api-docs/4.16.0/_user_activity_summary_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2020 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.datasourcesummary.datamodel;


 import org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor;

 import java.util.ArrayList;

 import java.util.Arrays;

 import java.util.Collection;

 import java.util.Collections;

 import java.util.Comparator;

 import java.util.Date;

 import java.util.HashMap;

 import java.util.HashSet;

 import java.util.List;

 import java.util.Map;

 import java.util.Set;

 import java.util.logging.Level;

 import java.util.stream.Collectors;

 import java.util.stream.Stream;

 import org.apache.commons.lang3.StringUtils;

 import org.apache.commons.lang3.tuple.Pair;

 import org.openide.util.NbBundle.Messages;

 import org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import org.sleuthkit.datamodel.DataSource;

 import org.sleuthkit.datamodel.TskCoreException;

 import org.sleuthkit.autopsy.texttranslation.NoServiceProviderException;

 import org.sleuthkit.autopsy.texttranslation.TextTranslationService;

 import org.sleuthkit.autopsy.texttranslation.TranslationException;

 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;

 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;


 public class UserActivitySummary implements DefaultArtifactUpdateGovernor {


     private static final BlackboardArtifact.Type TYPE_DEVICE_ATTACHED = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED);

     private static final BlackboardArtifact.Type TYPE_WEB_HISTORY = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_HISTORY);


     private static final BlackboardAttribute.Type TYPE_DATETIME = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME);

     private static final BlackboardAttribute.Type TYPE_DATETIME_ACCESSED = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED);

     private static final BlackboardAttribute.Type TYPE_DEVICE_ID = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID);

     private static final BlackboardAttribute.Type TYPE_DEVICE_MAKE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE);

     private static final BlackboardAttribute.Type TYPE_DEVICE_MODEL = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL);

     private static final BlackboardAttribute.Type TYPE_MESSAGE_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE);

     private static final BlackboardAttribute.Type TYPE_TEXT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_TEXT);

     private static final BlackboardAttribute.Type TYPE_DATETIME_RCVD = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_RCVD);

     private static final BlackboardAttribute.Type TYPE_DATETIME_SENT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_SENT);

     private static final BlackboardAttribute.Type TYPE_DATETIME_START = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_START);

     private static final BlackboardAttribute.Type TYPE_DATETIME_END = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_END);

     private static final BlackboardAttribute.Type TYPE_DOMAIN = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DOMAIN);


     private static final Comparator<TopAccountResult> TOP_ACCOUNT_RESULT_DATE_COMPARE = (a, b) -> a.getLastAccess().compareTo(b.getLastAccess());

     private static final Comparator<TopWebSearchResult> TOP_WEBSEARCH_RESULT_DATE_COMPARE = (a, b) -> a.getDateAccessed().compareTo(b.getDateAccessed());


     private static final Set<Integer> ARTIFACT_UPDATE_TYPE_IDS = new HashSet<>(Arrays.asList(

             ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY.getTypeID(),

             ARTIFACT_TYPE.TSK_MESSAGE.getTypeID(),

             ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(),

             ARTIFACT_TYPE.TSK_CALLLOG.getTypeID(),

             ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID(),

             ARTIFACT_TYPE.TSK_WEB_HISTORY.getTypeID()

     ));


     private static final Set<String> DEVICE_EXCLUDE_LIST = new HashSet<>(Arrays.asList("ROOT_HUB", "ROOT_HUB20"));

     private static final Set<String> DOMAIN_EXCLUDE_LIST = new HashSet<>(Arrays.asList("127.0.0.1", "LOCALHOST"));


     private static final long MS_PER_DAY = 1000 * 60 * 60 * 24;

     private static final long DOMAIN_WINDOW_DAYS = 30;

     private static final long DOMAIN_WINDOW_MS = DOMAIN_WINDOW_DAYS * MS_PER_DAY;


     private final SleuthkitCaseProvider caseProvider;

     private final TextTranslationService translationService;

     private final java.util.logging.Logger logger;


     public UserActivitySummary() {

         this(SleuthkitCaseProvider.DEFAULT, TextTranslationService.getInstance(),

                 org.sleuthkit.autopsy.coreutils.Logger.getLogger(UserActivitySummary.class.getName()));

     }


     public UserActivitySummary(

             SleuthkitCaseProvider provider,

             TextTranslationService translationService,

             java.util.logging.Logger logger) {


         this.caseProvider = provider;

         this.translationService = translationService;

         this.logger = logger;

     }


     @Override

     public Set<Integer> getArtifactTypeIdsForRefresh() {

         return ARTIFACT_UPDATE_TYPE_IDS;

     }


     private void assertValidCount(int count) {

         if (count <= 0) {

             throw new IllegalArgumentException("Count must be greater than 0");

         }

     }


     public List<TopDomainsResult> getRecentDomains(DataSource dataSource, int count) throws TskCoreException, SleuthkitCaseProviderException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         Pair<Long, Map<String, List<Long>>> mostRecentAndGroups = getDomainGroupsAndMostRecent(dataSource);

         // if no recent domains, return accordingly

         if (mostRecentAndGroups.getKey() == null || mostRecentAndGroups.getValue().size() == 0) {

             return Collections.emptyList();

         }


         final long mostRecentMs = mostRecentAndGroups.getLeft();

         Map<String, List<Long>> groups = mostRecentAndGroups.getRight();


         return groups.entrySet().stream()

                 .map(entry -> getDomainsResult(entry.getKey(), entry.getValue(), mostRecentMs))

                 .filter(result -> result != null)

                 // sort by number of visit times in those 30 days (max to min)

                 .sorted((a, b) -> -Long.compare(a.getVisitTimes(), b.getVisitTimes()))

                 // limit the result number to the parameter provided

                 .limit(count)

                 .collect(Collectors.toList());

     }


     private TopDomainsResult getDomainsResult(String domain, List<Long> visits, long mostRecentMs) {

         long visitCount = 0;

         Long thisMostRecentMs = null;


         for (Long visitMs : visits) {

             // make sure that visit is within window of mostRecentMS; otherwise skip it.

             if (visitMs + DOMAIN_WINDOW_MS < mostRecentMs) {

                 continue;

             }


             // if visit is within window, increment the count and get most recent

             visitCount++;

             thisMostRecentMs = getMax(thisMostRecentMs, visitMs);

         }


         // if there are no visits within the window, return null

         if (visitCount <= 0 || thisMostRecentMs == null) {

             return null;

         } else {

             // create a top domain result with the domain, count, and most recent visit date

             return new TopDomainsResult(domain, visitCount, new Date(thisMostRecentMs));

         }

     }


     private Pair<Long, Map<String, List<Long>>> getDomainGroupsAndMostRecent(DataSource dataSource) throws TskCoreException, SleuthkitCaseProviderException {

         List<BlackboardArtifact> artifacts = DataSourceInfoUtilities.getArtifacts(caseProvider.get(), TYPE_WEB_HISTORY,

                 dataSource, TYPE_DATETIME_ACCESSED, DataSourceInfoUtilities.SortOrder.DESCENDING, 0);


         Long mostRecentMs = null;

         Map<String, List<Long>> domainVisits = new HashMap<>();


         for (BlackboardArtifact art : artifacts) {

             Long artifactDateSecs = DataSourceInfoUtilities.getLongOrNull(art, TYPE_DATETIME_ACCESSED);

             String domain = DataSourceInfoUtilities.getStringOrNull(art, TYPE_DOMAIN);


             // if there isn't a last access date or domain for this artifact, it can be ignored.

             // Also, ignore the loopback address.

             if (artifactDateSecs == null || StringUtils.isBlank(domain) || DOMAIN_EXCLUDE_LIST.contains(domain.toUpperCase().trim())) {

                 continue;

             }


             Long artifactDateMs = artifactDateSecs * 1000;


             // update the most recent visit date overall

             mostRecentMs = getMax(mostRecentMs, artifactDateMs);


             //Normalize the domain to lower case.

             domain = domain.toLowerCase().trim();


             // add this visit date to the list of dates for the domain

             List<Long> domainVisitList = domainVisits.get(domain);

             if (domainVisitList == null) {

                 domainVisitList = new ArrayList<>();

                 domainVisits.put(domain, domainVisitList);

             }


             domainVisitList.add(artifactDateMs);

         }


         return Pair.of(mostRecentMs, domainVisits);

     }


     private static Long getMax(Long num1, Long num2) {

         if (num1 == null) {

             return num2;

         } else if (num2 == null) {

             return num1;

         } else {

             return num2 > num1 ? num2 : num1;

         }

     }


     private static TopWebSearchResult getWebSearchResult(BlackboardArtifact artifact) {

         String searchString = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_TEXT);

         Date dateAccessed = DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME_ACCESSED);

         return (StringUtils.isNotBlank(searchString) && dateAccessed != null)

                 ? new TopWebSearchResult(searchString, dateAccessed)

                 : null;

     }


     public List<TopWebSearchResult> getMostRecentWebSearches(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         // get the artifacts

         List<BlackboardArtifact> webSearchArtifacts = caseProvider.get().getBlackboard()

                 .getArtifacts(ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY.getTypeID(), dataSource.getId());


         // group by search string (case insensitive)

         Collection<List<TopWebSearchResult>> resultGroups = webSearchArtifacts

                 .stream()

                 // get items where search string and date is not null

                 .map(UserActivitySummary::getWebSearchResult)

                 // remove null records

                 .filter(result -> result != null)

                 // get these messages grouped by search to string

                 .collect(Collectors.groupingBy((result) -> result.getSearchString().toUpperCase()))

                 .values();


         // get the most recent date for each search term

         List<TopWebSearchResult> results = resultGroups

                 .stream()

                 // get the most recent access per search type

                 .map((list) -> list.stream().max(TOP_WEBSEARCH_RESULT_DATE_COMPARE).get())

                 // get most recent searches first

                 .sorted(TOP_WEBSEARCH_RESULT_DATE_COMPARE.reversed())

                 .limit(count)

                 // get as list

                 .collect(Collectors.toList());


         // get translation if possible

         if (translationService.hasProvider()) {

             for (TopWebSearchResult result : results) {

                 result.setTranslatedResult(getTranslationOrNull(result.getSearchString()));

             }

         }


         return results;

     }


     private String getTranslationOrNull(String original) {

         if (!translationService.hasProvider() || StringUtils.isBlank(original)) {

             return null;

         }


         String translated = null;

         try {

             translated = translationService.translate(original);

         } catch (NoServiceProviderException | TranslationException ex) {

             logger.log(Level.WARNING, String.format("There was an error translating text: '%s'", original), ex);

         }


         // if there is no translation or the translation is the same as the original, return null.

         if (StringUtils.isBlank(translated)

                 || translated.toUpperCase().trim().equals(original.toUpperCase().trim())) {


             return null;

         }


         return translated;

     }


     public List<TopDeviceAttachedResult> getRecentDevices(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         return DataSourceInfoUtilities.getArtifacts(caseProvider.get(), TYPE_DEVICE_ATTACHED,

                 dataSource, TYPE_DATETIME, DataSourceInfoUtilities.SortOrder.DESCENDING, 0)

                 .stream()

                 .map(artifact -> {

                     return new TopDeviceAttachedResult(

                             DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_ID),

                             DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME),

                             DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_MAKE),

                             DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_DEVICE_MODEL)

                     );

                 })

                 // remove Root Hub identifier

                 .filter(result -> {

                     return result.getDeviceModel() == null

                             || !DEVICE_EXCLUDE_LIST.contains(result.getDeviceModel().trim().toUpperCase());

                 })

                 .limit(count)

                 .collect(Collectors.toList());

     }


     private static TopAccountResult getMessageAccountResult(BlackboardArtifact artifact) {

         String type = DataSourceInfoUtilities.getStringOrNull(artifact, TYPE_MESSAGE_TYPE);

         Date date = DataSourceInfoUtilities.getDateOrNull(artifact, TYPE_DATETIME);

         return (StringUtils.isNotBlank(type) && date != null)

                 ? new TopAccountResult(type, date)

                 : null;

     }


     private static TopAccountResult getAccountResult(BlackboardArtifact artifact, String messageType, BlackboardAttribute.Type... dateAttrs) {

         String type = messageType;


         Date latestDate = null;

         if (dateAttrs != null) {

             latestDate = Stream.of(dateAttrs)

                     .map((attr) -> DataSourceInfoUtilities.getDateOrNull(artifact, attr))

                     .filter((date) -> date != null)

                     .max((a, b) -> a.compareTo(b))

                     .orElse(null);

         }


         return (StringUtils.isNotBlank(type) && latestDate != null)

                 ? new TopAccountResult(type, latestDate)

                 : null;

     }


     @Messages({

         "DataSourceUserActivitySummary_getRecentAccounts_emailMessage=Email Message",

         "DataSourceUserActivitySummary_getRecentAccounts_calllogMessage=Call Log",})

     public List<TopAccountResult> getRecentAccounts(DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException {

         assertValidCount(count);


         if (dataSource == null) {

             return Collections.emptyList();

         }


         Stream<TopAccountResult> messageResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_MESSAGE.getTypeID(), dataSource.getId())

                 .stream()

                 .map((art) -> getMessageAccountResult(art));


         Stream<TopAccountResult> emailResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(), dataSource.getId())

                 .stream()

                 .map((art) -> {

                     return getAccountResult(

                             art,

                             Bundle.DataSourceUserActivitySummary_getRecentAccounts_emailMessage(),

                             TYPE_DATETIME_RCVD,

                             TYPE_DATETIME_SENT);

                 });


         Stream<TopAccountResult> calllogResults = caseProvider.get().getBlackboard().getArtifacts(ARTIFACT_TYPE.TSK_CALLLOG.getTypeID(), dataSource.getId())

                 .stream()

                 .map((art) -> {

                     return getAccountResult(

                             art,

                             Bundle.DataSourceUserActivitySummary_getRecentAccounts_calllogMessage(),

                             TYPE_DATETIME_START,

                             TYPE_DATETIME_END);

                 });


         Stream<TopAccountResult> allResults = Stream.concat(messageResults, Stream.concat(emailResults, calllogResults));


         // get them grouped by account type

         Collection<List<TopAccountResult>> groupedResults = allResults

                 // remove null records

                 .filter(result -> result != null)

                 // get these messages grouped by account type

                 .collect(Collectors.groupingBy(TopAccountResult::getAccountType))

                 .values();


         // get account type sorted by most recent date

         return groupedResults

                 .stream()

                 // get the most recent access per account type

                 .map((accountGroup) -> accountGroup.stream().max(TOP_ACCOUNT_RESULT_DATE_COMPARE).get())

                 // get most recent accounts accessed

                 .sorted(TOP_ACCOUNT_RESULT_DATE_COMPARE.reversed())

                 // limit to count

                 .limit(count)

                 // get as list

                 .collect(Collectors.toList());

     }


     public static class TopWebSearchResult {


         private final String searchString;

         private final Date dateAccessed;

         private String translatedResult;


         public TopWebSearchResult(String searchString, Date dateAccessed) {

             this.searchString = searchString;

             this.dateAccessed = dateAccessed;

         }


         public String getTranslatedResult() {

             return translatedResult;

         }


         public void setTranslatedResult(String translatedResult) {

             this.translatedResult = translatedResult;

         }


         public String getSearchString() {

             return searchString;

         }


         public Date getDateAccessed() {

             return dateAccessed;

         }

     }


     public static class TopDeviceAttachedResult {


         private final String deviceId;

         private final Date dateAccessed;

         private final String deviceMake;

         private final String deviceModel;


         public TopDeviceAttachedResult(String deviceId, Date dateAccessed, String deviceMake, String deviceModel) {

             this.deviceId = deviceId;

             this.dateAccessed = dateAccessed;

             this.deviceMake = deviceMake;

             this.deviceModel = deviceModel;

         }


         public String getDeviceId() {

             return deviceId;

         }


         public Date getDateAccessed() {

             return dateAccessed;

         }


         public String getDeviceMake() {

             return deviceMake;

         }


         public String getDeviceModel() {

             return deviceModel;

         }

     }


     public static class TopAccountResult {


         private final String accountType;

         private final Date lastAccess;


         public TopAccountResult(String accountType, Date lastAccess) {

             this.accountType = accountType;

             this.lastAccess = lastAccess;

         }


         public String getAccountType() {

             return accountType;

         }


         public Date getLastAccess() {

             return lastAccess;

         }

     }


     public static class TopDomainsResult {


         private final String domain;

         private final Long visitTimes;

         private final Date lastVisit;


         public TopDomainsResult(String domain, Long visitTimes, Date lastVisit) {

             this.domain = domain;

             this.visitTimes = visitTimes;

             this.lastVisit = lastVisit;

         }


         public String getDomain() {

             return domain;

         }


         public Long getVisitTimes() {

             return visitTimes;

         }


         public Date getLastVisit() {

             return lastVisit;

         }

     }

 }

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDateAccessed
Date getDateAccessed()
Definition: UserActivitySummary.java:628

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME
static final BlackboardAttribute.Type TYPE_DATETIME
Definition: UserActivitySummary.java:60

org.sleuthkit

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.TopDeviceAttachedResult
TopDeviceAttachedResult(String deviceId, Date dateAccessed, String deviceMake, String deviceModel)
Definition: UserActivitySummary.java:611

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_WEBSEARCH_RESULT_DATE_COMPARE
static final Comparator< TopWebSearchResult > TOP_WEBSEARCH_RESULT_DATE_COMPARE
Definition: UserActivitySummary.java:74

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.dateAccessed
final Date dateAccessed
Definition: UserActivitySummary.java:548

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.logger
final java.util.logging.Logger logger
Definition: UserActivitySummary.java:94

org.sleuthkit.autopsy.datasourcesummary.datamodel
Definition: AnalysisSummary.java:19

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.domain
final String domain
Definition: UserActivitySummary.java:687

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_MODEL
static final BlackboardAttribute.Type TYPE_DEVICE_MODEL
Definition: UserActivitySummary.java:64

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT
SleuthkitCaseProvider DEFAULT
Definition: SleuthkitCaseProvider.java:66

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DOMAIN
static final BlackboardAttribute.Type TYPE_DOMAIN
Definition: UserActivitySummary.java:71

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_ID
static final BlackboardAttribute.Type TYPE_DEVICE_ID
Definition: UserActivitySummary.java:62

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getWebSearchResult
static TopWebSearchResult getWebSearchResult(BlackboardArtifact artifact)
Definition: UserActivitySummary.java:288

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_START
static final BlackboardAttribute.Type TYPE_DATETIME_START
Definition: UserActivitySummary.java:69

org.sleuthkit.autopsy.texttranslation.TextTranslationService.translate
synchronized String translate(String input)
Definition: TextTranslationService.java:80

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.lastAccess
final Date lastAccess
Definition: UserActivitySummary.java:654

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider
Definition: SleuthkitCaseProvider.java:32

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.getLastVisit
Date getLastVisit()
Definition: UserActivitySummary.java:722

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.assertValidCount
void assertValidCount(int count)
Definition: UserActivitySummary.java:133

org.sleuthkit.autopsy.texttranslation.NoServiceProviderException
Definition: NoServiceProviderException.java:25

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult
Definition: UserActivitySummary.java:545

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult
Definition: UserActivitySummary.java:596

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.accountType
final String accountType
Definition: UserActivitySummary.java:653

org

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_WINDOW_MS
static final long DOMAIN_WINDOW_MS
Definition: UserActivitySummary.java:90

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMax
static Long getMax(Long num1, Long num2)
Definition: UserActivitySummary.java:270

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DEVICE_EXCLUDE_LIST
static final Set< String > DEVICE_EXCLUDE_LIST
Definition: UserActivitySummary.java:85

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentAccounts
List< TopAccountResult > getRecentAccounts(DataSource dataSource, int count)
Definition: UserActivitySummary.java:488

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_MAKE
static final BlackboardAttribute.Type TYPE_DEVICE_MAKE
Definition: UserActivitySummary.java:63

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainGroupsAndMostRecent
Pair< Long, Map< String, List< Long > > > getDomainGroupsAndMostRecent(DataSource dataSource)
Definition: UserActivitySummary.java:224

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.UserActivitySummary
UserActivitySummary(SleuthkitCaseProvider provider, TextTranslationService translationService, java.util.logging.Logger logger)
Definition: UserActivitySummary.java:113

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMostRecentWebSearches
List< TopWebSearchResult > getMostRecentWebSearches(DataSource dataSource, int count)
Definition: UserActivitySummary.java:311

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.TopAccountResult
TopAccountResult(String accountType, Date lastAccess)
Definition: UserActivitySummary.java:662

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMessageAccountResult
static TopAccountResult getMessageAccountResult(BlackboardArtifact artifact)
Definition: UserActivitySummary.java:434

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.dateAccessed
final Date dateAccessed
Definition: UserActivitySummary.java:599

org.sleuthkit.autopsy.datasourcesummary.uiutils
Definition: AbstractLoadableComponent.java:19

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult
Definition: UserActivitySummary.java:651

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_EXCLUDE_LIST
static final Set< String > DOMAIN_EXCLUDE_LIST
Definition: UserActivitySummary.java:86

org.sleuthkit.autopsy.coreutils
Definition: AppSQLiteDB.java:19

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.ARTIFACT_UPDATE_TYPE_IDS
static final Set< Integer > ARTIFACT_UPDATE_TYPE_IDS
Definition: UserActivitySummary.java:76

org.sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDevices
List< TopDeviceAttachedResult > getRecentDevices(DataSource dataSource, int count)
Definition: UserActivitySummary.java:399

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceModel
final String deviceModel
Definition: UserActivitySummary.java:601

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceId
final String deviceId
Definition: UserActivitySummary.java:598

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.deviceMake
final String deviceMake
Definition: UserActivitySummary.java:600

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.getDomain
String getDomain()
Definition: UserActivitySummary.java:708

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.getLastAccess
Date getLastAccess()
Definition: UserActivitySummary.java:677

org.sleuthkit.autopsy.texttranslation.TextTranslationService.getInstance
static TextTranslationService getInstance()
Definition: TextTranslationService.java:47

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTranslationOrNull
String getTranslationOrNull(String original)
Definition: UserActivitySummary.java:363

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainsResult
TopDomainsResult getDomainsResult(String domain, List< Long > visits, long mostRecentMs)
Definition: UserActivitySummary.java:186

org.sleuthkit.autopsy.datasourcesummary

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.DOMAIN_WINDOW_DAYS
static final long DOMAIN_WINDOW_DAYS
Definition: UserActivitySummary.java:89

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.translationService
final TextTranslationService translationService
Definition: UserActivitySummary.java:93

org.sleuthkit.autopsy.texttranslation
Definition: NoServiceProviderException.java:19

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_SENT
static final BlackboardAttribute.Type TYPE_DATETIME_SENT
Definition: UserActivitySummary.java:68

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.MS_PER_DAY
static final long MS_PER_DAY
Definition: UserActivitySummary.java:88

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.TopDomainsResult
TopDomainsResult(String domain, Long visitTimes, Date lastVisit)
Definition: UserActivitySummary.java:699

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.translatedResult
String translatedResult
Definition: UserActivitySummary.java:549

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getArtifactTypeIdsForRefresh
Set< Integer > getArtifactTypeIdsForRefresh()
Definition: UserActivitySummary.java:124

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_ACCESSED
static final BlackboardAttribute.Type TYPE_DATETIME_ACCESSED
Definition: UserActivitySummary.java:61

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TOP_ACCOUNT_RESULT_DATE_COMPARE
static final Comparator< TopAccountResult > TOP_ACCOUNT_RESULT_DATE_COMPARE
Definition: UserActivitySummary.java:73

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult
Definition: UserActivitySummary.java:685

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary
Definition: UserActivitySummary.java:55

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceMake
String getDeviceMake()
Definition: UserActivitySummary.java:635

org.sleuthkit.autopsy.texttranslation.TranslationException
Definition: TranslationException.java:24

org.sleuthkit.autopsy.texttranslation.TextTranslationService.hasProvider
synchronized boolean hasProvider()
Definition: TextTranslationService.java:122

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.getSearchString
String getSearchString()
Definition: UserActivitySummary.java:581

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.caseProvider
final SleuthkitCaseProvider caseProvider
Definition: UserActivitySummary.java:92

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.visitTimes
final Long visitTimes
Definition: UserActivitySummary.java:688

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.searchString
final String searchString
Definition: UserActivitySummary.java:547

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDomains
List< TopDomainsResult > getRecentDomains(DataSource dataSource, int count)
Definition: UserActivitySummary.java:149

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.setTranslatedResult
void setTranslatedResult(String translatedResult)
Definition: UserActivitySummary.java:574

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_END
static final BlackboardAttribute.Type TYPE_DATETIME_END
Definition: UserActivitySummary.java:70

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.lastVisit
final Date lastVisit
Definition: UserActivitySummary.java:689

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceModel
String getDeviceModel()
Definition: UserActivitySummary.java:642

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_MESSAGE_TYPE
static final BlackboardAttribute.Type TYPE_MESSAGE_TYPE
Definition: UserActivitySummary.java:65

org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.UserActivitySummary
UserActivitySummary()
Definition: UserActivitySummary.java:99

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_TEXT
static final BlackboardAttribute.Type TYPE_TEXT
Definition: UserActivitySummary.java:66

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.TopWebSearchResult
TopWebSearchResult(String searchString, Date dateAccessed)
Definition: UserActivitySummary.java:557

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.getTranslatedResult
String getTranslatedResult()
Definition: UserActivitySummary.java:565

org.sleuthkit.autopsy

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDomainsResult.getVisitTimes
Long getVisitTimes()
Definition: UserActivitySummary.java:715

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DEVICE_ATTACHED
static final BlackboardArtifact.Type TYPE_DEVICE_ATTACHED
Definition: UserActivitySummary.java:57

org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor
Definition: DefaultArtifactUpdateGovernor.java:32

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_DATETIME_RCVD
static final BlackboardAttribute.Type TYPE_DATETIME_RCVD
Definition: UserActivitySummary.java:67

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TYPE_WEB_HISTORY
static final BlackboardArtifact.Type TYPE_WEB_HISTORY
Definition: UserActivitySummary.java:58

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get
SleuthkitCase get()

org.sleuthkit.autopsy.texttranslation.TextTranslationService
Definition: TextTranslationService.java:32

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopWebSearchResult.getDateAccessed
Date getDateAccessed()
Definition: UserActivitySummary.java:588

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopAccountResult.getAccountType
String getAccountType()
Definition: UserActivitySummary.java:670

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.TopDeviceAttachedResult.getDeviceId
String getDeviceId()
Definition: UserActivitySummary.java:621

org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getAccountResult
static TopAccountResult getAccountResult(BlackboardArtifact artifact, String messageType, BlackboardAttribute.Type...dateAttrs)
Definition: UserActivitySummary.java:453

org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.SleuthkitCaseProviderException
Definition: SleuthkitCaseProvider.java:38