Skip to content

Commit

Permalink
Add getStringTime() to ContentUtils class
Browse files Browse the repository at this point in the history
  • Loading branch information
@dickfickling
dickfickling committed Jun 7, 2012
1 parent ae61c50 commit 265569b
Show file tree
Hide file tree
Showing 5 changed files with 101 additions and 65 deletions.
20 changes: 4 additions & 16 deletions DataModel/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
View file
Expand Up @@ -226,16 +226,12 @@ protected Sheet createSheet() {
* @param content to extract properties from
*/
public static void fillPropertyMap(Map<String, Object> map, FsContent content) {
try {
dateFormatter.setTimeZone(TimeZone.getTimeZone(content.getImage().getTimeZone()));
} catch (TskException ex) {
}
map.put(FsContentPropertyType.NAME.toString(), content.getName());
map.put(FsContentPropertyType.LOCATION.toString(), DataConversion.getformattedPath(ContentUtils.getDisplayPath(content), 0, 1));
map.put(FsContentPropertyType.MOD_TIME.toString(), epochToString(content.getMtime()));
map.put(FsContentPropertyType.CHANGED_TIME.toString(), epochToString(content.getCtime()));
map.put(FsContentPropertyType.ACCESS_TIME.toString(), epochToString(content.getAtime()));
map.put(FsContentPropertyType.CREATED_TIME.toString(), epochToString(content.getCrtime()));
map.put(FsContentPropertyType.MOD_TIME.toString(), ContentUtils.getStringTime(content.getMtime(), content));
map.put(FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(content.getCtime(), content));
map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
map.put(FsContentPropertyType.SIZE.toString(), content.getSize());
map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
map.put(FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
Expand All @@ -249,12 +245,4 @@ public static void fillPropertyMap(Map<String, Object> map, FsContent content) {
map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
}

private static String epochToString(long epoch) {
String time = "0000-00-00 00:00:00 (UTC)";
if (epoch != 0) {
time = dateFormatter.format(new java.util.Date(epoch * 1000));
}
return time;
}
}
66 changes: 49 additions & 17 deletions DataModel/src/org/sleuthkit/autopsy/datamodel/ArtifactStringContent.java
View file
Expand Up @@ -18,11 +18,15 @@
*/
package org.sleuthkit.autopsy.datamodel;

import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskException;

/**
Expand All @@ -34,6 +38,7 @@ public class ArtifactStringContent implements StringContent {

BlackboardArtifact wrapped;
static final Logger logger = Logger.getLogger(ArtifactStringContent.class.getName());
private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

public ArtifactStringContent(BlackboardArtifact art) {
wrapped = art;
Expand Down Expand Up @@ -63,23 +68,33 @@ public String getString() {
buffer.append(attr.getAttributeTypeDisplayName());
buffer.append("</td>");
buffer.append("<td>");
switch (attr.getValueType()) {
case STRING:
buffer.append(attr.getValueString());
break;
case INTEGER:
buffer.append(attr.getValueInt());
break;
case LONG:
buffer.append(attr.getValueLong());
break;
case DOUBLE:
buffer.append(attr.getValueDouble());
break;
case BYTE:
buffer.append(Arrays.toString(attr.getValueBytes()));
break;

if (attr.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()
|| attr.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()) {
long epoch = attr.getValueLong();
String time = "0000-00-00 00:00:00";
if (epoch != 0) {
dateFormatter.setTimeZone(getTimeZone(wrapped));
time = dateFormatter.format(new java.util.Date(epoch * 1000));
}
buffer.append(time);
} else {
switch (attr.getValueType()) {
case STRING:
buffer.append(attr.getValueString());
break;
case INTEGER:
buffer.append(attr.getValueInt());
break;
case LONG:
buffer.append(attr.getValueLong());
break;
case DOUBLE:
buffer.append(attr.getValueDouble());
break;
case BYTE:
buffer.append(Arrays.toString(attr.getValueBytes()));
break;
}
}
if (!"".equals(attr.getContext())) {
buffer.append(" (");
Expand All @@ -96,4 +111,21 @@ public String getString() {
return "Error getting content";
}
}

private static Content getAssociatedContent(BlackboardArtifact artifact){
try {
return artifact.getSleuthkitCase().getContentById(artifact.getObjectID());
} catch (TskException ex) {
logger.log(Level.WARNING, "Getting file failed", ex);
}
throw new IllegalArgumentException("Couldn't get file from database");
}

private static TimeZone getTimeZone(BlackboardArtifact artifact) {
try {
return TimeZone.getTimeZone(getAssociatedContent(artifact).getImage().getTimeZone());
} catch(TskException ex) {
return TimeZone.getDefault();
}
}
}
26 changes: 2 additions & 24 deletions DataModel/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
View file
Expand Up @@ -18,12 +18,10 @@
*/
package org.sleuthkit.autopsy.datamodel;

import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.openide.nodes.AbstractNode;
Expand All @@ -35,11 +33,6 @@
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.Directory;
import org.sleuthkit.datamodel.File;
import org.sleuthkit.datamodel.Image;
import org.sleuthkit.datamodel.SleuthkitItemVisitor;
import org.sleuthkit.datamodel.SleuthkitVisitableItem;
import org.sleuthkit.datamodel.TskException;

/**
Expand All @@ -51,7 +44,6 @@ public class BlackboardArtifactNode extends AbstractNode implements DisplayableI
BlackboardArtifact artifact;
Content associated;
static final Logger logger = Logger.getLogger(BlackboardArtifactNode.class.getName());
private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

public BlackboardArtifactNode(BlackboardArtifact artifact) {
super(Children.LEAF, getLookups(artifact));
Expand Down Expand Up @@ -105,7 +97,7 @@ protected Sheet createSheet() {
* @param map, with preserved ordering, where property names/values are put
* @param content to extract properties from
*/
public static void fillPropertyMap(Map<String, Object> map, BlackboardArtifact artifact) {
private void fillPropertyMap(Map<String, Object> map, BlackboardArtifact artifact) {
try {
for(BlackboardAttribute attribute : artifact.getAttributes()){
if(attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID())
Expand All @@ -120,13 +112,7 @@ else switch(attribute.getValueType()){
case LONG:
if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID()
|| attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID()) {
long epoch = attribute.getValueLong();
String time = "0000-00-00 00:00:00";
if (epoch != 0) {
dateFormatter.setTimeZone(getTimeZone(artifact));
time = dateFormatter.format(new java.util.Date(epoch * 1000));
}
map.put(attribute.getAttributeTypeDisplayName(), time);
map.put(attribute.getAttributeTypeDisplayName(), ContentUtils.getStringTime(attribute.getValueLong(), associated));
} else {
map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueLong());
}
Expand Down Expand Up @@ -171,14 +157,6 @@ private static Content getAssociatedContent(BlackboardArtifact artifact){
throw new IllegalArgumentException("Couldn't get file from database");
}

private static TimeZone getTimeZone(BlackboardArtifact artifact) {
try {
return TimeZone.getTimeZone(getAssociatedContent(artifact).getImage().getTimeZone());
} catch(TskException ex) {
return TimeZone.getDefault();
}
}

private static HighlightLookup getHighlightLookup(BlackboardArtifact artifact, Content content) {
if(artifact.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID())
return null;
Expand Down
37 changes: 37 additions & 0 deletions DataModel/src/org/sleuthkit/autopsy/datamodel/ContentUtils.java
View file
Expand Up @@ -22,8 +22,10 @@
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.text.SimpleDateFormat;
import java.util.LinkedList;
import java.util.List;
import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.sleuthkit.datamodel.Content;
Expand All @@ -45,6 +47,7 @@
public final class ContentUtils {

private final static Logger logger = Logger.getLogger(ContentUtils.class.getName());
private static SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

// don't instantiate
private ContentUtils() {
Expand All @@ -64,6 +67,40 @@ public static String[] getDisplayPath(Content content) {
return content.accept(getDisplayPath).toArray(new String[]{});
}


/**
* Convert epoch seconds to a string value in the given time zone
* @param epochSeconds
* @param tzone
* @return
*/
public static String getStringTime(long epochSeconds, TimeZone tzone) {
String time = "0000-00-00 00:00:00";
if (epochSeconds != 0) {
dateFormatter.setTimeZone(tzone);
time = dateFormatter.format(new java.util.Date(epochSeconds * 1000));
}
return time;
}

/**
* Convert epoch seconds to a string value (convenience method)
* @param epochSeconds
* @param c
* @return
*/
public static String getStringTime(long epochSeconds, Content c) {
return getStringTime(epochSeconds, getTimeZone(c));
}

public static TimeZone getTimeZone(Content c) {
try {
return TimeZone.getTimeZone(c.getImage().getTimeZone());
} catch(TskException ex) {
return TimeZone.getDefault();
}
}

private static final SystemNameVisitor systemName = new SystemNameVisitor();

private static final GetPathVisitor getSystemPath = new GetPathVisitor(systemName);
Expand Down
17 changes: 9 additions & 8 deletions KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
View file
Expand Up @@ -39,6 +39,7 @@
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrException.ErrorCode;
import org.apache.solr.common.util.ContentStream;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.datamodel.AbstractContent;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
Expand Down Expand Up @@ -171,10 +172,10 @@ protected Map<String, String> defaultVisit(Content cntnt) {
@Override
public Map<String, String> visit(File f) {
Map<String, String> params = getCommonFields(f);
params.put(Server.Schema.CTIME.toString(), f.getCtimeAsDate());
params.put(Server.Schema.ATIME.toString(), f.getAtimeAsDate());
params.put(Server.Schema.MTIME.toString(), f.getMtimeAsDate());
params.put(Server.Schema.CRTIME.toString(), f.getMtimeAsDate());
params.put(Server.Schema.CTIME.toString(), ContentUtils.getStringTime(f.getCtime(), f));
params.put(Server.Schema.ATIME.toString(), ContentUtils.getStringTime(f.getAtime(), f));
params.put(Server.Schema.MTIME.toString(), ContentUtils.getStringTime(f.getMtime(), f));
params.put(Server.Schema.CRTIME.toString(),ContentUtils.getStringTime(f.getCrtime(), f));
return params;
}

Expand All @@ -193,10 +194,10 @@ private Map<String, String> getCommonFields(AbstractFile af) {
@Override
public Map<String, String> visit(Directory d) {
Map<String, String> params = getCommonFields(d);
params.put(Server.Schema.CTIME.toString(), d.getCtimeAsDate());
params.put(Server.Schema.ATIME.toString(), d.getAtimeAsDate());
params.put(Server.Schema.MTIME.toString(), d.getMtimeAsDate());
params.put(Server.Schema.CRTIME.toString(), d.getMtimeAsDate());
params.put(Server.Schema.CTIME.toString(), ContentUtils.getStringTime(d.getCtime(), d));
params.put(Server.Schema.ATIME.toString(), ContentUtils.getStringTime(d.getAtime(), d));
params.put(Server.Schema.MTIME.toString(), ContentUtils.getStringTime(d.getMtime(), d));
params.put(Server.Schema.CRTIME.toString(), ContentUtils.getStringTime(d.getCrtime(), d));
return params;
}
}
Expand Down

0 comments on commit 265569b

Please sign in to comment.