An interface for setting and retrieving name/value pairs to the blackboard. More...
#include <TskBlackboard.h>
Inheritance diagram for TskBlackboard:
Public Member Functions | |
| virtual TskBlackboardArtifact | createArtifact (const uint64_t file_id, const int artifactTypeID)=0 |
| Create a new blackboard artifact with the given type id and file id. More... | |
| virtual TskBlackboardArtifact | createArtifact (const uint64_t file_id, const TSK_ARTIFACT_TYPE artifactType)=0 |
| Create a new blackboard artifact with the given type and file id. More... | |
| virtual TskBlackboardArtifact | createArtifact (const uint64_t file_id, const string &artifactTypeName)=0 |
| Add a new artifact type with the given name and file id. More... | |
| virtual void | createGenInfoAttribute (const uint64_t file_id, TskBlackboardAttribute &attr)=0 |
| Add a new attribute to the general info artifact for the given file. More... | |
| virtual vector< int > | findAttributeTypes (int artifactTypeId)=0 |
| Search the entire blackboard for all attribute types associated with any artifact of the given type. More... | |
| virtual vector < TskBlackboardArtifact > | getArtifacts (const uint64_t file_id, const string &artifactTypeName) const =0 |
| Get all artifacts with the given type name and file id. More... | |
| virtual vector < TskBlackboardArtifact > | getArtifacts (const uint64_t file_id, int artifactTypeID) const =0 |
| Get all artifacts with the given type id and file id. More... | |
| virtual vector < TskBlackboardArtifact > | getArtifacts (const uint64_t file_id, TSK_ARTIFACT_TYPE artifactType) const =0 |
| Get all artifacts with the given type and file id. More... | |
| virtual vector < TskBlackboardArtifact > | getArtifacts (const TSK_ARTIFACT_TYPE artifactType) const =0 |
| Get all artifacts with the given type. More... | |
| virtual vector < TskBlackboardAttribute > | getAttributes (const uint64_t file_id, const string &attributeTypeName) const =0 |
| Get all attributes with the given type name and file id. More... | |
| virtual vector < TskBlackboardAttribute > | getAttributes (const uint64_t file_id, int attributeTypeID) const =0 |
| Get all attributes with the given type and file id. More... | |
| virtual vector < TskBlackboardAttribute > | getAttributes (const uint64_t file_id, TSK_ATTRIBUTE_TYPE attributeType) const =0 |
| Get all attributes with the given type and file id. More... | |
| virtual vector < TskBlackboardAttribute > | getAttributes (const TSK_ATTRIBUTE_TYPE attributeType) const =0 |
| Get all attributes with the given type. More... | |
| virtual TskBlackboardArtifact | getBlackboardArtifact (const long artifactID)=0 |
| Get the artifact with the given id. More... | |
| virtual vector < TskBlackboardArtifact > | getMatchingArtifacts (const string &condition) const =0 |
| Get all artifacts that match the given condition. More... | |
| virtual vector < TskBlackboardAttribute > | getMatchingAttributes (const string &condition) const =0 |
| Get all attributes that match the given condition. More... | |
Static Public Member Functions | |
| static int | addArtifactType (const string &artifactTypeName, const string &displayName) |
| Add a new artifact type with the given name and display name. More... | |
| static int | addAttributeType (const string &attributeTypeName, const string &displayName) |
| Add a new attribute type with the given name and display name. More... | |
| static string | artTypeIDToDisplayName (const int artifactTypeID) |
| Convert artifact type id to display name. More... | |
| static string | artTypeIDToTypeName (const int artifactTypeID) |
| Convert artifact type id to name. More... | |
| static int | artTypeNameToTypeID (const string &artifactTypeString) |
| Convert artifact type name to id. More... | |
| static string | attrTypeIDToTypeDisplayName (const int attributeTypeID) |
| Convert attribute type id to display name. More... | |
| static string | attrTypeIDToTypeName (const int attributeTypeID) |
| Convert attribute type id to name. More... | |
| static int | attrTypeNameToTypeID (const string &attributeTypeString) |
| Convert attribute type name to id. More... | |
Protected Member Functions | |
| virtual void | addBlackboardAttribute (TskBlackboardAttribute &attr)=0 |
| TskBlackboard () | |
| Default Constructor. | |
| TskBlackboard (TskBlackboard const &) | |
| Copy Constructor. | |
| virtual | ~TskBlackboard () |
| Destructor. | |
Static Protected Member Functions | |
| static map< int, TskArtifactNames > | getAllArtifactTypes () |
|
static map< int, TskAttributeNames > | getAllAttributeTypes () |
Friends | |
| class | TskBlackboardArtifact |
| class | TskImgDB |
Detailed Description
An interface for setting and retrieving name/value pairs to the blackboard.
The blackboard is used to store data for use by later modules in the pipeline. Can be registered with and retrieved from TskServices.
Member Function Documentation
|
static |
Add a new artifact type with the given name and display name.
- Parameters
-
artifactTypeName name for the new attribute type. should be unique displayName name to display for this type. need not be unique
- Returns
- the new artifact type id generated for the type.
- Exceptions
-
error if a type with that name already exists
|
static |
Add a new attribute type with the given name and display name.
- Parameters
-
attributeTypeName name for the new attribute type. should be unique displayName name to display for this type. need not be unique
- Returns
- the new attribute type id generated for the type.
- Exceptions
-
error if a type with that name already exists
|
static |
Convert artifact type id to display name.
- Parameters
-
artifactTypeID artifact type id
- Returns
- display name
- Exceptions
-
error if no type exists with that id
|
static |
Convert artifact type id to name.
- Parameters
-
artifactTypeID id
- Returns
- artifact type name
- Exceptions
-
error if no type exists with that id
|
static |
Convert artifact type name to id.
- Parameters
-
artifactTypeString artifact type name
- Returns
- artifact type id
- Exceptions
-
error if no type exists with that name
|
static |
Convert attribute type id to display name.
- Parameters
-
attributeTypeID attribute type id
- Returns
- display name
- Exceptions
-
error if no type exists for that id
|
static |
Convert attribute type id to name.
- Parameters
-
attributeTypeID id
- Returns
- attribute type name
- Exceptions
-
error if no type exists with that name
|
static |
Convert attribute type name to id.
- Parameters
-
attributeTypeString attribute type name
- Returns
- attribute type id
- Exceptions
-
error if no type exists with that name
|
pure virtual |
Create a new blackboard artifact with the given type id and file id.
- Parameters
-
artifactTypeID artifact type id file_id associated file id
- Returns
- the new artifact
- Exceptions
-
error if the artifact type does not exist
Implemented in TskDBBlackboard.
Referenced by TskFile::createArtifact().
|
pure virtual |
Create a new blackboard artifact with the given type and file id.
- Parameters
-
file_id associated file id artifactType artifact type
- Returns
- the new artifact
- Exceptions
-
error if the artifact type does not exist
Implemented in TskDBBlackboard.
|
pure virtual |
Add a new artifact type with the given name and file id.
- Parameters
-
file_id associated file id artifactTypeName System name of artifact type
- Returns
- the new artifact
- Exceptions
-
error if the artifact type does not exist
Implemented in TskDBBlackboard.
|
pure virtual |
Add a new attribute to the general info artifact for the given file.
- Parameters
-
file_id file id for the file to add the attribute to attr and attribute populated with values. this attribute will have its artifact_id and obj_id set by this method.
- Exceptions
-
error if no file with the given id exists or if a bad attribute is passed in.
Implemented in TskDBBlackboard.
|
pure virtual |
Search the entire blackboard for all attribute types associated with any artifact of the given type.
- Parameters
-
artifactTypeId artifact type to search
- Returns
- a vector of attribute ids can return an empty vector if no types are found
Implemented in TskDBBlackboard.
|
pure virtual |
Get all artifacts with the given type name and file id.
- Parameters
-
file_id associated file id artifactTypeName type name
- Returns
- vector of matching artifacts can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
Referenced by TskFile::getArtifacts().
|
pure virtual |
Get all artifacts with the given type id and file id.
- Parameters
-
file_id associated file id artifactTypeID type id
- Returns
- vector of matching artifacts can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
|
pure virtual |
Get all artifacts with the given type and file id.
- Parameters
-
file_id associated file id artifactType name
- Returns
- vector of matching artifacts can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
|
pure virtual |
Get all artifacts with the given type.
- Parameters
-
artifactType type
- Returns
- vector of matching artifacts can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
|
pure virtual |
Get all attributes with the given type name and file id.
- Parameters
-
file_id associated file id attributeTypeName type name
- Returns
- vector of matching attributes can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
|
pure virtual |
Get all attributes with the given type and file id.
- Parameters
-
file_id associated file id attributeTypeID Type of attribute to return
- Returns
- vector of matching attributes can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
|
pure virtual |
Get all attributes with the given type and file id.
- Parameters
-
file_id associated file id attributeType name
- Returns
- vector of matching attributes can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
|
pure virtual |
Get all attributes with the given type.
- Parameters
-
attributeType type
- Returns
- vector of matching attributes can return an empty vector if there are no matches
Implemented in TskDBBlackboard.
|
pure virtual |
Get the artifact with the given id.
- Parameters
-
artifactID id
- Returns
- the artifact throws an error if no artifact matches that id.
Implemented in TskDBBlackboard.
Referenced by TskBlackboardAttribute::getParentArtifact().
|
pure virtual |
Get all artifacts that match the given condition.
- Parameters
-
condition condition (implementation specific) to use for matching
- Returns
- vector of matching artifacts can return an empty vector if there are no matches
- Exceptions
-
error if a bad condition string is supplied
Implemented in TskDBBlackboard.
Referenced by TskFile::getAllArtifacts().
|
pure virtual |
Get all attributes that match the given condition.
- Parameters
-
condition (implementation specific) to use for matching
- Returns
- vector of matching attributes can return an empty vector if there are no matches
- Exceptions
-
error if a bad condition string is supplied
Implemented in TskDBBlackboard.
The documentation for this class was generated from the following files:
- framework/tsk/framework/services/TskBlackboard.h
- framework/tsk/framework/services/TskBlackboard.cpp