Autopsy  4.13.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.interestingitems.FilesSet Class Reference

Inherits Serializable.


class  Rule

Public Member Functions

 FilesSet (String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map< String, Rule > rules)
String fileIsMemberOf (AbstractFile file)
String getDescription ()
String getName ()
Map< String, RulegetRules ()
boolean ignoresKnownFiles ()
boolean ingoresUnallocatedSpace ()
String toString ()

Private Attributes

final String description
final boolean ignoreKnownFiles
final boolean ignoreUnallocatedSpace
final String name
final Map< String, Rulerules = new HashMap<>()

Static Private Attributes

static final long serialVersionUID = 1L

Detailed Description

A collection of set membership rules that define an interesting files set. The rules are independent, i.e., if any rule is satisfied by a file, the file belongs to the set.

Interesting files set definition objects are immutable, so they may be safely published to multiple threads.

Definition at line 40 of file

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet ( String  name,
String  description,
boolean  ignoreKnownFiles,
boolean  ignoreUnallocatedSpace,
Map< String, Rule rules 

Constructs an interesting files set.

nameThe name of the set.
descriptionA description of the set, may be null.
ignoreKnownFilesWhether or not to exclude known files from the set.
ignoreUnallocatedSpaceWhether or not to exclude unallocated space from the set.
rulesThe rules that define the set. May be null, but a set with no rules is the empty set.

Definition at line 61 of file

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles, org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace, and

Member Function Documentation

String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.fileIsMemberOf ( AbstractFile  file)

Determines whether a file is a member of this interesting files set.

fileA file to test for set membership.
The name of the first set membership rule satisfied by the file, will be null if the file does not belong to the set.

Definition at line 132 of file

String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getDescription ( )
String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getName ( )
Map<String, Rule> org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getRules ( )
boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoresKnownFiles ( )

Returns whether or not this interesting files set ignores known files, i.e., files marked as known by a look up in a known files hash set such as the National Software Reference Library (NSRL). Note that the interesting files set does not do hash set look ups; it simply queries the known status of the files when testing them for set membership.

True if known files are ignored, false otherwise.

Definition at line 101 of file

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.deleteRuleButtonActionPerformed(), org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.doFilesSetRuleDialog(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.SetsListSelectionListener.valueChanged().

boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ingoresUnallocatedSpace ( )
String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.toString ( )

Member Data Documentation

final String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.description
final boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles
final boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace
final String
final Map<String, Rule> org.sleuthkit.autopsy.modules.interestingitems.FilesSet.rules = new HashMap<>()
final long org.sleuthkit.autopsy.modules.interestingitems.FilesSet.serialVersionUID = 1L

Definition at line 42 of file

The documentation for this class was generated from the following file:

Copyright © 2012-2019 Basis Technology. Generated on: Tue Jan 7 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.