|
Autopsy
4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits org.sleuthkit.autopsy.discovery.search.Result.
Public Member Functions | |
| ResultFile (AbstractFile abstractFile) | |
| void | addDuplicate (AbstractFile duplicate) |
| void | addHashSetName (String hashSetName) |
| void | addInterestingSetName (String interestingSetName) |
| void | addKeywordListName (String keywordListName) |
| void | addObjectDetectedName (String objectDetectedName) |
| void | addTagName (String tagName) |
| boolean | equals (Object obj) |
| List< AbstractFile > | getAllInstances () |
| Content | getDataSource () throws TskCoreException |
| long | getDataSourceObjectId () |
| Type | getFileType () |
| AbstractFile | getFirstInstance () |
| SearchData.Frequency | getFrequency () |
| List< String > | getHashSetNames () |
| List< String > | getInterestingSetNames () |
| List< String > | getKeywordListNames () |
| TskData.FileKnown | getKnown () |
| List< String > | getObjectDetectedNames () |
| final SearchData.PreviouslyNotable | getPreviouslyNotableInCR () |
| Score | getScore () |
| String | getScoreDescription () |
| List< String > | getTagNames () |
| Type | getType () |
| int | hashCode () |
| boolean | isDeleted () |
| final void | markAsPreviouslyNotableInCR () |
| final void | setFrequency (SearchData.Frequency frequency) |
| String | toString () |
Static Public Member Functions | |
| static Type | fromMIMEtype (String mimeType) |
Private Member Functions | |
| void | updateScoreAndDescription (AbstractFile file) |
Private Attributes | |
| Score | currentScore = Score.SCORE_UNKNOWN |
| boolean | deleted = false |
| Type | fileType |
| final List< String > | hashSetNames |
| final List< AbstractFile > | instances = new ArrayList<>() |
| final List< String > | interestingSetNames |
| final List< String > | keywordListNames |
| final List< String > | objectDetectedNames |
| String | scoreDescription = null |
Static Private Attributes | |
| static final Logger | logger = Logger.getLogger(ResultFile.class.getName()) |
Container for files that holds all necessary data for grouping and sorting.
Definition at line 42 of file ResultFile.java.
| org.sleuthkit.autopsy.discovery.search.ResultFile.ResultFile | ( | AbstractFile | abstractFile | ) |
Create a ResultFile from an AbstractFile
| abstractFile |
Definition at line 60 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.fromMIMEtype(), org::sleuthkit::datamodel::AbstractFile.getMIMEType(), org::sleuthkit::datamodel::AbstractFile.getUniquePath(), org::sleuthkit::datamodel::AbstractFile.isDirNameFlagSet(), org::sleuthkit::datamodel::TskData::TSK_FS_NAME_FLAG_ENUM.UNALLOC, and org.sleuthkit.autopsy.discovery.search.ResultFile.updateScoreAndDescription().
| void org.sleuthkit.autopsy.discovery.search.ResultFile.addDuplicate | ( | AbstractFile | duplicate | ) |
Add an AbstractFile to the list of files which are instances of this file.
| duplicate | The abstract file to add as a duplicate. |
Definition at line 86 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.fromMIMEtype(), org::sleuthkit::datamodel::AbstractFile.getMIMEType(), org::sleuthkit::datamodel::AbstractFile.getUniquePath(), org::sleuthkit::datamodel::AbstractFile.isDirNameFlagSet(), org.sleuthkit.autopsy.discovery.search.SearchData.Type.OTHER, org::sleuthkit::datamodel::TskData::TSK_FS_NAME_FLAG_ENUM.UNALLOC, and org.sleuthkit.autopsy.discovery.search.ResultFile.updateScoreAndDescription().
| void org.sleuthkit.autopsy.discovery.search.ResultFile.addHashSetName | ( | String | hashSetName | ) |
Add a hash set name that matched this file.
| hashSetName |
Definition at line 180 of file ResultFile.java.
| void org.sleuthkit.autopsy.discovery.search.ResultFile.addInterestingSetName | ( | String | interestingSetName | ) |
Add an interesting file set name that matched this file.
| interestingSetName |
Definition at line 203 of file ResultFile.java.
| void org.sleuthkit.autopsy.discovery.search.ResultFile.addKeywordListName | ( | String | keywordListName | ) |
Add a keyword list name that matched this file.
| keywordListName |
Definition at line 157 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.KeywordListAttribute.SetKeywordListNamesCallback.process().
| void org.sleuthkit.autopsy.discovery.search.ResultFile.addObjectDetectedName | ( | String | objectDetectedName | ) |
Add an object detected in this file.
| objectDetectedName |
Definition at line 226 of file ResultFile.java.
|
inherited |
Add a tag name that matched this file.
| tagName |
Definition at line 106 of file Result.java.
| boolean org.sleuthkit.autopsy.discovery.search.ResultFile.equals | ( | Object | obj | ) |
Definition at line 274 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance(), org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), and org::sleuthkit::datamodel::HashUtility.isNoDataMd5().
|
static |
Get the enum matching the given MIME type.
| mimeType | The MIME type for the file. |
Definition at line 310 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultFile.addDuplicate(), and org.sleuthkit.autopsy.discovery.search.ResultFile.ResultFile().
| List<AbstractFile> org.sleuthkit.autopsy.discovery.search.ResultFile.getAllInstances | ( | ) |
Get the list of AbstractFiles which have been identified as instances of this file.
Definition at line 139 of file ResultFile.java.
| Content org.sleuthkit.autopsy.discovery.search.ResultFile.getDataSource | ( | ) | throws TskCoreException |
Definition at line 325 of file ResultFile.java.
References org::sleuthkit::datamodel::AbstractFile.getDataSource(), and org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance().
| long org.sleuthkit.autopsy.discovery.search.ResultFile.getDataSourceObjectId | ( | ) |
Definition at line 320 of file ResultFile.java.
References org::sleuthkit::datamodel::AbstractFile.getDataSourceObjectId(), and org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance().
| Type org.sleuthkit.autopsy.discovery.search.ResultFile.getFileType | ( | ) |
Get the file type.
Definition at line 148 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.fileType.
| AbstractFile org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance | ( | ) |
Get the AbstractFile
Definition at line 249 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.SearchFiltering.NotableFilter.applyAlternateFilter(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.createSetNameClause(), org.sleuthkit.autopsy.discovery.search.ResultFile.equals(), org.sleuthkit.autopsy.discovery.search.ResultFile.getDataSource(), org.sleuthkit.autopsy.discovery.search.ResultFile.getDataSourceObjectId(), org.sleuthkit.autopsy.discovery.search.ResultsSorter.getDefaultComparator(), org.sleuthkit.autopsy.discovery.search.ResultFile.getKnown(), org.sleuthkit.autopsy.discovery.search.ResultsSorter.getParentPathComparator(), org.sleuthkit.autopsy.discovery.search.ResultFile.hashCode(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.KeywordListAttribute.SetKeywordListNamesCallback.process(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.FrequencyCallback.process(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.HashHitsAttribute.HashSetNamesCallback.process(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.InterestingItemAttribute.InterestingFileSetNamesCallback.process(), org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.ObjectDetectedAttribute.ObjectDetectedNamesCallback.process(), and org.sleuthkit.autopsy.discovery.search.ResultFile.toString().
|
inherited |
Get the frequency of this result in the central repository.
Definition at line 49 of file Result.java.
References org.sleuthkit.autopsy.discovery.search.Result.frequency.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultsSorter.getFrequencyComparator(), org.sleuthkit.autopsy.discovery.search.ResultDomain.toString(), and org.sleuthkit.autopsy.discovery.search.ResultFile.toString().
| List<String> org.sleuthkit.autopsy.discovery.search.ResultFile.getHashSetNames | ( | ) |
Get the hash set names for this file
Definition at line 194 of file ResultFile.java.
| List<String> org.sleuthkit.autopsy.discovery.search.ResultFile.getInterestingSetNames | ( | ) |
Get the interesting item set names for this file
Definition at line 217 of file ResultFile.java.
| List<String> org.sleuthkit.autopsy.discovery.search.ResultFile.getKeywordListNames | ( | ) |
Get the keyword list names for this file
Definition at line 171 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultsSorter.getKeywordListNameComparator().
| TskData.FileKnown org.sleuthkit.autopsy.discovery.search.ResultFile.getKnown | ( | ) |
Definition at line 330 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance(), and org::sleuthkit::datamodel::AbstractFile.getKnown().
| List<String> org.sleuthkit.autopsy.discovery.search.ResultFile.getObjectDetectedNames | ( | ) |
Get the objects detected for this file
Definition at line 240 of file ResultFile.java.
|
inherited |
Get the previously notable value of this result.
Definition at line 72 of file Result.java.
References org.sleuthkit.autopsy.discovery.search.Result.notabilityStatus.
| Score org.sleuthkit.autopsy.discovery.search.ResultFile.getScore | ( | ) |
Get the aggregate score of this ResultFile. Calculated as the highest score among all instances it represents.
Definition at line 109 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.currentScore.
| String org.sleuthkit.autopsy.discovery.search.ResultFile.getScoreDescription | ( | ) |
Get the description for the score assigned to this item.
Definition at line 118 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.scoreDescription.
|
inherited |
Get the tag names for this file
Definition at line 120 of file Result.java.
| Type org.sleuthkit.autopsy.discovery.search.ResultFile.getType | ( | ) |
Definition at line 335 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.fileType.
| int org.sleuthkit.autopsy.discovery.search.ResultFile.hashCode | ( | ) |
Definition at line 262 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance(), org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), and org::sleuthkit::datamodel::HashUtility.isNoDataMd5().
| boolean org.sleuthkit.autopsy.discovery.search.ResultFile.isDeleted | ( | ) |
Get the aggregate deleted status of this ResultFile. A file is identified as deleted if all instances of it are deleted.
Definition at line 128 of file ResultFile.java.
References org.sleuthkit.autopsy.discovery.search.ResultFile.deleted.
|
inherited |
Mark the result as being previously notable in the CR.
Definition at line 63 of file Result.java.
References org.sleuthkit.autopsy.discovery.search.Result.notabilityStatus, and org.sleuthkit.autopsy.discovery.search.SearchData.PreviouslyNotable.PREVIOUSLY_NOTABLE.
|
inherited |
Set the frequency of this result in the central repository.
| frequency | The frequency of the result as an enum. |
Definition at line 81 of file Result.java.
References org.sleuthkit.autopsy.discovery.search.Result.frequency.
Referenced by org.sleuthkit.autopsy.discovery.search.DiscoveryAttributes.FrequencyCallback.process().
| String org.sleuthkit.autopsy.discovery.search.ResultFile.toString | ( | ) |
Definition at line 254 of file ResultFile.java.
References org::sleuthkit::datamodel::AbstractFile.getDataSourceObjectId(), org.sleuthkit.autopsy.discovery.search.ResultFile.getFirstInstance(), org.sleuthkit.autopsy.discovery.search.Result.getFrequency(), org::sleuthkit::datamodel::AbstractContent.getId(), org::sleuthkit::datamodel::AbstractFile.getMIMEType(), org::sleuthkit::datamodel::AbstractContent.getName(), org::sleuthkit::datamodel::AbstractFile.getParentPath(), and org::sleuthkit::datamodel::AbstractFile.getSize().
|
private |
Definition at line 290 of file ResultFile.java.
References org::sleuthkit::datamodel::ScoringManager.getAggregateScore(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org::sleuthkit::datamodel::Score::Significance.getDisplayName(), org::sleuthkit::datamodel::AbstractContent.getId(), org::sleuthkit::datamodel::SleuthkitCase.getScoringManager(), org::sleuthkit::datamodel::Score.getSignificance(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org::sleuthkit::datamodel::Score.SCORE_UNKNOWN.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultFile.addDuplicate(), and org.sleuthkit.autopsy.discovery.search.ResultFile.ResultFile().
|
private |
Definition at line 50 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultFile.getScore().
|
private |
Definition at line 52 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultFile.isDeleted().
|
private |
Definition at line 53 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultFile.getFileType(), and org.sleuthkit.autopsy.discovery.search.ResultFile.getType().
|
private |
Definition at line 46 of file ResultFile.java.
|
private |
Definition at line 49 of file ResultFile.java.
|
private |
Definition at line 47 of file ResultFile.java.
|
private |
Definition at line 45 of file ResultFile.java.
|
staticprivate |
Definition at line 44 of file ResultFile.java.
|
private |
Definition at line 48 of file ResultFile.java.
|
private |
Definition at line 51 of file ResultFile.java.
Referenced by org.sleuthkit.autopsy.discovery.search.ResultFile.getScoreDescription().
Copyright © 2012-2024 Sleuth Kit Labs. Generated on: Mon Mar 17 2025
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.