|
Autopsy
4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | AttributeType |
| class | DataSourceAttribute |
| class | DomainCategoryAttribute |
| class | DomainFrequencyCallback |
| class | FileSizeAttribute |
| class | FileTagAttribute |
| class | FileTypeAttribute |
| class | FirstActivityDateAttribute |
| class | FrequencyAttribute |
| class | FrequencyCallback |
| enum | GroupingAttributeType |
| class | HashHitsAttribute |
| class | InterestingItemAttribute |
| class | KeywordListAttribute |
| class | LastActivityDateAttribute |
| class | NoGroupingAttribute |
| class | ObjectDetectedAttribute |
| class | PageViewsAttribute |
| class | ParentPathAttribute |
| class | PreviouslyNotableAttribute |
Private Member Functions | |
| DiscoveryAttributes () | |
Static Private Member Functions | |
| static void | computeFrequency (Set< String > hashesToLookUp, List< ResultFile > currentFiles, CentralRepository centralRepoDb, SearchContext context) throws SearchCancellationException |
| static String | createCSV (Set< String > values) |
| static String | createSetNameClause (List< Result > results, int artifactTypeID, int setNameAttrID) throws DiscoveryException |
| static Map< String, List< ResultDomain > > | organizeByValue (List< ResultDomain > domainsBatch, CorrelationAttributeInstance.Type attributeType, SearchContext context) throws SearchCancellationException |
| static void | queryDomainFrequency (List< ResultDomain > domainsToQuery, CentralRepository centralRepository, SearchContext context) throws DiscoveryException, SearchCancellationException |
Static Private Attributes | |
| static final Logger | logger = Logger.getLogger(DiscoveryAttributes.class.getName()) |
Class which contains the search attributes which can be specified for Discovery.
Definition at line 55 of file DiscoveryAttributes.java.
|
private |
Private constructor for DiscoveryAttributes class.
Definition at line 1185 of file DiscoveryAttributes.java.
|
staticprivate |
Computes the CR frequency of all the given hashes and updates the list of files.
| hashesToLookUp | Hashes to find the frequency of. |
| currentFiles | List of files to update with frequencies. |
| centralRepoDb | The central repository being used. |
| context | The SearchContext the search which is applying this filter is being performed from. |
| SearchCancellationException | - Thrown when the user has cancelled the search. |
Definition at line 1113 of file DiscoveryAttributes.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoDbUtil.correlationTypeToInstanceTableName(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID.
|
staticprivate |
Helper function to create a string of comma separated values. Each value is wrapped in '. This method is used to bundle up a collection of values for use in a SQL WHERE IN (...) clause.
Definition at line 342 of file DiscoveryAttributes.java.
Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency().
|
staticprivate |
Private helper method to create a set name clause to be used in queries.
| results | The list of results to create the set name clause for. |
| artifactTypeID | The Blackboard Artifact type ID for the artifact type. |
| setNameAttrID | The set name attribute id. |
| DiscoveryException |
Definition at line 1155 of file DiscoveryAttributes.java.
References org.sleuthkit.autopsy.discovery.search.SearchData.Type.DOMAIN, org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance(), org::sleuthkit::datamodel::AbstractContent.getId(), and org.sleuthkit.autopsy.discovery.search.Result.getType().
|
staticprivate |
Organizes the domain instances by normalized domain value. This helps reduce the complexity of updating ResultDomain instances after the query has been executed.
Example: query for notable status of google.com. Result: notable With this map, all domain instances that represent google.com can be updated after one simple lookup.
| domainsBatch | The list of ResultDomains to organize. |
| attributeType | The type of correlation attribute being organized. |
| context | The SearchContext the search which is applying this filter is being performed from. |
| SearchCancellationException | - Thrown when the user has cancelled the search. |
Definition at line 318 of file DiscoveryAttributes.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize().
Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.queryDomainFrequency().
|
staticprivate |
Query to get the frequency of a domain.
| domainsToQuery | List of domains to check the frequency of. |
| centralRepository | The central repository being used to check frequency. |
| context | The SearchContext the search which is applying this filter is being performed from. |
| DiscoveryException | |
| SearchCancellationException | - Thrown when the user has cancelled the search. |
Definition at line 581 of file DiscoveryAttributes.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoDbUtil.correlationTypeToInstanceTableName(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.createCSV(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.DOMAIN_TYPE_ID, and org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.organizeByValue().
|
staticprivate |
Definition at line 57 of file DiscoveryAttributes.java.
Copyright © 2012-2024 Sleuth Kit Labs. Generated on: Mon Mar 17 2025
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.