Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager Class Reference

Inherits PropertyChangeListener.

Classes

class  CentralRepoHashSet
 
class  HashDb
 
class  HashDbIndexer
 
class  HashDbManagerException
 
enum  SetEvt
 
class  SleuthkitHashSet
 

Public Member Functions

synchronized HashDb addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException
 
synchronized HashDb addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException
 
synchronized HashDb addNewHashDatabaseNoSave (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException
 
synchronized void addPropertyChangeListener (PropertyChangeListener listener)
 
synchronized List< HashDbgetAllHashSets ()
 
synchronized List< HashDbgetKnownBadFileHashSets ()
 
synchronized List< HashDbgetKnownFileHashSets ()
 
synchronized List< HashDbgetUpdateableHashSets ()
 
synchronized void loadLastSavedConfiguration ()
 
void propertyChange (PropertyChangeEvent event)
 
synchronized void removeHashDatabase (HashDb hashDb) throws HashDbManagerException
 
synchronized void removeHashDatabaseNoSave (HashDb hashDb) throws HashDbManagerException
 
synchronized void removePropertyChangeListener (PropertyChangeListener listener)
 

Static Public Member Functions

static synchronized HashDbManager getInstance ()
 

Private Member Functions

 HashDbManager ()
 
SleuthkitHashSet addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException
 
void checkDbCollision (String path, String hashSetName) throws HashDbManagerException, MissingResourceException
 
void closeHashDatabases (List< HashDb > hashDatabases)
 
void configureCrDbs ()
 
void configureLocalDb (HashDbInfo hashDbInfo)
 
void configureSettings (HashLookupSettings settings, Set< String > officialSetNames)
 
List< HashDbInfo > getCentralRepoHashSetsFromDatabase ()
 
HashDb getOfficialHashDbFromFile (File file) throws HashDbManagerException, TskCoreException
 
List< HashDbgetUpdateableHashSets (List< HashDb > hashDbs)
 
String getValidFilePath (String hashSetName, String configuredPath)
 
List< HashDbInfo > handleNameConflict (List< HashDbInfo > curHashsets, Set< String > officialNames)
 
boolean hashDbInfoIsNew (HashDbInfo dbInfo)
 
void loadHashsetsConfiguration ()
 
void loadOfficialHashSets ()
 
List< HashDbloadOfficialHashSetsFromFolder (String folder) throws HashDbManagerException
 
String searchForFile ()
 
void updateHashSetsFromCentralRepository () throws TskCoreException
 

Private Attributes

boolean allDatabasesLoadedCorrectly = false
 
Set< String > hashSetNames = new HashSet<>()
 
Set< String > hashSetPaths = new HashSet<>()
 
List< HashDbhashSets = new ArrayList<>()
 
Set< String > officialHashSetNames = new HashSet<>()
 
Set< String > officialHashSetPaths = new HashSet<>()
 
List< HashDbofficialHashSets = new ArrayList<>()
 

Static Private Attributes

static final String DB_NAME_PARAM = "dbName"
 
static final FilenameFilter DEFAULT_KDB_FILTER
 
static final String HASH_DATABASE_FILE_EXTENSON = "kdb"
 
static HashDbManager instance = null
 
static final String KDB_EXT = "kdb"
 
static final String KNOWN_STATUS_PARAM = "knownStatus"
 
static final Logger logger = Logger.getLogger(HashDbManager.class.getName())
 
static final Pattern OFFICIAL_FILENAME = Pattern.compile("(?<" + DB_NAME_PARAM + ">.+?)\\.(?<" + KNOWN_STATUS_PARAM + ">.+?)\\." + KDB_EXT)
 
static final String OFFICIAL_HASH_SETS_FOLDER = "OfficialHashSets"
 

Detailed Description

This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or notable.

Definition at line 74 of file HashDbManager.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager ( )
private

Member Function Documentation

synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase ( String  hashSetName,
String  path,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws HashDbManagerException

Adds an existing hash database to the set of hash databases used to classify files as known or notable and saves the configuration.

Parameters
hashSetNameName used to represent the hash database in user interface components.
pathFull path to either a hash database file or a hash database index file.
searchDuringIngestA flag indicating whether or not the hash database should be searched during ingest.
sendIngestMessagesA flag indicating whether hash set hit messages should be sent as ingest messages.
knownFilesTypeThe classification to apply to files whose hashes are found in the hash database.
Returns
A HashDb representing the hash database.
Exceptions
HashDbManagerException

Definition at line 183 of file HashDbManager.java.

SleuthkitHashSet org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase ( int  handle,
String  hashSetName,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws TskCoreException
private
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase ( String  hashSetName,
String  path,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws HashDbManagerException

Adds a new hash database to the set of hash databases used to classify files as known or notable and saves the configuration.

Parameters
hashSetNameHash set name used to represent the hash database in user interface components.
pathFull path to the database file to be created.
searchDuringIngestA flag indicating whether or not the hash database should be searched during ingest.
sendIngestMessagesA flag indicating whether hash set hit messages should be sent as ingest messages.
knownFilesTypeThe classification to apply to files whose hashes are found in the hash database.
Returns
A HashDb representing the hash database.
Exceptions
HashDbManagerException

Definition at line 224 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().

synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave ( String  hashSetName,
String  path,
boolean  searchDuringIngest,
boolean  sendIngestMessages,
HashDb.KnownFilesType  knownFilesType 
) throws HashDbManagerException
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener ( PropertyChangeListener  listener)
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.checkDbCollision ( String  path,
String  hashSetName 
) throws HashDbManagerException, MissingResourceException
private

Throws an exception if the provided path or hashSetName already belong to an existing database.

Parameters
pathThe path.
hashSetNameThe hash set name.
Exceptions
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManagerException
MissingResourceException

Definition at line 268 of file HashDbManager.java.

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases ( List< HashDb hashDatabases)
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureCrDbs ( )
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureLocalDb ( HashDbInfo  hashDbInfo)
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings ( HashLookupSettings  settings,
Set< String >  officialSetNames 
)
private
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets ( )
List<HashDbInfo> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase ( )
private
static synchronized HashDbManager org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance ( )
static
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets ( )

Gets all of the hash databases used to classify files as notable.

Returns
A list, possibly empty, of hash databases.

Definition at line 481 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.

Referenced by org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getScorePropertyAndDescription().

synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets ( )

Gets all of the hash databases used to classify files as known.

Returns
A list, possibly empty, of hash databases.

Definition at line 469 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN.

HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getOfficialHashDbFromFile ( File  file) throws HashDbManagerException, TskCoreException
private

Loads an official hash set from the given file.

Parameters
fileThe kdb file to load.
Returns
The HashDbInfo of the official set.
Exceptions
HashDbManagerExceptionIf file does not exist or does not match naming convention (See HashDbManager.OFFICIAL_FILENAME for regex).

Definition at line 701 of file HashDbManager.java.

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSetsFromFolder().

synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets ( )

Gets all of the hash databases that accept updates.

Returns
A list, possibly empty, of hash databases.

Definition at line 493 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets().

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.AddContentToHashDbAction.AddContentToHashDbMenu.addExistingHashDatabases().

List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets ( List< HashDb hashDbs)
private
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath ( String  hashSetName,
String  configuredPath 
)
private
List<HashDbInfo> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.handleNameConflict ( List< HashDbInfo >  curHashsets,
Set< String >  officialNames 
)
private

Handles a potential conflict between official and non-official hash sets. Non-official hashsets have '(Custom)' added. If a conflict is identified, the hashset settings are fixed, saved, reloaded, and returned. Otherwise, the original list is returned.

Parameters
curHashsetsThe list of non-official hash sets.
officialNamesThe set of names for official hash sets.
Returns
The new list of non-official hash sets with conflicts removed.

Definition at line 615 of file HashDbManager.java.

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().

boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashDbInfoIsNew ( HashDbInfo  dbInfo)
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration ( )
private
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration ( )
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSets ( )
private

Loads official hash sets into officialHashSets and also populates officialHashSetPaths and officialHashSetNames variables.

Definition at line 572 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSetsFromFolder().

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().

List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSetsFromFolder ( String  folder) throws HashDbManagerException
private

Loads official hash sets from the given folder.

Parameters
folderThe folder from which to load official hash sets.
Returns
The List of found hash sets.
Exceptions
HashDbManagerExceptionIf folder does not exist.

Definition at line 668 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getOfficialHashDbFromFile().

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSets().

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange ( PropertyChangeEvent  event)
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase ( HashDb  hashDb) throws HashDbManagerException

Removes a hash database from the set of hash databases used to classify files as known or notable and saves the configuration.

Parameters
hashDb
Exceptions
HashDbManagerException

Definition at line 378 of file HashDbManager.java.

References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave().

synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave ( HashDb  hashDb) throws HashDbManagerException
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener ( PropertyChangeListener  listener)

Definition at line 130 of file HashDbManager.java.

String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile ( )
private
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository ( ) throws TskCoreException
private

Member Data Documentation

boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.allDatabasesLoadedCorrectly = false
private

Definition at line 88 of file HashDbManager.java.

final String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.DB_NAME_PARAM = "dbName"
staticprivate

Definition at line 93 of file HashDbManager.java.

final FilenameFilter org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.DEFAULT_KDB_FILTER
staticprivate
Initial value:
= new FilenameFilter() {
@Override
public boolean accept(File dir, String name) {
return name.endsWith("." + KDB_EXT);
}
}

Definition at line 97 of file HashDbManager.java.

final String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HASH_DATABASE_FILE_EXTENSON = "kdb"
staticprivate

Definition at line 76 of file HashDbManager.java.

Set<String> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSetNames = new HashSet<>()
private

Definition at line 79 of file HashDbManager.java.

Set<String> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSetPaths = new HashSet<>()
private

Definition at line 80 of file HashDbManager.java.

List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSets = new ArrayList<>()
private

Definition at line 78 of file HashDbManager.java.

HashDbManager org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance = null
staticprivate
final String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.KDB_EXT = "kdb"
staticprivate

Definition at line 91 of file HashDbManager.java.

final String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.KNOWN_STATUS_PARAM = "knownStatus"
staticprivate

Definition at line 94 of file HashDbManager.java.

final Logger org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.logger = Logger.getLogger(HashDbManager.class.getName())
staticprivate

Definition at line 87 of file HashDbManager.java.

final Pattern org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.OFFICIAL_FILENAME = Pattern.compile("(?<" + DB_NAME_PARAM + ">.+?)\\.(?<" + KNOWN_STATUS_PARAM + ">.+?)\\." + KDB_EXT)
staticprivate

Definition at line 95 of file HashDbManager.java.

final String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.OFFICIAL_HASH_SETS_FOLDER = "OfficialHashSets"
staticprivate

Definition at line 90 of file HashDbManager.java.

Set<String> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.officialHashSetNames = new HashSet<>()
private

Definition at line 83 of file HashDbManager.java.

Set<String> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.officialHashSetPaths = new HashSet<>()
private

Definition at line 84 of file HashDbManager.java.

List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.officialHashSets = new ArrayList<>()
private

Definition at line 82 of file HashDbManager.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.