Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Public Member Functions | |
SingleEvent (long eventID, long dataSourceID, long objID,@Nullable Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) | |
boolean | equals (Object obj) |
Optional< Long > | getArtifactID () |
SortedSet< EventCluster > | getClusters () |
long | getDataSourceID () |
String | getDescription (DescriptionLoD lod) |
String | getDescription () |
DescriptionLoD | getDescriptionLoD () |
long | getEndMillis () |
long | getEventID () |
Set< Long > | getEventIDs () |
Set< Long > | getEventIDsWithHashHits () |
Set< Long > | getEventIDsWithTags () |
EventType | getEventType () |
long | getFileID () |
String | getFullDescription () |
TskData.FileKnown | getKnown () |
String | getMedDescription () |
Optional< EventStripe > | getParentStripe () |
String | getShortDescription () |
default int | getSize () |
long | getStartMillis () |
long | getTime () |
int | hashCode () |
boolean | isHashHit () |
boolean | isTagged () |
SingleEvent | withParent (MultiEvent<?> newParent) |
Private Attributes | |
final Long | artifactID |
final long | dataSourceID |
final ImmutableMap< DescriptionLoD, String > | descriptions |
final long | eventID |
final boolean | hashHit |
final TskData.FileKnown | known |
final long | objID |
MultiEvent<?> | parent = null |
final boolean | tagged |
final long | time |
final EventType | type |
A single event.
Definition at line 39 of file SingleEvent.java.
org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent | ( | long | eventID, |
long | dataSourceID, | ||
long | objID, | ||
@Nullable Long | artifactID, | ||
long | time, | ||
EventType | type, | ||
String | fullDescription, | ||
String | medDescription, | ||
String | shortDescription, | ||
TskData.FileKnown | known, | ||
boolean | hashHit, | ||
boolean | tagged | ||
) |
Definition at line 95 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.artifactID, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.dataSourceID, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.eventID, org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.FULL, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.hashHit, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.known, org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.MEDIUM, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.objID, org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.SHORT, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.tagged, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.time, and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.type.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.equals(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent().
boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.equals | ( | Object | obj | ) |
Definition at line 277 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.eventID, and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().
Optional<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getArtifactID | ( | ) |
Get the artifact id of the artifact this event is derived from.
Definition at line 152 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.explorernodes.EventNode.createEventNode(), and org.sleuthkit.autopsy.timeline.ui.listvew.ListTimeline.TaggedCell.updateItem().
SortedSet<EventCluster> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters | ( | ) |
Get the EventClusters that make up this event. May be null for SingleEvents, or return a refernece to this event if it is an EventCluster
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 292 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.FULL, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDs(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithHashHits(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithTags(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFullDescription(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getStartMillis().
long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDataSourceID | ( | ) |
Get the datasource id of the datasource this event belongs to.
Definition at line 240 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.dataSourceID.
String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription | ( | DescriptionLoD | lod | ) |
Get the description of this event at the give level of detail(LoD).
lod | The level of detail to get. |
Definition at line 231 of file SingleEvent.java.
String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription | ( | ) |
Get a description of this event. Implementations may choose what level of description to provide.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 298 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFullDescription().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFullDescription(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getMedDescription(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getShortDescription().
DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescriptionLoD | ( | ) |
Get the Description level of detail at which all single events of this event have the same description, ie, what level of detail was used to group these events.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 303 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.FULL.
long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEndMillis | ( | ) |
Get the start time of this event as milliseconds from the Unix Epoch.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 260 of file SingleEvent.java.
long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventID | ( | ) |
Get the event id of this event.
Definition at line 161 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.eventID.
Set<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDs | ( | ) |
Get the id(s) of this event as a set.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 245 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters().
Set<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithHashHits | ( | ) |
Get the id(s) of this event that have hash hits associated with them.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 250 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isHashHit().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters().
Set<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithTags | ( | ) |
Get the id(s) of this event that have tags associated with them.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 255 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isTagged().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters().
EventType org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventType | ( | ) |
Get the EventType of this event.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 184 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.type.
long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFileID | ( | ) |
Get the obj id of the file this event is derived from.
Definition at line 170 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.objID.
Referenced by org.sleuthkit.autopsy.timeline.explorernodes.EventNode.createEventNode().
String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFullDescription | ( | ) |
Get the full description of this event.
Definition at line 193 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.FULL, and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription().
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription().
TskData.FileKnown org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getKnown | ( | ) |
Get the known value of the file this event is derived from.
Definition at line 220 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.known.
String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getMedDescription | ( | ) |
Get the medium description of this event.
Definition at line 202 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription(), and org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.MEDIUM.
Optional<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getParentStripe | ( | ) |
get the EventStripe (if any) that contains this event, skipping over any intervening event cluster
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 316 of file SingleEvent.java.
String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getShortDescription | ( | ) |
Get the short description of this event.
Definition at line 211 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription(), and org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.SHORT.
|
inherited |
Get the number of SingleEvents this event contains.
Definition at line 110 of file TimeLineEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.getEventIDs().
long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getStartMillis | ( | ) |
Get the end time of this event as milliseconds from the Unix Epoch.
Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.
Definition at line 265 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.explorernodes.EventNode.getDateTimeString().
long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getTime | ( | ) |
Get the time of this event (in seconds from the Unix epoch).
Definition at line 179 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.time.
int org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.hashCode | ( | ) |
Definition at line 270 of file SingleEvent.java.
boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isHashHit | ( | ) |
Is the file this event is derived from in any of the configured hash sets.
Definition at line 142 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.hashHit.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithHashHits().
boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isTagged | ( | ) |
Is the file or artifact this event is derived from tagged?
Definition at line 130 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.tagged.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithTags().
SingleEvent org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent | ( | MultiEvent<?> | newParent | ) |
Get a new SingleEvent that is the same as this event, but with the given parent.
newParent | the parent of the new event object. |
Definition at line 119 of file SingleEvent.java.
References org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.FULL, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.hashHit, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.known, org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.MEDIUM, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.parent, org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.SHORT, org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.tagged.
|
private |
The TSK artifact ID of the file this event is derived from. Null, if this event is not derived from an artifact.
Definition at line 51 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().
|
private |
The TSK datasource ID of the datasource this event belongs to.
Definition at line 56 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDataSourceID(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().
|
private |
The three descriptions (full, med, short) stored in a map, keyed by DescriptionLOD (Level of Detail)
Definition at line 71 of file SingleEvent.java.
|
private |
Definition at line 41 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.equals(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventID(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().
|
private |
True if the file this event is derived from hits any of the configured hash sets.
Definition at line 82 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isHashHit(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent().
|
private |
The known value for the file this event is derived from.
Definition at line 76 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getKnown(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent().
|
private |
The TSK object ID of the file this event is derived from.
Definition at line 45 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFileID(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().
|
private |
Single events may or may not have their parent set, since the parent is a transient property of the current (details) view settings.
Definition at line 93 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent().
|
private |
True if the file or artifact this event is derived from is tagged.
Definition at line 87 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isTagged(), org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent().
|
private |
The time of this event in second from the Unix epoch.
Definition at line 61 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getTime(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().
|
private |
The type of this event.
Definition at line 65 of file SingleEvent.java.
Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventType(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.