|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits JPanel, and org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Classes | |
| interface | DateTimePanel |
| class | SortByDateTime |
Public Member Functions | |
| ContextViewer () | |
| DataContentViewer | createInstance () |
| Component | getComponent () |
| default String | getTitle (Node node) |
| String | getTitle () |
| String | getToolTip () |
| int | isPreferred (Node node) |
| boolean | isSupported (Node node) |
| void | resetComponent () |
| void | setNode (Node selectedNode) |
Private Member Functions | |
| void | addArtifactToPanels (BlackboardArtifact associatedArtifact) throws TskCoreException |
| void | addAssociatedArtifactToPanel (BlackboardArtifact artifact) throws TskCoreException |
| void | appendAttributeString (StringBuilder sb, BlackboardAttribute.ATTRIBUTE_TYPE attribType, Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute > attributesMap, String prependStr) |
| Long | getArtifactDateTime (BlackboardArtifact artifact) throws TskCoreException |
| Map< BlackboardAttribute.ATTRIBUTE_TYPE, BlackboardAttribute > | getAttributesMap (BlackboardArtifact artifact) throws TskCoreException |
| void | initComponents () |
| String | msgArtifactToAbbreviatedString (BlackboardArtifact artifact) throws TskCoreException |
| void | populatePanels (AbstractFile sourceFile) throws NoCurrentCaseException, TskCoreException |
| String | programExecArtifactToString (BlackboardArtifact artifact) throws TskCoreException |
| String | recentDocArtifactToString (BlackboardArtifact artifact) throws TskCoreException |
| String | webDownloadArtifactToString (BlackboardArtifact artifact) throws TskCoreException |
Private Attributes | |
| final List< ContextSourcePanel > | contextSourcePanels = new ArrayList<>() |
| final List< ContextUsagePanel > | contextUsagePanels = new ArrayList<>() |
| javax.swing.JScrollPane | jScrollPane |
| javax.swing.JPanel | jSourcePanel |
| javax.swing.JPanel | jUnknownPanel |
| javax.swing.JPanel | jUsagePanel |
Static Private Attributes | |
| static final int | ARTIFACT_STR_MAX_LEN = 1024 |
| static final int | ATTRIBUTE_STR_MAX_LEN = 200 |
| static final List< BlackboardArtifact.ARTIFACT_TYPE > | CONTEXT_ARTIFACTS = new ArrayList<>() |
| static final Insets | DATA_ROW_INSETS = new Insets(0, ContentViewerDefaults.getSectionIndent(), ContentViewerDefaults.getLineSpacing(), 0) |
| static final Insets | FIRST_HEADER_INSETS = new Insets(0, 0, 0, 0) |
| static final Insets | HEADER_INSETS = new Insets(ContentViewerDefaults.getSectionSpacing(), 0, ContentViewerDefaults.getLineSpacing(), 0) |
| static final Logger | logger = Logger.getLogger(ContextViewer.class.getName()) |
| static final long | serialVersionUID = 1L |
Displays additional context for the selected file, such as its source, and usage, if known.
Definition at line 56 of file ContextViewer.java.
| org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.ContextViewer | ( | ) |
Creates new form ContextViewer
Definition at line 79 of file ContextViewer.java.
|
private |
Adds th passed in artifact to the appropriate source or usage panel
| associatedArtifact | - associated artifact |
| TskCoreException |
Definition at line 310 of file ContextViewer.java.
|
private |
Resolves an TSK_ASSOCIATED_OBJECT artifact and adds it to the appropriate panel
| artifact | Artifact that may provide context. |
| NoCurrentCaseException | |
| TskCoreException |
Definition at line 284 of file ContextViewer.java.
|
private |
Looks up specified attribute in the given map and, if found, appends its value to the given string builder.
| sb | String builder to append to. |
| attribType | Attribute type to look for. |
| attributesMap | Attributes map. |
| prependStr | Optional string that is prepended before the attribute value. |
Definition at line 481 of file ContextViewer.java.
| DataContentViewer org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.createInstance | ( | ) |
Create and return a new instance of your viewer. The reason that this is needed is because the specific viewer modules will be found via NetBeans Lookup and the type will only be DataContentViewer. This method is used to get an instance of your specific type.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 170 of file ContextViewer.java.
|
private |
Return the dateTime value for the given message artifact.
| artifact |
| TskCoreException |
Definition at line 536 of file ContextViewer.java.
|
private |
Gets all attributes for the given artifact, and returns a map of attributes keyed by attribute type.
| artifact | Artifact for which to get the attributes. |
| TskCoreException |
Definition at line 506 of file ContextViewer.java.
| Component org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.getComponent | ( | ) |
Return the Swing Component to display. Implementations of this method that extend JPanel and do a 'return this;'. Otherwise return an internal instance of the JPanel.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 175 of file ContextViewer.java.
|
inherited |
Returns the title of this viewer to display in the tab.
| node | The node to be viewed in the DataContentViewer. |
Implemented in org.sleuthkit.autopsy.contentviewers.Metadata.
Definition at line 61 of file DataContentViewer.java.
References org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.getTitle().
| String org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.getTitle | ( | ) |
Returns the title of this viewer to display in the tab.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 160 of file ContextViewer.java.
| String org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.getToolTip | ( | ) |
Returns a short description of this viewer to use as a tool tip for its tab.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 165 of file ContextViewer.java.
|
private |
This method is called from within the constructor to initialize the form. WARNING: Do NOT modify this code. The content of this method is always regenerated by the Form Editor.
Definition at line 92 of file ContextViewer.java.
References org.sleuthkit.autopsy.contentviewers.layout.ContentViewerDefaults.getHeaderFont().
| int org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.isPreferred | ( | Node | node | ) |
Checks whether the given viewer is preferred for the Node. This is a bit subjective, but the idea is that Autopsy wants to display the most relevant tab. The more generic the viewer, the lower the return value should be. This will only be called on viewers that support the given node (i.e., isSupported() has already returned true).
The following are some examples of the current levels in use. If the selected node is an artifact, the level may be determined by both the artifact and its associated file.
Level 8 - Used for viewers that summarize a data artifact and display a relevant subset to help the examiner decide if they should look into it further. Not currently used by any modules, but an example would be a module that summarizes an email message.
Level 7 - Used for data artifact viewers. These have higher priority over file content viewers because a Node will likely have the ‘source’ file for a data artifact and we want to give the artifact priority. Currently used by the Data Artifacts viewer.
Level 6 - Used for type-specific file content viewers that summarize the file content and display a relevant subset. These viewers help the examiner determine if the file is worth looking into further. Examples of this would be Video Triage Module that displays a subset of a video or a document.
Level 5 - Used for type-specific file content viewers that are optimized for that type, such as displaying an image or a PDF file with images and proper layout. Currently used by the Application viewer.
Level 4 - Used for type-specific file content viewers that are not optimized. For example, displaying only the plain text from a PDF would be at this level, but displaying the same PDF with images and layout would be level 5. Currently used by the Text viewer that returns text from Solr.
Level 3 - Used for viewing Data Artifacts that refer to files and the user may want to view the files more than the artifact itself. This is currently used by the Data Artifact viewer when a Web Download artifact is selected.
Level 2 - Used for viewing Analysis Results. This is a lower priority than Data Artifacts and file content because Analysis Results are used to identify content of interest and therefore the content itself should be shown. Currently used by the Analysis Results viewer. * Level 1 - Used for metadata viewers that give more information and context about the primary file or artifact. Currently used by Metadata, Annotations, Context, Other Occurrences, and OS Account.
Level 0 - Used for general purpose file content viewers that are not file specific and will always be enabled. Currently used by Text/Strings and Hex.
| node | Node to check for preference |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 209 of file ContextViewer.java.
References org.sleuthkit.autopsy.contentviewers.utils.ViewerPriority.viewerPriority.LevelOne.
| boolean org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.isSupported | ( | Node | node | ) |
Checks whether the given node is supported by the viewer. This will be used to enable or disable the tab for the viewer.
| node | Node to check for support |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 186 of file ContextViewer.java.
|
private |
Returns a abbreviated display string for a message artifact.
| artifact | artifact to get download source URL from. |
| TskCoreException |
Definition at line 452 of file ContextViewer.java.
|
private |
Looks for context providing artifacts for the given file and populates the source context.
| sourceFile | File for which to show the context. |
| NoCurrentCaseException | |
| TskCoreException |
Definition at line 226 of file ContextViewer.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.contentviewers.layout.ContentViewerDefaults.getPanelBackground(), org.sleuthkit.autopsy.contentviewers.layout.ContentViewerDefaults.getPanelInsets(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
|
private |
Returns a display string with Program Execution artifact.
| artifact | artifact to get doc from. |
| TskCoreException |
Definition at line 421 of file ContextViewer.java.
|
private |
Returns a display string with recent Doc artifact.
| artifact | artifact to get doc from. |
| TskCoreException |
Definition at line 391 of file ContextViewer.java.
| void org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.resetComponent | ( | ) |
Resets the contents of the viewer / component.
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 180 of file ContextViewer.java.
| void org.sleuthkit.autopsy.contentviewers.contextviewer.ContextViewer.setNode | ( | Node | selectedNode | ) |
Autopsy will call this when this panel is focused with the file that should be analyzed. When called with null, must clear all references to previous nodes.
| selectedNode | the node which is used to determine what is displayed in this viewer |
Implements org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer.
Definition at line 140 of file ContextViewer.java.
|
private |
Returns a display string with download source URL from the given artifact.
| artifact | artifact to get download source URL from. |
| TskCoreException |
Definition at line 365 of file ContextViewer.java.
|
staticprivate |
Definition at line 60 of file ContextViewer.java.
|
staticprivate |
Definition at line 61 of file ContextViewer.java.
|
staticprivate |
Definition at line 68 of file ContextViewer.java.
|
private |
Definition at line 69 of file ContextViewer.java.
|
private |
Definition at line 70 of file ContextViewer.java.
|
staticprivate |
Definition at line 65 of file ContextViewer.java.
|
staticprivate |
Definition at line 63 of file ContextViewer.java.
|
staticprivate |
Definition at line 64 of file ContextViewer.java.
|
private |
Definition at line 573 of file ContextViewer.java.
|
private |
Definition at line 574 of file ContextViewer.java.
|
private |
Definition at line 575 of file ContextViewer.java.
|
private |
Definition at line 576 of file ContextViewer.java.
|
staticprivate |
Definition at line 59 of file ContextViewer.java.
|
staticprivate |
Definition at line 58 of file ContextViewer.java.
Copyright © 2012-2022 Basis Technology. Generated on: Tue Jun 27 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.