From ef5ec28a8aa6eabf1033a7ea53e6eb101d6d66c7 Mon Sep 17 00:00:00 2001 From: apriestman <apriestman@basistech.com> Date: Tue, 14 Apr 2020 15:42:29 -0400 Subject: [PATCH] Removed timing statements. Added new version of addEventsForNewFile that does not post events. --- .../sleuthkit/datamodel/SleuthkitCase.java | 2 +- .../org/sleuthkit/datamodel/SleuthkitJNI.java | 10 +--- .../sleuthkit/datamodel/TimelineManager.java | 57 +++++++++++++++++++ 3 files changed, 60 insertions(+), 9 deletions(-) diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java index af4eb9b73..1f8f94bde 100644 --- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java +++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java @@ -11248,7 +11248,7 @@ long addFileJNI(long parentObjId, (short)metaFlags, size, ctime, crtime, atime, mtime, null, null, escaped_path, null, parentObjId, null, null, extension); - timelineManager.addEventsForNewFile(derivedFile, connection); + timelineManager.addEventsForNewFileJNI(derivedFile, connection); } return objectId; diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java index 6697a50ae..5ab34ecfd 100644 --- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java +++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java @@ -414,18 +414,15 @@ long addImageInfo(long deviceObjId, List<String> imageFilePaths, String timeZone JniDbHelper dbHelper = new JniDbHelper(skCase); try { dbHelper.beginTransaction(); - long startTime = System.currentTimeMillis(); long tskAutoDbPointer = initializeAddImgNat(caseDbPointer, dbHelper, timezoneLongToShort(timeZone), false, false, false); runOpenAndAddImgNat(tskAutoDbPointer, UUID.randomUUID().toString(), imageFilePaths.toArray(new String[0]), imageFilePaths.size(), timeZone); long id = finishAddImgNat(tskAutoDbPointer); - long endTime = System.currentTimeMillis(); - System.out.println("### addImage time: " + (endTime - startTime) + " ms"); + dbHelper.commitTransaction(); skCase.addDataSourceToHasChildrenMap(); return id; } catch (TskDataException ex) { + dbHelper.revertTransaction(); throw new TskCoreException("Error adding image to case database", ex); - } finally { - dbHelper.commitTransaction(); // TODO - is this right? } } @@ -510,7 +507,6 @@ public void run(String deviceId, String[] imageFilePaths, int sectorSize) throws getTSKReadLock(); try { long imageHandle = 0; - long startTime = System.currentTimeMillis(); synchronized (this) { if (0 != tskAutoDbPointer) { throw new TskCoreException("Add image process already started"); @@ -527,8 +523,6 @@ public void run(String deviceId, String[] imageFilePaths, int sectorSize) throws if (imageHandle != 0) { runAddImgNat(tskAutoDbPointer, deviceId, imageHandle, timeZone, imageWriterPath); } - long endTime = System.currentTimeMillis(); - System.out.println("### addImage time: " + (endTime - startTime) + " ms"); } finally { releaseTSKReadLock(); } diff --git a/bindings/java/src/org/sleuthkit/datamodel/TimelineManager.java b/bindings/java/src/org/sleuthkit/datamodel/TimelineManager.java index 661d4ff21..cf2fc53e2 100644 --- a/bindings/java/src/org/sleuthkit/datamodel/TimelineManager.java +++ b/bindings/java/src/org/sleuthkit/datamodel/TimelineManager.java @@ -543,6 +543,63 @@ Collection<TimelineEvent> addEventsForNewFile(AbstractFile file, CaseDbConnectio return events; } + + void addEventsForNewFileJNI(AbstractFile file, CaseDbConnection connection) throws TskCoreException { + //gather time stamps into map + Map<TimelineEventType, Long> timeMap = ImmutableMap.of(TimelineEventType.FILE_CREATED, file.getCrtime(), + TimelineEventType.FILE_ACCESSED, file.getAtime(), + TimelineEventType.FILE_CHANGED, file.getCtime(), + TimelineEventType.FILE_MODIFIED, file.getMtime()); + List<TimelineEventType> tempList = ImmutableList.of(TimelineEventType.FILE_MODIFIED, + TimelineEventType.FILE_ACCESSED, TimelineEventType.FILE_CREATED, TimelineEventType.FILE_CHANGED); + + /* + * If there are no legitimate ( greater than zero ) time stamps skip the + * rest of the event generation. + */ + if (Collections.max(timeMap.values()) <= 0) { + return; + } + + String description = file.getParentPath() + file.getName(); + long fileObjId = file.getId(); + caseDB.acquireSingleUserCaseWriteLock(); + try { + long descriptionID = addEventDescription(file.getDataSourceObjectId(), fileObjId, null, + description, null, null, false, false, connection); + + //for (Map.Entry<TimelineEventType, Long> timeEntry : timeMap.entrySet()) { + for (TimelineEventType type : tempList) { + //Map.Entry<TimelineEventType, Long> timeEntry = timeMap.get(type); + Long time = timeMap.get(type); + //Long time = timeEntry.getValue(); + if (time > 0 && time < MAX_TIMESTAMP_TO_ADD) {// if the time is legitimate ( greater than zero and less then 12 years from current date) insert it + //TimelineEventType type = timeEntry.getKey(); + long eventID = addEventWithExistingDescription(time, type, descriptionID, connection); + + /* + * Last two flags indicating hasTags and hasHashHits are + * both set to false with the assumption that this is not + * possible for a new file. See JIRA-5407 + */ + //events.add(new TimelineEvent(eventID, descriptionID, fileObjId, null, time, type, + // description, null, null, false, false)); + } else { + if (time >= MAX_TIMESTAMP_TO_ADD) { + //logger.log(Level.WARNING, String.format("Date/Time discarded from Timeline for %s for file %s with Id %d", timeEntry.getKey().getDisplayName(), file.getParentPath() + file.getName(), file.getId())); + } + } + } + + } finally { + caseDB.releaseSingleUserCaseWriteLock(); + } + //events.stream() + // .map(TimelineEventAddedEvent::new) + // .forEach(caseDB::fireTSKEvent); + + //return events; + } /** * Add any events that can be created from the given Artifact. If the -- GitLab