1895 find MD5 matches now disabled for non-relevant files, works for carved files

2025-07-12 07:56:16 +00:00 · 2017-06-08 13:36:09 -04:00 · 2017-06-08 13:36:09 -04:00 · ed9176563a
commit ed9176563a
parent cc02833991
2 changed files with 35 additions and 12 deletions
--- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
@ -29,6 +29,9 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.Directory;
+import org.sleuthkit.datamodel.LayoutFile;
+import org.sleuthkit.datamodel.SlackFile;
+import org.sleuthkit.datamodel.VirtualDirectory;

 /**
 * Searches for FsContent Files with the same MD5 hash as the given Node's
@ -90,6 +93,22 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
        protected AbstractFile defaultVisit(Content cntnt) {
            return null;
        }
+
+        @Override
+        public AbstractFile visit(LayoutFile lf) {
+            // layout files do not have times
+            return lf;
+        }
+
+        @Override
+        public AbstractFile visit(SlackFile f) {
+            return f;
+        }
+
+        @Override
+        public AbstractFile visit(VirtualDirectory dir) {
+            return ContentUtils.isDotDirectory(dir) ? null : dir;
+        }
    }

    /**
@ -100,7 +119,7 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
    @Override
    public void performAction() {
        // Make sure at least 1 file has an md5 hash
-        if (HashDbSearcher.countFilesMd5Hashed() > 0) {
+        if (file != null && HashDbSearcher.countFilesMd5Hashed() > 0) {
            doSearch();
        } else {
            JOptionPane.showMessageDialog(null,
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
@ -48,6 +48,7 @@ import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.LocalFile;
 import org.sleuthkit.datamodel.SlackFile;
+import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.datamodel.VirtualDirectory;

 /**
@ -109,47 +110,50 @@ class KeywordSearchFilterNode extends FilterNode {

        @Override
        public List<Action> visit(File f) {
-            return getFileActions();
+            return getFileActions(true);
        }

        @Override
        public List<Action> visit(DerivedFile f) {
-            return getFileActions();
+            return getFileActions(true);
        }

        @Override
        public List<Action> visit(Directory d) {
-            return getFileActions();
+            return getFileActions(false);
        }

        @Override
        public List<Action> visit(LayoutFile lf) {
-            // layout files do not have times
-            return getFileActions();
+            //we want hashsearch enabled on carved files but not unallocated blocks
+            boolean enableHashSearch = (lf.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.CARVED);
+            return getFileActions(enableHashSearch);
        }

        @Override
        public List<Action> visit(LocalFile lf) {
-            return getFileActions();
+            return getFileActions(true);
        }

        @Override
        public List<Action> visit(SlackFile f) {
-            return getFileActions();
+            return getFileActions(false);
        }

        @Override
        public List<Action> visit(VirtualDirectory dir) {
-            return getFileActions();
+            return getFileActions(false);
        }

-        private List<Action> getFileActions() {
+        private List<Action> getFileActions(boolean enableHashSearch) {
            List<Action> actionsList = new ArrayList<>();
            actionsList.add(new NewWindowViewAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.viewInNewWinActionLbl"), KeywordSearchFilterNode.this));
            actionsList.add(new ExternalViewerAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.openExternViewActLbl"), getOriginal()));
            actionsList.add(null);
            actionsList.add(ExtractAction.getInstance());
-            actionsList.add(new HashSearchAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.searchSameMd5"), getOriginal()));
+            Action hashSearchAction = new HashSearchAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.searchSameMd5"), getOriginal());
+            hashSearchAction.setEnabled(enableHashSearch);
+            actionsList.add(hashSearchAction);
            actionsList.add(null); // creates a menu separator
            actionsList.add(AddContentTagAction.getInstance());

@ -165,7 +169,7 @@ class KeywordSearchFilterNode extends FilterNode {

        @Override
        protected List<Action> defaultVisit(Content c) {
-            return getFileActions();
+            return getFileActions(false);
        }
    }
 }