Examples of org.sleuthkit.datamodel.AbstractFile

org.sleuthkit.datamodel.AbstractFile
Common fields methods for objects stored in tsk_files table Abstract files are divided into subtypes defined in TSK_DB_FILES_TYPE_ENUM and further divided into files and directories

            
            if (failsContentCheck(content)) {
                continue;
            }
            
            AbstractFile file = (AbstractFile) content; 


            // save copies of the orginal image and thumbnail image
            String thumbnailPath = prepareThumbnail(file);
            if (thumbnailPath == null) {
                continue;
            }
            String contentPath = saveContent(file, "thumbs_fullsize"); //NON-NLS
            String nameInImage;
            try {
                nameInImage = file.getUniquePath();
            } catch (TskCoreException ex) {
                nameInImage = file.getName();
            }
            
            StringBuilder linkToThumbnail = new StringBuilder();
            linkToThumbnail.append("<a href=\""); //NON-NLS
            linkToThumbnail.append(contentPath);
            linkToThumbnail.append("\">");
            linkToThumbnail.append("<img src=\"").append(thumbnailPath).append("\" title=\"").append(nameInImage).append("\"/>"); //NON-NLS
            linkToThumbnail.append("</a><br>"); //NON-NLS
            linkToThumbnail.append(file.getName()).append("<br>"); //NON-NLS
            
            Services services = currentCase.getServices();
            TagsManager tagsManager = services.getTagsManager();
            try {
                List<ContentTag> tags = tagsManager.getContentTagsByContent(content);

View Full Code Here

    
    private boolean failsContentCheck(Content c) {
        if (c instanceof AbstractFile == false) {
            return true;
        }
        AbstractFile file = (AbstractFile) c;
        if (file.isDir() ||
            file.getType() == TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS ||
            file.getType() == TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) {
            return true;
        }
        return false;
    }

View Full Code Here

                File localFile = new File(localPath);
                if (localFile.exists()) {
                    String relativePath = this.getPathRelativeToCaseFolder(localPath);
                    if (!relativePath.isEmpty()) {
                        String parentFilePath = fileData.getParentPath();
                        AbstractFile parentFile = findFileInCaseDatabase(parentFilePath);
                        if (parentFile != null) {
                            DerivedFile derivedFile = fileManager.addDerivedFile(localFile.getName(), relativePath, localFile.length(),
                                    0, 0, 0, 0, // Do not currently have file times for derived files from external processes.
                                    true, parentFile,
                                    "", "", "", ""); // Not currently providing derivation info for derived files from external processes.

View Full Code Here

            }
        }
    }


    private AbstractFile findFileInCaseDatabase(String filePath) throws TskCoreException {
        AbstractFile file = null;
        // Split the path into the file name and the parent path.
        String fileName = filePath;
        String parentPath = "";
        int charPos = filePath.lastIndexOf("/");
        if (charPos >= 0) {

View Full Code Here

        
        // If mismatch, add props for extension and file type
        if (artifactTypeId == BlackboardArtifact.ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED.getTypeID()) {
            String ext = "";
            if (associated instanceof AbstractFile) {
                AbstractFile af = (AbstractFile) associated;
                ext = af.getNameExtension();
            }
            ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "BlackboardArtifactNode.createSheet.ext.name"),
                                    NbBundle.getMessage(this.getClass(), "BlackboardArtifactNode.createSheet.ext.displayName"),
                                    NO_DESCR,
                                    ext));
            
            try {
                String actualMimeType = "";
                ArrayList<BlackboardArtifact> artList = associated.getAllArtifacts();
                for (BlackboardArtifact art : artList) {
                    List<BlackboardAttribute> atrList = art.getAttributes();
                    for (BlackboardAttribute att : atrList) {
                        if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) {                        
                            actualMimeType = att.getValueString();
                        }
                    }                
                }
                if (actualMimeType.isEmpty()) {
                    logger.log(Level.WARNING, "Could not find expected TSK_FILE_TYPE_SIG attribute."); //NON-NLS
                } else {
                    ss.put(new NodeProperty<>(
                            NbBundle.getMessage(this.getClass(), "BlackboardArtifactNode.createSheet.mimeType.name"),
                            NbBundle.getMessage(this.getClass(), "BlackboardArtifactNode.createSheet.mimeType.displayName"),
                            NO_DESCR,
                            actualMimeType));
                }
            } catch (TskCoreException ex) {
                logger.log(Level.WARNING, "Error while searching for TSK_FILE_TYPE_SIG attribute: ", ex); //NON-NLS
            }            
        }        
        
        if (Arrays.asList(SHOW_UNIQUE_PATH).contains(artifactTypeId)) {
            String sourcePath = "";
            try {
                sourcePath = associated.getUniquePath();
            } catch (TskCoreException ex) {
                logger.log(Level.WARNING, "Failed to get unique path from: {0}", associated.getName()); //NON-NLS
            }


            if (sourcePath.isEmpty() == false) {
                ss.put(new NodeProperty<>(
                        NbBundle.getMessage(this.getClass(), "BlackboardArtifactNode.createSheet.filePath.name"),
                        NbBundle.getMessage(this.getClass(), "BlackboardArtifactNode.createSheet.filePath.displayName"),
                        NO_DESCR,
                        sourcePath));
            }
            
            if (Arrays.asList(SHOW_FILE_METADATA).contains(artifactTypeId)) {
                AbstractFile file = associated instanceof AbstractFile ? (AbstractFile)associated : null;        
                ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileModifiedTime.name"),
                        NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileModifiedTime.displayName"),
                        "",
                        file != null ? ContentUtils.getStringTime(file.getMtime(), file) : ""));
                ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileChangedTime.name"),
                        NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileChangedTime.displayName"),
                        "",
                        file != null ? ContentUtils.getStringTime(file.getCtime(), file) : ""));
                ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileAccessedTime.name"),
                        NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileAccessedTime.displayName"),
                        "",
                        file != null ? ContentUtils.getStringTime(file.getAtime(), file) : ""));
                ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileCreatedTime.name"),
                        NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileCreatedTime.displayName"),
                        "",
                        file != null ? ContentUtils.getStringTime(file.getCrtime(), file) : ""));
                ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileSize.name"),
                        NbBundle.getMessage(this.getClass(), "ContentTagNode.createSheet.fileSize.displayName"),
                        "",
                        associated.getSize()));             
            }

View Full Code Here

            for (final Long fID : files) {
                if (isCancelled()) {
                    break;
                } else {
                    try {
                        AbstractFile f = skCase.getAbstractFileById(fID);
                        //TODO: This is broken for logical files? fix -jm
                        //TODO: logical files don't necessarily have valid timestamps, so ... -jm
                        final String uniquePath = f.getUniquePath();
                        final String parentPath = f.getParentPath();
                        String datasourceName = StringUtils.substringBefore(StringUtils.stripStart(uniquePath, "/"), parentPath);
                        String rootFolder = StringUtils.substringBetween(parentPath, "/", "/");
                        String shortDesc = datasourceName + "/" + StringUtils.defaultIfBlank(rootFolder, "");
                        String medD = datasourceName  + parentPath;


                        //insert it into the db if time is > 0  => time is legitimate (drops logical files)
                        if (f.getAtime() > 0) {
                            eventDB.insertEvent(f.getAtime(), FileSystemTypes.FILE_ACCESSED, fID, null, uniquePath, medD, shortDesc, f.getKnown(), trans);
                        }
                        if (f.getMtime() > 0) {
                            eventDB.insertEvent(f.getMtime(), FileSystemTypes.FILE_MODIFIED, fID, null, uniquePath, medD, shortDesc, f.getKnown(), trans);
                        }
                        if (f.getCtime() > 0) {
                            eventDB.insertEvent(f.getCtime(), FileSystemTypes.FILE_CHANGED, fID, null, uniquePath, medD, shortDesc, f.getKnown(), trans);
                        }
                        if (f.getCrtime() > 0) {
                            eventDB.insertEvent(f.getCrtime(), FileSystemTypes.FILE_CREATED, fID, null, uniquePath, medD, shortDesc, f.getKnown(), trans);
                        }


                        process(Arrays.asList(new ProgressWindow.ProgressUpdate(i, numFiles, "populating mac events for files: ", f.getName())));
                    } catch (TskCoreException tskCoreException) {
                        LOGGER.log(Level.WARNING, "failed to insert mac event for file : " + fID, tskCoreException);
                    }
                }
                i++;

View Full Code Here

            final long fileID = Long.parseLong(resultID.substring(0, sepIndex));
            final int chunkId = Integer.parseInt(resultID.substring(sepIndex + 1));
            //logger.log(Level.INFO, "file id: " + fileID + ", chunkID: " + chunkId);


            try {
                AbstractFile resultAbstractFile = sc.getAbstractFileById(fileID);
                contentHit = new ContentHit(resultAbstractFile, chunkId);
                if (snippet.isEmpty() == false) {
                    contentHit.setSnippet(snippet);
                }
            } catch (TskException ex) {
                logger.log(Level.WARNING, "Could not get the AbstractFile for keyword hit, ", ex); //NON-NLS
                //something wrong with case/db
                throw ex;
            }


        } else {
            final long fileID = Long.parseLong(resultID);


            try {
                AbstractFile resultAbstractFile = sc.getAbstractFileById(fileID);
                contentHit = new ContentHit(resultAbstractFile);
                if (snippet.isEmpty() == false) {
                    contentHit.setSnippet(snippet);
                }
            } catch (TskException ex) {

View Full Code Here

    LinkedHashMap<AbstractFile, ContentHit> getUniqueFiles() {
        LinkedHashMap<AbstractFile, ContentHit> flattened = new LinkedHashMap<>();


        for (Keyword keyWord : getKeywords()) {
            for (ContentHit hit : getResults(keyWord)) {
                AbstractFile abstractFile = hit.getContent();
                //flatten, record first chunk encountered
                if (!flattened.containsKey(abstractFile)) {
                    flattened.put(abstractFile, hit);
                }
            }

View Full Code Here

     * @return Map of Abstract files and the chunk with the first hit
     */
    Map<AbstractFile, Integer> getUniqueFiles(Keyword keyword) {
        Map<AbstractFile, Integer> ret = new LinkedHashMap<>();
        for (ContentHit h : getResults(keyword)) {
            AbstractFile f = h.getContent();
            if (!ret.containsKey(f)) {
                ret.put(f, h.getChunkId());
            }
        }

View Full Code Here

    public boolean isSupported(Node node) {
        if (node == null) {
            return false;
        }


        AbstractFile file = node.getLookup().lookup(AbstractFile.class);
        if (file == null) {
            return false;
        }


        if (file.getSize() == 0) {
            return false;
        }
        
        if (imagePanelInited) {
            if (isImageSupported(file))

View Full Code Here

0 1 2 3 4

TOP

Related Classes of org.sleuthkit.datamodel.AbstractFile

org.sleuthkit.autopsy.casemodule.services.FileManager

org.sleuthkit.autopsy.contentviewers.Metadata

org.sleuthkit.autopsy.corecomponents.DataContentViewerMedia

org.sleuthkit.autopsy.corecomponents.DataResultViewerThumbnail$ExplorerManagerNodeSelectionListener

org.sleuthkit.autopsy.coreutils.ImageUtils

org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode

org.sleuthkit.autopsy.datamodel.ContentTagNode

org.sleuthkit.autopsy.datamodel.KeyValueNode

org.sleuthkit.autopsy.datamodel.KeywordHits$HitsFactory

org.sleuthkit.autopsy.datamodel.KnownFileFilterNode$KnownFileFilterChildren

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.