Autopsy
4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits PropertyChangeListener.
Classes | |
class | HashDb |
class | HashDbIndexer |
class | HashDbManagerException |
enum | SetEvt |
Public Member Functions | |
synchronized HashDb | addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabaseNoSave (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized void | addPropertyChangeListener (PropertyChangeListener listener) |
synchronized List< HashDb > | getAllHashSets () |
synchronized List< HashDb > | getKnownBadFileHashSets () |
synchronized List< HashDb > | getKnownFileHashSets () |
synchronized List< HashDb > | getUpdateableHashSets () |
synchronized void | loadLastSavedConfiguration () |
void | propertyChange (PropertyChangeEvent event) |
synchronized void | removeHashDatabase (HashDb hashDb) throws HashDbManagerException |
synchronized void | removeHashDatabaseNoSave (HashDb hashDb) throws HashDbManagerException |
synchronized void | removePropertyChangeListener (PropertyChangeListener listener) |
Static Public Member Functions | |
static synchronized HashDbManager | getInstance () |
Private Member Functions | |
HashDbManager () | |
HashDb | addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException |
void | closeHashDatabases (List< HashDb > hashDatabases) |
void | configureSettings (HashLookupSettings settings) |
List< HashDb > | getUpdateableHashSets (List< HashDb > hashDbs) |
String | getValidFilePath (String hashSetName, String configuredPath) |
void | loadHashsetsConfiguration () |
String | searchForFile () |
Private Attributes | |
boolean | allDatabasesLoadedCorrectly = false |
Set< String > | hashSetNames = new HashSet<>() |
Set< String > | hashSetPaths = new HashSet<>() |
List< HashDb > | knownBadHashSets = new ArrayList<>() |
List< HashDb > | knownHashSets = new ArrayList<>() |
Static Private Attributes | |
static final String | HASH_DATABASE_FILE_EXTENSON = "kdb" |
static HashDbManager | instance = null |
static final Logger | logger = Logger.getLogger(HashDbManager.class.getName()) |
This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or known bad.
Definition at line 57 of file HashDbManager.java.
|
private |
Definition at line 103 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds an existing hash database to the set of hash databases used to classify files as known or known bad and saves the configuration.
hashSetName | Name used to represent the hash database in user interface components. |
path | Full path to either a hash database file or a hash database index file. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 148 of file HashDbManager.java.
|
private |
Definition at line 234 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_ADDED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getDatabasePath(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getIndexPath(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getKnownFilesType(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds a new hash database to the set of hash databases used to classify files as known or known bad and saves the configuration.
hashSetName | Hash set name used to represent the hash database in user interface components. |
path | Full path to the database file to be created. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 195 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Definition at line 206 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), and org::sleuthkit::datamodel::SleuthkitJNI.createHashDatabase().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 91 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.customizeComponents().
|
private |
Definition at line 438 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
|
private |
Configures the given settings object by adding all contained hash db to the system.
settings | The settings to configure. |
Definition at line 465 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getKnownFilesType(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSearchDuringIngest(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSendIngestMessages(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath(), org::sleuthkit::datamodel::SleuthkitJNI.openHashDatabase(), and org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets | ( | ) |
Gets all of the hash databases used to classify files as known or known bad.
Definition at line 371 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.saveSettings().
|
static |
Gets the singleton instance of this class.
Definition at line 84 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known bad.
Definition at line 394 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known.
Definition at line 383 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets | ( | ) |
Gets all of the hash databases that accept updates.
Definition at line 405 of file HashDbManager.java.
|
private |
Definition at line 411 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
|
private |
Definition at line 506 of file HashDbManager.java.
References org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Definition at line 449 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration | ( | ) |
Restores the last saved hash sets configuration. This supports cancellation of configuration panels.
Definition at line 429 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange | ( | PropertyChangeEvent | event | ) |
Definition at line 280 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getIndexPath(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.Event.INDEXING_DONE.
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Removes a hash database from the set of hash databases used to classify files as known or known bad and saves the configuration.
hashDb |
HashDbManagerException |
Definition at line 304 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Definition at line 309 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.close(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_DELETED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getDatabasePath(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getIndexPath(), org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.hasIndexOnly(), org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning(), and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.deleteDatabaseButtonActionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.hashSetTableKeyPressed(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 95 of file HashDbManager.java.
|
private |
Definition at line 532 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath().
|
private |
Definition at line 67 of file HashDbManager.java.
|
staticprivate |
Definition at line 59 of file HashDbManager.java.
|
private |
Definition at line 63 of file HashDbManager.java.
|
private |
Definition at line 64 of file HashDbManager.java.
|
staticprivate |
Definition at line 60 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
|
private |
Definition at line 62 of file HashDbManager.java.
|
private |
Definition at line 61 of file HashDbManager.java.
|
staticprivate |
Definition at line 66 of file HashDbManager.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Apr 24 2017
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.