Autopsy
4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.report.GeneralReportModule.
Public Member Functions | |
void | generateReport (String baseReportDir, ReportProgressPanel progressPanel) |
JPanel | getConfigurationPanel () |
String | getDescription () |
String | getName () |
String | getRelativeFilePath () |
Static Public Member Functions | |
static synchronized STIXReportModule | getDefault () |
Private Member Functions | |
STIXReportModule () | |
ObservableResult | evaluateObject (ObjectType obj, String spacing, String id) |
ObservableResult | evaluateObservableComposition (ObservableCompositionType comp, String spacing) throws TskCoreException |
ObservableResult | evaluateSingleObservable (Observable obs, String spacing) throws TskCoreException |
STIXPackage | loadSTIXFile (String stixFileName) throws TskCoreException |
String | makeMapKey (Observable obs) |
void | printFileHeader (String a_fileName) |
void | processFile (String stixFile, ReportProgressPanel progressPanel) throws TskCoreException |
void | processIndicators (STIXPackage stix) throws TskCoreException |
void | processObservables (STIXPackage stix) |
void | saveResultsAsArtifacts (Indicator ind, ObservableResult result) throws TskCoreException |
void | saveToObjectMap (Observable obs) |
void | writeResultsToFile (Indicator ind, String resultStr, boolean found) |
Private Attributes | |
STIXReportModuleConfigPanel | configPanel |
Map< String, ObjectType > | idToObjectMap = new HashMap<String, ObjectType>() |
Map< String, ObservableResult > | idToResult = new HashMap<String, ObservableResult>() |
BufferedWriter | output = null |
List< EvalRegistryObj.RegistryFileInfo > | registryFileData = null |
boolean | reportAllResults |
String | reportPath |
final boolean | skipShortCircuit = true |
Static Private Attributes | |
static STIXReportModule | instance = null |
static final Logger | logger = Logger.getLogger(STIXReportModule.class.getName()) |
Definition at line 67 of file STIXReportModule.java.
|
private |
Definition at line 85 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault().
|
private |
Evaluate a STIX object.
obj | The object to evaluate against the datasource(s) |
spacing | For formatting the output |
Definition at line 612 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.registryFileData.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable().
|
private |
Evaluate an observable composition. Can be called recursively.
comp | The observable composition object to evaluate |
spacing | Used to formatting the output |
TskCoreException |
Definition at line 475 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Evaluate one observable and return the result. This is at the end of the observable composition tree and will not be called recursively.
obs | The observable object to evaluate |
spacing | For formatting the output |
TskCoreException |
Definition at line 571 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObject(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.makeMapKey(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObservableComposition(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
void org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport | ( | String | baseReportDir, |
ReportProgressPanel | progressPanel | ||
) |
baseReportDir | path to save the report |
progressPanel | panel to update the report's progress |
Implements org.sleuthkit.autopsy.report.GeneralReportModule.
Definition at line 103 of file STIXReportModule.java.
References org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.COMPLETE, org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.ERROR, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Message.error(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.getRelativeFilePath(), org.sleuthkit.autopsy.modules.stix.STIXReportModuleConfigPanel.getShowAllResults(), org.sleuthkit.autopsy.modules.stix.STIXReportModuleConfigPanel.getStixFile(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.reportPath, org.sleuthkit.autopsy.coreutils.ModuleSettings.setConfigSetting(), org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate(), org.sleuthkit.autopsy.report.ReportProgressPanel.setMaximumProgress(), org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show(), org.sleuthkit.autopsy.report.ReportProgressPanel.start(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
JPanel org.sleuthkit.autopsy.modules.stix.STIXReportModule.getConfigurationPanel | ( | ) |
Returns the configuration panel for the report, which is displayed in the report configuration step of the report wizard.
Implements org.sleuthkit.autopsy.report.GeneralReportModule.
Definition at line 669 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.configPanel.
|
static |
Definition at line 89 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.instance, and org.sleuthkit.autopsy.modules.stix.STIXReportModule.STIXReportModule().
String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDescription | ( | ) |
Definition at line 663 of file STIXReportModule.java.
String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getName | ( | ) |
Definition at line 652 of file STIXReportModule.java.
String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getRelativeFilePath | ( | ) |
Definition at line 658 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport().
|
private |
Load a STIX-formatted XML file into a STIXPackage object.
stixFileName | Name of the STIX file to unmarshal |
TskCoreException |
Definition at line 257 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Use the ID or ID ref to create a key into the observable map.
obs |
Definition at line 440 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
|
private |
Write the a header for the current file to the output file.
a_fileName |
Definition at line 415 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Process a STIX file.
stixFile | - Name of the file |
progressPanel | - Progress panel (for updating) |
TskCoreException |
Definition at line 226 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.loadSTIXFile(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.printFileHeader(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processObservables(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.registryFileData.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport().
|
private |
Process all STIX indicators and save results to output file and create artifacts.
stix | STIXPackage |
Definition at line 295 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObservableComposition(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.reportAllResults, org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveResultsAsArtifacts(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.writeResultsToFile().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Do the initial processing of the list of observables. For each observable, save it in a map using the ID as key.
stix | STIXPackage |
Definition at line 278 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Create the artifacts saved in the observable result.
ind | |
result |
TskCoreException |
Definition at line 334 of file STIXReportModule.java.
References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.INFO, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Save an observable in the object map.
obs |
Definition at line 458 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.makeMapKey().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processObservables().
|
private |
Write the full results string to the output file.
ind | - Used to get the title, ID, and description of the indicator |
resultStr | - Full results for this indicator |
found | - true if the indicator was found in datasource(s) |
Definition at line 379 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Definition at line 70 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getConfigurationPanel().
|
private |
Definition at line 75 of file STIXReportModule.java.
|
private |
Definition at line 76 of file STIXReportModule.java.
|
staticprivate |
Definition at line 71 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault().
|
staticprivate |
Definition at line 69 of file STIXReportModule.java.
|
private |
Definition at line 82 of file STIXReportModule.java.
|
private |
Definition at line 78 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObject(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Definition at line 73 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Definition at line 72 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport().
|
private |
Definition at line 80 of file STIXReportModule.java.
Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.