Autopsy  4.6.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Static Public Member Functions | Static Private Member Functions | Static Private Attributes | List of all members
org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil Class Reference

Public Member Functions

 EamArtifactUtil ()
 

Static Public Member Functions

static List< CorrelationAttributegetCorrelationAttributeFromBlackboardArtifact (BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled)
 
static CorrelationAttribute getCorrelationAttributeFromContent (Content content, TskData.FileKnown knownStatus, String comment)
 
static String getEmailAddressAttrString ()
 
static boolean isValidCentralRepoFile (AbstractFile af)
 

Static Private Member Functions

static CorrelationAttribute getCorrelationAttributeFromBlackboardArtifact (CorrelationAttribute.Type correlationType, BlackboardArtifact bbArtifact) throws EamDbException
 

Static Private Attributes

static final Logger LOGGER = Logger.getLogger(EamArtifactUtil.class.getName())
 
static final long serialVersionUID = 1L
 

Detailed Description

Definition at line 39 of file EamArtifactUtil.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil ( )

Definition at line 44 of file EamArtifactUtil.java.

Member Function Documentation

static List<CorrelationAttribute> org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact ( BlackboardArtifact  bbArtifact,
boolean  addInstanceDetails,
boolean  checkEnabled 
)
static

Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.

Parameters
bbArtifactBlackboardArtifact to examine
addInstanceDetailsIf true, add instance details from bbArtifact into the returned structure
checkEnabledIf true, only create a CorrelationAttribute if it is enabled
Returns
List of EamArtifacts

Definition at line 66 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getOpenCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.newCase().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.BlackboardTagTask.run(), org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.DataAddedTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().

static CorrelationAttribute org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact ( CorrelationAttribute.Type  correlationType,
BlackboardArtifact  bbArtifact 
) throws EamDbException
staticprivate
static CorrelationAttribute org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromContent ( Content  content,
TskData.FileKnown  knownStatus,
String  comment 
)
static

Create an EamArtifact from the given Content. Will return null if an artifact can not be created - this is not necessarily an error case, it just means an artifact can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.

Does not add the artifact to the database.

Parameters
contentThe content object
knownStatusUnknown, notable, or known
commentThe comment for the new artifact (generally used for a tag comment)
Returns
The new EamArtifact or null if creation failed

Definition at line 235 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.addInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getOpenCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isValidCentralRepoFile(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.newCase().

Referenced by org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.ContentTagTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().

static String org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString ( )
static
static boolean org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isValidCentralRepoFile ( AbstractFile  af)
static

Check whether the given abstract file should be processed for the central repository.

Parameters
afThe file to test
Returns
true if the file should be added to the central repo, false otherwise

Definition at line 285 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromContent().

Member Data Documentation

final Logger org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.LOGGER = Logger.getLogger(EamArtifactUtil.class.getName())
staticprivate

Definition at line 42 of file EamArtifactUtil.java.

final long org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.serialVersionUID = 1L
staticprivate

Definition at line 41 of file EamArtifactUtil.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2016 Basis Technology. Generated on: Mon May 7 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.