Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.timeline.datamodel.MultiEvent< EventStripe >.
Public Member Functions | |
EventCluster (Interval spanningInterval, EventType type, Collection< Long > eventIDs, Collection< Long > hashHits, Collection< Long > tagged, String description, DescriptionLoD lod) | |
boolean | equals (Object obj) |
SortedSet< EventCluster > | getClusters () |
String | getDescription () |
DescriptionLoD | getDescriptionLoD () |
long | getEndMillis () |
ImmutableSet< Long > | getEventIDs () |
ImmutableSet< Long > | getEventIDsWithHashHits () |
ImmutableSet< Long > | getEventIDsWithTags () |
EventType | getEventType () |
Optional< EventStripe > | getParent () |
Optional< EventStripe > | getParentStripe () |
Interval | getSpan () |
long | getStartMillis () |
int | hashCode () |
String | toString () |
EventCluster | withParent (EventStripe parent) |
Static Public Member Functions | |
static EventCluster | merge (EventCluster cluster1, EventCluster cluster2) |
Private Member Functions | |
EventCluster (Interval spanningInterval, EventType type, Collection< Long > eventIDs, Collection< Long > hashHits, Collection< Long > tagged, String description, DescriptionLoD lod, EventStripe parent) | |
Private Attributes | |
final String | description |
final ImmutableSet< Long > | eventIDs |
final ImmutableSet< Long > | hashHits |
final DescriptionLoD | lod |
final EventStripe | parent |
final Interval | span |
final ImmutableSet< Long > | tagged |
final EventType | type |
Represents a set of other events clustered together. All the sub events should have the same type and matching descriptions at the designated "zoom level", and be "close together" in time.
Definition at line 41 of file EventCluster.java.
|
private |
Definition at line 111 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.description, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.lod, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.parent, and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.type.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.equals(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.withParent().
org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster | ( | Interval | spanningInterval, |
EventType | type, | ||
Collection< Long > | eventIDs, | ||
Collection< Long > | hashHits, | ||
Collection< Long > | tagged, | ||
String | description, | ||
DescriptionLoD | lod | ||
) |
Definition at line 125 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.description, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.eventIDs, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.hashHits, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.lod, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.tagged, and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.type.
boolean org.sleuthkit.autopsy.timeline.datamodel.EventCluster.equals | ( | Object | obj | ) |
Definition at line 231 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.description, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.eventIDs, org.sleuthkit.autopsy.timeline.datamodel.EventCluster.lod, and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.type.
SortedSet<EventCluster> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getClusters | ( | ) |
Definition at line 211 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getStartMillis().
String org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescription | ( | ) |
Definition at line 183 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.description.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().
DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescriptionLoD | ( | ) |
Definition at line 193 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.lod.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe().
long org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEndMillis | ( | ) |
Definition at line 163 of file EventCluster.java.
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDs | ( | ) |
Definition at line 168 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.eventIDs.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithHashHits | ( | ) |
Definition at line 173 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.hashHits.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithTags | ( | ) |
Definition at line 178 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.tagged.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().
EventType org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventType | ( | ) |
Definition at line 188 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.type.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().
Optional<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParent | ( | ) |
get the EventStripe (if any) that contains this cluster
Definition at line 137 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParentStripe().
Optional<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParentStripe | ( | ) |
get the EventStripe (if any) that contains this cluster
Definition at line 148 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParent().
Interval org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getSpan | ( | ) |
Definition at line 153 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.span.
Referenced by org.sleuthkit.autopsy.timeline.db.EventDB.mergeClustersToStripes().
long org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getStartMillis | ( | ) |
int org.sleuthkit.autopsy.timeline.datamodel.EventCluster.hashCode | ( | ) |
Definition at line 221 of file EventCluster.java.
|
static |
merge two event clusters into one new event cluster.
cluster1 | |
cluster2 |
Definition at line 52 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescription(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDs(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithHashHits(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithTags(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventType(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.lod, org.sleuthkit.autopsy.timeline.utils.IntervalUtils.span(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.span.
Referenced by org.sleuthkit.autopsy.timeline.db.EventDB.mergeClustersToStripes().
String org.sleuthkit.autopsy.timeline.datamodel.EventCluster.toString | ( | ) |
Definition at line 216 of file EventCluster.java.
EventCluster org.sleuthkit.autopsy.timeline.datamodel.EventCluster.withParent | ( | EventStripe | parent | ) |
return a new EventCluster identical to this one, except with the given EventBundle as the parent.
parent |
Definition at line 206 of file EventCluster.java.
References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe().
|
private |
the common description of all the clustered events
Definition at line 87 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.equals(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescription().
|
private |
the set of ids of the clustered events
Definition at line 97 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.equals(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDs().
|
private |
the ids of the subset of clustered events that have at least one hash set hit
Definition at line 109 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithHashHits().
|
private |
the description level of detail that the events were clustered at.
Definition at line 92 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.equals(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescriptionLoD(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().
|
private |
Definition at line 72 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster().
|
private |
the smallest time interval containing all the clustered events
Definition at line 77 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getSpan(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().
|
private |
the ids of the subset of clustered events that have at least one tag applied to them
Definition at line 103 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithTags().
|
private |
the type of all the clustered events
Definition at line 82 of file EventCluster.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.equals(), org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventType().
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.