Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Public Member Functions | |
DomainSearch () | |
List< MiniTimelineResult > | getAllArtifactsForDomain (SleuthkitCase sleuthkitCase, String domain) throws DiscoveryException |
List< BlackboardArtifact > | getArtifacts (DomainSearchArtifactsRequest artifactsRequest) throws DiscoveryException |
List< Result > | getDomainsInGroup (String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, GroupKey groupKey, int startingEntry, int numberOfEntries, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException |
Map< GroupKey, Integer > | getGroupSizes (String userName, List< AbstractFilter > filters, DiscoveryAttributes.AttributeType groupAttributeType, Group.GroupSortingAlgorithm groupSortingType, ResultsSorter.SortingMethod domainSortingMethod, SleuthkitCase caseDb, CentralRepository centralRepoDb, SearchContext context) throws DiscoveryException, SearchCancellationException |
Image | getThumbnail (DomainSearchThumbnailRequest thumbnailRequest) throws DiscoveryException |
Private Member Functions | |
String | getDate (BlackboardArtifact artifact) throws TskCoreException |
Private Attributes | |
final DomainSearchArtifactsCache | artifactsCache |
final DomainSearchCache | searchCache |
final DomainSearchThumbnailCache | thumbnailCache |
Main class to perform the domain search.
Definition at line 39 of file DomainSearch.java.
org.sleuthkit.autopsy.discovery.search.DomainSearch.DomainSearch | ( | ) |
Construct a new DomainSearch object.
Definition at line 48 of file DomainSearch.java.
List<MiniTimelineResult> org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain | ( | SleuthkitCase | sleuthkitCase, |
String | domain | ||
) | throws DiscoveryException |
Get a list of MiniTimelineResults one for each date any TSK_WEB artifacts existed for, which contains a list of artifacts observed on that date.
sleuthkitCase | The case database for the search. |
domain | The domain that artifacts are being requested for. |
DiscoveryException | if unable to get the artifacts or the date attributes from an artifact. |
Definition at line 208 of file DomainSearch.java.
References org.sleuthkit.autopsy.discovery.search.SearchData.Type.DOMAIN, org.sleuthkit.autopsy.discovery.search.DomainSearch.getArtifacts(), and org.sleuthkit.autopsy.discovery.search.DomainSearch.getDate().
List<BlackboardArtifact> org.sleuthkit.autopsy.discovery.search.DomainSearch.getArtifacts | ( | DomainSearchArtifactsRequest | artifactsRequest | ) | throws DiscoveryException |
Get all blackboard artifacts that match the requested domain name.
Artifacts will be selected if the requested domain name is either an exact match on a TSK_DOMAIN value or a substring match on a TSK_URL value. String matching is case insensitive.
artifactsRequest | The request containing the case, artifact type, and domain name. |
DiscoveryException | If an exception is encountered during processing. |
Definition at line 192 of file DomainSearch.java.
References org.sleuthkit.autopsy.discovery.search.DomainSearchArtifactsCache.get().
Referenced by org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain().
|
private |
Private helper method to get a date from the artifact.
artifact | The artifact to get a date from. |
TskCoreException | when unable to get the attributes for the artifact. |
Definition at line 252 of file DomainSearch.java.
References org.sleuthkit.autopsy.coreutils.TimeZoneUtils.getFormattedTime().
Referenced by org.sleuthkit.autopsy.discovery.search.DomainSearch.getAllArtifactsForDomain().
List<Result> org.sleuthkit.autopsy.discovery.search.DomainSearch.getDomainsInGroup | ( | String | userName, |
List< AbstractFilter > | filters, | ||
DiscoveryAttributes.AttributeType | groupAttributeType, | ||
Group.GroupSortingAlgorithm | groupSortingType, | ||
ResultsSorter.SortingMethod | domainSortingMethod, | ||
GroupKey | groupKey, | ||
int | startingEntry, | ||
int | numberOfEntries, | ||
SleuthkitCase | caseDb, | ||
CentralRepository | centralRepoDb, | ||
SearchContext | context | ||
) | throws DiscoveryException, SearchCancellationException |
Get the domains from the specified group from the cache, if the the group was not cached perform a search caching the groups.
userName | The name of the user performing the search. |
filters | The filters to apply. |
groupAttributeType | The attribute to use for grouping. |
groupSortingType | The method to use to sort the groups. |
domainSortingMethod | The method to use to sort the Domains within the groups. |
groupKey | The key which uniquely identifies the group to get entries from. |
startingEntry | The first entry to return. |
numberOfEntries | The number of entries to return. |
caseDb | The case database. |
centralRepoDb | The central repository database. Can be null if not needed. |
context | The search context. |
DiscoveryException |
Definition at line 135 of file DomainSearch.java.
Map<GroupKey, Integer> org.sleuthkit.autopsy.discovery.search.DomainSearch.getGroupSizes | ( | String | userName, |
List< AbstractFilter > | filters, | ||
DiscoveryAttributes.AttributeType | groupAttributeType, | ||
Group.GroupSortingAlgorithm | groupSortingType, | ||
ResultsSorter.SortingMethod | domainSortingMethod, | ||
SleuthkitCase | caseDb, | ||
CentralRepository | centralRepoDb, | ||
SearchContext | context | ||
) | throws DiscoveryException, SearchCancellationException |
Run the domain search to get the group keys and sizes. Clears cache of search results, caching new results for access at later time.
userName | The name of the user performing the search. |
filters | The filters to apply. |
groupAttributeType | The attribute to use for grouping. |
groupSortingType | The method to use to sort the groups. |
domainSortingMethod | The method to use to sort the domains within the groups. |
caseDb | The case database. |
centralRepoDb | The central repository database. Can be null if not needed. |
context | The SearchContext the search is being performed from. |
DiscoveryException | |
SearchCancellationException | - Thrown when the user has cancelled the search. |
Definition at line 89 of file DomainSearch.java.
Image org.sleuthkit.autopsy.discovery.search.DomainSearch.getThumbnail | ( | DomainSearchThumbnailRequest | thumbnailRequest | ) | throws DiscoveryException |
Get a thumbnail representation of a domain name.
Thumbnail candidates are JPEG files that have either TSK_WEB_DOWNLOAD or TSK_WEB_CACHE artifacts that match the domain name (see the DomainSearch getArtifacts() API). JPEG files are sorted by most recent if sourced from TSK_WEB_DOWNLOADs and by size if sourced from TSK_WEB_CACHE artifacts. The first suitable thumbnail is selected.
thumbnailRequest | Thumbnail request for domain. |
DiscoveryException | If there is an error with Discovery related processing. |
Definition at line 173 of file DomainSearch.java.
References org.sleuthkit.autopsy.discovery.search.DomainSearchThumbnailCache.get().
Referenced by org.sleuthkit.autopsy.discovery.ui.ResultsPanel.DomainThumbnailWorker.doInBackground().
|
private |
Definition at line 43 of file DomainSearch.java.
|
private |
Definition at line 41 of file DomainSearch.java.
|
private |
Definition at line 42 of file DomainSearch.java.
Copyright © 2012-2022 Basis Technology. Generated on: Tue Jun 27 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.