Autopsy
4.4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Public Member Functions | |
EamArtifactUtil () | |
Static Public Member Functions | |
static List< CorrelationAttribute > | getCorrelationAttributeFromBlackboardArtifact (BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled) |
static CorrelationAttribute | getEamArtifactFromContent (Content content, TskData.FileKnown knownStatus, String comment) |
static String | getEmailAddressAttrString () |
Static Private Member Functions | |
static CorrelationAttribute | getCorrelationAttributeFromBlackboardArtifact (CorrelationAttribute.Type correlationType, BlackboardArtifact bbArtifact) |
Static Private Attributes | |
static final Logger | LOGGER = Logger.getLogger(EamArtifactUtil.class.getName()) |
static final long | serialVersionUID = 1L |
Definition at line 39 of file EamArtifactUtil.java.
org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil | ( | ) |
Definition at line 44 of file EamArtifactUtil.java.
|
static |
Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.
bbArtifact | BlackboardArtifact to examine |
addInstanceDetails | If true, add instance details from bbArtifact into the returned structure |
checkEnabled | If true, only create a CorrelationAttribute if it is enabled |
Definition at line 64 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getName(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.GlobalStatus.LOCAL.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.propertyChange(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.IngestModuleEventListener.propertyChange().
|
staticprivate |
Create an EamArtifact of type correlationType if one can be generated based on the data in the blackboard artifact.
correlationType | The Central Repository artifact type to create |
bbArtifact | The blackboard artifact to pull data from |
Definition at line 134 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.DOMAIN_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.EMAIL_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.PHONE_TYPE_ID, and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.USBID_TYPE_ID.
|
static |
Create an EamArtifact from the given Content. Will return null if an artifact can not be created - this is not necessarily an error case, it just means an artifact can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.
Does not add the artifact to the database.
content | The content object |
knownStatus | Unknown, notable, or known |
comment | The comment for the new artifact (generally used for a tag comment) |
Definition at line 224 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.addInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.GlobalStatus.LOCAL.
Referenced by org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.propertyChange().
|
static |
Definition at line 48 of file EamArtifactUtil.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact().
|
staticprivate |
Definition at line 42 of file EamArtifactUtil.java.
|
staticprivate |
Definition at line 41 of file EamArtifactUtil.java.
Copyright © 2012-2016 Basis Technology. Generated on: Fri Sep 29 2017
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.