Autopsy  4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.FilteredEventsModel Class Reference

Classes

class  CacheInvalidatedEvent
 

Public Member Functions

 FilteredEventsModel (Case autoCase, ReadOnlyObjectProperty< ZoomState > currentStateProperty) throws TskCoreException
 
synchronized Set< Long > addTag (long objID, Long artifactID, Tag tag) throws TskCoreException
 
synchronized Set< Long > deleteTag (long objID, Long artifactID, long tagID, boolean tagged) throws TskCoreException
 
synchronized ReadOnlyObjectProperty< TimelineEvent.DescriptionLevel > descriptionLODProperty ()
 
synchronized ReadOnlyObjectProperty< TimelineEventType.TypeLevel > eventTypeZoomProperty ()
 
synchronized ReadOnlyObjectProperty< RootFilterStatefilterProperty ()
 
Interval getBoundingEventsInterval (Interval timeRange, RootFilter filter, DateTimeZone timeZone) throws TskCoreException
 
Interval getBoundingEventsInterval (DateTimeZone timeZone) throws TskCoreException
 
synchronized RootFilterState getDefaultFilter ()
 
synchronized TimelineEvent.DescriptionLevel getDescriptionLOD ()
 
TimelineEvent getEventById (Long eventID) throws TskCoreException
 
Map< TimelineEventType, Long > getEventCounts (Interval timeRange) throws TskCoreException
 
List< Long > getEventIDs (Interval timeRange, FilterState<?extends TimelineFilter > filter) throws TskCoreException
 
List< Long > getEventIDsForArtifact (BlackboardArtifact artifact) throws TskCoreException
 
Set< Long > getEventIDsForFile (AbstractFile file, boolean includeDerivedArtifacts) throws TskCoreException
 
TimelineManager getEventManager ()
 
Set< TimelineEvent > getEventsById (Collection< Long > eventIDs) throws TskCoreException
 
ImmutableList< TimelineEventType > getEventTypes ()
 
synchronized TimelineEventType.TypeLevel getEventTypeZoom ()
 
synchronized RootFilterState getFilterState ()
 
Long getMaxTime () throws TskCoreException
 
Long getMinTime () throws TskCoreException
 
SleuthkitCase getSleuthkitCase ()
 
Interval getSpanningInterval () throws TskCoreException
 
Interval getSpanningInterval (Collection< Long > eventIDs) throws TskCoreException
 
Map< String, Long > getTagCountsByTagName (Set< Long > eventIDsWithTags) throws TskCoreException
 
synchronized Interval getTimeRange ()
 
synchronized ZoomState getZoomState ()
 
synchronized boolean handleArtifactTagAdded (BlackBoardArtifactTagAddedEvent evt) throws TskCoreException
 
synchronized boolean handleArtifactTagDeleted (BlackBoardArtifactTagDeletedEvent evt) throws TskCoreException
 
synchronized boolean handleContentTagAdded (ContentTagAddedEvent evt) throws TskCoreException
 
synchronized boolean handleContentTagDeleted (ContentTagDeletedEvent evt) throws TskCoreException
 
synchronized void invalidateCaches (Collection< Long > updatedEventIDs) throws TskCoreException
 
void postAutopsyEventLocally (AutopsyEvent event)
 
void postRefreshRequest ()
 
synchronized void registerForEvents (Object subscriber)
 
synchronized Set< Long > setHashHit (Collection< BlackboardArtifact > artifacts, boolean hasHashHit) throws TskCoreException
 
void syncFilters (RootFilterState rootFilterState)
 
synchronized ReadOnlyObjectProperty< Interval > timeRangeProperty ()
 
synchronized void unRegisterForEvents (Object subscriber)
 
synchronized ReadOnlyObjectProperty< ZoomStatezoomStateProperty ()
 

Private Member Functions

Map< TimelineEventType, Long > countEventsByType (ZoomState zoomState) throws TskCoreException
 
synchronized void populateFilterData () throws TskCoreException
 
boolean postTagsAdded (Set< Long > updatedEventIDs)
 
boolean postTagsDeleted (Set< Long > updatedEventIDs)
 

Static Private Member Functions

static DataSourceFilter newDataSourceFromMapEntry (Map.Entry< Long, String > dataSourceEntry)
 

Private Attributes

final Case autoCase
 
final ObservableMap< Long, String > datasourcesMap = FXCollections.observableHashMap()
 
final EventBus eventbus = new EventBus("FilteredEventsModel_EventBus")
 
final LoadingCache< ZoomState, Map< TimelineEventType, Long > > eventCountsCache
 
final TimelineManager eventManager
 
final ObservableSet< String > hashSets = FXCollections.observableSet()
 
final LoadingCache< Long, TimelineEvent > idToEventCache
 
final LoadingCache< Object, Long > maxCache
 
final LoadingCache< Object, Long > minCache
 
final ReadOnlyObjectWrapper< RootFilterStaterequestedFilter = new ReadOnlyObjectWrapper<>()
 
final ReadOnlyObjectWrapper< TimelineEvent.DescriptionLevel > requestedLOD = new ReadOnlyObjectWrapper<>(TimelineEvent.DescriptionLevel.SHORT)
 
final ReadOnlyObjectWrapper< Interval > requestedTimeRange = new ReadOnlyObjectWrapper<>()
 
final ReadOnlyObjectWrapper< TimelineEventType.TypeLevel > requestedTypeZoom = new ReadOnlyObjectWrapper<>(TimelineEventType.TypeLevel.BASE_TYPE)
 
final ReadOnlyObjectWrapper< ZoomStaterequestedZoomState = new ReadOnlyObjectWrapper<>()
 
final ObservableList< TagName > tagNames = FXCollections.observableArrayList()
 

Static Private Attributes

static final Logger logger = Logger.getLogger(FilteredEventsModel.class.getName())
 

Detailed Description

This class acts as the model for a TimelineView

Views can register listeners on properties returned by methods.

This class is implemented as a filtered view into an underlying TimelineManager.

Maintainers, NOTE: as many methods as possible should cache their results so as to avoid unnecessary db calls through the TimelineManager -jm

Concurrency Policy: TimelineManager is internally synchronized, so methods that only access the TimelineManager atomically do not need further synchronization. All other member state variables should only be accessed with intrinsic lock of containing FilteredEventsModel held.

Definition at line 108 of file FilteredEventsModel.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel ( Case  autoCase,
ReadOnlyObjectProperty< ZoomState currentStateProperty 
) throws TskCoreException

Definition at line 147 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.autoCase, org.sleuthkit.autopsy.timeline.ui.filtering.datamodel.RootFilterState.copyOf(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.filterProperty(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getDefaultFilter(), org.sleuthkit.autopsy.timeline.zooming.ZoomState.getDescriptionLOD(), org.sleuthkit.autopsy.timeline.zooming.ZoomState.getFilterState(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.timeline.zooming.ZoomState.getTimeRange(), org.sleuthkit.autopsy.timeline.zooming.ZoomState.getTypeZoomLevel(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.populateFilterData(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedLOD, org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedTypeZoom, and org.sleuthkit.autopsy.timeline.FilteredEventsModel.syncFilters().

Member Function Documentation

synchronized Set<Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.addTag ( long  objID,
Long  artifactID,
Tag  tag 
) throws TskCoreException

Definition at line 639 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.invalidateCaches().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleArtifactTagAdded(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleContentTagAdded().

Map<TimelineEventType, Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.countEventsByType ( ZoomState  zoomState) throws TskCoreException
private

get the count of all events that fit the given zoom params organized by the EvenType of the level specified in the zoomState

Parameters
zoomStateThe params that control what events to count and how to organize the returned map
Returns
a map from event type( of the requested level) to event counts
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 206 of file FilteredEventsModel.java.

synchronized Set<Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.deleteTag ( long  objID,
Long  artifactID,
long  tagID,
boolean  tagged 
) throws TskCoreException

Definition at line 647 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.invalidateCaches().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleArtifactTagDeleted(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleContentTagDeleted().

synchronized ReadOnlyObjectProperty<TimelineEvent.DescriptionLevel> org.sleuthkit.autopsy.timeline.FilteredEventsModel.descriptionLODProperty ( )

Definition at line 311 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedLOD.

Referenced by org.sleuthkit.autopsy.timeline.zooming.ZoomSettingsPane.initialize().

synchronized ReadOnlyObjectProperty<TimelineEventType.TypeLevel> org.sleuthkit.autopsy.timeline.FilteredEventsModel.eventTypeZoomProperty ( )

Definition at line 319 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedTypeZoom.

Referenced by org.sleuthkit.autopsy.timeline.zooming.ZoomSettingsPane.initialize().

synchronized ReadOnlyObjectProperty<RootFilterState> org.sleuthkit.autopsy.timeline.FilteredEventsModel.filterProperty ( )

Definition at line 315 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel(), and org.sleuthkit.autopsy.timeline.ui.filtering.FilterSetPanel.refreshFilterUI().

Interval org.sleuthkit.autopsy.timeline.FilteredEventsModel.getBoundingEventsInterval ( Interval  timeRange,
RootFilter  filter,
DateTimeZone  timeZone 
) throws TskCoreException

Definition at line 224 of file FilteredEventsModel.java.

Interval org.sleuthkit.autopsy.timeline.FilteredEventsModel.getBoundingEventsInterval ( DateTimeZone  timeZone) throws TskCoreException

Definition at line 371 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.getFilterState(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getTimeRange(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.zoomStateProperty().

synchronized RootFilterState org.sleuthkit.autopsy.timeline.FilteredEventsModel.getDefaultFilter ( )

Get the default filter used at startup.

Returns
the default filter used at startup

Definition at line 348 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.utils.FilterUtils.createDefaultFileTypesFilter(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.newDataSourceFromMapEntry().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel().

synchronized TimelineEvent.DescriptionLevel org.sleuthkit.autopsy.timeline.FilteredEventsModel.getDescriptionLOD ( )

Definition at line 332 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.zooming.ZoomState.getDescriptionLOD(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getZoomState().

TimelineEvent org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventById ( Long  eventID) throws TskCoreException

Definition at line 375 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.ui.detailview.EventStripeNode.createChildNode(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventsById().

Map<TimelineEventType, Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventCounts ( Interval  timeRange) throws TskCoreException

Return the number of events that pass the requested filter and are within the given time range.

NOTE: this method does not change the requested time range

Parameters
timeRange
Returns
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 429 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventTypeZoom(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getFilterState().

Referenced by org.sleuthkit.autopsy.timeline.ui.countsview.CountsViewPane.CountsUpdateTask.call(), and org.sleuthkit.autopsy.timeline.ui.ViewFrame.refreshHistorgram().

List<Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventIDs ( Interval  timeRange,
FilterState<?extends TimelineFilter >  filter 
) throws TskCoreException

Definition at line 405 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.ui.filtering.datamodel.RootFilterState.getActiveFilter(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getFilterState(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getSpanningInterval(), and org.sleuthkit.autopsy.timeline.ui.filtering.datamodel.RootFilterState.intersect().

List<Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventIDsForArtifact ( BlackboardArtifact  artifact) throws TskCoreException

Get a List of event IDs for the events that are derived from the given artifact.

Parameters
artifactThe BlackboardArtifact to get derived event IDs for.
Returns
A List of event IDs for the events that are derived from the given artifact.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 561 of file FilteredEventsModel.java.

Set<Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventIDsForFile ( AbstractFile  file,
boolean  includeDerivedArtifacts 
) throws TskCoreException

Get a Set of event IDs for the events that are derived from the given file.

Parameters
fileThe AbstractFile to get derived event IDs for.
includeDerivedArtifactsIf true, also get event IDs for events derived from artifacts derived form this file. If false, only gets events derived directly from this file (file system timestamps).
Returns
A Set of event IDs for the events that are derived from the given file.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 546 of file FilteredEventsModel.java.

TimelineManager org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventManager ( )

Definition at line 216 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.eventManager.

Referenced by org.sleuthkit.autopsy.timeline.ui.detailview.datamodel.DetailsViewModel.DetailsViewModel(), and org.sleuthkit.autopsy.timeline.ui.listvew.datamodel.ListViewModel.ListViewModel().

Set<TimelineEvent> org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventsById ( Collection< Long >  eventIDs) throws TskCoreException

Definition at line 383 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventById().

ImmutableList<TimelineEventType> org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventTypes ( )

Definition at line 635 of file FilteredEventsModel.java.

synchronized TimelineEventType.TypeLevel org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventTypeZoom ( )

Definition at line 340 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.zooming.ZoomState.getTypeZoomLevel(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getZoomState().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventCounts().

synchronized RootFilterState org.sleuthkit.autopsy.timeline.FilteredEventsModel.getFilterState ( )

Definition at line 336 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.zooming.ZoomState.getFilterState(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getZoomState().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.getBoundingEventsInterval(), org.sleuthkit.autopsy.timeline.ui.listvew.datamodel.ListViewModel.getCombinedEvents(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventCounts(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventIDs().

Long org.sleuthkit.autopsy.timeline.FilteredEventsModel.getMaxTime ( ) throws TskCoreException
Returns
the time (in seconds from unix epoch) of the absolutely last event available from the repository, ignoring any filters or requested ranges
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 489 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.getSpanningInterval().

Long org.sleuthkit.autopsy.timeline.FilteredEventsModel.getMinTime ( ) throws TskCoreException
Returns
the time (in seconds from unix epoch) of the absolutely first event available from the repository, ignoring any filters or requested ranges
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 474 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.getSpanningInterval().

SleuthkitCase org.sleuthkit.autopsy.timeline.FilteredEventsModel.getSleuthkitCase ( )

Definition at line 220 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.timeline.actions.AddManualEvent.addEvent(), and org.sleuthkit.autopsy.timeline.ui.detailview.datamodel.DetailsViewModel.DetailsViewModel().

Interval org.sleuthkit.autopsy.timeline.FilteredEventsModel.getSpanningInterval ( ) throws TskCoreException
Returns
The smallest interval spanning all the events from the case, ignoring any filters or requested ranges.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 450 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.getMaxTime(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getMinTime().

Referenced by org.sleuthkit.autopsy.timeline.ui.ViewFrame.LocalDateDisabler.call(), org.sleuthkit.autopsy.timeline.ui.ViewFrame.LocalDateTimeValidator.call(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventIDs(), org.sleuthkit.autopsy.timeline.ui.ViewFrame.refreshHistorgram(), org.sleuthkit.autopsy.timeline.ui.ViewFrame.refreshTimeUI(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.timeRangeProperty(), org.sleuthkit.autopsy.timeline.actions.ZoomOut.ZoomOut(), and org.sleuthkit.autopsy.timeline.actions.ZoomToEvents.ZoomToEvents().

Interval org.sleuthkit.autopsy.timeline.FilteredEventsModel.getSpanningInterval ( Collection< Long >  eventIDs) throws TskCoreException

Get the smallest interval spanning all the given events.

Parameters
eventIDsThe IDs of the events to get a spanning interval arround.
Returns
the smallest interval spanning all the given events
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 463 of file FilteredEventsModel.java.

Map<String, Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.getTagCountsByTagName ( Set< Long >  eventIDsWithTags) throws TskCoreException

get a count of tagnames applied to the given event ids as a map from tagname displayname to count of tag applications

Parameters
eventIDsWithTagsthe event ids to get the tag counts map for
Returns
a map from tagname displayname to count of applications
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 401 of file FilteredEventsModel.java.

synchronized Interval org.sleuthkit.autopsy.timeline.FilteredEventsModel.getTimeRange ( )

The time range currently in view.

Returns
The time range currently in view.

Definition at line 328 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.zooming.ZoomState.getTimeRange(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getZoomState().

Referenced by org.sleuthkit.autopsy.timeline.ui.listvew.ListViewPane.ListUpdateTask.call(), org.sleuthkit.autopsy.timeline.ui.countsview.CountsViewPane.CountsUpdateTask.call(), org.sleuthkit.autopsy.timeline.ui.detailview.DetailViewPane.DetailsUpdateTask.call(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getBoundingEventsInterval(), org.sleuthkit.autopsy.timeline.ui.listvew.datamodel.ListViewModel.getCombinedEvents(), org.sleuthkit.autopsy.timeline.ui.ViewFrame.PickerListener.invalidated(), org.sleuthkit.autopsy.timeline.ui.ViewFrame.refreshTimeUI(), org.sleuthkit.autopsy.timeline.actions.ZoomOut.ZoomOut(), and org.sleuthkit.autopsy.timeline.actions.ZoomToEvents.ZoomToEvents().

synchronized ZoomState org.sleuthkit.autopsy.timeline.FilteredEventsModel.getZoomState ( )

Get the current ZoomState

Returns
The current ZoomState

Definition at line 242 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.ui.detailview.DetailViewPane.DetailsUpdateTask.call(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getDescriptionLOD(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventTypeZoom(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getFilterState(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getTimeRange(), and org.sleuthkit.autopsy.timeline.actions.SaveSnapshotAsReport.SaveSnapshotAsReport().

synchronized boolean org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleArtifactTagAdded ( BlackBoardArtifactTagAddedEvent  evt) throws TskCoreException

Definition at line 504 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.addTag(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.postTagsAdded().

synchronized boolean org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleArtifactTagDeleted ( BlackBoardArtifactTagDeletedEvent  evt) throws TskCoreException

Definition at line 520 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.deleteTag(), org.sleuthkit.autopsy.casemodule.events.BlackBoardArtifactTagDeletedEvent.DeletedBlackboardArtifactTagInfo.getArtifactID(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.postTagsDeleted().

synchronized boolean org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleContentTagAdded ( ContentTagAddedEvent  evt) throws TskCoreException

Definition at line 497 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.addTag(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.postTagsAdded().

synchronized boolean org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleContentTagDeleted ( ContentTagDeletedEvent  evt) throws TskCoreException

Definition at line 511 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.deleteTag(), org.sleuthkit.autopsy.casemodule.events.ContentTagDeletedEvent.DeletedContentTagInfo.getContentID(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByContent(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.postTagsDeleted().

synchronized void org.sleuthkit.autopsy.timeline.FilteredEventsModel.invalidateCaches ( Collection< Long >  updatedEventIDs) throws TskCoreException

Invalidate the timeline caches for the given event IDs. Also forces the filter values to be updated with any new values from the case data.( data sources, tags, etc)

Parameters
updatedEventIDsA collection of the event IDs whose cached event objects should be invalidated. Can be null or an empty sett to invalidate the general caches, such as min/max time, or the counts per event type.
Exceptions
TskCoreException

Definition at line 678 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.populateFilterData().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.addTag(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.deleteTag(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.setHashHit().

static DataSourceFilter org.sleuthkit.autopsy.timeline.FilteredEventsModel.newDataSourceFromMapEntry ( Map.Entry< Long, String >  dataSourceEntry)
staticprivate

Make a DataSourceFilter from an entry from the datasourcesMap.

Parameters
dataSourceEntryA map entry from datasource id to datasource name.
Returns
A new DataSourceFilter for the given datsourcesMap entry.

Definition at line 143 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.getDefaultFilter(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.syncFilters().

synchronized void org.sleuthkit.autopsy.timeline.FilteredEventsModel.populateFilterData ( ) throws TskCoreException
private

Update the data used to determine the available filters.

Definition at line 249 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.invalidateCaches().

void org.sleuthkit.autopsy.timeline.FilteredEventsModel.postAutopsyEventLocally ( AutopsyEvent  event)

(Re)Post an AutopsyEvent received from another event distribution system locally to all registered subscribers.

Parameters
eventThe event to re-post.

Definition at line 631 of file FilteredEventsModel.java.

void org.sleuthkit.autopsy.timeline.FilteredEventsModel.postRefreshRequest ( )

Post a RefreshRequestedEvent to all registered subscribers.

Definition at line 621 of file FilteredEventsModel.java.

boolean org.sleuthkit.autopsy.timeline.FilteredEventsModel.postTagsAdded ( Set< Long >  updatedEventIDs)
private

Post a TagsAddedEvent to all registered subscribers, if the given set of updated event IDs is not empty.

Parameters
updatedEventIDsThe set of event ids to be included in the TagsAddedEvent.
Returns
True if an event was posted.

Definition at line 574 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleArtifactTagAdded(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleContentTagAdded().

boolean org.sleuthkit.autopsy.timeline.FilteredEventsModel.postTagsDeleted ( Set< Long >  updatedEventIDs)
private

Post a TagsDeletedEvent to all registered subscribers, if the given set of updated event IDs is not empty.

Parameters
updatedEventIDsThe set of event ids to be included in the TagsDeletedEvent.
Returns
True if an event was posted.

Definition at line 591 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleArtifactTagDeleted(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.handleContentTagDeleted().

synchronized void org.sleuthkit.autopsy.timeline.FilteredEventsModel.registerForEvents ( Object  subscriber)

Register the given object to receive events.

Parameters
subscriberThe object to register. Must implement public methods annotated with Subscribe.

Definition at line 605 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.ui.AbstractTimeLineView.AbstractTimeLineView(), and org.sleuthkit.autopsy.timeline.ui.detailview.datamodel.DetailsViewModel.DetailsViewModel().

synchronized Set<Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.setHashHit ( Collection< BlackboardArtifact >  artifacts,
boolean  hasHashHit 
) throws TskCoreException

Definition at line 655 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.FilteredEventsModel.invalidateCaches().

void org.sleuthkit.autopsy.timeline.FilteredEventsModel.syncFilters ( RootFilterState  rootFilterState)

"sync" the given root filter with the state of the casee: Disable filters for tags that are not in use in the case, and add new filters for tags, hashsets, and datasources, that don't have them. New filters are selected by default.

Parameters
rootFilterStatethe filter state to modify so it is consistent with the tags in use in the case

Definition at line 271 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.ui.filtering.datamodel.RootFilterState.getDataSourcesFilterState(), org.sleuthkit.autopsy.timeline.ui.filtering.datamodel.RootFilterState.getHashHitsFilterState(), org.sleuthkit.autopsy.timeline.ui.filtering.datamodel.CompoundFilterState< SubFilterType extends TimelineFilter, >.getSubFilterStates(), org.sleuthkit.autopsy.timeline.ui.filtering.datamodel.RootFilterState.getTagsFilterState(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.newDataSourceFromMapEntry().

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel().

synchronized ReadOnlyObjectProperty<Interval> org.sleuthkit.autopsy.timeline.FilteredEventsModel.timeRangeProperty ( )

Get a read only view of the time range currently in view.

Returns
A read only view of the time range currently in view.

Definition at line 298 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.getSpanningInterval().

Referenced by org.sleuthkit.autopsy.timeline.zooming.ZoomSettingsPane.initialize(), and org.sleuthkit.autopsy.timeline.actions.ZoomOut.ZoomOut().

synchronized void org.sleuthkit.autopsy.timeline.FilteredEventsModel.unRegisterForEvents ( Object  subscriber)

Un-register the given object, so it no longer receives events.

Parameters
subscriberThe object to un-register.

Definition at line 614 of file FilteredEventsModel.java.

synchronized ReadOnlyObjectProperty<ZoomState> org.sleuthkit.autopsy.timeline.FilteredEventsModel.zoomStateProperty ( )

Readonly observable property for the current ZoomState

Returns
A readonly observable property for the current ZoomState.

Definition at line 233 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.ui.AbstractTimeLineView.AbstractTimeLineView(), org.sleuthkit.autopsy.timeline.FilteredEventsModel.getBoundingEventsInterval(), org.sleuthkit.autopsy.timeline.actions.ZoomOut.ZoomOut(), and org.sleuthkit.autopsy.timeline.actions.ZoomToEvents.ZoomToEvents().

Member Data Documentation

final Case org.sleuthkit.autopsy.timeline.FilteredEventsModel.autoCase
private

Definition at line 114 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel().

final ObservableMap<Long, String> org.sleuthkit.autopsy.timeline.FilteredEventsModel.datasourcesMap = FXCollections.observableHashMap()
private

Map from datasource id to datasource name.

Definition at line 131 of file FilteredEventsModel.java.

final EventBus org.sleuthkit.autopsy.timeline.FilteredEventsModel.eventbus = new EventBus("FilteredEventsModel_EventBus")
private

Definition at line 115 of file FilteredEventsModel.java.

final LoadingCache<ZoomState, Map<TimelineEventType, Long> > org.sleuthkit.autopsy.timeline.FilteredEventsModel.eventCountsCache
private

Definition at line 129 of file FilteredEventsModel.java.

final TimelineManager org.sleuthkit.autopsy.timeline.FilteredEventsModel.eventManager
private

Definition at line 112 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.getEventManager().

final ObservableSet< String> org.sleuthkit.autopsy.timeline.FilteredEventsModel.hashSets = FXCollections.observableSet()
private

Definition at line 132 of file FilteredEventsModel.java.

final LoadingCache<Long, TimelineEvent> org.sleuthkit.autopsy.timeline.FilteredEventsModel.idToEventCache
private

Definition at line 128 of file FilteredEventsModel.java.

final Logger org.sleuthkit.autopsy.timeline.FilteredEventsModel.logger = Logger.getLogger(FilteredEventsModel.class.getName())
staticprivate

Definition at line 110 of file FilteredEventsModel.java.

final LoadingCache<Object, Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.maxCache
private

Definition at line 126 of file FilteredEventsModel.java.

final LoadingCache<Object, Long> org.sleuthkit.autopsy.timeline.FilteredEventsModel.minCache
private

Definition at line 127 of file FilteredEventsModel.java.

final ReadOnlyObjectWrapper<RootFilterState> org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedFilter = new ReadOnlyObjectWrapper<>()
private

Definition at line 118 of file FilteredEventsModel.java.

final ReadOnlyObjectWrapper< TimelineEvent.DescriptionLevel> org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedLOD = new ReadOnlyObjectWrapper<>(TimelineEvent.DescriptionLevel.SHORT)
private

Definition at line 122 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.descriptionLODProperty(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel().

final ReadOnlyObjectWrapper<Interval> org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedTimeRange = new ReadOnlyObjectWrapper<>()
private

Definition at line 119 of file FilteredEventsModel.java.

final ReadOnlyObjectWrapper< TimelineEventType.TypeLevel> org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedTypeZoom = new ReadOnlyObjectWrapper<>(TimelineEventType.TypeLevel.BASE_TYPE)
private

Definition at line 121 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.FilteredEventsModel.eventTypeZoomProperty(), and org.sleuthkit.autopsy.timeline.FilteredEventsModel.FilteredEventsModel().

final ReadOnlyObjectWrapper<ZoomState> org.sleuthkit.autopsy.timeline.FilteredEventsModel.requestedZoomState = new ReadOnlyObjectWrapper<>()
private

Definition at line 120 of file FilteredEventsModel.java.

final ObservableList<TagName> org.sleuthkit.autopsy.timeline.FilteredEventsModel.tagNames = FXCollections.observableArrayList()
private

Definition at line 133 of file FilteredEventsModel.java.

The documentation for this class was generated from the following file:

Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.