Autopsy
4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Static Public Member Functions | |
static String | normalize (CorrelationAttributeInstance.Type attributeType, String data) throws CorrelationAttributeNormalizationException |
static String | normalize (int attributeTypeId, String data) throws CorrelationAttributeNormalizationException |
Private Member Functions | |
CorrelationAttributeNormalizer () | |
Static Private Member Functions | |
static String | normalizeDomain (String data) throws CorrelationAttributeNormalizationException |
static String | normalizeEmail (String data) throws CorrelationAttributeNormalizationException |
static String | normalizeIccid (String data) throws CorrelationAttributeNormalizationException |
static String | normalizeImei (String data) throws CorrelationAttributeNormalizationException |
static String | normalizeImsi (String data) throws CorrelationAttributeNormalizationException |
static String | normalizeMac (String data) throws CorrelationAttributeNormalizationException |
static String | normalizeMd5 (String data) throws CorrelationAttributeNormalizationException |
static String | normalizePhone (String data) throws CorrelationAttributeNormalizationException |
static String | normalizeUsbId (String data) throws CorrelationAttributeNormalizationException |
static String | verifySsid (String data) throws CorrelationAttributeNormalizationException |
Static Private Attributes | |
static final String | SEPERATORS_REGEX = "[\\s-:]" |
Provides functions for normalizing data by attribute type before insertion or querying.
Definition at line 31 of file CorrelationAttributeNormalizer.java.
|
private |
This is a utility class - no need for constructing or subclassing, etc...
Definition at line 311 of file CorrelationAttributeNormalizer.java.
|
static |
Normalize the data. Converts text to lower case, and ensures that the data is a valid string of the format expected given the attributeType.
attributeType | correlation type of data |
data | data to normalize |
Definition at line 45 of file CorrelationAttributeNormalizer.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.DOMAIN_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.EMAIL_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.ICCID_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.IMEI_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.IMSI_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.MAC_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeDomain(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeEmail(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeIccid(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeImei(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeImsi(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeMac(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeMd5(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizePhone(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeUsbId(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.PHONE_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.SSID_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.USBID_TYPE_ID, and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.verifySsid().
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamGlobalFileInstance.EamGlobalFileInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamGlobalFileInstance.setMD5Hash().
|
static |
Validate the data. Converts text to lower case, and ensures that the data is a valid string of the format expected given the attributeType.
attributeTypeId | correlation type of data |
data | data to normalize |
Definition at line 95 of file CorrelationAttributeNormalizer.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getDefaultCorrelationTypes(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify there are no slashes or invalid domain name characters (such as '?'). Normalize to lower case.
Definition at line 128 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify that there is an '@' and no invalid characters. Should normalize to lower case.
Definition at line 146 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify the ICCID (Integrated Circuit Card Identifier) number and normalize format.
E.118 defines as up to 22 digits long including luhn check digit while GSM Phase 1 defines it as a 20 digit operator specific structure. They begin with 89 which is the ISO 7812 Major Industry Identifier for telecommunication, followed by a contry code of 1-3 digits as definted by ITU-T E.164, followed by issuer identifier 1-4 digits, followed by 1 luhn checksum digit (sometimes omitted). The hexidecimal digit F is used as filler when necessary in GSM Phase 1 specification.
18 digits appears to be the shortest ICCID in use.
data | The string to normalize and validate |
CorrelationAttributeNormalizationException | if the data was not a valid ICCID |
Definition at line 218 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify the IMEI (International Mobile Equipment Identity) number and normalize format.
14 to 16 digits digits 1 through 6 are TAC (Type Allocation Code) digits 7 and 8 are also part of the TAC in phones made in 2003 or later digits 7 and 8 are FAC (Final Assembly Code) in phones made prior to 2003 digits 9 through 14 are the serial number digits 15 and 16 if present represent an optional luhn checksum (or software version number when dealing with an IMEI software version)
data | The string to normalize and validate |
CorrelationAttributeNormalizationException | if the data was not a valid IMEI |
Definition at line 298 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify the IMSI (International mobile subscriber identity) number and normalize format.
First 3 digits Mobile Country Code 2-3 digits Mobile Network Code Up to 10 digits for mobile subscriber identification number MSIN
Length will be 14 or 15 digits total
data | The string to normalize and validate |
CorrelationAttributeNormalizationException | if the data was not a valid IMSI |
Definition at line 245 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify the MAC (media access control) address and normalize format.
A 12 or 16 Hexadecimal digits long depending on standard (Possible standards EUI-48, MAC-48, EUI-64)
data | The string to normalize and validate |
CorrelationAttributeNormalizationException | if the data was not a valid MAC |
Definition at line 269 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify MD5 is the correct length and values. Make lower case.
Definition at line 114 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify it is only numbers and '+'. Strip spaces, dashes, and parentheses.
Definition at line 158 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Vacuous - will be replaced with something reasonable later.
Definition at line 170 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Verify the wireless network name is valid
SSIDs for wireless networks can be at most 32 characters, are case sensitive, and allow special characters.
data | The string to normalize and validate |
CorrelationAttributeNormalizationException | if the data was not a valid SSID |
Definition at line 188 of file CorrelationAttributeNormalizer.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
|
staticprivate |
Definition at line 34 of file CorrelationAttributeNormalizer.java.
Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.