|
Autopsy
4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.report.GeneralReportModule.
Public Member Functions | |
| void | generateReport (String baseReportDir, ReportProgressPanel progressPanel) |
| JPanel | getConfigurationPanel () |
| String | getDescription () |
| String | getName () |
| String | getRelativeFilePath () |
Static Public Member Functions | |
| static synchronized STIXReportModule | getDefault () |
Private Member Functions | |
| STIXReportModule () | |
| ObservableResult | evaluateObject (ObjectType obj, String spacing, String id) |
| ObservableResult | evaluateObservableComposition (ObservableCompositionType comp, String spacing) throws TskCoreException |
| ObservableResult | evaluateSingleObservable (Observable obs, String spacing) throws TskCoreException |
| STIXPackage | loadSTIXFile (String stixFileName) throws JAXBException |
| String | makeMapKey (Observable obs) |
| void | printFileHeader (String a_fileName, BufferedWriter output) |
| void | processFile (String stixFile, ReportProgressPanel progressPanel, BufferedWriter output) throws JAXBException, TskCoreException |
| void | processIndicators (STIXPackage stix, BufferedWriter output) throws TskCoreException |
| void | processObservables (STIXPackage stix) |
| void | saveResultsAsArtifacts (Indicator ind, ObservableResult result) throws TskCoreException |
| void | saveToObjectMap (Observable obs) |
| void | writeResultsToFile (Indicator ind, String resultStr, boolean found, BufferedWriter output) |
Private Attributes | |
| STIXReportModuleConfigPanel | configPanel |
| Map< String, ObjectType > | idToObjectMap = new HashMap<String, ObjectType>() |
| Map< String, ObservableResult > | idToResult = new HashMap<String, ObservableResult>() |
| List< EvalRegistryObj.RegistryFileInfo > | registryFileData = null |
| boolean | reportAllResults |
| String | reportPath |
| final boolean | skipShortCircuit = true |
Static Private Attributes | |
| static STIXReportModule | instance = null |
| static final Logger | logger = Logger.getLogger(STIXReportModule.class.getName()) |
Definition at line 67 of file STIXReportModule.java.
|
private |
Definition at line 83 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault().
|
private |
Evaluate a STIX object.
| obj | The object to evaluate against the datasource(s) |
| spacing | For formatting the output |
| id |
Definition at line 606 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.registryFileData.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable().
|
private |
Evaluate an observable composition. Can be called recursively.
| comp | The observable composition object to evaluate |
| spacing | Used to formatting the output |
| TskCoreException |
Definition at line 468 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Evaluate one observable and return the result. This is at the end of the observable composition tree and will not be called recursively.
| obs | The observable object to evaluate |
| spacing | For formatting the output |
| TskCoreException |
Definition at line 564 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObject(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.makeMapKey(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObservableComposition(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
| void org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport | ( | String | baseReportDir, |
| ReportProgressPanel | progressPanel | ||
| ) |
| baseReportDir | path to save the report |
| progressPanel | panel to update the report's progress |
Implements org.sleuthkit.autopsy.report.GeneralReportModule.
Definition at line 100 of file STIXReportModule.java.
References org.sleuthkit.autopsy.casemodule.Case.addReport(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.COMPLETE, org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.ERROR, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Message.error(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.getRelativeFilePath(), org.sleuthkit.autopsy.modules.stix.STIXReportModuleConfigPanel.getShowAllResults(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), org.sleuthkit.autopsy.modules.stix.STIXReportModuleConfigPanel.getStixFile(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile(), org.sleuthkit.autopsy.coreutils.ModuleSettings.setConfigSetting(), org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate(), org.sleuthkit.autopsy.report.ReportProgressPanel.setMaximumProgress(), org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show(), org.sleuthkit.autopsy.report.ReportProgressPanel.start(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().
| JPanel org.sleuthkit.autopsy.modules.stix.STIXReportModule.getConfigurationPanel | ( | ) |
Definition at line 663 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.configPanel.
|
static |
Definition at line 87 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.instance, and org.sleuthkit.autopsy.modules.stix.STIXReportModule.STIXReportModule().
| String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDescription | ( | ) |
Definition at line 657 of file STIXReportModule.java.
| String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getName | ( | ) |
Definition at line 646 of file STIXReportModule.java.
| String org.sleuthkit.autopsy.modules.stix.STIXReportModule.getRelativeFilePath | ( | ) |
Definition at line 652 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport().
|
private |
Load a STIX-formatted XML file into a STIXPackage object.
| stixFileName | Name of the STIX file to unmarshal |
| JAXBException |
Definition at line 252 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Use the ID or ID ref to create a key into the observable map.
| obs |
Definition at line 433 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
|
private |
Write the a header for the current file to the output file.
| a_fileName | |
| output |
Definition at line 408 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Process a STIX file.
| stixFile | - Name of the file |
| progressPanel | - Progress panel (for updating) |
| output |
| JAXBException | |
| TskCoreException |
Definition at line 221 of file STIXReportModule.java.
References org.sleuthkit.autopsy.report.ReportProgressPanel.increment(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.loadSTIXFile(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.printFileHeader(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.processObservables(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.registryFileData.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.generateReport().
|
private |
Process all STIX indicators and save results to output file and create artifacts.
| stix | STIXPackage |
| output |
Definition at line 286 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObservableComposition(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), org.sleuthkit.autopsy.modules.stix.STIXReportModule.reportAllResults, org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveResultsAsArtifacts(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.writeResultsToFile().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Do the initial processing of the list of observables. For each observable, save it in a map using the ID as key.
| stix | STIXPackage |
Definition at line 268 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.saveToObjectMap().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Create the artifacts saved in the observable result.
| ind | |
| result |
| TskCoreException |
Definition at line 325 of file STIXReportModule.java.
References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.INFO, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Save an observable in the object map.
| obs |
Definition at line 451 of file STIXReportModule.java.
References org.sleuthkit.autopsy.modules.stix.STIXReportModule.makeMapKey().
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateSingleObservable(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processObservables().
|
private |
Write the full results string to the output file.
| ind | - Used to get the title, ID, and description of the indicator |
| resultStr | - Full results for this indicator |
| found | - true if the indicator was found in datasource(s) |
| output |
Definition at line 371 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Definition at line 70 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getConfigurationPanel().
|
private |
Definition at line 75 of file STIXReportModule.java.
|
private |
Definition at line 76 of file STIXReportModule.java.
|
staticprivate |
Definition at line 71 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault().
|
staticprivate |
Definition at line 69 of file STIXReportModule.java.
|
private |
Definition at line 78 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.evaluateObject(), and org.sleuthkit.autopsy.modules.stix.STIXReportModule.processFile().
|
private |
Definition at line 73 of file STIXReportModule.java.
Referenced by org.sleuthkit.autopsy.modules.stix.STIXReportModule.processIndicators().
|
private |
Definition at line 72 of file STIXReportModule.java.
|
private |
Definition at line 80 of file STIXReportModule.java.
Copyright © 2012-2018 Basis Technology. Generated on: Tue Dec 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.