Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Public Attributes | Static Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary Class Reference

Inherits org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.

Classes

enum  AttributeColumn
 
enum  JoinType
 
class  TopProgramsResult
 

Public Member Functions

 TopProgramsSummary ()
 
 TopProgramsSummary (SleuthkitCaseProvider provider)
 
Set< Integer > getArtifactTypeIdsForRefresh ()
 
default Set< Case.Events > getCaseEventUpdates ()
 
default Set< IngestJobEvent > getIngestJobEventUpdates ()
 
String getShortFolderName (String strPath, String applicationName)
 
List< TopProgramsResultgetTopPrograms (DataSource dataSource, int count) throws SleuthkitCaseProviderException, TskCoreException, SQLException
 
default boolean isRefreshRequired (ModuleDataEvent evt)
 
default boolean isRefreshRequired (ModuleContentEvent evt)
 
default boolean isRefreshRequired (IngestManager.IngestJobEvent evt)
 
default boolean isRefreshRequired (AbstractFile evt)
 
boolean isRefreshRequired (IngestJobEvent evt)
 
default boolean isRefreshRequiredForCaseEvent (PropertyChangeEvent evt)
 

Public Attributes

Set< IngestJobEvent > INGEST_JOB_EVENTS
 

Static Private Member Functions

static String getAttributeJoin (JoinType joinType, AttributeColumn attributeColumn, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String keyName, String bbaName)
 
static String getFullKey (String key)
 
static String getLikeClause (String column, String likeString, boolean isLike)
 
static String getWhereString (List< String > clauses)
 

Private Attributes

final SleuthkitCaseProvider provider
 

Static Private Attributes

static final Set< Integer > ARTIFACT_UPDATE_TYPE_IDS
 
static final String QUERY_SUFFIX = "_query"
 
static final List< Function< List< String >, String > > SHORT_FOLDER_MATCHERS
 

Detailed Description

Provides information to populate Top Programs Summary queries.

Definition at line 46 of file TopProgramsSummary.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.TopProgramsSummary ( )
org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.TopProgramsSummary ( SleuthkitCaseProvider  provider)

Member Function Documentation

Set<Integer> org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getArtifactTypeIdsForRefresh ( )
static String org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getAttributeJoin ( JoinType  joinType,
AttributeColumn  attributeColumn,
BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
String  keyName,
String  bbaName 
)
staticprivate

Creates a sql statement querying the blackboard attributes table for a particular attribute type and returning a specified value. That query also joins with the blackboard artifact table.

Parameters
joinTypeThe type of join statement to create.
attributeColumnThe blackboard attribute column that should be returned.
attrTypeThe attribute type to query for.
keyNameThe aliased name of the attribute to return. This is also used to calculate the alias of the query same as getFullKey.
bbaNameThe blackboard artifact table alias.
Returns
The generated sql statement.

Definition at line 122 of file TopProgramsSummary.java.

References org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.QUERY_SUFFIX.

Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().

default Set<Case.Events> org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.getCaseEventUpdates ( )
inherited
Returns
The set of Case Events for which data should be updated.

Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.

Definition at line 57 of file DefaultUpdateGovernor.java.

static String org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getFullKey ( String  key)
staticprivate

Given a column key, creates the full name for the column key.

Parameters
keyThe column key.
Returns
The full identifier for the column key.

Definition at line 142 of file TopProgramsSummary.java.

Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().

default Set<IngestJobEvent> org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.getIngestJobEventUpdates ( )
inherited
static String org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getLikeClause ( String  column,
String  likeString,
boolean  isLike 
)
staticprivate

Generates a [column] LIKE sql clause.

Parameters
columnThe column identifier.
likeStringThe string that will be used as column comparison.
isLikeif false, the statement becomes NOT LIKE.
Returns
The generated statement.

Definition at line 175 of file TopProgramsSummary.java.

Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().

String org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getShortFolderName ( String  strPath,
String  applicationName 
)

Determines a short folder name if any. Otherwise, returns empty string.

Parameters
strPathThe string path.
applicationNameThe application name.
Returns
The short folder name or empty string if not found.

Definition at line 293 of file TopProgramsSummary.java.

Referenced by org.sleuthkit.autopsy.datasourcesummary.ui.UserActivityPanel.getShortFolderName().

List<TopProgramsResult> org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms ( DataSource  dataSource,
int  count 
) throws SleuthkitCaseProviderException, TskCoreException, SQLException
static String org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getWhereString ( List< String >  clauses)
staticprivate

Constructs a SQL 'where' statement from a list of clauses and puts parenthesis around each clause.

Parameters
clausesThe clauses
Returns
The generated 'where' statement.

Definition at line 154 of file TopProgramsSummary.java.

Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getTopPrograms().

default boolean org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.isRefreshRequired ( ModuleDataEvent  evt)
inherited

Given a module data event, whether or not an update should occur.

Parameters
evtThe ModuleDataEvent that is occurring.
Returns
Whether or not this event should trigger an update.

Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.

Definition at line 38 of file DefaultArtifactUpdateGovernor.java.

References org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.getArtifactTypeIdsForRefresh(), and org.sleuthkit.autopsy.ingest.ModuleDataEvent.getBlackboardArtifactType().

default boolean org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.isRefreshRequired ( ModuleContentEvent  evt)
inherited

Given a module content event, whether or not an update should occur.

Parameters
evtThe ModuleContentEvent.
Returns
Whether or not this event should trigger an update.

Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.

Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.ContainerSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.

Definition at line 42 of file DefaultUpdateGovernor.java.

default boolean org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.isRefreshRequired ( IngestManager.IngestJobEvent  evt)
inherited
default boolean org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.isRefreshRequired ( AbstractFile  evt)
inherited

Whether or not a newly added AbstractFile should trigger an update.

Parameters
evtThe AbstractFile.
Returns
True if an update should occur.

Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.

Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.ContainerSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.

Definition at line 67 of file DefaultUpdateGovernor.java.

boolean org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.isRefreshRequired ( IngestJobEvent  evt)
inherited

Given an ingest job event, determines whether or not an update should occur.

Parameters
evtThe event.
Returns
Whether or not this event should trigger an update.

Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.

default boolean org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.isRefreshRequiredForCaseEvent ( PropertyChangeEvent  evt)
inherited

Given a case event, whether or not an update should occur.

Parameters
evtThe event.
Returns
Whether or not this event should trigger an update.

Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.

Definition at line 37 of file DefaultUpdateGovernor.java.

Member Data Documentation

final Set<Integer> org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.ARTIFACT_UPDATE_TYPE_IDS
staticprivate
Initial value:
= new HashSet<>(Arrays.asList(
ARTIFACT_TYPE.TSK_PROG_RUN.getTypeID()
))

Definition at line 48 of file TopProgramsSummary.java.

Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getArtifactTypeIdsForRefresh().

Set<IngestJobEvent> org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.INGEST_JOB_EVENTS
inherited
Initial value:
= new HashSet<>(
Arrays.asList(IngestJobEvent.COMPLETED, IngestJobEvent.CANCELLED))

Definition at line 34 of file DefaultArtifactUpdateGovernor.java.

Referenced by org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.getIngestJobEventUpdates().

final SleuthkitCaseProvider org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.provider
private
final String org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.QUERY_SUFFIX = "_query"
staticprivate

The suffix joined to a key name for use as an identifier of a query.

Definition at line 74 of file TopProgramsSummary.java.

Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.getAttributeJoin().

final List<Function<List<String>, String> > org.sleuthkit.autopsy.datasourcesummary.datamodel.TopProgramsSummary.SHORT_FOLDER_MATCHERS
staticprivate
Initial value:
= Arrays.asList(
(pathList) -> {
if (pathList.size() < 2) {
return null;
}
String rootParent = pathList.get(0).toUpperCase();
if ("PROGRAM FILES".equals(rootParent) || "PROGRAM FILES (X86)".equals(rootParent)) {
return pathList.get(1);
} else {
return null;
}
},
(pathList) -> {
for (String pathEl : pathList) {
String uppered = pathEl.toUpperCase();
if ("APPLICATION DATA".equals(uppered) || "APPDATA".equals(uppered)) {
return "AppData";
}
}
return null;
}
)

Functions that determine the folder name of a list of path elements. If not matched, function returns null.

Definition at line 80 of file TopProgramsSummary.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.