Permalink
Browse files

Add getStringTime() to ContentUtils class

  • Loading branch information...
richardfickling committed Jun 7, 2012
1 parent ae61c50 commit 265569b17574ce8d40ae879b163ae4a3e9ca90f8
@@ -226,16 +226,12 @@ protected Sheet createSheet() {
* @param content to extract properties from
*/
public static void fillPropertyMap(Map<String, Object> map, FsContent content) {
- try {
- dateFormatter.setTimeZone(TimeZone.getTimeZone(content.getImage().getTimeZone()));
- } catch (TskException ex) {
- }
map.put(FsContentPropertyType.NAME.toString(), content.getName());
map.put(FsContentPropertyType.LOCATION.toString(), DataConversion.getformattedPath(ContentUtils.getDisplayPath(content), 0, 1));
- map.put(FsContentPropertyType.MOD_TIME.toString(), epochToString(content.getMtime()));
- map.put(FsContentPropertyType.CHANGED_TIME.toString(), epochToString(content.getCtime()));
- map.put(FsContentPropertyType.ACCESS_TIME.toString(), epochToString(content.getAtime()));
- map.put(FsContentPropertyType.CREATED_TIME.toString(), epochToString(content.getCrtime()));
+ map.put(FsContentPropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content));
+ map.put(FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(content.getCtime(), content));
+ map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
+ map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
map.put(FsContentPropertyType.SIZE.toString(), content.getSize());
map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
map.put(FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
@@ -249,12 +245,4 @@ public static void fillPropertyMap(Map<String, Object> map, FsContent content) {
map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
}
-
- private static String epochToString(long epoch) {
- String time = "0000-00-00 00:00:00 (UTC)";
- if (epoch != 0) {
- time = dateFormatter.format(new java.util.Date(epoch * 1000));
- }
- return time;
- }
}
@@ -18,11 +18,15 @@
*/
package org.sleuthkit.autopsy.datamodel;
+import java.text.SimpleDateFormat;
import java.util.Arrays;
+import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
+import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskException;
/**
@@ -34,6 +38,7 @@
BlackboardArtifact wrapped;
static final Logger logger = Logger.getLogger(ArtifactStringContent.class.getName());
+ private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
public ArtifactStringContent(BlackboardArtifact art) {
wrapped = art;
@@ -63,23 +68,33 @@ public String getString() {
buffer.append(attr.getAttributeTypeDisplayName());
buffer.append("</td>");
buffer.append("<td>");
- switch (attr.getValueType()) {
- case STRING:
- buffer.append(attr.getValueString());
- break;
- case INTEGER:
- buffer.append(attr.getValueInt());
- break;
- case LONG:
- buffer.append(attr.getValueLong());
- break;
- case DOUBLE:
- buffer.append(attr.getValueDouble());
- break;
- case BYTE:
- buffer.append(Arrays.toString(attr.getValueBytes()));
- break;
-
+ if (attr.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()
+ || attr.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()) {
+ long epoch = attr.getValueLong();
+ String time = "0000-00-00 00:00:00";
+ if (epoch != 0) {
+ dateFormatter.setTimeZone(getTimeZone(wrapped));
+ time = dateFormatter.format(new java.util.Date(epoch * 1000));
+ }
+ buffer.append(time);
+ } else {
+ switch (attr.getValueType()) {
+ case STRING:
+ buffer.append(attr.getValueString());
+ break;
+ case INTEGER:
+ buffer.append(attr.getValueInt());
+ break;
+ case LONG:
+ buffer.append(attr.getValueLong());
+ break;
+ case DOUBLE:
+ buffer.append(attr.getValueDouble());
+ break;
+ case BYTE:
+ buffer.append(Arrays.toString(attr.getValueBytes()));
+ break;
+ }
}
if (!"".equals(attr.getContext())) {
buffer.append(" (");
@@ -96,4 +111,21 @@ public String getString() {
return "Error getting content";
}
}
+
+ private static Content getAssociatedContent(BlackboardArtifact artifact){
+ try {
+ return artifact.getSleuthkitCase().getContentById(artifact.getObjectID());
+ } catch (TskException ex) {
+ logger.log(Level.WARNING, "Getting file failed", ex);
+ }
+ throw new IllegalArgumentException("Couldn't get file from database");
+ }
+
+ private static TimeZone getTimeZone(BlackboardArtifact artifact) {
+ try {
+ return TimeZone.getTimeZone(getAssociatedContent(artifact).getImage().getTimeZone());
+ } catch(TskException ex) {
+ return TimeZone.getDefault();
+ }
+ }
}
@@ -18,12 +18,10 @@
*/
package org.sleuthkit.autopsy.datamodel;
-import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.openide.nodes.AbstractNode;
@@ -35,11 +33,6 @@
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
-import org.sleuthkit.datamodel.Directory;
-import org.sleuthkit.datamodel.File;
-import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.SleuthkitItemVisitor;
-import org.sleuthkit.datamodel.SleuthkitVisitableItem;
import org.sleuthkit.datamodel.TskException;
/**
@@ -51,7 +44,6 @@
BlackboardArtifact artifact;
Content associated;
static final Logger logger = Logger.getLogger(BlackboardArtifactNode.class.getName());
- private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
public BlackboardArtifactNode(BlackboardArtifact artifact) {
super(Children.LEAF, getLookups(artifact));
@@ -105,7 +97,7 @@ protected Sheet createSheet() {
* @param map, with preserved ordering, where property names/values are put
* @param content to extract properties from
*/
- public static void fillPropertyMap(Map<String, Object> map, BlackboardArtifact artifact) {
+ private void fillPropertyMap(Map<String, Object> map, BlackboardArtifact artifact) {
try {
for(BlackboardAttribute attribute : artifact.getAttributes()){
if(attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID())
@@ -120,13 +112,7 @@ else switch(attribute.getValueType()){
case LONG:
if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()
|| attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()) {
- long epoch = attribute.getValueLong();
- String time = "0000-00-00 00:00:00";
- if (epoch != 0) {
- dateFormatter.setTimeZone(getTimeZone(artifact));
- time = dateFormatter.format(new java.util.Date(epoch * 1000));
- }
- map.put(attribute.getAttributeTypeDisplayName(), time);
+ map.put(attribute.getAttributeTypeDisplayName(), ContentUtils.getStringTime(attribute.getValueLong(), associated));
} else {
map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueLong());
}
@@ -171,14 +157,6 @@ private static Content getAssociatedContent(BlackboardArtifact artifact){
throw new IllegalArgumentException("Couldn't get file from database");
}
- private static TimeZone getTimeZone(BlackboardArtifact artifact) {
- try {
- return TimeZone.getTimeZone(getAssociatedContent(artifact).getImage().getTimeZone());
- } catch(TskException ex) {
- return TimeZone.getDefault();
- }
- }
-
private static HighlightLookup getHighlightLookup(BlackboardArtifact artifact, Content content) {
if(artifact.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID())
return null;
@@ -22,8 +22,10 @@
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.text.SimpleDateFormat;
import java.util.LinkedList;
import java.util.List;
+import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.datamodel.Content;
@@ -45,6 +47,7 @@
public final class ContentUtils {
private final static Logger logger = Logger.getLogger(ContentUtils.class.getName());
+ private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
// don't instantiate
private ContentUtils() {
@@ -64,6 +67,40 @@ private ContentUtils() {
return content.accept(getDisplayPath).toArray(new String[]{});
}
+
+ /**
+ * Convert epoch seconds to a string value in the given time zone
+ * @param epochSeconds
+ * @param tzone
+ * @return
+ */
+ public static String getStringTime(long epochSeconds, TimeZone tzone) {
+ String time = "0000-00-00 00:00:00";
+ if (epochSeconds != 0) {
+ dateFormatter.setTimeZone(tzone);
+ time = dateFormatter.format(new java.util.Date(epochSeconds * 1000));
+ }
+ return time;
+ }
+
+ /**
+ * Convert epoch seconds to a string value (convenience method)
+ * @param epochSeconds
+ * @param c
+ * @return
+ */
+ public static String getStringTime(long epochSeconds, Content c) {
+ return getStringTime(epochSeconds, getTimeZone(c));
+ }
+
+ public static TimeZone getTimeZone(Content c) {
+ try {
+ return TimeZone.getTimeZone(c.getImage().getTimeZone());
+ } catch(TskException ex) {
+ return TimeZone.getDefault();
+ }
+ }
+
private static final SystemNameVisitor systemName = new SystemNameVisitor();
private static final GetPathVisitor getSystemPath = new GetPathVisitor(systemName);
@@ -39,6 +39,7 @@
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.common.util.ContentStream;
+import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.datamodel.AbstractContent;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
@@ -171,10 +172,10 @@ void ingest(FsContent fsContent) throws IngesterException {
@Override
public Map<String, String> visit(File f) {
Map<String, String> params = getCommonFields(f);
- params.put(Server.Schema.CTIME.toString(), f.getCtimeAsDate());
- params.put(Server.Schema.ATIME.toString(), f.getAtimeAsDate());
- params.put(Server.Schema.MTIME.toString(), f.getMtimeAsDate());
- params.put(Server.Schema.CRTIME.toString(), f.getMtimeAsDate());
+ params.put(Server.Schema.CTIME.toString(), ContentUtils.getStringTime(f.getCtime(), f));
+ params.put(Server.Schema.ATIME.toString(), ContentUtils.getStringTime(f.getAtime(), f));
+ params.put(Server.Schema.MTIME.toString(), ContentUtils.getStringTime(f.getMtime(), f));
+ params.put(Server.Schema.CRTIME.toString(),ContentUtils.getStringTime(f.getCrtime(), f));
return params;
}
@@ -193,10 +194,10 @@ void ingest(FsContent fsContent) throws IngesterException {
@Override
public Map<String, String> visit(Directory d) {
Map<String, String> params = getCommonFields(d);
- params.put(Server.Schema.CTIME.toString(), d.getCtimeAsDate());
- params.put(Server.Schema.ATIME.toString(), d.getAtimeAsDate());
- params.put(Server.Schema.MTIME.toString(), d.getMtimeAsDate());
- params.put(Server.Schema.CRTIME.toString(), d.getMtimeAsDate());
+ params.put(Server.Schema.CTIME.toString(), ContentUtils.getStringTime(d.getCtime(), d));
+ params.put(Server.Schema.ATIME.toString(), ContentUtils.getStringTime(d.getAtime(), d));
+ params.put(Server.Schema.MTIME.toString(), ContentUtils.getStringTime(d.getMtime(), d));
+ params.put(Server.Schema.CRTIME.toString(), ContentUtils.getStringTime(d.getCrtime(), d));
return params;
}
}

0 comments on commit 265569b

Please sign in to comment.