Autopsy  4.10.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.datamodel.SingleEvent Class Reference

Inherits org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Public Member Functions

 SingleEvent (long eventID, long dataSourceID, long objID,@Nullable Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged)
 
boolean equals (Object obj)
 
Optional< Long > getArtifactID ()
 
SortedSet< EventClustergetClusters ()
 
long getDataSourceID ()
 
String getDescription (DescriptionLoD lod)
 
String getDescription ()
 
DescriptionLoD getDescriptionLoD ()
 
long getEndMillis ()
 
long getEventID ()
 
Set< Long > getEventIDs ()
 
Set< Long > getEventIDsWithHashHits ()
 
Set< Long > getEventIDsWithTags ()
 
EventType getEventType ()
 
long getFileID ()
 
String getFullDescription ()
 
TskData.FileKnown getKnown ()
 
String getMedDescription ()
 
Optional< EventStripegetParentStripe ()
 
String getShortDescription ()
 
default int getSize ()
 
long getStartMillis ()
 
long getTime ()
 
int hashCode ()
 
boolean isHashHit ()
 
boolean isTagged ()
 
SingleEvent withParent (MultiEvent<?> newParent)
 

Private Attributes

final Long artifactID
 
final long dataSourceID
 
final ImmutableMap< DescriptionLoD, String > descriptions
 
final long eventID
 
final boolean hashHit
 
final TskData.FileKnown known
 
final long objID
 
MultiEvent<?> parent = null
 
final boolean tagged
 
final long time
 
final EventType type
 

Detailed Description

A single event.

Definition at line 39 of file SingleEvent.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent ( long  eventID,
long  dataSourceID,
long  objID,
@Nullable Long  artifactID,
long  time,
EventType  type,
String  fullDescription,
String  medDescription,
String  shortDescription,
TskData.FileKnown  known,
boolean  hashHit,
boolean  tagged 
)

Member Function Documentation

boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.equals ( Object  obj)
Optional<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getArtifactID ( )

Get the artifact id of the artifact this event is derived from.

Returns
An Optional containing the artifact ID. Will be empty if this event is not derived from an artifact

Definition at line 152 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.explorernodes.EventNode.createEventNode(), and org.sleuthkit.autopsy.timeline.ui.listvew.ListTimeline.TaggedCell.updateItem().

SortedSet<EventCluster> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters ( )
long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDataSourceID ( )

Get the datasource id of the datasource this event belongs to.

Returns
the datasource id.

Definition at line 240 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.dataSourceID.

String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription ( DescriptionLoD  lod)

Get the description of this event at the give level of detail(LoD).

Parameters
lodThe level of detail to get.
Returns
The description of this event at the given level of detail.

Definition at line 231 of file SingleEvent.java.

String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription ( )
DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescriptionLoD ( )

Get the Description level of detail at which all single events of this event have the same description, ie, what level of detail was used to group these events.

Returns
the description level of detail of the given events

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 303 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.FULL.

long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEndMillis ( )

Get the start time of this event as milliseconds from the Unix Epoch.

Returns
the start time of this event as milliseconds from the Unix Epoch.

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 260 of file SingleEvent.java.

long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventID ( )

Get the event id of this event.

Returns
The event id of this event.

Definition at line 161 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.eventID.

Set<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDs ( )

Get the id(s) of this event as a set.

Returns
a Set containing the event id(s) of this event.

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 245 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters().

Set<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithHashHits ( )

Get the id(s) of this event that have hash hits associated with them.

Returns
a Set containing the event id(s) of this event that have hash hits associated with them.

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 250 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isHashHit().

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters().

Set<Long> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithTags ( )

Get the id(s) of this event that have tags associated with them.

Returns
a Set containing the event id(s) of this event that have tags associated with them.

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 255 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isTagged().

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getClusters().

EventType org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventType ( )

Get the EventType of this event.

Returns
the EventType of this event.

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 184 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.type.

long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFileID ( )

Get the obj id of the file this event is derived from.

Returns
the object id.

Definition at line 170 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.objID.

Referenced by org.sleuthkit.autopsy.timeline.explorernodes.EventNode.createEventNode().

String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFullDescription ( )
TskData.FileKnown org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getKnown ( )

Get the known value of the file this event is derived from.

Returns
the known value

Definition at line 220 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.known.

String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getMedDescription ( )

Get the medium description of this event.

Returns
the medium description

Definition at line 202 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription(), and org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.MEDIUM.

Optional<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getParentStripe ( )

get the EventStripe (if any) that contains this event, skipping over any intervening event cluster

Returns
an Optional containing the parent stripe of this cluster: empty if the cluster has no parent set or the parent has no parent stripe.

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 316 of file SingleEvent.java.

String org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getShortDescription ( )

Get the short description of this event.

Returns
the short description

Definition at line 211 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDescription(), and org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.SHORT.

default int org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.getSize ( )
inherited

Get the number of SingleEvents this event contains.

Returns
the number of SingleEvents this event contains.

Definition at line 110 of file TimeLineEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.getEventIDs().

long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getStartMillis ( )

Get the end time of this event as milliseconds from the Unix Epoch.

Returns
the end time of this event as milliseconds from the Unix Epoch.

Implements org.sleuthkit.autopsy.timeline.datamodel.TimeLineEvent.

Definition at line 265 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.explorernodes.EventNode.getDateTimeString().

long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getTime ( )

Get the time of this event (in seconds from the Unix epoch).

Returns
the time of this event in seconds from Unix epoch

Definition at line 179 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.time.

int org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.hashCode ( )

Definition at line 270 of file SingleEvent.java.

boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isHashHit ( )

Is the file this event is derived from in any of the configured hash sets.

Returns
True if the file this event is derived from is in any of the configured hash sets.

Definition at line 142 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.hashHit.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithHashHits().

boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.isTagged ( )

Is the file or artifact this event is derived from tagged?

Returns
true if he file or artifact this event is derived from is tagged.

Definition at line 130 of file SingleEvent.java.

References org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.tagged.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getEventIDsWithTags().

SingleEvent org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent ( MultiEvent<?>  newParent)

Member Data Documentation

final Long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.artifactID
private

The TSK artifact ID of the file this event is derived from. Null, if this event is not derived from an artifact.

Definition at line 51 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().

final long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.dataSourceID
private

The TSK datasource ID of the datasource this event belongs to.

Definition at line 56 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getDataSourceID(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().

final ImmutableMap<DescriptionLoD, String> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.descriptions
private

The three descriptions (full, med, short) stored in a map, keyed by DescriptionLOD (Level of Detail)

Definition at line 71 of file SingleEvent.java.

final long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.eventID
private
final boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.hashHit
private
final TskData.FileKnown org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.known
private
final long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.objID
private

The TSK object ID of the file this event is derived from.

Definition at line 45 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getFileID(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().

MultiEvent<?> org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.parent = null
private

Single events may or may not have their parent set, since the parent is a transient property of the current (details) view settings.

Definition at line 93 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.withParent().

final boolean org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.tagged
private
final long org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.time
private

The time of this event in second from the Unix epoch.

Definition at line 61 of file SingleEvent.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.getTime(), and org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.SingleEvent().

final EventType org.sleuthkit.autopsy.timeline.datamodel.SingleEvent.type
private

The documentation for this class was generated from the following file:

Copyright © 2012-2018 Basis Technology. Generated on: Fri Mar 22 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.