Autopsy
4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits JPanel, and org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Classes | |
class | UniquePathKey |
Public Member Functions | |
DataContentViewerOtherCases () | |
DataContentViewer | createInstance () |
Component | getComponent () |
String | getTitle () |
String | getToolTip () |
int | isPreferred (Node node) |
boolean | isSupported (Node node) |
void | resetComponent () |
void | setNode (Node node) |
Private Member Functions | |
void | addOrUpdateNodeData (final Case autopsyCase, Map< UniquePathKey, OtherOccurrenceNodeInstanceData > nodeDataMap, AbstractFile newFile) throws TskCoreException, EamDbException |
void | customizeComponents () |
AbstractFile | getAbstractFileFromNode (Node node) |
BlackboardArtifact | getBlackboardArtifactFromNode (Node node) |
String | getCaseCreatedDate (int caseTableRowIdx) |
List< AbstractFile > | getCaseDbMatches (CorrelationAttributeInstance corAttr, Case openCase) throws NoCurrentCaseException, TskCoreException, EamDbException |
Map< UniquePathKey, OtherOccurrenceNodeInstanceData > | getCorrelatedInstances (CorrelationAttributeInstance corAttr, String dataSourceName, String deviceId) |
Collection< CorrelationAttributeInstance > | getCorrelationAttributesFromNode (Node node) |
void | initComponents () |
String | makeDataSourceString (String caseUUID, String deviceId, String dataSourceName) |
void | populateTable (Node node) |
void | reset () |
void | rightClickPopupMenuPopupMenuWillBecomeVisible (javax.swing.event.PopupMenuEvent evt) |
void | saveToCSV () throws NoCurrentCaseException |
void | setEarliestCaseDate () |
void | showCaseDetails (int selectedRowViewIdx) |
void | showCommonalityDetails () |
void | updateOnCaseSelection () |
void | updateOnDataSourceSelection () |
void | updateOnFileSelection () |
void | writeOtherOccurrencesToFileAsCSV (File destFile) |
Private Attributes | |
javax.swing.JSplitPane | caseDatasourceFileSplitPane |
javax.swing.JSplitPane | caseDatasourceSplitPane |
javax.swing.JScrollPane | caseScrollPane |
javax.swing.JTable | casesTable |
final OtherOccurrencesCasesTableModel | casesTableModel |
final Collection< CorrelationAttributeInstance > | correlationAttributes |
javax.swing.JFileChooser | CSVFileChooser |
String | dataSourceName = "" |
javax.swing.JScrollPane | dataSourceScrollPane |
javax.swing.JTable | dataSourcesTable |
final OtherOccurrencesDataSourcesTableModel | dataSourcesTableModel |
javax.swing.JScrollPane | detailsPanelScrollPane |
String | deviceId = "" |
javax.swing.JLabel | earliestCaseDate |
javax.swing.JLabel | earliestCaseLabel |
javax.swing.JMenuItem | exportToCSVMenuItem |
AbstractFile | file |
javax.swing.JTable | filesTable |
final OtherOccurrencesFilesTableModel | filesTableModel |
javax.swing.JScrollPane | filesTableScrollPane |
javax.swing.JLabel | foundInLabel |
OccurrencePanel | occurrencePanel |
javax.swing.JPopupMenu | rightClickPopupMenu |
javax.swing.JMenuItem | showCaseDetailsMenuItem |
javax.swing.JMenuItem | showCommonalityMenuItem |
javax.swing.JPanel | tableContainerPanel |
javax.swing.JSplitPane | tablesViewerSplitPane |
Static Private Attributes | |
static final Logger | LOGGER = Logger.getLogger(DataContentViewerOtherCases.class.getName()) |
static final CorrelationCaseWrapper | NO_ARTIFACTS_CASE = new CorrelationCaseWrapper(Bundle.DataContentViewerOtherCases_table_noArtifacts()) |
static final CorrelationCaseWrapper | NO_RESULTS_CASE = new CorrelationCaseWrapper(Bundle.DataContentViewerOtherCases_table_noResultsFound()) |
static final long | serialVersionUID = -1L |
static final String | UUID_PLACEHOLDER_STRING = "NoCorrelationAttributeInstance" |
View correlation results from other cases
Definition at line 89 of file DataContentViewerOtherCases.java.
org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.DataContentViewerOtherCases | ( | ) |
Creates new form DataContentViewerOtherCases
Definition at line 111 of file DataContentViewerOtherCases.java.
|
private |
Adds the file to the nodeDataMap map if it does not already exist
autopsyCase | |
nodeDataMap | |
newFile |
TskCoreException | |
EamDbException |
Definition at line 661 of file DataContentViewerOtherCases.java.
DataContentViewer org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.createInstance | ( | ) |
Create and return a new instance of your viewer. The reason that this is needed is because the specific viewer modules will be found via NetBeans Lookup and the type will only be DataContentViewer. This method is used to get an instance of your specific type.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 363 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 141 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.casemodule.Case.isCaseOpen().
|
private |
Get the associated AbstractFile from a node, if it exists.
node | The node |
Definition at line 414 of file DataContentViewerOtherCases.java.
|
private |
Get the associated BlackboardArtifact from a node, if it exists.
node | The node |
Definition at line 391 of file DataContentViewerOtherCases.java.
|
private |
Get the date a case was created
caseTableRowIdx | the row from the casesTable representing the case |
Definition at line 935 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCaseByUUID(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase.getCaseUUID(), org.sleuthkit.autopsy.casemodule.Case.getCreatedDate(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled().
|
private |
Get all other abstract files in the current case with the same MD5 as the selected node.
corAttr | The CorrelationAttribute containing the MD5 to search for |
openCase | The current case |
NoCurrentCaseException | |
TskCoreException | |
EamDbException |
Definition at line 635 of file DataContentViewerOtherCases.java.
Component org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getComponent | ( | ) |
Return the Swing Component to display. Implementations of this method that extend JPanel and do a 'return this;'. Otherwise return an internal instance of the JPanel.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 368 of file DataContentViewerOtherCases.java.
|
private |
Query the central repo database (if enabled) and the case database to find all artifact instances correlated to the given central repository artifact. If the central repo is not enabled, this will only return files from the current case with matching MD5 hashes.
corAttr | CorrelationAttribute to query for |
dataSourceName | Data source to filter results |
deviceId | Device Id to filter results |
Definition at line 570 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getArtifactInstancesByTypeValue(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationType(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationValue(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.casemodule.Case.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled().
|
private |
Determine what attributes can be used for correlation based on the node. If EamDB is not enabled, get the default Files correlation.
node | The node to correlate |
Definition at line 461 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getDefaultCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().
String org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getTitle | ( | ) |
Returns the title of this viewer to display in the tab.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 353 of file DataContentViewerOtherCases.java.
String org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getToolTip | ( | ) |
Returns a short description of this viewer to use as a tool tip for its tab.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 358 of file DataContentViewerOtherCases.java.
|
private |
This method is called from within the constructor to initialize the form. WARNING: Do NOT modify this code. The content of this method is always regenerated by the Form Editor.
Definition at line 960 of file DataContentViewerOtherCases.java.
int org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.isPreferred | ( | Node | node | ) |
Checks whether the given viewer is preferred for the Node. This is a bit subjective, but the idea is that Autopsy wants to display the most relevant tab. The more generic the viewer, the lower the return value should be. This will only be called on viewers that support the given node (i.e., isSupported() has already returned true).
The following are some examples of the current levels in use. If the selected node is an artifact, the level may be determined by both the artifact and its associated file.
Level 7 - Based on the artifact, if any, in the selected node and specific to an artifact type or types. Current content viewers that can return level 7 are the Messages tab (only supported for email and SMS) and the Text tab when the selected node is a Keyword Search hit.
Level 6 - Based on the artifact, if any, in the selected node but not restricted to particular types. The current content viewer that can return level 6 is the Results tab. It returns this level for most artifact types, unless the associated file is assumed to be of greater interest (for example, a Hash Set Hit will not be level 6 because the file itself is of greater interest).
Level 5 - Based on the file in the selected node and very specific to the file type. The current content viewer that will return level 5 is the Application tab, which supports media files (such as images) and certain types of databases.
Level 4 - Based on the file in the selected node but fairly general. Currently this is the level returned by the Text tab if Keyword Search has been run (unless the node is a Keyword Search hit or a Credit Card account). This is the default tab for most files.
Level 3 - Based on the artifact, if any, in the selected node where the artifact is thought to be of less interest than the associated file. This level is returned by the Results tab for artifacts like Hash Set Hits.
Level 1 - Very general and should always be available. The Hex, Text, and Metadata tabs are all this level
Level 0 - For cases where the content viewer should never be displayed by default.
node | Node to check for preference |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 378 of file DataContentViewerOtherCases.java.
boolean org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.isSupported | ( | Node | node | ) |
Checks whether the given node is supported by the viewer. This will be used to enable or disable the tab for the viewer.
node | Node to check for support |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 695 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled().
|
private |
Create a unique string to be used as a key for deduping data sources as best as possible
Definition at line 795 of file DataContentViewerOtherCases.java.
|
private |
Load the correlatable data into the table model. If there is no data available display the message on the status panel.
node | The node being viewed. |
Definition at line 734 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.casemodule.Case.getName(), org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesCasesTableModel.getRowCount(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
|
private |
Reset the UI and clear cached data.
Definition at line 338 of file DataContentViewerOtherCases.java.
void org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.resetComponent | ( | ) |
Resets the contents of the viewer / component.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 373 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1103 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled().
|
private |
Definition at line 275 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getExportDirectory(), and org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesCasesTableModel.getRowCount().
|
private |
Gets the list of Eam Cases and determines the earliest case creation date. Sets the label to display the earliest date string to the user.
Definition at line 529 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCases(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled().
void org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.setNode | ( | Node | selectedNode | ) |
Autopsy will call this when this panel is focused with the file that should be analyzed. When called with null, must clear all references to previous nodes.
selectedNode | the node which is used to determine what is displayed in this viewer |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 712 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 239 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCaseByUUID(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase.getCaseDetailsOptionsPaneDialog(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase.getCaseUUID(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase.getDisplayName(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance().
|
private |
Show how common the selected correlationAttributes are with details dialog.
Definition at line 199 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getFrequencyPercentage(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance().
|
private |
Updates diplayed information to be correct for the current case selection
Definition at line 802 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getName().
|
private |
Updates diplayed information to be correct for the current data source selection
Definition at line 852 of file DataContentViewerOtherCases.java.
|
private |
Update the data displayed in the details section to be correct for the currently selected File
Definition at line 888 of file DataContentViewerOtherCases.java.
References org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesCasesTableModel.getValueAt().
|
private |
Write data for all cases in the content viewer to a CSV file
Definition at line 308 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1119 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1120 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1121 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1122 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 97 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 100 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1118 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 101 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1123 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1124 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 98 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1125 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 102 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1126 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1127 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1128 of file DataContentViewerOtherCases.java.
|
private |
Could be null.
Definition at line 106 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1129 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 96 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1130 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1131 of file DataContentViewerOtherCases.java.
|
staticprivate |
Definition at line 93 of file DataContentViewerOtherCases.java.
|
staticprivate |
Definition at line 94 of file DataContentViewerOtherCases.java.
|
staticprivate |
Definition at line 95 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 99 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1132 of file DataContentViewerOtherCases.java.
|
staticprivate |
Definition at line 91 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1133 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1134 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1135 of file DataContentViewerOtherCases.java.
|
private |
Definition at line 1136 of file DataContentViewerOtherCases.java.
|
staticprivate |
Definition at line 92 of file DataContentViewerOtherCases.java.
Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.