Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Static Public Member Functions | Public Attributes | Static Public Attributes | Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.events.type.MiscTypes Enum Reference

Inherits org.sleuthkit.autopsy.timeline.events.type.EventType, and org.sleuthkit.autopsy.timeline.events.type.ArtifactEventType.

Public Member Functions

Image getFXImage ()
 
BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > getFullExtractor ()
 
BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > getMedExtractor ()
 
BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > getShortExtractor ()
 
BlackboardAttribute.ATTRIBUTE_TYPE getDateTimeAttrubuteType ()
 
EventTypeZoomLevel getZoomLevel ()
 
String getDisplayName ()
 
String getIconBase ()
 
EventType getSubType (String string)
 
EventType getSuperType ()
 
List<?extends EventTypegetSubTypes ()
 
BlackboardArtifact.ARTIFACT_TYPE getArtifactType ()
 
default BaseTypes getBaseType ()
 
default List<?extends EventTypegetSubTypesRecusive ()
 
default Color getColor ()
 
default List<?extends EventTypegetSiblingTypes ()
 
int ordinal ()
 
default AttributeEventDescription parseAttributesHelper (BlackboardArtifact artf, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute > attrMap) throws TskCoreException
 

Static Public Member Functions

static String stringValueOf (BlackboardAttribute attr)
 
static String toFrom (BlackboardAttribute dir)
 
static Comparator< EventTypegetComparator ()
 

Public Attributes

 MESSAGE
 
 GPS_ROUTE
 
 GPS_TRACKPOINT
 
 CALL_LOG
 
 EMAIL
 
 RECENT_DOCUMENTS
 
 INSTALLED_PROGRAM
 
 EXIF
 
 DEVICES_ATTACHED
 

Static Public Attributes

static final List<?extends EventTypeallTypes = RootEventType.getInstance().getSubTypesRecusive()
 

Private Member Functions

 MiscTypes (String displayName, String iconBase, BlackboardArtifact.ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE dateTimeAttributeType, BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > shortExtractor, BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > medExtractor, BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > longExtractor)
 

Private Attributes

final BlackboardAttribute.ATTRIBUTE_TYPE dateTimeAttributeType
 
final String iconBase
 
final Image image
 
final BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > longExtractor
 
final BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > medExtractor
 
final BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String > shortExtractor
 
final String displayName
 
final BlackboardArtifact.ARTIFACT_TYPE artifactType
 

Detailed Description

Definition at line 39 of file MiscTypes.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.MiscTypes ( String  displayName,
String  iconBase,
BlackboardArtifact.ARTIFACT_TYPE  artifactType,
BlackboardAttribute.ATTRIBUTE_TYPE  dateTimeAttributeType,
BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String >  shortExtractor,
BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String >  medExtractor,
BiFunction< BlackboardArtifact, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute >, String >  longExtractor 
)
private

Definition at line 230 of file MiscTypes.java.

Member Function Documentation

BlackboardArtifact.ARTIFACT_TYPE org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getArtifactType ( )
Returns
the Artifact type this event type is derived form, or null if there is no artifact type (eg file system events)

Implements org.sleuthkit.autopsy.timeline.events.type.ArtifactEventType.

Definition at line 256 of file MiscTypes.java.

default BaseTypes org.sleuthkit.autopsy.timeline.events.type.EventType.getBaseType ( )
inherited
default Color org.sleuthkit.autopsy.timeline.events.type.EventType.getColor ( )
inherited
static Comparator<EventType> org.sleuthkit.autopsy.timeline.events.type.EventType.getComparator ( )
staticinherited

Definition at line 37 of file EventType.java.

BlackboardAttribute.ATTRIBUTE_TYPE org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getDateTimeAttrubuteType ( )
String org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getDisplayName ( )
BiFunction<BlackboardArtifact, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute>, String> org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getFullExtractor ( )
Returns
a function from an artifact and a map of its attributes, to a String to use as part of the full event description

Implements org.sleuthkit.autopsy.timeline.events.type.ArtifactEventType.

Definition at line 187 of file MiscTypes.java.

Image org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getFXImage ( )
String org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getIconBase ( )
BiFunction<BlackboardArtifact, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute>, String> org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getMedExtractor ( )
Returns
a function from an artifact and a map of its attributes, to a String to use as part of the medium event description

Implements org.sleuthkit.autopsy.timeline.events.type.ArtifactEventType.

Definition at line 192 of file MiscTypes.java.

BiFunction<BlackboardArtifact, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute>, String> org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getShortExtractor ( )
Returns
a function from an artifact and a map of its attributes, to a String to use as part of the short event description

Implements org.sleuthkit.autopsy.timeline.events.type.ArtifactEventType.

Definition at line 197 of file MiscTypes.java.

default List<? extends EventType> org.sleuthkit.autopsy.timeline.events.type.EventType.getSiblingTypes ( )
inherited
EventType org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getSubType ( String  string)
List<? extends EventType> org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getSubTypes ( )
Returns
a list of event types, one for each subtype of this eventype, or an empty list if this event type has no subtypes

Implements org.sleuthkit.autopsy.timeline.events.type.EventType.

Definition at line 251 of file MiscTypes.java.

default List<? extends EventType> org.sleuthkit.autopsy.timeline.events.type.EventType.getSubTypesRecusive ( )
inherited
EventType org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getSuperType ( )
Returns
the super type of this event

Implements org.sleuthkit.autopsy.timeline.events.type.EventType.

Definition at line 246 of file MiscTypes.java.

References org.sleuthkit.autopsy.timeline.events.type.BaseTypes.MISC_TYPES.

EventTypeZoomLevel org.sleuthkit.autopsy.timeline.events.type.MiscTypes.getZoomLevel ( )
int org.sleuthkit.autopsy.timeline.events.type.EventType.ordinal ( )
inherited
default AttributeEventDescription org.sleuthkit.autopsy.timeline.events.type.ArtifactEventType.parseAttributesHelper ( BlackboardArtifact  artf,
Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute attrMap 
) throws TskCoreException
inherited
static String org.sleuthkit.autopsy.timeline.events.type.MiscTypes.stringValueOf ( BlackboardAttribute  attr)
static
static String org.sleuthkit.autopsy.timeline.events.type.MiscTypes.toFrom ( BlackboardAttribute  dir)
static

Member Data Documentation

final List<? extends EventType> org.sleuthkit.autopsy.timeline.events.type.EventType.allTypes = RootEventType.getInstance().getSubTypesRecusive()
staticinherited
final BlackboardArtifact.ARTIFACT_TYPE org.sleuthkit.autopsy.timeline.events.type.MiscTypes.artifactType
private

Definition at line 213 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.CALL_LOG
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.Calls.name"), "calllog.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION))

Definition at line 77 of file MiscTypes.java.

final BlackboardAttribute.ATTRIBUTE_TYPE org.sleuthkit.autopsy.timeline.events.type.MiscTypes.dateTimeAttributeType
private

Definition at line 169 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.DEVICES_ATTACHED
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.devicesAttached.name"), "usb_devices.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID))

Definition at line 143 of file MiscTypes.java.

final String org.sleuthkit.autopsy.timeline.events.type.MiscTypes.displayName
private

Definition at line 211 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.EMAIL
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.Email.name"), "mail-icon-16.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT,
(artifact, attrMap) -> {
final BlackboardAttribute emailFrom = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM);
final BlackboardAttribute emailTo = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_TO);
return (emailFrom != null ? emailFrom.getValueString() : "") + " to " + (emailTo != null ? emailTo.getValueString() : "");
},
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN))

Definition at line 83 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.EXIF
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.exif.name"), "camera-icon-16.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL),
(BlackboardArtifact t,
Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> u) -> {
try {
AbstractFile f = t.getSleuthkitCase().getAbstractFileById(t.getObjectID());
if(f != null){
return f.getName();
}
return " error loading file name";
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
return " error loading file name";
}
})

Definition at line 125 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.GPS_ROUTE
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.GPSRoutes.name"), "gps-search.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION),
(BlackboardArtifact artf, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attrMap) -> {
final BlackboardAttribute latStart = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START);
final BlackboardAttribute longStart = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START);
final BlackboardAttribute latEnd = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END);
final BlackboardAttribute longEnd = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END);
return String.format("from %1$g %2$g to %3$g %4$g", latStart.getValueDouble(), longStart.getValueDouble(), latEnd.getValueDouble(), longEnd.getValueDouble());
})

Definition at line 55 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.GPS_TRACKPOINT
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.GPSTrackpoint.name"), "gps-trackpoint.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME),
(artf, attrMap) -> {
final BlackboardAttribute longitude = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE);
final BlackboardAttribute latitude = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE);
return (latitude != null ? latitude.getValueDouble() : "") + " " + (longitude != null ? longitude.getValueDouble() : "");
},
(artf, attrMap) -> "")

Definition at line 67 of file MiscTypes.java.

final String org.sleuthkit.autopsy.timeline.events.type.MiscTypes.iconBase
private

Definition at line 171 of file MiscTypes.java.

final Image org.sleuthkit.autopsy.timeline.events.type.MiscTypes.image
private

Definition at line 173 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.INSTALLED_PROGRAM
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.installedPrograms.name"), "programs.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_INSTALLED_PROG,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME),
new EmptyExtractor(),
new EmptyExtractor())

Definition at line 119 of file MiscTypes.java.

final BiFunction<BlackboardArtifact, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute>, String> org.sleuthkit.autopsy.timeline.events.type.MiscTypes.longExtractor
private

Definition at line 180 of file MiscTypes.java.

final BiFunction<BlackboardArtifact, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute>, String> org.sleuthkit.autopsy.timeline.events.type.MiscTypes.medExtractor
private

Definition at line 182 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.MESSAGE
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.message.name"), "message.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE),
(artf, attrMap) -> {
final BlackboardAttribute dir = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION);
final BlackboardAttribute readStatus = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS);
final BlackboardAttribute name = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME);
final BlackboardAttribute phoneNumber = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER);
final BlackboardAttribute subject = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT);
List<String> asList = Arrays.asList(stringValueOf(dir), stringValueOf(readStatus), name != null || phoneNumber != null ? toFrom(dir) : "", stringValueOf(name != null ? name : phoneNumber), (subject == null ? "" : stringValueOf(subject)));
return StringUtils.join(asList, " ");
},
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT))

Definition at line 41 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.events.type.MiscTypes.RECENT_DOCUMENTS
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.recentDocuments.name"), "recent_docs.png",
BlackboardArtifact.ARTIFACT_TYPE.TSK_RECENT_OBJECT,
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH).andThen(
(String t) -> (StringUtils.substringBeforeLast(StringUtils.substringBeforeLast(t, "\\"), "\\"))),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH).andThen(
(String t) -> StringUtils.substringBeforeLast(t, "\\")),
new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH)) {
@Override
public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute> attrMap) throws TskCoreException {
final BlackboardAttribute dateTimeAttr = attrMap.get(getDateTimeAttrubuteType());
long time = dateTimeAttr.getValueLong();
String shortDescription = getShortExtractor().apply(artf, attrMap);
String medDescription = getMedExtractor().apply(artf, attrMap);
String fullDescription = getFullExtractor().apply(artf, attrMap);
return new AttributeEventDescription(time, shortDescription, medDescription, fullDescription);
}
}

Definition at line 93 of file MiscTypes.java.

final BiFunction<BlackboardArtifact, Map<BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute>, String> org.sleuthkit.autopsy.timeline.events.type.MiscTypes.shortExtractor
private

Definition at line 184 of file MiscTypes.java.


The documentation for this enum was generated from the following file:

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.