|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | PastCasesResult |
Public Member Functions | |
| PastCasesSummary () | |
| PastCasesSummary (SleuthkitCaseProvider provider, java.util.logging.Logger logger) | |
| PastCasesResult | getPastCasesData (DataSource dataSource) throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
Private Member Functions | |
| BlackboardArtifact | getParentArtifact (BlackboardArtifact artifact) throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
| boolean | hasDeviceAssociatedArtifact (BlackboardArtifact artifact) throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
Static Private Member Functions | |
| static List< Pair< String, Long > > | getCaseCounts (Stream< String > cases) |
| static List< Pair< String, Long > > | getCaseCountsFromArtifacts (List< BlackboardArtifact > artifacts) |
| static List< String > | getCasesFromArtifact (BlackboardArtifact artifact) |
| static List< String > | getCasesFromAttr (BlackboardAttribute commentAttr) |
| static boolean | isCentralRepoGenerated (List< String > sources) |
Private Attributes | |
| final SleuthkitCaseProvider | caseProvider |
| final java.util.logging.Logger | logger |
Static Private Attributes | |
| static final Set< Integer > | ARTIFACT_UPDATE_TYPE_IDS |
| static final String | CASE_SEPARATOR = "," |
| static final String | CENTRAL_REPO_INGEST_NAME = CentralRepoIngestModuleFactory.getModuleName().toUpperCase().trim() |
| static final Set< Integer > | CR_DEVICE_TYPE_IDS |
Provides information about how a data source relates to a previous case. NOTE: This code is fragile and has certain expectations about how the central repository handles creating artifacts. So, if the central repository changes ingest process, this code could break. This code expects that the central repository ingest module:
a) Creates a TSK_PREVIOUSLY_NOTABLE artifact for a file whose hash is in the central repository as a notable file.
b) Creates a TSK_PREVIOUSLY_SEEN artifact for a matching id in the central repository.
c) The created artifact will have a TSK_OTHER_CASES attribute attached where one of the sources for the attribute matches CentralRepoIngestModuleFactory.getModuleName(). The module display name at time of ingest will match CentralRepoIngestModuleFactory.getModuleName() as well.
d) The content of that TSK_OTHER_CASES attribute will be of the form "case1,case2...caseN"
Definition at line 65 of file PastCasesSummary.java.
| org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary | ( | ) |
Main constructor.
Definition at line 133 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.DEFAULT, and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
| org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary | ( | SleuthkitCaseProvider | provider, |
| java.util.logging.Logger | logger | ||
| ) |
Main constructor with external dependencies specified. This constructor is designed with unit testing in mind since mocked dependencies can be utilized.
| provider | The object providing the current SleuthkitCase. |
| logger | The logger to use. |
Definition at line 149 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.logger.
|
staticprivate |
Given a stream of case ids, groups the strings in a case-insensitive manner, and then provides a list of cases and the occurrence count sorted from max to min.
| cases | A stream of cases. |
Definition at line 233 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCaseCountsFromArtifacts().
|
staticprivate |
Determines a list of counts for most populated cases based on comment attribute.
| artifacts | The list of artifacts. |
Definition at line 258 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCaseCounts(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
staticprivate |
Gets a list of cases from the TSK_OTHER_CASES of an artifact. The cases string is expected to be of a form of "case1,case2...caseN".
| artifact | The artifact. |
Definition at line 184 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromAttr().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCaseCountsFromArtifacts().
|
staticprivate |
Gets a list of cases from the TSK_OTHER_CASES attribute. The cases string is expected to be of a form of "case1,case2...caseN".
| artifact | The attribute. |
Definition at line 208 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.isCentralRepoGenerated().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromArtifact().
|
private |
Given a TSK_PREVIOUSLY_SEEN or TSK_PREVIOUSLY_NOTABLE artifact, retrieves it's parent artifact.
| artifact | The input artifact. |
| TskCoreException | |
| NoCurrentCaseException |
Definition at line 278 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.hasDeviceAssociatedArtifact().
| PastCasesResult org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData | ( | DataSource | dataSource | ) | throws SleuthkitCaseProvider.SleuthkitCaseProviderException, TskCoreException |
Returns the past cases data to be shown in the past cases tab.
| dataSource | The data source. |
| SleuthkitCaseProviderException | |
| TskCoreException | |
| NoCurrentCaseException |
Definition at line 319 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.SleuthkitCaseProvider.get(), org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCaseCountsFromArtifacts(), and org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.hasDeviceAssociatedArtifact().
Referenced by org.sleuthkit.autopsy.datasourcesummary.ui.PastCasesSummaryGetter.getPastCasesData().
|
private |
Returns true if the artifact has an associated artifact of a device type.
| artifact | The artifact. |
| TskCoreException | |
| NoCurrentCaseException |
Definition at line 299 of file PastCasesSummary.java.
References org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getParentArtifact().
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getPastCasesData().
|
staticprivate |
Given the provided sources for an attribute, aims to determine if one of those sources is the Central Repository Ingest Module.
| sources | The list of sources found on an attribute. |
Definition at line 166 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.getCasesFromAttr().
|
staticprivate |
Definition at line 111 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 125 of file PastCasesSummary.java.
|
private |
Definition at line 127 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 116 of file PastCasesSummary.java.
|
staticprivate |
Definition at line 118 of file PastCasesSummary.java.
|
private |
Definition at line 128 of file PastCasesSummary.java.
Referenced by org.sleuthkit.autopsy.datasourcesummary.datamodel.PastCasesSummary.PastCasesSummary().
Copyright © 2012-2022 Basis Technology. Generated on: Sun Apr 2 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.