Autopsy
4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits PropertyChangeListener.
Classes | |
class | CentralRepoHashSet |
class | HashDb |
class | HashDbIndexer |
class | HashDbManagerException |
enum | SetEvt |
class | SleuthkitHashSet |
Public Member Functions | |
synchronized HashDb | addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabaseNoSave (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized void | addPropertyChangeListener (PropertyChangeListener listener) |
synchronized List< HashDb > | getAllHashSets () |
synchronized List< HashDb > | getKnownBadFileHashSets () |
synchronized List< HashDb > | getKnownFileHashSets () |
synchronized List< HashDb > | getUpdateableHashSets () |
synchronized void | loadLastSavedConfiguration () |
void | propertyChange (PropertyChangeEvent event) |
synchronized void | removeHashDatabase (HashDb hashDb) throws HashDbManagerException |
synchronized void | removeHashDatabaseNoSave (HashDb hashDb) throws HashDbManagerException |
synchronized void | removePropertyChangeListener (PropertyChangeListener listener) |
Static Public Member Functions | |
static synchronized HashDbManager | getInstance () |
Private Member Functions | |
HashDbManager () | |
SleuthkitHashSet | addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException |
void | closeHashDatabases (List< HashDb > hashDatabases) |
void | configureSettings (HashLookupSettings settings) |
List< HashDbInfo > | getCentralRepoHashSetsFromDatabase () |
List< HashDb > | getUpdateableHashSets (List< HashDb > hashDbs) |
String | getValidFilePath (String hashSetName, String configuredPath) |
boolean | hashDbInfoIsNew (HashDbInfo dbInfo) |
void | loadHashsetsConfiguration () |
String | searchForFile () |
void | updateHashSetsFromCentralRepository () throws TskCoreException |
Static Private Member Functions | |
static HashDb.KnownFilesType | convertFileKnown (TskData.FileKnown fileKnown) |
Private Attributes | |
boolean | allDatabasesLoadedCorrectly = false |
Set< String > | hashSetNames = new HashSet<>() |
Set< String > | hashSetPaths = new HashSet<>() |
List< HashDb > | hashSets = new ArrayList<>() |
Static Private Attributes | |
static final String | HASH_DATABASE_FILE_EXTENSON = "kdb" |
static HashDbManager | instance = null |
static final Logger | logger = Logger.getLogger(HashDbManager.class.getName()) |
This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or notable.
Definition at line 65 of file HashDbManager.java.
|
private |
Definition at line 110 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds an existing hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
hashSetName | Name used to represent the hash database in user interface components. |
path | Full path to either a hash database file or a hash database index file. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 155 of file HashDbManager.java.
|
private |
Definition at line 241 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_ADDED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds a new hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
hashSetName | Hash set name used to represent the hash database in user interface components. |
path | Full path to the database file to be created. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 202 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Definition at line 213 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 98 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.customizeComponents().
|
private |
Definition at line 531 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
|
private |
Configures the given settings object by adding all contained hash db to the system.
settings | The settings to configure. |
Definition at line 561 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled(), org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
|
staticprivate |
Definition at line 512 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets | ( | ) |
Gets all of the hash databases used to classify files as known or known bad. Will add any new central repository databases to the list before returning it.
Definition at line 415 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.saveSettings().
|
private |
Definition at line 491 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.convertFileKnown(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getAllReferenceSets(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
static |
Gets the singleton instance of this class.
Definition at line 91 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), org.sleuthkit.autopsy.modules.hashdatabase.ImportCentralRepoDbProgressDialog.CentralRepoImportWorker.done(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), and org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getScorePropertyAndDescription().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as notable.
Definition at line 450 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getScorePropertyAndDescription(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known.
Definition at line 432 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets | ( | ) |
Gets all of the hash databases that accept updates.
Definition at line 468 of file HashDbManager.java.
|
private |
Definition at line 472 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
private |
Definition at line 648 of file HashDbManager.java.
References org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Definition at line 639 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
private |
Definition at line 544 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration | ( | ) |
Restores the last saved hash sets configuration. This supports cancellation of configuration panels.
Definition at line 523 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange | ( | PropertyChangeEvent | event | ) |
Definition at line 315 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Removes a hash database from the set of hash databases used to classify files as known or notable and saves the configuration.
hashDb |
HashDbManagerException |
Definition at line 339 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Definition at line 344 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_DELETED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning(), and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.deleteDatabaseButtonActionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.hashSetTableKeyPressed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.indexButtonActionPerformed(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 102 of file HashDbManager.java.
|
private |
Definition at line 674 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath().
|
private |
Definition at line 625 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashDbInfoIsNew(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets().
|
private |
Definition at line 74 of file HashDbManager.java.
|
staticprivate |
Definition at line 67 of file HashDbManager.java.
|
private |
Definition at line 70 of file HashDbManager.java.
|
private |
Definition at line 71 of file HashDbManager.java.
|
private |
Definition at line 69 of file HashDbManager.java.
|
staticprivate |
Definition at line 68 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
|
staticprivate |
Definition at line 73 of file HashDbManager.java.
Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.