Autopsy
4.13.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Static Public Member Functions | |
static void | export (List< TagName > tagTypes, List< String > interestingItemSets, File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, NoCurrentCaseException, TskCoreException |
static void | generateReport (String reportOutputPath, ReportProgressPanel progressPanel) |
Private Member Functions | |
CaseUcoFormatExporter () | |
Static Private Member Functions | |
static JsonGenerator | createJsonGenerator (File reportFile) throws IOException |
static void | finilizeJsonOutputFile (JsonGenerator catalog) throws IOException |
static void | initializeJsonOutputFile (JsonGenerator catalog) throws IOException |
static String | saveCaseInfo (SleuthkitCase skCase, JsonGenerator catalog) throws TskCoreException, SQLException, IOException, NoCurrentCaseException |
static String | saveDataSourceInCaseUcoFormat (JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId, String caseTraceId) throws IOException |
static String | saveDataSourceInfo (Long selectedDataSourceId, String caseTraceId, SleuthkitCase skCase, JsonGenerator jsonGenerator) throws TskCoreException, SQLException, IOException |
static void | saveFileInCaseUcoFormat (Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime, String atime, String mtime, String extension, JsonGenerator catalog, String dataSourceTraceId) throws IOException |
static void | saveUniqueFilesToCaseUcoFormat (Content content, Path tmpDir, JsonGenerator jsonGenerator, TimeZone timeZone, String dataSourceTraceId) throws IOException |
Static Private Attributes | |
static final BlackboardArtifact.ARTIFACT_TYPE | INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT |
static final BlackboardArtifact.ARTIFACT_TYPE | INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT |
static final Logger | logger = Logger.getLogger(CaseUcoFormatExporter.class.getName()) |
static final BlackboardAttribute.Type | SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME) |
static final String | TEMP_DIR_NAME = "case_uco_tmp" |
Generates CASE-UCO report file for a data source
Definition at line 62 of file CaseUcoFormatExporter.java.
|
private |
Definition at line 71 of file CaseUcoFormatExporter.java.
|
staticprivate |
Definition at line 326 of file CaseUcoFormatExporter.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export().
|
static |
Exports files that are tagged with the following TagNames and that belong to the following interesting file sets (set name attributes of TSK_INTERSTING_FILE_HIT and TSK_INTERESTING_ARTIFACT_HIT). Artifacts that are tagged with the following TagNames also have their associated source files included.
Duplicate files are excluded.
tagTypes | Collection of TagNames to match |
interestingItemSets | Collection of SET_NAMEs to match on in TSK_INTERESTING_FILE_HITs and TSK_INTERESTING_ARTIFACT_HITs. |
caseReportFolder | Path to the folder that the CASE-UCO report should be written into |
progressPanel | UI Component to be updated with current processing status |
Definition at line 223 of file CaseUcoFormatExporter.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.createJsonGenerator(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.finilizeJsonOutputFile(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getBlackboardArtifactTagsByTagName(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByTagName(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReport.getReportFileName(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.initializeJsonOutputFile(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.INTERESTING_ARTIFACT_HIT, org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.INTERESTING_FILE_HIT, org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveCaseInfo(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveDataSourceInfo(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveUniqueFilesToCaseUcoFormat(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.SET_NAME, and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
staticprivate |
Definition at line 340 of file CaseUcoFormatExporter.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.generateReport().
|
static |
Generates CASE-UCO report for the selected data source.
reportOutputPath | Full path to directory where to save CASE-UCO report file |
progressPanel | ReportProgressPanel to update progress |
Definition at line 94 of file CaseUcoFormatExporter.java.
References org.sleuthkit.autopsy.casemodule.Case.addReport(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.COMPLETE, org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.ERROR, org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.finilizeJsonOutputFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), org.sleuthkit.autopsy.datamodel.ContentUtils.getStringTimeISO8601(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.initializeJsonOutputFile(), org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveCaseInfo(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveDataSourceInfo(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveFileInCaseUcoFormat(), org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate(), org.sleuthkit.autopsy.report.ReportProgressPanel.start(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReport.generateReport().
|
staticprivate |
Definition at line 334 of file CaseUcoFormatExporter.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.generateReport().
|
staticprivate |
Save info about the Autopsy case in CASE-UCo format
skCase | SleuthkitCase object |
catalog | JsonGenerator object |
TskCoreException | |
SQLException | |
IOException | |
NoCurrentCaseException |
Definition at line 356 of file CaseUcoFormatExporter.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getName().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.generateReport().
|
staticprivate |
Definition at line 453 of file CaseUcoFormatExporter.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveDataSourceInfo().
|
staticprivate |
Save info about the data source in CASE-UCo format
selectedDataSourceId | Object ID of the data source |
caseTraceId | CASE-UCO trace ID object for the Autopsy case entry |
skCase | SleuthkitCase object |
jsonGenerator | JsonGenerator object |
TskCoreException | |
SQLException | |
IOException |
Definition at line 411 of file CaseUcoFormatExporter.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveDataSourceInCaseUcoFormat().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.generateReport().
|
staticprivate |
|
staticprivate |
Saves only unique abstract files to the report. Uniqueness is determined by object id. The tmpDir Path is used to stored object ids that have already been visited.
content | Abstractfile isntance |
tmpDir | Directory to write object ids |
jsonGenerator | Report generator |
timeZone | Time zore for ctime, atime, and mtime formatting |
dataSourceTraceId | TraceID number for the parent data source |
IOException |
Definition at line 301 of file CaseUcoFormatExporter.java.
References org.sleuthkit.autopsy.datamodel.ContentUtils.getStringTimeISO8601(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.saveFileInCaseUcoFormat().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export().
|
staticprivate |
Definition at line 68 of file CaseUcoFormatExporter.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export().
|
staticprivate |
Definition at line 67 of file CaseUcoFormatExporter.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export().
|
staticprivate |
Definition at line 64 of file CaseUcoFormatExporter.java.
|
staticprivate |
Definition at line 66 of file CaseUcoFormatExporter.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoFormatExporter.export().
|
staticprivate |
Definition at line 69 of file CaseUcoFormatExporter.java.
Copyright © 2012-2019 Basis Technology. Generated on: Tue Jan 7 2020
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.