Autopsy
4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.
Classes | |
class | PastCasesResult |
Public Member Functions | |
PastCasesSummary () | |
PastCasesSummary (SleuthkitCaseProvider provider, java.util.logging.Logger logger) | |
Set< Integer > | getArtifactTypeIdsForRefresh () |
default Set< Case.Events > | getCaseEventUpdates () |
default Set< IngestJobEvent > | getIngestJobEventUpdates () |
PastCasesResult | getPastCasesData (DataSource dataSource) throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
default boolean | isRefreshRequired (ModuleDataEvent evt) |
default boolean | isRefreshRequired (ModuleContentEvent evt) |
default boolean | isRefreshRequired (IngestManager.IngestJobEvent evt) |
default boolean | isRefreshRequired (AbstractFile evt) |
boolean | isRefreshRequired (IngestJobEvent evt) |
default boolean | isRefreshRequiredForCaseEvent (PropertyChangeEvent evt) |
Public Attributes | |
Set< IngestJobEvent > | INGEST_JOB_EVENTS |
Private Member Functions | |
List< Pair< String, Long > > | getCaseCounts (Stream< String > cases) |
BlackboardArtifact | getParentArtifact (BlackboardArtifact artifact) throws SleuthkitCaseProviderException |
boolean | hasDeviceAssociatedArtifact (BlackboardArtifact artifact) throws SleuthkitCaseProviderException |
Static Private Member Functions | |
static List< String > | getCasesFromArtifact (BlackboardArtifact artifact) |
static boolean | isCentralRepoGenerated (List< String > sources) |
Private Attributes | |
final SleuthkitCaseProvider | caseProvider |
final java.util.logging.Logger | logger |
Static Private Attributes | |
static final Set< Integer > | ARTIFACT_UPDATE_TYPE_IDS |
static final String | CASE_SEPARATOR = "," |
static final String | CENTRAL_REPO_INGEST_NAME = CentralRepoIngestModuleFactory.getModuleName().toUpperCase().trim() |
static final Set< Integer > | CR_DEVICE_TYPE_IDS |
static final String | PREFIX_END = ":" |
static final BlackboardAttribute.Type | TYPE_ASSOCIATED_ARTIFACT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT) |
static final BlackboardAttribute.Type | TYPE_COMMENT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_COMMENT) |
Provides information about how a datasource relates to a previous case. NOTE: This code is fragile and has certain expectations about how the central repository handles creating artifacts. So, if the central repository changes ingest process, this code could break. This code expects that the central repository ingest module:
a) Creates a TSK_INTERESTING_FILE_HIT artifact for a file whose hash is in the central repository as a notable file.
b) Creates a TSK_INTERESTING_ARTIFACT_HIT artifact for a matching id in the central repository.
c) The created artifact will have a TSK_COMMENT attribute attached where one of the sources for the attribute matches CentralRepoIngestModuleFactory.getModuleName(). The module display name at time of ingest will match CentralRepoIngestModuleFactory.getModuleName() as well.
d) The content of that TSK_COMMENT attribute will be of the form "Previous Case: case1,case2...caseN"
Definition at line 65 of file PastCasesSummary.java.
org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary | ( | ) |
Main constructor.
Definition at line 126 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT, and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary | ( | SleuthkitCaseProvider | provider, |
java.util.logging.Logger | logger | ||
) |
Main constructor with external dependencies specified. This constructor is designed with unit testing in mind since mocked dependencies can be utilized.
provider | The object providing the current SleuthkitCase. |
logger | The logger to use. |
Definition at line 142 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.logger.
Set<Integer> org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getArtifactTypeIdsForRefresh | ( | ) |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.
Definition at line 151 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.ARTIFACT_UPDATE_TYPE_IDS.
|
private |
Given a stream of case ids, groups the strings in a case-insensitive manner, and then provides a list of cases and the occurrence count sorted from max to min.
cases | A stream of cases. |
Definition at line 227 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
inherited |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Definition at line 57 of file DefaultUpdateGovernor.java.
|
staticprivate |
Gets a list of cases from the TSK_COMMENT of an artifact. The cases string is expected to be of a form of "Previous Case: case1,case2...caseN".
artifact | The artifact. |
Definition at line 183 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.isCentralRepoGenerated(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.TYPE_COMMENT.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
inherited |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.
Definition at line 52 of file DefaultArtifactUpdateGovernor.java.
References org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.INGEST_JOB_EVENTS.
|
private |
Given an artifact with a TYPE_ASSOCIATED_ARTIFACT attribute, retrieves the related artifact.
artifact | The artifact with the TYPE_ASSOCIATED_ARTIFACT attribute. |
SleuthkitCaseProviderException |
Definition at line 254 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get(), org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.logger, and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.TYPE_ASSOCIATED_ARTIFACT.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.hasDeviceAssociatedArtifact().
PastCasesResult org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData | ( | DataSource | dataSource | ) | throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
Returns the past cases data to be shown in the past cases tab.
dataSource | The data source. |
SleuthkitCaseProviderException | |
TskCoreException |
Definition at line 299 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get(), org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCaseCounts(), org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.hasDeviceAssociatedArtifact().
Referenced by org.sleuthkit.autopsy.datasourcesummary.ui.PastCasesPanel.PastCasesPanel().
|
private |
Returns true if the artifact has an associated artifact of a device type.
artifact | The artifact. |
SleuthkitCaseProviderException |
Definition at line 280 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getParentArtifact().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
staticprivate |
Given the provided sources for an attribute, aims to determine if one of those sources is the Central Repository Ingest Module.
sources | The list of sources found on an attribute. |
Definition at line 164 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact().
|
inherited |
Given a module data event, whether or not an update should occur.
evt | The ModuleDataEvent that is occurring. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.
Definition at line 38 of file DefaultArtifactUpdateGovernor.java.
References org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.getArtifactTypeIdsForRefresh(), and org.sleuthkit.autopsy.ingest.ModuleDataEvent.getBlackboardArtifactType().
|
inherited |
Given a module content event, whether or not an update should occur.
evt | The ModuleContentEvent. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.TimelineSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.ContainerSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.
Definition at line 42 of file DefaultUpdateGovernor.java.
|
inherited |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultUpdateGovernor.
Definition at line 47 of file DefaultArtifactUpdateGovernor.java.
|
inherited |
Whether or not a newly added AbstractFile should trigger an update.
evt | The AbstractFile. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.TimelineSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.ContainerSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.
Definition at line 67 of file DefaultUpdateGovernor.java.
|
inherited |
Given an ingest job event, determines whether or not an update should occur.
evt | The event. |
Implemented in org.sleuthkit.autopsy.datasourcesummary.datamodel.TimelineSummary, org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary, and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.
|
inherited |
Given a case event, whether or not an update should occur.
evt | The event. |
Implements org.sleuthkit.autopsy.datasourcesummary.uiutils.UpdateGovernor.
Definition at line 37 of file DefaultUpdateGovernor.java.
|
staticprivate |
Definition at line 101 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getArtifactTypeIdsForRefresh().
|
staticprivate |
Definition at line 117 of file PastCasesSummary.java.
|
private |
Definition at line 120 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 106 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 110 of file PastCasesSummary.java.
|
inherited |
Definition at line 34 of file DefaultArtifactUpdateGovernor.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.uiutils.DefaultArtifactUpdateGovernor.getIngestJobEventUpdates().
|
private |
Definition at line 121 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getParentArtifact(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary().
|
staticprivate |
Definition at line 118 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 108 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getParentArtifact().
|
staticprivate |
Definition at line 107 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact().
Copyright © 2012-2021 Basis Technology. Generated on: Tue Jan 19 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.