Autopsy
4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits PropertyChangeListener.
Classes | |
class | CentralRepoHashSet |
class | HashDb |
class | HashDbIndexer |
class | HashDbManagerException |
enum | SetEvt |
class | SleuthkitHashSet |
Public Member Functions | |
synchronized HashDb | addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabaseNoSave (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized void | addPropertyChangeListener (PropertyChangeListener listener) |
synchronized List< HashDb > | getAllHashSets () |
synchronized List< HashDb > | getKnownBadFileHashSets () |
synchronized List< HashDb > | getKnownFileHashSets () |
synchronized List< HashDb > | getUpdateableHashSets () |
synchronized void | loadLastSavedConfiguration () |
void | propertyChange (PropertyChangeEvent event) |
synchronized void | removeHashDatabase (HashDb hashDb) throws HashDbManagerException |
synchronized void | removeHashDatabaseNoSave (HashDb hashDb) throws HashDbManagerException |
synchronized void | removePropertyChangeListener (PropertyChangeListener listener) |
Static Public Member Functions | |
static synchronized HashDbManager | getInstance () |
Private Member Functions | |
HashDbManager () | |
SleuthkitHashSet | addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException |
void | checkDbCollision (String path, String hashSetName) throws HashDbManagerException, MissingResourceException |
void | closeHashDatabases (List< HashDb > hashDatabases) |
void | configureCrDbs () |
void | configureLocalDb (HashDbInfo hashDbInfo) |
void | configureSettings (HashLookupSettings settings, Set< String > officialSetNames) |
List< HashDbInfo > | getCentralRepoHashSetsFromDatabase () |
HashDb | getOfficialHashDbFromFile (File file) throws HashDbManagerException, TskCoreException |
List< HashDb > | getUpdateableHashSets (List< HashDb > hashDbs) |
String | getValidFilePath (String hashSetName, String configuredPath) |
List< HashDbInfo > | handleNameConflict (List< HashDbInfo > curHashsets, Set< String > officialNames) |
boolean | hashDbInfoIsNew (HashDbInfo dbInfo) |
void | loadHashsetsConfiguration () |
void | loadOfficialHashSets () |
List< HashDb > | loadOfficialHashSetsFromFolder (String folder) throws HashDbManagerException |
String | searchForFile () |
void | updateHashSetsFromCentralRepository () throws TskCoreException |
Private Attributes | |
boolean | allDatabasesLoadedCorrectly = false |
Set< String > | hashSetNames = new HashSet<>() |
Set< String > | hashSetPaths = new HashSet<>() |
List< HashDb > | hashSets = new ArrayList<>() |
Set< String > | officialHashSetNames = new HashSet<>() |
Set< String > | officialHashSetPaths = new HashSet<>() |
List< HashDb > | officialHashSets = new ArrayList<>() |
Static Private Attributes | |
static final String | DB_NAME_PARAM = "dbName" |
static final FilenameFilter | DEFAULT_KDB_FILTER |
static final String | HASH_DATABASE_FILE_EXTENSON = "kdb" |
static HashDbManager | instance = null |
static final String | KDB_EXT = "kdb" |
static final String | KNOWN_STATUS_PARAM = "knownStatus" |
static final Logger | logger = Logger.getLogger(HashDbManager.class.getName()) |
static final Pattern | OFFICIAL_FILENAME = Pattern.compile("(?<" + DB_NAME_PARAM + ">.+?)\\.(?<" + KNOWN_STATUS_PARAM + ">.+?)\\." + KDB_EXT) |
static final String | OFFICIAL_HASH_SETS_FOLDER = "OfficialHashSets" |
This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or notable.
Definition at line 74 of file HashDbManager.java.
|
private |
Definition at line 138 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds an existing hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
hashSetName | Name used to represent the hash database in user interface components. |
path | Full path to either a hash database file or a hash database index file. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 183 of file HashDbManager.java.
|
private |
Definition at line 278 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_ADDED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureLocalDb().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds a new hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
hashSetName | Hash set name used to represent the hash database in user interface components. |
path | Full path to the database file to be created. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 224 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Definition at line 235 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.checkDbCollision().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener | ( | PropertyChangeListener | listener | ) |
|
private |
Throws an exception if the provided path or hashSetName already belong to an existing database.
path | The path. |
hashSetName | The hash set name. |
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManagerException | |
MissingResourceException |
Definition at line 268 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().
|
private |
Definition at line 544 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
|
private |
Configures central repository hash set databases.
Definition at line 775 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Handles configuring a local hash set database.
hashDbInfo | The local hash set database. |
Definition at line 793 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Configures the given settings object by adding all contained hash db to the system.
settings | The settings to configure. |
officialSetNames | The official set names. Any name collisions will trigger rename for primary file. |
Definition at line 738 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureCrDbs(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureLocalDb(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.handleNameConflict(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled(), and org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets | ( | ) |
Gets all of the hash databases used to classify files as known or known bad. Will add any new central repository databases to the list before returning it.
Definition at line 453 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.saveSettings(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp().
|
private |
Definition at line 511 of file HashDbManager.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.fromFileKnown(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getAllReferenceSets(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
static |
Gets the singleton instance of this class.
Definition at line 119 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.AddContentToHashDbAction.AddContentToHashDbMenu.addExistingHashDatabases(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), org.sleuthkit.autopsy.modules.hashdatabase.ImportCentralRepoDbProgressDialog.CentralRepoImportWorker.done(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getScorePropertyAndDescription(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.HashLookupSettingsPanel().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as notable.
Definition at line 481 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
Referenced by org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getScorePropertyAndDescription().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known.
Definition at line 469 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN.
|
private |
Loads an official hash set from the given file.
file | The kdb file to load. |
HashDbManagerException | If file does not exist or does not match naming convention (See HashDbManager.OFFICIAL_FILENAME for regex). |
Definition at line 701 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSetsFromFolder().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets | ( | ) |
Gets all of the hash databases that accept updates.
Definition at line 493 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.AddContentToHashDbAction.AddContentToHashDbMenu.addExistingHashDatabases().
|
private |
Definition at line 845 of file HashDbManager.java.
References org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureLocalDb().
|
private |
Handles a potential conflict between official and non-official hash sets. Non-official hashsets have '(Custom)' added. If a conflict is identified, the hashset settings are fixed, saved, reloaded, and returned. Otherwise, the original list is returned.
curHashsets | The list of non-official hash sets. |
officialNames | The set of names for official hash sets. |
Definition at line 615 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Definition at line 836 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
private |
Definition at line 557 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSets().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration | ( | ) |
Restores the last saved hash sets configuration. This supports cancellation of configuration panels.
Definition at line 536 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel().
|
private |
Loads official hash sets into officialHashSets and also populates officialHashSetPaths and officialHashSetNames variables.
Definition at line 572 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSetsFromFolder().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
|
private |
Loads official hash sets from the given folder.
folder | The folder from which to load official hash sets. |
HashDbManagerException | If folder does not exist. |
Definition at line 668 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getOfficialHashDbFromFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSets().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange | ( | PropertyChangeEvent | event | ) |
Definition at line 354 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Removes a hash database from the set of hash databases used to classify files as known or notable and saves the configuration.
hashDb |
HashDbManagerException |
Definition at line 378 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Definition at line 383 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_DELETED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning(), and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.deleteDatabaseButtonActionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.hashSetTableKeyPressed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.indexButtonActionPerformed(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 130 of file HashDbManager.java.
|
private |
Definition at line 871 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath().
|
private |
Definition at line 822 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashDbInfoIsNew(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureCrDbs(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets().
|
private |
Definition at line 88 of file HashDbManager.java.
|
staticprivate |
Definition at line 93 of file HashDbManager.java.
|
staticprivate |
Definition at line 97 of file HashDbManager.java.
|
staticprivate |
Definition at line 76 of file HashDbManager.java.
|
private |
Definition at line 79 of file HashDbManager.java.
|
private |
Definition at line 80 of file HashDbManager.java.
|
private |
Definition at line 78 of file HashDbManager.java.
|
staticprivate |
Definition at line 77 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
|
staticprivate |
Definition at line 91 of file HashDbManager.java.
|
staticprivate |
Definition at line 94 of file HashDbManager.java.
|
staticprivate |
Definition at line 87 of file HashDbManager.java.
|
staticprivate |
Definition at line 95 of file HashDbManager.java.
|
staticprivate |
Definition at line 90 of file HashDbManager.java.
|
private |
Definition at line 83 of file HashDbManager.java.
|
private |
Definition at line 84 of file HashDbManager.java.
|
private |
Definition at line 82 of file HashDbManager.java.
Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.