Autopsy  4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | List of all members
org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory Class Reference

Inherits org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter.

Public Member Functions

default DataArtifactIngestModule createDataArtifactIngestModule (IngestModuleIngestJobSettings settings)
 
DataSourceIngestModule createDataSourceIngestModule (IngestModuleIngestJobSettings ingestOptions)
 
FileIngestModule createFileIngestModule (IngestModuleIngestJobSettings settings)
 
IngestModuleIngestJobSettings getDefaultIngestJobSettings ()
 
IngestModuleGlobalSettingsPanel getGlobalSettingsPanel ()
 
IngestModuleIngestJobSettingsPanel getIngestJobSettingsPanel (IngestModuleIngestJobSettings settings)
 
String getModuleDescription ()
 
String getModuleDisplayName ()
 
String getModuleVersionNumber ()
 
boolean hasGlobalSettingsPanel ()
 
boolean hasIngestJobSettingsPanel ()
 
default boolean isDataArtifactIngestModuleFactory ()
 
boolean isDataSourceIngestModuleFactory ()
 
boolean isFileIngestModuleFactory ()
 

Detailed Description

A factory that creates ingest modules that use the Yara rule set definitions to identify files that may be of interest to the user.

Definition at line 39 of file YaraIngestModuleFactory.java.

Member Function Documentation

default DataArtifactIngestModule org.sleuthkit.autopsy.ingest.IngestModuleFactory.createDataArtifactIngestModule ( IngestModuleIngestJobSettings  settings)
inherited

Creates a data artifact ingest module instance.

Autopsy will generally use the factory to several instances of each type of module for each ingest job it performs. Completing an ingest job entails processing a single data source (e.g., a disk image) and all of the files from the data source, including files extracted from archives and any unallocated space (made to look like a series of files). The data source is passed through one or more pipelines of data source ingest modules. The files are passed through one or more pipelines of file ingest modules.

The ingest framework may use multiple threads to complete an ingest job, but it is guaranteed that there will be no more than one module instance per thread. However, if the module instances must share resources, the modules are responsible for synchronizing access to the shared resources and doing reference counting as required to release those resources correctly. Also, more than one ingest job may be in progress at any given time. This must also be taken into consideration when sharing resources between module instances. modules.

Parameters
settingsThe settings for the ingest job.
Returns
A file ingest module instance.

Implemented in org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory.

Definition at line 270 of file IngestModuleFactory.java.

Referenced by org.sleuthkit.autopsy.ingest.IngestModuleTemplate.createDataArtifactIngestModule().

DataSourceIngestModule org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter.createDataSourceIngestModule ( IngestModuleIngestJobSettings  ingestOptions)
inherited

Creates a data source ingest module instance.

Autopsy will generally use the factory to several instances of each type of module for each ingest job it performs. Completing an ingest job entails processing a single data source (e.g., a disk image) and all of the files from the data source, including files extracted from archives and any unallocated space (made to look like a series of files). The data source is passed through one or more pipelines of data source ingest modules. The files are passed through one or more pipelines of file ingest modules.

The ingest framework may use multiple threads to complete an ingest job, but it is guaranteed that there will be no more than one module instance per thread. However, if the module instances must share resources, the modules are responsible for synchronizing access to the shared resources and doing reference counting as required to release those resources correctly. Also, more than one ingest job may be in progress at any given time. This must also be taken into consideration when sharing resources between module instances. modules.

Parameters
ingestOptionsThe settings for the ingest job.
Returns
A data source ingest module instance.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 71 of file IngestModuleFactoryAdapter.java.

FileIngestModule org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.createFileIngestModule ( IngestModuleIngestJobSettings  ingestOptions)

Creates a file ingest module instance.

Autopsy will generally use the factory to several instances of each type of module for each ingest job it performs. Completing an ingest job entails processing a single data source (e.g., a disk image) and all of the files from the data source, including files extracted from archives and any unallocated space (made to look like a series of files). The data source is passed through one or more pipelines of data source ingest modules. The files are passed through one or more pipelines of file ingest modules.

The ingest framework may use multiple threads to complete an ingest job, but it is guaranteed that there will be no more than one module instance per thread. However, if the module instances must share resources, the modules are responsible for synchronizing access to the shared resources and doing reference counting as required to release those resources correctly. Also, more than one ingest job may be in progress at any given time. This must also be taken into consideration when sharing resources between module instances. modules.

Parameters
settingsThe settings for the ingest job.
Returns
A file ingest module instance.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 82 of file YaraIngestModuleFactory.java.

IngestModuleIngestJobSettings org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.getDefaultIngestJobSettings ( )

Gets the default per ingest job settings for instances of the family of ingest modules the factory creates. For example, the Autopsy core hash lookup ingest modules family uses hash databases imported or created using its global settings panel. All of the hash databases are enabled by default for an ingest job.

Returns
The default ingest job settings.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 72 of file YaraIngestModuleFactory.java.

IngestModuleGlobalSettingsPanel org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.getGlobalSettingsPanel ( )

Gets a user interface panel that allows a user to change settings that are used by all instances of the family of ingest modules the factory creates. For example, the Autopsy core hash lookup ingest module factory provides a global settings panel to import and create hash databases. The imported hash databases are then enabled or disabled per ingest job using ingest an ingest job settings panel.

Returns
A global settings panel.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 101 of file YaraIngestModuleFactory.java.

References org.sleuthkit.autopsy.modules.yara.ui.YaraGlobalSettingsPanel.load().

IngestModuleIngestJobSettingsPanel org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.getIngestJobSettingsPanel ( IngestModuleIngestJobSettings  settings)

Gets a user interface panel that can be used to set per ingest job settings for instances of the family of ingest modules the factory creates. For example, the core hash lookup ingest module factory provides an ingest job settings panel to enable or disable hash databases per ingest job.

Parameters
settingsPer ingest job settings to initialize the panel.
Returns
An ingest job settings panel.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 67 of file YaraIngestModuleFactory.java.

String org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.getModuleDescription ( )

Gets a brief, user-friendly description of the family of ingest modules the factory creates. Autopsy uses this string to describe the module in user interface components.

Returns
The module family description.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 52 of file YaraIngestModuleFactory.java.

String org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.getModuleDisplayName ( )

Gets the display name that identifies the family of ingest modules the factory creates. Autopsy uses this string to identify the module in user interface components and log messages. The module name must be unique. so a brief but distinctive name is recommended.

Returns
The module family display name.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 47 of file YaraIngestModuleFactory.java.

String org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.getModuleVersionNumber ( )

Gets the version number of the family of ingest modules the factory creates.

Returns
The module family version number.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 57 of file YaraIngestModuleFactory.java.

References org.sleuthkit.autopsy.coreutils.Version.getVersion().

boolean org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.hasGlobalSettingsPanel ( )

Queries the factory to determine if it provides a user interface panel to allow a user to change settings that are used by all instances of the family of ingest modules the factory creates. For example, the Autopsy core hash lookup ingest module factory provides a global settings panel to import and create hash databases. The hash databases are then enabled or disabled per ingest job using an ingest job settings panel.

Returns
True if the factory provides a global settings panel.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 96 of file YaraIngestModuleFactory.java.

boolean org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.hasIngestJobSettingsPanel ( )

Queries the factory to determine if it provides user a interface panel to allow a user to make per ingest job settings for instances of the family of ingest modules the factory creates. For example, the Autopsy core hash lookup ingest module factory provides an ingest job settings panels to enable or disable hash databases per ingest job.

Returns
True if the factory provides ingest job settings panels.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 62 of file YaraIngestModuleFactory.java.

default boolean org.sleuthkit.autopsy.ingest.IngestModuleFactory.isDataArtifactIngestModuleFactory ( )
inherited

Queries the factory to determine if it is capable of creating data artifact ingest modules.

Returns
True or false.

Implemented in org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory.

Definition at line 241 of file IngestModuleFactory.java.

Referenced by org.sleuthkit.autopsy.ingest.IngestModuleTemplate.isDataArtifactIngestModuleTemplate().

boolean org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter.isDataSourceIngestModuleFactory ( )
inherited

Queries the factory to determine if it is capable of creating data source ingest modules.

Returns
True if the factory can create data source ingest modules.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 66 of file IngestModuleFactoryAdapter.java.

boolean org.sleuthkit.autopsy.modules.yara.YaraIngestModuleFactory.isFileIngestModuleFactory ( )

Queries the factory to determine if it is capable of creating file ingest modules.

Returns
True if the factory can create file ingest modules.

Implements org.sleuthkit.autopsy.ingest.IngestModuleFactory.

Definition at line 77 of file YaraIngestModuleFactory.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.