|
Autopsy
4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | PastCasesResult |
Public Member Functions | |
| PastCasesSummary () | |
| PastCasesSummary (SleuthkitCaseProvider provider, java.util.logging.Logger logger) | |
| PastCasesResult | getPastCasesData (DataSource dataSource) throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
Private Member Functions | |
| BlackboardArtifact | getParentArtifact (BlackboardArtifact artifact) throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
| boolean | hasDeviceAssociatedArtifact (BlackboardArtifact artifact) throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
Static Private Member Functions | |
| static List< Pair< String, Long > > | getCaseCounts (Stream< String > cases) |
| static List< String > | getCasesFromArtifact (BlackboardArtifact artifact) |
| static boolean | isCentralRepoGenerated (List< String > sources) |
Private Attributes | |
| final SleuthkitCaseProvider | caseProvider |
| final java.util.logging.Logger | logger |
Static Private Attributes | |
| static final Set< Integer > | ARTIFACT_UPDATE_TYPE_IDS |
| static final String | CASE_SEPARATOR = "," |
| static final String | CENTRAL_REPO_INGEST_NAME = CentralRepoIngestModuleFactory.getModuleName().toUpperCase().trim() |
| static final Set< Integer > | CR_DEVICE_TYPE_IDS |
| static final BlackboardAttribute.Type | TYPE_COMMENT = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_OTHER_CASES) |
Provides information about how a data source relates to a previous case. NOTE: This code is fragile and has certain expectations about how the central repository handles creating artifacts. So, if the central repository changes ingest process, this code could break. This code expects that the central repository ingest module:
a) Creates a TSK_PREVIOUSLY_NOTABLE artifact for a file whose hash is in the central repository as a notable file.
b) Creates a TSK_PREVIOUSLY_SEEN artifact for a matching id in the central repository.
c) The created artifact will have a TSK_OTHER_CASES attribute attached where one of the sources for the attribute matches CentralRepoIngestModuleFactory.getModuleName(). The module display name at time of ingest will match CentralRepoIngestModuleFactory.getModuleName() as well.
d) The content of that TSK_OTHER_CASES attribute will be of the form "case1,case2...caseN"
Definition at line 66 of file PastCasesSummary.java.
| org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary | ( | ) |
Main constructor.
Definition at line 125 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT, and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
| org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary | ( | SleuthkitCaseProvider | provider, |
| java.util.logging.Logger | logger | ||
| ) |
Main constructor with external dependencies specified. This constructor is designed with unit testing in mind since mocked dependencies can be utilized.
| provider | The object providing the current SleuthkitCase. |
| logger | The logger to use. |
Definition at line 141 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.logger.
|
staticprivate |
Given a stream of case ids, groups the strings in a case-insensitive manner, and then provides a list of cases and the occurrence count sorted from max to min.
| cases | A stream of cases. |
Definition at line 213 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
staticprivate |
Gets a list of cases from the TSK_OTHER_CASES of an artifact. The cases string is expected to be of a form of "case1,case2...caseN".
| artifact | The artifact. |
Definition at line 176 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.isCentralRepoGenerated(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.TYPE_COMMENT.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
private |
Given a TSK_PREVIOUSLY_SEEN or TSK_PREVIOUSLY_NOTABLE artifact, retrieves it's parent artifact.
| artifact | The input artifact. |
| TskCoreException | |
| NoCurrentCaseException |
Definition at line 240 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.hasDeviceAssociatedArtifact().
| PastCasesResult org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData | ( | DataSource | dataSource | ) | throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
Returns the past cases data to be shown in the past cases tab.
| dataSource | The data source. |
| SleuthkitCaseProviderException | |
| TskCoreException | |
| NoCurrentCaseException |
Definition at line 281 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get(), org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCaseCounts(), org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.hasDeviceAssociatedArtifact().
Referenced by org.sleuthkit.autopsy.datasourcesummary.ui.PastCasesSummaryGetter.getPastCasesData().
|
private |
Returns true if the artifact has an associated artifact of a device type.
| artifact | The artifact. |
| TskCoreException | |
| NoCurrentCaseException |
Definition at line 261 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getParentArtifact().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
staticprivate |
Given the provided sources for an attribute, aims to determine if one of those sources is the Central Repository Ingest Module.
| sources | The list of sources found on an attribute. |
Definition at line 158 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact().
|
staticprivate |
Definition at line 102 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 117 of file PastCasesSummary.java.
|
private |
Definition at line 119 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 107 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 110 of file PastCasesSummary.java.
|
private |
Definition at line 120 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary().
|
staticprivate |
Definition at line 108 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact().
Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.