|
Autopsy
4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Public Member Functions | |
| ILeappFileProcessor () throws IOException, IngestModuleException | |
| ProcessResult | processFiles (Content dataSource, Path moduleOutputPath, AbstractFile iLeappFile) |
Private Member Functions | |
| void | checkAttributeType (Collection< BlackboardAttribute > bbattributes, String attrType, String[] columnValues, Integer columnNumber, BlackboardAttribute.Type attributeType, String fileName) |
| void | configExtractor () throws IOException |
| BlackboardArtifact | createArtifactWithAttributes (int type, AbstractFile abstractFile, Collection< BlackboardAttribute > bbattributes) |
| Map< Integer, String > | findColumnsToProcess (String line, List< List< String >> attrList) |
| List< String > | findTsvFiles (Path iLeappOutputDir) throws IngestModuleException |
| void | getArtifactNode (Document xmlinput) |
| void | getAttributeNodes (Document xmlinput) |
| void | getFileNode (Document xmlinput) |
| void | loadConfigFile () throws IngestModuleException |
| void | processFile (File iLeappFile, List< List< String >> attrList, String fileName, BlackboardArtifact.Type artifactType, List< BlackboardArtifact > bbartifacts, AbstractFile iLeappImageFile) throws FileNotFoundException, IOException, IngestModuleException |
| void | processiLeappFiles (List< String > iLeappFilesToProcess, AbstractFile iLeappImageFile) throws FileNotFoundException, IOException, IngestModuleException |
| Collection< BlackboardAttribute > | processReadLine (String line, Map< Integer, String > columnNumberToProcess, String fileName) throws IngestModuleException |
Private Attributes | |
| final Map< String, String > | tsvFileArtifactComments |
| final Map< String, String > | tsvFileArtifacts |
| final Map< String, List< List< String > > > | tsvFileAttributes |
| final Map< String, String > | tsvFiles |
Static Private Attributes | |
| static final Logger | logger = Logger.getLogger(ILeappFileProcessor.class.getName()) |
| static final String | MODULE_NAME = ILeappAnalyzerModuleFactory.getModuleName() |
| static final String | XMLFILE = "ileap-artifact-attribute-reference.xml" |
Find and process output from iLeapp program and bring into Autopsy
Definition at line 67 of file ILeappFileProcessor.java.
| org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.ILeappFileProcessor | ( | ) | throws IOException, IngestModuleException |
Definition at line 79 of file ILeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.configExtractor(), and org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.loadConfigFile().
|
private |
Definition at line 238 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processReadLine().
|
private |
Extract the iLeapp config xml file to the user directory to process
Definition at line 444 of file ILeappFileProcessor.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.extractResourceToUserConfigDir().
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.ILeappFileProcessor().
|
private |
Generic method for creating a blackboard artifact with attributes
| type | is a blackboard.artifact_type enum to determine which type the artifact should be |
| content | is the Content object that needs to have the artifact added for it |
| bbattributes | is the collection of blackboard attributes that need to be added to the artifact after the artifact has been created |
Definition at line 410 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().
|
private |
Process the first line of the tsv file which has the headings. Match the headings to the columns in the XML mapping file so we know which columns to process.
| line | a tsv heading line of the columns in the file |
| attrList | the list of headings we want to process |
Definition at line 284 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().
|
private |
Find the tsv files in the iLeapp output directory and match them to files we know we want to process and return the list to process those files.
Definition at line 117 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFiles().
|
private |
Definition at line 350 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.loadConfigFile().
|
private |
Definition at line 368 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.loadConfigFile().
|
private |
Definition at line 338 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.loadConfigFile().
|
private |
Read the XML config file and load the mappings into maps
Definition at line 315 of file ILeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.getArtifactNode(), org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.getAttributeNodes(), org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.getFileNode(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserConfigDirectory(), and org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.XMLFILE.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.ILeappFileProcessor().
|
private |
Definition at line 177 of file ILeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.createArtifactWithAttributes(), org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.findColumnsToProcess(), and org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processReadLine().
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processiLeappFiles().
| ProcessResult org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFiles | ( | Content | dataSource, |
| Path | moduleOutputPath, | ||
| AbstractFile | iLeappFile | ||
| ) |
Definition at line 100 of file ILeappFileProcessor.java.
References org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.findTsvFiles(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, and org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processiLeappFiles().
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappAnalyzerIngestModule.process().
|
private |
Process the iLeapp files that were found that match the xml mapping file
| iLeappFilesToProcess | List of files to process |
| iLeappImageFile | Abstract file to create artifact for |
| statusHelper | progress bar update |
| FileNotFoundException | |
| IOException |
Definition at line 150 of file ILeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFiles().
|
private |
Process the line read and create the necessary attributes for it
| line | a tsv line to process that was read |
| columnNumberToProcess | Which columns to process in the tsv line |
| fileName | name of file begin processed |
Definition at line 209 of file ILeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.checkAttributeType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().
|
staticprivate |
Definition at line 69 of file ILeappFileProcessor.java.
|
staticprivate |
Definition at line 70 of file ILeappFileProcessor.java.
|
private |
Definition at line 76 of file ILeappFileProcessor.java.
|
private |
Definition at line 75 of file ILeappFileProcessor.java.
|
private |
Definition at line 77 of file ILeappFileProcessor.java.
|
private |
Definition at line 74 of file ILeappFileProcessor.java.
|
staticprivate |
Definition at line 72 of file ILeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.loadConfigFile().
Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.