Example #1
0
 @Override
 protected Object doInBackground() {
   hashDb.indexing = true;
   progress =
       ProgressHandleFactory.createHandle(
           NbBundle.getMessage(
               this.getClass(), "HashDbManager.progress.indexingHashSet", hashDb.hashSetName));
   progress.start();
   progress.switchToIndeterminate();
   try {
     SleuthkitJNI.createLookupIndexForHashDatabase(hashDb.handle);
   } catch (TskCoreException ex) {
     Logger.getLogger(HashDb.class.getName())
         .log(Level.SEVERE, "Error indexing hash database", ex); // NON-NLS
     JOptionPane.showMessageDialog(
         null,
         NbBundle.getMessage(
             this.getClass(),
             "HashDbManager.dlgMsg.errorIndexingHashSet",
             hashDb.getHashSetName()),
         NbBundle.getMessage(this.getClass(), "HashDbManager.hashDbIndexingErr"),
         JOptionPane.ERROR_MESSAGE);
   }
   return null;
 }
Example #2
0
  /**
   * Adds an existing hash database to the set of hash databases used to classify files as known or
   * known bad. Does not save the configuration - the configuration is only saved on demand to
   * support cancellation of configuration panels.
   *
   * @param hashSetName Name used to represent the hash database in user interface components.
   * @param path Full path to either a hash database file or a hash database index file.
   * @param searchDuringIngest A flag indicating whether or not the hash database should be searched
   *     during ingest.
   * @param sendIngestMessages A flag indicating whether hash set hit messages should be sent as
   *     ingest messages.
   * @param knownFilesType The classification to apply to files whose hashes are found in the hash
   *     database.
   * @return A HashDb representing the hash database.
   * @throws HashDbManagerException, TskCoreException
   */
  synchronized HashDb addExistingHashDatabaseInternal(
      String hashSetName,
      String path,
      boolean searchDuringIngest,
      boolean sendIngestMessages,
      HashDb.KnownFilesType knownFilesType)
      throws HashDbManagerException, TskCoreException {
    if (!new File(path).exists()) {
      throw new HashDbManagerException(
          NbBundle.getMessage(
              HashDbManager.class, "HashDbManager.hashDbDoesNotExistExceptionMsg", path));
    }

    if (hashSetPaths.contains(path)) {
      throw new HashDbManagerException(
          NbBundle.getMessage(
              HashDbManager.class, "HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
    }

    if (hashSetNames.contains(hashSetName)) {
      throw new HashDbManagerException(
          NbBundle.getMessage(
              HashDbManager.class, "HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
    }

    return addHashDatabase(
        SleuthkitJNI.openHashDatabase(path),
        hashSetName,
        searchDuringIngest,
        sendIngestMessages,
        knownFilesType);
  }
Example #3
0
 /**
  * Adds hashes of content (if calculated) to the hash database.
  *
  * @param content The content for which the calculated hashes, if any, are to be added to the
  *     hash database.
  * @param comment A comment to associate with the hashes, e.g., the name of the case in which
  *     the content was encountered.
  * @throws TskCoreException
  */
 public void addHashes(Content content, String comment) throws TskCoreException {
   // This only works for AbstractFiles and MD5 hashes at present.
   assert content instanceof AbstractFile;
   if (content instanceof AbstractFile) {
     AbstractFile file = (AbstractFile) content;
     if (null != file.getMd5Hash()) {
       SleuthkitJNI.addToHashDatabase(null, file.getMd5Hash(), null, null, comment, handle);
     }
   }
 }
Example #4
0
 /**
  * Perform a basic boolean lookup of the file's hash.
  *
  * @param content
  * @return True if file's MD5 is in the hash database
  * @throws TskCoreException
  */
 public boolean lookupMD5Quick(Content content) throws TskCoreException {
   boolean result = false;
   assert content instanceof AbstractFile;
   if (content instanceof AbstractFile) {
     AbstractFile file = (AbstractFile) content;
     if (null != file.getMd5Hash()) {
       result = SleuthkitJNI.lookupInHashDatabase(file.getMd5Hash(), handle);
     }
   }
   return result;
 }
Example #5
0
 /**
  * Lookup hash value in DB and provide details on file.
  *
  * @param content
  * @return null if file is not in database.
  * @throws TskCoreException
  */
 public HashHitInfo lookupMD5(Content content) throws TskCoreException {
   HashHitInfo result = null;
   // This only works for AbstractFiles and MD5 hashes at present.
   assert content instanceof AbstractFile;
   if (content instanceof AbstractFile) {
     AbstractFile file = (AbstractFile) content;
     if (null != file.getMd5Hash()) {
       result = SleuthkitJNI.lookupInHashDatabaseVerbose(file.getMd5Hash(), handle);
     }
   }
   return result;
 }
Example #6
0
  /**
   * Adds a new hash database to the set of hash databases used to classify files as known or known
   * bad. Does not save the configuration - the configuration is only saved on demand to support
   * cancellation of configuration panels.
   *
   * @param hashSetName Hash set name used to represent the hash database in user interface
   *     components.
   * @param path Full path to the database file to be created.
   * @param searchDuringIngest A flag indicating whether or not the hash database should be searched
   *     during ingest.
   * @param sendIngestMessages A flag indicating whether hash set hit messages should be sent as
   *     ingest messages.
   * @param knownFilesType The classification to apply to files whose hashes are found in the hash
   *     database.
   * @return A HashDb representing the hash database.
   * @throws HashDbManagerException, TskCoreException
   */
  synchronized HashDb addNewHashDatabaseInternal(
      String hashSetName,
      String path,
      boolean searchDuringIngest,
      boolean sendIngestMessages,
      HashDb.KnownFilesType knownFilesType)
      throws HashDbManagerException, TskCoreException {
    File file = new File(path);
    if (file.exists()) {
      throw new HashDbManagerException(
          NbBundle.getMessage(
              HashDbManager.class, "HashDbManager.hashDbFileExistsExceptionMsg", path));
    }
    if (!FilenameUtils.getExtension(file.getName()).equalsIgnoreCase(HASH_DATABASE_FILE_EXTENSON)) {
      throw new HashDbManagerException(
          NbBundle.getMessage(
              HashDbManager.class,
              "HashDbManager.illegalHashDbFileNameExtensionMsg",
              getHashDatabaseFileExtension()));
    }

    if (hashSetPaths.contains(path)) {
      throw new HashDbManagerException(
          NbBundle.getMessage(
              HashDbManager.class, "HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
    }

    if (hashSetNames.contains(hashSetName)) {
      throw new HashDbManagerException(
          NbBundle.getMessage(
              HashDbManager.class, "HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
    }

    return addHashDatabase(
        SleuthkitJNI.createHashDatabase(path),
        hashSetName,
        searchDuringIngest,
        sendIngestMessages,
        knownFilesType);
  }
Example #7
0
 /**
  * Indicates whether the hash database accepts updates.
  *
  * @return True if the database accepts updates, false otherwise.
  */
 public boolean isUpdateable() throws TskCoreException {
   return SleuthkitJNI.isUpdateableHashDatabase(this.handle);
 }
Example #8
0
 public String getIndexPath() throws TskCoreException {
   return SleuthkitJNI.getHashDatabaseIndexPath(handle);
 }
Example #9
0
 private void close() throws TskCoreException {
   SleuthkitJNI.closeHashDatabase(handle);
 }
Example #10
0
 boolean canBeReIndexed() throws TskCoreException {
   return SleuthkitJNI.hashDatabaseCanBeReindexed(handle);
 }
Example #11
0
 boolean hasIndexOnly() throws TskCoreException {
   return SleuthkitJNI.hashDatabaseIsIndexOnly(handle);
 }
Example #12
0
 boolean hasIndex() throws TskCoreException {
   return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
 }
Example #13
0
 /**
  * Adds a list of hashes to the hash database at once
  *
  * @param hashes List of hashes
  * @throws TskCoreException
  */
 public void addHashes(List<HashEntry> hashes) throws TskCoreException {
   SleuthkitJNI.addToHashDatabase(hashes, handle);
 }