Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Public Member Functions | |
EamArtifactUtil () | |
Static Public Member Functions | |
static List< CorrelationAttribute > | getCorrelationAttributeFromBlackboardArtifact (BlackboardArtifact bbArtifact, boolean addInstanceDetails, boolean checkEnabled) |
static CorrelationAttribute | getCorrelationAttributeFromContent (Content content) |
static String | getEmailAddressAttrString () |
static boolean | isSupportedAbstractFileType (AbstractFile file) |
static CorrelationAttribute | makeCorrelationAttributeFromContent (Content content) |
Static Private Member Functions | |
static CorrelationAttribute | getCorrelationAttributeFromBlackboardArtifact (CorrelationAttribute.Type correlationType, BlackboardArtifact bbArtifact) throws EamDbException |
Static Private Attributes | |
static final Logger | logger = Logger.getLogger(EamArtifactUtil.class.getName()) |
static final long | serialVersionUID = 1L |
Definition at line 39 of file EamArtifactUtil.java.
org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil | ( | ) |
Definition at line 44 of file EamArtifactUtil.java.
|
static |
Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.
bbArtifact | BlackboardArtifact to examine |
addInstanceDetails | If true, add instance details from bbArtifact into the returned structure |
checkEnabled | If true, only create a CorrelationAttribute if it is enabled |
Definition at line 66 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.newCase().
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.BlackboardTagTask.run(), org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.DataAddedTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().
|
staticprivate |
Create an EamArtifact of type correlationType if one can be generated based on the data in the blackboard artifact.
correlationType | The Central Repository artifact type to create |
bbArtifact | The blackboard artifact to pull data from |
Definition at line 139 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.DOMAIN_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.EMAIL_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.PHONE_TYPE_ID, and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.USBID_TYPE_ID.
|
static |
Retrieve CorrelationAttribute from the given Content.
content | The content object |
Definition at line 226 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationAttribute(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.newCase().
Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction().
|
static |
Definition at line 48 of file EamArtifactUtil.java.
Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromBlackboardArtifact().
|
static |
Check whether the given abstract file should be processed for the central repository.
file | The file to test |
Definition at line 318 of file EamArtifactUtil.java.
Referenced by org.sleuthkit.autopsy.datamodel.AbstractAbstractFileNode< SpecialDirectory >.getActions(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getCorrelationAttributeFromContent(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeFromContent().
|
static |
Create an EamArtifact from the given Content. Will return null if an artifact can not be created - this is not necessarily an error case, it just means an artifact can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.
Does not add the artifact to the database.
content | The content object |
Definition at line 271 of file EamArtifactUtil.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.addInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.newCase().
Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.ContentTagTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().
|
staticprivate |
Definition at line 42 of file EamArtifactUtil.java.
|
staticprivate |
Definition at line 41 of file EamArtifactUtil.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.