Autopsy
4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Static Private Member Functions | |
static Pattern | compileRegex (String regex) |
static FilesSet.Rule | readFileExtensionRule (Element elem) |
static FilesSet.Rule | readFileNameRule (Element elem) |
static void | readFilesSet (Element setElem, Map< String, FilesSet > filesSets, String filePath) |
static FilesSet.Rule.MetaTypeCondition | readMetaTypeCondition (Element ruleElement) |
static FilesSet.Rule.ParentPathCondition | readPathCondition (Element ruleElement) |
static String | readRuleName (Element elem) |
static Map< String, FilesSet > | readSerializedDefinitions () throws InterestingItemDefsManagerException |
Static Private Attributes | |
static final String | DESC_ATTR = "description" |
static final String | EXTENSION_RULE_TAG = "EXTENSION" |
static final String | FILE_SET_TAG = "INTERESTING_FILE_SET" |
static final String | FILE_SETS_ROOT_TAG = "INTERESTING_FILE_SETS" |
static final String | IGNORE_KNOWN_FILES_ATTR = "ignoreKnown" |
static final List< String > | illegalFileNameChars = InterestingItemDefsManager.getIllegalFileNameChars() |
static final Logger | logger = Logger.getLogger(FilesSetXML.class.getName()) |
static final String | NAME_ATTR = "name" |
static final String | NAME_RULE_TAG = "NAME" |
static final String | PATH_FILTER_ATTR = "pathFilter" |
static final String | PATH_REGEX_ATTR = "pathRegex" |
static final String | REGEX_ATTR = "regex" |
static final String | RULE_UUID_ATTR = "ruleUUID" |
static final String | TYPE_FILTER_ATTR = "typeFilter" |
static final String | TYPE_FILTER_VALUE_DIRS = "dir" |
static final String | TYPE_FILTER_VALUE_FILES = "file" |
static final String | TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs" |
static final String | UNNAMED_LEGACY_RULE_PREFIX = "Unnamed Rule " |
static int | unnamedLegacyRuleCounter |
static final String | XML_ENCODING = "UTF-8" |
Reads and writes interesting files set definitions to and from disk in XML format.
Definition at line 116 of file InterestingItemDefsManager.java.
|
staticprivate |
Attempts to compile a regular expression.
regex | The regular expression. |
Definition at line 435 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule().
|
staticprivate |
Construct an interesting files set file name extension rule from the data in an XML element.
elem | The file name extension rule XML element. |
Definition at line 360 of file InterestingItemDefsManager.java.
References org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.compileRegex(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.EXTENSION_RULE_TAG, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_FILTER_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_REGEX_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readMetaTypeCondition(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readPathCondition(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readRuleName(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.REGEX_ATTR, and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_ATTR.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFilesSet().
|
staticprivate |
Construct an interesting files set file name rule from the data in an XML element.
elem | The file name rule XML element. |
Definition at line 302 of file InterestingItemDefsManager.java.
References org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.compileRegex(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.NAME_RULE_TAG, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_FILTER_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_REGEX_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readMetaTypeCondition(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readPathCondition(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readRuleName(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.REGEX_ATTR.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFilesSet().
|
staticprivate |
Reads in an interesting files set.
setElem | An interesting files set XML element |
filesSets | A collection to which the set is to be added. |
filePath | The source file, used for error reporting. |
Definition at line 225 of file InterestingItemDefsManager.java.
References org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.DESC_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.EXTENSION_RULE_TAG, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.IGNORE_KNOWN_FILES_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.NAME_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.NAME_RULE_TAG, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.unnamedLegacyRuleCounter.
|
staticprivate |
Construct a meta-type condition for an interesting files set membership rule from data in an XML element.
ruleElement | The XML element. |
Definition at line 453 of file InterestingItemDefsManager.java.
References org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_ATTR, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_VALUE_DIRS, org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_VALUE_FILES, and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_VALUE_FILES_AND_DIRS.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule().
|
staticprivate |
Construct a path condition for an interesting files set membership rule from data in an XML element.
ruleElement | The XML element. |
Definition at line 487 of file InterestingItemDefsManager.java.
References org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_FILTER_ATTR, and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_REGEX_ATTR.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule().
|
staticprivate |
Read a rule name attribute from a rule element.
elem | A rule element. |
Definition at line 422 of file InterestingItemDefsManager.java.
References org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.NAME_ATTR.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule().
|
staticprivate |
Reads the definitions from the serialization file
InterestingItemDefsManagerException | if file could not be read |
Definition at line 201 of file InterestingItemDefsManager.java.
|
staticprivate |
Definition at line 130 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFilesSet().
|
staticprivate |
|
staticprivate |
Definition at line 125 of file InterestingItemDefsManager.java.
|
staticprivate |
Definition at line 124 of file InterestingItemDefsManager.java.
|
staticprivate |
Definition at line 131 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFilesSet().
|
staticprivate |
Definition at line 120 of file InterestingItemDefsManager.java.
|
staticprivate |
Definition at line 118 of file InterestingItemDefsManager.java.
|
staticprivate |
|
staticprivate |
|
staticprivate |
Definition at line 133 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readPathCondition().
|
staticprivate |
Definition at line 138 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readPathCondition().
|
staticprivate |
|
staticprivate |
Definition at line 129 of file InterestingItemDefsManager.java.
|
staticprivate |
Definition at line 132 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule(), and org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readMetaTypeCondition().
|
staticprivate |
Definition at line 135 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readMetaTypeCondition().
|
staticprivate |
Definition at line 134 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readMetaTypeCondition().
|
staticprivate |
Definition at line 139 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readMetaTypeCondition().
|
staticprivate |
Definition at line 140 of file InterestingItemDefsManager.java.
|
staticprivate |
Definition at line 141 of file InterestingItemDefsManager.java.
Referenced by org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFilesSet().
|
staticprivate |
Definition at line 119 of file InterestingItemDefsManager.java.
Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.