|
Autopsy
4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | CASENode |
| class | CASEPropertyBundle |
Public Member Functions | |
| CaseUcoReportGenerator (Path directory, String reportName) throws IOException | |
| void | addCase (Case caseObj) throws IOException |
| void | addDataSource (Content dataSource, Case parentCase) throws IOException, TskCoreException |
| void | addFile (AbstractFile file, Content parentDataSource) throws IOException, TskCoreException |
| void | addFile (AbstractFile file, Content parentDataSource, Path localPath) throws IOException, TskCoreException |
| Path | generateReport () throws IOException |
Private Member Functions | |
| CASEPropertyBundle | createContentDataBundle (AbstractFile file) |
| CASEPropertyBundle | createFileBundle (AbstractFile file) throws TskCoreException |
| CASENode | createRelationshipNode (String relationshipID, String sourceID, String targetID) |
| String | getCaseTraceId (Case caseObj) |
| String | getDataSourcePath (Content dataSource) |
| String | getDataSourceTraceId (Content dataSource) |
| String | getFileTraceId (AbstractFile file) |
| String | getRelationshipId (Content content) |
| String | getURLTraceId (Content content) |
Private Attributes | |
| final JsonGenerator | reportGenerator |
| final Path | reportPath |
| final TimeZone | timeZone |
Static Private Attributes | |
| static final String | EXTENSION = "json-ld" |
Writes Autopsy DataModel objects to Case UCO format.
Clients are expected to add the Case first. Then they should add each data source before adding any files for that data source.
Here is an example, where we add everything:
Path directory = Paths.get("C:", "Reports"); CaseUcoReportGenerator caseUco = new CaseUcoReportGenerator(directory, "my-report");
Case caseObj = Case.getCurrentCase(); caseUco.addCase(caseObj); List<Content> dataSources = caseObj.getDataSources(); for(Content dataSource : dataSources) { caseUco.addDataSource(dataSource, caseObj); List<AbstractFile> files = getAllFilesInDataSource(dataSource); for(AbstractFile file : files) { caseUco.addFile(file, dataSource); } }
Path reportOutput = caseUco.generateReport(); //Done. Report at - "C:\Reports\my-report.json-ld"
Please note that the life cycle for this class ends with generateReport(). The underlying file handle to 'my-report.json-ld' will be closed. Any further calls to addX() will result in an IOException.
Definition at line 77 of file CaseUcoReportGenerator.java.
| org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CaseUcoReportGenerator | ( | Path | directory, |
| String | reportName | ||
| ) | throws IOException |
Creates a CaseUCO Report Generator that writes a report in the specified directory.
TimeZone is assumed to be GMT+0 for formatting file creation time, accessed time and modified time.
| directory | Directory to write the CaseUCO report file. Assumes the calling thread has write access to the directory and that the directory exists. |
| reportName | Name of the CaseUCO report file. |
| IOException | If an I/O error occurs |
Definition at line 98 of file CaseUcoReportGenerator.java.
| void org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addCase | ( | Case | caseObj | ) | throws IOException |
Adds a Case instance to the Case UCO report. This means writing a selection of Case attributes to a CASE/UCO object.
| caseObj | Case instance to include in the report. |
| IOException | If an I/O error is encountered. |
Definition at line 343 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASENode.addBundle(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASEPropertyBundle.addProperty(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getCaseTraceId(), and org.sleuthkit.autopsy.casemodule.Case.CaseType.SINGLE_USER_CASE.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportModule.generateReport().
| void org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addDataSource | ( | Content | dataSource, |
| Case | parentCase | ||
| ) | throws IOException, TskCoreException |
Adds a Content instance (which is known to be a DataSource) to the CASE report. This means writing a selection of attributes to a CASE or UCO object.
| dataSource | Datasource content to write |
| parentCase | The parent case that this data source belongs in. It is assumed that this parent has been written to the report (via addCase) prior to this call. Otherwise, the report may be invalid. |
Definition at line 278 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASENode.addBundle(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASEPropertyBundle.addProperty(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.createRelationshipNode(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getCaseTraceId(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getDataSourcePath(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getDataSourceTraceId(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getRelationshipId().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportModule.generateReport().
| void org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile | ( | AbstractFile | file, |
| Content | parentDataSource | ||
| ) | throws IOException, TskCoreException |
Adds an AbstractFile instance to the Case UCO report.
| file | AbstractFile instance to write |
| parentDataSource | The parent data source for this abstract file. It is assumed that this parent has been written to the report (via addDataSource) prior to this call. Otherwise, the report may be invalid. |
| IOException | If an I/O error occurs. |
| TskCoreException |
Definition at line 131 of file CaseUcoReportGenerator.java.
| void org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile | ( | AbstractFile | file, |
| Content | parentDataSource, | ||
| Path | localPath | ||
| ) | throws IOException, TskCoreException |
Adds an AbstractFile instance to the Case UCO report.
| file | AbstractFile instance to write |
| parentDataSource | The parent data source for this abstract file. It is assumed that this parent has been written to the report (via addDataSource) prior to this call. Otherwise, the report may be invalid. |
| localPath | The location of the file on secondary storage, somewhere other than the case. Example: local disk. This value will be ignored if it is null. |
| IOException | |
| TskCoreException |
Definition at line 148 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASENode.addBundle(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASEPropertyBundle.addProperty(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.createContentDataBundle(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.createFileBundle(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.createRelationshipNode(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getDataSourceTraceId(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getFileTraceId(), org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getRelationshipId(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.getURLTraceId().
|
private |
Creates a Content Data Property Bundle with a selection of file attributes.
Definition at line 237 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASEPropertyBundle.addProperty().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile().
|
private |
Creates a File Property Bundle with a selection of file attributes.
Definition at line 216 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASEPropertyBundle.addProperty(), org.sleuthkit.autopsy.datamodel.ContentUtils.getStringTimeISO8601(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.timeZone.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile().
|
private |
All relationship nodes will be the same within our context. Namely, contained-within and isDirectional as true.
Definition at line 204 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.CASENode.addProperty().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addDataSource(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile().
| Path org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.generateReport | ( | ) | throws IOException |
Returns a Path to the completed Case UCO report file.
This marks the end of the CaseUcoReportGenerator's life cycle. This function will close an underlying file handles, meaning any subsequent calls to addX() will result in an IOException.
| IOException | If an I/O error occurs. |
Definition at line 387 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.reportPath.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportModule.generateReport().
|
private |
Creates a unique Case UCO trace id for a Case.
| caseObj |
Definition at line 373 of file CaseUcoReportGenerator.java.
References org.sleuthkit.autopsy.casemodule.Case.getName().
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addCase(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addDataSource().
|
private |
Definition at line 310 of file CaseUcoReportGenerator.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addDataSource().
|
private |
Creates a unique Case UCO trace id for a data source.
| dataSource |
Definition at line 332 of file CaseUcoReportGenerator.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addDataSource(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile().
|
private |
Creates a unique CASE Node file trace id.
Definition at line 257 of file CaseUcoReportGenerator.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile().
|
private |
Creates a unique CASE Node relationship id value.
Definition at line 264 of file CaseUcoReportGenerator.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addDataSource(), and org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile().
|
private |
Definition at line 196 of file CaseUcoReportGenerator.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.addFile().
|
staticprivate |
Definition at line 79 of file CaseUcoReportGenerator.java.
|
private |
Definition at line 83 of file CaseUcoReportGenerator.java.
|
private |
Definition at line 82 of file CaseUcoReportGenerator.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.generateReport().
|
private |
Definition at line 81 of file CaseUcoReportGenerator.java.
Referenced by org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportGenerator.createFileBundle().
Copyright © 2012-2020 Basis Technology. Generated on: Mon Jul 6 2020
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.