Autopsy  4.5.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager Class Reference

Inherits PropertyChangeListener.

Classes

class  CentralRepoHashSet
 
class  HashDb
 
class  HashDbIndexer
 
class  HashDbManagerException
 
enum  SetEvt
 
class  SleuthkitHashSet
 

Public Member Functions

synchronized HashDb addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException
 
synchronized HashDb addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException
 
synchronized HashDb addNewHashDatabaseNoSave (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException
 
synchronized void addPropertyChangeListener (PropertyChangeListener listener)
 
synchronized List< HashDbgetAllHashSets ()
 
synchronized List< HashDbgetKnownBadFileHashSets ()
 
synchronized List< HashDbgetKnownFileHashSets ()
 
synchronized List< HashDbgetUpdateableHashSets ()
 
synchronized void loadLastSavedConfiguration ()
 
void propertyChange (PropertyChangeEvent event)
 
synchronized void removeHashDatabase (HashDb hashDb) throws HashDbManagerException
 
synchronized void removeHashDatabaseNoSave (HashDb hashDb) throws HashDbManagerException
 
synchronized void removePropertyChangeListener (PropertyChangeListener listener)
 

Static Public Member Functions

static synchronized HashDbManager getInstance ()
 

Private Member Functions

 HashDbManager ()
 
SleuthkitHashSet addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException
 
void closeHashDatabases (List< HashDb > hashDatabases)
 
void configureSettings (HashLookupSettings settings)
 
List< HashDbInfo > getCentralRepoHashSetsFromDatabase ()
 
List< HashDbgetUpdateableHashSets (List< HashDb > hashDbs)
 
String getValidFilePath (String hashSetName, String configuredPath)
 
boolean hashDbInfoIsNew (HashDbInfo dbInfo)
 
void loadHashsetsConfiguration ()
 
String searchForFile ()
 
void updateHashSetsFromCentralRepository () throws TskCoreException
 

Static Private Member Functions

static HashDb.KnownFilesType convertFileKnown (TskData.FileKnown fileKnown)
 

Private Attributes

boolean allDatabasesLoadedCorrectly = false
 
Set< String > hashSetNames = new HashSet<>()
 
Set< String > hashSetPaths = new HashSet<>()
 
List< HashDbhashSets = new ArrayList<>()
 

Static Private Attributes

static final String HASH_DATABASE_FILE_EXTENSON = "kdb"
 
static HashDbManager instance = null
 
static final Logger logger = Logger.getLogger(HashDbManager.class.getName())
 

Detailed Description

This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or notable.

Definition at line 63 of file HashDbManager.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager ( )
private

Member Function Documentation

synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase ( String  hashSetName,
String  path,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws HashDbManagerException

Adds an existing hash database to the set of hash databases used to classify files as known or notable and saves the configuration.

Parameters
hashSetNameName used to represent the hash database in user interface components.
pathFull path to either a hash database file or a hash database index file.
searchDuringIngestA flag indicating whether or not the hash database should be searched during ingest.
sendIngestMessagesA flag indicating whether hash set hit messages should be sent as ingest messages.
knownFilesTypeThe classification to apply to files whose hashes are found in the hash database.
Returns
A HashDb representing the hash database.
Exceptions
HashDbManagerException

Definition at line 153 of file HashDbManager.java.

SleuthkitHashSet org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase ( int  handle,
String  hashSetName,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws TskCoreException
private
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase ( String  hashSetName,
String  path,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws HashDbManagerException

Adds a new hash database to the set of hash databases used to classify files as known or notable and saves the configuration.

Parameters
hashSetNameHash set name used to represent the hash database in user interface components.
pathFull path to the database file to be created.
searchDuringIngestA flag indicating whether or not the hash database should be searched during ingest.
sendIngestMessagesA flag indicating whether hash set hit messages should be sent as ingest messages.
knownFilesTypeThe classification to apply to files whose hashes are found in the hash database.
Returns
A HashDb representing the hash database.
Exceptions
HashDbManagerException

Definition at line 200 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().

synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave ( String  hashSetName,
String  path,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws HashDbManagerException
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener ( PropertyChangeListener  listener)
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases ( List< HashDb hashDatabases)
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings ( HashLookupSettings  settings)
private
static HashDb.KnownFilesType org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.convertFileKnown ( TskData.FileKnown  fileKnown)
staticprivate
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets ( )

Gets all of the hash databases used to classify files as known or known bad. Will add any new central repository databases to the list before returning it.

Returns
A list, possibly empty, of hash databases.

Definition at line 413 of file HashDbManager.java.

References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.saveSettings().

List<HashDbInfo> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase ( )
private
static synchronized HashDbManager org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance ( )
static
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets ( )
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets ( )
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets ( )

Gets all of the hash databases that accept updates.

Returns
A list, possibly empty, of hash databases.

Definition at line 466 of file HashDbManager.java.

List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets ( List< HashDb hashDbs)
private
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath ( String  hashSetName,
String  configuredPath 
)
private
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashDbInfoIsNew ( HashDbInfo  dbInfo)
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration ( )
private
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration ( )
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange ( PropertyChangeEvent  event)
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase ( HashDb  hashDb) throws HashDbManagerException

Removes a hash database from the set of hash databases used to classify files as known or notable and saves the configuration.

Parameters
hashDb
Exceptions
HashDbManagerException

Definition at line 337 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave().

synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave ( HashDb  hashDb) throws HashDbManagerException
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener ( PropertyChangeListener  listener)

Definition at line 100 of file HashDbManager.java.

String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile ( )
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository ( ) throws TskCoreException
private

Member Data Documentation

boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.allDatabasesLoadedCorrectly = false
private

Definition at line 72 of file HashDbManager.java.

final String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HASH_DATABASE_FILE_EXTENSON = "kdb"
staticprivate

Definition at line 65 of file HashDbManager.java.

Set<String> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSetNames = new HashSet<>()
private

Definition at line 68 of file HashDbManager.java.

Set<String> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSetPaths = new HashSet<>()
private

Definition at line 69 of file HashDbManager.java.

List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSets = new ArrayList<>()
private

Definition at line 67 of file HashDbManager.java.

HashDbManager org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance = null
staticprivate
final Logger org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.logger = Logger.getLogger(HashDbManager.class.getName())
staticprivate

Definition at line 71 of file HashDbManager.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2016 Basis Technology. Generated on: Tue Feb 20 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.