|
Autopsy
4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | TsvColumn |
Public Member Functions | |
| LeappFileProcessor (String xmlFile) throws IOException, IngestModuleException, NoCurrentCaseException | |
| ProcessResult | processFiles (Content dataSource, Path moduleOutputPath, AbstractFile LeappFile) |
| ProcessResult | processFileSystem (Content dataSource, Path moduleOutputPath) |
Private Member Functions | |
| void | checkAttributeType (Collection< BlackboardAttribute > bbattributes, String attrType, String[] columnValues, int columnNumber, BlackboardAttribute.Type attributeType, String fileName) |
| void | configExtractor () throws IOException |
| BlackboardArtifact | createArtifactWithAttributes (int type, AbstractFile abstractFile, Collection< BlackboardAttribute > bbattributes) |
| BlackboardArtifact | createArtifactWithAttributes (int type, Content dataSource, Collection< BlackboardAttribute > bbattributes) |
| Map< Integer, String > | findColumnsToProcess (String fileName, String line, List< TsvColumn > attrList) |
| List< String > | findTsvFiles (Path LeappOutputDir) throws IngestModuleException |
| void | getArtifactNode (Document xmlinput) |
| void | getAttributeNodes (Document xmlinput) |
| void | getFileNode (Document xmlinput) |
| String | getXmlAttrIdentifier (String fileName, String attributeName) |
| String | getXmlFileIdentifier (String fileName) |
| void | loadConfigFile () throws IngestModuleException |
| void | processFile (File LeappFile, List< TsvColumn > attrList, String fileName, BlackboardArtifact.Type artifactType, List< BlackboardArtifact > bbartifacts, Content dataSource) throws FileNotFoundException, IOException, IngestModuleException, TskCoreException |
| void | processLeappFiles (List< String > LeappFilesToProcess, AbstractFile LeappImageFile) throws FileNotFoundException, IOException, IngestModuleException |
| void | processLeappFiles (List< String > LeappFilesToProcess, Content dataSource) throws IngestModuleException |
| Collection< BlackboardAttribute > | processReadLine (String line, Map< Integer, String > columnNumberToProcess, String fileName) throws IngestModuleException |
Private Attributes | |
| final Map< String, String > | tsvFileArtifactComments |
| final Map< String, String > | tsvFileArtifacts |
| final Map< String, List< TsvColumn > > | tsvFileAttributes |
| final Map< String, String > | tsvFiles |
| final String | xmlFile |
Static Private Attributes | |
| static final Logger | logger = Logger.getLogger(LeappFileProcessor.class.getName()) |
| static final String | MODULE_NAME = ILeappAnalyzerModuleFactory.getModuleName() |
Find and process output from Leapp program and bring into Autopsy
Definition at line 72 of file LeappFileProcessor.java.
| org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor | ( | String | xmlFile | ) | throws IOException, IngestModuleException, NoCurrentCaseException |
Definition at line 132 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.configExtractor(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.xmlFile.
|
private |
Definition at line 378 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
|
private |
Extract the Leapp config xml file to the user directory to process
Definition at line 696 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.extractResourceToUserConfigDir().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Generic method for creating a blackboard artifact with attributes
| type | is a blackboard.artifact_type enum to determine which type the artifact should be |
| abstractFile | is the AbstractFile object that needs to have the artifact added for it |
| bbattributes | is the collection of blackboard attributes that need to be added to the artifact after the artifact has been created |
Definition at line 639 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Generic method for creating a blackboard artifact with attributes
| type | is a blackboard.artifact_type enum to determine which type the artifact should be |
| dataSource | is the Content object that needs to have the artifact added for it |
| bbattributes | is the collection of blackboard attributes that need to be added to the artifact after the artifact has been created |
Definition at line 662 of file LeappFileProcessor.java.
|
private |
Process the first line of the tsv file which has the headings. Match the headings to the columns in the XML mapping file so we know which columns to process.
| fileName | The name of the file in which these column headers exist. |
| line | a tsv heading line of the columns in the file |
| attrList | the list of headings we want to process |
Definition at line 451 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Find the tsv files in the Leapp output directory and match them to files we know we want to process and return the list to process those files.
Definition at line 184 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().
|
private |
Definition at line 530 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlFileIdentifier().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Definition at line 572 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlAttrIdentifier().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Definition at line 518 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Definition at line 566 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlFileIdentifier().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttributeNodes().
|
private |
Definition at line 560 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlAttrIdentifier().
|
private |
Read the XML config file and load the mappings into maps
Definition at line 495 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttributeNodes(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getFileNode(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserConfigDirectory(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.xmlFile.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Definition at line 285 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createArtifactWithAttributes(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findColumnsToProcess(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
| ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles | ( | Content | dataSource, |
| Path | moduleOutputPath, | ||
| AbstractFile | LeappFile | ||
| ) |
Definition at line 155 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findTsvFiles(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.processALeappFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFile().
| ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem | ( | Content | dataSource, |
| Path | moduleOutputPath | ||
| ) |
Definition at line 167 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findTsvFiles(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.processALeappFs(), and org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFs().
|
private |
Process the Leapp files that were found that match the xml mapping file
| LeappFilesToProcess | List of files to process |
| LeappImageFile | Abstract file to create artifact for |
| FileNotFoundException | |
| IOException |
Definition at line 216 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().
|
private |
Process the Leapp files that were found that match the xml mapping file
| LeappFilesToProcess | List of files to process |
| dataSource | The data source. |
| FileNotFoundException | |
| IOException |
Definition at line 251 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Process the line read and create the necessary attributes for it
| line | a tsv line to process that was read |
| columnNumberToProcess | Which columns to process in the tsv line |
| fileName | name of file begin processed |
Definition at line 329 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.checkAttributeType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
staticprivate |
Definition at line 120 of file LeappFileProcessor.java.
|
staticprivate |
Definition at line 121 of file LeappFileProcessor.java.
|
private |
Definition at line 127 of file LeappFileProcessor.java.
|
private |
Definition at line 126 of file LeappFileProcessor.java.
|
private |
Definition at line 128 of file LeappFileProcessor.java.
|
private |
Definition at line 125 of file LeappFileProcessor.java.
|
private |
Definition at line 123 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
Copyright © 2012-2021 Basis Technology. Generated on: Tue Jan 19 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.