Package org.sleuthkit.datamodel

Examples of org.sleuthkit.datamodel.AbstractFile

62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
                    // Only for mismatch results
                    if (nodeArt.getArtifactTypeName().equals("TSK_EXT_MISMATCH_DETECTED")) { //NON-NLS
                        String mimeTypeStr = "";                   
                        String extStr = "";
         
                        AbstractFile af = null;
                        try {
                            af = nodeArt.getSleuthkitCase().getAbstractFileById(nodeArt.getObjectID());
                        } catch (TskCoreException ex) {
                            Logger.getLogger(FileExtMismatchContextMenuActionsProvider.class.getName()).log(Level.SEVERE, "Error getting file by id", ex); //NON-NLS
                        }
                           
                        if (af != null) {
                            try {
                                int i = af.getName().lastIndexOf(".");
                                if ((i > -1) && ((i + 1) < af.getName().length())) {
                                    extStr = af.getName().substring(i + 1).toLowerCase();
                                }                   

                                ArrayList<BlackboardArtifact> artList = af.getAllArtifacts();
                                for (BlackboardArtifact art : artList) {
                                    List<BlackboardAttribute> atrList = art.getAttributes();
                                    for (BlackboardAttribute att : atrList) {
                                        if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) {                       
                                            mimeTypeStr = att.getValueString();
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
        }

        Case currentCase = Case.getCurrentCase();
        SleuthkitCase skCase = currentCase.getSleuthkitCase();
        try {
            AbstractFile f = skCase.getAbstractFileById(fId);
            try {
                resultSet = statement.executeQuery(
                        "Select address,date,type,subject,body FROM sms;");

                BlackboardArtifact bba;
                String address; // may be phone number, or other addresses
                String date;//unix time
                String type; // message received in inbox = 1, message sent = 2
                String subject;//message subject
                String body; //message body
                while (resultSet.next()) {
                    address = resultSet.getString("address");
                    date = resultSet.getString("date");
                    type = resultSet.getString("type");
                    subject = resultSet.getString("subject");
                    body = resultSet.getString("body");

                    bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
                   
                    // @@@ NEed to put into more specific TO or FROM
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
View Full Code Here
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
                this.tasksInProgress.remove(directoryTask);
            }

            // If the directory contains subdirectories or files, try to
            // enqueue tasks for them as well.
            final AbstractFile directory = directoryTask.getFile();
            try {
                for (Content child : directory.getChildren()) {
                    if (child instanceof AbstractFile) {
                        AbstractFile file = (AbstractFile) child;
                        FileIngestTask childTask = new FileIngestTask(directoryTask.getIngestJob(), file);
                        if (file.hasChildren()) {
                            // Found a subdirectory, put the task in the
                            // pending directory tasks queue. Note the
                            // addition of the task to the tasks in progress
                            // list. This is necessary because this is the
                            // first appearance of this task in the queues.
View Full Code Here
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
     *
     * @param task The task to be scrutinized.
     * @return True or false.
     */
    private static boolean shouldEnqueueFileTask(final FileIngestTask task) {
        final AbstractFile file = task.getFile();

        // Skip the task if the file is an unallocated space file and the
        // process unallocated space flag is not set for this job.
        if (!task.getIngestJob().shouldProcessUnallocatedSpace()
                && file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)) {
            return false;
        }

        // Skip the task if the file is actually the pseudo-file for the parent
        // or current directory.
        String fileName = file.getName();
        if (fileName.equals(".") || fileName.equals("..")) {
            return false;
        }

        // Skip the task if the file is one of a select group of special, large
        // NTFS or FAT file system files.
        if (file instanceof org.sleuthkit.datamodel.File) {
            final org.sleuthkit.datamodel.File f = (org.sleuthkit.datamodel.File) file;

            // Get the type of the file system, if any, that owns the file.
            TskData.TSK_FS_TYPE_ENUM fsType = TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_UNSUPP;
            try {
                FileSystem fs = f.getFileSystem();
                if (fs != null) {
                    fsType = fs.getFsType();
                }
            } catch (TskCoreException ex) {
                logger.log(Level.SEVERE, "Error querying file system for " + f, ex); //NON-NLS
            }

            // If the file system is not NTFS or FAT, don't skip the file.
            if ((fsType.getValue() & FAT_NTFS_FLAGS) == 0) {
                return true;
            }

            // Find out whether the file is in a root directory.
            boolean isInRootDir = false;
            try {
                AbstractFile parent = f.getParentDirectory();
                isInRootDir = parent.isRoot();
            } catch (TskCoreException ex) {
                logger.log(Level.WARNING, "Error querying parent directory for" + f.getName(), ex); //NON-NLS
            }

            // If the file is in the root directory of an NTFS or FAT file
View Full Code Here
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
        }

        Case currentCase = Case.getCurrentCase();
        SleuthkitCase skCase = currentCase.getSleuthkitCase();
        try {
            AbstractFile f = skCase.getAbstractFileById(fId);
            try {
                // get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
                //sorted by name, so phonenumber/email would be consecutive for a person if they exist.
                resultSet = statement.executeQuery(
                        "SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n"
                        + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n"
                        + "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) "
                        + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n"
                        + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n"
                        + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
                        + "ORDER BY name_raw_contact.display_name ASC;");

                BlackboardArtifact bba;
                bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
                String name;
                String oldName = "";
                String mimetype; // either phone or email
                String data1; // the phone number or email
                while (resultSet.next()) {
                    name = resultSet.getString("display_name");
                    data1 = resultSet.getString("data1");
                    mimetype = resultSet.getString("mimetype");
//                    System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code
                    if (name.equals(oldName) == false) {
                        bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
                        bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
                    }
                    if (mimetype.equals("vnd.android.cursor.item/phone_v2")) {
                        bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1));
                    } else {
View Full Code Here
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
        }

        Case currentCase = Case.getCurrentCase();
        SleuthkitCase skCase = currentCase.getSleuthkitCase();
        try {
            AbstractFile f = skCase.getAbstractFileById(fId);
            try {
                resultSet = statement.executeQuery(
                        "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;");

                BlackboardArtifact bba;
                String name; // name of person dialed or called. null if unregistered
                String number; //string phone number
                String duration; //duration of call in seconds
                String date; // Unix time
                String type; // 1 incoming, 2 outgoing, 3 missed

                while (resultSet.next()) {
                    name = resultSet.getString("name");
                    number = resultSet.getString("number");
                    duration = resultSet.getString("duration");
                    date = resultSet.getString("date");
                    type = resultSet.getString("type");

                    bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, number));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
View Full Code Here
101
102
103
104
105
106
107
108
109
110
111
                final TimeLineEvent eventById = filteredEvents.getEventById(eventID);
                try {
                    if (eventById.getType().getSuperType() == BaseTypes.FILE_SYSTEM) {
                        return new EventNode(eventById, Case.getCurrentCase().getSleuthkitCase().getAbstractFileById(eventById.getFileID()));
                    } else {
                        AbstractFile file = Case.getCurrentCase().getSleuthkitCase().getAbstractFileById(eventById.getFileID());
                        BlackboardArtifact blackboardArtifact = Case.getCurrentCase().getSleuthkitCase().getBlackboardArtifact(eventById.getArtifactID());

                        return new EventNode(eventById, file, blackboardArtifact);
                    }
View Full Code Here
TOP

Related Classes of org.sleuthkit.datamodel.AbstractFile

  • org.sleuthkit.autopsy.casemodule.services.FileManager
  • org.sleuthkit.autopsy.contentviewers.Metadata
  • org.sleuthkit.autopsy.corecomponents.DataContentViewerMedia
  • org.sleuthkit.autopsy.corecomponents.DataResultViewerThumbnail$ExplorerManagerNodeSelectionListener
  • org.sleuthkit.autopsy.coreutils.ImageUtils
  • org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode
  • org.sleuthkit.autopsy.datamodel.ContentTagNode
  • org.sleuthkit.autopsy.datamodel.KeyValueNode
  • org.sleuthkit.autopsy.datamodel.KeywordHits$HitsFactory
  • org.sleuthkit.autopsy.datamodel.KnownFileFilterNode$KnownFileFilterChildren
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.