|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Static Public Member Functions | |
| static void | addOrUpdateNodeData (final Case autopsyCase, Map< UniquePathKey, NodeData > nodeDataMap, AbstractFile newFile) throws TskCoreException, CentralRepoException |
| static Map< UniquePathKey, NodeData > | getCorrelatedInstances (String deviceId, String dataSourceName, CorrelationAttributeInstance corAttr) |
| static Collection< CorrelationAttributeInstance > | getCorrelationAttributeFromOsAccount (Node node, OsAccount osAccount) |
| static String | getEarliestCaseDate () throws CentralRepoException |
| static String | getPlaceholderUUID () |
| static String | makeDataSourceString (String caseUUID, String deviceId, String dataSourceName) |
| static void | writeOtherOccurrencesToFileAsCSV (File destFile, Collection< CorrelationAttributeInstance > correlationAttList, String dataSourceName, String deviceId) throws IOException |
Private Member Functions | |
| OtherOccurrences () | |
Static Private Attributes | |
| static final Logger | logger = Logger.getLogger(OtherOccurrences.class.getName()) |
| static final String | UUID_PLACEHOLDER_STRING = "NoCorrelationAttributeInstance" |
Contains most of the methods for gathering data from the DB and CR for the OtherOccurrencesPanel.
Definition at line 61 of file OtherOccurrences.java.
|
private |
Definition at line 67 of file OtherOccurrences.java.
|
static |
Adds the file to the nodeDataMap map if it does not already exist
| autopsyCase | |
| nodeDataMap | |
| newFile |
| TskCoreException | |
| CentralRepoException |
Definition at line 161 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.application.NodeData.getKnown().
|
static |
Query the central repo database (if enabled) and the case database to find all artifact instances correlated to the given central repository artifact.
| deviceId | The device ID for the current data source. |
| dataSourceName | The name of the current data source. |
| corAttr | CorrelationAttribute to query for |
Definition at line 106 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getArtifactInstancesByTypeValue(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationType(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationValue(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getFileObjectId(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), org.sleuthkit.autopsy.casemodule.Case.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesPanel.SelectionWorker.doInBackground(), and org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.writeOtherOccurrencesToFileAsCSV().
|
static |
Determine what attributes can be used for correlation based on the node.
| node | The node to correlate |
| osAccount | the osAccount to correlate |
Definition at line 78 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil.makeCorrAttrsForSearch().
|
static |
Gets the list of Eam Cases and determines the earliest case creation date. Sets the label to display the earliest date string to the user.
Definition at line 206 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCases(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
|
static |
Get a placeholder string to use in place of case uuid when it isn't available
Definition at line 285 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.UUID_PLACEHOLDER_STRING.
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesFilesTableModel.createNodeKey(), and org.sleuthkit.autopsy.centralrepository.application.UniquePathKey.UniquePathKey().
|
static |
Create a unique string to be used as a key for deduping data sources as best as possible
Definition at line 198 of file OtherOccurrences.java.
|
static |
Create a cvs file of occurrences for the given parameters.
| destFile | Output file for the csv data. |
| correlationAttList | List of correclationAttributeInstances, should not be null. |
| dataSourceName | Name of the data source. |
| deviceId | Device id. |
| IOException |
Definition at line 254 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances(), and org.sleuthkit.autopsy.centralrepository.application.NodeData.getCsvItemSeparator().
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesPanel.CSVWorker.doInBackground().
|
staticprivate |
Definition at line 63 of file OtherOccurrences.java.
|
staticprivate |
Definition at line 65 of file OtherOccurrences.java.
Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getPlaceholderUUID().
Copyright © 2012-2022 Basis Technology. Generated on: Tue Jun 27 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.