Autopsy
4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.
Classes | |
enum | AttributeColumn |
enum | JoinType |
class | TopProgramsResult |
Public Member Functions | |
TopProgramsSummary () | |
TopProgramsSummary (SleuthkitCaseProvider provider) | |
Set< Integer > | getArtifactTypeIdsForRefresh () |
default Set< Case.Events > | getCaseEventUpdates () |
default Set< IngestJobEvent > | getIngestJobEventUpdates () |
String | getShortFolderName (String strPath, String applicationName) |
List< TopProgramsResult > | getTopPrograms (DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException, SQLException |
default boolean | isRefreshRequired (ModuleDataEvent evt) |
default boolean | isRefreshRequired (ModuleContentEvent evt) |
default boolean | isRefreshRequired (IngestManager.IngestJobEvent evt) |
default boolean | isRefreshRequired (AbstractFile evt) |
boolean | isRefreshRequired (IngestJobEvent evt) |
default boolean | isRefreshRequiredForCaseEvent (PropertyChangeEvent evt) |
Public Attributes | |
Set< IngestJobEvent > | INGEST_JOB_EVENTS |
Static Private Member Functions | |
static String | getAttributeJoin (JoinType joinType, AttributeColumn attributeColumn, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String keyName, String bbaName) |
static String | getFullKey (String key) |
static String | getLikeClause (String column, String likeString, boolean isLike) |
static String | getWhereString (List< String > clauses) |
Private Attributes | |
final SleuthkitCaseProvider | provider |
Static Private Attributes | |
static final Set< Integer > | ARTIFACT_UPDATE_TYPE_IDS |
static final String | QUERY_SUFFIX = "_query" |
static final List< Function< List< String >, String > > | SHORT_FOLDER_MATCHERS |
Provides information to populate Top Programs Summary queries.
Definition at line 46 of file TopProgramsSummary.java.
org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.TopProgramsSummary | ( | ) |
Definition at line 181 of file TopProgramsSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT.
org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.TopProgramsSummary | ( | SleuthkitCaseProvider | provider | ) |
Definition at line 185 of file TopProgramsSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.provider.
Set<Integer> org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getArtifactTypeIdsForRefresh | ( | ) |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.
Definition at line 190 of file TopProgramsSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.ARTIFACT_UPDATE_TYPE_IDS.
|
staticprivate |
Creates a sql statement querying the blackboard attributes table for a particular attribute type and returning a specified value. That query also joins with the blackboard artifact table.
joinType | The type of join statement to create. |
attributeColumn | The blackboard attribute column that should be returned. |
attrType | The attribute type to query for. |
keyName | The aliased name of the attribute to return. This is also used to calculate the alias of the query same as getFullKey. |
bbaName | The blackboard artifact table alias. |
Definition at line 122 of file TopProgramsSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.QUERY_SUFFIX.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().
|
inherited |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Definition at line 57 of file DefaultUpdateGovernor.java.
|
staticprivate |
Given a column key, creates the full name for the column key.
key | The column key. |
Definition at line 142 of file TopProgramsSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().
|
inherited |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.
Definition at line 52 of file DefaultArtifactUpdateGovernor.java.
References org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.INGEST_JOB_EVENTS.
|
staticprivate |
Generates a [column] LIKE sql clause.
column | The column identifier. |
likeString | The string that will be used as column comparison. |
isLike | if false, the statement becomes NOT LIKE. |
Definition at line 175 of file TopProgramsSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().
String org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getShortFolderName | ( | String | strPath, |
String | applicationName | ||
) |
Determines a short folder name if any. Otherwise, returns empty string.
strPath | The string path. |
applicationName | The application name. |
Definition at line 293 of file TopProgramsSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.ui.UserActivityPanel.getShortFolderName().
List<TopProgramsResult> org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms | ( | DataSource | dataSource, |
int | count | ||
) | throws SleuthkitCaseProviderException, TskCoreException, SQLException |
Retrieves a list of the top programs used on the data source. Currently determines this based off of which prefetch results return the highest count.
dataSource | The data source. |
count | The number of programs to return. |
SleuthkitCaseProviderException | |
TskCoreException | |
SQLException |
Definition at line 208 of file TopProgramsSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get(), org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getAttributeJoin(), org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getFullKey(), org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getLikeClause(), org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getWhereString(), org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.JoinType.INNER, org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.JoinType.LEFT, org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.AttributeColumn.value_int32, org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.AttributeColumn.value_int64, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.AttributeColumn.value_text.
Referenced by org.sleuthkit.autopsy.datasourcesummary.ui.UserActivityPanel.UserActivityPanel().
|
staticprivate |
Constructs a SQL 'where' statement from a list of clauses and puts parenthesis around each clause.
clauses | The clauses |
Definition at line 154 of file TopProgramsSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().
|
inherited |
Given a module data event, whether or not an update should occur.
evt | The ModuleDataEvent that is occurring. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.
Definition at line 38 of file DefaultArtifactUpdateGovernor.java.
References org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.getArtifactTypeIdsForRefresh(), and org.sleuthkit.autopsy.ingest.ModuleDataEvent.getBlackboardArtifactType().
|
inherited |
Given a module content event, whether or not an update should occur.
evt | The ModuleContentEvent. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.ContainerSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.
Definition at line 42 of file DefaultUpdateGovernor.java.
|
inherited |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.
Definition at line 47 of file DefaultArtifactUpdateGovernor.java.
|
inherited |
Whether or not a newly added AbstractFile should trigger an update.
evt | The AbstractFile. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.ContainerSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.
Definition at line 67 of file DefaultUpdateGovernor.java.
|
inherited |
Given an ingest job event, determines whether or not an update should occur.
evt | The event. |
Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.
|
inherited |
Given a case event, whether or not an update should occur.
evt | The event. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Definition at line 37 of file DefaultUpdateGovernor.java.
|
staticprivate |
Definition at line 48 of file TopProgramsSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getArtifactTypeIdsForRefresh().
|
inherited |
Definition at line 34 of file DefaultArtifactUpdateGovernor.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.getIngestJobEventUpdates().
|
private |
Definition at line 179 of file TopProgramsSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.TopProgramsSummary().
|
staticprivate |
The suffix joined to a key name for use as an identifier of a query.
Definition at line 74 of file TopProgramsSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getAttributeJoin().
|
staticprivate |
Functions that determine the folder name of a list of path elements. If not matched, function returns null.
Definition at line 80 of file TopProgramsSummary.java.
Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.