Public Member Functions
	EamArtifactUtil ()

Static Public Member Functions
static String	getEmailAddressAttrString ()

static CorrelationAttributeInstance	getInstanceFromContent (Content content)

static boolean	isSupportedAbstractFileType (AbstractFile file)

static CorrelationAttributeInstance	makeInstanceFromContent (Content content)

static List< CorrelationAttributeInstance >	makeInstancesFromBlackboardArtifact (BlackboardArtifact artifact, boolean checkEnabled)

Static Private Member Functions
static void	addCorrelationAttributeToList (List< CorrelationAttributeInstance > eamArtifacts, BlackboardArtifact artifact, ATTRIBUTE_TYPE bbAttributeType, int typeId) throws EamDbException, TskCoreException

static CorrelationAttributeInstance	makeCorrelationAttributeInstanceUsingTypeValue (BlackboardArtifact bbArtifact, CorrelationAttributeInstance.Type correlationType, String value)

Static Private Attributes
static final Logger	logger = Logger.getLogger(EamArtifactUtil.class.getName())

Detailed Description

Definition at line 41 of file EamArtifactUtil.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil ( )

Definition at line 45 of file EamArtifactUtil.java.

Member Function Documentation

static void org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.addCorrelationAttributeToList	(	List< CorrelationAttributeInstance >	eamArtifacts,
		BlackboardArtifact	artifact,
		ATTRIBUTE_TYPE	bbAttributeType,
		int	typeId
	)		throws EamDbException, TskCoreException

staticprivate

Add a CorrelationAttributeInstance of the specified type to the provided list if the artifactForInstance has an Attribute of the given type with a non empty value.

  @param eamArtifacts    the list of CorrelationAttributeInstance objects
                         which should be added to
  @param artifact        the blackboard artifactForInstance which we are creating a
                   CorrelationAttributeInstance for
  @param bbAttributeType the type of BlackboardAttribute we expect to exist
                         for a CorrelationAttributeInstance of this type
                         generated from this Blackboard Artifact
  @param typeId          the integer type id of the
                         CorrelationAttributeInstance type

  @throws EamDbException
  @throws TskCoreException

Definition at line 169 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeInstanceUsingTypeValue().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().

static String org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString ( )

static

Definition at line 49 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getInstanceFromContent ( Content content )

static

Retrieve CorrelationAttribute from the given Content.

Parameters

content The content object

Returns: The new CorrelationAttribute, or null if retrieval failed.

Definition at line 232 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationAttributeInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType().

Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), and org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getCorrelationAttributeInstance().

static boolean org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType ( AbstractFile file )

static

Check whether the given abstract file should be processed for the central repository.

Parameters

file	The file to test

Returns: true if the file should be added to the central repo, false otherwise

Definition at line 356 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.CentralRepoContextMenuActionsProvider.getActions(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getInstanceFromContent(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromContent().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeInstanceUsingTypeValue	(	BlackboardArtifact	bbArtifact,
		CorrelationAttributeInstance.Type	correlationType,
		String	value
	)

staticprivate

Uses the determined type and vallue, then looks up instance details to create proper CorrelationAttributeInstance.

Parameters

bbArtifact	the blackboard artifactForInstance
correlationType	the given type
value	the artifactForInstance value

Returns: CorrelationAttributeInstance from details, or null if validation failed or another error occurred

Definition at line 192 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.newCase().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.addCorrelationAttributeToList(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromContent ( Content content )

static

Create an EamArtifact from the given Content. Will return null if an artifactForInstance can not be created - this is not necessarily an error case, it just means an artifactForInstance can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.

Does not add the artifactForInstance to the database.

  @param content The content object

  @return The new EamArtifact or null if creation failed

Definition at line 303 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.ContentTagTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().

static List<CorrelationAttributeInstance> org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact	(	BlackboardArtifact	artifact,
		boolean	checkEnabled
	)

static

Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.

Parameters

artifact	BlackboardArtifact to examine
checkEnabled	If true, only create a CorrelationAttribute if it is enabled

Returns: List of EamArtifacts

Definition at line 65 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.contentviewers.AnnotationsContentViewer.populateCentralRepositoryData(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.BlackboardTagTask.run(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.DataAddedTask.run().

Member Data Documentation

final Logger org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.logger = Logger.getLogger(EamArtifactUtil.class.getName())

staticprivate

Definition at line 43 of file EamArtifactUtil.java.

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java

Public Member Functions

Static Public Member Functions

Static Private Member Functions

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation