/* * Autopsy Forensic Browser * * Copyright 2011 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.sleuthkit.autopsy.hashdatabase; import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import javax.swing.SwingWorker; import org.netbeans.api.progress.ProgressHandle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.SleuthkitCase; /** * Searches by MD5 hash to find all files with the same hash, and * subsequently the same content. */ public class HashDbSearcher { /** * Given a string hash value, find all files with that hash. * @param md5Hash hash value to match files with * @return a List of all FsContent with the given hash */ static List findFilesByMd5(String md5Hash) { final Case currentCase = Case.getCurrentCase(); final SleuthkitCase skCase = currentCase.getSleuthkitCase(); return skCase.findFilesByMd5(md5Hash); } /** * Given a list of string hash values, returns a map of md5 hashes * to the list of files hit. * @param md5Hash hash values to match files with * @return a Map of md5 hashes mapped to the list of files hit */ static Map> findFilesBymd5(List md5Hash) { Map> map = new LinkedHashMap>(); for(String md5 : md5Hash) { List files = findFilesByMd5(md5); if(!files.isEmpty()) { map.put(md5, files); } } return map; } // Same as above, but with a given ProgressHandle to accumulate and StringWorker to check if cancelled static Map> findFilesBymd5(List md5Hash, ProgressHandle progress, SwingWorker worker) { Map> map = new LinkedHashMap>(); if(!worker.isCancelled()) { progress.switchToDeterminate(md5Hash.size()); int size = 0; for(String md5 : md5Hash) { if(worker.isCancelled()) { break; } List files = findFilesByMd5(md5); if(!files.isEmpty()) { map.put(md5, files); } size++; if(!worker.isCancelled()) { progress.progress(size); } } } return map; } /** * Given a file, returns a list of all files with the same * hash as the given file. * @param file file with which to match hash values with * @return a List of all FsContent with the same hash as file */ static List findFiles(FsContent file) { String md5; if((md5 = file.getMd5Hash()) != null) { return findFilesByMd5(md5); } else { return new ArrayList(); } } /** * Checks if the search feature is ready/enabled. Does so by checking * if there are no Fs files in tsk_files that have and empty md5. * @return true if the search feature is ready. */ static boolean allFilesMd5Hashed() { final Case currentCase = Case.getCurrentCase(); final SleuthkitCase skCase = currentCase.getSleuthkitCase(); return skCase.allFilesMd5Hashed(); } /** * Counts the number of FsContent in the database that have an MD5 * @return the number of files with an MD5 */ static int countFilesMd5Hashed() { final Case currentCase = Case.getCurrentCase(); final SleuthkitCase skCase = currentCase.getSleuthkitCase(); return skCase.countFilesMd5Hashed(); } }