Autopsy  4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.discovery.search.DomainSearch Class Reference

Public Member Functions

 DomainSearch ()
 
List< MiniTimelineResultgetAllArtifactsForDomain (SleuthkitCase sleuthkitCase, String domain) throws DiscoveryException
 
List< BlackboardArtifact > getArtifacts (DomainSearchArtifactsRequest artifactsRequest) throws DiscoveryException
 
List< ResultgetDomainsInGroup (String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, GroupKey groupKey, int startingEntry, int numberOfEntries, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException
 
Map< GroupKey, Integer > getGroupSizes (String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException
 
Image getThumbnail (DomainSearchThumbnailRequest thumbnailRequest) throws DiscoveryException
 

Private Member Functions

String getDate (BlackboardArtifact artifact) throws TskCoreException
 

Private Attributes

final DomainSearchArtifactsCache artifactsCache
 
final DomainSearchCache searchCache
 
final DomainSearchThumbnailCache thumbnailCache
 

Detailed Description

Main class to perform the domain search.

Definition at line 39 of file DomainSearch.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.discovery.search.DomainSearch.DomainSearch ( )

Construct a new DomainSearch object.

Definition at line 48 of file DomainSearch.java.

Member Function Documentation

List<MiniTimelineResult> org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain ( SleuthkitCase  sleuthkitCase,
String  domain 
) throws DiscoveryException

Get a list of MiniTimelineResults one for each date any TSK_WEB artifacts existed for, which contains a list of artifacts observed on that date.

Parameters
sleuthkitCaseThe case database for the search.
domainThe domain that artifacts are being requested for.
Returns
The list of MiniTimelineResults
Exceptions
DiscoveryExceptionif unable to get the artifacts or the date attributes from an artifact.

Definition at line 208 of file DomainSearch.java.

References org.sleuthkit.autopsy.discovery.search.SearchData.Type.DOMAIN, org.sleuthkit.autopsy.discovery.search.DomainSearch.getArtifacts(), and org.sleuthkit.autopsy.discovery.search.DomainSearch.getDate().

List<BlackboardArtifact> org.sleuthkit.autopsy.discovery.search.DomainSearch.getArtifacts ( DomainSearchArtifactsRequest  artifactsRequest) throws DiscoveryException

Get all blackboard artifacts that match the requested domain name.

Artifacts will be selected if the requested domain name is either an exact match on a TSK_DOMAIN value or a substring match on a TSK_URL value. String matching is case insensitive.

Parameters
artifactsRequestThe request containing the case, artifact type, and domain name.
Returns
A list of blackboard artifacts that match the request criteria.
Exceptions
DiscoveryExceptionIf an exception is encountered during processing.

Definition at line 192 of file DomainSearch.java.

References org.sleuthkit.autopsy.discovery.search.DomainSearchArtifactsCache.get().

Referenced by org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain().

String org.sleuthkit.autopsy.discovery.search.DomainSearch.getDate ( BlackboardArtifact  artifact) throws TskCoreException
private

Private helper method to get a date from the artifact.

Parameters
artifactThe artifact to get a date from.
Returns
The date as a string in the form YYYY-MM-DD.
Exceptions
TskCoreExceptionwhen unable to get the attributes for the artifact.

Definition at line 252 of file DomainSearch.java.

References org.sleuthkit.autopsy.coreutils.TimeZoneUtils.getFormattedTime().

Referenced by org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain().

List<Result> org.sleuthkit.autopsy.discovery.search.DomainSearch.getDomainsInGroup ( String  userName,
List< AbstractFilter filters,
DiscoveryAttributes.AttributeType  groupAttributeType,
Group.GroupSortingAlgorithm  groupSortingType,
ResultsSorter.SortingMethod  domainSortingMethod,
GroupKey  groupKey,
int  startingEntry,
int  numberOfEntries,
SleuthkitCase  caseDb,
CentralRepository  centralRepoDb,
SearchContext  context 
) throws DiscoveryException, SearchCancellationException

Get the domains from the specified group from the cache, if the the group was not cached perform a search caching the groups.

Parameters
userNameThe name of the user performing the search.
filtersThe filters to apply.
groupAttributeTypeThe attribute to use for grouping.
groupSortingTypeThe method to use to sort the groups.
domainSortingMethodThe method to use to sort the Domains within the groups.
groupKeyThe key which uniquely identifies the group to get entries from.
startingEntryThe first entry to return.
numberOfEntriesThe number of entries to return.
caseDbThe case database.
centralRepoDbThe central repository database. Can be null if not needed.
contextThe search context.
Returns
A LinkedHashMap grouped and sorted according to the parameters.
Exceptions
DiscoveryException

Definition at line 135 of file DomainSearch.java.

Map<GroupKey, Integer> org.sleuthkit.autopsy.discovery.search.DomainSearch.getGroupSizes ( String  userName,
List< AbstractFilter filters,
DiscoveryAttributes.AttributeType  groupAttributeType,
Group.GroupSortingAlgorithm  groupSortingType,
ResultsSorter.SortingMethod  domainSortingMethod,
SleuthkitCase  caseDb,
CentralRepository  centralRepoDb,
SearchContext  context 
) throws DiscoveryException, SearchCancellationException

Run the domain search to get the group keys and sizes. Clears cache of search results, caching new results for access at later time.

Parameters
userNameThe name of the user performing the search.
filtersThe filters to apply.
groupAttributeTypeThe attribute to use for grouping.
groupSortingTypeThe method to use to sort the groups.
domainSortingMethodThe method to use to sort the domains within the groups.
caseDbThe case database.
centralRepoDbThe central repository database. Can be null if not needed.
contextThe SearchContext the search is being performed from.
Returns
A LinkedHashMap grouped and sorted according to the parameters.
Exceptions
DiscoveryException
SearchCancellationException- Thrown when the user has cancelled the search.

Definition at line 89 of file DomainSearch.java.

Image org.sleuthkit.autopsy.discovery.search.DomainSearch.getThumbnail ( DomainSearchThumbnailRequest  thumbnailRequest) throws DiscoveryException

Get a thumbnail representation of a domain name.

Thumbnail candidates are JPEG files that have either TSK_WEB_DOWNLOAD or TSK_WEB_CACHE artifacts that match the domain name (see the DomainSearch getArtifacts() API). JPEG files are sorted by most recent if sourced from TSK_WEB_DOWNLOADs and by size if sourced from TSK_WEB_CACHE artifacts. The first suitable thumbnail is selected.

Parameters
thumbnailRequestThumbnail request for domain.
Returns
A thumbnail of the first matching JPEG, or a default thumbnail if no suitable JPEG exists.
Exceptions
DiscoveryExceptionIf there is an error with Discovery related processing.

Definition at line 173 of file DomainSearch.java.

References org.sleuthkit.autopsy.discovery.search.DomainSearchThumbnailCache.get().

Referenced by org.sleuthkit.autopsy.discovery.ui.ResultsPanel.DomainThumbnailWorker.doInBackground().

Member Data Documentation

final DomainSearchArtifactsCache org.sleuthkit.autopsy.discovery.search.DomainSearch.artifactsCache
private

Definition at line 43 of file DomainSearch.java.

final DomainSearchCache org.sleuthkit.autopsy.discovery.search.DomainSearch.searchCache
private

Definition at line 41 of file DomainSearch.java.

final DomainSearchThumbnailCache org.sleuthkit.autopsy.discovery.search.DomainSearch.thumbnailCache
private

Definition at line 42 of file DomainSearch.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.