Exemple #1
0
    @Override
    protected void done() {
      hashDb.indexing = false;
      progress.finish();

      // see if we got any errors
      try {
        get();
      } catch (InterruptedException | ExecutionException ex) {
        logger.log(Level.SEVERE, "Error creating index", ex); // NON-NLS
        MessageNotifyUtil.Notify.show(
            NbBundle.getMessage(this.getClass(), "HashDbManager.errCreatingIndex.title"),
            NbBundle.getMessage(
                this.getClass(), "HashDbManager.errCreatingIndex.msg", ex.getMessage()),
            MessageNotifyUtil.MessageType.ERROR);
      } // catch and ignore if we were cancelled
      catch (java.util.concurrent.CancellationException ex) {
      }

      try {
        hashDb.propertyChangeSupport.firePropertyChange(
            HashDb.Event.INDEXING_DONE.toString(), null, hashDb);
        hashDb.propertyChangeSupport.firePropertyChange(
            HashDbManager.SetEvt.DB_INDEXED.toString(), null, hashDb.getHashSetName());
      } catch (Exception e) {
        logger.log(Level.SEVERE, "HashDbManager listener threw exception", e); // NON-NLS
        MessageNotifyUtil.Notify.show(
            NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErr"),
            NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErrorListeningToUpdatesMsg"),
            MessageNotifyUtil.MessageType.ERROR);
      }
    }
  void changed() {
    if (!changed) {
      changed = true;

      try {
        pcs.firePropertyChange(OptionsPanelController.PROP_CHANGED, false, true);
      } catch (Exception e) {
        logger.log(
            Level.SEVERE,
            "KeywordSearchOptionsPanelController listener threw exception",
            e); // NON-NLS
        MessageNotifyUtil.Notify.show(
            NbBundle.getMessage(this.getClass(), "KeywordSearchOptionsPanelController.moduleErr"),
            NbBundle.getMessage(
                this.getClass(), "KeywordSearchOptionsPanelController.moduleErr.msg1"),
            MessageNotifyUtil.MessageType.ERROR);
      }
    }
    try {
      pcs.firePropertyChange(OptionsPanelController.PROP_VALID, null, null);
    } catch (Exception e) {
      logger.log(
          Level.SEVERE,
          "KeywordSearchOptionsPanelController listener threw exception",
          e); // NON-NLS
      MessageNotifyUtil.Notify.show(
          NbBundle.getMessage(this.getClass(), "KeywordSearchOptionsPanelController.moduleErr"),
          NbBundle.getMessage(
              this.getClass(), "KeywordSearchOptionsPanelController.moduleErr.msg2"),
          MessageNotifyUtil.MessageType.ERROR);
    }
  }
Exemple #3
0
  /**
   * Removes a hash database from the set of hash databases used to classify files as known or known
   * bad. Does not save the configuration - the configuration is only saved on demand to support
   * cancellation of configuration panels.
   *
   * @throws TskCoreException
   */
  synchronized void removeHashDatabaseInternal(HashDb hashDb) {
    // Remove the database from whichever hash set list it occupies,
    // and remove its hash set name from the hash set used to ensure unique
    // hash set names are used, before undertaking These operations will succeed and constitute
    // a mostly effective removal, even if the subsequent operations fail.
    String hashSetName = hashDb.getHashSetName();
    knownHashSets.remove(hashDb);
    knownBadHashSets.remove(hashDb);
    hashSetNames.remove(hashSetName);

    // Now undertake the operations that could throw.
    try {
      hashSetPaths.remove(hashDb.getIndexPath());
    } catch (TskCoreException ex) {
      Logger.getLogger(HashDbManager.class.getName())
          .log(
              Level.SEVERE,
              "Error getting index path of "
                  + hashDb.getHashSetName()
                  + " hash database when removing the database",
              ex); // NON-NLS
    }
    try {
      if (!hashDb.hasIndexOnly()) {
        hashSetPaths.remove(hashDb.getDatabasePath());
      }
    } catch (TskCoreException ex) {
      Logger.getLogger(HashDbManager.class.getName())
          .log(
              Level.SEVERE,
              "Error getting database path of "
                  + hashDb.getHashSetName()
                  + " hash database when removing the database",
              ex); // NON-NLS
    }
    try {
      hashDb.close();
    } catch (TskCoreException ex) {
      Logger.getLogger(HashDbManager.class.getName())
          .log(
              Level.SEVERE,
              "Error closing "
                  + hashDb.getHashSetName()
                  + " hash database when removing the database",
              ex); // NON-NLS
    }

    // Let any external listeners know that a set has been deleted
    try {
      changeSupport.firePropertyChange(SetEvt.DB_DELETED.toString(), null, hashSetName);
    } catch (Exception e) {
      logger.log(Level.SEVERE, "HashDbManager listener threw exception", e); // NON-NLS
      MessageNotifyUtil.Notify.show(
          NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErr"),
          NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErrorListeningToUpdatesMsg"),
          MessageNotifyUtil.MessageType.ERROR);
    }
  }
  void fireViewerComplete() {

    try {
      firePropertyChange(BlackboardResultViewer.FINISHED_DISPLAY_EVT, 0, 1);
    } catch (Exception e) {
      logger.log(Level.SEVERE, "DirectoryTreeTopComponent listener threw exception", e); // NON-NLS
      MessageNotifyUtil.Notify.show(
          NbBundle.getMessage(this.getClass(), "DirectoryTreeTopComponent.moduleErr"),
          NbBundle.getMessage(this.getClass(), "DirectoryTreeTopComponent.moduleErr.msg"),
          MessageNotifyUtil.MessageType.ERROR);
    }
  }
Exemple #5
0
  // case change helper
  private static void doCaseChange(Case toChangeTo) {
    logger.log(Level.INFO, "Changing Case to: " + toChangeTo);
    if (toChangeTo != null) { // new case is open

      // clear the temp folder when the case is created / opened
      Case.clearTempFolder();
      checkSubFolders(toChangeTo);

      // enable these menus
      CallableSystemAction.get(AddImageAction.class).setEnabled(true);
      CallableSystemAction.get(CaseCloseAction.class).setEnabled(true);
      CallableSystemAction.get(CasePropertiesAction.class).setEnabled(true);
      CallableSystemAction.get(CaseDeleteAction.class).setEnabled(true); // Delete Case menu

      if (toChangeTo.getRootObjectsCount() > 0) {
        // open all top components
        CoreComponentControl.openCoreWindows();
      } else {
        // close all top components
        CoreComponentControl.closeCoreWindows();
      }
    } else { // case is closed
      // close all top components first
      CoreComponentControl.closeCoreWindows();

      // disable these menus
      CallableSystemAction.get(AddImageAction.class).setEnabled(false); // Add Image menu
      CallableSystemAction.get(CaseCloseAction.class).setEnabled(false); // Case Close menu
      CallableSystemAction.get(CasePropertiesAction.class)
          .setEnabled(false); // Case Properties menu
      CallableSystemAction.get(CaseDeleteAction.class).setEnabled(false); // Delete Case menu

      // clear pending notifications
      MessageNotifyUtil.Notify.clear();

      Frame f = WindowManager.getDefault().getMainWindow();
      f.setTitle(Case.getAppName()); // set the window name to just application name

      // try to force gc to happen
      System.gc();
      System.gc();
    }

    // log memory usage after case changed
    logger.log(Level.INFO, PlatformUtil.getAllMemUsageInfo());
  }
Exemple #6
0
  private HashDb addHashDatabase(
      int handle,
      String hashSetName,
      boolean searchDuringIngest,
      boolean sendIngestMessages,
      HashDb.KnownFilesType knownFilesType)
      throws TskCoreException {
    // Wrap an object around the handle.
    HashDb hashDb =
        new HashDb(handle, hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);

    // Get the indentity data before updating the collections since the
    // accessor methods may throw.
    String databasePath = hashDb.getDatabasePath();
    String indexPath = hashDb.getIndexPath();

    // Update the collections used to ensure that hash set names are unique
    // and the same database is not added to the configuration more than once.
    hashSetNames.add(hashDb.getHashSetName());
    if (!databasePath.equals("None")) { // NON-NLS
      hashSetPaths.add(databasePath);
    }
    if (!indexPath.equals("None")) { // NON-NLS
      hashSetPaths.add(indexPath);
    }

    // Add the hash database to the appropriate collection for its type.
    if (hashDb.getKnownFilesType() == HashDb.KnownFilesType.KNOWN) {
      knownHashSets.add(hashDb);
    } else {
      knownBadHashSets.add(hashDb);
    }

    // Let any external listeners know that there's a new set
    try {
      changeSupport.firePropertyChange(SetEvt.DB_ADDED.toString(), null, hashSetName);
    } catch (Exception e) {
      logger.log(Level.SEVERE, "HashDbManager listener threw exception", e); // NON-NLS
      MessageNotifyUtil.Notify.show(
          NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErr"),
          NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErrorListeningToUpdatesMsg"),
          MessageNotifyUtil.MessageType.ERROR);
    }
    return hashDb;
  }
  /** @inheritDoc */
  @Override
  @Messages({
    "FilesIdentifierIngestModule.indexError.message=Failed to index interesting file hit artifact for keyword search."
  })
  public ProcessResult process(AbstractFile file) {
    blackboard = Case.getCurrentCase().getServices().getBlackboard();

    // See if the file belongs to any defined interesting files set.
    List<FilesSet> filesSets =
        FilesIdentifierIngestModule.interestingFileSetsByJob.get(this.context.getJobId());
    for (FilesSet filesSet : filesSets) {
      String ruleSatisfied = filesSet.fileIsMemberOf(file);
      if (ruleSatisfied != null) {
        try {
          // Post an interesting files set hit artifact to the
          // blackboard.
          String moduleName = InterestingItemsIngestModuleFactory.getModuleName();
          BlackboardArtifact artifact =
              file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);

          // Add a set name attribute to the artifact. This adds a
          // fair amount of redundant data to the attributes table
          // (i.e., rows that differ only in artifact id), but doing
          // otherwise would requires reworking the interesting files
          // set hit artifact.
          BlackboardAttribute setNameAttribute =
              new BlackboardAttribute(
                  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, filesSet.getName());
          artifact.addAttribute(setNameAttribute);

          // Add a category attribute to the artifact to record the
          // interesting files set membership rule that was satisfied.
          BlackboardAttribute ruleNameAttribute =
              new BlackboardAttribute(
                  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, moduleName, ruleSatisfied);
          artifact.addAttribute(ruleNameAttribute);

          try {
            // index the artifact for keyword search
            blackboard.indexArtifact(artifact);
          } catch (Blackboard.BlackboardException ex) {
            logger.log(
                Level.SEVERE,
                "Unable to index blackboard artifact " + artifact.getArtifactID(),
                ex); // NON-NLS
            MessageNotifyUtil.Notify.error(
                Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());
          }

          IngestServices.getInstance()
              .fireModuleDataEvent(
                  new ModuleDataEvent(
                      moduleName,
                      BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT,
                      Collections.singletonList(artifact)));

        } catch (TskCoreException ex) {
          FilesIdentifierIngestModule.logger.log(
              Level.SEVERE, "Error posting to the blackboard", ex); // NOI18N NON-NLS
        }
      }
    }
    return ProcessResult.OK;
  }