Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor Class Reference

Public Member Functions

 ILeappFileProcessor () throws IOException, IngestModuleException
ProcessResult processFiles (Content dataSource, Path moduleOutputPath, AbstractFile iLeappFile)

Private Member Functions

void checkAttributeType (Collection< BlackboardAttribute > bbattributes, String attrType, String[] columnValues, Integer columnNumber, BlackboardAttribute.Type attributeType, String fileName)
void configExtractor () throws IOException
BlackboardArtifact createArtifactWithAttributes (int type, AbstractFile abstractFile, Collection< BlackboardAttribute > bbattributes)
Map< Integer, String > findColumnsToProcess (String line, List< List< String >> attrList)
List< String > findTsvFiles (Path iLeappOutputDir) throws IngestModuleException
void getArtifactNode (Document xmlinput)
void getAttributeNodes (Document xmlinput)
void getFileNode (Document xmlinput)
void loadConfigFile () throws IngestModuleException
void processFile (File iLeappFile, List< List< String >> attrList, String fileName, BlackboardArtifact.Type artifactType, List< BlackboardArtifact > bbartifacts, AbstractFile iLeappImageFile) throws FileNotFoundException, IOException, IngestModuleException
void processiLeappFiles (List< String > iLeappFilesToProcess, AbstractFile iLeappImageFile) throws FileNotFoundException, IOException, IngestModuleException
Collection< BlackboardAttribute > processReadLine (String line, Map< Integer, String > columnNumberToProcess, String fileName) throws IngestModuleException

Private Attributes

final Map< String, String > tsvFileArtifactComments
final Map< String, String > tsvFileArtifacts
final Map< String, List< List< String > > > tsvFileAttributes
final Map< String, String > tsvFiles

Static Private Attributes

static final Logger logger = Logger.getLogger(ILeappFileProcessor.class.getName())
static final String MODULE_NAME = ILeappAnalyzerModuleFactory.getModuleName()
static final String XMLFILE = "ileap-artifact-attribute-reference.xml"

Detailed Description

Find and process output from iLeapp program and bring into Autopsy

Definition at line 67 of file

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.ILeappFileProcessor ( ) throws IOException, IngestModuleException

Member Function Documentation

void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.checkAttributeType ( Collection< BlackboardAttribute >  bbattributes,
String  attrType,
String[]  columnValues,
Integer  columnNumber,
BlackboardAttribute.Type  attributeType,
String  fileName 
void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.configExtractor ( ) throws IOException
BlackboardArtifact org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.createArtifactWithAttributes ( int  type,
AbstractFile  abstractFile,
Collection< BlackboardAttribute >  bbattributes 

Generic method for creating a blackboard artifact with attributes

typeis a blackboard.artifact_type enum to determine which type the artifact should be
contentis the Content object that needs to have the artifact added for it
bbattributesis the collection of blackboard attributes that need to be added to the artifact after the artifact has been created
The newly-created artifact, or null on error

Definition at line 410 of file

Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().

Map<Integer, String> org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.findColumnsToProcess ( String  line,
List< List< String >>  attrList 

Process the first line of the tsv file which has the headings. Match the headings to the columns in the XML mapping file so we know which columns to process.

linea tsv heading line of the columns in the file
attrListthe list of headings we want to process
the numbered column(s) and attribute(s) we want to use for the column(s)

Definition at line 284 of file

Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().

List<String> org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.findTsvFiles ( Path  iLeappOutputDir) throws IngestModuleException

Find the tsv files in the iLeapp output directory and match them to files we know we want to process and return the list to process those files.

Definition at line 117 of file

Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFiles().

void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.getArtifactNode ( Document  xmlinput)
void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.getAttributeNodes ( Document  xmlinput)
void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.getFileNode ( Document  xmlinput)
void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.loadConfigFile ( ) throws IngestModuleException
void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile ( File  iLeappFile,
List< List< String >>  attrList,
String  fileName,
BlackboardArtifact.Type  artifactType,
List< BlackboardArtifact >  bbartifacts,
AbstractFile  iLeappImageFile 
) throws FileNotFoundException, IOException, IngestModuleException
ProcessResult org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFiles ( Content  dataSource,
Path  moduleOutputPath,
AbstractFile  iLeappFile 
void org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processiLeappFiles ( List< String >  iLeappFilesToProcess,
AbstractFile  iLeappImageFile 
) throws FileNotFoundException, IOException, IngestModuleException

Process the iLeapp files that were found that match the xml mapping file

iLeappFilesToProcessList of files to process
iLeappImageFileAbstract file to create artifact for
statusHelperprogress bar update

Definition at line 150 of file

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().

Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFiles().

Collection<BlackboardAttribute> org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processReadLine ( String  line,
Map< Integer, String >  columnNumberToProcess,
String  fileName 
) throws IngestModuleException

Process the line read and create the necessary attributes for it

linea tsv line to process that was read
columnNumberToProcessWhich columns to process in the tsv line
fileNamename of file begin processed

Definition at line 209 of file

References org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.checkAttributeType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.processFile().

Member Data Documentation

final Logger org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.logger = Logger.getLogger(ILeappFileProcessor.class.getName())

Definition at line 69 of file

final String org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.MODULE_NAME = ILeappAnalyzerModuleFactory.getModuleName()

Definition at line 70 of file

final Map<String, String> org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.tsvFileArtifactComments

Definition at line 76 of file

final Map<String, String> org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.tsvFileArtifacts

Definition at line 75 of file

final Map<String, List<List<String> > > org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.tsvFileAttributes

Definition at line 77 of file

final Map<String, String> org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.tsvFiles

Definition at line 74 of file

final String org.sleuthkit.autopsy.modules.ileappanalyzer.ILeappFileProcessor.XMLFILE = "ileap-artifact-attribute-reference.xml"

The documentation for this class was generated from the following file:

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.