Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Public Attributes | Static Public Attributes | Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes Enum Reference

Inherits org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType, and org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Classes

class  TopPrivateDomainExtractor
 

Public Member Functions

BlackboardArtifact.Type getArtifactType ()
 
default int getArtifactTypeID ()
 
default BaseTypes getBaseType ()
 
default Color getColor ()
 
BlackboardAttribute.Type getDateTimeAttributeType ()
 
String getDisplayName ()
 
Function< BlackboardArtifact, String > getFullExtractor ()
 
Image getFXImage ()
 
String getIconBase ()
 
Function< BlackboardArtifact, String > getMedExtractor ()
 
Function< BlackboardArtifact, String > getShortExtractor ()
 
default List<?extends EventTypegetSiblingTypes ()
 
EventType getSubType (String string)
 
List<?extends EventTypegetSubTypes ()
 
default List<?extends EventTypegetSubTypesRecusive ()
 
EventType getSuperType ()
 
EventTypeZoomLevel getZoomLevel ()
 
int ordinal ()
 
default AttributeEventDescription parseAttributesHelper (BlackboardArtifact artf) throws TskCoreException
 

Static Public Member Functions

static AttributeEventDescription buildEventDescription (ArtifactEventType type, BlackboardArtifact artf) throws TskCoreException
 
static BlackboardAttribute getAttributeSafe (BlackboardArtifact artf, BlackboardAttribute.Type attrType)
 
static Comparator< EventTypegetComparator ()
 

Public Attributes

 WEB_BOOKMARK
 
 WEB_COOKIE
 
 WEB_DOWNLOADS
 
 WEB_HISTORY
 
 WEB_SEARCH
 

Static Public Attributes

static final List<?extends EventTypeallTypes = RootEventType.getInstance().getSubTypesRecusive()
 
static final Logger LOGGER = Logger.getLogger(ArtifactEventType.class.getName())
 

Private Member Functions

 WebTypes (String displayName, String iconBase, BlackboardArtifact.Type artifactType, BlackboardAttribute.Type dateTimeAttributeType, Function< BlackboardArtifact, String > shortExtractor, Function< BlackboardArtifact, String > medExtractor, Function< BlackboardArtifact, String > longExtractor)
 

Private Attributes

final BlackboardArtifact.Type artifactType
 
final BlackboardAttribute.Type dateTimeAttributeType
 
final String displayName
 
final String iconBase
 
final Image image
 
final Function< BlackboardArtifact, String > longExtractor
 
final Function< BlackboardArtifact, String > medExtractor
 
final Function< BlackboardArtifact, String > shortExtractor
 

Detailed Description

Definition at line 36 of file WebTypes.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.WebTypes ( String  displayName,
String  iconBase,
BlackboardArtifact.Type  artifactType,
BlackboardAttribute.Type  dateTimeAttributeType,
Function< BlackboardArtifact, String >  shortExtractor,
Function< BlackboardArtifact, String >  medExtractor,
Function< BlackboardArtifact, String >  longExtractor 
)
private

Definition at line 150 of file WebTypes.java.

Member Function Documentation

static AttributeEventDescription org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.buildEventDescription ( ArtifactEventType  type,
BlackboardArtifact  artf 
) throws TskCoreException
staticinherited

Build a AttributeEventDescription derived from a BlackboardArtifact. This is a template method that relies on each ArtifactEventType's implementation of ArtifactEventType::parseAttributesHelper() to know how to go from BlackboardAttributes to the event description.

Parameters
type
artfthe BlackboardArtifact to derive the event description from
Returns
an AttributeEventDescription derived from the given artifact, if the given artifact has no timestamp
Exceptions
TskCoreExceptionis there is a problem accessing the blackboard data

Definition at line 159 of file ArtifactEventType.java.

Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertEventForArtifact().

BlackboardArtifact.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getArtifactType ( )

Get the artifact type this event type is derived from.

Returns
The artifact type this event type is derived from.

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 146 of file WebTypes.java.

default int org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getArtifactTypeID ( )
inherited

Get the ID of the the artifact type that this EventType is derived from.

Returns
the ID of the the artifact type that this EventType is derived from.

Definition at line 58 of file ArtifactEventType.java.

References org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getArtifactType().

Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.populateEventType().

static BlackboardAttribute org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getAttributeSafe ( BlackboardArtifact  artf,
BlackboardAttribute.Type  attrType 
)
staticinherited
default BaseTypes org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getBaseType ( )
inherited
default Color org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getColor ( )
inherited
static Comparator<EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getComparator ( )
staticinherited

Definition at line 37 of file EventType.java.

BlackboardAttribute.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getDateTimeAttributeType ( )

The attribute type this event type is derived from.

Returns
The attribute type this event type is derived from.

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 106 of file WebTypes.java.

String org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getDisplayName ( )
Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getFullExtractor ( )
Returns
a function from an artifact to a String to use as part of the full event description

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 122 of file WebTypes.java.

Image org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getFXImage ( )
String org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getIconBase ( )
Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getMedExtractor ( )
Returns
a function from an artifact to a String to use as part of the medium event description

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 127 of file WebTypes.java.

Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getShortExtractor ( )
Returns
a function from an artifact to a String to use as part of the short event description

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 132 of file WebTypes.java.

default List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getSiblingTypes ( )
inherited
EventType org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getSubType ( String  string)
List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getSubTypes ( )
Returns
a list of event types, one for each subtype of this eventype, or an empty list if this event type has no subtypes

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.

Definition at line 181 of file WebTypes.java.

default List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getSubTypesRecusive ( )
inherited
EventType org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getSuperType ( )
EventTypeZoomLevel org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.getZoomLevel ( )
int org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.ordinal ( )
inherited
default AttributeEventDescription org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.parseAttributesHelper ( BlackboardArtifact  artf) throws TskCoreException
inherited

given an artifact, pull out the time stamp, and compose the descriptions. Each implementation of ArtifactEventType needs to implement parseAttributesHelper() as hook for buildEventDescription(org.sleuthkit.datamodel.BlackboardArtifact) to invoke. Most subtypes can use this default implementation.

Parameters
artf
Returns
an AttributeEventDescription containing the timestamp and description information
Exceptions
TskCoreException

Definition at line 75 of file ArtifactEventType.java.

References org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getDateTimeAttributeType(), org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getFullExtractor(), org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getMedExtractor(), org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getShortExtractor(), and org::sleuthkit::datamodel::BlackboardAttribute.getValueLong().

Member Data Documentation

final List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.allTypes = RootEventType.getInstance().getSubTypesRecusive()
staticinherited
final BlackboardArtifact.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.artifactType
private

Definition at line 138 of file WebTypes.java.

final BlackboardAttribute.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.dateTimeAttributeType
private

Definition at line 94 of file WebTypes.java.

final String org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.displayName
private

Definition at line 136 of file WebTypes.java.

final String org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.iconBase
private

Definition at line 96 of file WebTypes.java.

final Image org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.image
private

Definition at line 98 of file WebTypes.java.

final Logger org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.LOGGER = Logger.getLogger(ArtifactEventType.class.getName())
staticinherited

Definition at line 36 of file ArtifactEventType.java.

final Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.longExtractor
private

Definition at line 115 of file WebTypes.java.

final Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.medExtractor
private

Definition at line 117 of file WebTypes.java.

final Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.shortExtractor
private

Definition at line 119 of file WebTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.WEB_BOOKMARK
Initial value:
=(NbBundle.getMessage(WebTypes.class, "WebTypes.webBookmarks.name"),
"bookmarks.png",
new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK),
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED),
TopPrivateDomainExtractor.getInstance(),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE)))

Definition at line 70 of file WebTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.WEB_COOKIE
Initial value:
=(NbBundle.getMessage(WebTypes.class, "WebTypes.webCookies.name"),
"cookies.png",
new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE),
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME),
TopPrivateDomainExtractor.getInstance(),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME)),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE)))

Definition at line 62 of file WebTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.WEB_DOWNLOADS
Initial value:
=(NbBundle.getMessage(WebTypes.class, "WebTypes.webDownloads.name"),
"downloads.png",
new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD),
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
TopPrivateDomainExtractor.getInstance(),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH)),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL))) {
@Override
public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf) throws TskCoreException {
long time = artf.getAttribute(getDateTimeAttributeType()).getValueLong();
String domain = getShortExtractor().apply(artf);
String path = getMedExtractor().apply(artf);
String fileName = StringUtils.substringAfterLast(path, "/");
String url = getFullExtractor().apply(artf);
String shortDescription = fileName + " from " + domain;
String medDescription = fileName + " from " + url;
String fullDescription = path + " from " + url;
return new AttributeEventDescription(time, shortDescription, medDescription, fullDescription);
}
}

Definition at line 38 of file WebTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.WEB_HISTORY
Initial value:
=(NbBundle.getMessage(WebTypes.class, "WebTypes.webHistory.name"),
"history.png",
new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY),
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
TopPrivateDomainExtractor.getInstance(),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE)))

Definition at line 78 of file WebTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.WebTypes.WEB_SEARCH
Initial value:
=(NbBundle.getMessage(WebTypes.class, "WebTypes.webSearch.name"),
"searchquery.png",
new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY),
new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT)),
TopPrivateDomainExtractor.getInstance(),
new AttributeExtractor(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME)))

Definition at line 86 of file WebTypes.java.


The documentation for this enum was generated from the following file:

Copyright © 2012-2016 Basis Technology. Generated on: Mon Apr 24 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.