/** * Get the data model Content objects in the root of this case's hierarchy. * * @return a list of the root objects */ public List<Content> getRootObjects() { try { return db.getRootObjects(); } catch (TskException ex) { throw new RuntimeException("Error getting root objects.", ex); } }
/** * Creates a new case (create the XML config file and database) * * @param caseDir The directory to store case data in. Will be created if it doesn't already * exist. If it exists, it should have all of the needed sub dirs that createCaseDirectory() * will create. * @param caseName the name of case * @param caseNumber the case number * @param examiner the examiner for this case */ public static void create(String caseDir, String caseName, String caseNumber, String examiner) throws CaseActionException { logger.log( Level.INFO, "Creating new case.\ncaseDir: {0}\ncaseName: {1}", new Object[] {caseDir, caseName}); // create case directory if it doesn't already exist. if (new File(caseDir).exists() == false) { Case.createCaseDirectory(caseDir); } String configFilePath = caseDir + File.separator + caseName + CASE_DOT_EXTENSION; XMLCaseManagement xmlcm = new XMLCaseManagement(); xmlcm.create(caseDir, caseName, examiner, caseNumber); // create a new XML config file xmlcm.writeFile(); String dbPath = caseDir + File.separator + "autopsy.db"; SleuthkitCase db = null; try { db = SleuthkitCase.newCase(dbPath); } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Error creating a case: " + caseName + " in dir " + caseDir, ex); throw new CaseActionException( "Error creating a case: " + caseName + " in dir " + caseDir, ex); } Case newCase = new Case(caseName, caseNumber, examiner, configFilePath, xmlcm, db); changeCase(newCase); }
/** * Returns a List of FsContent objects from TSK based on sql query. * * @param image is a Image object that denotes which image to get the files from * @param query is a sql string query that is to be run * @return FFSqlitedb is a List of FsContent objects */ @SuppressWarnings("deprecation") public List<FsContent> extractFiles(Image image, String query) { Collection<FileSystem> imageFS = tskCase.getFileSystems(image); List<String> fsIds = new LinkedList<String>(); for (FileSystem img : imageFS) { Long tempID = img.getId(); fsIds.add(tempID.toString()); } String allFS = new String(); for (int i = 0; i < fsIds.size(); i++) { if (i == 0) { allFS += " AND (0"; } allFS += " OR fs_obj_id = '" + fsIds.get(i) + "'"; if (i == fsIds.size() - 1) { allFS += ")"; } } List<FsContent> FFSqlitedb = null; ResultSet rs = null; try { rs = tskCase.runQuery(query + allFS); FFSqlitedb = tskCase.resultSetToFsContents(rs); } catch (SQLException ex) { logger.log( Level.SEVERE, "Error while trying to extract files for:" + this.getClass().getName(), ex); this.addErrorMessage(this.getName() + ": Error while trying to extract files to analyze."); } finally { if (rs != null) { try { tskCase.closeRunQuery(rs); } catch (SQLException ex) { logger.log( Level.SEVERE, "Error while trying to close result set after extract files for:" + this.getClass().getName(), ex); } } } return FFSqlitedb; }
static Map<Long, String> getImagePaths(SleuthkitCase db) { // TODO: clean this up Map<Long, String> imgPaths = new HashMap<Long, String>(); try { Map<Long, List<String>> imgPathsList = db.getImagePaths(); for (Map.Entry<Long, List<String>> entry : imgPathsList.entrySet()) { if (entry.getValue().size() > 0) { imgPaths.put(entry.getKey(), entry.getValue().get(0)); } } } catch (TskException ex) { logger.log(Level.WARNING, "Error getting image paths", ex); } return imgPaths; }
/** * Adds the image to the current case after it has been added to the DB Sends out event and * reopens windows if needed. * * @param imgPaths the paths of the image that being added * @param imgId the ID of the image that being added * @param timeZone the timeZone of the image where it's added */ Image addImage(String imgPath, long imgId, String timeZone) throws CaseActionException { logger.log( Level.INFO, "Adding image to Case. imgPath: {0} ID: {1} TimeZone: {2}", new Object[] {imgPath, imgId, timeZone}); try { Image newImage = db.getImageById(imgId); pcs.firePropertyChange( CASE_ADD_DATA_SOURCE, null, newImage); // the new value is the instance of the image CoreComponentControl.openCoreWindows(); return newImage; } catch (Exception ex) { throw new CaseActionException("Error adding image to the case", ex); } }
/** * Opens the existing case (open the XML config file) * * @param configFilePath the path of the configuration file that's opened * @throws CaseActionException */ static void open(String configFilePath) throws CaseActionException { logger.log(Level.INFO, "Opening case.\nconfigFilePath: {0}", configFilePath); try { XMLCaseManagement xmlcm = new XMLCaseManagement(); xmlcm.open( configFilePath); // open and load the config file to the document handler in the XML class xmlcm.writeFile(); // write any changes to the config file String caseName = xmlcm.getCaseName(); String caseNumber = xmlcm.getCaseNumber(); String examiner = xmlcm.getCaseExaminer(); // if the caseName is "", case / config file can't be opened if (caseName.equals("")) { throw new CaseActionException("Case name is blank."); } String caseDir = xmlcm.getCaseDirectory(); String dbPath = caseDir + File.separator + "autopsy.db"; SleuthkitCase db = SleuthkitCase.openCase(dbPath); checkImagesExist(db); Case openedCase = new Case(caseName, caseNumber, examiner, configFilePath, xmlcm, db); changeCase(openedCase); } catch (Exception ex) { logger.log(Level.SEVERE, "Error opening the case: ", ex); // close the previous case if there's any CaseCloseAction closeCase = SystemAction.get(CaseCloseAction.class); closeCase.actionPerformed(null); if (!configFilePath.endsWith(CASE_DOT_EXTENSION)) { throw new CaseActionException( "Check that you selected the correct case file (usually with " + CASE_DOT_EXTENSION + " extension)", ex); } else { throw new CaseActionException("Error opening the case", ex); } } }
public List<Image> getImages() throws TskCoreException { return db.getImages(); }