Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Static Public Member Functions | Public Attributes | Static Public Attributes | Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes Enum Reference

Inherits org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType, and org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Public Member Functions

BlackboardArtifact.Type getArtifactType ()
 
default BaseTypes getBaseType ()
 
default Color getColor ()
 
BlackboardAttribute.Type getDateTimeAttrubuteType ()
 
String getDisplayName ()
 
Function< BlackboardArtifact, String > getFullExtractor ()
 
Image getFXImage ()
 
String getIconBase ()
 
Function< BlackboardArtifact, String > getMedExtractor ()
 
Function< BlackboardArtifact, String > getShortExtractor ()
 
default List<?extends EventTypegetSiblingTypes ()
 
EventType getSubType (String string)
 
List<?extends EventTypegetSubTypes ()
 
default List<?extends EventTypegetSubTypesRecusive ()
 
EventType getSuperType ()
 
EventTypeZoomLevel getZoomLevel ()
 
int ordinal ()
 
default AttributeEventDescription parseAttributesHelper (BlackboardArtifact artf) throws TskCoreException
 

Static Public Member Functions

static AttributeEventDescription buildEventDescription (ArtifactEventType type, BlackboardArtifact artf) throws TskCoreException
 
static BlackboardAttribute getAttributeSafe (BlackboardArtifact artf, BlackboardAttribute.Type attrType)
 
static Comparator< EventTypegetComparator ()
 
static String stringValueOf (BlackboardAttribute attr)
 
static String toFrom (BlackboardAttribute dir)
 

Public Attributes

 CALL_LOG
 
 DEVICES_ATTACHED
 
 EMAIL
 
 EXIF
 
 GPS_ROUTE
 
 GPS_TRACKPOINT
 
 INSTALLED_PROGRAM
 
 MESSAGE
 
 RECENT_DOCUMENTS
 

Static Public Attributes

static final List<?extends EventTypeallTypes = RootEventType.getInstance().getSubTypesRecusive()
 
static final EmptyExtractor EMPTY_EXTRACTOR = new EmptyExtractor()
 
static final Logger LOGGER = Logger.getLogger(ArtifactEventType.class.getName())
 

Private Member Functions

 MiscTypes (String displayName, String iconBase, BlackboardArtifact.Type artifactType, BlackboardAttribute.Type dateTimeAttributeType, Function< BlackboardArtifact, String > shortExtractor, Function< BlackboardArtifact, String > medExtractor, Function< BlackboardArtifact, String > longExtractor)
 

Private Attributes

final BlackboardArtifact.Type artifactType
 
final BlackboardAttribute.Type dateTimeAttributeType
 
final String displayName
 
final String iconBase
 
final Image image
 
final Function< BlackboardArtifact, String > longExtractor
 
final Function< BlackboardArtifact, String > medExtractor
 
final Function< BlackboardArtifact, String > shortExtractor
 

Detailed Description

Definition at line 42 of file MiscTypes.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.MiscTypes ( String  displayName,
String  iconBase,
BlackboardArtifact.Type  artifactType,
BlackboardAttribute.Type  dateTimeAttributeType,
Function< BlackboardArtifact, String >  shortExtractor,
Function< BlackboardArtifact, String >  medExtractor,
Function< BlackboardArtifact, String >  longExtractor 
)
private

Definition at line 230 of file MiscTypes.java.

Member Function Documentation

static AttributeEventDescription org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.buildEventDescription ( ArtifactEventType  type,
BlackboardArtifact  artf 
) throws TskCoreException
staticinherited

Build a AttributeEventDescription derived from a BlackboardArtifact. This is a template method that relies on each ArtifactEventType's implementation of ArtifactEventType#parseAttributesHelper() to know how to go from BlackboardAttributes to the event description.

Parameters
artfthe BlackboardArtifact to derive the event description from
Returns
an AttributeEventDescription derived from the given artifact, if the given artifact has no timestamp
Exceptions
TskCoreExceptionis there is a problem accessing the blackboard data

Definition at line 144 of file ArtifactEventType.java.

Referenced by org.sleuthkit.autopsy.timeline.db.EventsRepository.DBPopulationWorker.insertEventForArtifact().

BlackboardArtifact.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getArtifactType ( )
Returns
the Artifact type this event type is derived from

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 256 of file MiscTypes.java.

static BlackboardAttribute org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.getAttributeSafe ( BlackboardArtifact  artf,
BlackboardAttribute.Type  attrType 
)
staticinherited
default BaseTypes org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getBaseType ( )
inherited
default Color org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getColor ( )
inherited
static Comparator<EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getComparator ( )
staticinherited

Definition at line 37 of file EventType.java.

BlackboardAttribute.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getDateTimeAttrubuteType ( )
String org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getDisplayName ( )
Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getFullExtractor ( )
Returns
a function from an artifact to a String to use as part of the full event description

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 187 of file MiscTypes.java.

Image org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getFXImage ( )
String org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getIconBase ( )
Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getMedExtractor ( )
Returns
a function from an artifact to a String to use as part of the medium event description

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 192 of file MiscTypes.java.

Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getShortExtractor ( )
Returns
a function from an artifact to a String to use as part of the short event description

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.

Definition at line 197 of file MiscTypes.java.

default List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getSiblingTypes ( )
inherited
EventType org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getSubType ( String  string)
List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getSubTypes ( )
Returns
a list of event types, one for each subtype of this eventype, or an empty list if this event type has no subtypes

Implements org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.

Definition at line 251 of file MiscTypes.java.

default List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.getSubTypesRecusive ( )
inherited
EventType org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getSuperType ( )
EventTypeZoomLevel org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.getZoomLevel ( )
int org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.ordinal ( )
inherited
default AttributeEventDescription org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.parseAttributesHelper ( BlackboardArtifact  artf) throws TskCoreException
inherited
static String org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.stringValueOf ( BlackboardAttribute  attr)
static

Definition at line 148 of file MiscTypes.java.

static String org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.toFrom ( BlackboardAttribute  dir)
static

Definition at line 154 of file MiscTypes.java.

Member Data Documentation

final List<? extends EventType> org.sleuthkit.autopsy.timeline.datamodel.eventtype.EventType.allTypes = RootEventType.getInstance().getSubTypesRecusive()
staticinherited
final BlackboardArtifact.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.artifactType
private

Definition at line 213 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.CALL_LOG
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.Calls.name"), "calllog.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_CALLLOG),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_START),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_NAME)),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER)),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DIRECTION)))

Definition at line 80 of file MiscTypes.java.

final BlackboardAttribute.Type org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.dateTimeAttributeType
private

Definition at line 169 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.DEVICES_ATTACHED
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.devicesAttached.name"), "usb_devices.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_DEVICE_ATTACHED),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE)),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL)),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID)))

Definition at line 141 of file MiscTypes.java.

final String org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.displayName
private

Definition at line 211 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.EMAIL
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.Email.name"), "mail-icon-16.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_EMAIL_MSG),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_SENT),
artf -> {
final BlackboardAttribute emailFrom = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_FROM));
final BlackboardAttribute emailTo = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_TO));
return stringValueOf(emailFrom) + " to " + stringValueOf(emailTo);
},
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SUBJECT)),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_PLAIN)))

Definition at line 86 of file MiscTypes.java.

final EmptyExtractor org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.EMPTY_EXTRACTOR = new EmptyExtractor()
staticinherited

Definition at line 37 of file ArtifactEventType.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.EXIF
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.exif.name"), "camera-icon-16.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_METADATA_EXIF),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME_CREATED),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE)),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL)),
artf -> {
try {
AbstractFile file = artf.getSleuthkitCase().getAbstractFileById(artf.getObjectID());
if (file != null) {
return file.getName();
}
} catch (TskCoreException ex) {
LOGGER.log(Level.SEVERE, "Exif event type failed to look up backing file name", ex);
}
return "error loading file name";
})

Definition at line 125 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.GPS_ROUTE
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.GPSRoutes.name"), "gps-search.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_GPS_ROUTE),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME)),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_LOCATION)),
artf -> {
final BlackboardAttribute latStart = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START));
final BlackboardAttribute longStart = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START));
final BlackboardAttribute latEnd = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END));
final BlackboardAttribute longEnd = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END));
return String.format("from %1$s %2$s to %3$s %4$s", stringValueOf(latStart), stringValueOf(longStart), stringValueOf(latEnd), stringValueOf(longEnd));
})

Definition at line 58 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.GPS_TRACKPOINT
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.GPSTrackpoint.name"), "gps-trackpoint.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_GPS_TRACKPOINT),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME)),
artf -> {
final BlackboardAttribute longitude = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE));
final BlackboardAttribute latitude = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE));
return stringValueOf(latitude) + " " + stringValueOf(longitude);
},

Definition at line 70 of file MiscTypes.java.

final String org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.iconBase
private

Definition at line 171 of file MiscTypes.java.

final Image org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.image
private

Definition at line 173 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.INSTALLED_PROGRAM
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.installedPrograms.name"), "programs.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_INSTALLED_PROG),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PROG_NAME)),

Definition at line 119 of file MiscTypes.java.

final Logger org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.LOGGER = Logger.getLogger(ArtifactEventType.class.getName())
staticinherited

Definition at line 36 of file ArtifactEventType.java.

final Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.longExtractor
private

Definition at line 180 of file MiscTypes.java.

final Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.medExtractor
private

Definition at line 182 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.MESSAGE
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.message.name"), "message.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_MESSAGE),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE)),
artf -> {
final BlackboardAttribute dir = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DIRECTION));
final BlackboardAttribute readStatus = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_READ_STATUS));
final BlackboardAttribute name = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_NAME));
final BlackboardAttribute phoneNumber = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER));
final BlackboardAttribute subject = getAttributeSafe(artf, new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SUBJECT));
List<String> asList = Arrays.asList(stringValueOf(dir), stringValueOf(readStatus), name != null || phoneNumber != null ? toFrom(dir) : "", stringValueOf(name != null ? name : phoneNumber), (subject == null ? "" : stringValueOf(subject)));
return StringUtils.join(asList, " ");
},
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_TEXT)))

Definition at line 44 of file MiscTypes.java.

org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.RECENT_DOCUMENTS
Initial value:
=(NbBundle.getMessage(MiscTypes.class, "MiscTypes.recentDocuments.name"), "recent_docs.png",
new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_RECENT_OBJECT),
new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DATETIME),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH)).andThen(
(String t) -> (StringUtils.substringBeforeLast(StringUtils.substringBeforeLast(t, "\\"), "\\"))),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH)).andThen(
(String t) -> StringUtils.substringBeforeLast(t, "\\")),
new AttributeExtractor(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_PATH))) {
@Override
public AttributeEventDescription parseAttributesHelper(BlackboardArtifact artf) throws TskCoreException {
final BlackboardAttribute dateTimeAttr = artf.getAttribute(getDateTimeAttrubuteType());
long time = dateTimeAttr.getValueLong();
String shortDescription = getShortExtractor().apply(artf);
String medDescription = getMedExtractor().apply(artf);
String fullDescription = getFullExtractor().apply(artf);
return new AttributeEventDescription(time, shortDescription, medDescription, fullDescription);
}
}

Definition at line 96 of file MiscTypes.java.

final Function<BlackboardArtifact, String> org.sleuthkit.autopsy.timeline.datamodel.eventtype.MiscTypes.shortExtractor
private

Definition at line 184 of file MiscTypes.java.


The documentation for this enum was generated from the following file:

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.