|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits PropertyChangeListener.
Classes | |
| class | CentralRepoHashSet |
| class | HashDb |
| class | HashDbIndexer |
| class | HashDbManagerException |
| enum | SetEvt |
| class | SleuthkitHashSet |
Public Member Functions | |
| synchronized HashDb | addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
| synchronized HashDb | addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
| synchronized HashDb | addNewHashDatabaseNoSave (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
| synchronized void | addPropertyChangeListener (PropertyChangeListener listener) |
| synchronized List< HashDb > | getAllHashSets () |
| synchronized List< HashDb > | getKnownBadFileHashSets () |
| synchronized List< HashDb > | getKnownFileHashSets () |
| synchronized List< HashDb > | getUpdateableHashSets () |
| synchronized void | loadLastSavedConfiguration () |
| void | propertyChange (PropertyChangeEvent event) |
| synchronized void | removeHashDatabase (HashDb hashDb) throws HashDbManagerException |
| synchronized void | removeHashDatabaseNoSave (HashDb hashDb) throws HashDbManagerException |
| synchronized void | removePropertyChangeListener (PropertyChangeListener listener) |
Static Public Member Functions | |
| static synchronized HashDbManager | getInstance () |
Private Member Functions | |
| HashDbManager () | |
| SleuthkitHashSet | addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException |
| void | checkDbCollision (String path, String hashSetName) throws HashDbManagerException, MissingResourceException |
| void | closeHashDatabases (List< HashDb > hashDatabases) |
| void | configureCrDbs () |
| void | configureLocalDb (HashDbInfo hashDbInfo) |
| void | configureSettings (HashLookupSettings settings, Set< String > officialSetNames) |
| List< HashDbInfo > | getCentralRepoHashSetsFromDatabase () |
| HashDb | getOfficialHashDbFromFile (File file) throws HashDbManagerException, TskCoreException |
| List< HashDb > | getUpdateableHashSets (List< HashDb > hashDbs) |
| String | getValidFilePath (String hashSetName, String configuredPath) |
| List< HashDbInfo > | handleNameConflict (List< HashDbInfo > curHashsets, Set< String > officialNames) |
| boolean | hashDbInfoIsNew (HashDbInfo dbInfo) |
| void | loadHashsetsConfiguration () |
| void | loadOfficialHashSets () |
| List< HashDb > | loadOfficialHashSetsFromFolder (String folder) throws HashDbManagerException |
| String | searchForFile () |
| void | updateHashSetsFromCentralRepository () throws TskCoreException |
Private Attributes | |
| boolean | allDatabasesLoadedCorrectly = false |
| final JFileChooserFactory | chooserHelper |
| Set< String > | hashSetNames = new HashSet<>() |
| Set< String > | hashSetPaths = new HashSet<>() |
| List< HashDb > | hashSets = new ArrayList<>() |
| Set< String > | officialHashSetNames = new HashSet<>() |
| Set< String > | officialHashSetPaths = new HashSet<>() |
| List< HashDb > | officialHashSets = new ArrayList<>() |
Static Private Attributes | |
| static final String | DB_NAME_PARAM = "dbName" |
| static final FilenameFilter | DEFAULT_KDB_FILTER |
| static final String | HASH_DATABASE_FILE_EXTENSON = "kdb" |
| static HashDbManager | instance = null |
| static final String | KDB_EXT = "kdb" |
| static final String | KNOWN_STATUS_PARAM = "knownStatus" |
| static final Logger | logger = Logger.getLogger(HashDbManager.class.getName()) |
| static final Pattern | OFFICIAL_FILENAME = Pattern.compile("(?<" + DB_NAME_PARAM + ">.+?)\\.(?<" + KNOWN_STATUS_PARAM + ">.+?)\\." + KDB_EXT) |
| static final String | OFFICIAL_HASH_SETS_FOLDER = "OfficialHashSets" |
This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or notable.
Definition at line 75 of file HashDbManager.java.
|
private |
Definition at line 141 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
| synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase | ( | String | hashSetName, |
| String | path, | ||
| boolean | searchDuringIngest, | ||
| boolean | sendIngestMessages, | ||
| HashDb.KnownFilesType | knownFilesType | ||
| ) | throws HashDbManagerException |
Adds an existing hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
| hashSetName | Name used to represent the hash database in user interface components. |
| path | Full path to either a hash database file or a hash database index file. |
| searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
| sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
| knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
| HashDbManagerException |
Definition at line 187 of file HashDbManager.java.
|
private |
Definition at line 282 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_ADDED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureLocalDb().
| synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase | ( | String | hashSetName, |
| String | path, | ||
| boolean | searchDuringIngest, | ||
| boolean | sendIngestMessages, | ||
| HashDb.KnownFilesType | knownFilesType | ||
| ) | throws HashDbManagerException |
Adds a new hash database to the set of hash databases used to classify files as known or notable and saves the configuration.
| hashSetName | Hash set name used to represent the hash database in user interface components. |
| path | Full path to the database file to be created. |
| searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
| sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
| knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
| HashDbManagerException |
Definition at line 228 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().
| synchronized HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave | ( | String | hashSetName, |
| String | path, | ||
| boolean | searchDuringIngest, | ||
| boolean | sendIngestMessages, | ||
| HashDb.KnownFilesType | knownFilesType | ||
| ) | throws HashDbManagerException |
Definition at line 239 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.checkDbCollision().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase().
| synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener | ( | PropertyChangeListener | listener | ) |
|
private |
Throws an exception if the provided path or hashSetName already belong to an existing database.
| path | The path. |
| hashSetName | The hash set name. |
| org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManagerException | |
| MissingResourceException |
Definition at line 272 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabaseNoSave().
|
private |
Definition at line 548 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
|
private |
Configures central repository hash set databases.
Definition at line 779 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Handles configuring a local hash set database.
| hashDbInfo | The local hash set database. |
Definition at line 797 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Configures the given settings object by adding all contained hash db to the system.
| settings | The settings to configure. |
| officialSetNames | The official set names. Any name collisions will trigger rename for primary file. |
Definition at line 742 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureCrDbs(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureLocalDb(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.handleNameConflict(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled(), and org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
| synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets | ( | ) |
Gets all of the hash databases used to classify files as known or known bad. Will add any new central repository databases to the list before returning it.
Definition at line 457 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.saveSettings(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp().
|
private |
Definition at line 515 of file HashDbManager.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.fromFileKnown(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getAllReferenceSets(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCorrelationTypeById(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
static |
Gets the singleton instance of this class.
Definition at line 122 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.AddContentToHashDbAction.AddContentToHashDbMenu.addExistingHashDatabases(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), org.sleuthkit.autopsy.modules.hashdatabase.ImportCentralRepoDbProgressDialog.CentralRepoImportWorker.done(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.HashLookupSettingsPanel(), and org.sleuthkit.autopsy.modules.hashdatabase.infrastructure.Installer.restored().
| synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as notable.
Definition at line 485 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN_BAD.
| synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known.
Definition at line 473 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN.
|
private |
Loads an official hash set from the given file.
| file | The kdb file to load. |
| HashDbManagerException | If file does not exist or does not match naming convention (See HashDbManager.OFFICIAL_FILENAME for regex). |
Definition at line 705 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSetsFromFolder().
| synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets | ( | ) |
Gets all of the hash databases that accept updates.
Definition at line 497 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.AddContentToHashDbAction.AddContentToHashDbMenu.addExistingHashDatabases().
|
private |
Definition at line 849 of file HashDbManager.java.
References org.sleuthkit.autopsy.core.RuntimeProperties.runningWithGUI, and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureLocalDb().
|
private |
Handles a potential conflict between official and non-official hash sets. Non-official hashsets have '(Custom)' added. If a conflict is identified, the hashset settings are fixed, saved, reloaded, and returned. Otherwise, the original list is returned.
| curHashsets | The list of non-official hash sets. |
| officialNames | The set of names for official hash sets. |
Definition at line 619 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings().
|
private |
Definition at line 840 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.updateHashSetsFromCentralRepository().
|
private |
Definition at line 561 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureSettings(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSets().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
| synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration | ( | ) |
Restores the last saved hash sets configuration. This supports cancellation of configuration panels.
Definition at line 540 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), and org.sleuthkit.autopsy.modules.hashdatabase.infrastructure.Installer.restored().
|
private |
Loads official hash sets into officialHashSets and also populates officialHashSetPaths and officialHashSetNames variables.
Definition at line 576 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSetsFromFolder().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadHashsetsConfiguration().
|
private |
Loads official hash sets from the given folder.
| folder | The folder from which to load official hash sets. |
| HashDbManagerException | If folder does not exist. |
Definition at line 672 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getOfficialHashDbFromFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadOfficialHashSets().
| void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange | ( | PropertyChangeEvent | event | ) |
Definition at line 358 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
| synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Removes a hash database from the set of hash databases used to classify files as known or notable and saves the configuration.
| hashDb |
| HashDbManagerException |
Definition at line 382 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave().
| synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabaseNoSave | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Definition at line 387 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_DELETED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning(), and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.deleteDatabaseButtonActionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.hashSetTableKeyPressed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.indexButtonActionPerformed(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase().
| synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removePropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 133 of file HashDbManager.java.
|
private |
Definition at line 875 of file HashDbManager.java.
References org.sleuthkit.autopsy.guiutils.JFileChooserFactory.getChooser(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath().
|
private |
Definition at line 826 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getCentralRepoHashSetsFromDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashDbInfoIsNew(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.configureCrDbs(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets().
|
private |
Definition at line 89 of file HashDbManager.java.
|
private |
Definition at line 98 of file HashDbManager.java.
|
staticprivate |
Definition at line 94 of file HashDbManager.java.
|
staticprivate |
Definition at line 100 of file HashDbManager.java.
|
staticprivate |
Definition at line 77 of file HashDbManager.java.
|
private |
Definition at line 80 of file HashDbManager.java.
|
private |
Definition at line 81 of file HashDbManager.java.
|
private |
Definition at line 79 of file HashDbManager.java.
|
staticprivate |
Definition at line 78 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
|
staticprivate |
Definition at line 92 of file HashDbManager.java.
|
staticprivate |
Definition at line 95 of file HashDbManager.java.
|
staticprivate |
Definition at line 88 of file HashDbManager.java.
|
staticprivate |
Definition at line 96 of file HashDbManager.java.
|
staticprivate |
Definition at line 91 of file HashDbManager.java.
|
private |
Definition at line 84 of file HashDbManager.java.
|
private |
Definition at line 85 of file HashDbManager.java.
|
private |
Definition at line 83 of file HashDbManager.java.
Copyright © 2012-2022 Basis Technology. Generated on: Tue Jun 27 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.