Inherits org.sleuthkit.autopsy.report.ReportModule.

Classes
class	GetImageTagCallback

class	GetInterestingItemSetNamesCallback

class	StoreMaxIdCallback

Public Member Functions
	PortableCaseReportModule ()

void	generateReport (String reportPath, PortableCaseReportModuleSettings options, ReportProgressPanel progressPanel)

default ReportModuleSettings	getConfiguration ()

default JPanel	getConfigurationPanel ()

default ReportModuleSettings	getDefaultConfiguration ()

String	getDescription ()

String	getName ()

String	getRelativeFilePath ()

default void	setConfiguration (ReportModuleSettings settings)

Private Member Functions
void	addArtifactsToPortableCase (TagName oldTagName, ReportProgressPanel progressPanel) throws TskCoreException

void	addFilesToPortableCase (TagName oldTagName, ReportProgressPanel progressPanel) throws TskCoreException

void	addImageTagToPortableCase (ContentTag newContentTag, String appData) throws TskCoreException

boolean	addUniqueFile (Content content, DataSource dataSource, Path tmpDir, Gson gson, CaseUcoExporter exporter, JsonWriter reportWriter, boolean dataSourceHasBeenIncluded) throws IOException, TskCoreException

void	cleanup ()

void	closePortableCaseDatabase ()

boolean	compressCase (ReportProgressPanel progressPanel, String folderToCompress)

void	copyApplication (Path sourceFolder, String destBaseFolder) throws IOException

BlackboardArtifact	copyArtifact (long newContentId, BlackboardArtifact artifactToCopy) throws TskCoreException

void	copyAttachments (BlackboardArtifact newArtifact, BlackboardArtifact oldArtifact, AbstractFile newFile) throws TskCoreException

long	copyContent (Content content) throws TskCoreException

long	copyContentToPortableCase (Content content, ReportProgressPanel progressPanel) throws TskCoreException

Host	copyHost (Host oldHost) throws TskCoreException

OsAccount	copyOsAccount (Long oldOsAccountId) throws TskCoreException

void	copyPathID (BlackboardArtifact newArtifact, BlackboardArtifact oldArtifact) throws TskCoreException

void	createAppLaunchBatFile (String destBaseFolder) throws IOException

void	createCase (File outputDir, ReportProgressPanel progressPanel)

void	generateCaseUcoReport (List< TagName > tagNames, List< String > setNames, ReportProgressPanel progressPanel)

List< String >	getAllInterestingItemsSets () throws NoCurrentCaseException, TskCoreException

Path	getApplicationBasePath ()

String	getAutopsyExeName ()

Path	getAutopsyExePath ()

String	getExportSubfolder (AbstractFile abstractFile)

String	getImageTagDataForContentTag (ContentTag tag) throws TskCoreException

Multimap< Long, BlackboardArtifact >	getInterestingArtifactsBySetName (SleuthkitCase skCase, List< String > setNames) throws TskCoreException

int	getNewArtifactTypeId (BlackboardArtifact oldArtifact) throws TskCoreException

BlackboardAttribute.Type	getNewAttributeType (BlackboardAttribute oldAttribute) throws TskCoreException

void	handleCancellation (ReportProgressPanel progressPanel)

void	handleError (String logWarning, String dialogWarning, Exception ex, ReportProgressPanel progressPanel)

void	initializeImageTags (ReportProgressPanel progressPanel) throws TskCoreException

void	saveHighestIds () throws TskCoreException

Static Private Member Functions
static File	locate7ZipExecutable ()

Private Attributes
File	caseFolder = null

String	caseName = ""

File	copiedFilesFolder = null

Case	currentCase = null

final Map< Long, Content >	newIdToContent = new HashMap<>()

final Map< Long, BlackboardArtifact >	oldArtifactIdToNewArtifact = new HashMap<>()

final Map< Integer, Integer >	oldArtTypeIdToNewArtTypeId = new HashMap<>()

final Map< Integer, BlackboardAttribute.Type >	oldAttrTypeIdToNewAttrType = new HashMap<>()

final Map< Long, Host >	oldHostIdToNewHost = new HashMap<>()

final Map< Long, Content >	oldIdToNewContent = new HashMap<>()

final Map< Long, OsAccount >	oldOsAccountIdToNewOsAccount = new HashMap<>()

final Map< Long, OsAccountRealm >	oldRealmIdToNewRealm = new HashMap<>()

final Map< TagName, TagName >	oldTagNameToNewTagName = new HashMap<>()

SleuthkitCase	portableSkCase = null

PortableCaseReportModuleSettings	settings

Static Private Attributes
static final String	CASE_UCO_FILE_NAME = "portable_CASE_UCO_output"

static final String	CASE_UCO_TMP_DIR = "case_uco_tmp"

static final String	FILE_FOLDER_NAME = "PortableCaseFiles"

static final List< FileTypeCategory >	FILE_TYPE_CATEGORIES

static final Logger	logger = Logger.getLogger(PortableCaseReportModule.class.getName())

static final String	MAX_ID_TABLE_NAME = "portable_case_max_ids"

static final List< Integer >	SPECIALLY_HANDLED_ATTRS

static final String	UNKNOWN_FILE_TYPE_FOLDER = "Other"

Detailed Description

Creates a portable case from tagged files

Definition at line 101 of file PortableCaseReportModule.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.PortableCaseReportModule ( )

Definition at line 153 of file PortableCaseReportModule.java.

Member Function Documentation

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase	(	TagName	oldTagName,
		ReportProgressPanel	progressPanel
	)		throws TskCoreException

private

Add all artifacts with a given tag to the portable case.

Parameters

oldTagName	The TagName object from the current case
progressPanel	The progress panel

Exceptions

TskCoreException

Definition at line 929 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase	(	TagName	oldTagName,
		ReportProgressPanel	progressPanel
	)		throws TskCoreException

private

Add all files with a given tag to the portable case.

Parameters

oldTagName	The TagName object from the current case
progressPanel	The progress panel

Exceptions

TskCoreException

Definition at line 823 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addImageTagToPortableCase(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContentToPortableCase(), org.sleuthkit.autopsy.casemodule.services.TagsManager.getContentTagsByTagName(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getImageTagDataForContentTag(), org.sleuthkit.autopsy.casemodule.Case.getServices(), org.sleuthkit.autopsy.report.ReportProgressPanel.getStatus(), and org.sleuthkit.autopsy.casemodule.services.Services.getTagsManager().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addImageTagToPortableCase	(	ContentTag	newContentTag,
		String	appData
	)		throws TskCoreException

private

Add an image tag to the portable case.

Parameters

newContentTag	The content tag in the portable case
appData	The string to copy into app_data

Exceptions

TskCoreException

Definition at line 916 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_NAME.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase().

boolean org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addUniqueFile	(	Content	content,
		DataSource	dataSource,
		Path	tmpDir,
		Gson	gson,
		CaseUcoExporter	exporter,
		JsonWriter	reportWriter,
		boolean	dataSourceHasBeenIncluded
	)		throws IOException, TskCoreException

private

Adds the content if and only if it has not already been seen.

Parameters

content	Content to add to the report.
dataSource	Parent dataSource of the content instance.
tmpDir	Path to the tmpDir to enforce uniqueness
gson
exporter
reportWriter	Report generator instance to add the content to
dataSourceHasBeenIncluded	Flag determining if the data source should be written to the report (false indicates that it should be written).

Exceptions

IOException	If an I/O error occurs.
TskCoreException	If an internal database error occurs.

return True if the file was written during this operation.

Definition at line 657 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.coreutils.FileUtil.escapeFileName(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getExportSubfolder().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup ( )

private

Clear out the maps and other fields and close the database connections.

Definition at line 1571 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.closePortableCaseDatabase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldAttrTypeIdToNewAttrType.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleCancellation(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleError().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.closePortableCaseDatabase ( )

private

Close the portable case

Definition at line 1592 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase().

boolean org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase	(	ReportProgressPanel	progressPanel,
		String	folderToCompress
	)

private

Definition at line 1640 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyApplication	(	Path	sourceFolder,
		String	destBaseFolder
	)		throws IOException

private

Copy the sorceFolder to destBaseFolder/appName.

Parameters

sourceFolder	Autopsy installation directory.
destBaseFolder	Report base direction.

Exceptions

IOException

Definition at line 1539 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.core.UserPreferences.getAppName().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

BlackboardArtifact org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact	(	long	newContentId,
		BlackboardArtifact	artifactToCopy
	)		throws TskCoreException

private

Copy an artifact into the new case. Will also copy any associated artifacts

Parameters

newContentId	The content ID (in the portable case) of the source content
artifactToCopy	The artifact to copy

Returns: The new artifact in the portable case

Exceptions

TskCoreException

Definition at line 974 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyOsAccount(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewArtifactTypeId(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewAttributeType(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyAttachments	(	BlackboardArtifact	newArtifact,
		BlackboardArtifact	oldArtifact,
		AbstractFile	newFile
	)		throws TskCoreException

private

Copy attachments to the portable case.

Parameters

newArtifact	The new artifact in the portable case. Should not have a TSK_ATTACHMENTS attribute.
oldArtifact	The old artifact.
newFile	The new file in the portable case associated with the artifact.

Exceptions

TskCoreException

Definition at line 1434 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase().

long org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent ( Content content ) throws TskCoreException

private

Returns the object ID for the given content object in the portable case.

Parameters

content The content object to copy into the portable case

Returns: the new object ID for this content

Exceptions

TskCoreException

Definition at line 1182 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyHost(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyOsAccount(), org.sleuthkit.autopsy.coreutils.FileUtil.escapeFileName(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getExportSubfolder(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyAttachments(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContentToPortableCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyPathID().

long org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContentToPortableCase	(	Content	content,
		ReportProgressPanel	progressPanel
	)		throws TskCoreException

private

Top level method to copy a content object to the portable case.

Parameters

content	The content object to copy
progressPanel	The progress panel

Returns: The object ID of the copied content in the portable case

Exceptions

TskCoreException

Definition at line 1168 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.report.ReportProgressPanel.updateStatusLabel().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

Host org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyHost ( Host oldHost ) throws TskCoreException

private

Copy a host into the portable case and add it to the oldHostIdToNewHost map.

Parameters

oldHost The host to copy

Returns: The new host

Exceptions

TskCoreException

Definition at line 1323 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyOsAccount().

OsAccount org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyOsAccount ( Long oldOsAccountId ) throws TskCoreException

private

Copy an OS Account to the new case and add it to the oldOsAccountIdToNewOsAccountId map. Will also copy the associated realm.

Parameters

oldOsAccountId The OS account id in the current case.

Definition at line 1340 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyHost(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyPathID	(	BlackboardArtifact	newArtifact,
		BlackboardArtifact	oldArtifact
	)		throws TskCoreException

private

Copy path ID attribute to new case along with the referenced file.

Parameters

newArtifact	The new artifact in the portable case. Should not have a TSK_PATH_ID attribute.
oldArtifact	The old artifact.

Exceptions

TskCoreException

Definition at line 1408 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addArtifactsToPortableCase().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createAppLaunchBatFile ( String destBaseFolder ) throws IOException

private

Create a bat file at destBaseFolder that will launch the portable case.

Parameters

destBaseFolder Folder to create the bat file in.

Exceptions

IOException

Definition at line 1558 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName, org.sleuthkit.autopsy.core.UserPreferences.getAppName(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExeName().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase	(	File	outputDir,
		ReportProgressPanel	progressPanel
	)

private

Create the case directory and case database. portableSkCase will be set if this completes without error.

Parameters

outputDir	The parent for the case folder
progressPanel

Definition at line 724 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName, org.sleuthkit.autopsy.casemodule.Case.createPortableCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.FILE_FOLDER_NAME, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleError(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.saveHighestIds(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.UNKNOWN_FILE_TYPE_FOLDER.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport	(	List< TagName >	tagNames,
		List< String >	setNames,
		ReportProgressPanel	progressPanel
	)

private

Generates a CASE-UCO report for all files that have a specified TagName or TSK_INTERESTING artifacts that are flagged by the specified SET_NAMEs.

Only one copy of the file will be saved in the report if it is the source of more than one of the above.

Parameters

tagNames	TagNames to included in the report.
setNames	SET_NAMEs to include in the report.
progressPanel	ProgressPanel to relay progress messages.

Definition at line 530 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport	(	String	reportPath,
		PortableCaseReportModuleSettings	options,
		ReportProgressPanel	progressPanel
	)

("deprecation") - we need to support already existing interesting file and artifact hits.

Definition at line 250 of file PortableCaseReportModule.java.

List<String> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAllInterestingItemsSets ( ) throws NoCurrentCaseException, TskCoreException

private

("deprecation") - we need to support already existing interesting file and artifact hits.

Definition at line 686 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.GetInterestingItemSetNamesCallback.getSetCountMap(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

Path org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getApplicationBasePath ( )

private

Returns base path of the users autopsy installation.

Returns: Path of autopsy installation.

Definition at line 1504 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExePath().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExeName ( )

private

Generate the name of the autopsy exe.

Returns: The name of the autopsy exe.

Definition at line 1526 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.core.UserPreferences.getAppName().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createAppLaunchBatFile(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExePath().

Path org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExePath ( )

private

Find the path of the installed version of autopsy.

Returns: Path to the installed autopsy.exe.

Definition at line 1513 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExeName(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.getInstallPath().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getApplicationBasePath().

default ReportModuleSettings org.sleuthkit.autopsy.report.ReportModule.getConfiguration ( )

inherited

Get current configuration for this report module.

Returns: Object which contains current report module settings.

Implemented in org.sleuthkit.autopsy.report.modules.html.HTMLReport, and org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb.

Definition at line 79 of file ReportModule.java.

default JPanel org.sleuthkit.autopsy.report.ReportModule.getConfigurationPanel ( )

inherited

Returns the configuration panel for the report, which is displayed in the report configuration step of the report wizard.

Returns: Configuration panel or null if the module does not need configuration.

Implemented in org.sleuthkit.autopsy.report.modules.kml.KMLReport, org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb, org.sleuthkit.autopsy.keywordsearch.ExtractAllTermsReport, org.sleuthkit.autopsy.report.modules.html.HTMLReport, org.sleuthkit.autopsy.report.modules.caseuco.CaseUcoReportModule, org.sleuthkit.autopsy.report.modules.datasourcesummaryexport.DataSourceSummaryReport, and org.sleuthkit.autopsy.report.GeneralReportModuleAdapter.

Definition at line 61 of file ReportModule.java.

default ReportModuleSettings org.sleuthkit.autopsy.report.ReportModule.getDefaultConfiguration ( )

inherited

Get default configuration for this report module.

Returns: Object which contains default report module settings.

Implemented in org.sleuthkit.autopsy.report.modules.html.HTMLReport, and org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb.

Definition at line 70 of file ReportModule.java.

Referenced by org.sleuthkit.autopsy.report.infrastructure.ReportGenerator.generateReports().

String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getDescription ( )

Gets a one-line, user friendly description of the type of report this module generates.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 168 of file PortableCaseReportModule.java.

String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getExportSubfolder ( AbstractFile abstractFile )

private

Return the subfolder name for this file based on MIME type

Parameters

abstractFile the file

Returns: the name of the appropriate subfolder for this file type

Definition at line 1486 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.UNKNOWN_FILE_TYPE_FOLDER.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addUniqueFile(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyContent().

String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getImageTagDataForContentTag ( ContentTag tag ) throws TskCoreException

private

Gets the image tag data for a given content tag

Parameters

tag	The ContentTag in the current case

Returns: The app_data string for this content tag or an empty string if there was none

Exceptions

TskCoreException

Definition at line 867 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_NAME.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.addFilesToPortableCase().

Multimap<Long, BlackboardArtifact> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getInterestingArtifactsBySetName	(	SleuthkitCase	skCase,
		List< String >	setNames
	)		throws TskCoreException

private

Load all interesting BlackboardArtifacts that belong to the selected SET_NAME. This operation would be duplicated for every data source, since the Sleuthkit API does not have a notion of searching by data source id.

("deprecation") - we need to support already existing interesting file and artifact hits.

Definition at line 616 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateCaseUcoReport().

String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getName ( )

Get the name of the report this module generates.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 160 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.locate7ZipExecutable().

int org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewArtifactTypeId ( BlackboardArtifact oldArtifact ) throws TskCoreException

private

Get the artifact type ID in the portable case and create new artifact type if needed. For built-in artifacts this will be the same as the original.

Parameters

oldArtifact The artifact in the current case

Returns: The corresponding artifact type ID in the portable case

Definition at line 1115 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact().

BlackboardAttribute.Type org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewAttributeType ( BlackboardAttribute oldAttribute ) throws TskCoreException

private

Get the attribute type ID in the portable case and create new attribute type if needed. For built-in attributes this will be the same as the original.

Parameters

oldAttribute The attribute in the current case

Returns: The corresponding attribute type in the portable case

Definition at line 1139 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldAttrTypeIdToNewAttrType.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copyArtifact().

String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getRelativeFilePath ( )

Gets the relative path of the report file, if any, generated by this module. The path should be relative to the location that gets passed in to generateReport() (or similar).

Returns: Relative path to where report will be stored. Return an empty string if the location passed to generateReport() is the output location. Return null to indicate that there is no report file.

Implements org.sleuthkit.autopsy.report.ReportModule.

Definition at line 173 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName, org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getDisplayName().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleCancellation ( ReportProgressPanel progressPanel )

private

Convenience method for handling cancellation

Parameters

progressPanel The report progress panel

Definition at line 188 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.CANCELED, org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), and org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.handleError	(	String	logWarning,
		String	dialogWarning,
		Exception	ex,
		ReportProgressPanel	progressPanel
	)

private

Convenience method to avoid code duplication. Assumes that if an exception is supplied then the error is SEVERE. Otherwise it is logged as a WARNING.

Parameters

logWarning	Warning to write to the log
dialogWarning	Warning to write to a pop-up window
ex	The exception (can be null)
progressPanel	The report progress panel

Definition at line 205 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), org.sleuthkit.autopsy.report.ReportProgressPanel.complete(), org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus.ERROR, and org.sleuthkit.autopsy.report.ReportProgressPanel.setIndeterminate().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.initializeImageTags ( ReportProgressPanel progressPanel ) throws TskCoreException

private

Set up the image tag table in the portable case

Parameters

progressPanel

Exceptions

TskCoreException

Definition at line 806 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_NAME, and org.sleuthkit.autopsy.casemodule.services.contentviewertags.ContentViewerTagManager.TABLE_SCHEMA_SQLITE.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport().

static File org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.locate7ZipExecutable ( )

staticprivate

Locate the 7-Zip executable from the release folder.

Returns: 7-Zip executable

Definition at line 1723 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getName(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.compressCase().

void org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.saveHighestIds ( ) throws TskCoreException

private

Save the current highest IDs to the portable case.

Exceptions

TskCoreException

Definition at line 784 of file PortableCaseReportModule.java.

References org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase().

default void org.sleuthkit.autopsy.report.ReportModule.setConfiguration ( ReportModuleSettings settings )

inherited

Set report module configuration.

Parameters

settings Object which contains report module settings.

Implemented in org.sleuthkit.autopsy.report.modules.html.HTMLReport, and org.sleuthkit.autopsy.report.modules.taggedhashes.SaveTaggedHashesToHashDb.

Definition at line 88 of file ReportModule.java.

Referenced by org.sleuthkit.autopsy.report.infrastructure.ReportGenerator.generateReports().

Member Data Documentation

final String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.CASE_UCO_FILE_NAME = "portable_CASE_UCO_output"

staticprivate

Definition at line 107 of file PortableCaseReportModule.java.

final String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.CASE_UCO_TMP_DIR = "case_uco_tmp"

staticprivate

Definition at line 108 of file PortableCaseReportModule.java.

File org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseFolder = null

private

Definition at line 123 of file PortableCaseReportModule.java.

String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.caseName = ""

private

Definition at line 122 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createAppLaunchBatFile(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getRelativeFilePath().

File org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.copiedFilesFolder = null

private

Definition at line 124 of file PortableCaseReportModule.java.

Case org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.currentCase = null

private

Definition at line 120 of file PortableCaseReportModule.java.

final String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.FILE_FOLDER_NAME = "PortableCaseFiles"

staticprivate

Definition at line 104 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase().

final List<FileTypeCategory> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.FILE_TYPE_CATEGORIES

staticprivate

Initial value:

= Arrays.asList(FileTypeCategory.AUDIO, FileTypeCategory.DOCUMENTS,

FileTypeCategory.EXECUTABLE, FileTypeCategory.IMAGE, FileTypeCategory.VIDEO)

Definition at line 112 of file PortableCaseReportModule.java.

final Logger org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.logger = Logger.getLogger(PortableCaseReportModule.class.getName())

staticprivate

Definition at line 103 of file PortableCaseReportModule.java.

final String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.MAX_ID_TABLE_NAME = "portable_case_max_ids"

staticprivate

Definition at line 106 of file PortableCaseReportModule.java.

final Map<Long, Content> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.newIdToContent = new HashMap<>()

private

Definition at line 130 of file PortableCaseReportModule.java.

final Map<Long, BlackboardArtifact> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldArtifactIdToNewArtifact = new HashMap<>()

private

Definition at line 142 of file PortableCaseReportModule.java.

final Map<Integer, Integer> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldArtTypeIdToNewArtTypeId = new HashMap<>()

private

Definition at line 136 of file PortableCaseReportModule.java.

final Map<Integer, BlackboardAttribute.Type> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldAttrTypeIdToNewAttrType = new HashMap<>()

private

Definition at line 139 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.cleanup(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.generateReport(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getNewAttributeType().

final Map<Long, Host> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldHostIdToNewHost = new HashMap<>()

private

Definition at line 151 of file PortableCaseReportModule.java.

final Map<Long, Content> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldIdToNewContent = new HashMap<>()

private

Definition at line 127 of file PortableCaseReportModule.java.

final Map<Long, OsAccount> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldOsAccountIdToNewOsAccount = new HashMap<>()

private

Definition at line 145 of file PortableCaseReportModule.java.

final Map<Long, OsAccountRealm> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldRealmIdToNewRealm = new HashMap<>()

private

Definition at line 148 of file PortableCaseReportModule.java.

final Map<TagName, TagName> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.oldTagNameToNewTagName = new HashMap<>()

private

Definition at line 133 of file PortableCaseReportModule.java.

SleuthkitCase org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.portableSkCase = null

private

Definition at line 121 of file PortableCaseReportModule.java.

PortableCaseReportModuleSettings org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.settings

private

Definition at line 109 of file PortableCaseReportModule.java.

final List<Integer> org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.SPECIALLY_HANDLED_ATTRS

staticprivate

Initial value:

= Arrays.asList(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID(),

BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS.getTypeID(), BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID())

Definition at line 117 of file PortableCaseReportModule.java.

final String org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.UNKNOWN_FILE_TYPE_FOLDER = "Other"

staticprivate

Definition at line 105 of file PortableCaseReportModule.java.

Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.createCase(), and org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getExportSubfolder().

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/report/modules/portablecase/PortableCaseReportModule.java

Classes

Public Member Functions

Private Member Functions

Static Private Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation