Beispiel #1
0
  /**
   * Returns a List of FsContent objects from TSK based on sql query.
   *
   * @param image is a Image object that denotes which image to get the files from
   * @param query is a sql string query that is to be run
   * @return FFSqlitedb is a List of FsContent objects
   */
  @SuppressWarnings("deprecation")
  public List<FsContent> extractFiles(Image image, String query) {

    Collection<FileSystem> imageFS = tskCase.getFileSystems(image);
    List<String> fsIds = new LinkedList<String>();
    for (FileSystem img : imageFS) {
      Long tempID = img.getId();
      fsIds.add(tempID.toString());
    }

    String allFS = new String();
    for (int i = 0; i < fsIds.size(); i++) {
      if (i == 0) {
        allFS += " AND (0";
      }
      allFS += " OR fs_obj_id = '" + fsIds.get(i) + "'";
      if (i == fsIds.size() - 1) {
        allFS += ")";
      }
    }
    List<FsContent> FFSqlitedb = null;
    ResultSet rs = null;
    try {
      rs = tskCase.runQuery(query + allFS);
      FFSqlitedb = tskCase.resultSetToFsContents(rs);
    } catch (SQLException ex) {
      logger.log(
          Level.SEVERE, "Error while trying to extract files for:" + this.getClass().getName(), ex);
      this.addErrorMessage(this.getName() + ": Error while trying to extract files to analyze.");
    } finally {
      if (rs != null) {
        try {
          tskCase.closeRunQuery(rs);
        } catch (SQLException ex) {
          logger.log(
              Level.SEVERE,
              "Error while trying to close result set after extract files for:"
                  + this.getClass().getName(),
              ex);
        }
      }
    }
    return FFSqlitedb;
  }
Beispiel #2
0
  /**
   * Get a list of all the tag names. Uses a custom query for speed when dealing with thousands of
   * Tags.
   *
   * @return a list of all tag names.
   */
  @SuppressWarnings("deprecation")
  public static List<String> getTagNames() {
    Case currentCase = Case.getCurrentCase();
    SleuthkitCase skCase = currentCase.getSleuthkitCase();
    List<String> names = new ArrayList<>();

    ResultSet rs = null;
    try {
      rs =
          skCase.runQuery(
              "SELECT value_text"
                  + " FROM blackboard_attributes"
                  + " WHERE attribute_type_id = "
                  + ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()
                  + " GROUP BY value_text"
                  + " ORDER BY value_text");
      while (rs.next()) {
        names.add(rs.getString("value_text"));
      }
    } catch (SQLException ex) {
      logger.log(Level.SEVERE, "Failed to query the blackboard for tag names.");
    } finally {
      if (rs != null) {
        try {
          skCase.closeRunQuery(rs);
        } catch (SQLException ex) {
          logger.log(Level.SEVERE, "Failed to close the query for blackboard for tag names.");
        }
      }
    }

    // add the 'Bookmark' tag, if it's not already in the list
    if (!names.contains(BOOKMARK_TAG_NAME)) {
      names.add(BOOKMARK_TAG_NAME);
    }

    return names;
  }