Static Public Member Functions
static String	normalize (CorrelationAttributeInstance.Type attributeType, String data) throws CorrelationAttributeNormalizationException, CentralRepoException

static String	normalize (int attributeTypeId, String data) throws CorrelationAttributeNormalizationException, CentralRepoException

Private Member Functions
	CorrelationAttributeNormalizer ()

Static Private Member Functions
static String	normalizeDomain (String data) throws CorrelationAttributeNormalizationException

static String	normalizeIccid (String data) throws CorrelationAttributeNormalizationException

static String	normalizeImei (String data) throws CorrelationAttributeNormalizationException

static String	normalizeImsi (String data) throws CorrelationAttributeNormalizationException

static String	normalizeMac (String data) throws CorrelationAttributeNormalizationException

static String	normalizeMd5 (String data) throws CorrelationAttributeNormalizationException

static String	normalizeUsbId (String data) throws CorrelationAttributeNormalizationException

static String	verifySsid (String data) throws CorrelationAttributeNormalizationException

Static Private Attributes
static final int	MIN_PHONENUMBER_LEN = 5

static final Set< String >	PHONENUMBER_CHARS

static final String	SEPERATORS_REGEX = "[\\s-:]"

Detailed Description

Provides functions for normalizing data by attribute type before insertion or querying.

Definition at line 36 of file CorrelationAttributeNormalizer.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.CorrelationAttributeNormalizer ( )

private

This is a utility class - no need for constructing or subclassing, etc...

Definition at line 389 of file CorrelationAttributeNormalizer.java.

Member Function Documentation

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize	(	CorrelationAttributeInstance.Type	attributeType,
		String	data
	)		throws CorrelationAttributeNormalizationException, CentralRepoException

static

Normalize the data. Converts text to lower case, and ensures that the data is a valid string of the format expected given the attributeType.

Parameters

attributeType	correlation type of data
data	data to normalize

Returns: normalized data

Definition at line 50 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoFileInstance.CentralRepoFileInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.CorrelationAttributeInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.organizeByValue(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoFileInstance.setMD5Hash().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize	(	int	attributeTypeId,
		String	data
	)		throws CorrelationAttributeNormalizationException, CentralRepoException

static

Validate the data. Converts text to lower case, and ensures that the data is a valid string of the format expected given the attributeType.

Parameters

attributeTypeId	correlation type of data
data	data to normalize

Returns: normalized data

Definition at line 108 of file CorrelationAttributeNormalizer.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getDefaultCorrelationTypes(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeDomain ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Verify there are no slashes or invalid domain name characters (such as '?'). Normalize to lower case.

Definition at line 137 of file CorrelationAttributeNormalizer.java.

References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeIccid ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Verify the ICCID (Integrated Circuit Card Identifier) number and normalize format.

E.118 defines as up to 22 digits long including luhn check digit while GSM Phase 1 defines it as a 20 digit operator specific structure. They begin with 89 which is the ISO 7812 Major Industry Identifier for telecommunication, followed by a contry code of 1-3 digits as definted by ITU-T E.164, followed by issuer identifier 1-4 digits, followed by 1 luhn checksum digit (sometimes omitted). The hexidecimal digit F is used as filler when necessary in GSM Phase 1 specification.

18 digits appears to be the shortest ICCID in use.

Parameters

data	The string to normalize and validate

Returns: the data with common number seperators removed and lower cased if the data was determined to be a possible ICCID

Exceptions

CorrelationAttributeNormalizationException if the data was not a valid ICCID

Definition at line 244 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeImei ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Verify the IMEI (International Mobile Equipment Identity) number and normalize format.

14 to 16 digits digits 1 through 6 are TAC (Type Allocation Code) digits 7 and 8 are also part of the TAC in phones made in 2003 or later digits 7 and 8 are FAC (Final Assembly Code) in phones made prior to 2003 digits 9 through 14 are the serial number digits 15 and 16 if present represent an optional luhn checksum (or software version number when dealing with an IMEI software version)

Parameters

data	The string to normalize and validate

Returns: the data with common number seperators removed if the data was determined to be a possible IMEI

Exceptions

CorrelationAttributeNormalizationException if the data was not a valid IMEI

Definition at line 324 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeImsi ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Verify the IMSI (International mobile subscriber identity) number and normalize format.

First 3 digits Mobile Country Code 2-3 digits Mobile Network Code Up to 10 digits for mobile subscriber identification number MSIN

Length will be 14 or 15 digits total

Parameters

data	The string to normalize and validate

Returns: the data with common number seperators removed if the data was determined to be a possible IMSI

Exceptions

CorrelationAttributeNormalizationException if the data was not a valid IMSI

Definition at line 271 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeMac ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Verify the MAC (media access control) address and normalize format.

A 12 or 16 Hexadecimal digits long depending on standard (Possible standards EUI-48, MAC-48, EUI-64)

Parameters

data	The string to normalize and validate

Returns: the data with common number seperators removed and lowercased if the data was determined to be a possible MAC

Exceptions

CorrelationAttributeNormalizationException if the data was not a valid MAC

Definition at line 295 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeMd5 ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Verify MD5 is the correct length and values. Make lower case.

Definition at line 123 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalizeUsbId ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Vacuous - will be replaced with something reasonable later.

Definition at line 196 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

static String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.verifySsid ( String data ) throws CorrelationAttributeNormalizationException

staticprivate

Verify the wireless network name is valid

SSIDs for wireless networks can be at most 32 characters, are case sensitive, and allow special characters.

Parameters

data	The string to normalize and validate

Returns: the unmodified data if the data was a valid length to be an SSID

Exceptions

CorrelationAttributeNormalizationException if the data was not a valid SSID

Definition at line 214 of file CorrelationAttributeNormalizer.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().

Member Data Documentation

final int org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.MIN_PHONENUMBER_LEN = 5

staticprivate

Definition at line 342 of file CorrelationAttributeNormalizer.java.

final Set<String> org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.PHONENUMBER_CHARS

staticprivate

Initial value:

= new HashSet<>(Arrays.asList(
            "-", "(", ")"
    ))

Definition at line 338 of file CorrelationAttributeNormalizer.java.

final String org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.SEPERATORS_REGEX = "[\\s-:]"

staticprivate

Definition at line 39 of file CorrelationAttributeNormalizer.java.

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java

Static Public Member Functions

Private Member Functions

Static Private Member Functions

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation