Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.datamodel.EventCluster Class Reference

Inherits org.sleuthkit.autopsy.timeline.datamodel.EventBundle< EventStripe >.

Public Member Functions

 EventCluster (Interval spanningInterval, EventType type, Set< Long > eventIDs, Set< Long > hashHits, Set< Long > tagged, String description, DescriptionLoD lod)
 
SortedSet< EventClustergetClusters ()
 
default int getCount ()
 
String getDescription ()
 
DescriptionLoD getDescriptionLoD ()
 
long getEndMillis ()
 
ImmutableSet< Long > getEventIDs ()
 
ImmutableSet< Long > getEventIDsWithHashHits ()
 
ImmutableSet< Long > getEventIDsWithTags ()
 
EventType getEventType ()
 
Optional< EventStripegetParentBundle ()
 
Interval getSpan ()
 
long getStartMillis ()
 
EventCluster withParent (EventStripe parent)
 

Static Public Member Functions

static EventCluster merge (EventCluster cluster1, EventCluster cluster2)
 

Private Member Functions

 EventCluster (Interval spanningInterval, EventType type, Set< Long > eventIDs, Set< Long > hashHits, Set< Long > tagged, String description, DescriptionLoD lod, EventStripe parent)
 

Private Attributes

final String description
 
final ImmutableSet< Long > eventIDs
 
final ImmutableSet< Long > hashHits
 
final DescriptionLoD lod
 
final EventStripe parent
 
final Interval span
 
final ImmutableSet< Long > tagged
 
final EventType type
 

Detailed Description

Represents a set of other (TimeLineEvent) events clustered together. All the sub events should have the same type and matching descriptions at the designated 'zoom level', and be 'close together' in time.

Definition at line 41 of file EventCluster.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster ( Interval  spanningInterval,
EventType  type,
Set< Long >  eventIDs,
Set< Long >  hashHits,
Set< Long >  tagged,
String  description,
DescriptionLoD  lod,
EventStripe  parent 
)
private
org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster ( Interval  spanningInterval,
EventType  type,
Set< Long >  eventIDs,
Set< Long >  hashHits,
Set< Long >  tagged,
String  description,
DescriptionLoD  lod 
)

Member Function Documentation

SortedSet< EventCluster> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getClusters ( )
default int org.sleuthkit.autopsy.timeline.datamodel.EventBundle<>.getCount ( )
inherited
String org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescription ( )
DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescriptionLoD ( )
long org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEndMillis ( )
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDs ( )
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithHashHits ( )
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithTags ( )
EventType org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventType ( )
Optional<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParentBundle ( )

Definition at line 123 of file EventCluster.java.

Interval org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getSpan ( )
long org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getStartMillis ( )
static EventCluster org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge ( EventCluster  cluster1,
EventCluster  cluster2 
)
static
EventCluster org.sleuthkit.autopsy.timeline.datamodel.EventCluster.withParent ( EventStripe  parent)

return a new EventCluster identical to this one, except with the given EventBundle as the parent.

Parameters
parent
Returns
a new EventCluster identical to this one, except with the given EventBundle as the parent.

Definition at line 183 of file EventCluster.java.

References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster().

Member Data Documentation

final String org.sleuthkit.autopsy.timeline.datamodel.EventCluster.description
private
final ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.eventIDs
private
final ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.hashHits
private

the ids of the subset of clustered events that have at least one hash set hit

Definition at line 104 of file EventCluster.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithHashHits().

final DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.EventCluster.lod
private
final EventStripe org.sleuthkit.autopsy.timeline.datamodel.EventCluster.parent
private
final Interval org.sleuthkit.autopsy.timeline.datamodel.EventCluster.span
private

the smallest time interval containing all the clustered events

Definition at line 72 of file EventCluster.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getSpan(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().

final ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.tagged
private

the ids of the subset of clustered events that have at least one tag applied to them

Definition at line 98 of file EventCluster.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithTags().

final EventType org.sleuthkit.autopsy.timeline.datamodel.EventCluster.type
private

The documentation for this class was generated from the following file:

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.