Autopsy  4.4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Static Public Member Functions | Static Private Member Functions | Static Private Attributes | List of all members
org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil Class Reference

Public Member Functions

 EamArtifactUtil ()
 

Static Public Member Functions

static List< CorrelationAttributegetCorrelationAttributeFromBlackboardArtifact (BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled)
 
static CorrelationAttribute getEamArtifactFromContent (Content content, TskData.FileKnown knownStatus, String comment)
 
static String getEmailAddressAttrString ()
 

Static Private Member Functions

static CorrelationAttribute getCorrelationAttributeFromBlackboardArtifact (CorrelationAttribute.Type correlationType, BlackboardArtifact bbArtifact)
 

Static Private Attributes

static final Logger LOGGER = Logger.getLogger(EamArtifactUtil.class.getName())
 
static final long serialVersionUID = 1L
 

Detailed Description

Definition at line 39 of file EamArtifactUtil.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil ( )

Definition at line 44 of file EamArtifactUtil.java.

Member Function Documentation

static List<CorrelationAttribute> org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact ( BlackboardArtifact  bbArtifact,
boolean  addInstanceDetails,
boolean  checkEnabled 
)
static

Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.

Parameters
bbArtifactBlackboardArtifact to examine
addInstanceDetailsIf true, add instance details from bbArtifact into the returned structure
checkEnabledIf true, only create a CorrelationAttribute if it is enabled
Returns
List of EamArtifacts

Definition at line 64 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getName(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.GlobalStatus.LOCAL.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.propertyChange(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.IngestModuleEventListener.propertyChange().

static CorrelationAttribute org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact ( CorrelationAttribute.Type  correlationType,
BlackboardArtifact  bbArtifact 
)
staticprivate
static CorrelationAttribute org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEamArtifactFromContent ( Content  content,
TskData.FileKnown  knownStatus,
String  comment 
)
static

Create an EamArtifact from the given Content. Will return null if an artifact can not be created - this is not necessarily an error case, it just means an artifact can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.

Does not add the artifact to the database.

Parameters
contentThe content object
knownStatusUnknown, notable, or known
commentThe comment for the new artifact (generally used for a tag comment)
Returns
The new EamArtifact or null if creation failed

Definition at line 224 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.addInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.GlobalStatus.LOCAL.

Referenced by org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.propertyChange().

static String org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString ( )
static

Member Data Documentation

final Logger org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.LOGGER = Logger.getLogger(EamArtifactUtil.class.getName())
staticprivate

Definition at line 42 of file EamArtifactUtil.java.

final long org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.serialVersionUID = 1L
staticprivate

Definition at line 41 of file EamArtifactUtil.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2016 Basis Technology. Generated on: Fri Sep 29 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.