Autopsy  4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.coreutils.AppDBParserHelper Class Reference

Classes

enum  CallMediaType
 
enum  CommunicationDirection
 
enum  MessageReadStatusEnum
 

Public Member Functions

 AppDBParserHelper (String moduleName, AbstractFile dbFile, Account.Type accountsType) throws TskCoreException
 
 AppDBParserHelper (String moduleName, AbstractFile dbFile, Account.Type accountsType, Account.Type selfAccountType, Account.Address selfAccountAddress) throws TskCoreException
 
 AppDBParserHelper (String moduleName, AbstractFile dbFile)
 
BlackboardArtifact addCalllog (CommunicationDirection direction, Account.Address fromAddress, Account.Address toAddress, long startDateTime, long endDateTime)
 
BlackboardArtifact addCalllog (CommunicationDirection direction, Account.Address fromAddress, Account.Address toAddress, long startDateTime, long endDateTime, CallMediaType mediaType)
 
BlackboardArtifact addCalllog (CommunicationDirection direction, Account.Address fromAddress, Account.Address toAddress, long startDateTime, long endDateTime, CallMediaType mediaType, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addCalllog (CommunicationDirection direction, Account.Address fromAddress, Collection< Account.Address > toAddressList, long startDateTime, long endDateTime)
 
BlackboardArtifact addCalllog (CommunicationDirection direction, Account.Address fromAddress, Collection< Account.Address > toAddressList, long startDateTime, long endDateTime, CallMediaType mediaType)
 
BlackboardArtifact addCalllog (CommunicationDirection direction, Account.Address fromAddress, Collection< Account.Address > toAddressList, long startDateTime, long endDateTime, CallMediaType mediaType, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addContact (String contactAccountUniqueID, String contactName, String phoneNumber, String homePhoneNumber, String mobilePhoneNumber, String emailAddr)
 
BlackboardArtifact addContact (String contactAccountUniqueID, String contactName, String phoneNumber, String homePhoneNumber, String mobilePhoneNumber, String emailAddr, Collection< BlackboardAttribute > additionalAttributes)
 
BlackboardArtifact addGPSLocation (double latitude, double longitude, long timeStamp, String poiName, String programName)
 
BlackboardArtifact addGPSLocation (double latitude, double longitude, long timeStamp, String name, String programName, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addInstalledProgram (String programName, long dateInstalled)
 
BlackboardArtifact addInstalledProgram (String programName, long dateInstalled, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addMessage (String messageType, CommunicationDirection direction, Account.Address fromAddress, Account.Address toAddress, long dateTime, MessageReadStatusEnum readStatus, String subject, String messageText, String threadId)
 
BlackboardArtifact addMessage (String messageType, CommunicationDirection direction, Account.Address fromAddress, Account.Address toAddress, long dateTime, MessageReadStatusEnum readStatus, String subject, String messageText, String threadId, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addMessage (String messageType, CommunicationDirection direction, Account.Address fromAddress, List< Account.Address > recipientsList, long dateTime, MessageReadStatusEnum readStatus, String subject, String messageText, String threadId)
 
BlackboardArtifact addMessage (String messageType, CommunicationDirection direction, Account.Address fromAddress, List< Account.Address > recipientsList, long dateTime, MessageReadStatusEnum readStatus, String subject, String messageText, String threadId, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addWebBookmark (String url, String title, long creationTime, String progName)
 
BlackboardArtifact addWebBookmark (String url, String title, long creationTime, String progName, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addWebCookie (String url, long creationTime, String name, String value, String programName)
 
BlackboardArtifact addWebCookie (String url, long creationTime, String name, String value, String programName, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addWebDownload (String path, long startTime, String url, String progName)
 
BlackboardArtifact addWebDownload (String path, long startTime, String url, String programName, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addWebFormAddress (String personName, String email, String phoneNumber, String mailingAddress, long creationTime, long accessTime, int count)
 
BlackboardArtifact addWebFormAddress (String personName, String email, String phoneNumber, String mailingAddress, long creationTime, long accessTime, int count, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addWebFormAutofill (String name, String value, long creationTime, long accessTime, int count)
 
BlackboardArtifact addWebFormAutofill (String name, String value, long creationTime, long accessTime, int count, Collection< BlackboardAttribute > otherAttributesList)
 
BlackboardArtifact addWebHistory (String url, long accessTime, String referrer, String title, String programName)
 
BlackboardArtifact addWebHistory (String url, long accessTime, String referrer, String title, String programName, Collection< BlackboardAttribute > otherAttributesList)
 

Private Member Functions

void addRelationship (AccountFileInstance selfAccountInstance, AccountFileInstance otherAccountInstance, BlackboardArtifact sourceArtifact, Relationship.Type relationshipType, long dateTime)
 
String addressListToString (Collection< Account.Address > addressList)
 
AccountFileInstance createAccountInstance (Account.Type accountType, String accountUniqueID) throws TskCoreException
 

Private Attributes

final Account.Type accountsType
 
final AbstractFile dbAbstractFile
 
final String moduleName
 
final AccountFileInstance selfAccountInstance
 

Static Private Attributes

static final Logger logger = Logger.getLogger(AppDBParserHelper.class.getName())
 

Detailed Description

A helper class to support modules that parse SQLite databases from mobile apps and create artifacts.

Definition at line 46 of file AppDBParserHelper.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.coreutils.AppDBParserHelper.AppDBParserHelper ( String  moduleName,
AbstractFile  dbFile,
Account.Type  accountsType 
) throws TskCoreException

Constructs a AppDB parser helper for the given DB file.

This is a constructor for Apps that that do not have any app specific account information for device owner and will use a 'Device' account in lieu.

It creates a DeviceAccount instance to use as a self account.

Parameters
moduleNamename module using the helper
dbFiledatabase file being parsed by the module
accountsTypeaccount types created by this module
Exceptions
TskCoreException

Definition at line 124 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.accountsType, org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.coreutils.AppDBParserHelper.moduleName.

org.sleuthkit.autopsy.coreutils.AppDBParserHelper.AppDBParserHelper ( String  moduleName,
AbstractFile  dbFile,
Account.Type  accountsType,
Account.Type  selfAccountType,
Account.Address  selfAccountAddress 
) throws TskCoreException

Constructs a AppDB parser helper for the given DB file.

This constructor is for Apps that do have app specific account information for the device owner to create a 'self' account.

It creates a an account instance with specified type & id and uses it as a self account.

Parameters
moduleNamename module using the helper
dbFiledatabase file being parsed by the module
accountsTypeaccount types created by this module
selfAccountTypeself account type to be created for this module
selfAccountAddressaccount unique id for the self account
Exceptions
TskCoreException

Definition at line 149 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.accountsType, org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.coreutils.AppDBParserHelper.moduleName.

org.sleuthkit.autopsy.coreutils.AppDBParserHelper.AppDBParserHelper ( String  moduleName,
AbstractFile  dbFile 
)

Constructs a AppDB parser helper for the given DB file.

This is a constructor for Apps that do not need to create any accounts/relationships.

Parameters
moduleNamename of module parsing the DB
dbFiledb file

Definition at line 168 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.accountsType, and org.sleuthkit.autopsy.coreutils.AppDBParserHelper.moduleName.

Member Function Documentation

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog ( CommunicationDirection  direction,
Account.Address  fromAddress,
Account.Address  toAddress,
long  startDateTime,
long  endDateTime 
)

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callee, and creates a relationship between the self account and the caller/callee account.

Parameters
directioncall direction
fromAddresscaller address, may be empty
toAddresscallee address, may be empty
startDateTimestart date/time
endDateTimeend date/time
Returns
call log artifact

Definition at line 510 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.CallMediaType.UNKNOWN.

Referenced by org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog ( CommunicationDirection  direction,
Account.Address  fromAddress,
Account.Address  toAddress,
long  startDateTime,
long  endDateTime,
CallMediaType  mediaType 
)

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callee, and creates a relationship between the self account and the caller/callee account.

Parameters
directioncall direction
fromAddresscaller address, may be empty
toAddresscallee address, may be empty
startDateTimestart date/time
endDateTimeend date/time
mediaTypemedia type
Returns
call log artifact

Definition at line 533 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog ( CommunicationDirection  direction,
Account.Address  fromAddress,
Account.Address  toAddress,
long  startDateTime,
long  endDateTime,
CallMediaType  mediaType,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/receiver, and creates a relationship between the self account and the caller/receiver account.

Parameters
directioncall direction
fromAddresscaller address, may be empty
toAddresscallee address, may be empty
startDateTimestart date/time
endDateTimeend date/time
mediaTypemedia type
otherAttributesListother attributes
Returns
call log artifact

Definition at line 557 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog ( CommunicationDirection  direction,
Account.Address  fromAddress,
Collection< Account.Address >  toAddressList,
long  startDateTime,
long  endDateTime 
)

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callees, and creates a relationship between the device owner account and the caller account as well between the device owner account and each callee account

Parameters
directioncall direction
fromAddresscaller address, may be empty
toAddressListcallee address list, may be empty
startDateTimestart date/time
endDateTimeend date/time
Returns
call log artifact

Definition at line 586 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog(), and org.sleuthkit.autopsy.coreutils.AppDBParserHelper.CallMediaType.UNKNOWN.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog ( CommunicationDirection  direction,
Account.Address  fromAddress,
Collection< Account.Address >  toAddressList,
long  startDateTime,
long  endDateTime,
CallMediaType  mediaType 
)

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callees, and creates a relationship between the device owner account and the caller account as well between the device owner account and each callee account

Parameters
directioncall direction
fromAddresscaller address, may be empty
toAddressListcallee address list, may be empty
startDateTimestart date/time
endDateTimeend date/time
mediaTypecall media type
Returns
call log artifact

Definition at line 612 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog ( CommunicationDirection  direction,
Account.Address  fromAddress,
Collection< Account.Address >  toAddressList,
long  startDateTime,
long  endDateTime,
CallMediaType  mediaType,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callees, and creates a relationship between the device owner account and the caller account as well between the device owner account and each callee account

Parameters
directioncall direction
fromAddresscaller address, may be empty
toAddressListcallee address list, may be empty
startDateTimestart date/time
endDateTimeend date/time
mediaTypecalled media type
otherAttributesListother attributes
Returns
calllog artifact

Definition at line 641 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.accountsType, org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addRelationship(), org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addressListToString(), org.sleuthkit.autopsy.coreutils.AppDBParserHelper.createAccountInstance(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.coreutils.AppDBParserHelper.CommunicationDirection.getString(), and org.sleuthkit.autopsy.coreutils.AppDBParserHelper.CommunicationDirection.UNKNOWN.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addContact ( String  contactAccountUniqueID,
String  contactName,
String  phoneNumber,
String  homePhoneNumber,
String  mobilePhoneNumber,
String  emailAddr 
)

Creates and adds a TSK_CONTACT artifact to the case, with specified attributes. Also creates an account instance of specified type for the contact with the specified ID.

Parameters
contactAccountUniqueIDunique id for the contact's account
contactNameName of contact
phoneNumberprimary phone number for contact
homePhoneNumberhome phone number
mobilePhoneNumbermobile phone number,
emailAddrEmail address for contact
Returns
artifact created

Definition at line 192 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addContact ( String  contactAccountUniqueID,
String  contactName,
String  phoneNumber,
String  homePhoneNumber,
String  mobilePhoneNumber,
String  emailAddr,
Collection< BlackboardAttribute >  additionalAttributes 
)

Creates and adds a TSK_CONTACT artifact to the case, with specified attributes. Also creates an account instance for the contact with the specified ID.

Parameters
contactAccountUniqueIDunique id for contact account
contactNameName of contact
phoneNumberprimary phone number for contact
homePhoneNumberhome phone number
mobilePhoneNumbermobile phone number,
emailAddrEmail address for contact
additionalAttributesadditional attributes for contact
Returns
contact artifact created

Definition at line 219 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.accountsType, org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addRelationship(), org.sleuthkit.autopsy.coreutils.AppDBParserHelper.createAccountInstance(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addGPSLocation ( double  latitude,
double  longitude,
long  timeStamp,
String  poiName,
String  programName 
)

Adds a TSK_GPS_TRACKPOINT artifact

Parameters
latitudelocation latitude
longitudelocation longitude
timeStampdate/time trackpoint recoded
poiNametrackpoint name
programNamename of program that recorded trackpoint
Returns
artifact added

Definition at line 1239 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addGPSLocation ( double  latitude,
double  longitude,
long  timeStamp,
String  name,
String  programName,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_GPS_TRACKPOINT artifact

Parameters
latitudelocation latitude
longitudelocation longitude
timeStampdate/time trackpoint recorded
nametrackpoint name
programNamename of program that recorded trackpoint
otherAttributesListother attributes
Returns
artifact added

Definition at line 1258 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addInstalledProgram ( String  programName,
long  dateInstalled 
)

Adds a TSK_INSTALLED_PROGRAM artifact

Parameters
programNamename of program
dateInstalleddate of install
Returns
artifact added

Definition at line 1180 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addInstalledProgram ( String  programName,
long  dateInstalled,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_INSTALLED_PROGRAM artifact

Parameters
programNamename of program
dateInstalleddate of install
otherAttributesListadditional attributes
Returns
artifact added

Definition at line 1194 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage ( String  messageType,
CommunicationDirection  direction,
Account.Address  fromAddress,
Account.Address  toAddress,
long  dateTime,
MessageReadStatusEnum  readStatus,
String  subject,
String  messageText,
String  threadId 
)

Adds a TSK_MESSAGE artifact.

Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver account.

Parameters
messageTypemessage type
directionmessage direction
fromAddresssender address, may be null
toAddressrecipient address, may be null
dateTimedate/time of message,
readStatusmessage read or not
subjectmessage subject, may be empty
messageTextmessage body, may be empty
threadId,messagethread id
Returns
message artifact

Definition at line 323 of file AppDBParserHelper.java.

Referenced by org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage ( String  messageType,
CommunicationDirection  direction,
Account.Address  fromAddress,
Account.Address  toAddress,
long  dateTime,
MessageReadStatusEnum  readStatus,
String  subject,
String  messageText,
String  threadId,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_MESSAGE artifact.

Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver account.

Parameters
messageTypemessage type
directionmessage direction
fromAddresssender address, may be empty
toAddressrecipient address, may be empty
dateTimedate/time of message,
readStatusmessage read or not
subjectmessage subject, may be empty
messageTextmessage body, may be empty
threadId,messagethread id
otherAttributesListadditional attributes
Returns
message artifact

Definition at line 356 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage ( String  messageType,
CommunicationDirection  direction,
Account.Address  fromAddress,
List< Account.Address >  recipientsList,
long  dateTime,
MessageReadStatusEnum  readStatus,
String  subject,
String  messageText,
String  threadId 
)

Adds a TSK_MESSAGE artifact.

Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver account.

This method is for messages with a multiple recipients.

Parameters
messageTypemessage type
directionmessage direction
fromAddresssender address, may be null
recipientsListrecipient address list, may be null or empty list
dateTimedate/time of message,
readStatusmessage read or not
subjectmessage subject, may be empty
messageTextmessage body, may be empty
threadId,messagethread id
Returns
message artifact

Definition at line 393 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage ( String  messageType,
CommunicationDirection  direction,
Account.Address  fromAddress,
List< Account.Address >  recipientsList,
long  dateTime,
MessageReadStatusEnum  readStatus,
String  subject,
String  messageText,
String  threadId,
Collection< BlackboardAttribute >  otherAttributesList 
)
void org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addRelationship ( AccountFileInstance  selfAccountInstance,
AccountFileInstance  otherAccountInstance,
BlackboardArtifact  sourceArtifact,
Relationship.Type  relationshipType,
long  dateTime 
)
private

Adds a relations between the two specified account instances.

Parameters
selfAccountdevice owner account
otherAccountother account
sourceArtifactartifact from which relationship is derived.
relationshipTypetype of relationship
dateTimedate/time of relationship

Definition at line 292 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog(), org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addContact(), and org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage().

String org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addressListToString ( Collection< Account.Address >  addressList)
private

Converts a list of addresses into a single comma separated string of addresses.

Parameters
addressList
Returns
comma separated string of addresses

Definition at line 1307 of file AppDBParserHelper.java.

Referenced by org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addCalllog(), and org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addMessage().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebBookmark ( String  url,
String  title,
long  creationTime,
String  progName 
)

Adds a TSK_WEB_BOOKMARK artifact.

Parameters
urlbookmark URL
titlebookmark title, may be empty
creationTimedate/time created
progNameapplication/program that created bookmark
Returns
bookmark artifact

Definition at line 724 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebBookmark ( String  url,
String  title,
long  creationTime,
String  progName,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_WEB_BOOKMARK artifact.

Parameters
urlbookmark URL
titlebookmark title, may be empty
creationTimedate/time created
progNameapplication/program that created bookmark
otherAttributesListother attributes
Returns
bookmark artifact

Definition at line 740 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebCookie ( String  url,
long  creationTime,
String  name,
String  value,
String  programName 
)

Adds a TSK_WEB_COOKIE artifact

Parameters
urlurl of the site that created the cookie
creationTimecreate time of cookie
namecookie name
valuecookie value
programNamename of the application that created the cookie
Returns
WebCookie artifact

Definition at line 795 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebCookie ( String  url,
long  creationTime,
String  name,
String  value,
String  programName,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_WEB_COOKIE artifact

Parameters
urlurl of the site that created the cookie
creationTimecreate time of cookie
namecookie name
valuecookie value
programNamename of the application that created the cookie
otherAttributesListother attributes
Returns
WebCookie artifact

Definition at line 815 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebDownload ( String  path,
long  startTime,
String  url,
String  progName 
)

Created a TSK_WEB_DOWNNLOAD artifact

Parameters
pathpath of downloaded file
startTimedate/time downloaded
urlURL downloaded from
progNameprogram that initiated download
Returns
artifact created

Definition at line 952 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebDownload ( String  path,
long  startTime,
String  url,
String  programName,
Collection< BlackboardAttribute >  otherAttributesList 
)

Created a TSK_WEB_DOWNNLOAD artifact

Parameters
pathpath of downloaded file
startTimedate/time downloaded
urlURL downloaded from
programNameprogram that initiated download
otherAttributesListother attributes
Returns
artifact created

Convert path to pathID

Definition at line 968 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebFormAddress ( String  personName,
String  email,
String  phoneNumber,
String  mailingAddress,
long  creationTime,
long  accessTime,
int  count 
)

Adds a TSK_WEB_FORM_AUTOFILL artifact.

Parameters
personNameperson name
emailemail address
phoneNumberphone number
mailingAddressmailing address
creationTimecreation time
accessTimelast access time
countuse count
Returns
artifact created

Definition at line 1099 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebFormAddress ( String  personName,
String  email,
String  phoneNumber,
String  mailingAddress,
long  creationTime,
long  accessTime,
int  count,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_WEB_FORM_AUTOFILL artifact.

Parameters
personNameperson name
emailemail address
phoneNumberphone number
mailingAddressmailing address
creationTimecreation time
accessTimelast access time
countuse count
otherAttributesListother attributes
Returns
artifact created

Definition at line 1121 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebFormAutofill ( String  name,
String  value,
long  creationTime,
long  accessTime,
int  count 
)

Adds a TSK_WEB_FORM_AUTOFILL artifact

Parameters
namename of autofill field
valuevalue of autofill field
creationTimecreate date/time
accessTimelast access date/time
countcount of times used
Returns
artifact created

Definition at line 1027 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebFormAutofill ( String  name,
String  value,
long  creationTime,
long  accessTime,
int  count,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a TSK_WEB_FORM_AUTOFILL artifact

Parameters
namename of autofill field
valuevalue of autofill field
creationTimecreate date/time
accessTimelast access date/time
countcount of times used
otherAttributesListadditional attributes
Returns
artifact created

Definition at line 1045 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebHistory ( String  url,
long  accessTime,
String  referrer,
String  title,
String  programName 
)

Adds a Web History artifact

Parameters
urlurl visited
accessTimelast access time
referrerreferrer, may be empty
titlewebsite title, may be empty
programName,applicationrecording the history
Returns
artifact created

Definition at line 874 of file AppDBParserHelper.java.

BlackboardArtifact org.sleuthkit.autopsy.coreutils.AppDBParserHelper.addWebHistory ( String  url,
long  accessTime,
String  referrer,
String  title,
String  programName,
Collection< BlackboardAttribute >  otherAttributesList 
)

Adds a Web History artifact

Parameters
urlurl visited
accessTimelast access time
referrerreferrer, may be empty
titlewebsite title, may be empty
programName,applicationrecording the history
otherAttributesListother attributes
Returns
artifact created

Definition at line 894 of file AppDBParserHelper.java.

References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

AccountFileInstance org.sleuthkit.autopsy.coreutils.AppDBParserHelper.createAccountInstance ( Account.Type  accountType,
String  accountUniqueID 
) throws TskCoreException
private

Member Data Documentation

final Account.Type org.sleuthkit.autopsy.coreutils.AppDBParserHelper.accountsType
private
final AbstractFile org.sleuthkit.autopsy.coreutils.AppDBParserHelper.dbAbstractFile
private

Definition at line 101 of file AppDBParserHelper.java.

final Logger org.sleuthkit.autopsy.coreutils.AppDBParserHelper.logger = Logger.getLogger(AppDBParserHelper.class.getName())
staticprivate

Definition at line 48 of file AppDBParserHelper.java.

final String org.sleuthkit.autopsy.coreutils.AppDBParserHelper.moduleName
private
final AccountFileInstance org.sleuthkit.autopsy.coreutils.AppDBParserHelper.selfAccountInstance
private

Definition at line 105 of file AppDBParserHelper.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.