Autopsy
4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.report.ReportModule.
Classes | |
class | GetImageTagCallback |
class | GetInterestingItemSetNamesCallback |
class | StoreMaxIdCallback |
Public Member Functions | |
PortableCaseReportModule () | |
void | generateReport (String reportPath, PortableCaseReportModuleSettings options, ReportProgressPanel progressPanel) |
default ReportModuleSettings | getConfiguration () |
default JPanel | getConfigurationPanel () |
default ReportModuleSettings | getDefaultConfiguration () |
String | getDescription () |
String | getName () |
String | getRelativeFilePath () |
default void | setConfiguration (ReportModuleSettings settings) |
Private Member Functions | |
void | addArtifactsToPortableCase (TagName oldTagName, ReportProgressPanel progressPanel) throws TskCoreException |
void | addFilesToPortableCase (TagName oldTagName, ReportProgressPanel progressPanel) throws TskCoreException |
void | addImageTagToPortableCase (ContentTag newContentTag, String appData) throws TskCoreException |
boolean | addUniqueFile (Content content, DataSource dataSource, Path tmpDir, Gson gson, CaseUcoExporter exporter, JsonWriter reportWriter, boolean dataSourceHasBeenIncluded) throws IOException, TskCoreException |
void | cleanup () |
void | closePortableCaseDatabase () |
boolean | compressCase (ReportProgressPanel progressPanel, String folderToCompress) |
void | copyApplication (Path sourceFolder, String destBaseFolder) throws IOException |
BlackboardArtifact | copyArtifact (long newContentId, BlackboardArtifact artifactToCopy) throws TskCoreException |
void | copyAttachments (BlackboardArtifact newArtifact, BlackboardArtifact oldArtifact, AbstractFile newFile) throws TskCoreException |
long | copyContent (Content content) throws TskCoreException |
long | copyContentToPortableCase (Content content, ReportProgressPanel progressPanel) throws TskCoreException |
Host | copyHost (Host oldHost) throws TskCoreException |
OsAccount | copyOsAccount (Long oldOsAccountId) throws TskCoreException |
void | copyPathID (BlackboardArtifact newArtifact, BlackboardArtifact oldArtifact) throws TskCoreException |
void | createAppLaunchBatFile (String destBaseFolder) throws IOException |
void | createCase (File outputDir, ReportProgressPanel progressPanel) |
void | generateCaseUcoReport (List< TagName > tagNames, List< String > setNames, ReportProgressPanel progressPanel) |
List< String > | getAllInterestingItemsSets () throws NoCurrentCaseException, TskCoreException |
Path | getApplicationBasePath () |
String | getAutopsyExeName () |
Path | getAutopsyExePath () |
String | getExportSubfolder (AbstractFile abstractFile) |
String | getImageTagDataForContentTag (ContentTag tag) throws TskCoreException |
Multimap< Long, BlackboardArtifact > | getInterestingArtifactsBySetName (SleuthkitCase skCase, List< String > setNames) throws TskCoreException |
int | getNewArtifactTypeId (BlackboardArtifact oldArtifact) throws TskCoreException |
BlackboardAttribute.Type | getNewAttributeType (BlackboardAttribute oldAttribute) throws TskCoreException |
void | handleCancellation (ReportProgressPanel progressPanel) |
void | handleError (String logWarning, String dialogWarning, Exception ex, ReportProgressPanel progressPanel) |
void | initializeImageTags (ReportProgressPanel progressPanel) throws TskCoreException |
void | saveHighestIds () throws TskCoreException |
Static Private Member Functions | |
static File | locate7ZipExecutable () |
Private Attributes | |
File | caseFolder = null |
String | caseName = "" |
File | copiedFilesFolder = null |
Case | currentCase = null |
final Map< Long, Content > | newIdToContent = new HashMap<>() |
final Map< Long, BlackboardArtifact > | oldArtifactIdToNewArtifact = new HashMap<>() |
final Map< Integer, Integer > | oldArtTypeIdToNewArtTypeId = new HashMap<>() |
final Map< Integer, BlackboardAttribute.Type > | oldAttrTypeIdToNewAttrType = new HashMap<>() |
final Map< Long, Host > | oldHostIdToNewHost = new HashMap<>() |
final Map< Long, Content > | oldIdToNewContent = new HashMap<>() |
final Map< Long, OsAccount > | oldOsAccountIdToNewOsAccount = new HashMap<>() |
final Map< Long, OsAccountRealm > | oldRealmIdToNewRealm = new HashMap<>() |
final Map< TagName, TagName > | oldTagNameToNewTagName = new HashMap<>() |
SleuthkitCase | portableSkCase = null |
PortableCaseReportModuleSettings | settings |
Static Private Attributes | |
static final String | CASE_UCO_FILE_NAME = "portable_CASE_UCO_output" |
static final String | CASE_UCO_TMP_DIR = "case_uco_tmp" |
static final String | FILE_FOLDER_NAME = "PortableCaseFiles" |
static final List< FileTypeCategory > | FILE_TYPE_CATEGORIES |
static final Logger | logger = Logger.getLogger(PortableCaseReportModule.class.getName()) |
static final String | MAX_ID_TABLE_NAME = "portable_case_max_ids" |
static final List< Integer > | SPECIALLY_HANDLED_ATTRS |
static final String | UNKNOWN_FILE_TYPE_FOLDER = "Other" |
Creates a portable case from tagged files
Definition at line 101 of file PortableCaseReportModule.java.
org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.PortableCaseReportModule | ( | ) |
Definition at line 153 of file PortableCaseReportModule.java.
|
private |
Add all artifacts with a given tag to the portable case.
oldTagName | The TagName object from the current case |
progressPanel | The progress panel |
TskCoreException |
Definition at line 895 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyAttachments(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContentToPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyPathID(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getBlackboardArtifactTagsByTagName(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), and org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Add all files with a given tag to the portable case.
oldTagName | The TagName object from the current case |
progressPanel | The progress panel |
TskCoreException |
Definition at line 789 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addImageTagToPortableCase(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContentToPortableCase(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByTagName(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getImageTagDataForContentTag(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), and org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Add an image tag to the portable case.
newContentTag | The content tag in the portable case |
appData | The string to copy into app_data |
TskCoreException |
Definition at line 882 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_NAME.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase().
|
private |
Adds the content if and only if it has not already been seen.
content | Content to add to the report. |
dataSource | Parent dataSource of the content instance. |
tmpDir | Path to the tmpDir to enforce uniqueness |
gson | |
exporter | |
reportWriter | Report generator instance to add the content to |
dataSourceHasBeenIncluded | Flag determining if the data source should be written to the report (false indicates that it should be written). |
IOException | If an I/O error occurs. |
TskCoreException | If an internal database error occurs. |
return True if the file was written during this operation.
Definition at line 629 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.coreutils.FileUtil.escapeFileName(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getExportSubfolder().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport().
|
private |
Clear out the maps and other fields and close the database connections.
Definition at line 1534 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.closePortableCaseDatabase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldAttrTypeIdToNewAttrType.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleCancellation(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleError().
|
private |
Close the portable case
Definition at line 1555 of file PortableCaseReportModule.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase().
|
private |
Definition at line 1603 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.closePortableCaseDatabase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.getChunkSize(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.ChunkSize.getSevenZipParam(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleError(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.locate7ZipExecutable(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.ChunkSize.NONE.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Copy the sorceFolder to destBaseFolder/appName.
sourceFolder | Autopsy installation directory. |
destBaseFolder | Report base direction. |
IOException |
Definition at line 1502 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.core.UserPreferences.getAppName().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Copy an artifact into the new case. Will also copy any associated artifacts
newContentId | The content ID (in the portable case) of the source content |
artifactToCopy | The artifact to copy |
TskCoreException |
Definition at line 940 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyOsAccount(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewArtifactTypeId(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewAttributeType(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent().
|
private |
Copy attachments to the portable case.
newArtifact | The new artifact in the portable case. Should not have a TSK_ATTACHMENTS attribute. |
oldArtifact | The old artifact. |
newFile | The new file in the portable case associated with the artifact. |
TskCoreException |
Definition at line 1396 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase().
|
private |
Returns the object ID for the given content object in the portable case.
content | The content object to copy into the portable case |
TskCoreException |
Definition at line 1149 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyHost(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyOsAccount(), org.sleuthkit.autopsy.coreutils.FileUtil.escapeFileName(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getExportSubfolder(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyAttachments(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContentToPortableCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyPathID().
|
private |
Top level method to copy a content object to the portable case.
content | The content object to copy |
progressPanel | The progress panel |
TskCoreException |
Definition at line 1135 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Copy a host into the portable case and add it to the oldHostIdToNewHost map.
oldHost | The host to copy |
TskCoreException |
Definition at line 1288 of file PortableCaseReportModule.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyOsAccount().
|
private |
Copy an OS Account to the new case and add it to the oldOsAccountIdToNewOsAccountId map. Will also copy the associated realm.
oldOsAccountId | The OS account id in the current case. |
Definition at line 1305 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyHost(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent().
|
private |
Copy path ID attribute to new case along with the referenced file.
newArtifact | The new artifact in the portable case. Should not have a TSK_PATH_ID attribute. |
oldArtifact | The old artifact. |
TskCoreException |
Definition at line 1372 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase().
|
private |
Create a bat file at destBaseFolder that will launch the portable case.
destBaseFolder | Folder to create the bat file in. |
IOException |
Definition at line 1521 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName, org.sleuthkit.autopsy.core.UserPreferences.getAppName(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExeName().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Create the case directory and case database. portableSkCase will be set if this completes without error.
outputDir | The parent for the case folder |
progressPanel |
Definition at line 690 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName, org.sleuthkit.autopsy.casemodule.Case.createPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.FILE_FOLDER_NAME, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleError(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.saveHighestIds(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.UNKNOWN_FILE_TYPE_FOLDER.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Generates a CASE-UCO report for all files that have a specified TagName or TSK_INTERESTING artifacts that are flagged by the specified SET_NAMEs.
Only one copy of the file will be saved in the report if it is the source of more than one of the above.
tagNames | TagNames to included in the report. |
setNames | SET_NAMEs to include in the report. |
progressPanel | ProgressPanel to relay progress messages. |
Definition at line 508 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addUniqueFile(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getBlackboardArtifactTagsByTagName(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByTagName(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getInterestingArtifactsBySetName(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport | ( | String | reportPath, |
PortableCaseReportModuleSettings | options, | ||
ReportProgressPanel | progressPanel | ||
) |
Definition at line 246 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.areAllSetsSelected(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.areAllTagsSelected(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.COMPLETE, org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyApplication(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContentToPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createAppLaunchBatFile(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAllInterestingItemsSets(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getApplicationBasePath(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.getSelectedSetNames(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.getSelectedTagNames(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getTagNamesInUse(), org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleCancellation(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleError(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.includeApplication(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.initializeImageTags(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldAttrTypeIdToNewAttrType, org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModuleSettings.shouldCompress(), org.sleuthkit.autopsy.report.ReportProgressPanel.start(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
|
private |
Definition at line 653 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.GetInterestingItemSetNamesCallback.getSetCountMap(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Returns base path of the users autopsy installation.
Definition at line 1467 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExePath().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Generate the name of the autopsy exe.
Definition at line 1489 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.core.UserPreferences.getAppName().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createAppLaunchBatFile(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExePath().
|
private |
Find the path of the installed version of autopsy.
Definition at line 1476 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExeName(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.getInstallPath().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getApplicationBasePath().
|
inherited |
Get current configuration for this report module.
Implemented in org.sleuthkit.autopsy.report.modules.stix.STIXReportModule, org.sleuthkit.autopsy.report.modules.html.HTMLReport, and org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb.
Definition at line 79 of file ReportModule.java.
|
inherited |
Returns the configuration panel for the report, which is displayed in the report configuration step of the report wizard.
Implemented in org.sleuthkit.autopsy.report.modules.kml.KMLReport, org.sleuthkit.autopsy.report.modules.stix.STIXReportModule, org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb, org.sleuthkit.autopsy.keywordsearch.ExtractAllTermsReport, org.sleuthkit.autopsy.report.modules.html.HTMLReport, org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportModule, and org.sleuthkit.autopsy.report.GeneralReportModuleAdapter.
Definition at line 61 of file ReportModule.java.
|
inherited |
Get default configuration for this report module.
Implemented in org.sleuthkit.autopsy.report.modules.stix.STIXReportModule, org.sleuthkit.autopsy.report.modules.html.HTMLReport, and org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb.
Definition at line 70 of file ReportModule.java.
Referenced by org.sleuthkit.autopsy.report.infrastructure.ReportGenerator.generateReports().
String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getDescription | ( | ) |
Gets a one-line, user friendly description of the type of report this module generates.
Implements org.sleuthkit.autopsy.report.ReportModule.
Definition at line 168 of file PortableCaseReportModule.java.
|
private |
Return the subfolder name for this file based on MIME type
abstractFile | the file |
Definition at line 1449 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.UNKNOWN_FILE_TYPE_FOLDER.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addUniqueFile(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent().
|
private |
Gets the image tag data for a given content tag
tag | The ContentTag in the current case |
TskCoreException |
Definition at line 833 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_NAME.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase().
|
private |
Load all interesting BlackboardArtifacts that belong to the selected SET_NAME. This operation would be duplicated for every data source, since the Sleuthkit API does not have a notion of searching by data source id.
Definition at line 590 of file PortableCaseReportModule.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport().
String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getName | ( | ) |
Get the name of the report this module generates.
Implements org.sleuthkit.autopsy.report.ReportModule.
Definition at line 160 of file PortableCaseReportModule.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.locate7ZipExecutable().
|
private |
Get the artifact type ID in the portable case and create new artifact type if needed. For built-in artifacts this will be the same as the original.
oldArtifact | The artifact in the current case |
Definition at line 1082 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact().
|
private |
Get the attribute type ID in the portable case and create new attribute type if needed. For built-in attributes this will be the same as the original.
oldAttribute | The attribute in the current case |
Definition at line 1106 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldAttrTypeIdToNewAttrType.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact().
String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getRelativeFilePath | ( | ) |
Gets the relative path of the report file, if any, generated by this module. The path should be relative to the location that gets passed in to generateReport() (or similar).
Implements org.sleuthkit.autopsy.report.ReportModule.
Definition at line 173 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName, org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getDisplayName().
|
private |
Convenience method for handling cancellation
progressPanel | The report progress panel |
Definition at line 188 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), and org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Convenience method to avoid code duplication. Assumes that if an exception is supplied then the error is SEVERE. Otherwise it is logged as a WARNING.
logWarning | Warning to write to the log |
dialogWarning | Warning to write to a pop-up window |
ex | The exception (can be null) |
progressPanel | The report progress panel |
Definition at line 205 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.ERROR, and org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
private |
Set up the image tag table in the portable case
progressPanel |
TskCoreException |
Definition at line 772 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_NAME, and org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_SCHEMA_SQLITE.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().
|
staticprivate |
Locate the 7-Zip executable from the release folder.
Definition at line 1686 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getName(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase().
|
private |
Save the current highest IDs to the portable case.
TskCoreException |
Definition at line 750 of file PortableCaseReportModule.java.
References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase().
|
inherited |
Set report module configuration.
settings | Object which contains report module settings. |
Implemented in org.sleuthkit.autopsy.report.modules.stix.STIXReportModule, org.sleuthkit.autopsy.report.modules.html.HTMLReport, and org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb.
Definition at line 88 of file ReportModule.java.
Referenced by org.sleuthkit.autopsy.report.infrastructure.ReportGenerator.generateReports().
|
staticprivate |
Definition at line 107 of file PortableCaseReportModule.java.
|
staticprivate |
Definition at line 108 of file PortableCaseReportModule.java.
|
private |
Definition at line 123 of file PortableCaseReportModule.java.
|
private |
Definition at line 122 of file PortableCaseReportModule.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createAppLaunchBatFile(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getRelativeFilePath().
|
private |
Definition at line 124 of file PortableCaseReportModule.java.
|
private |
Definition at line 120 of file PortableCaseReportModule.java.
|
staticprivate |
Definition at line 104 of file PortableCaseReportModule.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase().
|
staticprivate |
Definition at line 112 of file PortableCaseReportModule.java.
|
staticprivate |
Definition at line 103 of file PortableCaseReportModule.java.
|
staticprivate |
Definition at line 106 of file PortableCaseReportModule.java.
|
private |
Definition at line 130 of file PortableCaseReportModule.java.
|
private |
Definition at line 142 of file PortableCaseReportModule.java.
|
private |
Definition at line 136 of file PortableCaseReportModule.java.
|
private |
Definition at line 139 of file PortableCaseReportModule.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewAttributeType().
|
private |
Definition at line 151 of file PortableCaseReportModule.java.
|
private |
Definition at line 127 of file PortableCaseReportModule.java.
|
private |
Definition at line 145 of file PortableCaseReportModule.java.
|
private |
Definition at line 148 of file PortableCaseReportModule.java.
|
private |
Definition at line 133 of file PortableCaseReportModule.java.
|
private |
Definition at line 121 of file PortableCaseReportModule.java.
|
private |
Definition at line 109 of file PortableCaseReportModule.java.
|
staticprivate |
Definition at line 117 of file PortableCaseReportModule.java.
|
staticprivate |
Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.