org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes Class Reference

Classes
class	AttributeType
class	DataSourceAttribute
class	DomainCategoryAttribute
class	DomainFrequencyCallback
class	FileSizeAttribute
class	FileTagAttribute
class	FileTypeAttribute
class	FirstActivityDateAttribute
class	FrequencyAttribute
class	FrequencyCallback
enum	GroupingAttributeType
class	HashHitsAttribute
class	InterestingItemAttribute
class	KeywordListAttribute
class	LastActivityDateAttribute
class	NoGroupingAttribute
class	ObjectDetectedAttribute
class	PageViewsAttribute
class	ParentPathAttribute
class	PreviouslyNotableAttribute

Private Member Functions
	DiscoveryAttributes ()

Static Private Member Functions
static void	computeFrequency (Set< String > hashesToLookUp, List< ResultFile > currentFiles, CentralRepository centralRepoDb)
static String	createCSV (Set< String > values)
static String	createSetNameClause (List< Result > results, int artifactTypeID, int setNameAttrID) throws DiscoveryException
static Map< String, List< ResultDomain > >	organizeByValue (List< ResultDomain > domainsBatch, CorrelationAttributeInstance.Type attributeType)
static void	queryDomainFrequency (List< ResultDomain > domainsToQuery, CentralRepository centralRepository) throws DiscoveryException

Static Private Attributes
static final Logger	logger = Logger.getLogger(DiscoveryAttributes.class.getName())

Detailed Description

Class which contains the search attributes which can be specified for Discovery.

Definition at line 55 of file DiscoveryAttributes.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.DiscoveryAttributes ( )

private

Private constructor for DiscoveryAttributes class.

Definition at line 1077 of file DiscoveryAttributes.java.

Member Function Documentation

static void org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.computeFrequency ( Set< String >  hashesToLookUp, List< ResultFile >  currentFiles, CentralRepository  centralRepoDb  )

staticprivate

Computes the CR frequency of all the given hashes and updates the list of files.

Parameters

hashesToLookUp	Hashes to find the frequency of.
currentFiles	List of files to update with frequencies.
centralRepoDb	The central repository being used.

Definition at line 1007 of file DiscoveryAttributes.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoDbUtil.correlationTypeToInstanceTableName(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCorrelationTypeById(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.processSelectClause().

static String org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.createCSV ( Set< String >  values )

staticprivate

Helper function to create a string of comma separated values. Each value is wrapped in '. This method is used to bundle up a collection of values for use in a SQL WHERE IN (...) clause.

Definition at line 305 of file DiscoveryAttributes.java.

Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency().

static String org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.createSetNameClause ( List< Result >  results, int  artifactTypeID, int  setNameAttrID  ) throws DiscoveryException

staticprivate

Private helper method to create a set name clause to be used in queries.

Parameters

results	The list of results to create the set name clause for.
artifactTypeID	The Blackboard Artifact type ID for the artifact type.
setNameAttrID	The set name attribute id.

Returns

The String to use as a set name clause in queries.

Exceptions

DiscoveryException

Definition at line 1047 of file DiscoveryAttributes.java.

References org.sleuthkit.autopsy.discovery.search.SearchData.Type.DOMAIN, org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance(), and org.sleuthkit.autopsy.discovery.search.Result.getType().

static Map<String, List<ResultDomain> > org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.organizeByValue ( List< ResultDomain >  domainsBatch, CorrelationAttributeInstance.Type  attributeType  )

staticprivate

Organizes the domain instances by normalized domain value. This helps reduce the complexity of updating ResultDomain instances after the query has been executed.

Example: query for notable status of google.com. Result: notable With this map, all domain instances that represent google.com can be updated after one simple lookup.

Definition at line 284 of file DiscoveryAttributes.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency().

static void org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency ( List< ResultDomain >  domainsToQuery, CentralRepository  centralRepository  ) throws DiscoveryException

staticprivate

Query to get the frequency of a domain.

Parameters

domainsToQuery	List of domains to check the frequency of.
centralRepository	The central repository to query.

Exceptions

DiscoveryException

Definition at line 496 of file DiscoveryAttributes.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoDbUtil.correlationTypeToInstanceTableName(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.createCSV(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.DOMAIN_TYPE_ID, and org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.organizeByValue().

Member Data Documentation

final Logger org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.logger = Logger.getLogger(DiscoveryAttributes.class.getName())

staticprivate

Definition at line 57 of file DiscoveryAttributes.java.

---

The documentation for this class was generated from the following file:

• /home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/discovery/search/DiscoveryAttributes.java