. * Get count of unallocated files in a data source.
* *
@ -116,7 +131,8 @@ final class DataSourceInfoUtilities {
*/ */
static Long getCountOfUnallocatedFiles(DataSource currentDataSource) { static Long getCountOfUnallocatedFiles(DataSource currentDataSource) {
return getCountOfRegularFiles(currentDataSource, return getCountOfRegularFiles(currentDataSource,
"dir_flags=" + TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC.getValue(), getMetaFlagsContainsStatement(TSK_FS_META_FLAG_ENUM.UNALLOC)
+ " AND type<>" + TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType(),
"Unable to get counts of unallocated files for datasource, providing empty results"); "Unable to get counts of unallocated files for datasource, providing empty results");
} }
@ -129,8 +145,8 @@ final class DataSourceInfoUtilities {
*/ */
static Long getCountOfDirectories(DataSource currentDataSource) { static Long getCountOfDirectories(DataSource currentDataSource) {
return getCountOfTskFiles(currentDataSource, return getCountOfTskFiles(currentDataSource,
"type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType() "meta_type=" + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()
+ " AND meta_type=" + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue(), + " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType(),
"Unable to get count of directories for datasource, providing empty results"); "Unable to get count of directories for datasource, providing empty results");
} }
@ -142,8 +158,9 @@ final class DataSourceInfoUtilities {
* @return The count. * @return The count.
*/ */
static Long getCountOfSlackFiles(DataSource currentDataSource) { static Long getCountOfSlackFiles(DataSource currentDataSource) {
return getCountOfTskFiles(currentDataSource, return getCountOfRegularFiles(currentDataSource,
"type=" + TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType(), getMetaFlagsContainsStatement(TSK_FS_META_FLAG_ENUM.UNALLOC)
+ " AND type=" + TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType(),
"Unable to get count of slack files for datasources, providing empty results"); "Unable to get count of slack files for datasources, providing empty results");
} }
@ -195,9 +212,11 @@ final class DataSourceInfoUtilities {
final String valueParam = "value"; final String valueParam = "value";
final String countParam = "count"; final String countParam = "count";
String query = "SELECT SUM(size) AS " + valueParam + ", COUNT(*) AS " + countParam String query = "SELECT SUM(size) AS " + valueParam + ", COUNT(*) AS " + countParam
+ " FROM tsk_files WHERE type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType() + " FROM tsk_files"
+ " WHERE " + getMetaFlagsContainsStatement(TSK_FS_META_FLAG_ENUM.UNALLOC)
+ " AND type<>" + TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType()
+ " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()
+ " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue() + " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue()
+ " AND dir_flags=" + TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC.getValue()
+ " AND name<>''" + " AND name<>''"
+ " AND data_source_obj_id=" + currentDataSource.getId(); + " AND data_source_obj_id=" + currentDataSource.getId();
@ -400,11 +419,12 @@ final class DataSourceInfoUtilities {
*/ */
static Map<Long, Long> getCountsOfFiles() { static Map<Long, Long> getCountsOfFiles() {
try { try {
final String countFilesQuery = "data_source_obj_id, COUNT(*) AS value" final String countFilesQuery = "data_source_obj_id, COUNT(*) AS value FROM tsk_files"
+ " FROM tsk_files WHERE type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType() + " WHERE meta_type=" + TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
+ "AND meta_type=" + TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue() + " AND type<>" + TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()
+ " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue() + " AND dir_type<>" + TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR.getValue()
+ " AND name<>'' GROUP BY data_source_obj_id"; //NON-NLS + " AND name<>''"
+ " GROUP BY data_source_obj_id"; //NON-NLS
return getValuesMap(countFilesQuery); return getValuesMap(countFilesQuery);
} catch (TskCoreException | NoCurrentCaseException ex) { } catch (TskCoreException | NoCurrentCaseException ex) {
logger.log(Level.WARNING, "Unable to get counts of files for all datasources, providing empty results", ex); logger.log(Level.WARNING, "Unable to get counts of files for all datasources, providing empty results", ex);
@ -536,6 +556,18 @@ final class DataSourceInfoUtilities {
return String.format("(%s) ", commaSeparatedQuoted); return String.format("(%s) ", commaSeparatedQuoted);
} }
/**
* Creates sql where clause that does a bitwise check to see if flag is
* present.
*
* @param flag The flag for which to check.
*
* @return The clause.
*/
private static String getMetaFlagsContainsStatement(TSK_FS_META_FLAG_ENUM flag) {
return "meta_flags & " + flag.getValue() + " > 0";
}
/** /**
* Helper method to execute a select query with a * Helper method to execute a select query with a
* DataSourceSingleValueCallback. * DataSourceSingleValueCallback.

3
Core/src/org/sleuthkit/autopsy/casemodule/datasourcesummary/DataSourceSummaryCountsPanel.form
View File

@ -39,9 +39,6 @@
<Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor"> <Property name="minimumSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="[840, 320]"/> <Dimension value="[840, 320]"/>
</Property> </Property>
<Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
<Dimension value="null"/>
</Property>
</Properties> </Properties>
<AuxValues> <AuxValues>
<AuxValue name="JavaCodeGenerator_VariableLocal" type="java.lang.Boolean" value="true"/> <AuxValue name="JavaCodeGenerator_VariableLocal" type="java.lang.Boolean" value="true"/>

21
Core/src/org/sleuthkit/autopsy/casemodule/datasourcesummary/DataSourceSummaryCountsPanel.java
View File

@ -77,7 +77,6 @@ class DataSourceSummaryCountsPanel extends javax.swing.JPanel {
artifactCountsTable.getTableHeader().setReorderingAllowed(false); artifactCountsTable.getTableHeader().setReorderingAllowed(false);
setDataSource(null); setDataSource(null);
} }
/** /**
* The datasource currently used as the model in this panel. * The datasource currently used as the model in this panel.
@ -138,7 +137,7 @@ class DataSourceSummaryCountsPanel extends javax.swing.JPanel {
private static Object[][] getFileCategoryModel(DataSource selectedDataSource) { private static Object[][] getFileCategoryModel(DataSource selectedDataSource) {
Long fileCount = zeroIfNull(DataSourceInfoUtilities.getCountOfFiles(selectedDataSource)); Long fileCount = zeroIfNull(DataSourceInfoUtilities.getCountOfFiles(selectedDataSource));
Long unallocatedFiles = zeroIfNull(DataSourceInfoUtilities.getCountOfUnallocatedFiles(selectedDataSource)); Long unallocatedFiles = zeroIfNull(DataSourceInfoUtilities.getCountOfUnallocatedFiles(selectedDataSource));
Long allocatedFiles = zeroIfNull(getAllocatedCount(fileCount, unallocatedFiles)); Long allocatedFiles = zeroIfNull(DataSourceInfoUtilities.getCountOfAllocatedFiles(selectedDataSource));
Long slackFiles = zeroIfNull(DataSourceInfoUtilities.getCountOfSlackFiles(selectedDataSource)); Long slackFiles = zeroIfNull(DataSourceInfoUtilities.getCountOfSlackFiles(selectedDataSource));
Long directories = zeroIfNull(DataSourceInfoUtilities.getCountOfDirectories(selectedDataSource)); Long directories = zeroIfNull(DataSourceInfoUtilities.getCountOfDirectories(selectedDataSource));
@ -162,24 +161,6 @@ class DataSourceSummaryCountsPanel extends javax.swing.JPanel {
return origValue == null ? 0 : origValue; return origValue == null ? 0 : origValue;
} }
/**
* Safely gets the allocated files count.
*
* @param allFilesCount The count of all files.
* @param unallocatedFilesCount The count of unallocated files.
*
* @return The count of allocated files.
*/
private static long getAllocatedCount(Long allFilesCount, Long unallocatedFilesCount) {
if (allFilesCount == null) {
return 0;
} else if (unallocatedFilesCount == null) {
return allFilesCount;
} else {
return allFilesCount - unallocatedFilesCount;
}
}
/** /**
* The counts of different artifact types found in a DataSource. * The counts of different artifact types found in a DataSource.
* *