Autopsy  4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Protected Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.commonpropertiessearch.SingleIntraCaseCommonAttributeSearcher Class Reference

Inherits org.sleuthkit.autopsy.commonpropertiessearch.IntraCaseCommonAttributeSearcher.

Public Member Functions

 SingleIntraCaseCommonAttributeSearcher (Long dataSourceId, Map< Long, String > dataSourceIdMap, boolean filterByMediaMimeType, boolean filterByDocMimeType, int percentageThreshold)
 
CommonAttributeCaseSearchResults findMatchesByCase () throws TskCoreException, NoCurrentCaseException, SQLException, CentralRepoException
 
CommonAttributeCountSearchResults findMatchesByCount () throws TskCoreException, NoCurrentCaseException, SQLException
 

Protected Member Functions

String buildSqlSelectStatement ()
 

Private Attributes

final String dataSourceName
 
final Long selectedDataSourceId
 

Static Private Attributes

static final String WHERE_CLAUSE = "%s md5 in (select md5 from tsk_files where md5 in (select md5 from tsk_files where (known != " + FileKnown.KNOWN.getFileKnownValue() + " OR known IS NULL) and data_source_obj_id=%s%s) GROUP BY md5 HAVING COUNT(DISTINCT data_source_obj_id) > 1) order by md5"
 

Detailed Description

Provides logic for selecting common files from a single data source.

Definition at line 29 of file SingleIntraCaseCommonAttributeSearcher.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.commonpropertiessearch.SingleIntraCaseCommonAttributeSearcher.SingleIntraCaseCommonAttributeSearcher ( Long  dataSourceId,
Map< Long, String >  dataSourceIdMap,
boolean  filterByMediaMimeType,
boolean  filterByDocMimeType,
int  percentageThreshold 
)

Implements the algorithm for getting common files that appear at least once in the given data source

Parameters
dataSourceIddata source id for which common files must appear at least once
dataSourceIdMapa map of obj_id to datasource name
filterByMediaMimeTypematch only on files whose mime types can be broadly categorized as media types
filterByDocMimeTypematch only on files whose mime types can be broadly categorized as document types
percentageThresholdomit any matches with frequency above this threshold

Definition at line 48 of file SingleIntraCaseCommonAttributeSearcher.java.

Member Function Documentation

String org.sleuthkit.autopsy.commonpropertiessearch.SingleIntraCaseCommonAttributeSearcher.buildSqlSelectStatement ( )
protected
CommonAttributeCaseSearchResults org.sleuthkit.autopsy.commonpropertiessearch.IntraCaseCommonAttributeSearcher.findMatchesByCase ( ) throws TskCoreException, NoCurrentCaseException, SQLException, CentralRepoException
inherited

Definition at line 146 of file IntraCaseCommonAttributeSearcher.java.

CommonAttributeCountSearchResults org.sleuthkit.autopsy.commonpropertiessearch.IntraCaseCommonAttributeSearcher.findMatchesByCount ( ) throws TskCoreException, NoCurrentCaseException, SQLException
inherited

Generate a meta data object which encapsulates everything need to add the tree table tab to the top component.

Returns
a data object with all of the matched files in a hierarchical format
Exceptions
TskCoreException
NoCurrentCaseException
SQLException

Definition at line 105 of file IntraCaseCommonAttributeSearcher.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getDisplayName().

Member Data Documentation

final String org.sleuthkit.autopsy.commonpropertiessearch.SingleIntraCaseCommonAttributeSearcher.dataSourceName
private

Definition at line 33 of file SingleIntraCaseCommonAttributeSearcher.java.

final Long org.sleuthkit.autopsy.commonpropertiessearch.SingleIntraCaseCommonAttributeSearcher.selectedDataSourceId
private

Definition at line 32 of file SingleIntraCaseCommonAttributeSearcher.java.

final String org.sleuthkit.autopsy.commonpropertiessearch.SingleIntraCaseCommonAttributeSearcher.WHERE_CLAUSE = "%s md5 in (select md5 from tsk_files where md5 in (select md5 from tsk_files where (known != " + FileKnown.KNOWN.getFileKnownValue() + " OR known IS NULL) and data_source_obj_id=%s%s) GROUP BY md5 HAVING COUNT(DISTINCT data_source_obj_id) > 1) order by md5"
staticprivate

The documentation for this class was generated from the following file:

Copyright © 2012-2022 Basis Technology. Generated on: Wed Oct 5 2022
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.