Autopsy
4.11.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
enum | DBPopulationMode |
class | DBPopulationWorker |
Public Member Functions | |
EventsRepository (Case autoCase, ReadOnlyObjectProperty< ZoomParams > currentStateProperty) | |
synchronized Set< Long > | addTag (long objID, Long artifactID, Tag tag, EventDB.EventTransaction trans) |
boolean | areFiltersEquivalent (RootFilter f1, RootFilter f2) |
synchronized int | countAllEvents () |
synchronized Map< EventType, Long > | countEvents (ZoomParams params) |
synchronized Set< Long > | deleteTag (long objID, Long artifactID, long tagID, boolean tagged) |
Case | getAutoCase () |
Interval | getBoundingEventsInterval (Interval timeRange, RootFilter filter) |
List< CombinedEvent > | getCombinedEvents (Interval timeRange, RootFilter filter) |
synchronized ObservableMap< Long, String > | getDatasourcesMap () |
SingleEvent | getEventById (Long eventID) |
List< Long > | getEventIDs (Interval timeRange, RootFilter filter) |
List< Long > | getEventIDsForArtifact (BlackboardArtifact artifact) |
List< Long > | getEventIDsForFile (AbstractFile file, boolean includeDerivedArtifacts) |
synchronized Set< SingleEvent > | getEventsById (Collection< Long > eventIDs) |
FilteredEventsModel | getEventsModel () |
synchronized List< EventStripe > | getEventStripes (ZoomParams params) |
synchronized ObservableMap< Long, String > | getHashSetMap () |
Long | getMaxTime () |
Long | getMinTime () |
Interval | getSpanningInterval (Collection< Long > eventIDs) |
Map< String, Long > | getTagCountsByTagName (Set< Long > eventIDsWithTags) |
ObservableList< TagName > | getTagNames () |
boolean | hasNewColumns () |
CancellationProgressTask< Void > | rebuildRepository (Consumer< Worker.State > onStateChange) |
CancellationProgressTask< Void > | rebuildTags (Consumer< Worker.State > onStateChange) |
void | syncTagsFilter (TagsFilter tagsFilter) |
Private Member Functions | |
void | invalidateCaches () |
synchronized void | invalidateCaches (Set< Long > updatedEventIDs) |
synchronized void | populateFilterData (SleuthkitCase skCase) |
CancellationProgressTask< Void > | rebuildRepository (final DBPopulationMode mode, Consumer< Worker.State > onStateChange) |
Private Attributes | |
final Case | autoCase |
final ObservableMap< Long, String > | datasourcesMap = FXCollections.observableHashMap() |
DBPopulationWorker | dbWorker |
final LoadingCache< ZoomParams, Map< EventType, Long > > | eventCountsCache |
final EventDB | eventDB |
final LoadingCache< ZoomParams, List< EventStripe > > | eventStripeCache |
final ObservableMap< Long, String > | hashSetMap = FXCollections.observableHashMap() |
final LoadingCache< Long, SingleEvent > | idToEventCache |
final LoadingCache< Object, Long > | maxCache |
final LoadingCache< Object, Long > | minCache |
final FilteredEventsModel | modelInstance |
final ObservableList< TagName > | tagNames = FXCollections.observableArrayList() |
final Executor | workerExecutor = Executors.newSingleThreadExecutor(new ThreadFactoryBuilder().setNameFormat("eventrepository-worker-%d").build()) |
Static Private Attributes | |
static final Logger | logger = Logger.getLogger(EventsRepository.class.getName()) |
Provides higher-level public API (over EventsDB) to access events. In theory this insulates the rest of the timeline module form the details of the db implementation. Since there are no other implementations of the database or clients of this class, and no Java Interface defined yet, in practice this just delegates everything to the eventDB. Some results are also cached by this layer.
Concurrency Policy:
Since almost everything just delegates to the EventDB, which is internally synchronized, we only have to worry about rebuildRepository() which we synchronize on our intrinsic lock.
Definition at line 98 of file EventsRepository.java.
org.sleuthkit.autopsy.timeline.db.EventsRepository.EventsRepository | ( | Case | autoCase, |
ReadOnlyObjectProperty< ZoomParams > | currentStateProperty | ||
) |
Definition at line 146 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.autoCase, org.sleuthkit.autopsy.timeline.db.EventDB.getEventDB(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.populateFilterData().
synchronized Set<Long> org.sleuthkit.autopsy.timeline.db.EventsRepository.addTag | ( | long | objID, |
Long | artifactID, | ||
Tag | tag, | ||
EventDB.EventTransaction | trans | ||
) |
Definition at line 319 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.invalidateCaches().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagAdded(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagAdded().
boolean org.sleuthkit.autopsy.timeline.db.EventsRepository.areFiltersEquivalent | ( | RootFilter | f1, |
RootFilter | f2 | ||
) |
Definition at line 363 of file EventsRepository.java.
synchronized int org.sleuthkit.autopsy.timeline.db.EventsRepository.countAllEvents | ( | ) |
Definition at line 208 of file EventsRepository.java.
synchronized Map<EventType, Long> org.sleuthkit.autopsy.timeline.db.EventsRepository.countEvents | ( | ZoomParams | params | ) |
Definition at line 204 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventCounts().
synchronized Set<Long> org.sleuthkit.autopsy.timeline.db.EventsRepository.deleteTag | ( | long | objID, |
Long | artifactID, | ||
long | tagID, | ||
boolean | tagged | ||
) |
Definition at line 327 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.invalidateCaches().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagDeleted(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagDeleted().
Case org.sleuthkit.autopsy.timeline.db.EventsRepository.getAutoCase | ( | ) |
Definition at line 118 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.autoCase.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.FilteredEventsModel().
Interval org.sleuthkit.autopsy.timeline.db.EventsRepository.getBoundingEventsInterval | ( | Interval | timeRange, |
RootFilter | filter | ||
) |
Definition at line 134 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getBoundingEventsInterval().
List<CombinedEvent> org.sleuthkit.autopsy.timeline.db.EventsRepository.getCombinedEvents | ( | Interval | timeRange, |
RootFilter | filter | ||
) |
Get a representation of all the events, within the given time range, that pass the given filter, grouped by time and description such that file system events for the same file, with the same timestamp, are combined together.
timeRange | The Interval that all returned events must be within. |
filter | The Filter that all returned events must pass. |
Definition at line 267 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getCombinedEvents().
synchronized ObservableMap<Long, String> org.sleuthkit.autopsy.timeline.db.EventsRepository.getDatasourcesMap | ( | ) |
Definition at line 126 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.datasourcesMap.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getDefaultFilter().
SingleEvent org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventById | ( | Long | eventID | ) |
Definition at line 184 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventById().
List<Long> org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventIDs | ( | Interval | timeRange, |
RootFilter | filter | ||
) |
Definition at line 252 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDs().
List<Long> org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventIDsForArtifact | ( | BlackboardArtifact | artifact | ) |
Get a List of event IDs for the events that are derived from the given artifact.
artifact | The BlackboardArtifact to get derived event IDs for. |
Definition at line 240 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDsForArtifact().
List<Long> org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventIDsForFile | ( | AbstractFile | file, |
boolean | includeDerivedArtifacts | ||
) |
Get a List of event IDs for the events that are derived from the given file.
file | The AbstractFile to get derived event IDs for. |
includeDerivedArtifacts | If true, also get event IDs for events derived from artifacts derived form this file. If false, only gets events derived directly from this file (file system timestamps). |
Definition at line 227 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDsForFile().
synchronized Set<SingleEvent> org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventsById | ( | Collection< Long > | eventIDs | ) |
Definition at line 188 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventsById().
FilteredEventsModel org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventsModel | ( | ) |
Definition at line 142 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.modelInstance.
Referenced by org.sleuthkit.autopsy.timeline.TimeLineController.TimeLineController().
synchronized List<EventStripe> org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventStripes | ( | ZoomParams | params | ) |
Definition at line 195 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.zooming.ZoomParams.toString().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventStripes().
synchronized ObservableMap<Long, String> org.sleuthkit.autopsy.timeline.db.EventsRepository.getHashSetMap | ( | ) |
Definition at line 130 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.hashSetMap.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getDefaultFilter().
Long org.sleuthkit.autopsy.timeline.db.EventsRepository.getMaxTime | ( | ) |
Definition at line 171 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getMaxTime().
Long org.sleuthkit.autopsy.timeline.db.EventsRepository.getMinTime | ( | ) |
Definition at line 179 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getMinTime().
Interval org.sleuthkit.autopsy.timeline.db.EventsRepository.getSpanningInterval | ( | Collection< Long > | eventIDs | ) |
Definition at line 271 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventDB.getSpanningInterval().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getSpanningInterval().
Map<String, Long> org.sleuthkit.autopsy.timeline.db.EventsRepository.getTagCountsByTagName | ( | Set< Long > | eventIDsWithTags | ) |
get a count of tagnames applied to the given event ids as a map from tagname displayname to count of tag applications
eventIDsWithTags | the event ids to get the tag counts map for |
Definition at line 287 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getTagCountsByTagName().
ObservableList<TagName> org.sleuthkit.autopsy.timeline.db.EventsRepository.getTagNames | ( | ) |
Definition at line 122 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.tagNames.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getDefaultFilter().
boolean org.sleuthkit.autopsy.timeline.db.EventsRepository.hasNewColumns | ( | ) |
Definition at line 275 of file EventsRepository.java.
|
private |
|
private |
Definition at line 335 of file EventsRepository.java.
References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
|
private |
use the given SleuthkitCase to update the data used to determine the available filters.
skCase |
Definition at line 297 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.call(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.EventsRepository().
CancellationProgressTask<Void> org.sleuthkit.autopsy.timeline.db.EventsRepository.rebuildRepository | ( | Consumer< Worker.State > | onStateChange | ) |
rebuild the entire repo.
onStateChange | called when he background task changes state. Clients can use this to handle failure, or cleanup operations for example. |
Definition at line 379 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationMode.FULL.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.rebuildTags().
|
private |
rebuild the repo.
mode | the rebuild mode to use. |
onStateChange | called when he background task changes state. Clients can use this to handle failure, or cleanup operations for example. |
Definition at line 411 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.dbWorker.
CancellationProgressTask<Void> org.sleuthkit.autopsy.timeline.db.EventsRepository.rebuildTags | ( | Consumer< Worker.State > | onStateChange | ) |
drop and rebuild the tags in the repo.
onStateChange | called when he background task changes state. Clients can use this to handle failure, or cleanup operations for example. |
Definition at line 395 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.db.EventsRepository.rebuildRepository(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationMode.TAGS_ONLY.
void org.sleuthkit.autopsy.timeline.db.EventsRepository.syncTagsFilter | ( | TagsFilter | tagsFilter | ) |
"sync" the given tags filter with the tagnames in use: Disable filters for tags that are not in use in the case, and add new filters for tags that don't have them. New filters are selected by default.
tagsFilter | the tags filter to modify so it is consistent with the tags in use in the case |
Definition at line 354 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.filters.UnionFilter< SubFilterType extends Filter >.addSubFilter().
|
private |
Definition at line 105 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.EventsRepository(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.getAutoCase().
|
private |
Definition at line 114 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.getDatasourcesMap().
|
private |
Definition at line 103 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.rebuildRepository().
|
private |
Definition at line 111 of file EventsRepository.java.
|
private |
Definition at line 104 of file EventsRepository.java.
|
private |
Definition at line 112 of file EventsRepository.java.
|
private |
Definition at line 115 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.getHashSetMap().
|
private |
Definition at line 110 of file EventsRepository.java.
|
staticprivate |
Definition at line 100 of file EventsRepository.java.
|
private |
Definition at line 108 of file EventsRepository.java.
|
private |
Definition at line 109 of file EventsRepository.java.
|
private |
Definition at line 106 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventsModel().
|
private |
Definition at line 116 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.getTagNames().
|
private |
Definition at line 102 of file EventsRepository.java.
Copyright © 2012-2018 Basis Technology. Generated on: Fri Jun 21 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.