api-docs/4.22.1/_user_activity_summary_8java_source.html

/*

 * Autopsy Forensic Browser

 *

 * Copyright 2020-2021 Basis Technology Corp.

 * Contact: carrier <at> sleuthkit <dot> org

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package org.sleuthkit.autopsy.datasourcesummary.datamodel;


import java.io.File;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.Collection;

import java.util.Collections;

import java.util.Comparator;

import java.util.Date;

import java.util.HashMap;

import java.util.HashSet;

import java.util.List;

import java.util.Map;

import java.util.Set;

import java.util.function.Function;

import java.util.logging.Level;

import java.util.stream.Collectors;

import java.util.stream.Stream;

import org.apache.commons.lang3.StringUtils;

import org.apache.commons.lang3.tuple.Pair;

import org.openide.util.NbBundle.Messages;

import org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException;

import org.sleuthkit.datamodel.BlackboardArtifact;

import org.sleuthkit.datamodel.BlackboardAttribute;

import org.sleuthkit.datamodel.DataSource;

import org.sleuthkit.datamodel.TskCoreException;

import org.sleuthkit.autopsy.texttranslation.NoServiceProviderException;

import org.sleuthkit.autopsy.texttranslation.TextTranslationService;

import org.sleuthkit.autopsy.texttranslation.TranslationException;

import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;

import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;


public class UserActivitySummary {


    private static final List<Function<List<String>, String>> SHORT_FOLDER_MATCHERS = Arrays.asList(

            // handle Program Files and Program Files (x86) - if true, return the next folder

            (pathList) -> {

                if (pathList.size() < 2) {

                    return null;

                }


                String rootParent = pathList.get(0).toUpperCase();

                if ("PROGRAM FILES".equals(rootParent) || "PROGRAM FILES (X86)".equals(rootParent)) {

                    return pathList.get(1);

                } else {

                    return null;

                }

            },

            // if there is a folder named "APPLICATION DATA" or "APPDATA"

            (pathList) -> {

                for (String pathEl : pathList) {

                    String uppered = pathEl.toUpperCase();

                    if ("APPLICATION DATA".equals(uppered) || "APPDATA".equals(uppered)) {

                        return "AppData";

                    }

                }

                return null;

            }

    );


    private static final BlackboardArtifact.Type TYPE_DEVICE_ATTACHED = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);

    private static final BlackboardArtifact.Type TYPE_WEB_HISTORY = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_HISTORY);


    private static final BlackboardAttribute.Type TYPE_DATETIME = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME);

    private static final BlackboardAttribute.Type TYPE_DATETIME_ACCESSED = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED);

    private static final BlackboardAttribute.Type TYPE_DEVICE_ID = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID);

    private static final BlackboardAttribute.Type TYPE_DEVICE_MAKE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE);

    private static final BlackboardAttribute.Type TYPE_DEVICE_MODEL = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL);

    private static final BlackboardAttribute.Type TYPE_MESSAGE_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE);

    private static final BlackboardAttribute.Type TYPE_TEXT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_TEXT);

    private static final BlackboardAttribute.Type TYPE_DATETIME_RCVD = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_RCVD);

    private static final BlackboardAttribute.Type TYPE_DATETIME_SENT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_SENT);

    private static final BlackboardAttribute.Type TYPE_DATETIME_START = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_START);

    private static final BlackboardAttribute.Type TYPE_DATETIME_END = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_END);

    private static final BlackboardAttribute.Type TYPE_DOMAIN = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DOMAIN);

    private static final BlackboardAttribute.Type TYPE_PROG_NAME = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME);

    private static final BlackboardAttribute.Type TYPE_PATH = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH);

    private static final BlackboardAttribute.Type TYPE_COUNT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_COUNT);


    private static final String NTOS_BOOT_IDENTIFIER = "NTOSBOOT";

    private static final String WINDOWS_PREFIX = "/WINDOWS";


    private static final Comparator<TopAccountResult> TOP_ACCOUNT_RESULT_DATE_COMPARE = (a, b) -> a.getLastAccessed().compareTo(b.getLastAccessed());

    private static final Comparator<TopWebSearchResult> TOP_WEBSEARCH_RESULT_DATE_COMPARE = (a, b) -> a.getLastAccessed().compareTo(b.getLastAccessed());


    private static final Comparator<TopProgramsResult> TOP_PROGRAMS_RESULT_COMPARE = (a, b) -> {

        // first priority for sorting is the run times

        // if non-0, this is the return value for the comparator

        int runTimesCompare = nullableCompare(a.getRunTimes(), b.getRunTimes());

        if (runTimesCompare != 0) {

            return -runTimesCompare;

        }


        // second priority for sorting is the last run date

        // if non-0, this is the return value for the comparator

        int lastRunCompare = nullableCompare(

                a.getLastAccessed() == null ? null : a.getLastAccessed().getTime(),

                b.getLastAccessed() == null ? null : b.getLastAccessed().getTime());


        if (lastRunCompare != 0) {

            return -lastRunCompare;

        }


        // otherwise sort alphabetically

        return (a.getProgramName() == null ? "" : a.getProgramName())

                .compareToIgnoreCase((b.getProgramName() == null ? "" : b.getProgramName()));

    };


    private static final Set<String> DEVICE_EXCLUDE_LIST = new HashSet<>(Arrays.asList("ROOT_HUB", "ROOT_HUB20"));

    private static final Set<String> DOMAIN_EXCLUDE_LIST = new HashSet<>(Arrays.asList("127.0.0.1", "LOCALHOST"));


    private static final long MS_PER_DAY = 1000 * 60 * 60 * 24;

    private static final long DOMAIN_WINDOW_DAYS = 30;

    private static final long DOMAIN_WINDOW_MS = DOMAIN_WINDOW_DAYS * MS_PER_DAY;


    private final SleuthkitCaseProvider caseProvider;

    private final TextTranslationService translationService;

    private final java.util.logging.Logger logger;


    public UserActivitySummary() {

        this(SleuthkitCaseProvider.DEFAULT, TextTranslationService.getInstance(),

                org.sleuthkit.autopsy.coreutils.Logger.getLogger(UserActivitySummary.class.getName()));

    }


    public UserActivitySummary(

            SleuthkitCaseProvider provider,

            TextTranslationService translationService,

            java.util.logging.Logger logger) {


        this.caseProvider = provider;

        this.translationService = translationService;

        this.logger = logger;

    }


    private static void assertValidCount(int count) {

        if (count <= 0) {

            throw new IllegalArgumentException("Count must be greater than 0");

        }

    }


    public static String getShortFolderName(String strPath, String applicationName) {

        if (strPath == null) {

            return "";

        }


        List<String> pathEls = new ArrayList<>(Arrays.asList(applicationName));


        File file = new File(strPath);

        while (file != null && org.apache.commons.lang.StringUtils.isNotBlank(file.getName())) {

            pathEls.add(file.getName());

            file = file.getParentFile();

        }


        Collections.reverse(pathEls);


        for (Function<List<String>, String> matchEntry : SHORT_FOLDER_MATCHERS) {

            String result = matchEntry.apply(pathEls);

            if (org.apache.commons.lang.StringUtils.isNotBlank(result)) {

                return result;

            }

        }


        return "";

    }


    public List<TopDomainsResult> getRecentDomains(DataSource dataSource, int count) throws TskCoreException, SleuthkitCaseProviderException {

        assertValidCount(count);


        if (dataSource == null) {

            return Collections.emptyList();

        }


        Pair<Long, Map<String, List<Pair<BlackboardArtifact, Long>>>> mostRecentAndGroups = getDomainGroupsAndMostRecent(dataSource);

        // if no recent domains, return accordingly

        if (mostRecentAndGroups.getKey() == null || mostRecentAndGroups.getValue().size() == 0) {

            return Collections.emptyList();

        }


        final long mostRecentMs = mostRecentAndGroups.getLeft();

        Map<String, List<Pair<BlackboardArtifact, Long>>> groups = mostRecentAndGroups.getRight();


        return groups.entrySet().stream()

                .map(entry -> getDomainsResult(entry.getKey(), entry.getValue(), mostRecentMs))

                .filter(result -> result != null)

                // sort by number of visit times in those 30 days (max to min)

                .sorted((a, b) -> -Long.compare(a.getVisitTimes(), b.getVisitTimes()))

                // limit the result number to the parameter provided

                .limit(count)

                .collect(Collectors.toList());

    }


    private TopDomainsResult getDomainsResult(String domain, List<Pair<BlackboardArtifact, Long>> visits, long mostRecentMs) {

        long visitCount = 0;

        Long thisMostRecentMs = null;

        BlackboardArtifact thisMostRecentArtifact = null;


        for (Pair<BlackboardArtifact, Long> visitInstance : visits) {

            BlackboardArtifact artifact = visitInstance.getLeft();

            Long visitMs = visitInstance.getRight();

            // make sure that visit is within window of mostRecentMS; otherwise skip it.

            if (visitMs == null || visitMs + DOMAIN_WINDOW_MS < mostRecentMs) {

                continue;

            }


            // if visit is within window, increment the count and get most recent

            visitCount++;

            if (thisMostRecentMs == null || visitMs > thisMostRecentMs) {

                thisMostRecentMs = visitMs;

                thisMostRecentArtifact = artifact;

            }

            thisMostRecentMs = getMax(thisMostRecentMs, visitMs);

        }


        // if there are no visits within the window, return null

        if (visitCount <= 0 || thisMostRecentMs == null) {

            return null;

        } else {

            // create a top domain result with the domain, count, and most recent visit date

            return new TopDomainsResult(domain, visitCount, new Date(thisMostRecentMs), thisMostRecentArtifact);

        }

    }


    private Pair<Long, Map<String, List<Pair<BlackboardArtifact, Long>>>> getDomainGroupsAndMostRecent(DataSource dataSource) throws TskCoreException, SleuthkitCaseProviderException {

        List<BlackboardArtifact> artifacts = DataSourceInfoUtilities.getArtifacts(caseProvider.get(), TYPE_WEB_HISTORY,

                dataSource, TYPE_DATETIME_ACCESSED, DataSourceInfoUtilities.SortOrder.DESCENDING, 0);


        Long mostRecentMs = null;

        Map<String, List<Pair<BlackboardArtifact, Long>>> domainVisits = new HashMap<>();


        for (BlackboardArtifact art : artifacts) {

            Long artifactDateSecs = DataSourceInfoUtilities.getLongOrNull(art, TYPE_DATETIME_ACCESSED);

            String domain = DataSourceInfoUtilities.getStringOrNull(art, TYPE_DOMAIN);


            // if there isn't a last access date or domain for this artifact, it can be ignored.

            // Also, ignore the loopback address.

            if (artifactDateSecs == null || StringUtils.isBlank(domain) || DOMAIN_EXCLUDE_LIST.contains(domain.toUpperCase().trim())) {

                continue;

            }


            Long artifactDateMs = artifactDateSecs * 1000;


            // update the most recent visit date overall

            mostRecentMs = getMax(mostRecentMs, artifactDateMs);


            //Normalize the domain to lower case.

            domain = domain.toLowerCase().trim();


            // add this visit date to the list of dates for the domain

            List<Pair<BlackboardArtifact, Long>> domainVisitList = domainVisits.get(domain);

            if (domainVisitList == null) {

                domainVisitList = new ArrayList<>();

                domainVisits.put(domain, domainVisitList);

            }


            domainVisitList.add(Pair.of(art, artifactDateMs));

        }


        return Pair.of(mostRecentMs, domainVisits);

    }


    private static Long getMax(Long num1, Long num2) {

        if (num1 == null) {

            return num2;

        } else if (num2 == null) {

            return num1;

        } else {

            return num2 > num1 ? num2 : num1;

        }

    }


    private static TopWebSearchResult getWebSearchResult(BlackboardArtifact artifact) {

        String searchString = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_TEXT);

        Date dateAccessed = DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME_ACCESSED);

        return (StringUtils.isNotBlank(searchString) && dateAccessed != null)

                ? new TopWebSearchResult(searchString, dateAccessed, artifact)

                : null;

    }


    public List<TopWebSearchResult> getMostRecentWebSearches(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

        assertValidCount(count);


        if (dataSource == null) {

            return Collections.emptyList();

        }


        // get the artifacts

        List<BlackboardArtifact> webSearchArtifacts = caseProvider.get().getBlackboard()

                .getArtifacts(ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY.getTypeID(), dataSource.getId());


        // group by search string (case insensitive)

        Collection<TopWebSearchResult> resultGroups = webSearchArtifacts

                .stream()

                // get items where search string and date is not null

                .map(UserActivitySummary::getWebSearchResult)

                // remove null records

                .filter(result -> result != null)

                // get the latest message for each search string

                .collect(Collectors.toMap(

                        (result) -> result.getSearchString().toUpperCase(),

                        result -> result,

                        (result1, result2) -> TOP_WEBSEARCH_RESULT_DATE_COMPARE.compare(result1, result2) >= 0 ? result1 : result2))

                .values();


        // get the most recent date for each search term

        List<TopWebSearchResult> results = resultGroups

                .stream()

                // get most recent searches first

                .sorted(TOP_WEBSEARCH_RESULT_DATE_COMPARE.reversed())

                .limit(count)

                // get as list

                .collect(Collectors.toList());


        // get translation if possible

        if (translationService.hasProvider()) {

            for (TopWebSearchResult result : results) {

                result.setTranslatedResult(getTranslationOrNull(result.getSearchString()));

            }

        }


        return results;

    }


    private String getTranslationOrNull(String original) {

        if (!translationService.hasProvider() || StringUtils.isBlank(original)) {

            return null;

        }


        String translated = null;

        try {

            translated = translationService.translate(original);

        } catch (NoServiceProviderException | TranslationException ex) {

            logger.log(Level.WARNING, String.format("There was an error translating text: '%s'", original), ex);

        }


        // if there is no translation or the translation is the same as the original, return null.

        if (StringUtils.isBlank(translated)

                || translated.toUpperCase().trim().equals(original.toUpperCase().trim())) {


            return null;

        }


        return translated;

    }


    private TopDeviceAttachedResult getMostRecentDevice(TopDeviceAttachedResult r1, TopDeviceAttachedResult r2) {

        if (r2.getLastAccessed()== null) {

            return r1;

        }


        if (r1.getLastAccessed() == null) {

            return r2;

        }


        return r1.getLastAccessed().compareTo(r2.getLastAccessed()) >= 0 ? r1 : r2;

    }


    public List<TopDeviceAttachedResult> getRecentDevices(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

        assertValidCount(count);


        if (dataSource == null) {

            return Collections.emptyList();

        }


        Collection<TopDeviceAttachedResult> results = DataSourceInfoUtilities.getArtifacts(caseProvider.get(), TYPE_DEVICE_ATTACHED,

                dataSource, TYPE_DATETIME, DataSourceInfoUtilities.SortOrder.DESCENDING, 0)

                .stream()

                .map(artifact -> {

                    return new TopDeviceAttachedResult(

                            DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_ID),

                            DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME),

                            DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_MAKE),

                            DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_MODEL),

                            artifact

                    );

                })

                // remove Root Hub identifier

                .filter(result -> {

                    return result.getDeviceId() == null

                            || result.getDeviceModel() == null

                            || !DEVICE_EXCLUDE_LIST.contains(result.getDeviceModel().trim().toUpperCase());

                })

                .collect(Collectors.toMap(result -> result.getDeviceId(), result -> result, (r1, r2) -> getMostRecentDevice(r1, r2)))

                .values();


        return results.stream()

                .limit(count)

                .collect(Collectors.toList());

    }


    private static TopAccountResult getMessageAccountResult(BlackboardArtifact artifact) {

        String type = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_MESSAGE_TYPE);

        Date date = DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME);

        return (StringUtils.isNotBlank(type) && date != null)

                ? new TopAccountResult(type, date, artifact)

                : null;

    }


    private static TopAccountResult getAccountResult(BlackboardArtifact artifact, String messageType, BlackboardAttribute.Type... dateAttrs) {

        String type = messageType;


        Date latestDate = null;

        if (dateAttrs != null) {

            latestDate = Stream.of(dateAttrs)

                    .map((attr) -> DataSourceInfoUtilities.getDateOrNull(artifact, attr))

                    .filter((date) -> date != null)

                    .max((a, b) -> a.compareTo(b))

                    .orElse(null);

        }


        return (StringUtils.isNotBlank(type) && latestDate != null)

                ? new TopAccountResult(type, latestDate, artifact)

                : null;

    }


    @Messages({

        "DataSourceUserActivitySummary_getRecentAccounts_emailMessage=Email Message",

        "DataSourceUserActivitySummary_getRecentAccounts_calllogMessage=Call Log",})


    public List<TopAccountResult> getRecentAccounts(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

        assertValidCount(count);


        if (dataSource == null) {

            return Collections.emptyList();

        }


        Stream<TopAccountResult> messageResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_MESSAGE.getTypeID(), dataSource.getId())

                .stream()

                .map((art) -> getMessageAccountResult(art));


        Stream<TopAccountResult> emailResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(), dataSource.getId())

                .stream()

                .map((art) -> {

                    return getAccountResult(

                            art,

                            Bundle.DataSourceUserActivitySummary_getRecentAccounts_emailMessage(),

                            TYPE_DATETIME_RCVD,

                            TYPE_DATETIME_SENT);

                });


        Stream<TopAccountResult> calllogResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_CALLLOG.getTypeID(), dataSource.getId())

                .stream()

                .map((art) -> {

                    return getAccountResult(

                            art,

                            Bundle.DataSourceUserActivitySummary_getRecentAccounts_calllogMessage(),

                            TYPE_DATETIME_START,

                            TYPE_DATETIME_END);

                });


        Stream<TopAccountResult> allResults = Stream.concat(messageResults, Stream.concat(emailResults, calllogResults));


        // get them grouped by account type

        Collection<TopAccountResult> groupedResults = allResults

                // remove null records

                .filter(result -> result != null)

                // get these messages grouped by account type and get the most recent of each type

                .collect(Collectors.toMap(

                        result -> result.getAccountType(),

                        result -> result,

                        (result1, result2) -> TOP_ACCOUNT_RESULT_DATE_COMPARE.compare(result1, result2) >= 0 ? result1 : result2))

                .values();


        // get account type sorted by most recent date

        return groupedResults

                .stream()

                // get most recent accounts accessed

                .sorted(TOP_ACCOUNT_RESULT_DATE_COMPARE.reversed())

                // limit to count

                .limit(count)

                // get as list

                .collect(Collectors.toList());

    }


    private TopProgramsResult getTopProgramsResult(BlackboardArtifact artifact) {

        String programName = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_PROG_NAME);


        // ignore items with no name or a ntos boot identifier

        if (StringUtils.isBlank(programName) || NTOS_BOOT_IDENTIFIER.equalsIgnoreCase(programName)) {

            return null;

        }


        String path = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_PATH);


        // ignore windows directory

        if (StringUtils.startsWithIgnoreCase(path, WINDOWS_PREFIX)) {

            return null;

        }


        Integer count = DataSourceInfoUtilities.getIntOrNull(artifact, TYPE_COUNT);

        Long longCount = (count == null) ? null : (long) count;


        return new TopProgramsResult(

                programName,

                path,

                longCount,

                DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME),

                artifact

        );

    }


    private static Date getMax(Date date1, Date date2) {

        if (date1 == null) {

            return date2;

        } else if (date2 == null) {

            return date1;

        } else {

            return date1.compareTo(date2) > 0 ? date1 : date2;

        }

    }


    private static int nullableCompare(Long long1, Long long2) {

        if (long1 == null && long2 == null) {

            return 0;

        } else if (long1 != null && long2 == null) {

            return 1;

        } else if (long1 == null && long2 != null) {

            return -1;

        }


        return Long.compare(long1, long2);

    }


    private static boolean isPositiveNum(Long longNum) {

        return longNum != null && longNum > 0;

    }


    public List<TopProgramsResult> getTopPrograms(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

        assertValidCount(count);


        if (dataSource == null) {

            return Collections.emptyList();

        }


        // Get TopProgramsResults for each TSK_PROG_RUN artifact

        Collection<TopProgramsResult> results = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_PROG_RUN.getTypeID(), dataSource.getId())

                .stream()

                // convert to a TopProgramsResult object or null if missing critical information

                .map((art) -> getTopProgramsResult(art))

                // remove any null items

                .filter((res) -> res != null)

                // group by the program name and program path

                // The value will be a TopProgramsResult with the max run times

                // and most recent last run date for each program name / program path pair.

                .collect(Collectors.toMap(

                        res -> Pair.of(

                                res.getProgramName() == null ? null : res.getProgramName().toUpperCase(),

                                res.getProgramPath() == null ? null : res.getProgramPath().toUpperCase()),

                        res -> res,

                        (res1, res2) -> {

                            Long maxRunTimes = getMax(res1.getRunTimes(), res2.getRunTimes());

                            Date maxDate = getMax(res1.getLastAccessed(), res2.getLastAccessed());

                            TopProgramsResult maxResult = TOP_PROGRAMS_RESULT_COMPARE.compare(res1, res2) >= 0 ? res1 : res2;

                            return new TopProgramsResult(

                                    maxResult.getProgramName(),

                                    maxResult.getProgramPath(),

                                    maxRunTimes,

                                    maxDate,

                                    maxResult.getArtifact());

                        })).values();


        List<TopProgramsResult> orderedResults = results.stream()

                .sorted(TOP_PROGRAMS_RESULT_COMPARE)

                .collect(Collectors.toList());


        // only limit the list to count if there is no last run date and no run times.

        if (!orderedResults.isEmpty()) {

            TopProgramsResult topResult = orderedResults.get(0);

            // if run times / last run information is available, the first item should have some value,

            // and then the items should be limited accordingly.

            if (isPositiveNum(topResult.getRunTimes())

                    || (topResult.getLastAccessed() != null && isPositiveNum(topResult.getLastAccessed().getTime()))) {

                return orderedResults.stream().limit(count).collect(Collectors.toList());

            }

        }


        // otherwise return the alphabetized list with no limit applied.

        return orderedResults;

    }


    public static class LastAccessedArtifact {


        private final Date lastAccessed;

        private final BlackboardArtifact artifact;


        public LastAccessedArtifact(Date lastAccessed, BlackboardArtifact artifact) {

            this.lastAccessed = lastAccessed;

            this.artifact = artifact;

        }


        public Date getLastAccessed() {

            return lastAccessed;

        }


        public BlackboardArtifact getArtifact() {

            return artifact;

        }


    }


    public static class TopWebSearchResult extends LastAccessedArtifact {


        private final String searchString;

        private String translatedResult;


        public TopWebSearchResult(String searchString, Date dateAccessed, BlackboardArtifact artifact) {

            super(dateAccessed, artifact);

            this.searchString = searchString;

        }


        public String getTranslatedResult() {

            return translatedResult;

        }


        public void setTranslatedResult(String translatedResult) {

            this.translatedResult = translatedResult;

        }


        public String getSearchString() {

            return searchString;

        }


    }


    public static class TopDeviceAttachedResult extends LastAccessedArtifact {


        private final String deviceId;

        private final String deviceMake;

        private final String deviceModel;


        public TopDeviceAttachedResult(String deviceId, Date dateAccessed, String deviceMake, String deviceModel, BlackboardArtifact artifact) {

            super(dateAccessed, artifact);

            this.deviceId = deviceId;

            this.deviceMake = deviceMake;

            this.deviceModel = deviceModel;

        }


        public String getDeviceId() {

            return deviceId;

        }


        public String getDeviceMake() {

            return deviceMake;

        }


        public String getDeviceModel() {

            return deviceModel;

        }


    }


    public static class TopAccountResult extends LastAccessedArtifact {


        private final String accountType;


        public TopAccountResult(String accountType, Date lastAccess, BlackboardArtifact artifact) {

            super(lastAccess, artifact);

            this.accountType = accountType;

        }


        public String getAccountType() {

            return accountType;

        }


    }


    public static class TopDomainsResult extends LastAccessedArtifact {


        private final String domain;

        private final Long visitTimes;


        public TopDomainsResult(String domain, Long visitTimes, Date lastVisit, BlackboardArtifact artifact) {

            super(lastVisit, artifact);

            this.domain = domain;

            this.visitTimes = visitTimes;

        }


        public String getDomain() {

            return domain;

        }


        public Long getVisitTimes() {

            return visitTimes;

        }


    }


    public static class TopProgramsResult extends LastAccessedArtifact {


        private final String programName;

        private final String programPath;

        private final Long runTimes;


        TopProgramsResult(String programName, String programPath, Long runTimes, Date lastRun, BlackboardArtifact artifact) {

            super(lastRun, artifact);

            this.programName = programName;

            this.programPath = programPath;

            this.runTimes = runTimes;

        }


        public String getProgramName() {

            return programName;

        }


        public String getProgramPath() {

            return programPath;

        }


        public Long getRunTimes() {

            return runTimes;

        }


    }


}


org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities
Definition DataSourceInfoUtilities.java:45

org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getStringOrNull
static String getStringOrNull(BlackboardArtifact artifact, Type attributeType)
Definition DataSourceInfoUtilities.java:387

org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getLongOrNull
static Long getLongOrNull(BlackboardArtifact artifact, Type attributeType)
Definition DataSourceInfoUtilities.java:401

org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getArtifacts
static List< BlackboardArtifact > getArtifacts(SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder)
Definition DataSourceInfoUtilities.java:188

org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getDateOrNull
static Date getDateOrNull(BlackboardArtifact artifact, Type attributeType)
Definition DataSourceInfoUtilities.java:430

org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getIntOrNull
static Integer getIntOrNull(BlackboardArtifact artifact, Type attributeType)
Definition DataSourceInfoUtilities.java:415

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException
Definition SleuthkitCaseProvider.java:38

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.artifact
final BlackboardArtifact artifact
Definition UserActivitySummary.java:824

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.LastAccessedArtifact
LastAccessedArtifact(Date lastAccessed, BlackboardArtifact artifact)
Definition UserActivitySummary.java:832

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.getArtifact
BlackboardArtifact getArtifact()
Definition UserActivitySummary.java:847

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.getLastAccessed
Date getLastAccessed()
Definition UserActivitySummary.java:840

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.LastAccessedArtifact.lastAccessed
final Date lastAccessed
Definition UserActivitySummary.java:823

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult
Definition UserActivitySummary.java:947

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.TopAccountResult
TopAccountResult(String accountType, Date lastAccess, BlackboardArtifact artifact)
Definition UserActivitySummary.java:958

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.accountType
final String accountType
Definition UserActivitySummary.java:949

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.getAccountType
String getAccountType()
Definition UserActivitySummary.java:966

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult
Definition UserActivitySummary.java:899

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceId
String getDeviceId()
Definition UserActivitySummary.java:924

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceMake
String getDeviceMake()
Definition UserActivitySummary.java:931

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceModel
final String deviceModel
Definition UserActivitySummary.java:903

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceId
final String deviceId
Definition UserActivitySummary.java:901

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.TopDeviceAttachedResult
TopDeviceAttachedResult(String deviceId, Date dateAccessed, String deviceMake, String deviceModel, BlackboardArtifact artifact)
Definition UserActivitySummary.java:914

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceMake
final String deviceMake
Definition UserActivitySummary.java:902

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceModel
String getDeviceModel()
Definition UserActivitySummary.java:938

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult
Definition UserActivitySummary.java:974

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.getVisitTimes
Long getVisitTimes()
Definition UserActivitySummary.java:1003

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.TopDomainsResult
TopDomainsResult(String domain, Long visitTimes, Date lastVisit, BlackboardArtifact artifact)
Definition UserActivitySummary.java:987

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.domain
final String domain
Definition UserActivitySummary.java:976

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.visitTimes
final Long visitTimes
Definition UserActivitySummary.java:977

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.getDomain
String getDomain()
Definition UserActivitySummary.java:996

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult
Definition UserActivitySummary.java:1011

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.programName
final String programName
Definition UserActivitySummary.java:1013

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.runTimes
final Long runTimes
Definition UserActivitySummary.java:1015

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.getProgramName
String getProgramName()
Definition UserActivitySummary.java:1035

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.getRunTimes
Long getRunTimes()
Definition UserActivitySummary.java:1049

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.getProgramPath
String getProgramPath()
Definition UserActivitySummary.java:1042

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopProgramsResult.programPath
final String programPath
Definition UserActivitySummary.java:1014

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult
Definition UserActivitySummary.java:855

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.setTranslatedResult
void setTranslatedResult(String translatedResult)
Definition UserActivitySummary.java:884

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.getSearchString
String getSearchString()
Definition UserActivitySummary.java:891

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.TopWebSearchResult
TopWebSearchResult(String searchString, Date dateAccessed, BlackboardArtifact artifact)
Definition UserActivitySummary.java:867

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.getTranslatedResult
String getTranslatedResult()
Definition UserActivitySummary.java:875

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.searchString
final String searchString
Definition UserActivitySummary.java:857

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.translatedResult
String translatedResult
Definition UserActivitySummary.java:858

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainsResult
TopDomainsResult getDomainsResult(String domain, List< Pair< BlackboardArtifact, Long > > visits, long mostRecentMs)
Definition UserActivitySummary.java:270

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DEVICE_EXCLUDE_LIST
static final Set< String > DEVICE_EXCLUDE_LIST
Definition UserActivitySummary.java:140

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDevices
List< TopDeviceAttachedResult > getRecentDevices(DataSource dataSource, int count)
Definition UserActivitySummary.java:512

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.UserActivitySummary
UserActivitySummary()
Definition UserActivitySummary.java:154

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.assertValidCount
static void assertValidCount(int count)
Definition UserActivitySummary.java:183

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.MS_PER_DAY
static final long MS_PER_DAY
Definition UserActivitySummary.java:143

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.UserActivitySummary
UserActivitySummary(SleuthkitCaseProvider provider, TextTranslationService translationService, java.util.logging.Logger logger)
Definition UserActivitySummary.java:168

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_PATH
static final BlackboardAttribute.Type TYPE_PATH
Definition UserActivitySummary.java:104

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMax
static Long getMax(Long num1, Long num2)
Definition UserActivitySummary.java:361

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_WINDOW_MS
static final long DOMAIN_WINDOW_MS
Definition UserActivitySummary.java:145

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDomains
List< TopDomainsResult > getRecentDomains(DataSource dataSource, int count)
Definition UserActivitySummary.java:232

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMostRecentDevice
TopDeviceAttachedResult getMostRecentDevice(TopDeviceAttachedResult r1, TopDeviceAttachedResult r2)
Definition UserActivitySummary.java:486

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_RCVD
static final BlackboardAttribute.Type TYPE_DATETIME_RCVD
Definition UserActivitySummary.java:98

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.logger
final java.util.logging.Logger logger
Definition UserActivitySummary.java:149

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_ACCESSED
static final BlackboardAttribute.Type TYPE_DATETIME_ACCESSED
Definition UserActivitySummary.java:92

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DOMAIN
static final BlackboardAttribute.Type TYPE_DOMAIN
Definition UserActivitySummary.java:102

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME
static final BlackboardAttribute.Type TYPE_DATETIME
Definition UserActivitySummary.java:91

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.NTOS_BOOT_IDENTIFIER
static final String NTOS_BOOT_IDENTIFIER
Definition UserActivitySummary.java:107

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_PROG_NAME
static final BlackboardAttribute.Type TYPE_PROG_NAME
Definition UserActivitySummary.java:103

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMax
static Date getMax(Date date1, Date date2)
Definition UserActivitySummary.java:703

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTranslationOrNull
String getTranslationOrNull(String original)
Definition UserActivitySummary.java:455

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_END
static final BlackboardAttribute.Type TYPE_DATETIME_END
Definition UserActivitySummary.java:101

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_COUNT
static final BlackboardAttribute.Type TYPE_COUNT
Definition UserActivitySummary.java:105

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_MODEL
static final BlackboardAttribute.Type TYPE_DEVICE_MODEL
Definition UserActivitySummary.java:95

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.SHORT_FOLDER_MATCHERS
static final List< Function< List< String >, String > > SHORT_FOLDER_MATCHERS
Definition UserActivitySummary.java:62

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.nullableCompare
static int nullableCompare(Long long1, Long long2)
Definition UserActivitySummary.java:722

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_WEB_HISTORY
static final BlackboardArtifact.Type TYPE_WEB_HISTORY
Definition UserActivitySummary.java:89

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMessageAccountResult
static TopAccountResult getMessageAccountResult(BlackboardArtifact artifact)
Definition UserActivitySummary.java:553

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainGroupsAndMostRecent
Pair< Long, Map< String, List< Pair< BlackboardArtifact, Long > > > > getDomainGroupsAndMostRecent(DataSource dataSource)
Definition UserActivitySummary.java:315

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_SENT
static final BlackboardAttribute.Type TYPE_DATETIME_SENT
Definition UserActivitySummary.java:99

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_WINDOW_DAYS
static final long DOMAIN_WINDOW_DAYS
Definition UserActivitySummary.java:144

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.translationService
final TextTranslationService translationService
Definition UserActivitySummary.java:148

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getShortFolderName
static String getShortFolderName(String strPath, String applicationName)
Definition UserActivitySummary.java:197

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_ACCOUNT_RESULT_DATE_COMPARE
static final Comparator< TopAccountResult > TOP_ACCOUNT_RESULT_DATE_COMPARE
Definition UserActivitySummary.java:110

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_PROGRAMS_RESULT_COMPARE
static final Comparator< TopProgramsResult > TOP_PROGRAMS_RESULT_COMPARE
Definition UserActivitySummary.java:117

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getWebSearchResult
static TopWebSearchResult getWebSearchResult(BlackboardArtifact artifact)
Definition UserActivitySummary.java:379

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMostRecentWebSearches
List< TopWebSearchResult > getMostRecentWebSearches(DataSource dataSource, int count)
Definition UserActivitySummary.java:402

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_START
static final BlackboardAttribute.Type TYPE_DATETIME_START
Definition UserActivitySummary.java:100

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.isPositiveNum
static boolean isPositiveNum(Long longNum)
Definition UserActivitySummary.java:741

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_EXCLUDE_LIST
static final Set< String > DOMAIN_EXCLUDE_LIST
Definition UserActivitySummary.java:141

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_WEBSEARCH_RESULT_DATE_COMPARE
static final Comparator< TopWebSearchResult > TOP_WEBSEARCH_RESULT_DATE_COMPARE
Definition UserActivitySummary.java:111

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTopProgramsResult
TopProgramsResult getTopProgramsResult(BlackboardArtifact artifact)
Definition UserActivitySummary.java:668

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_MAKE
static final BlackboardAttribute.Type TYPE_DEVICE_MAKE
Definition UserActivitySummary.java:94

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.WINDOWS_PREFIX
static final String WINDOWS_PREFIX
Definition UserActivitySummary.java:108

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTopPrograms
List< TopProgramsResult > getTopPrograms(DataSource dataSource, int count)
Definition UserActivitySummary.java:764

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_ATTACHED
static final BlackboardArtifact.Type TYPE_DEVICE_ATTACHED
Definition UserActivitySummary.java:88

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_TEXT
static final BlackboardAttribute.Type TYPE_TEXT
Definition UserActivitySummary.java:97

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_ID
static final BlackboardAttribute.Type TYPE_DEVICE_ID
Definition UserActivitySummary.java:93

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_MESSAGE_TYPE
static final BlackboardAttribute.Type TYPE_MESSAGE_TYPE
Definition UserActivitySummary.java:96

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.caseProvider
final SleuthkitCaseProvider caseProvider
Definition UserActivitySummary.java:147

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getAccountResult
static TopAccountResult getAccountResult(BlackboardArtifact artifact, String messageType, BlackboardAttribute.Type... dateAttrs)
Definition UserActivitySummary.java:572

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentAccounts
List< TopAccountResult > getRecentAccounts(DataSource dataSource, int count)
Definition UserActivitySummary.java:606

org.sleuthkit.autopsy.texttranslation.NoServiceProviderException
Definition NoServiceProviderException.java:25

org.sleuthkit.autopsy.texttranslation.TextTranslationService
Definition TextTranslationService.java:32

org.sleuthkit.autopsy.texttranslation.TextTranslationService.getInstance
static TextTranslationService getInstance()
Definition TextTranslationService.java:47

org.sleuthkit.autopsy.texttranslation.TranslationException
Definition TranslationException.java:24

org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.SortOrder
Definition DataSourceInfoUtilities.java:163

org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.SortOrder.DESCENDING
DESCENDING
Definition DataSourceInfoUtilities.java:164

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider
Definition SleuthkitCaseProvider.java:32

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT
SleuthkitCaseProvider DEFAULT
Definition SleuthkitCaseProvider.java:66