org.sleuthkit.autopsy.corecomponentinterfaces/0 0.0 1

Package org.sleuthkit.autopsy.corecomponentinterfaces

This package contains the interface classes that define the core components in Autopsy.

See:
          Description

Interface Summary
DataContent The interface for the "bottom right component" window.
DataContentViewer Responsible for a tab in the DataContent component.
DataExplorer The interface for the "top left component" window.
DataResult The interface for the "top right component" window.
DataResultViewer Interface for the different viewers that show a set of nodes in the DataResult area.
 

Class Summary
CoreComponentControl Responsible for opening and closing the core windows when a case is opened and closed.
 

Package org.sleuthkit.autopsy.corecomponentinterfaces Description

This package contains the interface classes that define the core components in Autopsy. These components are used in the difference zones of the GUI.

Autopsy Zones

There are three major zones in the Autopsy UI. The left hand side has the DataExplorer zone. This area is where you can search for and explore data. It has all of the analysis smarts. An example of a DataExplorer is the directory tree that shows the hierarchy of directories (and hides the files from view).

The DataExplorer area identifies a subset of the data to show the user and passes the data to the DataResults area in the upper right. In the previous example, the contents of a specific folder would be passed to this area and displayed in a table or thumbnail form.

When a file or object is selected in the DataResult, it is passed to the DataContent zone in the lower right. This is where file content can be viewed in hex form, strings, etc.

Data Flow

Creating Nodes in DataExplorer

Data flows between the areas inside of a NetBeans node. The DataExplorer modules create the NetBeans nodes. They query the SQLite database or do whatever they want to identify the set of files that are of interest. They create the NetBeans nodes based on Sleuthkit data model objects. See the org.sleuthkit.autopsy.datamodel package for more details on this.

Getting Nodes to DataResult

Each DataExplorer TopComponent is responsible for creating its own DataResult TopComponent to display its results. It can choose to re-use the same TopComponent for multiple searches (as DirectoryTree does) or it can choose to make a new one each time (as FileSearch does). The setNode() method on the DataResult object is used to set the root node to display. A dummy root node must be created as the parent if a parent does not already exist.

The DataExplorer is responsible for setting the double-click and right-click actions associated with the node. The default single click action is to pass data to DataContent. To override this, you must create a new DataResultViewer instance that overrides the propertyChange() method. The DataExplorer adds actions to wrapping the node in a FilterNode variant. The FilterNode then defines the actions for the node by overriding the getPreferredAction() and getActions() methods. As an example, org.sleuthkit.autopsy.directorytree.DataResultFilterNode and org.sleuthkit.autopsy.directorytree.DataResultFilterChildren wraps the nodes that are passed over by the DirectoryTree DataExplorer.

DataResult can send data back to its DataExplorer by making a custom action that looks up it's instance (DataExplorer.getInstance()).

Getting Nodes to DataContent

A default DataContent viewer is created when a case is opened. To display the contents of a node, it must be passed to a DataContent instance. The default single-click behavior of the DataResultViewers is to lookup the default DataContent TopComponent and pass the selected node to it. See AbstractDataResultViewer.propertyChange() for details.

Creating new Functionality

Creating a DataExplorer

  1. Create a module from within NetBeans. It must be dependent on these modules:
  2. Create a class that implements DataExplorer. We have been making the TopComponent class be the one that implements DataExplorer. Register this class as a DataExplorer service provider by specifying "@ServiceProvider(service=DataExplorer.class)" in the class or using layer.xml.
  3. Implement the methods required by the DataExplorer interface.
  4. Register the class to receive property change events from the org.sleuthkit.autopsy.Case module by using its addPropertyChangeListener() method.
  5. Access case data using the org.sleuthkit.autopsy.Case module.
  6. Create Nodes for the data objects using the techniques outlined in the previous section.
  7. Wrap the nodes in FilterNodes to define actions as outlined in the previous section.
  8. Send results to DataResults using the techniques outlined in the previous section.

Creating a DataResultViewer

DataResultTopComponent is the high-level window in the DataResult area. Each instance of this loads up all instances of DataResultViewers that have been registered with the system. Example viewers include the table and thumbnail views. If you want to make your own type of viewer, follow the steps below. Note that the table and thumbnail viewers come with Autopsy by default and can be used by all DataExplorers.

  1. Create a module from within NetBeans. It must be dependent on these modules:
  2. Make a class that extends AbstractDataResultViewer and is registered as a service provider for the DataResultViewer class by specifying "@ServiceProvider(service = DataResultViewer.class)" or by using layer.xml. This class will extend JPanel.
  3. See the previous sections on default actions.

Creating a DataContentViewer

DataContentTopComponent is the high-level window in the DataContent area. Each instance of this loads up all instances of DataContentViewers that have been registered with the system. Example viewers include the strings and hexdump views. If you want to make your own type of viewer, follow the steps below. Note that the strings, hexdump, and image viewers come with Autopsy by default and can be used by all DataExplorers and DataResults. You only need to make a new DataContentViewer if these viewers do not satisfy your needs.

  1. Create a module from within NetBeans. It must be dependent on these modules:
  2. Make a class that implements DataContentViewer and is registered as a service provider for DataContentViewer.class by specifying "@ServiceProvider(service = DataContentViewer.class)" or by using layer.xml. This class must extend JPanel.


org.sleuthkit.autopsy.corecomponentinterfaces/0 0.0 1