Autopsy  4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Static Public Member Functions | Private Member Functions | Static Private Member Functions | Static Private Attributes | List of all members
org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter Class Reference

Static Public Member Functions

static void export (List< TagName > tagTypes, List< String > interestingItemSets, File caseReportFolder, ReportProgressPanel progressPanel) throws IOException, SQLException, NoCurrentCaseException, TskCoreException
 
static void generateReport (Long selectedDataSourceId, String reportOutputPath, ReportProgressPanel progressPanel)
 

Private Member Functions

 CaseUcoFormatExporter ()
 

Static Private Member Functions

static JsonGenerator createJsonGenerator (File reportFile) throws IOException
 
static void finilizeJsonOutputFile (JsonGenerator catalog) throws IOException
 
static void initializeJsonOutputFile (JsonGenerator catalog) throws IOException
 
static String saveCaseInfo (SleuthkitCase skCase, JsonGenerator catalog) throws TskCoreException, SQLException, IOException, NoCurrentCaseException
 
static String saveDataSourceInCaseUcoFormat (JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId, String caseTraceId) throws IOException
 
static String saveDataSourceInfo (Long selectedDataSourceId, String caseTraceId, SleuthkitCase skCase, JsonGenerator jsonGenerator) throws TskCoreException, SQLException, IOException
 
static void saveFileInCaseUcoFormat (Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime, String atime, String mtime, String extension, JsonGenerator catalog, String dataSourceTraceId) throws IOException
 
static void saveUniqueFilesToCaseUcoFormat (Content content, Path tmpDir, JsonGenerator jsonGenerator, TimeZone timeZone, String dataSourceTraceId) throws IOException
 

Static Private Attributes

static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT
 
static final BlackboardArtifact.ARTIFACT_TYPE INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT
 
static final Logger logger = Logger.getLogger(CaseUcoFormatExporter.class.getName())
 
static final BlackboardAttribute.Type SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME)
 
static final String TEMP_DIR_NAME = "case_uco_tmp"
 

Detailed Description

Generates CASE-UCO report file for a data source

Definition at line 63 of file CaseUcoFormatExporter.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.CaseUcoFormatExporter ( )
private

Definition at line 72 of file CaseUcoFormatExporter.java.

Member Function Documentation

static JsonGenerator org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.createJsonGenerator ( File  reportFile) throws IOException
staticprivate
static void org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.export ( List< TagName >  tagTypes,
List< String >  interestingItemSets,
File  caseReportFolder,
ReportProgressPanel  progressPanel 
) throws IOException, SQLException, NoCurrentCaseException, TskCoreException
static

Exports files that are tagged w/ the following TagNames and that belong to the following interesting file sets (set name attributes of TSK_INTERSTING_FILE_HIT and TSK_INTERESTING_ARTIFACT_HIT). Artifacts that are tagged with the following TagNames also have their associated source files included.

Duplicate files are excluded.

Parameters
tagTypesCollection of TagNames to match
interestingItemSetsCollection of SET_NAMEs to match on in TSK_INTERESTING_FILE_HITs and TSK_INTERESTING_ARTIFACT_HITs.
outputFilePathPath to the folder that the CASE-UCO report should be written into
progressPanelUI Component to be updated with current processing status

Definition at line 219 of file CaseUcoFormatExporter.java.

References org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.createJsonGenerator(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.finilizeJsonOutputFile(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getBlackboardArtifactTagsByTagName(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByTagName(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.report.caseuco.ReportCaseUco.getReportFileName(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.initializeJsonOutputFile(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.INTERESTING_ARTIFACT_HIT, org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.INTERESTING_FILE_HIT, org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveCaseInfo(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveDataSourceInfo(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveUniqueFilesToCaseUcoFormat(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.SET_NAME, and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().

static void org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.finilizeJsonOutputFile ( JsonGenerator  catalog) throws IOException
staticprivate
static void org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.generateReport ( Long  selectedDataSourceId,
String  reportOutputPath,
ReportProgressPanel  progressPanel 
)
static

Generates CASE-UCO report for the selected data source.

Parameters
selectedDataSourceIdObject ID of the data source
reportOutputPathFull path to directory where to save CASE-UCO report file
progressPanelReportProgressPanel to update progress

Definition at line 93 of file CaseUcoFormatExporter.java.

References org.sleuthkit.autopsy.casemodule.Case.addReport(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.COMPLETE, org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.ERROR, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Message.error(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.finilizeJsonOutputFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), org.sleuthkit.autopsy.datamodel.ContentUtils.getStringTimeISO8601(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.initializeJsonOutputFile(), org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveCaseInfo(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveDataSourceInfo(), org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveFileInCaseUcoFormat(), org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate(), org.sleuthkit.autopsy.report.ReportProgressPanel.start(), org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel(), and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Message.warn().

Referenced by org.sleuthkit.autopsy.report.caseuco.ReportCaseUco.generateReport(), and org.sleuthkit.autopsy.commandlineingest.CommandLineIngestManager.JobProcessingTask.run().

static void org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.initializeJsonOutputFile ( JsonGenerator  catalog) throws IOException
staticprivate
static String org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveCaseInfo ( SleuthkitCase  skCase,
JsonGenerator  catalog 
) throws TskCoreException, SQLException, IOException, NoCurrentCaseException
staticprivate

Save info about the Autopsy case in CASE-UCo format

Parameters
skCaseSleuthkitCase object
catalogJsonGenerator object
Returns
CASE-UCO trace ID object for the Autopsy case entry
Exceptions
TskCoreException
SQLException
IOException
NoCurrentCaseException

Definition at line 352 of file CaseUcoFormatExporter.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getName().

Referenced by org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.export(), and org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.generateReport().

static String org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveDataSourceInCaseUcoFormat ( JsonGenerator  catalog,
String  imageName,
Long  imageSize,
Long  selectedDataSourceId,
String  caseTraceId 
) throws IOException
staticprivate
static String org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveDataSourceInfo ( Long  selectedDataSourceId,
String  caseTraceId,
SleuthkitCase  skCase,
JsonGenerator  jsonGenerator 
) throws TskCoreException, SQLException, IOException
staticprivate

Save info about the data source in CASE-UCo format

Parameters
selectedDataSourceIdObject ID of the data source
caseTraceIdCASE-UCO trace ID object for the Autopsy case entry
skCaseSleuthkitCase object
jsonGeneratorJsonGenerator object
Returns
Exceptions
TskCoreException
SQLException
IOException

Definition at line 407 of file CaseUcoFormatExporter.java.

References org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveDataSourceInCaseUcoFormat().

Referenced by org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.export(), and org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.generateReport().

static void org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveFileInCaseUcoFormat ( Long  objectId,
String  fileName,
String  parent_path,
String  md5Hash,
String  mime_type,
long  size,
String  ctime,
String  atime,
String  mtime,
String  extension,
JsonGenerator  catalog,
String  dataSourceTraceId 
) throws IOException
staticprivate
static void org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveUniqueFilesToCaseUcoFormat ( Content  content,
Path  tmpDir,
JsonGenerator  jsonGenerator,
TimeZone  timeZone,
String  dataSourceTraceId 
) throws IOException
staticprivate

Saves only unique abstract files to the report. Uniqueness is determined by object id. The tmpDir Path is used to stored object ids that have already been visited.

Parameters
contentAbstractfile isntance
tmpDirDirectory to write object ids
jsonGeneratorReport generator
timeZoneTime zore for ctime, atime, and mtime formatting
dataSourceTraceIdTraceID number for the parent data source
Exceptions
IOException

Definition at line 297 of file CaseUcoFormatExporter.java.

References org.sleuthkit.autopsy.datamodel.ContentUtils.getStringTimeISO8601(), and org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.saveFileInCaseUcoFormat().

Referenced by org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.export().

Member Data Documentation

final BlackboardArtifact.ARTIFACT_TYPE org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.INTERESTING_ARTIFACT_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT
staticprivate
final BlackboardArtifact.ARTIFACT_TYPE org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.INTERESTING_FILE_HIT = BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT
staticprivate
final Logger org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.logger = Logger.getLogger(CaseUcoFormatExporter.class.getName())
staticprivate

Definition at line 65 of file CaseUcoFormatExporter.java.

final BlackboardAttribute.Type org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.SET_NAME = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME)
staticprivate
final String org.sleuthkit.autopsy.report.caseuco.CaseUcoFormatExporter.TEMP_DIR_NAME = "case_uco_tmp"
staticprivate

Definition at line 70 of file CaseUcoFormatExporter.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.