Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits PropertyChangeListener.
Classes | |
class | CentralRepoHashSet |
class | HashDb |
class | HashDbIndexer |
class | HashDbManagerException |
enum | SetEvt |
class | SleuthkitHashSet |
Public Member Functions | |
synchronized HashDb | addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized HashDb | addNewHashDatabaseNoSave (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized void | addPropertyChangeListener (PropertyChangeListener listener) |
synchronized List< HashDb > | getAllHashSets () |
synchronized List< HashDb > | getKnownBadFileHashSets () |
synchronized List< HashDb > | getKnownFileHashSets () |
synchronized List< HashDb > | getUpdateableHashSets () |
synchronized void | loadLastSavedConfiguration () |
void | propertyChange (PropertyChangeEvent event) |
synchronized void | removeHashDatabase (HashDb hashDb) throws HashDbManagerException |
synchronized void | removeHashDatabaseNoSave (HashDb hashDb) throws HashDbManagerException |
synchronized void | removePropertyChangeListener (PropertyChangeListener listener) |
Static Public Member Functions | |
static synchronized HashDbManager | getInstance () |
Private Member Functions | |
HashDbManager () | |
SleuthkitHashSet | addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException |
void | closeHashDatabases (List< HashDb > hashDatabases) |
void | configureSettings (HashLookupSettings settings) |
List< HashDbInfo > | getCentralRepoHashSetsFromDatabase () |
List< HashDb > | getUpdateableHashSets (List< HashDb > hashDbs) |
String | getValidFilePath (String hashSetName, String configuredPath) |
boolean | hashDbInfoIsNew (HashDbInfo dbInfo) |
void | loadHashsetsConfiguration () |
String | searchForFile () |
void | updateHashSetsFromCentralRepository () throws TskCoreException |
Static Private Member Functions | |
static HashDb.KnownFilesType | convertFileKnown (TskData.FileKnown fileKnown) |
Private Attributes | |
boolean | allDatabasesLoadedCorrectly = false |
Set< String > | hashSetNames = new HashSet<>() |
Set< String > | hashSetPaths = new HashSet<>() |
List< HashDb > | hashSets = new ArrayList<>() |
Static Private Attributes | |
static final String | HASH_DATABASE_FILE_EXTENSON = "kdb" |
static HashDbManager | instance = null |
static final Logger | logger = Logger.getLogger(HashDbManager.class.getName()) |
This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or notable.
Definition at line 64 of file HashDbManager.java.
|
private |
Definition at line 109 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds an existing hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
hashSetName | Name used to represent the hash database in user interface components. |
path | Full path to either a hash database file or a hash database index file. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 154 of file HashDbManager.java.
|
private |
Definition at line 240 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_ADDED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds a new hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
hashSetName | Hash set name used to represent the hash database in user interface components. |
path | Full path to the database file to be created. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 201 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().
synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Definition at line 212 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 97 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.customizeComponents().
|
private |
Definition at line 530 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
|
private |
Configures the given settings object by adding all contained hash db to the system.
settings | The settings to configure. |
Definition at line 560 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled(), org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
|
staticprivate |
Definition at line 511 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets | ( | ) |
Gets all of the hash databases used to classify files as known or known bad. Will add any new central repository databases to the list before returning it.
Definition at line 414 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.saveSettings().
|
private |
Definition at line 490 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.convertFileKnown(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getAllReferenceSets(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
static |
Gets the singleton instance of this class.
Definition at line 90 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), org.sleuthkit.autopsy.modules.hashdatabase.ImportCentralRepoDbProgressDialog.CentralRepoImportWorker.done(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as notable.
Definition at line 449 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known.
Definition at line 431 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets | ( | ) |
Gets all of the hash databases that accept updates.
Definition at line 467 of file HashDbManager.java.
|
private |
Definition at line 471 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
private |
Definition at line 647 of file HashDbManager.java.
References org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Definition at line 638 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
private |
Definition at line 543 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration | ( | ) |
Restores the last saved hash sets configuration. This supports cancellation of configuration panels.
Definition at line 522 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange | ( | PropertyChangeEvent | event | ) |
Definition at line 314 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Removes a hash database from the set of hash databases used to classify files as known or notable and saves the configuration.
hashDb |
HashDbManagerException |
Definition at line 338 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Definition at line 343 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_DELETED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning(), and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.deleteDatabaseButtonActionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.hashSetTableKeyPressed(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 101 of file HashDbManager.java.
|
private |
Definition at line 673 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath().
|
private |
Definition at line 624 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashDbInfoIsNew(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.isEnabled().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets().
|
private |
Definition at line 73 of file HashDbManager.java.
|
staticprivate |
Definition at line 66 of file HashDbManager.java.
|
private |
Definition at line 69 of file HashDbManager.java.
|
private |
Definition at line 70 of file HashDbManager.java.
|
private |
Definition at line 68 of file HashDbManager.java.
|
staticprivate |
Definition at line 67 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
|
staticprivate |
Definition at line 72 of file HashDbManager.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.