api-docs/4.22.1/_files_set_8java_source.html

/*

 * Autopsy Forensic Browser

 *

 * Copyright 2011-2018 Basis Technology Corp.

 * Contact: carrier <at> sleuthkit <dot> org

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package org.sleuthkit.autopsy.modules.interestingitems;


import java.io.Serializable;

import java.util.ArrayList;

import java.util.Collections;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

import java.util.Map.Entry;

import java.util.UUID;

import java.util.regex.Pattern;

import org.openide.util.NbBundle;

import org.openide.util.NbBundle.Messages;

import org.sleuthkit.datamodel.AbstractFile;

import org.sleuthkit.datamodel.TskData;


public final class FilesSet implements Serializable {


    private static final long serialVersionUID = 1L;

    private final String name;

    private final String description;

    private final boolean ignoreKnownFiles;

    private final boolean ignoreUnallocatedSpace;


    private final boolean standardSet;

    private final int versionNumber;


    private final Map<String, Rule> rules;


    // NOTE: these fields are derived from 'rules' which may happen at runtime

    // due to deserialization of older FilesSet objects before inclusive and

    // exclusive rules existed.

    private Map<String, Rule> inclusiveRules;

    private Map<String, Rule> exclusiveRules;


    public FilesSet(String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map<String, Rule> rules) {

        this(name, description, ignoreKnownFiles, ignoreUnallocatedSpace, rules, false, 0);

    }


    public FilesSet(String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map<String, Rule> rules,

            boolean standardSet, int versionNumber) {

        if ((name == null) || (name.isEmpty())) {

            throw new IllegalArgumentException("Interesting files set name cannot be null or empty");

        }


        if (versionNumber < 0) {

            throw new IllegalArgumentException("version number must be >= 0");

        }


        this.standardSet = standardSet;

        this.versionNumber = versionNumber;


        this.name = name;

        this.description = (description != null ? description : "");

        this.ignoreKnownFiles = ignoreKnownFiles;

        this.ignoreUnallocatedSpace = ignoreUnallocatedSpace;

        this.rules = rules == null ? Collections.emptyMap() : new HashMap<>(rules);


        divideInclusiveExclusive();

    }


    private void divideInclusiveExclusive() {

        Map<String, Rule> inclusiveRules = new HashMap<>();

        Map<String, Rule> exclusiveRules = new HashMap<>();

        if (this.rules != null) {

            for (Entry<String, Rule> ruleEntry : this.rules.entrySet()) {

                if (ruleEntry.getValue().isExclusive()) {

                    exclusiveRules.put(ruleEntry.getKey(), ruleEntry.getValue());

                } else {

                    inclusiveRules.put(ruleEntry.getKey(), ruleEntry.getValue());

                }

            }

        }

        this.inclusiveRules = inclusiveRules;

        this.exclusiveRules = exclusiveRules;

    }


    boolean isStandardSet() {

        return standardSet;

    }


    int getVersionNumber() {

        return versionNumber;

    }


    public String getName() {

        return this.name;

    }


    public String getDescription() {

        return this.description;

    }


    public boolean ignoresKnownFiles() {

        return this.ignoreKnownFiles;

    }


    public boolean ingoresUnallocatedSpace() {

        return this.ignoreUnallocatedSpace;

    }


    public Map<String, Rule> getRules() {

        return new HashMap<>(this.rules);

    }


     @Messages({

         "FileSet_fileIsMemberOf_noInclusiveRules_ruleName=Not Excluded"

     })


    public String fileIsMemberOf(AbstractFile file) {

        if ((this.ignoreKnownFiles) && (file.getKnown() == TskData.FileKnown.KNOWN)) {

            return null;

        }


        if ((this.ignoreUnallocatedSpace)

                && (file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)

                || file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK)

                || file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS))) {

            return null;

        }


        if (inclusiveRules == null || exclusiveRules == null) {

            divideInclusiveExclusive();

        }


        String ruleName;

        if (inclusiveRules.isEmpty()) {

            // in the event there are no rules, return null for no match

            if (exclusiveRules.isEmpty()) {

                return null;

            // in the event there are exclusion rules, rely on those

            } else {

                ruleName = Bundle.FileSet_fileIsMemberOf_noInclusiveRules_ruleName();

            }


        } else {

            // if there are inclusive rules, at least one should be matched

            ruleName = null;

            for (Rule rule : inclusiveRules.values()) {

                if (rule.isSatisfied(file)) {

                    ruleName = rule.getName();

                    break;

                }

            }

        }


        for (Rule rule : exclusiveRules.values()) {

            if (rule.isSatisfied(file)) {

                return null;

            }

        }


        return ruleName;

    }


    @Override


    public String toString() {

        // This override is designed to provide a display name for use with

        // javax.swing.DefaultListModel<E>.

        return this.name;

    }


    public final static class Rule implements Serializable {


        private static final long serialVersionUID = 1L;

        private final String uuid;

        private final String ruleName;

        private final Boolean exclusive;

        private final FileNameCondition fileNameCondition;

        private final MetaTypeCondition metaTypeCondition;

        private final ParentPathCondition pathCondition;

        private final MimeTypeCondition mimeTypeCondition;

        private final FileSizeCondition fileSizeCondition;

        private final DateCondition dateCondition;

        private final List<FileAttributeCondition> conditions = new ArrayList<>();


        public Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition,

                ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition,

                FileSizeCondition fileSizeCondition, DateCondition dateCondition,

                Boolean exclusive) {


            // since ruleName is optional, ruleUUID can be used to uniquely identify a rule.

            this.uuid = UUID.randomUUID().toString();

            if (metaTypeCondition == null) {

                throw new IllegalArgumentException("Interesting files set rule meta-type condition cannot be null");

            }


            this.ruleName = ruleName;


            /*

             * The rules are evaluated in the order added. MetaType check is

             * fastest, so do it first

             */

            this.metaTypeCondition = metaTypeCondition;

            this.conditions.add(this.metaTypeCondition);


            this.fileSizeCondition = fileSizeCondition;

            if (this.fileSizeCondition != null) {

                this.conditions.add(this.fileSizeCondition);

            }


            this.fileNameCondition = fileNameCondition;

            if (this.fileNameCondition != null) {

                this.conditions.add(fileNameCondition);

            }


            this.mimeTypeCondition = mimeTypeCondition;

            if (this.mimeTypeCondition != null) {

                this.conditions.add(mimeTypeCondition);

            }


            this.pathCondition = pathCondition;

            if (this.pathCondition != null) {

                this.conditions.add(this.pathCondition);

            }

            this.dateCondition = dateCondition;

            if (this.dateCondition != null) {

                this.conditions.add(this.dateCondition);

            }


            this.exclusive = exclusive;

        }


        public String getName() {

            return ruleName;

        }


        public FileNameCondition getFileNameCondition() {

            return this.fileNameCondition;

        }


        public MetaTypeCondition getMetaTypeCondition() {

            return this.metaTypeCondition;

        }


        public ParentPathCondition getPathCondition() {

            return this.pathCondition;

        }


        public DateCondition getDateCondition() {

            return this.dateCondition;

        }


        public boolean isExclusive() {

            return exclusive != null && exclusive == true;

        }


        public boolean isSatisfied(AbstractFile file) {

            for (FileAttributeCondition condition : conditions) {

                if (!condition.passes(file)) {

                    return false;

                }

            }

            return true;

        }


        @NbBundle.Messages({

            "# {0} - daysIncluded",

            "FilesSet.rule.dateRule.toString=(modified within {0} day(s))"

        })

        @Override


        public String toString() {

            // This override is designed to provide a display name for use with

            // javax.swing.DefaultListModel<E>.

            if (fileNameCondition != null) {

                return this.ruleName + " (" + fileNameCondition.getTextToMatch() + ")";

            } else if (this.pathCondition != null) {

                return this.ruleName + " (" + pathCondition.getTextToMatch() + ")";

            } else if (this.mimeTypeCondition != null) {

                return this.ruleName + " (" + mimeTypeCondition.getMimeType() + ")";

            } else if (this.fileSizeCondition != null) {

                return this.ruleName + " (" + fileSizeCondition.getComparator().getSymbol() + " " + fileSizeCondition.getSizeValue()

                        + " " + fileSizeCondition.getUnit().getName() + ")";

            } else if (this.dateCondition != null) {

                return this.ruleName + Bundle.FilesSet_rule_dateRule_toString(dateCondition.getDaysIncluded());

            } else {

                return this.ruleName + " ()";

            }


        }


        public String getUuid() {

            return this.uuid;

        }


        public MimeTypeCondition getMimeTypeCondition() {

            return mimeTypeCondition;

        }


        public FileSizeCondition getFileSizeCondition() {

            return fileSizeCondition;

        }


        static interface FileAttributeCondition extends Serializable {


            boolean passes(AbstractFile file);

        }


        public static final class MimeTypeCondition implements FileAttributeCondition {


            private static final long serialVersionUID = 1L;

            private final String mimeType;


            public MimeTypeCondition(String mimeType) {

                this.mimeType = mimeType;

            }


            @Override


            public boolean passes(AbstractFile file) {

                return this.mimeType.equals(file.getMIMEType());

            }


            public String getMimeType() {

                return this.mimeType;

            }


        }


        public static final class FileSizeCondition implements FileAttributeCondition {


            private static final long serialVersionUID = 1L;


            public static enum COMPARATOR {


                LESS_THAN("<"),

                LESS_THAN_EQUAL("≤"),

                EQUAL("="),

                GREATER_THAN(">"),

                GREATER_THAN_EQUAL("≥");


                private String symbol;


                private COMPARATOR(String symbol) {

                    this.symbol = symbol;

                }


                public static COMPARATOR fromSymbol(String symbol) {

                    switch (symbol) {

                        case "<=":

                        case "≤":

                            return LESS_THAN_EQUAL;

                        case "<":

                            return LESS_THAN;

                        case "==":

                        case "=":

                            return EQUAL;

                        case ">":

                            return GREATER_THAN;

                        case ">=":

                        case "≥":

                            return GREATER_THAN_EQUAL;

                        default:

                            throw new IllegalArgumentException("Invalid symbol");

                    }

                }


                public String getSymbol() {

                    return symbol;

                }


            }


            public static enum SIZE_UNIT {


                BYTE(1, "Bytes"),

                KILOBYTE(1024, "Kilobytes"),

                MEGABYTE(1024 * 1024, "Megabytes"),

                GIGABYTE(1024 * 1024 * 1024, "Gigabytes");

                private long size;

                private String name;


                private SIZE_UNIT(long size, String name) {

                    this.size = size;

                    this.name = name;

                }


                public long getSize() {

                    return this.size;

                }


                public static SIZE_UNIT fromName(String name) {

                    for (SIZE_UNIT unit : SIZE_UNIT.values()) {

                        if (unit.getName().equals(name)) {

                            return unit;

                        }

                    }

                    throw new IllegalArgumentException("Invalid name for size unit.");

                }


                public String getName() {

                    return name;

                }


            }


            private final COMPARATOR comparator;

            private final SIZE_UNIT unit;

            private final int sizeValue;


            public FileSizeCondition(COMPARATOR comparator, SIZE_UNIT unit, int sizeValue) {

                this.comparator = comparator;

                this.unit = unit;

                this.sizeValue = sizeValue;

            }


            public COMPARATOR getComparator() {

                return comparator;

            }


            public SIZE_UNIT getUnit() {

                return unit;

            }


            public int getSizeValue() {

                return sizeValue;

            }


            @Override


            public boolean passes(AbstractFile file) {

                long fileSize = file.getSize();

                long conditionSize = this.getUnit().getSize() * this.getSizeValue();

                switch (this.getComparator()) {

                    case GREATER_THAN:

                        return fileSize > conditionSize;

                    case GREATER_THAN_EQUAL:

                        return fileSize >= conditionSize;

                    case LESS_THAN_EQUAL:

                        return fileSize <= conditionSize;

                    case LESS_THAN:

                        return fileSize < conditionSize;

                    default:

                        return fileSize == conditionSize;


                }

            }


        }


        public static final class MetaTypeCondition implements FileAttributeCondition {


            private static final long serialVersionUID = 1L;


            public enum Type {


                FILES,

                DIRECTORIES,

                FILES_AND_DIRECTORIES,

                ALL

            }


            private final Type type;


            public MetaTypeCondition(Type type) {

                this.type = type;

            }


            @Override


            public boolean passes(AbstractFile file) {

                switch (this.type) {

                    case FILES:

                        return file.isFile();

                    case DIRECTORIES:

                        return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR

                                || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR;

                    case FILES_AND_DIRECTORIES:

                        return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG

                                || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR

                                || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR;

                    case ALL:

                        return true;  //Effectively ignores the metatype condition when All is selected.

                    default:

                        return true;

                }

            }


            public Type getMetaType() {

                return this.type;

            }


        }


        static interface TextCondition extends FileAttributeCondition {


            String getTextToMatch();


            boolean isRegex();


            boolean textMatches(String textToMatch);


        }


        private static abstract class AbstractTextCondition implements TextCondition {


            /*

             * To ensure compatibility with existing serialized configuration

             * settings, this class cannot have a 'serialVersionUID'.

             */

            private final TextMatcher textMatcher;


            AbstractTextCondition(String text, Boolean partialMatch) {

                if (partialMatch) {

                    this.textMatcher = new FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher(text);

                } else {

                    this.textMatcher = new FilesSet.Rule.CaseInsensitiveStringComparisionMatcher(text);

                }

            }


            AbstractTextCondition(Pattern regex) {

                this.textMatcher = new FilesSet.Rule.RegexMatcher(regex);

            }


            AbstractTextCondition(List<String> values) {

                this.textMatcher = new FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher(values);

            }


            @Override


            public String getTextToMatch() {

                return this.textMatcher.getTextToMatch();

            }


            @Override


            public boolean isRegex() {

                return this.textMatcher.isRegex();

            }


            @Override


            public boolean textMatches(String textToMatch) {

                return this.textMatcher.textMatches(textToMatch);

            }


            @Override

            public abstract boolean passes(AbstractFile file);


        }


        public static final class ParentPathCondition extends AbstractTextCondition {


            private static final long serialVersionUID = 1L;


            public ParentPathCondition(String path) {

                super(path, true);

            }


            public ParentPathCondition(Pattern path) {

                super(path);

            }


            @Override


            public boolean passes(AbstractFile file) {

                return this.textMatches(file.getParentPath() + "/");

            }


        }


        static interface FileNameCondition extends TextCondition {

        }


        public static final class FullNameCondition extends AbstractTextCondition implements FileNameCondition {


            private static final long serialVersionUID = 1L;


            public FullNameCondition(String name) {

                super(name, false);

            }


            public FullNameCondition(Pattern name) {

                super(name);

            }


            @Override


            public boolean passes(AbstractFile file) {

                return this.textMatches(file.getName());

            }


        }


        public static final class DateCondition implements FileAttributeCondition {


            /*

             * To ensure compatibility with existing serialized configuration

             * settings, this class cannot have a 'serialVersionUID'.

             */

            private final static long SECS_PER_DAY = 60 * 60 * 24;


            private int daysIncluded;


            public DateCondition(int days) {

                daysIncluded = days;

            }


            public int getDaysIncluded() {

                return daysIncluded;

            }


            @Override


            public boolean passes(AbstractFile file) {

                long dateThreshold = System.currentTimeMillis() / 1000 - daysIncluded * SECS_PER_DAY;

                return file.getCrtime() > dateThreshold || file.getMtime() > dateThreshold;

            }


        }


        public static final class ExtensionCondition extends AbstractTextCondition implements FileNameCondition {


            private static final long serialVersionUID = 1L;


            public ExtensionCondition(String extension) {

                // If there is a leading ".", strip it since

                // AbstractFile.getFileNameExtension() returns just the

                // extension chars and not the dot.

                super(normalize(extension), false);

            }


            public ExtensionCondition(List<String> extensions) {

                // If there is a leading "." in any list value, strip it since

                // AbstractFile.getFileNameExtension() returns just the

                // extension chars and not the dot.

                super(normalize(extensions));

            }


            public ExtensionCondition(Pattern extension) {

                super(extension);

            }


            @Override


            public boolean passes(AbstractFile file) {

                return this.textMatches(file.getNameExtension());

            }


            private static List<String> normalize(List<String> extensions) {

                List<String> values = new ArrayList<>(extensions);


                for (int i = 0; i < values.size(); i++) {

                    values.set(i, normalize(values.get(i)));

                }


                return values;

            }


            private static String normalize(String extension) {

                return extension.startsWith(".") ? extension.substring(1) : extension;

            }


        }


        private static interface TextMatcher extends Serializable {


            String getTextToMatch();


            boolean isRegex();


            boolean textMatches(String subject);


        }


        private static class CaseInsensitiveStringComparisionMatcher implements TextMatcher {


            private static final long serialVersionUID = 1L;

            private final String textToMatch;


            CaseInsensitiveStringComparisionMatcher(String textToMatch) {

                this.textToMatch = textToMatch;

            }


            @Override


            public String getTextToMatch() {

                return this.textToMatch;

            }


            @Override


            public boolean isRegex() {

                return false;

            }


            @Override


            public boolean textMatches(String subject) {

                return subject.equalsIgnoreCase(textToMatch);

            }


        }


        private static class CaseInsensitivePartialStringComparisionMatcher implements TextMatcher {


            private static final long serialVersionUID = 1L;

            private final String textToMatch;

            private final Pattern pattern;


            CaseInsensitivePartialStringComparisionMatcher(String textToMatch) {

                this.textToMatch = textToMatch;

                this.pattern = Pattern.compile(Pattern.quote(textToMatch), Pattern.CASE_INSENSITIVE);

            }


            @Override


            public String getTextToMatch() {

                return this.textToMatch;

            }


            @Override


            public boolean isRegex() {

                return false;

            }


            @Override


            public boolean textMatches(String subject) {

                return pattern.matcher(subject).find();

            }


        }


        private static class CaseInsensitiveMultiValueStringComparisionMatcher implements TextMatcher {


            private static final long serialVersionUID = 1L;

            private final List<String> valuesToMatch;


            CaseInsensitiveMultiValueStringComparisionMatcher(List<String> valuesToMatch) {

                this.valuesToMatch = valuesToMatch;

            }


            @Override


            public String getTextToMatch() {

                return String.join(",", this.valuesToMatch);

            }


            @Override


            public boolean isRegex() {

                return false;

            }


            @Override


            public boolean textMatches(String subject) {

                for (String value : valuesToMatch) {

                    if (value.equalsIgnoreCase(subject)) {

                        return true;

                    }

                }

                return false;

            }


        }


        private static class RegexMatcher implements TextMatcher {


            private static final long serialVersionUID = 1L;

            private final Pattern regex;


            RegexMatcher(Pattern regex) {

                this.regex = regex;

            }


            @Override


            public String getTextToMatch() {

                return this.regex.pattern();

            }


            @Override


            public boolean isRegex() {

                return true;

            }


            @Override


            public boolean textMatches(String subject) {

                // A single match is sufficient.

                return this.regex.matcher(subject).find();

            }


        }


    }


}


org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition
Definition FilesSet.java:748

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.textMatcher
final TextMatcher textMatcher
Definition FilesSet.java:754

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.passes
abstract boolean passes(AbstractFile file)

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.isRegex
boolean isRegex()
Definition FilesSet.java:805

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.getTextToMatch
String getTextToMatch()
Definition FilesSet.java:793

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.textMatches
boolean textMatches(String textToMatch)
Definition FilesSet.java:817

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.isRegex
boolean isRegex()
Definition FilesSet.java:1151

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:1131

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.getTextToMatch
String getTextToMatch()
Definition FilesSet.java:1146

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.valuesToMatch
final List< String > valuesToMatch
Definition FilesSet.java:1132

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.textMatches
boolean textMatches(String subject)
Definition FilesSet.java:1156

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.pattern
final Pattern pattern
Definition FilesSet.java:1096

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:1094

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.textMatches
boolean textMatches(String subject)
Definition FilesSet.java:1120

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.isRegex
boolean isRegex()
Definition FilesSet.java:1115

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.getTextToMatch
String getTextToMatch()
Definition FilesSet.java:1110

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.textToMatch
final String textToMatch
Definition FilesSet.java:1095

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.textMatches
boolean textMatches(String subject)
Definition FilesSet.java:1083

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.isRegex
boolean isRegex()
Definition FilesSet.java:1078

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:1059

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.getTextToMatch
String getTextToMatch()
Definition FilesSet.java:1073

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.textToMatch
final String textToMatch
Definition FilesSet.java:1060

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition
Definition FilesSet.java:906

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.passes
boolean passes(AbstractFile file)
Definition FilesSet.java:936

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.getDaysIncluded
int getDaysIncluded()
Definition FilesSet.java:931

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.daysIncluded
int daysIncluded
Definition FilesSet.java:914

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.SECS_PER_DAY
static final long SECS_PER_DAY
Definition FilesSet.java:912

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.DateCondition
DateCondition(int days)
Definition FilesSet.java:922

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.ExtensionCondition
ExtensionCondition(Pattern extension)
Definition FilesSet.java:982

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.passes
boolean passes(AbstractFile file)
Definition FilesSet.java:987

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.normalize
static String normalize(String extension)
Definition FilesSet.java:1015

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.ExtensionCondition
ExtensionCondition(String extension)
Definition FilesSet.java:957

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.ExtensionCondition
ExtensionCondition(List< String > extensions)
Definition FilesSet.java:969

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.normalize
static List< String > normalize(List< String > extensions)
Definition FilesSet.java:998

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:950

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition
Definition FilesSet.java:511

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.sizeValue
final int sizeValue
Definition FilesSet.java:599

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.comparator
final COMPARATOR comparator
Definition FilesSet.java:597

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.getSizeValue
int getSizeValue()
Definition FilesSet.java:630

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.unit
final SIZE_UNIT unit
Definition FilesSet.java:598

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.passes
boolean passes(AbstractFile file)
Definition FilesSet.java:635

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.getComparator
COMPARATOR getComparator()
Definition FilesSet.java:612

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:513

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.FileSizeCondition
FileSizeCondition(COMPARATOR comparator, SIZE_UNIT unit, int sizeValue)
Definition FilesSet.java:601

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.getUnit
SIZE_UNIT getUnit()
Definition FilesSet.java:621

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition.FullNameCondition
FullNameCondition(Pattern name)
Definition FilesSet.java:891

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition.FullNameCondition
FullNameCondition(String name)
Definition FilesSet.java:882

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition.passes
boolean passes(AbstractFile file)
Definition FilesSet.java:896

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:875

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition
Definition FilesSet.java:660

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.passes
boolean passes(AbstractFile file)
Definition FilesSet.java:684

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.type
final Type type
Definition FilesSet.java:672

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.MetaTypeCondition
MetaTypeCondition(Type type)
Definition FilesSet.java:679

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:662

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.getMetaType
Type getMetaType()
Definition FilesSet.java:707

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition
Definition FilesSet.java:477

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.passes
boolean passes(AbstractFile file)
Definition FilesSet.java:492

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.MimeTypeCondition
MimeTypeCondition(String mimeType)
Definition FilesSet.java:487

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.mimeType
final String mimeType
Definition FilesSet.java:480

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:479

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.getMimeType
String getMimeType()
Definition FilesSet.java:501

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition
Definition FilesSet.java:831

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition.passes
boolean passes(AbstractFile file)
Definition FilesSet.java:854

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition.ParentPathCondition
ParentPathCondition(String path)
Definition FilesSet.java:840

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition.ParentPathCondition
ParentPathCondition(Pattern path)
Definition FilesSet.java:849

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:833

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.isRegex
boolean isRegex()
Definition FilesSet.java:1191

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:1172

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.textMatches
boolean textMatches(String subject)
Definition FilesSet.java:1196

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.getTextToMatch
String getTextToMatch()
Definition FilesSet.java:1186

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.regex
final Pattern regex
Definition FilesSet.java:1173

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule
Definition FilesSet.java:272

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.toString
String toString()
Definition FilesSet.java:417

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.isSatisfied
boolean isSatisfied(AbstractFile file)
Definition FilesSet.java:403

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getName
String getName()
Definition FilesSet.java:352

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getFileSizeCondition
FileSizeCondition getFileSizeCondition()
Definition FilesSet.java:454

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.fileSizeCondition
final FileSizeCondition fileSizeCondition
Definition FilesSet.java:282

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getMetaTypeCondition
MetaTypeCondition getMetaTypeCondition()
Definition FilesSet.java:370

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.metaTypeCondition
final MetaTypeCondition metaTypeCondition
Definition FilesSet.java:279

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ruleName
final String ruleName
Definition FilesSet.java:276

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getFileNameCondition
FileNameCondition getFileNameCondition()
Definition FilesSet.java:361

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.dateCondition
final DateCondition dateCondition
Definition FilesSet.java:283

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getMimeTypeCondition
MimeTypeCondition getMimeTypeCondition()
Definition FilesSet.java:447

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.exclusive
final Boolean exclusive
Definition FilesSet.java:277

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.mimeTypeCondition
final MimeTypeCondition mimeTypeCondition
Definition FilesSet.java:281

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.fileNameCondition
final FileNameCondition fileNameCondition
Definition FilesSet.java:278

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.Rule
Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition, ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition, FileSizeCondition fileSizeCondition, DateCondition dateCondition, Boolean exclusive)
Definition FilesSet.java:300

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getPathCondition
ParentPathCondition getPathCondition()
Definition FilesSet.java:379

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.uuid
final String uuid
Definition FilesSet.java:275

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getUuid
String getUuid()
Definition FilesSet.java:440

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.isExclusive
boolean isExclusive()
Definition FilesSet.java:392

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.conditions
final List< FileAttributeCondition > conditions
Definition FilesSet.java:284

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:274

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.pathCondition
final ParentPathCondition pathCondition
Definition FilesSet.java:280

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getDateCondition
DateCondition getDateCondition()
Definition FilesSet.java:383

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ingoresUnallocatedSpace
boolean ingoresUnallocatedSpace()
Definition FilesSet.java:189

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.toString
String toString()
Definition FilesSet.java:262

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.description
final String description
Definition FilesSet.java:47

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.standardSet
final boolean standardSet
Definition FilesSet.java:51

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.rules
final Map< String, Rule > rules
Definition FilesSet.java:54

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.versionNumber
final int versionNumber
Definition FilesSet.java:52

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.exclusiveRules
Map< String, Rule > exclusiveRules
Definition FilesSet.java:60

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet
FilesSet(String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map< String, Rule > rules, boolean standardSet, int versionNumber)
Definition FilesSet.java:95

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getName
String getName()
Definition FilesSet.java:157

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.divideInclusiveExclusive
void divideInclusiveExclusive()
Definition FilesSet.java:120

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.name
final String name
Definition FilesSet.java:46

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.inclusiveRules
Map< String, Rule > inclusiveRules
Definition FilesSet.java:59

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles
final boolean ignoreKnownFiles
Definition FilesSet.java:48

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.fileIsMemberOf
String fileIsMemberOf(AbstractFile file)
Definition FilesSet.java:214

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.serialVersionUID
static final long serialVersionUID
Definition FilesSet.java:45

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace
final boolean ignoreUnallocatedSpace
Definition FilesSet.java:49

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getRules
Map< String, Rule > getRules()
Definition FilesSet.java:198

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getDescription
String getDescription()
Definition FilesSet.java:166

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet
FilesSet(String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map< String, Rule > rules)
Definition FilesSet.java:74

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoresKnownFiles
boolean ignoresKnownFiles()
Definition FilesSet.java:179

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR
Definition FilesSet.java:518

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.LESS_THAN_EQUAL
LESS_THAN_EQUAL
Definition FilesSet.java:521

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.GREATER_THAN
GREATER_THAN
Definition FilesSet.java:523

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.symbol
String symbol
Definition FilesSet.java:526

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.LESS_THAN
LESS_THAN
Definition FilesSet.java:520

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.COMPARATOR
COMPARATOR(String symbol)
Definition FilesSet.java:528

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.getSymbol
String getSymbol()
Definition FilesSet.java:555

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.GREATER_THAN_EQUAL
GREATER_THAN_EQUAL
Definition FilesSet.java:524

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.fromSymbol
static COMPARATOR fromSymbol(String symbol)
Definition FilesSet.java:532

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.EQUAL
EQUAL
Definition FilesSet.java:522

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT
Definition FilesSet.java:563

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.size
long size
Definition FilesSet.java:569

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.BYTE
BYTE
Definition FilesSet.java:565

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.fromName
static SIZE_UNIT fromName(String name)
Definition FilesSet.java:581

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.getName
String getName()
Definition FilesSet.java:593

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.SIZE_UNIT
SIZE_UNIT(long size, String name)
Definition FilesSet.java:572

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.name
String name
Definition FilesSet.java:570

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.KILOBYTE
KILOBYTE
Definition FilesSet.java:566

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.GIGABYTE
GIGABYTE
Definition FilesSet.java:568

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.getSize
long getSize()
Definition FilesSet.java:577

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.MEGABYTE
MEGABYTE
Definition FilesSet.java:567

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type
Definition FilesSet.java:664

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type.DIRECTORIES
DIRECTORIES
Definition FilesSet.java:667

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type.ALL
ALL
Definition FilesSet.java:669

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type.FILES_AND_DIRECTORIES
FILES_AND_DIRECTORIES
Definition FilesSet.java:668

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type.FILES
FILES
Definition FilesSet.java:666

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileAttributeCondition
Definition FilesSet.java:462

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileAttributeCondition.passes
boolean passes(AbstractFile file)

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileNameCondition
Definition FilesSet.java:865

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextCondition
Definition FilesSet.java:715

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextCondition.getTextToMatch
String getTextToMatch()

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextCondition.isRegex
boolean isRegex()

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextCondition.textMatches
boolean textMatches(String textToMatch)

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher
Definition FilesSet.java:1025

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher.isRegex
boolean isRegex()

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher.getTextToMatch
String getTextToMatch()

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher.textMatches
boolean textMatches(String subject)