Autopsy
4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.timeline.CancellationProgressTask< X >.
Public Member Functions | |
ReadOnlyBooleanProperty | cancellableProperty () |
synchronized boolean | isCancelRequested () |
boolean | requestCancel () |
Protected Member Functions | |
Void | call () throws Exception |
void | done () |
void | updateMessage (String message) |
void | updateProgress (double workDone, double max) |
void | updateProgress (long workDone, long max) |
void | updateTitle (String title) |
Private Member Functions | |
void | insertArtifactDerivedEvents (EventDB.EventTransaction trans) |
void | insertArtifactTags (int currentWorkTotal, List< BlackboardArtifactTag > artifactTags, EventDB.EventTransaction trans) |
void | insertContentTags (int currentWorkTotal, List< ContentTag > contentTags, EventDB.EventTransaction trans) |
void | insertEventForArtifact (final ArtifactEventType type, BlackboardArtifact bbart, EventDB.EventTransaction trans) throws TskCoreException |
void | insertEventsForFile (AbstractFile f, EventDB.EventTransaction trans) throws TskCoreException |
void | insertMACTimeEvents (final int numFiles, List< Long > fileIDs, EventDB.EventTransaction trans) |
void | populateEventType (final ArtifactEventType type, EventDB.EventTransaction trans) |
Private Attributes | |
final ReadOnlyBooleanWrapper | cancellable = new ReadOnlyBooleanWrapper(true) |
final DBPopulationMode | dbPopulationMode |
ProgressHandle | progressHandle |
final SleuthkitCase | skCase |
final TagsManager | tagsManager |
//TODO: I don't like the coupling to ProgressHandle in this task, but the alternatives I can think of seem even worse. -jm
Definition at line 429 of file EventsRepository.java.
|
protected |
Definition at line 510 of file EventsRepository.java.
References org::sleuthkit::datamodel::SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationMode.FULL, org.sleuthkit.autopsy.casemodule.services.TagsManager.getAllBlackboardArtifactTags(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getAllContentTags(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertArtifactDerivedEvents(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertArtifactTags(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertContentTags(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertMACTimeEvents(), org.sleuthkit.autopsy.timeline.db.EventsRepository.invalidateCaches(), org.sleuthkit.autopsy.timeline.CancellationProgressTask< X >.isCancelRequested(), org.sleuthkit.autopsy.timeline.db.EventsRepository.populateFilterData(), org::sleuthkit::datamodel::TskData::TSK_DB_FILES_TYPE_ENUM.SLACK, and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationMode.TAGS_ONLY.
ReadOnlyBooleanProperty org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.cancellableProperty | ( | ) |
Definition at line 440 of file EventsRepository.java.
|
protected |
Definition at line 667 of file EventsRepository.java.
|
private |
Definition at line 586 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.allTypes, org.sleuthkit.autopsy.timeline.CancellationProgressTask< X >.isCancelRequested(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.populateEventType().
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.call().
|
private |
Definition at line 564 of file EventsRepository.java.
References org::sleuthkit::datamodel::BlackboardArtifactTag.getArtifact(), org::sleuthkit::datamodel::BlackboardArtifact.getArtifactID(), org::sleuthkit::datamodel::BlackboardArtifactTag.getContent(), org::sleuthkit::datamodel::Content.getId(), org.sleuthkit.autopsy.timeline.CancellationProgressTask< X >.isCancelRequested(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.updateProgress().
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.call().
|
private |
Definition at line 575 of file EventsRepository.java.
References org::sleuthkit::datamodel::ContentTag.getContent(), org::sleuthkit::datamodel::Content.getId(), org.sleuthkit.autopsy.timeline.CancellationProgressTask< X >.isCancelRequested(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.updateProgress().
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.call().
|
private |
Definition at line 707 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.buildEventDescription(), org::sleuthkit::datamodel::SleuthkitCase.getAbstractFileById(), org::sleuthkit::datamodel::BlackboardArtifact.getArtifactID(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getBlackboardArtifactTagsByArtifact(), org::sleuthkit::datamodel::AbstractFile.getDataSource(), org::sleuthkit::datamodel::AbstractContent.getHashSetNames(), org::sleuthkit::datamodel::Content.getId(), and org::sleuthkit::datamodel::BlackboardArtifact.getObjectID().
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.populateEventType().
|
private |
Definition at line 624 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.datamodel.eventtype.FileSystemTypes.FILE_ACCESSED, org.sleuthkit.autopsy.timeline.datamodel.eventtype.FileSystemTypes.FILE_CHANGED, org.sleuthkit.autopsy.timeline.datamodel.eventtype.FileSystemTypes.FILE_CREATED, org.sleuthkit.autopsy.timeline.datamodel.eventtype.FileSystemTypes.FILE_MODIFIED, org::sleuthkit::datamodel::AbstractFile.getAtime(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByContent(), org::sleuthkit::datamodel::AbstractFile.getCrtime(), org::sleuthkit::datamodel::AbstractFile.getCtime(), org::sleuthkit::datamodel::AbstractFile.getDataSource(), org::sleuthkit::datamodel::AbstractContent.getHashSetNames(), org::sleuthkit::datamodel::AbstractContent.getId(), org::sleuthkit::datamodel::Content.getId(), org::sleuthkit::datamodel::AbstractFile.getKnown(), org::sleuthkit::datamodel::AbstractFile.getMtime(), org::sleuthkit::datamodel::AbstractFile.getParentPath(), and org::sleuthkit::datamodel::AbstractContent.getUniquePath().
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertMACTimeEvents().
|
private |
Definition at line 601 of file EventsRepository.java.
References org::sleuthkit::datamodel::SleuthkitCase.getAbstractFileById(), org::sleuthkit::datamodel::AbstractContent.getName(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertEventsForFile(), org.sleuthkit.autopsy.timeline.CancellationProgressTask< X >.isCancelRequested(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.updateMessage(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.updateProgress().
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.call().
|
inherited |
Definition at line 35 of file CancellationProgressTask.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.call(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertArtifactDerivedEvents(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertArtifactTags(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertContentTags(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertMACTimeEvents().
|
private |
populate all the events of one type
type | the type to populate |
trans | the db transaction to use |
Definition at line 687 of file EventsRepository.java.
References org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getArtifactTypeID(), org::sleuthkit::datamodel::SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getDisplayName(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertEventForArtifact(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.updateProgress().
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertArtifactDerivedEvents().
boolean org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.requestCancel | ( | ) |
Definition at line 445 of file EventsRepository.java.
|
protected |
Definition at line 457 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertMACTimeEvents().
|
protected |
Definition at line 463 of file EventsRepository.java.
Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertArtifactTags(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertContentTags(), org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertMACTimeEvents(), and org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.populateEventType().
|
protected |
Definition at line 471 of file EventsRepository.java.
|
protected |
Definition at line 451 of file EventsRepository.java.
|
private |
Definition at line 431 of file EventsRepository.java.
|
private |
Definition at line 433 of file EventsRepository.java.
|
private |
Definition at line 437 of file EventsRepository.java.
|
private |
Definition at line 434 of file EventsRepository.java.
|
private |
Definition at line 435 of file EventsRepository.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Apr 24 2017
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.