예제 #1
0
파일: Tags.java 프로젝트: halbbob/autopsy 
    private void initData() {
      try {
        // Get all file and artifact tags

        // init data
        tags =
            new EnumMap<BlackboardArtifact.ARTIFACT_TYPE, Map<String, List<BlackboardArtifact>>>(
                BlackboardArtifact.ARTIFACT_TYPE.class);
        tags.put(
            BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_FILE,
            new HashMap<String, List<BlackboardArtifact>>());
        tags.put(
            BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT,
            new HashMap<String, List<BlackboardArtifact>>());

        // populate
        for (BlackboardArtifact.ARTIFACT_TYPE artType : tags.keySet()) {
          final Map<String, List<BlackboardArtifact>> artTags = tags.get(artType);
          for (BlackboardArtifact artifact : skCase.getBlackboardArtifacts(artType)) {
            for (BlackboardAttribute attribute : artifact.getAttributes()) {
              if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()) {
                String tagName = attribute.getValueString();
                if (artTags.containsKey(tagName)) {
                  List<BlackboardArtifact> artifacts = artTags.get(tagName);
                  artifacts.add(artifact);
                } else {
                  List<BlackboardArtifact> artifacts = new ArrayList<BlackboardArtifact>();
                  artifacts.add(artifact);
                  artTags.put(tagName, artifacts);
                }
                break;
              }
            }
          }
        }

      } catch (TskCoreException ex) {
        logger.log(Level.WARNING, "Count not initialize tag nodes, ", ex);
      }
    }
예제 #2
0
파일: Tags.java 프로젝트: halbbob/autopsy 
  /**
   * Get a list of all the tag names. Uses a custom query for speed when dealing with thousands of
   * Tags.
   *
   * @return a list of all tag names.
   */
  @SuppressWarnings("deprecation")
  public static List<String> getTagNames() {
    Case currentCase = Case.getCurrentCase();
    SleuthkitCase skCase = currentCase.getSleuthkitCase();
    List<String> names = new ArrayList<>();

    ResultSet rs = null;
    try {
      rs =
          skCase.runQuery(
              "SELECT value_text"
                  + " FROM blackboard_attributes"
                  + " WHERE attribute_type_id = "
                  + ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()
                  + " GROUP BY value_text"
                  + " ORDER BY value_text");
      while (rs.next()) {
        names.add(rs.getString("value_text"));
      }
    } catch (SQLException ex) {
      logger.log(Level.SEVERE, "Failed to query the blackboard for tag names.");
    } finally {
      if (rs != null) {
        try {
          skCase.closeRunQuery(rs);
        } catch (SQLException ex) {
          logger.log(Level.SEVERE, "Failed to close the query for blackboard for tag names.");
        }
      }
    }

    // add the 'Bookmark' tag, if it's not already in the list
    if (!names.contains(BOOKMARK_TAG_NAME)) {
      names.add(BOOKMARK_TAG_NAME);
    }

    return names;
  }
예제 #3
0
파일: Tags.java 프로젝트: halbbob/autopsy 
  /**
   * Looks up the tag names associated with either a tagged artifact or a tag artifact.
   *
   * @param artifactID The ID of the artifact
   * @param artifactTypeID The ID of the artifact type
   * @return A set of unique tag names
   */
  public static HashSet<String> getUniqueTagNames(long artifactID, int artifactTypeID) {
    HashSet<String> tagNames = new HashSet<>();

    try {
      ArrayList<Long> tagArtifactIDs = new ArrayList<>();
      if (artifactTypeID == ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID()
          || artifactTypeID == ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID()) {
        tagArtifactIDs.add(artifactID);
      } else {
        List<BlackboardArtifact> tags =
            Case.getCurrentCase()
                .getSleuthkitCase()
                .getBlackboardArtifacts(ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT, artifactID);
        for (BlackboardArtifact tag : tags) {
          tagArtifactIDs.add(tag.getArtifactID());
        }
      }

      for (Long tagArtifactID : tagArtifactIDs) {
        String whereClause =
            "WHERE artifact_id = "
                + tagArtifactID
                + " AND attribute_type_id = "
                + ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID();
        List<BlackboardAttribute> attributes =
            Case.getCurrentCase().getSleuthkitCase().getMatchingAttributes(whereClause);
        for (BlackboardAttribute attr : attributes) {
          tagNames.add(attr.getValueString());
        }
      }
    } catch (TskCoreException ex) {
      logger.log(Level.SEVERE, "Failed to get tags for artifact " + artifactID, ex);
    }

    return tagNames;
  }