|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | AttributeComparator |
| interface | ResultSetHandler |
| enum | SortOrder |
Static Public Member Functions | |
| static List< BlackboardArtifact > | getArtifacts (SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder) throws TskCoreException |
| static List< BlackboardArtifact > | getArtifacts (SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder, int maxCount) throws TskCoreException |
| static Long | getCountOfRegNonSlackFiles (SleuthkitCase skCase, DataSource currentDataSource, String additionalWhere) throws TskCoreException, SQLException |
| static Date | getDateOrNull (BlackboardArtifact artifact, Type attributeType) |
| static Integer | getIntOrNull (BlackboardArtifact artifact, Type attributeType) |
| static Long | getLongOrNull (BlackboardArtifact artifact, Type attributeType) |
| static long | getLongOrZero (Long longVal) |
| static String | getMetaFlagsContainsStatement (TSK_FS_META_FLAG_ENUM flag) |
| static String | getStringOrNull (BlackboardArtifact artifact, Type attributeType) |
| static String | getStringOrZero (Long longVal) |
Static Public Attributes | |
| static final String | COMMA_FORMAT_STR = "#,###" |
| static final DecimalFormat | COMMA_FORMATTER = new DecimalFormat(COMMA_FORMAT_STR) |
Private Member Functions | |
| DataSourceInfoUtilities () | |
Static Private Member Functions | |
| static List< BlackboardArtifact > | createListFromMap (SortedMap< BlackboardAttribute, List< BlackboardArtifact >> sortedMap, int maxCount) |
| static SortedMap< BlackboardAttribute, List< BlackboardArtifact > > | getArtifactMap (SleuthkitCase skCase, BlackboardArtifact.Type artifactType, DataSource dataSource, BlackboardAttribute.Type attributeType, SortOrder sortOrder) throws TskCoreException |
| static BlackboardAttribute | getAttributeOrNull (BlackboardArtifact artifact, Type attributeType) |
Utilities for getting information about a data source or all data sources from the case database.
Definition at line 45 of file DataSourceInfoUtilities.java.
|
private |
Empty private constructor
Definition at line 225 of file DataSourceInfoUtilities.java.
|
staticprivate |
Creates the list of artifacts from the sorted map and the given count.
| sortedMap | Sorted map of artifact lists. |
| maxCount | Maximum number of artifacts to return. |
Definition at line 274 of file DataSourceInfoUtilities.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getArtifacts().
|
staticprivate |
Create a Map of lists of artifacts sorted by the given attribute.
| skCase | SleuthkitCase instance. |
| artifactType | Type of artifacts to sort. |
| dataSource | Data Source that the artifact belongs to. |
| attributeType | Attribute type to sort by. |
| sortOrder | Sort order of the attributes, either ascending or descending. |
| TskCoreException |
Definition at line 244 of file DataSourceInfoUtilities.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getArtifacts().
|
static |
Returns a list of all artifacts of the given type that have an attribute of the given type sorted by given attribute type value. Artifacts that do not have the given attribute will not be included in the list.
Sorting on attributes of type byte[] and JSON is not currently supported.
| skCase | SleuthkitCase instance. |
| artifactType | Type of artifacts to sort. |
| dataSource | Data Source that the artifact belongs to. |
| attributeType | Attribute type to sort by. |
| sortOrder | Sort order of the attributes, either ascending or descending. |
| TskCoreException |
Definition at line 188 of file DataSourceInfoUtilities.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainGroupsAndMostRecent(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDevices().
|
static |
Return a list of artifacts that have been sorted by their attribute of attributeType. If an artifact of the given type does not have the given attribute it will not be included in the returned list.
Sorting on attributes of type byte[] and JSON is not currently supported.
| skCase | SleuthkitCase instance. |
| artifactType | Type of artifacts to sort. |
| dataSource | Data Source that the artifact belongs to. |
| attributeType | Attribute type to sort by. |
| sortOrder | Sort order of the attributes, either ascending or descending. |
| maxCount | Maximum number of results to return. To return all values maxCount should be 0. |
| TskCoreException |
Definition at line 214 of file DataSourceInfoUtilities.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.createListFromMap(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getArtifactMap().
|
staticprivate |
Retrieves attribute from artifact if exists. Returns null if attribute is null or underlying call throws exception.
| artifact | The artifact. |
| attributeType | The attribute type to retrieve from the artifact. |
Definition at line 370 of file DataSourceInfoUtilities.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getIntOrNull(), org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getLongOrNull(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getStringOrNull().
|
static |
Gets a count of regular non-slack files for a particular datasource.
| skCase | The current SleuthkitCase. |
| currentDataSource | The datasource. |
| additionalWhere | Additional sql where clauses. |
| TskCoreException | |
| SQLException |
Definition at line 107 of file DataSourceInfoUtilities.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.getCountOfAllocatedFiles(), org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary.getCountOfAllRegularFiles(), org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary.getCountOfFilesForMimeTypes(), org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary.getCountOfFilesNotInMimeTypes(), org.sleuthkit.autopsy.datasourcesummary.datamodel.MimeTypeSummary.getCountOfFilesWithNoMimeType(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.getCountOfUnallocatedFiles().
|
static |
Retrieves the long value of a certain attribute type from an artifact and converts to date (seconds since epoch).
| artifact | The artifact. |
| attributeType | The attribute type. |
Definition at line 430 of file DataSourceInfoUtilities.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getLongOrNull().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getAccountResult(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMessageAccountResult(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDevices(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTopProgramsResult(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getWebSearchResult().
|
static |
Retrieves the int value of a certain attribute type from an artifact.
| artifact | The artifact. |
| attributeType | The attribute type. |
Definition at line 415 of file DataSourceInfoUtilities.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getAttributeOrNull().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTopProgramsResult().
|
static |
Retrieves the long value of a certain attribute type from an artifact.
| artifact | The artifact. |
| attributeType | The attribute type. |
Definition at line 401 of file DataSourceInfoUtilities.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getAttributeOrNull().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getDateOrNull(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainGroupsAndMostRecent(), org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentAttachment(), org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentDownload(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentlyOpenedDocument().
|
static |
Returns the long value or zero if longVal is null.
| longVal | The long value. |
Definition at line 442 of file DataSourceInfoUtilities.java.
|
static |
Creates sql where clause that does a bitwise check to see if flag is present.
| flag | The flag for which to check. |
Definition at line 156 of file DataSourceInfoUtilities.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.getCountOfAllocatedFiles(), org.sleuthkit.autopsy.datasourcesummary.datamodel.TypesSummary.getCountOfUnallocatedFiles(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.ContainerSummary.getSizeOfUnallocatedFiles().
|
static |
Retrieves the string value of a certain attribute type from an artifact.
| artifact | The artifact. |
| attributeType | The attribute type. |
Definition at line 387 of file DataSourceInfoUtilities.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.DataSourceInfoUtilities.getAttributeOrNull().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.AnalysisSummary.getCountsData(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getDomainGroupsAndMostRecent(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getMessageAccountResult(), org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentAttachment(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getRecentDevices(), org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentDownload(), org.sleuthkit.autopsy.datasourcesummary.datamodel.RecentFilesSummary.getRecentlyOpenedDocument(), org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getTopProgramsResult(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.UserActivitySummary.getWebSearchResult().
|
static |
Returns string value of long with comma separators. If null returns a string of '0'.
| longVal | The long value. |
Definition at line 454 of file DataSourceInfoUtilities.java.
|
static |
Definition at line 47 of file DataSourceInfoUtilities.java.
|
static |
Definition at line 48 of file DataSourceInfoUtilities.java.
Copyright © 2012-2022 Basis Technology. Generated on: Tue Jun 27 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.