Autopsy  4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener Class Reference

Classes

class  AnalysisCompleteTask
 
class  DataAddedTask
 
class  IngestJobEventListener
 
class  IngestModuleEventListener
 

Public Member Functions

 IngestEventsListener ()
 
void installListeners ()
 
void shutdown ()
 
void uninstallListeners ()
 

Static Public Member Functions

static synchronized void decrementCorrelationEngineModuleCount ()
 
static synchronized int getCeModuleInstanceCount ()
 
static synchronized void incrementCorrelationEngineModuleCount ()
 
static synchronized boolean isFlagNotableItems ()
 
static synchronized boolean isFlagSeenDevices ()
 
static synchronized boolean isFlagUniqueArtifacts ()
 
static synchronized void setCreateCrProperties (boolean value)
 
static synchronized void setFlagNotableItems (boolean value)
 
static synchronized void setFlagSeenDevices (boolean value)
 
static synchronized void setFlagUniqueArtifacts (boolean value)
 
static synchronized boolean shouldCreateCrProperties ()
 

Private Member Functions

List< String > getCaseDisplayNames (List< CorrelationAttributeInstance > occurrences)
 
List< String > getCaseDisplayNamesForNotable (List< CorrelationAttributeInstance > occurrences)
 

Static Private Member Functions

static void makeAndPostArtifact (BlackboardArtifact.Type newArtifactType, BlackboardArtifact originalArtifact, Collection< BlackboardAttribute > attributesForNewArtifact, String configuration, Score score, String justification)
 
static void makeAndPostPreviouslyUnseenArtifact (BlackboardArtifact originalArtifact, CorrelationAttributeInstance.Type aType, String value)
 
static void makeAndPostPreviousNotableArtifact (BlackboardArtifact originalArtifact, List< String > caseDisplayNames, CorrelationAttributeInstance.Type aType, String value)
 
static void makeAndPostPreviousSeenArtifact (BlackboardArtifact originalArtifact, List< String > caseDisplayNames, CorrelationAttributeInstance.Type aType, String value)
 

Private Attributes

final ExecutorService jobProcessingExecutor
 
final PropertyChangeListener pcl1 = new IngestModuleEventListener()
 
final PropertyChangeListener pcl2 = new IngestJobEventListener()
 

Static Private Attributes

static int correlationModuleInstanceCount
 
static boolean createCrProperties
 
static boolean flagNotableItems
 
static boolean flagSeenDevices
 
static boolean flagUniqueArtifacts
 
static final String INGEST_EVENT_THREAD_NAME = "Ingest-Event-Listener-%d"
 
static final Set< IngestManager.IngestJobEvent > INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.DATA_SOURCE_ANALYSIS_COMPLETED)
 
static final Set< IngestManager.IngestModuleEvent > INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(DATA_ADDED)
 
static final Logger LOGGER = Logger.getLogger(CorrelationAttributeInstance.class.getName())
 
static final String MODULE_NAME = Bundle.IngestEventsListener_ingestmodule_name()
 

Detailed Description

Listen for ingest events and update entries in the Central Repository database accordingly

Definition at line 74 of file IngestEventsListener.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.IngestEventsListener ( )

Definition at line 94 of file IngestEventsListener.java.

Member Function Documentation

static synchronized void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.decrementCorrelationEngineModuleCount ( )
static

Decrease the number of IngestEventsListeners adding contents to the Central Repository.

Definition at line 130 of file IngestEventsListener.java.

List<String> org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.getCaseDisplayNames ( List< CorrelationAttributeInstance occurrences)
private

Gets case display names for a list of CorrelationAttributeInstance.

Parameters
occurrencesList of CorrelationAttributeInstance
Returns
List of case display names

Definition at line 646 of file IngestEventsListener.java.

List<String> org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.getCaseDisplayNamesForNotable ( List< CorrelationAttributeInstance occurrences)
private

Gets case display names for only occurrences marked as NOTABLE/BAD.

Parameters
occurrencesList of CorrelationAttributeInstance
Returns
List of case display names of NOTABLE/BAD occurrences

Definition at line 661 of file IngestEventsListener.java.

static synchronized int org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.getCeModuleInstanceCount ( )
static

Whether or not the Central Repository Module is enabled for any of the currently running ingest jobs.

Returns
boolean True for Central Repository enabled, False for disabled

Definition at line 150 of file IngestEventsListener.java.

static synchronized void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.incrementCorrelationEngineModuleCount ( )
static

Increase the number of IngestEventsListeners adding contents to the Central Repository.

Definition at line 122 of file IngestEventsListener.java.

void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.installListeners ( )

Definition at line 105 of file IngestEventsListener.java.

References org.sleuthkit.autopsy.ingest.IngestManager.addIngestJobEventListener(), org.sleuthkit.autopsy.ingest.IngestManager.addIngestModuleEventListener(), and org.sleuthkit.autopsy.ingest.IngestManager.getInstance().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepositoryService.openCaseResources().

static synchronized boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.isFlagNotableItems ( )
static

Are notable items being flagged?

Returns
True if flagging notable items; otherwise false.

Definition at line 159 of file IngestEventsListener.java.

static synchronized boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.isFlagSeenDevices ( )
static

Are previously seen devices being flagged?

Returns
True if flagging seen devices; otherwise false.

Definition at line 168 of file IngestEventsListener.java.

Referenced by org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.OsAccountInstancesAddedTask.run().

static synchronized boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.isFlagUniqueArtifacts ( )
static

Are unique apps being flagged?

Returns
True if flagging unique apps; otherwise false.

Definition at line 213 of file IngestEventsListener.java.

static void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.makeAndPostArtifact ( BlackboardArtifact.Type  newArtifactType,
BlackboardArtifact  originalArtifact,
Collection< BlackboardAttribute >  attributesForNewArtifact,
String  configuration,
Score  score,
String  justification 
)
staticprivate

Make an artifact to flag the passed in artifact.

Parameters
newArtifactTypeType of artifact to create.
originalArtifactArtifact in current case we want to flag
attributesForNewArtifactAttributes to assign to the new artifact
configurationThe configuration to be specified for the new artifact hit
scoresleuthkit.datamodel.Score to be assigned to this artifact
justificationJustification string

Definition at line 336 of file IngestEventsListener.java.

static void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.makeAndPostPreviouslyUnseenArtifact ( BlackboardArtifact  originalArtifact,
CorrelationAttributeInstance.Type  aType,
String  value 
)
staticprivate

Create a "previously unseen" hit for an application which was never seen in the central repository.

Parameters
originalArtifactthe artifact to create the "previously unseen" item for
aTypeThe correlation type.
valueThe correlation value.

Definition at line 314 of file IngestEventsListener.java.

static void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.makeAndPostPreviousNotableArtifact ( BlackboardArtifact  originalArtifact,
List< String >  caseDisplayNames,
CorrelationAttributeInstance.Type  aType,
String  value 
)
staticprivate

Make a "previously seen" artifact based on a new artifact being previously seen.

Parameters
originalArtifactOriginal artifact that we want to flag
caseDisplayNamesList of case names artifact was previously seen in
aTypeThe correlation type.
valueThe correlation value.

Definition at line 238 of file IngestEventsListener.java.

static void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.makeAndPostPreviousSeenArtifact ( BlackboardArtifact  originalArtifact,
List< String >  caseDisplayNames,
CorrelationAttributeInstance.Type  aType,
String  value 
)
staticprivate

Create a "previously seen" hit for a device which was previously seen in the central repository. NOTE: Artifacts that are too common will be skipped.

Parameters
originalArtifactthe artifact to create the "previously seen" item for
caseDisplayNamesthe case names the artifact was previously seen in
aTypeThe correlation type.
valueThe correlation value.

Definition at line 272 of file IngestEventsListener.java.

static synchronized void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.setCreateCrProperties ( boolean  value)
static

Configure the listener to create correlation properties

Parameters
valueTrue to create properties; otherwise false.

Definition at line 222 of file IngestEventsListener.java.

static synchronized void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.setFlagNotableItems ( boolean  value)
static

Configure the listener to flag notable items or not.

Parameters
valueTrue to flag notable items; otherwise false.

Definition at line 186 of file IngestEventsListener.java.

static synchronized void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.setFlagSeenDevices ( boolean  value)
static

Configure the listener to flag previously seen devices or not.

Parameters
valueTrue to flag seen devices; otherwise false.

Definition at line 195 of file IngestEventsListener.java.

static synchronized void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.setFlagUniqueArtifacts ( boolean  value)
static

Configure the listener to flag unique apps or not.

Parameters
valueTrue to flag unique apps; otherwise false.

Definition at line 204 of file IngestEventsListener.java.

static synchronized boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.shouldCreateCrProperties ( )
static

Are correlation properties being created

Returns
True if creating correlation properties; otherwise false.

Definition at line 177 of file IngestEventsListener.java.

Referenced by org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.OsAccountInstancesAddedTask.run().

void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.shutdown ( )

Definition at line 98 of file IngestEventsListener.java.

References org.sleuthkit.autopsy.coreutils.ThreadUtils.shutDownTaskExecutor().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepositoryService.closeCaseResources().

void org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.uninstallListeners ( )

Definition at line 113 of file IngestEventsListener.java.

References org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.ingest.IngestManager.removeIngestJobEventListener(), and org.sleuthkit.autopsy.ingest.IngestManager.removeIngestModuleEventListener().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepositoryService.closeCaseResources().

Member Data Documentation

int org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.correlationModuleInstanceCount
staticprivate

Definition at line 80 of file IngestEventsListener.java.

boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.createCrProperties
staticprivate

Definition at line 83 of file IngestEventsListener.java.

boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.flagNotableItems
staticprivate

Definition at line 81 of file IngestEventsListener.java.

boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.flagSeenDevices
staticprivate

Definition at line 82 of file IngestEventsListener.java.

boolean org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.flagUniqueArtifacts
staticprivate

Definition at line 84 of file IngestEventsListener.java.

final String org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.INGEST_EVENT_THREAD_NAME = "Ingest-Event-Listener-%d"
staticprivate

Definition at line 85 of file IngestEventsListener.java.

final Set<IngestManager.IngestJobEvent> org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.DATA_SOURCE_ANALYSIS_COMPLETED)
staticprivate

Definition at line 77 of file IngestEventsListener.java.

final Set<IngestManager.IngestModuleEvent> org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(DATA_ADDED)
staticprivate

Definition at line 78 of file IngestEventsListener.java.

final ExecutorService org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.jobProcessingExecutor
private

Definition at line 86 of file IngestEventsListener.java.

final Logger org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.LOGGER = Logger.getLogger(CorrelationAttributeInstance.class.getName())
staticprivate

Definition at line 76 of file IngestEventsListener.java.

final String org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.MODULE_NAME = Bundle.IngestEventsListener_ingestmodule_name()
staticprivate

Definition at line 79 of file IngestEventsListener.java.

final PropertyChangeListener org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.pcl1 = new IngestModuleEventListener()
private

Definition at line 87 of file IngestEventsListener.java.

final PropertyChangeListener org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.pcl2 = new IngestJobEventListener()
private

Definition at line 88 of file IngestEventsListener.java.

The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.