Static Public Member Functions
static String	getEmailAddressAttrString ()

static CorrelationAttributeInstance	getInstanceFromContent (Content content)

static boolean	isSupportedAbstractFileType (AbstractFile file)

static CorrelationAttributeInstance	makeInstanceFromContent (Content content)

static List< CorrelationAttributeInstance >	makeInstancesFromBlackboardArtifact (BlackboardArtifact artifact, boolean checkEnabled)

Private Member Functions
	EamArtifactUtil ()

Static Private Member Functions
static void	addCorrelationAttributeToList (List< CorrelationAttributeInstance > eamArtifacts, BlackboardArtifact artifact, ATTRIBUTE_TYPE bbAttributeType, int typeId) throws EamDbException, TskCoreException

static CorrelationAttributeInstance	makeCorrelationAttributeInstanceUsingTypeValue (BlackboardArtifact bbArtifact, CorrelationAttributeInstance.Type correlationType, String value)

Static Private Attributes
static final Logger	logger = Logger.getLogger(EamArtifactUtil.class.getName())

Detailed Description

Utility class for correlation attributes in the central repository

Definition at line 41 of file EamArtifactUtil.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil ( )

private

Constructs a new EamArtifactUtil

Definition at line 377 of file EamArtifactUtil.java.

Member Function Documentation

static void org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.addCorrelationAttributeToList	(	List< CorrelationAttributeInstance >	eamArtifacts,
		BlackboardArtifact	artifact,
		ATTRIBUTE_TYPE	bbAttributeType,
		int	typeId
	)		throws EamDbException, TskCoreException

staticprivate

Add a CorrelationAttributeInstance of the specified type to the provided list if the artifactForInstance has an Attribute of the given type with a non empty value.

Parameters

eamArtifacts	the list of CorrelationAttributeInstance objects which should be added to
artifact	the blackboard artifactForInstance which we are creating a CorrelationAttributeInstance for
bbAttributeType	the type of BlackboardAttribute we expect to exist for a CorrelationAttributeInstance of this type generated from this Blackboard Artifact
typeId	the integer type id of the CorrelationAttributeInstance type

Exceptions

EamDbException
TskCoreException

Definition at line 169 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeInstanceUsingTypeValue().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().

static String org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString ( )

static

Definition at line 46 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getInstanceFromContent ( Content content )

static

Retrieve CorrelationAttribute from the given Content.

Parameters

content The content object

Returns: The new CorrelationAttribute, or null if retrieval failed.

Definition at line 230 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationAttributeInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType().

Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), org.sleuthkit.autopsy.datamodel.AbstractAbstractFileNode< SpecialDirectory >.getCorrelationAttributeInstance(), and org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getCorrelationAttributeInstance().

static boolean org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType ( AbstractFile file )

static

Check whether the given abstract file should be processed for the central repository.

Parameters

file	The file to test

Returns: true if the file should be added to the central repo, false otherwise

Definition at line 350 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.CentralRepoContextMenuActionsProvider.getActions(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getInstanceFromContent(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromContent().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeInstanceUsingTypeValue	(	BlackboardArtifact	bbArtifact,
		CorrelationAttributeInstance.Type	correlationType,
		String	value
	)

staticprivate

Uses the determined type and vallue, then looks up instance details to create proper CorrelationAttributeInstance.

Parameters

bbArtifact	the blackboard artifactForInstance
correlationType	the given type
value	the artifactForInstance value

Returns: CorrelationAttributeInstance from details, or null if validation failed or another error occurred

Definition at line 193 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.addCorrelationAttributeToList(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromContent ( Content content )

static

Create an EamArtifact from the given Content. Will return null if an artifactForInstance can not be created - this is not necessarily an error case, it just means an artifactForInstance can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.

Does not add the artifactForInstance to the database.

Parameters

content The content object

Returns: The new EamArtifact or null if creation failed

Definition at line 300 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType().

Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.ContentTagTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().

static List<CorrelationAttributeInstance> org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact	(	BlackboardArtifact	artifact,
		boolean	checkEnabled
	)

static

Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.

Parameters

artifact	BlackboardArtifact to examine
checkEnabled	If true, only create a CorrelationAttribute if it is enabled

Returns: List of EamArtifacts

Definition at line 62 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.contentviewers.AnnotationsContentViewer.populateCentralRepositoryData(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.BlackboardTagTask.run(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.DataAddedTask.run().

Member Data Documentation

final Logger org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.logger = Logger.getLogger(EamArtifactUtil.class.getName())

staticprivate

Definition at line 43 of file EamArtifactUtil.java.

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java

Static Public Member Functions

Private Member Functions

Static Private Member Functions

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation