Autopsy
4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Public Member Functions | |
Map< String, Map< String, CommonAttributeValueList > > | getMetadata () |
Private Member Functions | |
Map< String, CommonAttributeValueList > | createTreeForCase (Map< String, CommonAttributeValue > valuesToKeepCurrentCase, Map< String, CommonAttributeValueList > dataSourceToValueList) throws EamDbException |
Map< String, Map< String, CommonAttributeValueList > > | filterMetadata (Map< String, Map< String, CommonAttributeValueList >> metadata, int percentageThreshold, int resultTypeId) |
boolean | filterValue (CorrelationAttributeInstance.Type attributeType, CommonAttributeValue value, int maximumPercentageThreshold, Double uniqueCaseDataSourceTuples) throws EamDbException |
Map< String, CommonAttributeValue > | getValuesToKeepFromCurrentCase (Map< String, CommonAttributeValueList > dataSourceToValueList, CorrelationAttributeInstance.Type attributeType, int maximumPercentageThreshold, Double uniqueCaseDataSourceTuples) throws EamDbException |
Private Attributes | |
final Map< String, Map< String, CommonAttributeValueList > > | caseNameToDataSources |
Static Private Attributes | |
static final Logger | LOGGER = Logger.getLogger(CommonAttributeCaseSearchResults.class.getName()) |
Stores the results from the various types of common attribute searching Stores results based on how they are currently displayed in the UI
Definition at line 41 of file CommonAttributeCaseSearchResults.java.
|
private |
Create a new map representing the portion of the tree for a single case
valuesToKeepCurrentCase | a map of correlation value to CommonAttributeValue for results from the current case to substitute in |
dataSourceToValueList | the reslts for a single case which need to be filtered |
EamDbException |
Definition at line 199 of file CommonAttributeCaseSearchResults.java.
References org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeValue.getValue().
Referenced by org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterMetadata().
|
private |
Get an unmodifiable collection of values, indexed by case name, which represents the common attributes found in the search.
Remove results which are not found in the portion of available data sources described by maximumPercentageThreshold.
metadata | the unfiltered metadata |
percentageThreshold | the percentage threshold that a file should not be more common than |
resultTypeId | the ID of the result type contained in the metadata |
Definition at line 113 of file CommonAttributeCaseSearchResults.java.
References org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.createTreeForCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCountUniqueDataSources(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getDefaultCorrelationTypes(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.getValuesToKeepFromCurrentCase().
|
private |
Determine if a value should be included in the results displayed to the user
attributeType | the result type contained in the metadata |
value | the correlationAttributeValue we are evaluating |
maximumPercentageThreshold | the percentage threshold that a file should not be more common than |
uniqueCaseDataSourceTuples | the number of unique data sources in the CR |
EamDbException |
Definition at line 233 of file CommonAttributeCaseSearchResults.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCountUniqueCaseDataSourceTuplesHavingTypeValue(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance().
Referenced by org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.getValuesToKeepFromCurrentCase().
Map<String, Map<String, CommonAttributeValueList> > org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.getMetadata | ( | ) |
Get an unmodifiable collection of values, indexed by case name, which represents the common attributes found in the search.
Definition at line 94 of file CommonAttributeCaseSearchResults.java.
|
private |
Get the values from the results for the current case
dataSourceToValueList | the map of datasources to their CommonAttributeValueLists for the current case |
attributeType | the result type contained in the metadata |
maximumPercentageThreshold | the percentage threshold that a file should not be more common than |
uniqueCaseDataSourceTuples | the number of unique data sources in the CR |
EamDbException |
Definition at line 169 of file CommonAttributeCaseSearchResults.java.
References org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterValue(), and org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeValue.getValue().
Referenced by org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterMetadata().
|
private |
Definition at line 46 of file CommonAttributeCaseSearchResults.java.
|
staticprivate |
Definition at line 43 of file CommonAttributeCaseSearchResults.java.
Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.