Autopsy
4.10.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Public Member Functions | |
EamArtifactUtil () | |
Static Public Member Functions | |
static String | getEmailAddressAttrString () |
static CorrelationAttributeInstance | getInstanceFromContent (Content content) |
static boolean | isSupportedAbstractFileType (AbstractFile file) |
static CorrelationAttributeInstance | makeInstanceFromContent (Content content) |
static List< CorrelationAttributeInstance > | makeInstancesFromBlackboardArtifact (BlackboardArtifact artifact, boolean checkEnabled) |
Static Private Member Functions | |
static void | addCorrelationAttributeToList (List< CorrelationAttributeInstance > eamArtifacts, BlackboardArtifact artifact, ATTRIBUTE_TYPE bbAttributeType, int typeId) throws EamDbException, TskCoreException |
static CorrelationAttributeInstance | makeCorrelationAttributeInstanceUsingTypeValue (BlackboardArtifact bbArtifact, CorrelationAttributeInstance.Type correlationType, String value) |
Static Private Attributes | |
static final Logger | logger = Logger.getLogger(EamArtifactUtil.class.getName()) |
Definition at line 41 of file EamArtifactUtil.java.
org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil | ( | ) |
Definition at line 45 of file EamArtifactUtil.java.
|
staticprivate |
Add a CorrelationAttributeInstance of the specified type to the provided list if the artifactForInstance has an Attribute of the given type with a non empty value.
@param eamArtifacts the list of CorrelationAttributeInstance objects which should be added to @param artifact the blackboard artifactForInstance which we are creating a CorrelationAttributeInstance for @param bbAttributeType the type of BlackboardAttribute we expect to exist for a CorrelationAttributeInstance of this type generated from this Blackboard Artifact @param typeId the integer type id of the CorrelationAttributeInstance type @throws EamDbException @throws TskCoreException
Definition at line 172 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeInstanceUsingTypeValue().
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().
|
static |
Definition at line 49 of file EamArtifactUtil.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().
|
static |
Retrieve CorrelationAttribute from the given Content.
content | The content object |
Definition at line 232 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationAttributeInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType().
Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), and org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getCorrelationAttributeInstance().
|
static |
Check whether the given abstract file should be processed for the central repository.
file | The file to test |
Definition at line 353 of file EamArtifactUtil.java.
Referenced by org.sleuthkit.autopsy.centralrepository.CentralRepoContextMenuActionsProvider.getActions(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getInstanceFromContent(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromContent().
|
staticprivate |
Uses the determined type and vallue, then looks up instance details to create proper CorrelationAttributeInstance.
bbArtifact | the blackboard artifactForInstance |
correlationType | the given type |
value | the artifactForInstance value |
Definition at line 195 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.addCorrelationAttributeToList(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().
|
static |
Create an EamArtifact from the given Content. Will return null if an artifactForInstance can not be created - this is not necessarily an error case, it just means an artifactForInstance can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.
Does not add the artifactForInstance to the database.
@param content The content object @return The new EamArtifact or null if creation failed
Definition at line 303 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType().
Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.ContentTagTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().
|
static |
Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.
artifact | BlackboardArtifact to examine |
checkEnabled | If true, only create a CorrelationAttribute if it is enabled |
Definition at line 65 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.addCorrelationAttributeToList(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.DOMAIN_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.EMAIL_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.ICCID_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.IMEI_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.IMSI_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.MAC_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeInstanceUsingTypeValue(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.PHONE_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.SSID_TYPE_ID, and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.USBID_TYPE_ID.
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.contentviewers.AnnotationsContentViewer.populateCentralRepositoryData(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.BlackboardTagTask.run(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.DataAddedTask.run().
|
staticprivate |
Definition at line 43 of file EamArtifactUtil.java.
Copyright © 2012-2018 Basis Technology. Generated on: Fri Mar 22 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.