diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/AllInterCaseCommonAttributeSearcher.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/AllInterCaseCommonAttributeSearcher.java
index 6f8c22491807708c19181b634997fa22870c4891..ddcf19b09eef2bdc25888192763f82bc7bbb33f0 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/AllInterCaseCommonAttributeSearcher.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/AllInterCaseCommonAttributeSearcher.java
@@ -20,13 +20,16 @@
package org.sleuthkit.autopsy.commonfilesearch;
import java.sql.SQLException;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type;
+import static org.sleuthkit.autopsy.commonfilesearch.AbstractCommonAttributeSearcher.MEDIA_PICS_VIDEO_MIME_TYPES;
/**
* Algorithm which finds files anywhere in the Central Repo which also occur in
@@ -41,7 +44,8 @@ public class AllInterCaseCommonAttributeSearcher extends InterCaseCommonAttribut
* @param filterByDocMimeType match only on files whose mime types can be
* broadly categorized as document types
* @param corAttrType attribute type
- * @param percentageThreshold omit any matches with frequency above this threshold
+ * @param percentageThreshold omit any matches with frequency above this
+ * threshold
*
* @throws EamDbException
*/
@@ -53,7 +57,15 @@ public AllInterCaseCommonAttributeSearcher(boolean filterByMediaMimeType, boolea
public CommonAttributeSearchResults findMatches() throws TskCoreException, NoCurrentCaseException, SQLException, EamDbException {
InterCaseSearchResultsProcessor eamDbAttrInst = new InterCaseSearchResultsProcessor(corAttrType);
Map<Integer, CommonAttributeValueList> interCaseCommonFiles = eamDbAttrInst.findInterCaseCommonAttributeValues(Case.getCurrentCase());
- return new CommonAttributeSearchResults(interCaseCommonFiles, this.frequencyPercentageThreshold, this.corAttrType);
+
+ Set<String> mimeTypesToFilterOn = new HashSet<>();
+ if (isFilterByMedia()) {
+ mimeTypesToFilterOn.addAll(MEDIA_PICS_VIDEO_MIME_TYPES);
+ }
+ if (isFilterByDoc()) {
+ mimeTypesToFilterOn.addAll(TEXT_FILES_MIME_TYPES);
+ }
+ return new CommonAttributeSearchResults(interCaseCommonFiles, this.frequencyPercentageThreshold, this.corAttrType, mimeTypesToFilterOn);
}
@NbBundle.Messages({
@@ -62,6 +74,10 @@ public CommonAttributeSearchResults findMatches() throws TskCoreException, NoCur
"AllInterCaseCommonAttributeSearcher.buildTabTitle.titleInterAll=Common Properties (All Central Repository Cases, {0}{1})"})
@Override
String getTabTitle() {
- return Bundle.AllInterCaseCommonAttributeSearcher_buildTabTitle_titleInterAll(this.corAttrType.getDisplayName(), this.getPercentThresholdString());
+ String typeString = this.corAttrType.getDisplayName();
+ if (typeString.equals("Files")) {
+ typeString = this.buildCategorySelectionString();
+ }
+ return Bundle.AllInterCaseCommonAttributeSearcher_buildTabTitle_titleInterAll(typeString, this.getPercentThresholdString());
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java
index 855fb3e7c1c952e561c4f81298a50d2019f23888..212178a57ae90ca1d1ac826d8fb91f9c483cd010 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java
@@ -1,16 +1,16 @@
/*
- *
+ *
* Autopsy Forensic Browser
- *
+ *
* Copyright 2018 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,9 +21,7 @@
import java.io.File;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import java.util.Optional;
import java.util.logging.Level;
import org.sleuthkit.autopsy.casemodule.Case;
@@ -53,9 +51,9 @@ final public class CentralRepoCommonAttributeInstance extends AbstractCommonAttr
this.crFileId = attrInstId;
this.correlationType = correlationType;
}
-
+
@Override
- public CorrelationAttributeInstance.Type getCorrelationAttributeInstanceType(){
+ public CorrelationAttributeInstance.Type getCorrelationAttributeInstanceType() {
return this.correlationType;
}
@@ -79,23 +77,23 @@ AbstractFile getAbstractFile() {
if (currentCase.getName().equals(currentAttributeInstance.getCorrelationCase().getCaseUUID())) {
SleuthkitCase tskDb = currentCase.getSleuthkitCase();
-
+
// Find the correct data source
Optional<DataSource> dataSource = tskDb.getDataSources().stream()
.filter(p -> p.getDeviceId().equals(currentAttribute.getCorrelationDataSource().getDeviceID()))
.findFirst();
- if (! dataSource.isPresent()) {
+ if (!dataSource.isPresent()) {
LOGGER.log(Level.WARNING, String.format("Unable to find data source with device ID %s in the current case", currentAttribute.getCorrelationDataSource().getDeviceID()));
return null;
}
File fileFromPath = new File(currentFullPath);
String fileName = fileFromPath.getName();
-
+
// Create the parent path. Make sure not to add a separator if there is already one there.
String parentPath = fileFromPath.getParent();
- if (! parentPath.endsWith(File.separator)) {
- parentPath = parentPath + File.separator;
+ if (!parentPath.endsWith(File.separator)) {
+ parentPath += File.separator;
}
parentPath = parentPath.replace("\\", "/");
@@ -117,29 +115,22 @@ AbstractFile getAbstractFile() {
LOGGER.log(Level.SEVERE, String.format("Unable to find AbstractFile for record with filePath: %s. Node not created.", new Object[]{currentAttributeInstance.getFilePath()}), ex);
return null;
}
-
+
}
return null;
}
@Override
public DisplayableItemNode[] generateNodes() {
-
// @@@ We should be doing more of this work in teh generateKeys method. We want to do as little as possible in generateNodes
- InterCaseSearchResultsProcessor eamDbAttrInst = new InterCaseSearchResultsProcessor(correlationType);
- CorrelationAttributeInstance corrAttr = eamDbAttrInst.findSingleCorrelationAttribute(crFileId);
List<DisplayableItemNode> attrInstNodeList = new ArrayList<>(0);
String currCaseDbName = Case.getCurrentCase().getDisplayName();
-
try {
- this.setCurrentAttributeInst(corrAttr);
-
AbstractFile abstractFileForAttributeInstance = this.getAbstractFile();
- DisplayableItemNode generatedInstNode = AbstractCommonAttributeInstance.createNode(corrAttr, abstractFileForAttributeInstance, currCaseDbName);
+ DisplayableItemNode generatedInstNode = AbstractCommonAttributeInstance.createNode(currentAttribute, abstractFileForAttributeInstance, currCaseDbName);
attrInstNodeList.add(generatedInstNode);
-
} catch (TskCoreException ex) {
- LOGGER.log(Level.SEVERE, String.format("Unable to get DataSource for record with md5: %s. Node not created.", new Object[]{corrAttr.getCorrelationValue()}), ex);
+ LOGGER.log(Level.SEVERE, String.format("Unable to get DataSource for record with md5: %s. Node not created.", new Object[]{currentAttribute.getCorrelationValue()}), ex);
}
return attrInstNodeList.toArray(new DisplayableItemNode[attrInstNodeList.size()]);
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
index fe44e4e9bfd8dedcda98689f2ac08f1e392abae7..f73eaf020f97229192913ffac5c10767b09f0e1c 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
@@ -258,7 +258,6 @@ protected CommonAttributeSearchResults doInBackground() throws TskCoreException,
}
metadata = builder.findMatches();
this.tabTitle = builder.getTabTitle();
-
return metadata;
}
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributeSearchResults.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributeSearchResults.java
index d7761b47c3ee772d8132ec01045010fe8d5bcfdc..d1d13da1763dd5788dd5480346d11a94b12b17cf 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributeSearchResults.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributeSearchResults.java
@@ -1,16 +1,16 @@
/*
- *
+ *
* Autopsy Forensic Browser
- *
+ *
* Copyright 2018 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
- *
+ *
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,15 +22,18 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
+import java.util.Set;
import java.util.logging.Level;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.datamodel.AbstractFile;
/**
* Stores the results from the various types of common attribute searching
@@ -39,37 +42,47 @@
final public class CommonAttributeSearchResults {
private static final Logger LOGGER = Logger.getLogger(CommonAttributeSearchResults.class.getName());
-
+
// maps instance count to list of attribute values.
private final Map<Integer, CommonAttributeValueList> instanceCountToAttributeValues;
-
+ private final Set<String> mimeTypesToInclude;
private final int percentageThreshold;
private final int resultTypeId;
-
+
/**
* Create a values object which can be handed off to the node factories.
*
- * @param values list of CommonAttributeValue indexed by size of
- * CommonAttributeValue
+ * @param metadata list of CommonAttributeValue indexed by size
+ * of CommonAttributeValue
+ * @param percentageThreshold threshold to filter out files which are too
+ * common, value of 0 is disabled
+ * @param resultType The type of Correlation Attribute being
+ * searched for
+ * @param mimeTypesToFilterOn Set of mime types to include for intercase
+ * searches
*/
- CommonAttributeSearchResults(Map<Integer, CommonAttributeValueList> metadata, int percentageThreshold, CorrelationAttributeInstance.Type resultType) {
+ CommonAttributeSearchResults(Map<Integer, CommonAttributeValueList> metadata, int percentageThreshold, CorrelationAttributeInstance.Type resultType, Set<String> mimeTypesToFilterOn) {
//wrap in a new object in case any client code has used an unmodifiable collection
this.instanceCountToAttributeValues = new HashMap<>(metadata);
this.percentageThreshold = percentageThreshold;
this.resultTypeId = resultType.getId();
+ this.mimeTypesToInclude = mimeTypesToFilterOn;
}
-
- /**
+
+ /**
* Create a values object which can be handed off to the node factories.
*
- * @param values list of CommonAttributeValue indexed by size of
- * CommonAttributeValue
+ * @param metadata list of CommonAttributeValue indexed by size
+ * of CommonAttributeValue
+ * @param percentageThreshold threshold to filter out files which are too
+ * common, value of 0 is disabled
*/
CommonAttributeSearchResults(Map<Integer, CommonAttributeValueList> metadata, int percentageThreshold) {
//wrap in a new object in case any client code has used an unmodifiable collection
this.instanceCountToAttributeValues = new HashMap<>(metadata);
this.percentageThreshold = percentageThreshold;
this.resultTypeId = CorrelationAttributeInstance.FILES_TYPE_ID;
+ this.mimeTypesToInclude = new HashSet<>(); //don't filter on mimetypes
}
/**
@@ -79,6 +92,7 @@ final public class CommonAttributeSearchResults {
* <code>getValues()</code>.
*
* @param instanceCount key
+ *
* @return list of values which represent matches
*/
CommonAttributeValueList getAttributeValuesForInstanceCount(Integer instanceCount) {
@@ -93,85 +107,107 @@ CommonAttributeValueList getAttributeValuesForInstanceCount(Integer instanceCoun
* @return map of sizes of children to list of matches
*/
public Map<Integer, CommonAttributeValueList> getMetadata() throws EamDbException {
- if(this.percentageThreshold == 0){
+ if (this.percentageThreshold == 0 && mimeTypesToInclude.isEmpty()) {
return Collections.unmodifiableMap(this.instanceCountToAttributeValues);
} else {
return this.getMetadata(this.percentageThreshold);
}
}
-
+
/**
* Get an unmodifiable collection of values, indexed by number of
* grandchildren, which represents the common attributes found in the
* search.
- *
- * Remove results which are not found in the portion of available data
+ *
+ * Remove results which are not found in the portion of available data
* sources described by maximumPercentageThreshold.
- *
+ *
* @return metadata
*/
private Map<Integer, CommonAttributeValueList> getMetadata(int maximumPercentageThreshold) throws EamDbException {
-
- if(maximumPercentageThreshold == 0){
- return Collections.unmodifiableMap(this.instanceCountToAttributeValues);
- }
-
CorrelationAttributeInstance.Type attributeType = CorrelationAttributeInstance
.getDefaultCorrelationTypes()
.stream()
.filter(filterType -> filterType.getId() == this.resultTypeId)
.findFirst().get();
-
+
EamDb eamDb = EamDb.getInstance();
-
+
Map<Integer, List<CommonAttributeValue>> itemsToRemove = new HashMap<>();
//Call countUniqueDataSources once to reduce the number of DB queries needed to get
//the frequencyPercentage
Double uniqueCaseDataSourceTuples = eamDb.getCountUniqueDataSources().doubleValue();
-
- for(Entry<Integer, CommonAttributeValueList> listOfValues : Collections.unmodifiableMap(this.instanceCountToAttributeValues).entrySet()){
-
+
+ for (Entry<Integer, CommonAttributeValueList> listOfValues : Collections.unmodifiableMap(this.instanceCountToAttributeValues).entrySet()) {
+
final Integer key = listOfValues.getKey();
final CommonAttributeValueList values = listOfValues.getValue();
-
- for(CommonAttributeValue value : values.getDelayedMetadataList()){ // Need the real metadata
-
- try {
- Double uniqueTypeValueTuples = eamDb.getCountUniqueCaseDataSourceTuplesHavingTypeValue(
- attributeType, value.getValue()).doubleValue();
- Double commonalityPercentage = uniqueTypeValueTuples / uniqueCaseDataSourceTuples * 100;
- int frequencyPercentage = commonalityPercentage.intValue();
-
- if(frequencyPercentage > maximumPercentageThreshold){
- if(itemsToRemove.containsKey(key)){
- itemsToRemove.get(key).add(value);
- } else {
- List<CommonAttributeValue> toRemove = new ArrayList<>();
- toRemove.add(value);
- itemsToRemove.put(key, toRemove);
+
+ for (CommonAttributeValue value : values.getDelayedMetadataList()) { // Need the real metadata
+
+ //Intracase common attribute searches will have been created with an empty mimeTypesToInclude list
+ //because when performing intra case search this filtering will have been done during the query of the case database
+ boolean mimeTypeToRemove = false; //allow code to be more efficient by not attempting to remove the same value multiple times
+ if (!mimeTypesToInclude.isEmpty()) { //only do the mime type filtering when mime types aren't empty
+ for (AbstractCommonAttributeInstance commonAttr : value.getInstances()) {
+ AbstractFile abstractFile = commonAttr.getAbstractFile();
+ if (abstractFile != null) {
+ String mimeType = commonAttr.getAbstractFile().getMIMEType();
+ if (mimeType != null && !mimeTypesToInclude.contains(mimeType)) {
+ if (itemsToRemove.containsKey(key)) {
+ itemsToRemove.get(key).add(value);
+ } else {
+ List<CommonAttributeValue> toRemove = new ArrayList<>();
+ toRemove.add(value);
+ itemsToRemove.put(key, toRemove);
+ }
+ //value will be removed as the mime type existed and was not in the set to be included
+ //because value is removed this value does not need to be checked further
+ mimeTypeToRemove = true;
+ break;
+ }
+ }
+ if (mimeTypeToRemove) {
+ break;
}
}
- } catch(CorrelationAttributeNormalizationException ex){
- LOGGER.log(Level.WARNING, "Unable to determine frequency percentage attribute - frequency filter may not be accurate for these results.", ex);
+ }
+ if (!mimeTypeToRemove && maximumPercentageThreshold != 0) { //only do the frequency filtering when a max % was set
+ try {
+ Double uniqueTypeValueTuples = eamDb.getCountUniqueCaseDataSourceTuplesHavingTypeValue(
+ attributeType, value.getValue()).doubleValue();
+ Double commonalityPercentage = uniqueTypeValueTuples / uniqueCaseDataSourceTuples * 100;
+ int frequencyPercentage = commonalityPercentage.intValue();
+ if (frequencyPercentage > maximumPercentageThreshold) {
+ if (itemsToRemove.containsKey(key)) {
+ itemsToRemove.get(key).add(value);
+ } else {
+ List<CommonAttributeValue> toRemove = new ArrayList<>();
+ toRemove.add(value);
+ itemsToRemove.put(key, toRemove);
+ }
+ }
+ } catch (CorrelationAttributeNormalizationException ex) {
+ LOGGER.log(Level.WARNING, "Unable to determine frequency percentage attribute - frequency filter may not be accurate for these results.", ex);
+ }
}
}
}
-
- for(Entry<Integer, List<CommonAttributeValue>> valuesToRemove : itemsToRemove.entrySet()){
-
+
+ for (Entry<Integer, List<CommonAttributeValue>> valuesToRemove : itemsToRemove.entrySet()) {
final Integer key = valuesToRemove.getKey();
final List<CommonAttributeValue> values = valuesToRemove.getValue();
-
- for (CommonAttributeValue value : values){
+ for (CommonAttributeValue value : values) {
final CommonAttributeValueList instanceCountValue = this.instanceCountToAttributeValues.get(key);
- instanceCountValue.removeMetaData(value);
-
- if(instanceCountValue.getDelayedMetadataList().isEmpty()){ // Check the real metadata
- this.instanceCountToAttributeValues.remove(key);
+ if (instanceCountValue != null) {
+ instanceCountValue.removeMetaData(value);
+ if (instanceCountValue.getDelayedMetadataList().isEmpty()) { // Check the real metadata
+ this.instanceCountToAttributeValues.remove(key);
+ }
}
}
}
-
+
return Collections.unmodifiableMap(this.instanceCountToAttributeValues);
}
@@ -184,10 +220,10 @@ public int size() {
int count = 0;
for (CommonAttributeValueList data : this.instanceCountToAttributeValues.values()) {
- for(CommonAttributeValue md5 : data.getDelayedMetadataList()){
+ for (CommonAttributeValue md5 : data.getDelayedMetadataList()) {
count += md5.getInstanceCount();
}
}
return count;
}
-}
\ No newline at end of file
+}
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseCommonAttributeSearcher.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseCommonAttributeSearcher.java
index 8219ab91965567471d4024e2a2606ee582329bae..56e28da3dccfd947849396f19ed93af4309d3916 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseCommonAttributeSearcher.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseCommonAttributeSearcher.java
@@ -19,7 +19,6 @@
*/
package org.sleuthkit.autopsy.commonfilesearch;
-import java.util.Map;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java
index 70c38af896b193fb787999c09cb374294d70ad4e..22454979fbb94cb082cd058736c7591cd12fbc8d 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java
@@ -291,8 +291,7 @@ private void specificCentralRepoCaseCheckboxActionPerformed(java.awt.event.Actio
private void correlationTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_correlationTypeComboBoxActionPerformed
- //we do not currenlty have mime type in the central repository so this section will always be disabled
- boolean enableFileTypesFilter = false; //this.correlationTypeComboBox.getSelectedItem().equals("Files");
+ boolean enableFileTypesFilter = this.correlationTypeComboBox.getSelectedItem().equals("Files");
categoriesLabel.setEnabled(enableFileTypesFilter);
allFileCategoriesRadioButton.setEnabled(enableFileTypesFilter);
selectedFileCategoriesButton.setEnabled(enableFileTypesFilter);
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java
index af5941b8aedfd6eb16db9ca6a1280d6e3a256bcf..1a71e50bc9de9178a312481f95a8f93e057c7e10 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java
@@ -242,7 +242,9 @@ private void countAndAddCommonAttributes(String corValue, int resultId) {
// we don't *have* all the information for the rows in the CR,
// so we need to consult the present case via the SleuthkitCase object
// Later, when the FileInstanceNode is built. Therefore, build node generators for now.
- AbstractCommonAttributeInstance searchResult = new CentralRepoCommonAttributeInstance(resultId, correlationType);
+ CentralRepoCommonAttributeInstance searchResult = new CentralRepoCommonAttributeInstance(resultId, correlationType);
+ CorrelationAttributeInstance corrAttr = findSingleCorrelationAttribute(resultId);
+ searchResult.setCurrentAttributeInst(corrAttr);
commonAttributeValue.addInstance(searchResult);
}
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/SingleInterCaseCommonAttributeSearcher.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/SingleInterCaseCommonAttributeSearcher.java
index c7c6f9fffdadf96c512e422e0829e19382539bfe..f7c87abdffbb5f724f6c1ab5fa067e56fda27139 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/SingleInterCaseCommonAttributeSearcher.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/SingleInterCaseCommonAttributeSearcher.java
@@ -20,7 +20,9 @@
package org.sleuthkit.autopsy.commonfilesearch;
import java.sql.SQLException;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -28,6 +30,7 @@
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type;
+import static org.sleuthkit.autopsy.commonfilesearch.AbstractCommonAttributeSearcher.MEDIA_PICS_VIDEO_MIME_TYPES;
/**
*
@@ -78,8 +81,14 @@ public CommonAttributeSearchResults findMatches() throws TskCoreException, NoCur
CommonAttributeSearchResults findFiles(CorrelationCase correlationCase) throws TskCoreException, NoCurrentCaseException, SQLException, EamDbException {
InterCaseSearchResultsProcessor eamDbAttrInst = new InterCaseSearchResultsProcessor(this.corAttrType);
Map<Integer, CommonAttributeValueList> interCaseCommonFiles = eamDbAttrInst.findSingleInterCaseCommonAttributeValues(Case.getCurrentCase(), correlationCase);
-
- return new CommonAttributeSearchResults(interCaseCommonFiles, this.frequencyPercentageThreshold, this.corAttrType);
+ Set<String> mimeTypesToFilterOn = new HashSet<>();
+ if (isFilterByMedia()) {
+ mimeTypesToFilterOn.addAll(MEDIA_PICS_VIDEO_MIME_TYPES);
+ }
+ if (isFilterByDoc()) {
+ mimeTypesToFilterOn.addAll(TEXT_FILES_MIME_TYPES);
+ }
+ return new CommonAttributeSearchResults(interCaseCommonFiles, this.frequencyPercentageThreshold, this.corAttrType, mimeTypesToFilterOn);
}
@NbBundle.Messages({
@@ -90,6 +99,10 @@ CommonAttributeSearchResults findFiles(CorrelationCase correlationCase) throws T
@Override
String getTabTitle() {
- return Bundle.SingleInterCaseCommonAttributeSearcher_buildTabTitle_titleInterSingle(this.correlationCaseName, this.corAttrType.getDisplayName(), this.getPercentThresholdString());
+ String typeString = this.corAttrType.getDisplayName();
+ if (typeString.equals("Files")) {
+ typeString = this.buildCategorySelectionString();
+ }
+ return Bundle.SingleInterCaseCommonAttributeSearcher_buildTabTitle_titleInterSingle(this.correlationCaseName, typeString, this.getPercentThresholdString());
}
}