Autopsy  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.report.modules.stix.STIXReportModule Class Reference

Inherits org.sleuthkit.autopsy.report.GeneralReportModule.

Public Member Functions

default void generateReport (String baseReportDir, ReportProgressPanel progressPanel)
 
void generateReport (GeneralReportSettings settings, ReportProgressPanel progressPanel)
 
ReportModuleSettings getConfiguration ()
 
JPanel getConfigurationPanel ()
 
ReportModuleSettings getDefaultConfiguration ()
 
String getDescription ()
 
String getName ()
 
String getRelativeFilePath ()
 
void setConfiguration (ReportModuleSettings settings)
 
default boolean supportsDataSourceSelection ()
 

Static Public Member Functions

static synchronized STIXReportModule getDefault ()
 

Private Member Functions

 STIXReportModule ()
 
ObservableResult evaluateObject (ObjectType obj, String spacing, String id)
 
ObservableResult evaluateObservableComposition (ObservableCompositionType comp, String spacing) throws TskCoreException
 
ObservableResult evaluateSingleObservable (Observable obs, String spacing) throws TskCoreException
 
void initializePanel ()
 
STIXPackage loadSTIXFile (String stixFileName) throws JAXBException
 
String makeMapKey (Observable obs)
 
void printFileHeader (String a_fileName, BufferedWriter output)
 
void processFile (String stixFile, ReportProgressPanel progressPanel, BufferedWriter output) throws JAXBException, TskCoreException
 
void processIndicators (STIXPackage stix, BufferedWriter output, ReportProgressPanel progressPanel) throws TskCoreException
 
void processObservables (STIXPackage stix)
 
void saveResultsAsArtifacts (Indicator ind, ObservableResult result, ReportProgressPanel progressPanel) throws TskCoreException
 
void saveToObjectMap (Observable obs)
 
void writeResultsToFile (Indicator ind, String resultStr, boolean found, BufferedWriter output)
 

Private Attributes

STIXReportModuleConfigPanel configPanel
 
Map< String, ObjectType > idToObjectMap = new HashMap<>()
 
Map< String, ObservableResult > idToResult = new HashMap<>()
 
List< EvalRegistryObj.RegistryFileInfo > registryFileData = null
 
boolean reportAllResults
 
String reportPath
 
final boolean skipShortCircuit = true
 

Static Private Attributes

static STIXReportModule instance = null
 
static final Logger logger = Logger.getLogger(STIXReportModule.class.getName())
 

Detailed Description

Definition at line 68 of file STIXReportModule.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.STIXReportModule ( )
private

Member Function Documentation

ObservableResult org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObject ( ObjectType  obj,
String  spacing,
String  id 
)
private

Evaluate a STIX object.

Parameters
objThe object to evaluate against the datasource(s)
spacingFor formatting the output
id
Returns

Definition at line 589 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.registryFileData.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable().

ObservableResult org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObservableComposition ( ObservableCompositionType  comp,
String  spacing 
) throws TskCoreException
private

Evaluate an observable composition. Can be called recursively.

Parameters
compThe observable composition object to evaluate
spacingUsed to formatting the output
Returns
The status of the composition
Exceptions
TskCoreException

Definition at line 451 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

ObservableResult org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable ( Observable  obs,
String  spacing 
) throws TskCoreException
private

Evaluate one observable and return the result. This is at the end of the observable composition tree and will not be called recursively.

Parameters
obsThe observable object to evaluate
spacingFor formatting the output
Returns
The status of the observable
Exceptions
TskCoreException

Definition at line 547 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObject(), org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.makeMapKey(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateObservableComposition(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

default void org.sleuthkit.autopsy.report.GeneralReportModule.generateReport ( String  baseReportDir,
ReportProgressPanel  progressPanel 
)
inherited

Called to generate the report. Method is responsible for saving the file at the path specified and updating progress via the progressPanel object.

Parameters
baseReportDirBase directory that reports are being stored in. Report should go into baseReportDir + getRelativeFilePath().
progressPanelpanel to update the report's progress with
Deprecated:
Use generateReport(GeneralReportSettings settings, ReportProgressPanel progressPanel) instead. The baseReportDir is stored in the settings instance.

Implemented in org.sleuthkit.autopsy.report.GeneralReportModuleAdapter.

Definition at line 36 of file GeneralReportModule.java.

Referenced by org.sleuthkit.autopsy.report.GeneralReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.generateReport ( GeneralReportSettings  settings,
ReportProgressPanel  progressPanel 
)
ReportModuleSettings org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getConfiguration ( )

Get current configuration for this report module.

Returns
Object which contains current report module settings.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 673 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel().

JPanel org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getConfigurationPanel ( )

Returns the configuration panel for the report, which is displayed in the report configuration step of the report wizard.

Returns
Configuration panel or null if the module does not need configuration.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 646 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.configPanel, and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel().

static synchronized STIXReportModule org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefault ( )
static
ReportModuleSettings org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefaultConfiguration ( )

Get default configuration for this report module.

Returns
Object which contains default report module settings.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 663 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.setConfiguration().

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDescription ( )

Gets a one-line, user friendly description of the type of report this module generates.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 640 of file STIXReportModule.java.

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getName ( )

Get the name of the report this module generates.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 629 of file STIXReportModule.java.

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getRelativeFilePath ( )

Gets the relative path of the report file, if any, generated by this module. The path should be relative to the location that gets passed in to generateReport() (or similar).

Returns
Relative path to where report will be stored. Return an empty string if the location passed to generateReport() is the output location. Return null to indicate that there is no report file.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 635 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel ( )
private
STIXPackage org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.loadSTIXFile ( String  stixFileName) throws JAXBException
private

Load a STIX-formatted XML file into a STIXPackage object.

Parameters
stixFileNameName of the STIX file to unmarshal
Returns
Unmarshalled file contents
Exceptions
JAXBException

Definition at line 229 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.makeMapKey ( Observable  obs)
private

Use the ID or ID ref to create a key into the observable map.

Parameters
obs
Returns

Definition at line 416 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.printFileHeader ( String  a_fileName,
BufferedWriter  output 
)
private

Write the a header for the current file to the output file.

Parameters
a_fileName
output

Definition at line 391 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile ( String  stixFile,
ReportProgressPanel  progressPanel,
BufferedWriter  output 
) throws JAXBException, TskCoreException
private
void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators ( STIXPackage  stix,
BufferedWriter  output,
ReportProgressPanel  progressPanel 
) throws TskCoreException
private
void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processObservables ( STIXPackage  stix)
private

Do the initial processing of the list of observables. For each observable, save it in a map using the ID as key.

Parameters
stixSTIXPackage

Definition at line 252 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processFile().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveResultsAsArtifacts ( Indicator  ind,
ObservableResult  result,
ReportProgressPanel  progressPanel 
) throws TskCoreException
private

Create the artifacts saved in the observable result.

Parameters
ind
result
progressPanel
Exceptions
TskCoreException

Definition at line 311 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.saveToObjectMap ( Observable  obs)
private
void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.setConfiguration ( ReportModuleSettings  settings)

Set report module configuration.

Parameters
settingsObject which contains report module settings.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 684 of file STIXReportModule.java.

References org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.getDefaultConfiguration(), and org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.initializePanel().

default boolean org.sleuthkit.autopsy.report.GeneralReportModule.supportsDataSourceSelection ( )
inherited

Determines if the module supports report generation on a subset of data sources in a case. Defaults to false. The data source selections are stored in the GeneralReportSettings instance.

Returns
True if the module can be configured to run on a subset of data sources.

Implemented in org.sleuthkit.autopsy.report.modules.kml.KMLReport, org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportModule, and org.sleuthkit.autopsy.keywordsearch.ExtractAllTermsReport.

Definition at line 64 of file GeneralReportModule.java.

void org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.writeResultsToFile ( Indicator  ind,
String  resultStr,
boolean  found,
BufferedWriter  output 
)
private

Write the full results string to the output file.

Parameters
ind- Used to get the title, ID, and description of the indicator
resultStr- Full results for this indicator
found- true if the indicator was found in datasource(s)
output

Definition at line 354 of file STIXReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.processIndicators().

Member Data Documentation

STIXReportModuleConfigPanel org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.configPanel
private
Map<String, ObjectType> org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.idToObjectMap = new HashMap<>()
private

Definition at line 76 of file STIXReportModule.java.

Map<String, ObservableResult> org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.idToResult = new HashMap<>()
private

Definition at line 77 of file STIXReportModule.java.

STIXReportModule org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.instance = null
staticprivate
final Logger org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.logger = Logger.getLogger(STIXReportModule.class.getName())
staticprivate

Definition at line 70 of file STIXReportModule.java.

List<EvalRegistryObj.RegistryFileInfo> org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.registryFileData = null
private
boolean org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.reportAllResults
private
String org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.reportPath
private

Definition at line 73 of file STIXReportModule.java.

final boolean org.sleuthkit.autopsy.report.modules.stix.STIXReportModule.skipShortCircuit = true
private

Definition at line 81 of file STIXReportModule.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.