Inherits Serializable.

Classes
class	Rule

Public Member Functions
	FilesSet (String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map< String, Rule > rules)

	FilesSet (String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map< String, Rule > rules, boolean standardSet, int versionNumber)

String	fileIsMemberOf (AbstractFile file)

String	getDescription ()

String	getName ()

Map< String, Rule >	getRules ()

boolean	ignoresKnownFiles ()

boolean	ingoresUnallocatedSpace ()

String	toString ()

Private Attributes
final String	description

final boolean	ignoreKnownFiles

final boolean	ignoreUnallocatedSpace

final String	name

final Map< String, Rule >	rules = new HashMap<>()

final boolean	standardSet

final int	versionNumber

Static Private Attributes
static final long	serialVersionUID = 1L

Detailed Description

A collection of set membership rules that define an interesting files set. The rules are independent, i.e., if any rule is satisfied by a file, the file belongs to the set.

Interesting files set definition objects are immutable, so they may be safely published to multiple threads.

Definition at line 40 of file FilesSet.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet	(	String	name,
		String	description,
		boolean	ignoreKnownFiles,
		boolean	ignoreUnallocatedSpace,
		Map< String, Rule >	rules
	)

Constructs an interesting files set.

Parameters

name	The name of the set.
description	A description of the set, may be null.
ignoreKnownFiles	Whether or not to exclude known files from the set.
ignoreUnallocatedSpace	Whether or not to exclude unallocated space from the set.
rules	The rules that define the set. May be null, but a set with no rules is the empty set.

Definition at line 65 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.description, org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles, org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace, org.sleuthkit.autopsy.modules.interestingitems.FilesSet.name, and org.sleuthkit.autopsy.modules.interestingitems.FilesSet.rules.

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet	(	String	name,
		String	description,
		boolean	ignoreKnownFiles,
		boolean	ignoreUnallocatedSpace,
		Map< String, Rule >	rules,
		boolean	standardSet,
		int	versionNumber
	)

Constructs an interesting files set.

Parameters

name	The name of the set.
description	A description of the set, may be null.
ignoreKnownFiles	Whether or not to exclude known files from the set.
ignoreUnallocatedSpace	Whether or not to exclude unallocated space from the set.
standardSet	Whether or not the FilesSet is considered a standard interesting set file.
versionNumber	The versionNumber for the FilesSet so that older versions can be replaced with newer versions.
rules	The rules that define the set. May be null, but a set with no rules is the empty set.

Definition at line 86 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles, org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace, org.sleuthkit.autopsy.modules.interestingitems.FilesSet.name, org.sleuthkit.autopsy.modules.interestingitems.FilesSet.standardSet, and org.sleuthkit.autopsy.modules.interestingitems.FilesSet.versionNumber.

Member Function Documentation

String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.fileIsMemberOf ( AbstractFile file )

Determines whether a file is a member of this interesting files set.

Parameters

file	A file to test for set membership.

Returns: The name of the first set membership rule satisfied by the file, will be null if the file does not belong to the set.

Definition at line 182 of file FilesSet.java.

String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getDescription ( )

Gets the description of this interesting files set.

Returns: A description string, possibly the empty string.

Definition at line 138 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.description.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.replaceFilesSet(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.SetsListSelectionListener.valueChanged().

String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getName ( )

Gets the name of this interesting files set.

Returns: A name string.

Definition at line 129 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.name.

Map<String, Rule> org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getRules ( )

Gets a copy of the set membership rules of this interesting files set.

Returns: A map of set membership rule names to rules, possibly empty.

Definition at line 170 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.rules.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.deleteRuleButtonActionPerformed(), org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.doFileSetsDialog(), org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.doFilesSetRuleDialog(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.SetsListSelectionListener.valueChanged().

boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoresKnownFiles ( )

Returns whether or not this interesting files set ignores known files, i.e., files marked as known by a look up in a known files hash set such as the National Software Reference Library (NSRL). Note that the interesting files set does not do hash set look ups; it simply queries the known status of the files when testing them for set membership.

Returns: True if known files are ignored, false otherwise.

Definition at line 151 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.replaceFilesSet(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.SetsListSelectionListener.valueChanged().

boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ingoresUnallocatedSpace ( )

Returns whether or not this set of rules will process unallocated space.

Returns: True if unallocated space should be processed, false if it should not be.

Definition at line 161 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace.

Referenced by org.sleuthkit.autopsy.ingest.IngestJobSettings.getProcessUnallocatedSpace(), org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.replaceFilesSet(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.SetsListSelectionListener.valueChanged().

String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.toString ( )

Definition at line 203 of file FilesSet.java.

References org.sleuthkit.autopsy.modules.interestingitems.FilesSet.name.

Member Data Documentation

final String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.description

private

Definition at line 44 of file FilesSet.java.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getDescription().

final boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles

private

Definition at line 45 of file FilesSet.java.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoresKnownFiles().

final boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace

private

Definition at line 46 of file FilesSet.java.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ingoresUnallocatedSpace().

final String org.sleuthkit.autopsy.modules.interestingitems.FilesSet.name

private

Definition at line 43 of file FilesSet.java.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet(), org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getName(), org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.getName(), org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.SIZE_UNIT(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSet.toString().

final Map<String, Rule> org.sleuthkit.autopsy.modules.interestingitems.FilesSet.rules = new HashMap<>()

private

Definition at line 51 of file FilesSet.java.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet(), and org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getRules().

final long org.sleuthkit.autopsy.modules.interestingitems.FilesSet.serialVersionUID = 1L

staticprivate

Definition at line 42 of file FilesSet.java.

final boolean org.sleuthkit.autopsy.modules.interestingitems.FilesSet.standardSet

private

Definition at line 48 of file FilesSet.java.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet().

final int org.sleuthkit.autopsy.modules.interestingitems.FilesSet.versionNumber

private

Definition at line 49 of file FilesSet.java.

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet().

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java

Classes

Public Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation