Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.report.GeneralReportModule.
Public Member Functions | |
void | generateReport (String baseReportDir, ReportProgressPanel progressPanel) |
JPanel | getConfigurationPanel () |
String | getDescription () |
String | getName () |
String | getRelativeFilePath () |
Static Public Member Functions | |
static synchronized STIXReportModule | getDefault () |
Private Member Functions | |
STIXReportModule () | |
ObservableResult | evaluateObject (ObjectType obj, String spacing, String id) |
ObservableResult | evaluateObservableComposition (ObservableCompositionType comp, String spacing) throws TskCoreException |
ObservableResult | evaluateSingleObservable (Observable obs, String spacing) throws TskCoreException |
STIXPackage | loadSTIXFile (String stixFileName) throws JAXBException |
String | makeMapKey (Observable obs) |
void | printFileHeader (String a_fileName, BufferedWriter output) |
void | processFile (String stixFile, ReportProgressPanel progressPanel, BufferedWriter output) throws JAXBException, TskCoreException |
void | processIndicators (STIXPackage stix, BufferedWriter output) throws TskCoreException |
void | processObservables (STIXPackage stix) |
void | saveResultsAsArtifacts (Indicator ind, ObservableResult result) throws TskCoreException |
void | saveToObjectMap (Observable obs) |
void | writeResultsToFile (Indicator ind, String resultStr, boolean found, BufferedWriter output) |
Private Attributes | |
STIXReportModuleConfigPanel | configPanel |
Map< String, ObjectType > | idToObjectMap = new HashMap<String, ObjectType>() |
Map< String, ObservableResult > | idToResult = new HashMap<String, ObservableResult>() |
List< EvalRegistryObj.RegistryFileInfo > | registryFileData = null |
boolean | reportAllResults |
String | reportPath |
final boolean | skipShortCircuit = true |
Static Private Attributes | |
static STIXReportModule | instance = null |
static final Logger | logger = Logger.getLogger(STIXReportModule.class.getName()) |
Definition at line 67 of file STIXReportModule.java.
|
private |
Definition at line 83 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault().
|
private |
Evaluate a STIX object.
obj | The object to evaluate against the datasource(s) |
spacing | For formatting the output |
id |
Definition at line 606 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.registryFileData.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable().
|
private |
Evaluate an observable composition. Can be called recursively.
comp | The observable composition object to evaluate |
spacing | Used to formatting the output |
TskCoreException |
Definition at line 468 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Evaluate one observable and return the result. This is at the end of the observable composition tree and will not be called recursively.
obs | The observable object to evaluate |
spacing | For formatting the output |
TskCoreException |
Definition at line 564 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObject(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.makeMapKey(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObservableComposition(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
void org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport | ( | String | baseReportDir, |
ReportProgressPanel | progressPanel | ||
) |
baseReportDir | path to save the report |
progressPanel | panel to update the report's progress |
Implements org.sleuthkit.autopsy.report.GeneralReportModule.
Definition at line 100 of file STIXReportModule.java.
References org.sleuthkit.autopsy.casemodule.Case.addReport(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.COMPLETE, org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.ERROR, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Message.error(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.getRelativeFilePath(), org.sleuthkit.autopsy.modules.stix.STIXReportModuleConfigPanel.getShowAllResults(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), org.sleuthkit.autopsy.modules.stix.STIXReportModuleConfigPanel.getStixFile(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile(), org.sleuthkit.autopsy.coreutils.ModuleSettings.setConfigSetting(), org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate(), org.sleuthkit.autopsy.report.ReportProgressPanel.setMaximumProgress(), org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show(), org.sleuthkit.autopsy.report.ReportProgressPanel.start(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
JPanel org.sleuthkit.autopsy.modules.stix.STIXReportModule.getConfigurationPanel | ( | ) |
Returns the configuration panel for the report, which is displayed in the report configuration step of the report wizard.
Implements org.sleuthkit.autopsy.report.GeneralReportModule.
Definition at line 663 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.configPanel.
|
static |
Definition at line 87 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.instance, and org.sleuthkit.autopsy.modules.stix.STIXReportModule.STIXReportModule().
String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDescription | ( | ) |
Definition at line 657 of file STIXReportModule.java.
String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getName | ( | ) |
Definition at line 646 of file STIXReportModule.java.
String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getRelativeFilePath | ( | ) |
Definition at line 652 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport().
|
private |
Load a STIX-formatted XML file into a STIXPackage object.
stixFileName | Name of the STIX file to unmarshal |
JAXBException |
Definition at line 252 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Use the ID or ID ref to create a key into the observable map.
obs |
Definition at line 433 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
|
private |
Write the a header for the current file to the output file.
a_fileName | |
output |
Definition at line 408 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Process a STIX file.
stixFile | - Name of the file |
progressPanel | - Progress panel (for updating) |
output |
JAXBException | |
TskCoreException |
Definition at line 221 of file STIXReportModule.java.
References org.sleuthkit.autopsy.report.ReportProgressPanel.increment(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.loadSTIXFile(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.printFileHeader(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processObservables(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.registryFileData.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport().
|
private |
Process all STIX indicators and save results to output file and create artifacts.
stix | STIXPackage |
output |
Definition at line 286 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObservableComposition(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.reportAllResults, org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveResultsAsArtifacts(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.writeResultsToFile().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Do the initial processing of the list of observables. For each observable, save it in a map using the ID as key.
stix | STIXPackage |
Definition at line 268 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Create the artifacts saved in the observable result.
ind | |
result |
TskCoreException |
Definition at line 325 of file STIXReportModule.java.
References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.INFO, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Save an observable in the object map.
obs |
Definition at line 451 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.makeMapKey().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processObservables().
|
private |
Write the full results string to the output file.
ind | - Used to get the title, ID, and description of the indicator |
resultStr | - Full results for this indicator |
found | - true if the indicator was found in datasource(s) |
output |
Definition at line 371 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Definition at line 70 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getConfigurationPanel().
|
private |
Definition at line 75 of file STIXReportModule.java.
|
private |
Definition at line 76 of file STIXReportModule.java.
|
staticprivate |
Definition at line 71 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault().
|
staticprivate |
Definition at line 69 of file STIXReportModule.java.
|
private |
Definition at line 78 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObject(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Definition at line 73 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Definition at line 72 of file STIXReportModule.java.
|
private |
Definition at line 80 of file STIXReportModule.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.