Autopsy
4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits JPanel, and org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Classes | |
interface | DateTimePanel |
class | SortByDateTime |
Public Member Functions | |
ContextViewer () | |
DataContentViewer | createInstance () |
Component | getComponent () |
default String | getTitle (Node node) |
String | getTitle () |
String | getToolTip () |
int | isPreferred (Node node) |
boolean | isSupported (Node node) |
void | resetComponent () |
void | setNode (Node selectedNode) |
Private Member Functions | |
void | addArtifactToPanels (BlackboardArtifact associatedArtifact) throws TskCoreException |
void | addAssociatedArtifactToPanel (BlackboardArtifact artifact) throws TskCoreException |
void | appendAttributeString (StringBuilder sb, BlackboardAttribute.ATTRIBUTE_TYPE attribType, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute > attributesMap, String prependStr) |
Long | getArtifactDateTime (BlackboardArtifact artifact) throws TskCoreException |
Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute > | getAttributesMap (BlackboardArtifact artifact) throws TskCoreException |
void | initComponents () |
String | msgArtifactToAbbreviatedString (BlackboardArtifact artifact) throws TskCoreException |
void | populatePanels (AbstractFile sourceFile) throws NoCurrentCaseException, TskCoreException |
String | programExecArtifactToString (BlackboardArtifact artifact) throws TskCoreException |
String | recentDocArtifactToString (BlackboardArtifact artifact) throws TskCoreException |
String | webDownloadArtifactToString (BlackboardArtifact artifact) throws TskCoreException |
Private Attributes | |
final List< ContextSourcePanel > | contextSourcePanels = new ArrayList<>() |
final List< ContextUsagePanel > | contextUsagePanels = new ArrayList<>() |
javax.swing.JScrollPane | jScrollPane |
javax.swing.JPanel | jSourcePanel |
javax.swing.JPanel | jUnknownPanel |
javax.swing.JPanel | jUsagePanel |
Static Private Attributes | |
static final int | ARTIFACT_STR_MAX_LEN = 1024 |
static final int | ATTRIBUTE_STR_MAX_LEN = 200 |
static final List< BlackboardArtifact.ARTIFACT_TYPE > | CONTEXT_ARTIFACTS = new ArrayList<>() |
static final Insets | DATA_ROW_INSETS = new Insets(0, ContentViewerDefaults.getSectionIndent(), ContentViewerDefaults.getLineSpacing(), 0) |
static final Insets | FIRST_HEADER_INSETS = new Insets(0, 0, 0, 0) |
static final Insets | HEADER_INSETS = new Insets(ContentViewerDefaults.getSectionSpacing(), 0, ContentViewerDefaults.getLineSpacing(), 0) |
static final Logger | logger = Logger.getLogger(ContextViewer.class.getName()) |
static final long | serialVersionUID = 1L |
Displays additional context for the selected file, such as its source, and usage, if known.
Definition at line 55 of file ContextViewer.java.
org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.ContextViewer | ( | ) |
Creates new form ContextViewer
Definition at line 78 of file ContextViewer.java.
|
private |
Adds th passed in artifact to the appropriate source or usage panel
associatedArtifact | - associated artifact |
TskCoreException |
Definition at line 309 of file ContextViewer.java.
|
private |
Resolves an TSK_ASSOCIATED_OBJECT artifact and adds it to the appropriate panel
artifact | Artifact that may provide context. |
NoCurrentCaseException | |
TskCoreException |
Definition at line 283 of file ContextViewer.java.
|
private |
Looks up specified attribute in the given map and, if found, appends its value to the given string builder.
sb | String builder to append to. |
attribType | Attribute type to look for. |
attributesMap | Attributes map. |
prependStr | Optional string that is prepended before the attribute value. |
Definition at line 480 of file ContextViewer.java.
DataContentViewer org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.createInstance | ( | ) |
Create and return a new instance of your viewer. The reason that this is needed is because the specific viewer modules will be found via NetBeans Lookup and the type will only be DataContentViewer. This method is used to get an instance of your specific type.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 169 of file ContextViewer.java.
|
private |
Return the dateTime value for the given message artifact.
artifact |
TskCoreException |
Definition at line 535 of file ContextViewer.java.
|
private |
Gets all attributes for the given artifact, and returns a map of attributes keyed by attribute type.
artifact | Artifact for which to get the attributes. |
TskCoreException |
Definition at line 505 of file ContextViewer.java.
Component org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.getComponent | ( | ) |
Return the Swing Component to display. Implementations of this method that extend JPanel and do a 'return this;'. Otherwise return an internal instance of the JPanel.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 174 of file ContextViewer.java.
|
inherited |
Returns the title of this viewer to display in the tab.
node | The node to be viewed in the DataContentViewer. |
Implemented in org.sleuthkit.autopsy.contentviewers.Metadata.
Definition at line 61 of file DataContentViewer.java.
References org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.getTitle().
String org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.getTitle | ( | ) |
Returns the title of this viewer to display in the tab.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 159 of file ContextViewer.java.
String org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.getToolTip | ( | ) |
Returns a short description of this viewer to use as a tool tip for its tab.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 164 of file ContextViewer.java.
|
private |
This method is called from within the constructor to initialize the form. WARNING: Do NOT modify this code. The content of this method is always regenerated by the Form Editor.
Definition at line 91 of file ContextViewer.java.
References org.sleuthkit.autopsy.contentviewers.layout.ContentViewerDefaults.getHeaderFont().
int org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.isPreferred | ( | Node | node | ) |
Checks whether the given viewer is preferred for the Node. This is a bit subjective, but the idea is that Autopsy wants to display the most relevant tab. The more generic the viewer, the lower the return value should be. This will only be called on viewers that support the given node (i.e., isSupported() has already returned true).
The following are some examples of the current levels in use. If the selected node is an artifact, the level may be determined by both the artifact and its associated file.
Level 7 - Based on the artifact, if any, in the selected node and specific to an artifact type or types. Current content viewers that can return level 7 are the Messages tab (only supported for email and SMS) and the Text tab when the selected node is a Keyword Search hit.
Level 6 - Based on the artifact, if any, in the selected node but not restricted to particular types. The current content viewer that can return level 6 is the Results tab. It returns this level for most artifact types, unless the associated file is assumed to be of greater interest (for example, a Hash Set Hit will not be level 6 because the file itself is of greater interest).
Level 5 - Based on the file in the selected node and very specific to the file type. The current content viewer that will return level 5 is the Application tab, which supports media files (such as images) and certain types of databases.
Level 4 - Based on the file in the selected node but fairly general. Currently this is the level returned by the Text tab if Keyword Search has been run (unless the node is a Keyword Search hit or a Credit Card account). This is the default tab for most files.
Level 3 - Based on the artifact, if any, in the selected node where the artifact is thought to be of less interest than the associated file. This level is returned by the Results tab for artifacts like Hash Set Hits.
Level 1 - Very general and should always be available. The Hex, Text, and Metadata tabs are all this level
Level 0 - For cases where the content viewer should never be displayed by default.
node | Node to check for preference |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 208 of file ContextViewer.java.
boolean org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.isSupported | ( | Node | node | ) |
Checks whether the given node is supported by the viewer. This will be used to enable or disable the tab for the viewer.
node | Node to check for support |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 185 of file ContextViewer.java.
|
private |
Returns a abbreviated display string for a message artifact.
artifact | artifact to get download source URL from. |
TskCoreException |
Definition at line 451 of file ContextViewer.java.
|
private |
Looks for context providing artifacts for the given file and populates the source context.
sourceFile | File for which to show the context. |
NoCurrentCaseException | |
TskCoreException |
Definition at line 225 of file ContextViewer.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.contentviewers.layout.ContentViewerDefaults.getPanelBackground(), org.sleuthkit.autopsy.contentviewers.layout.ContentViewerDefaults.getPanelInsets(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
|
private |
Returns a display string with Program Execution artifact.
artifact | artifact to get doc from. |
TskCoreException |
Definition at line 420 of file ContextViewer.java.
|
private |
Returns a display string with recent Doc artifact.
artifact | artifact to get doc from. |
TskCoreException |
Definition at line 390 of file ContextViewer.java.
void org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.resetComponent | ( | ) |
Resets the contents of the viewer / component.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 179 of file ContextViewer.java.
void org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.setNode | ( | Node | selectedNode | ) |
Autopsy will call this when this panel is focused with the file that should be analyzed. When called with null, must clear all references to previous nodes.
selectedNode | the node which is used to determine what is displayed in this viewer |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 139 of file ContextViewer.java.
|
private |
Returns a display string with download source URL from the given artifact.
artifact | artifact to get download source URL from. |
TskCoreException |
Definition at line 364 of file ContextViewer.java.
|
staticprivate |
Definition at line 59 of file ContextViewer.java.
|
staticprivate |
Definition at line 60 of file ContextViewer.java.
|
staticprivate |
Definition at line 67 of file ContextViewer.java.
|
private |
Definition at line 68 of file ContextViewer.java.
|
private |
Definition at line 69 of file ContextViewer.java.
|
staticprivate |
Definition at line 64 of file ContextViewer.java.
|
staticprivate |
Definition at line 62 of file ContextViewer.java.
|
staticprivate |
Definition at line 63 of file ContextViewer.java.
|
private |
Definition at line 572 of file ContextViewer.java.
|
private |
Definition at line 573 of file ContextViewer.java.
|
private |
Definition at line 574 of file ContextViewer.java.
|
private |
Definition at line 575 of file ContextViewer.java.
|
staticprivate |
Definition at line 58 of file ContextViewer.java.
|
staticprivate |
Definition at line 57 of file ContextViewer.java.
Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.