Autopsy  4.9.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel Class Reference

Public Member Functions

 FilteredEventsModel (EventsRepository repo, ReadOnlyObjectProperty< ZoomParams > currentStateProperty)
 
synchronized ReadOnlyObjectProperty< DescriptionLoDdescriptionLODProperty ()
 
synchronized ReadOnlyObjectProperty< EventTypeZoomLeveleventTypeZoomProperty ()
 
synchronized ReadOnlyObjectProperty< RootFilterfilterProperty ()
 
Interval getBoundingEventsInterval ()
 
List< CombinedEventgetCombinedEvents ()
 
RootFilter getDefaultFilter ()
 
synchronized DescriptionLoD getDescriptionLOD ()
 
SingleEvent getEventById (Long eventID)
 
Map< EventType, Long > getEventCounts (Interval timeRange)
 
List< Long > getEventIDs (Interval timeRange, Filter filter)
 
List< Long > getEventIDsForArtifact (BlackboardArtifact artifact)
 
List< Long > getEventIDsForFile (AbstractFile file, boolean includeDerivedArtifacts)
 
Set< SingleEventgetEventsById (Collection< Long > eventIDs)
 
List< EventStripegetEventStripes ()
 
List< EventStripegetEventStripes (ZoomParams params)
 
synchronized EventTypeZoomLevel getEventTypeZoom ()
 
synchronized RootFilter getFilter ()
 
Long getMaxTime ()
 
Long getMinTime ()
 
Interval getSpanningInterval ()
 
Interval getSpanningInterval (Collection< Long > eventIDs)
 
Map< String, Long > getTagCountsByTagName (Set< Long > eventIDsWithTags)
 
synchronized Interval getTimeRange ()
 
synchronized ZoomParams getZoomParamaters ()
 
synchronized boolean handleArtifactTagAdded (BlackBoardArtifactTagAddedEvent evt)
 
synchronized boolean handleArtifactTagDeleted (BlackBoardArtifactTagDeletedEvent evt)
 
synchronized boolean handleContentTagAdded (ContentTagAddedEvent evt)
 
synchronized boolean handleContentTagDeleted (ContentTagDeletedEvent evt)
 
void postAutopsyEventLocally (AutopsyEvent event)
 
void postDBUpdated ()
 
void postRefreshRequest ()
 
synchronized void registerForEvents (Object o)
 
synchronized ReadOnlyObjectProperty< Interval > timeRangeProperty ()
 
synchronized void unRegisterForEvents (Object o)
 
synchronized ReadOnlyObjectProperty< ZoomParamszoomParametersProperty ()
 

Private Member Functions

boolean postTagsAdded (Set< Long > updatedEventIDs)
 
boolean postTagsDeleted (Set< Long > updatedEventIDs)
 

Private Attributes

final Case autoCase
 
final EventBus eventbus = new EventBus("FilteredEventsModel_EventBus")
 
final EventsRepository repo
 
final ReadOnlyObjectWrapper< RootFilterrequestedFilter = new ReadOnlyObjectWrapper<>()
 
final ReadOnlyObjectWrapper< DescriptionLoDrequestedLOD = new ReadOnlyObjectWrapper<>(DescriptionLoD.SHORT)
 
final ReadOnlyObjectWrapper< Interval > requestedTimeRange = new ReadOnlyObjectWrapper<>()
 
final ReadOnlyObjectWrapper< EventTypeZoomLevelrequestedTypeZoom = new ReadOnlyObjectWrapper<>(EventTypeZoomLevel.BASE_TYPE)
 
final ReadOnlyObjectWrapper< ZoomParamsrequestedZoomParamters = new ReadOnlyObjectWrapper<>()
 

Static Private Attributes

static final Logger LOGGER = Logger.getLogger(FilteredEventsModel.class.getName())
 

Detailed Description

This class acts as the model for a TimelineView

Views can register listeners on properties returned by methods.

This class is implemented as a filtered view into an underlying EventsRepository.

TODO: as many methods as possible should cache their results so as to avoid unnecessary db calls through the EventsRepository -jm

Concurrency Policy: repo is internally synchronized, so methods that only access the repo atomically do not need further synchronization

all other member state variables should only be accessed with intrinsic lock of containing FilteredEventsModel held. Many methods delegate to a task submitted to the dbQueryThread executor. These methods should synchronize on this object, and the tasks should too. Since the tasks execute asynchronously from the invoking methods, the methods will return and release the lock for the tasks to obtain.

Definition at line 95 of file FilteredEventsModel.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.FilteredEventsModel ( EventsRepository  repo,
ReadOnlyObjectProperty< ZoomParams currentStateProperty 
)

Member Function Documentation

synchronized ReadOnlyObjectProperty<DescriptionLoD> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.descriptionLODProperty ( )
synchronized ReadOnlyObjectProperty<EventTypeZoomLevel> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventTypeZoomProperty ( )
synchronized ReadOnlyObjectProperty<RootFilter> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.filterProperty ( )
Interval org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getBoundingEventsInterval ( )
List<CombinedEvent> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getCombinedEvents ( )

Get a representation of all the events, within the given time range, that pass the given filter, grouped by time and description such that file system events for the same file, with the same timestamp, are combined together.

Returns
A List of combined events, sorted by timestamp.

Definition at line 302 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.db.EventsRepository.getCombinedEvents(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo, org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.requestedFilter, and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.requestedTimeRange.

Referenced by org.sleuthkit.autopsy.timeline.ui.listvew.ListViewPane.ListUpdateTask.call().

RootFilter org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getDefaultFilter ( )
synchronized DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getDescriptionLOD ( )
SingleEvent org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventById ( Long  eventID)
Map<EventType, Long> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventCounts ( Interval  timeRange)
List<Long> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDs ( Interval  timeRange,
Filter  filter 
)
List<Long> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDsForArtifact ( BlackboardArtifact  artifact)

Get a List of event IDs for the events that are derived from the given artifact.

Parameters
artifactThe BlackboardArtifact to get derived event IDs for.
Returns
A List of event IDs for the events that are derived from the given artifact.

Definition at line 458 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventIDsForArtifact(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo.

List<Long> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDsForFile ( AbstractFile  file,
boolean  includeDerivedArtifacts 
)

Get a List of event IDs for the events that are derived from the given file.

Parameters
fileThe AbstractFile to get derived event IDs for.
includeDerivedArtifactsIf true, also get event IDs for events derived from artifacts derived form this file. If false, only gets events derived directly from this file (file system timestamps).
Returns
A List of event IDs for the events that are derived from the given file.

Definition at line 445 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventIDsForFile(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo.

Set<SingleEvent> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventsById ( Collection< Long >  eventIDs)
List<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventStripes ( )
List<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventStripes ( ZoomParams  params)
Parameters
params
Returns
a list of aggregated events that are within the requested time range and pass the requested filter, using the given aggregation to control the grouping of events

Definition at line 386 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.db.EventsRepository.getEventStripes(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo.

synchronized EventTypeZoomLevel org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventTypeZoom ( )
synchronized RootFilter org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getFilter ( )
Long org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getMaxTime ( )
Returns
the time (in seconds from unix epoch) of the absolutely last event available from the repository, ignoring any filters or requested ranges

Definition at line 356 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.db.EventsRepository.getMaxTime(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getSpanningInterval().

Long org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getMinTime ( )
Returns
the time (in seconds from unix epoch) of the absolutely first event available from the repository, ignoring any filters or requested ranges

Definition at line 347 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.db.EventsRepository.getMinTime(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getSpanningInterval().

Interval org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getSpanningInterval ( )
Interval org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getSpanningInterval ( Collection< Long >  eventIDs)
Map<String, Long> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getTagCountsByTagName ( Set< Long >  eventIDsWithTags)

get a count of tagnames applied to the given event ids as a map from tagname displayname to count of tag applications

Parameters
eventIDsWithTagsthe event ids to get the tag counts map for
Returns
a map from tagname displayname to count of applications

Definition at line 279 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.db.EventsRepository.getTagCountsByTagName(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo.

synchronized Interval org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getTimeRange ( )
synchronized ZoomParams org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getZoomParamaters ( )
synchronized boolean org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagAdded ( BlackBoardArtifactTagAddedEvent  evt)
synchronized boolean org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagDeleted ( BlackBoardArtifactTagDeletedEvent  evt)
synchronized boolean org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagAdded ( ContentTagAddedEvent  evt)
synchronized boolean org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagDeleted ( ContentTagDeletedEvent  evt)
void org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.postAutopsyEventLocally ( AutopsyEvent  event)

(Re)Post an AutopsyEvent received from another event distribution system locally to all registered subscribers.

Definition at line 533 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus.

void org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.postDBUpdated ( )

Post a DBUpdatedEvent to all registered subscribers.

Definition at line 518 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus.

void org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.postRefreshRequest ( )

Post a RefreshRequestedEvent to all registered subscribers.

Definition at line 525 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus.

boolean org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.postTagsAdded ( Set< Long >  updatedEventIDs)
private

Post a TagsAddedEvent to all registered subscribers, if the given set of updated event IDs is not empty.

Parameters
updatedEventIDsThe set of event ids to be included in the TagsAddedEvent.
Returns
True if an event was posted.

Definition at line 471 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagAdded(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagAdded().

boolean org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.postTagsDeleted ( Set< Long >  updatedEventIDs)
private

Post a TagsDeletedEvent to all registered subscribers, if the given set of updated event IDs is not empty.

Parameters
updatedEventIDsThe set of event ids to be included in the TagsDeletedEvent.
Returns
True if an event was posted.

Definition at line 488 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagDeleted(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagDeleted().

synchronized void org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.registerForEvents ( Object  o)

Register the given object to receive events.

Parameters
oThe object to register. Must implement public methods annotated with Subscribe.

Definition at line 502 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus.

Referenced by org.sleuthkit.autopsy.timeline.ui.AbstractTimeLineView.AbstractTimeLineView().

synchronized ReadOnlyObjectProperty<Interval> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.timeRangeProperty ( )
synchronized void org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.unRegisterForEvents ( Object  o)

Un-register the given object, so it no longer receives events.

Parameters
oThe object to un-register.

Definition at line 511 of file FilteredEventsModel.java.

References org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus.

synchronized ReadOnlyObjectProperty<ZoomParams> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.zoomParametersProperty ( )

Member Data Documentation

final Case org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.autoCase
private
final EventBus org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.eventbus = new EventBus("FilteredEventsModel_EventBus")
private
final Logger org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.LOGGER = Logger.getLogger(FilteredEventsModel.class.getName())
staticprivate

Definition at line 97 of file FilteredEventsModel.java.

final EventsRepository org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.repo
private

The underlying repo for events. Atomic access to repo is synchronized internally, but compound access should be done with the intrinsic lock of this FilteredEventsModel object

Definition at line 125 of file FilteredEventsModel.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.FilteredEventsModel(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getBoundingEventsInterval(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getCombinedEvents(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getDefaultFilter(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventById(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventCounts(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDs(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDsForArtifact(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventIDsForFile(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventsById(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getEventStripes(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getMaxTime(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getMinTime(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getSpanningInterval(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.getTagCountsByTagName(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagAdded(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleArtifactTagDeleted(), org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagAdded(), and org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.handleContentTagDeleted().

final ReadOnlyObjectWrapper<RootFilter> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.requestedFilter = new ReadOnlyObjectWrapper<>()
private
final ReadOnlyObjectWrapper< DescriptionLoD> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.requestedLOD = new ReadOnlyObjectWrapper<>(DescriptionLoD.SHORT)
private
final ReadOnlyObjectWrapper<Interval> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.requestedTimeRange = new ReadOnlyObjectWrapper<>()
private
final ReadOnlyObjectWrapper< EventTypeZoomLevel> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.requestedTypeZoom = new ReadOnlyObjectWrapper<>(EventTypeZoomLevel.BASE_TYPE)
private
final ReadOnlyObjectWrapper<ZoomParams> org.sleuthkit.autopsy.timeline.datamodel.FilteredEventsModel.requestedZoomParamters = new ReadOnlyObjectWrapper<>()
private

The documentation for this class was generated from the following file:

Copyright © 2012-2018 Basis Technology. Generated on: Tue Dec 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.