Autopsy  4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Private Member Functions | Static Private Member Functions | Static Private Attributes | List of all members
org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes Class Reference

Classes

class  AttributeType
 
class  DataSourceAttribute
 
class  DomainCategoryAttribute
 
class  DomainFrequencyCallback
 
class  FileSizeAttribute
 
class  FileTagAttribute
 
class  FileTypeAttribute
 
class  FirstActivityDateAttribute
 
class  FrequencyAttribute
 
class  FrequencyCallback
 
enum  GroupingAttributeType
 
class  HashHitsAttribute
 
class  InterestingItemAttribute
 
class  KeywordListAttribute
 
class  LastActivityDateAttribute
 
class  NoGroupingAttribute
 
class  ObjectDetectedAttribute
 
class  PageViewsAttribute
 
class  ParentPathAttribute
 
class  PreviouslyNotableAttribute
 

Private Member Functions

 DiscoveryAttributes ()
 

Static Private Member Functions

static void computeFrequency (Set< String > hashesToLookUp, List< ResultFile > currentFiles, CentralRepository centralRepoDb)
 
static String createCSV (Set< String > values)
 
static String createSetNameClause (List< Result > results, int artifactTypeID, int setNameAttrID) throws DiscoveryException
 
static Map< String, List< ResultDomain > > organizeByValue (List< ResultDomain > domainsBatch, CorrelationAttributeInstance.Type attributeType)
 
static void queryDomainFrequency (List< ResultDomain > domainsToQuery, CentralRepository centralRepository) throws DiscoveryException
 

Static Private Attributes

static final Logger logger = Logger.getLogger(DiscoveryAttributes.class.getName())
 

Detailed Description

Class which contains the search attributes which can be specified for Discovery.

Definition at line 55 of file DiscoveryAttributes.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.DiscoveryAttributes ( )
private

Private constructor for DiscoveryAttributes class.

Definition at line 1075 of file DiscoveryAttributes.java.

Member Function Documentation

static void org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.computeFrequency ( Set< String >  hashesToLookUp,
List< ResultFile currentFiles,
CentralRepository  centralRepoDb 
)
staticprivate

Computes the CR frequency of all the given hashes and updates the list of files.

Parameters
hashesToLookUpHashes to find the frequency of.
currentFilesList of files to update with frequencies.
centralRepoDbThe central repository being used.

Definition at line 1005 of file DiscoveryAttributes.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoDbUtil.correlationTypeToInstanceTableName(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCorrelationTypeById(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.processSelectClause().

static String org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.createCSV ( Set< String >  values)
staticprivate

Helper function to create a string of comma separated values. Each value is wrapped in '. This method is used to bundle up a collection of values for use in a SQL WHERE IN (...) clause.

Definition at line 303 of file DiscoveryAttributes.java.

Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency().

static String org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.createSetNameClause ( List< Result results,
int  artifactTypeID,
int  setNameAttrID 
) throws DiscoveryException
staticprivate

Private helper method to create a set name clause to be used in queries.

Parameters
resultsThe list of results to create the set name clause for.
artifactTypeIDThe Blackboard Artifact type ID for the artifact type.
setNameAttrIDThe set name attribute id.
Returns
The String to use as a set name clause in queries.
Exceptions
DiscoveryException

Definition at line 1045 of file DiscoveryAttributes.java.

References org.sleuthkit.autopsy.discovery.search.SearchData.Type.DOMAIN, org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance(), and org.sleuthkit.autopsy.discovery.search.Result.getType().

static Map<String, List<ResultDomain> > org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.organizeByValue ( List< ResultDomain domainsBatch,
CorrelationAttributeInstance.Type  attributeType 
)
staticprivate

Organizes the domain instances by normalized domain value. This helps reduce the complexity of updating ResultDomain instances after the query has been executed.

Example: query for notable status of google.com. Result: notable With this map, all domain instances that represent google.com can be updated after one simple lookup.

Definition at line 282 of file DiscoveryAttributes.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency().

static void org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency ( List< ResultDomain domainsToQuery,
CentralRepository  centralRepository 
) throws DiscoveryException
staticprivate

Member Data Documentation

final Logger org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.logger = Logger.getLogger(DiscoveryAttributes.class.getName())
staticprivate

Definition at line 57 of file DiscoveryAttributes.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.