Example #1
0
 /**
  * Get the data model Content objects in the root of this case's hierarchy.
  *
  * @return a list of the root objects
  */
 public List<Content> getRootObjects() {
   try {
     return db.getRootObjects();
   } catch (TskException ex) {
     throw new RuntimeException("Error getting root objects.", ex);
   }
 }
Example #2
0
  /**
   * Creates a new case (create the XML config file and database)
   *
   * @param caseDir The directory to store case data in. Will be created if it doesn't already
   *     exist. If it exists, it should have all of the needed sub dirs that createCaseDirectory()
   *     will create.
   * @param caseName the name of case
   * @param caseNumber the case number
   * @param examiner the examiner for this case
   */
  public static void create(String caseDir, String caseName, String caseNumber, String examiner)
      throws CaseActionException {
    logger.log(
        Level.INFO,
        "Creating new case.\ncaseDir: {0}\ncaseName: {1}",
        new Object[] {caseDir, caseName});

    // create case directory if it doesn't already exist.
    if (new File(caseDir).exists() == false) {
      Case.createCaseDirectory(caseDir);
    }

    String configFilePath = caseDir + File.separator + caseName + CASE_DOT_EXTENSION;

    XMLCaseManagement xmlcm = new XMLCaseManagement();
    xmlcm.create(caseDir, caseName, examiner, caseNumber); // create a new XML config file
    xmlcm.writeFile();

    String dbPath = caseDir + File.separator + "autopsy.db";
    SleuthkitCase db = null;
    try {
      db = SleuthkitCase.newCase(dbPath);
    } catch (TskCoreException ex) {
      logger.log(Level.SEVERE, "Error creating a case: " + caseName + " in dir " + caseDir, ex);
      throw new CaseActionException(
          "Error creating a case: " + caseName + " in dir " + caseDir, ex);
    }

    Case newCase = new Case(caseName, caseNumber, examiner, configFilePath, xmlcm, db);

    changeCase(newCase);
  }
Example #3
0
  /**
   * Returns a List of FsContent objects from TSK based on sql query.
   *
   * @param image is a Image object that denotes which image to get the files from
   * @param query is a sql string query that is to be run
   * @return FFSqlitedb is a List of FsContent objects
   */
  @SuppressWarnings("deprecation")
  public List<FsContent> extractFiles(Image image, String query) {

    Collection<FileSystem> imageFS = tskCase.getFileSystems(image);
    List<String> fsIds = new LinkedList<String>();
    for (FileSystem img : imageFS) {
      Long tempID = img.getId();
      fsIds.add(tempID.toString());
    }

    String allFS = new String();
    for (int i = 0; i < fsIds.size(); i++) {
      if (i == 0) {
        allFS += " AND (0";
      }
      allFS += " OR fs_obj_id = '" + fsIds.get(i) + "'";
      if (i == fsIds.size() - 1) {
        allFS += ")";
      }
    }
    List<FsContent> FFSqlitedb = null;
    ResultSet rs = null;
    try {
      rs = tskCase.runQuery(query + allFS);
      FFSqlitedb = tskCase.resultSetToFsContents(rs);
    } catch (SQLException ex) {
      logger.log(
          Level.SEVERE, "Error while trying to extract files for:" + this.getClass().getName(), ex);
      this.addErrorMessage(this.getName() + ": Error while trying to extract files to analyze.");
    } finally {
      if (rs != null) {
        try {
          tskCase.closeRunQuery(rs);
        } catch (SQLException ex) {
          logger.log(
              Level.SEVERE,
              "Error while trying to close result set after extract files for:"
                  + this.getClass().getName(),
              ex);
        }
      }
    }
    return FFSqlitedb;
  }
Example #4
0
 static Map<Long, String> getImagePaths(SleuthkitCase db) { // TODO: clean this up
   Map<Long, String> imgPaths = new HashMap<Long, String>();
   try {
     Map<Long, List<String>> imgPathsList = db.getImagePaths();
     for (Map.Entry<Long, List<String>> entry : imgPathsList.entrySet()) {
       if (entry.getValue().size() > 0) {
         imgPaths.put(entry.getKey(), entry.getValue().get(0));
       }
     }
   } catch (TskException ex) {
     logger.log(Level.WARNING, "Error getting image paths", ex);
   }
   return imgPaths;
 }
Example #5
0
  /**
   * Adds the image to the current case after it has been added to the DB Sends out event and
   * reopens windows if needed.
   *
   * @param imgPaths the paths of the image that being added
   * @param imgId the ID of the image that being added
   * @param timeZone the timeZone of the image where it's added
   */
  Image addImage(String imgPath, long imgId, String timeZone) throws CaseActionException {
    logger.log(
        Level.INFO,
        "Adding image to Case.  imgPath: {0}  ID: {1} TimeZone: {2}",
        new Object[] {imgPath, imgId, timeZone});

    try {
      Image newImage = db.getImageById(imgId);
      pcs.firePropertyChange(
          CASE_ADD_DATA_SOURCE, null, newImage); // the new value is the instance of the image
      CoreComponentControl.openCoreWindows();
      return newImage;
    } catch (Exception ex) {
      throw new CaseActionException("Error adding image to the case", ex);
    }
  }
Example #6
0
  /**
   * Opens the existing case (open the XML config file)
   *
   * @param configFilePath the path of the configuration file that's opened
   * @throws CaseActionException
   */
  static void open(String configFilePath) throws CaseActionException {
    logger.log(Level.INFO, "Opening case.\nconfigFilePath: {0}", configFilePath);

    try {
      XMLCaseManagement xmlcm = new XMLCaseManagement();

      xmlcm.open(
          configFilePath); // open and load the config file to the document handler in the XML class
      xmlcm.writeFile(); // write any changes to the config file

      String caseName = xmlcm.getCaseName();
      String caseNumber = xmlcm.getCaseNumber();
      String examiner = xmlcm.getCaseExaminer();
      // if the caseName is "", case / config file can't be opened
      if (caseName.equals("")) {
        throw new CaseActionException("Case name is blank.");
      }

      String caseDir = xmlcm.getCaseDirectory();
      String dbPath = caseDir + File.separator + "autopsy.db";
      SleuthkitCase db = SleuthkitCase.openCase(dbPath);

      checkImagesExist(db);

      Case openedCase = new Case(caseName, caseNumber, examiner, configFilePath, xmlcm, db);

      changeCase(openedCase);

    } catch (Exception ex) {
      logger.log(Level.SEVERE, "Error opening the case: ", ex);
      // close the previous case if there's any
      CaseCloseAction closeCase = SystemAction.get(CaseCloseAction.class);
      closeCase.actionPerformed(null);
      if (!configFilePath.endsWith(CASE_DOT_EXTENSION)) {
        throw new CaseActionException(
            "Check that you selected the correct case file (usually with "
                + CASE_DOT_EXTENSION
                + " extension)",
            ex);
      } else {
        throw new CaseActionException("Error opening the case", ex);
      }
    }
  }
Example #7
0
 public List<Image> getImages() throws TskCoreException {
   return db.getImages();
 }