|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| interface | ParseExceptionFunction |
| class | TsvColumn |
Public Member Functions | |
| LeappFileProcessor (String xmlFile, String moduleName, IngestJobContext context) throws IOException, IngestModuleException, NoCurrentCaseException | |
| ProcessResult | processFiles (Content dataSource, Path moduleOutputPath, AbstractFile LeappFile, DataSourceIngestModuleProgress progress) |
| ProcessResult | processFileSystem (Content dataSource, Path moduleOutputPath, DataSourceIngestModuleProgress progress) |
Private Member Functions | |
| boolean | checkCancelled () |
| void | configExtractor () throws IOException |
| BlackboardArtifact | createArtifactWithAttributes (BlackboardArtifact.Type artType, Content dataSource, Collection< BlackboardAttribute > bbattributes) |
| void | createCalllogRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
| void | createContactRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
| void | createCustomArtifacts (Blackboard blkBoard) |
| void | createMessageRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
| void | createRoute (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
| AbstractFile | createTrackpoint (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName, String trackpointSegmentName, GeoTrackPoints pointList) throws IngestModuleException |
| AbstractFile | findAbstractFile (Content dataSource, String fileNamePath) |
| List< String > | findTsvFiles (Path LeappOutputDir) throws IngestModuleException |
| String | formatValueBasedOnAttrType (TsvColumn colAttr, String value) |
| Account.Type | getAccountType (String AccountTypeName) |
| void | getArtifactNode (Document xmlinput) |
| BlackboardAttribute | getAttribute (BlackboardAttribute.Type attrType, String value, String fileName) |
| void | getAttributeNodes (Document xmlinput) |
| void | getFileNode (Document xmlinput) |
| String | getXmlAttrIdentifier (String fileName, String attributeName) |
| String | getXmlFileIdentifier (String fileName) |
| void | loadConfigFile () throws IngestModuleException |
| BlackboardAttribute | parseAttrValue (String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) |
| void | processFile (File LeappFile, List< TsvColumn > attrList, String fileName, BlackboardArtifact.Type artifactType, Content dataSource) throws FileNotFoundException, IOException, IngestModuleException, TskCoreException |
| void | processLeappFiles (List< String > LeappFilesToProcess, Content dataSource, DataSourceIngestModuleProgress progress) throws IngestModuleException |
| Collection< BlackboardAttribute > | processReadLine (List< String > lineValues, Map< String, Integer > columnIndexes, List< TsvColumn > attrList, String fileName, int lineNum) throws IngestModuleException |
Private Attributes | |
| final Blackboard | blkBoard |
| final IngestJobContext | context |
| final String | moduleName |
| final Map< String, String > | tsvFileArtifactComments |
| final Map< String, BlackboardArtifact.Type > | tsvFileArtifacts |
| final Map< String, List< TsvColumn > > | tsvFileAttributes |
| final Map< String, String > | tsvFiles |
| final String | xmlFile |
Static Private Attributes | |
| static final Map< String, String > | ACCOUNT_RELATIONSHIPS |
| static final Set< String > | ALLOWED_EXTENSIONS = new HashSet<>(Arrays.asList("zip", "tar", "tgz")) |
| static final Map< String, String > | CUSTOM_ARTIFACT_MAP |
| static final Logger | logger = Logger.getLogger(LeappFileProcessor.class.getName()) |
| static final DateFormat | TIMESTAMP_FORMAT = new SimpleDateFormat("yyyy-MM-d HH:mm:ss", US) |
Find and process output from Leapp program and bring into Autopsy
Definition at line 99 of file LeappFileProcessor.java.
| org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor | ( | String | xmlFile, |
| String | moduleName, | ||
| IngestJobContext | context | ||
| ) | throws IOException, IngestModuleException, NoCurrentCaseException |
Definition at line 201 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.configExtractor(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.context, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCustomArtifacts(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.xmlFile.
|
private |
Definition at line 290 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.ingest.IngestJobContext.dataSourceIngestIsCancelled().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
|
private |
Extract the Leapp config xml file to the user directory to process
Definition at line 1265 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.extractResourceToUserConfigDir().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Generic method for creating a blackboard artifact with attributes
| artType | The artifact type. |
| dataSource | is the Content object that needs to have the artifact added for it |
| bbattributes | is the collection of blackboard attributes that need to be added to the artifact after the artifact has been created |
Definition at line 1225 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 732 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAccountType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 662 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAccountType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Create custom artifacts that are defined in the xLeapp xml file(s).
Definition at line 1310 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Definition at line 559 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAccountType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 426 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 494 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 1325 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.services.Services.getFileManager(), and org.sleuthkit.autopsy.casemodule.Case.getServices().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createRoute(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createTrackpoint().
|
private |
Find the tsv files in the Leapp output directory and match them to files we know we want to process and return the list to process those files.
Definition at line 267 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().
|
private |
Check type of attribute and possibly format string based on it.
| colAttr | Column Attribute information |
| value | string to be formatted |
Definition at line 953 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
|
private |
Definition at line 809 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship().
|
private |
Definition at line 1113 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlFileIdentifier(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Gets an appropriate attribute based on the attribute type and string value.
| attrType | The attribute type. |
| value | The string value to be converted to the appropriate data type for the attribute type. |
| fileName | The file name that the value comes from. |
Definition at line 977 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.parseAttrValue().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
|
private |
Definition at line 1155 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlAttrIdentifier().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Definition at line 1101 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Definition at line 1149 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlFileIdentifier().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttributeNodes().
|
private |
Definition at line 1143 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlAttrIdentifier().
|
private |
Read the XML config file and load the mappings into maps
Definition at line 1078 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttributeNodes(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getFileNode(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserConfigDirectory(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.xmlFile.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Runs parsing function on string value to convert to right data type and generates a blackboard attribute for that converted data type.
| value | The string value. |
| attrType | The blackboard attribute type. |
| fileName | The name of the file from which the value comes. |
| blankIsNull | If string is blank return null attribute. |
| zeroIsNull | If string is some version of 0, return null attribute. |
| valueConverter | The means of converting the string value to an appropriate blackboard attribute. |
Definition at line 1047 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.ParseExceptionFunction.apply().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttribute().
|
private |
Definition at line 340 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createArtifactWithAttributes(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createRoute(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createTrackpoint(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.ingest.IngestJobContext.getJobId(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
| ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles | ( | Content | dataSource, |
| Path | moduleOutputPath, | ||
| AbstractFile | LeappFile, | ||
| DataSourceIngestModuleProgress | progress | ||
| ) |
Definition at line 229 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.checkCancelled(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findTsvFiles(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles(), org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.progress(), and org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.switchToIndeterminate().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.processALeappFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFile().
| ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem | ( | Content | dataSource, |
| Path | moduleOutputPath, | ||
| DataSourceIngestModuleProgress | progress | ||
| ) |
Definition at line 246 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.checkCancelled(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findTsvFiles(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles(), org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.progress(), and org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.switchToIndeterminate().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.processALeappFs(), and org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFs().
|
private |
Process the Leapp files that were found that match the xml mapping file
| LeappFilesToProcess | List of files to process. |
| dataSource | The data source. |
| progress | Means of updating progress in UI. |
| FileNotFoundException | |
| IOException |
Definition at line 313 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.checkCancelled(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile(), org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.progress(), org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress.switchToDeterminate(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().
|
private |
Process the line read and create the necessary attributes for it.
| lineValues | List of column values. |
| columnIndexes | Mapping of column headers (trimmed; to lower case) to column index. All header columns and only all header columns should be present. |
| attrList | The list of attributes as specified for the schema of this file. |
| fileName | The name of the file being processed. |
| lineNum | The line number in the file. |
| IngestModuleException |
Definition at line 895 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.formatValueBasedOnAttrType(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttribute().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
staticprivate |
Definition at line 161 of file LeappFileProcessor.java.
|
staticprivate |
Definition at line 1270 of file LeappFileProcessor.java.
|
private |
Definition at line 199 of file LeappFileProcessor.java.
|
private |
Definition at line 150 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
staticprivate |
Definition at line 157 of file LeappFileProcessor.java.
|
staticprivate |
Definition at line 147 of file LeappFileProcessor.java.
|
private |
Definition at line 149 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createRoute(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createTrackpoint(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
staticprivate |
The format of time stamps in tsv.
Definition at line 964 of file LeappFileProcessor.java.
|
private |
Definition at line 154 of file LeappFileProcessor.java.
|
private |
Definition at line 153 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
|
private |
Definition at line 155 of file LeappFileProcessor.java.
|
private |
Definition at line 152 of file LeappFileProcessor.java.
|
private |
Definition at line 148 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
Copyright © 2012-2022 Basis Technology. Generated on: Tue May 30 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.