@Override
protected Object doInBackground() {
hashDb.indexing = true;
progress =
ProgressHandleFactory.createHandle(
NbBundle.getMessage(
this.getClass(), "HashDbManager.progress.indexingHashSet", hashDb.hashSetName));
progress.start();
progress.switchToIndeterminate();
try {
SleuthkitJNI.createLookupIndexForHashDatabase(hashDb.handle);
} catch (TskCoreException ex) {
Logger.getLogger(HashDb.class.getName())
.log(Level.SEVERE, "Error indexing hash database", ex); // NON-NLS
JOptionPane.showMessageDialog(
null,
NbBundle.getMessage(
this.getClass(),
"HashDbManager.dlgMsg.errorIndexingHashSet",
hashDb.getHashSetName()),
NbBundle.getMessage(this.getClass(), "HashDbManager.hashDbIndexingErr"),
JOptionPane.ERROR_MESSAGE);
}
return null;
}
/**
* Adds an existing hash database to the set of hash databases used to classify files as known or
* known bad. Does not save the configuration - the configuration is only saved on demand to
* support cancellation of configuration panels.
*
* @param hashSetName Name used to represent the hash database in user interface components.
* @param path Full path to either a hash database file or a hash database index file.
* @param searchDuringIngest A flag indicating whether or not the hash database should be searched
* during ingest.
* @param sendIngestMessages A flag indicating whether hash set hit messages should be sent as
* ingest messages.
* @param knownFilesType The classification to apply to files whose hashes are found in the hash
* database.
* @return A HashDb representing the hash database.
* @throws HashDbManagerException, TskCoreException
*/
synchronized HashDb addExistingHashDatabaseInternal(
String hashSetName,
String path,
boolean searchDuringIngest,
boolean sendIngestMessages,
HashDb.KnownFilesType knownFilesType)
throws HashDbManagerException, TskCoreException {
if (!new File(path).exists()) {
throw new HashDbManagerException(
NbBundle.getMessage(
HashDbManager.class, "HashDbManager.hashDbDoesNotExistExceptionMsg", path));
}
if (hashSetPaths.contains(path)) {
throw new HashDbManagerException(
NbBundle.getMessage(
HashDbManager.class, "HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
}
if (hashSetNames.contains(hashSetName)) {
throw new HashDbManagerException(
NbBundle.getMessage(
HashDbManager.class, "HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
}
return addHashDatabase(
SleuthkitJNI.openHashDatabase(path),
hashSetName,
searchDuringIngest,
sendIngestMessages,
knownFilesType);
}
/**
* Adds hashes of content (if calculated) to the hash database.
*
* @param content The content for which the calculated hashes, if any, are to be added to the
* hash database.
* @param comment A comment to associate with the hashes, e.g., the name of the case in which
* the content was encountered.
* @throws TskCoreException
*/
public void addHashes(Content content, String comment) throws TskCoreException {
// This only works for AbstractFiles and MD5 hashes at present.
assert content instanceof AbstractFile;
if (content instanceof AbstractFile) {
AbstractFile file = (AbstractFile) content;
if (null != file.getMd5Hash()) {
SleuthkitJNI.addToHashDatabase(null, file.getMd5Hash(), null, null, comment, handle);
}
}
}
/**
* Perform a basic boolean lookup of the file's hash.
*
* @param content
* @return True if file's MD5 is in the hash database
* @throws TskCoreException
*/
public boolean lookupMD5Quick(Content content) throws TskCoreException {
boolean result = false;
assert content instanceof AbstractFile;
if (content instanceof AbstractFile) {
AbstractFile file = (AbstractFile) content;
if (null != file.getMd5Hash()) {
result = SleuthkitJNI.lookupInHashDatabase(file.getMd5Hash(), handle);
}
}
return result;
}
/**
* Lookup hash value in DB and provide details on file.
*
* @param content
* @return null if file is not in database.
* @throws TskCoreException
*/
public HashHitInfo lookupMD5(Content content) throws TskCoreException {
HashHitInfo result = null;
// This only works for AbstractFiles and MD5 hashes at present.
assert content instanceof AbstractFile;
if (content instanceof AbstractFile) {
AbstractFile file = (AbstractFile) content;
if (null != file.getMd5Hash()) {
result = SleuthkitJNI.lookupInHashDatabaseVerbose(file.getMd5Hash(), handle);
}
}
return result;
}
/**
* Adds a new hash database to the set of hash databases used to classify files as known or known
* bad. Does not save the configuration - the configuration is only saved on demand to support
* cancellation of configuration panels.
*
* @param hashSetName Hash set name used to represent the hash database in user interface
* components.
* @param path Full path to the database file to be created.
* @param searchDuringIngest A flag indicating whether or not the hash database should be searched
* during ingest.
* @param sendIngestMessages A flag indicating whether hash set hit messages should be sent as
* ingest messages.
* @param knownFilesType The classification to apply to files whose hashes are found in the hash
* database.
* @return A HashDb representing the hash database.
* @throws HashDbManagerException, TskCoreException
*/
synchronized HashDb addNewHashDatabaseInternal(
String hashSetName,
String path,
boolean searchDuringIngest,
boolean sendIngestMessages,
HashDb.KnownFilesType knownFilesType)
throws HashDbManagerException, TskCoreException {
File file = new File(path);
if (file.exists()) {
throw new HashDbManagerException(
NbBundle.getMessage(
HashDbManager.class, "HashDbManager.hashDbFileExistsExceptionMsg", path));
}
if (!FilenameUtils.getExtension(file.getName()).equalsIgnoreCase(HASH_DATABASE_FILE_EXTENSON)) {
throw new HashDbManagerException(
NbBundle.getMessage(
HashDbManager.class,
"HashDbManager.illegalHashDbFileNameExtensionMsg",
getHashDatabaseFileExtension()));
}
if (hashSetPaths.contains(path)) {
throw new HashDbManagerException(
NbBundle.getMessage(
HashDbManager.class, "HashDbManager.hashDbAlreadyAddedExceptionMsg", path));
}
if (hashSetNames.contains(hashSetName)) {
throw new HashDbManagerException(
NbBundle.getMessage(
HashDbManager.class, "HashDbManager.duplicateHashSetNameExceptionMsg", hashSetName));
}
return addHashDatabase(
SleuthkitJNI.createHashDatabase(path),
hashSetName,
searchDuringIngest,
sendIngestMessages,
knownFilesType);
}
/**
* Indicates whether the hash database accepts updates.
*
* @return True if the database accepts updates, false otherwise.
*/
public boolean isUpdateable() throws TskCoreException {
return SleuthkitJNI.isUpdateableHashDatabase(this.handle);
}
public String getIndexPath() throws TskCoreException {
return SleuthkitJNI.getHashDatabaseIndexPath(handle);
}
private void close() throws TskCoreException {
SleuthkitJNI.closeHashDatabase(handle);
}
boolean canBeReIndexed() throws TskCoreException {
return SleuthkitJNI.hashDatabaseCanBeReindexed(handle);
}
boolean hasIndexOnly() throws TskCoreException {
return SleuthkitJNI.hashDatabaseIsIndexOnly(handle);
}
boolean hasIndex() throws TskCoreException {
return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
}
/**
* Adds a list of hashes to the hash database at once
*
* @param hashes List of hashes
* @throws TskCoreException
*/
public void addHashes(List<HashEntry> hashes) throws TskCoreException {
SleuthkitJNI.addToHashDatabase(hashes, handle);
}
