Sleuth Kit Java Bindings (JNI)  4.10.2
Java bindings for using The Sleuth Kit
BlackboardArtifact.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011-2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.io.Serializable;
22 import java.io.UnsupportedEncodingException;
23 import java.sql.SQLException;
24 import java.text.MessageFormat;
25 import java.util.ArrayList;
26 import java.util.Arrays;
27 import java.util.Collection;
28 import java.util.Collections;
29 import java.util.HashMap;
30 import java.util.HashSet;
31 import java.util.List;
32 import java.util.Map;
33 import java.util.Objects;
34 import java.util.ResourceBundle;
35 import java.util.Set;
36 import java.util.stream.Collectors;
37 import java.util.stream.Stream;
38 import org.sleuthkit.datamodel.Blackboard.BlackboardException;
39 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
40 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
41 import org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction;
42 import org.sleuthkit.datamodel.SleuthkitCase.ObjectInfo;
43 
55 public class BlackboardArtifact implements Content {
56 
57  private static final ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
58  private final long artifactId;
59  private final long sourceObjId; // refers to objID of parent/source object
60  private final long artifactObjId; // objId of the artifact in tsk_objects. TBD: replace artifactID with this
61  private final Long dataSourceObjId; // objId of the data source in tsk_objects.
62  private final int artifactTypeId;
63  private final String artifactTypeName;
64  private final String displayName;
65  private ReviewStatus reviewStatus;
66  private final SleuthkitCase sleuthkitCase;
67  private final List<BlackboardAttribute> attrsCache = new ArrayList<BlackboardAttribute>();
68  private boolean loadedCacheFromDb = false;
69  private volatile Content parent;
70  private volatile String uniquePath;
71 
72  private byte[] contentBytes = null;
73 
74  private volatile boolean checkedHasChildren;
75  private volatile boolean hasChildren;
76  private volatile int childrenCount;
77 
98  BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long sourceObjId, long artifactObjId, Long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName, ReviewStatus reviewStatus) {
99 
100  this.sleuthkitCase = sleuthkitCase;
101  this.artifactId = artifactID;
102  this.sourceObjId = sourceObjId;
103  this.artifactObjId = artifactObjId;
104  this.artifactTypeId = artifactTypeID;
105  this.dataSourceObjId = dataSourceObjId;
106  this.artifactTypeName = artifactTypeName;
107  this.displayName = displayName;
108  this.reviewStatus = reviewStatus;
109 
110  this.checkedHasChildren = false;
111  this.hasChildren = false;
112  this.childrenCount = -1;
113 
114  }
115 
136  BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long sourceObjId, long artifactObjID, Long dataSourceObjID, int artifactTypeID, String artifactTypeName, String displayName, ReviewStatus reviewStatus, boolean isNew) {
137  this(sleuthkitCase, artifactID, sourceObjId, artifactObjID, dataSourceObjID, artifactTypeID, artifactTypeName, displayName, reviewStatus);
138  if (isNew) {
139  /*
140  * If this object represents a newly created artifact, then its
141  * collection of attributes has already been populated and there is
142  * no need to fetch them form the case database.
143  */
144  this.loadedCacheFromDb = true;
145  }
146  }
147 
154  public SleuthkitCase getSleuthkitCase() {
155  return sleuthkitCase;
156  }
157 
163  public long getArtifactID() {
164  return this.artifactId;
165  }
166 
173  public long getObjectID() {
174  return this.sourceObjId;
175  }
176 
182  Long getDataSourceObjectID() {
183  return this.dataSourceObjId;
184  }
185 
191  public int getArtifactTypeID() {
192  return this.artifactTypeId;
193  }
194 
200  public BlackboardArtifact.Type getType() throws TskCoreException {
201  BlackboardArtifact.Type standardTypesValue = BlackboardArtifact.Type.STANDARD_TYPES.get(getArtifactTypeID());
202  if (standardTypesValue != null) {
203  return standardTypesValue;
204  } else {
205  return getSleuthkitCase().getArtifactType(getArtifactTypeID());
206  }
207  }
208 
214  public String getArtifactTypeName() {
215  return this.artifactTypeName;
216  }
217 
223  public String getDisplayName() {
224  return this.displayName;
225  }
226 
234  public String getShortDescription() throws TskCoreException {
235  BlackboardAttribute attr = null;
236  StringBuilder shortDescription = new StringBuilder("");
237  switch (ARTIFACT_TYPE.fromID(artifactTypeId)) {
238  case TSK_WEB_BOOKMARK: //web_bookmark, web_cookie, web_download, and web_history are the same attribute for now
239  case TSK_WEB_COOKIE:
240  case TSK_WEB_DOWNLOAD:
241  case TSK_WEB_HISTORY:
242  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DOMAIN));
243  break;
244  case TSK_KEYWORD_HIT:
245  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW));
246  break;
247  case TSK_DEVICE_ATTACHED:
248  attr = getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_DEVICE_ID));
249  break;
250  case TSK_CONTACT: //contact, message, and calllog are the same attributes for now
251  case TSK_MESSAGE:
252  case TSK_CALLLOG:
253  //get the first of these attributes which exists and is non null
254  final ATTRIBUTE_TYPE[] typesThatCanHaveName = {ATTRIBUTE_TYPE.TSK_NAME,
255  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
256  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
257  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO,
258  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME,
259  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE,
260  ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_OFFICE,
261  ATTRIBUTE_TYPE.TSK_EMAIL,
262  ATTRIBUTE_TYPE.TSK_EMAIL_FROM,
263  ATTRIBUTE_TYPE.TSK_EMAIL_TO,
264  ATTRIBUTE_TYPE.TSK_EMAIL_HOME,
265  ATTRIBUTE_TYPE.TSK_EMAIL_OFFICE}; //in the order we want to use them
266  for (ATTRIBUTE_TYPE t : typesThatCanHaveName) {
267  attr = getAttribute(new BlackboardAttribute.Type(t));
268  if (attr != null && !attr.getDisplayString().isEmpty()) {
269  break;
270  }
271  }
272  break;
273  default:
274  break;
275  }
276  if (attr != null) {
277  shortDescription.append(attr.getAttributeType().getDisplayName()).append(": ").append(attr.getDisplayString());
278  } else {
279  shortDescription.append(getDisplayName());
280  }
281  //get the first of these date attributes which exists and is non null
282  final ATTRIBUTE_TYPE[] typesThatCanHaveDate = {ATTRIBUTE_TYPE.TSK_DATETIME,
283  ATTRIBUTE_TYPE.TSK_DATETIME_SENT,
284  ATTRIBUTE_TYPE.TSK_DATETIME_RCVD,
285  ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
286  ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED,
287  ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED,
288  ATTRIBUTE_TYPE.TSK_DATETIME_START,
289  ATTRIBUTE_TYPE.TSK_DATETIME_END}; //in the order we want to use them
290  BlackboardAttribute date;
291  for (ATTRIBUTE_TYPE t : typesThatCanHaveDate) {
292  date = getAttribute(new BlackboardAttribute.Type(t));
293  if (date != null && !date.getDisplayString().isEmpty()) {
294  shortDescription.append(" ");
295  shortDescription.append(MessageFormat.format(bundle.getString("BlackboardArtifact.shortDescriptionDate.text"), date.getDisplayString())); //NON-NLS
296  break;
297  }
298  }
299  return shortDescription.toString();
300  }
301 
308  public ReviewStatus getReviewStatus() {
309  return reviewStatus;
310  }
311 
320  public void setReviewStatus(ReviewStatus newStatus) throws TskCoreException {
321  getSleuthkitCase().setReviewStatus(this, newStatus);
322  reviewStatus = newStatus;
323  }
324 
336  public void addAttribute(BlackboardAttribute attribute) throws TskCoreException {
337  attribute.setArtifactId(artifactId);
338  attribute.setCaseDatabase(getSleuthkitCase());
339  getSleuthkitCase().addBlackboardAttribute(attribute, this.artifactTypeId);
340  attrsCache.add(attribute);
341  }
342 
351  public List<BlackboardAttribute> getAttributes() throws TskCoreException {
352  ArrayList<BlackboardAttribute> attributes;
353  if (false == loadedCacheFromDb) {
354  attributes = getSleuthkitCase().getBlackboardAttributes(this);
355  attrsCache.clear();
356  attrsCache.addAll(attributes);
357  loadedCacheFromDb = true;
358  } else {
359  attributes = new ArrayList<BlackboardAttribute>(attrsCache);
360  }
361  return attributes;
362  }
363 
378  public BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType) throws TskCoreException {
379  List<BlackboardAttribute> attributes = this.getAttributes();
380  for (BlackboardAttribute attribute : attributes) {
381  if (attribute.getAttributeType().equals(attributeType)) {
382  return attribute;
383  }
384  }
385  return null;
386  }
387 
397  public void addAttributes(Collection<BlackboardAttribute> attributes) throws TskCoreException {
398  if (attributes.isEmpty()) {
399  return;
400  }
401  for (BlackboardAttribute attribute : attributes) {
402  attribute.setArtifactId(artifactId);
403  attribute.setCaseDatabase(getSleuthkitCase());
404  }
405  getSleuthkitCase().addBlackboardAttributes(attributes, artifactTypeId);
406  attrsCache.addAll(attributes);
407  }
408 
424  public void addAttributes(Collection<BlackboardAttribute> attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException {
425 
426  if (Objects.isNull(attributes) || attributes.isEmpty()) {
427  throw new TskCoreException("Illegal argument passed to addAttributes: null or empty attributes passed to addAttributes");
428  }
429  if (Objects.isNull(caseDbTransaction)) {
430  throw new TskCoreException("Illegal argument passed to addAttributes: null caseDbTransaction passed to addAttributes");
431  }
432  try {
433  for (final BlackboardAttribute attribute : attributes) {
434  attribute.setArtifactId(artifactId);
435  attribute.setCaseDatabase(getSleuthkitCase());
436  getSleuthkitCase().addBlackBoardAttribute(attribute, artifactTypeId, caseDbTransaction.getConnection());
437  }
438  attrsCache.addAll(attributes);
439  } catch (SQLException ex) {
440  throw new TskCoreException("Error adding blackboard attributes", ex);
441  }
442  }
443 
450  @Override
451  public String getUniquePath() throws TskCoreException {
452  // Return the path of the parent file
453  // It is possible that multiple threads could be doing this calculation
454  // simultaneously, but it's worth the potential extra processing to prevent deadlocks.
455  if (uniquePath == null) {
456  String tempUniquePath = "";
457  Content myParent = getParent();
458  if (myParent != null) {
459  tempUniquePath = myParent.getUniquePath();
460  }
461 
462  // Don't update uniquePath until it is complete.
463  uniquePath = tempUniquePath;
464  }
465  return uniquePath;
466  }
467 
468  @Override
469  public Content getParent() throws TskCoreException {
470  // It is possible that multiple threads could be doing this calculation
471  // simultaneously, but it's worth the potential extra processing to prevent deadlocks.
472  if (parent == null) {
473  ObjectInfo parentInfo;
474  parentInfo = getSleuthkitCase().getParentInfo(this);
475  if (parentInfo == null) {
476  parent = null;
477  } else {
478  parent = getSleuthkitCase().getContentById(parentInfo.getId());
479  }
480  }
481  return parent;
482  }
483 
491  @Override
492  public ArrayList<BlackboardArtifact> getAllArtifacts() throws TskCoreException {
493  // Currently we don't have any artifacts derived from an artifact.
494  return new ArrayList<BlackboardArtifact>();
495  }
496 
497  @Override
498  public List<AnalysisResult> getAllAnalysisResults() throws TskCoreException {
499  return sleuthkitCase.getBlackboard().getAnalysisResults(artifactObjId);
500  }
501 
502  @Override
503  public List<DataArtifact> getAllDataArtifacts() throws TskCoreException {
504  return sleuthkitCase.getBlackboard().getDataArtifactsBySource(artifactObjId);
505  }
506 
507  @Override
508  public Score getAggregateScore() throws TskCoreException {
509  return sleuthkitCase.getScoringManager().getAggregateScore(artifactObjId);
510 
511  }
512 
513  @Override
514  public List<AnalysisResult> getAnalysisResults(BlackboardArtifact.Type artifactType) throws TskCoreException {
515  return sleuthkitCase.getBlackboard().getAnalysisResults(artifactObjId, artifactType.getTypeID()); //NON-NLS
516  }
517 
528  @Override
529  public ArrayList<BlackboardArtifact> getArtifacts(String artifactTypeName) throws TskCoreException {
530  // Currently we don't have any artifacts derived from an artifact.
531  return new ArrayList<BlackboardArtifact>();
532  }
533 
544  @Override
545  public ArrayList<BlackboardArtifact> getArtifacts(int artifactTypeID) throws TskCoreException {
546  // Currently we don't have any artifacts derived from an artifact.
547  return new ArrayList<BlackboardArtifact>();
548  }
549 
559  @Override
560  public ArrayList<BlackboardArtifact> getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
561  // Currently we don't have any artifacts derived from an artifact.
562  return new ArrayList<BlackboardArtifact>();
563  }
564 
572  @Override
573  public long getAllArtifactsCount() throws TskCoreException {
574  // Currently we don't have any artifacts derived from an artifact.
575  return 0;
576  }
577 
588  @Override
589  public long getArtifactsCount(String artifactTypeName) throws TskCoreException {
590  // Currently we don't have any artifacts derived from an artifact.
591  return 0;
592  }
593 
604  @Override
605  public long getArtifactsCount(int artifactTypeID) throws TskCoreException {
606  // Currently we don't have any artifacts derived from an artifact.
607  return 0;
608  }
609 
620  @Override
621  public long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
622  // Currently we don't have any artifacts derived from an artifact.
623  return 0;
624  }
625 
634  @Override
635  public BlackboardArtifact getGenInfoArtifact() throws TskCoreException {
636  // Currently we don't have any artifacts derived from an artifact.
637  return null;
638  }
639 
653  @Override
654  public BlackboardArtifact getGenInfoArtifact(boolean create) throws TskCoreException {
655  // Currently we don't have any artifacts derived from an artifact.
656  if (create) {
657  throw new TskCoreException("Artifacts of artifacts are not supported.");
658  }
659 
660  return null;
661  }
662 
673  @Override
674  public ArrayList<BlackboardAttribute> getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException {
675  // Currently we don't have any artifacts derived from an artifact.
676  return new ArrayList<>();
677  }
678 
686  @Override
687  public Set<String> getHashSetNames() throws TskCoreException {
688  // Currently we don't have any artifacts derived from an artifact.
689  return new HashSet<String>();
690  }
691 
704  @Deprecated
705  @Override
706  public BlackboardArtifact newArtifact(int artifactTypeID) throws TskCoreException {
707  throw new TskCoreException("Cannot create artifact of an artifact. Not supported.");
708  }
709 
710  @Override
711  public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList) throws TskCoreException {
712  CaseDbTransaction trans = sleuthkitCase.beginTransaction();
713  try {
714  AnalysisResultAdded resultAdded = sleuthkitCase.getBlackboard().newAnalysisResult(artifactType, this.getObjectID(), this.getDataSource().getId(), score, conclusion, configuration, justification, attributesList, trans);
715 
716  trans.commit();
717  return resultAdded;
718  } catch (BlackboardException ex) {
719  trans.rollback();
720  throw new TskCoreException("Error adding analysis result.", ex);
721  }
722  }
723 
724  @Override
725  public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList, long dataSourceId) throws TskCoreException {
726  CaseDbTransaction trans = sleuthkitCase.beginTransaction();
727  try {
728  AnalysisResultAdded resultAdded = sleuthkitCase.getBlackboard().newAnalysisResult(artifactType, this.getObjectID(), dataSourceId, score, conclusion, configuration, justification, attributesList, trans);
729 
730  trans.commit();
731  return resultAdded;
732  } catch (BlackboardException ex) {
733  trans.rollback();
734  throw new TskCoreException("Error adding analysis result.", ex);
735  }
736  }
737 
738  @Override
739  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, Long osAccountId) throws TskCoreException {
740  throw new TskCoreException("Cannot create data artifact of an artifact. Not supported.");
741  }
742 
743  @Override
744  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, Long osAccountId, long dataSourceId) throws TskCoreException {
745  throw new TskCoreException("Cannot create data artifact of an artifact. Not supported.");
746  }
747 
748  @Override
749  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList) throws TskCoreException {
750  return newDataArtifact(artifactType, attributesList, null);
751  }
752 
764  @Deprecated
765  @Override
766  public BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
767  throw new TskCoreException("Cannot create artifact of an artifact. Not supported.");
768  }
769 
778  @Override
779  public <T> T accept(ContentVisitor<T> visitor) {
780  return visitor.visit(this);
781  }
782 
790  @Override
791  public boolean equals(Object object) {
792  if (object == null) {
793  return false;
794  }
795  if (getClass() != object.getClass()) {
796  return false;
797  }
798  final BlackboardArtifact other = (BlackboardArtifact) object;
799  return artifactId == other.getArtifactID();
800  }
801 
807  @Override
808  public int hashCode() {
809  int hash = 7;
810  hash = 41 * hash + (int) (this.artifactId ^ (this.artifactId >>> 32));
811  return hash;
812  }
813 
819  @Override
820  public String toString() {
821  return "BlackboardArtifact{" + "artifactID=" + artifactId + ", objID=" + getObjectID() + ", artifactObjID=" + artifactObjId + ", artifactTypeID=" + artifactTypeId + ", artifactTypeName=" + artifactTypeName + ", displayName=" + displayName + ", Case=" + getSleuthkitCase() + '}'; //NON-NLS
822  }
823 
834  @Override
835  public <T> T accept(SleuthkitItemVisitor<T> visitor) {
836  return visitor.visit(this);
837  }
838 
845  @Override
846  public long getSize() {
847 
848  if (contentBytes == null) {
849  try {
850  loadArtifactContent();
851  } catch (TskCoreException ex) {
852  return 0;
853  }
854  }
855 
856  return contentBytes.length;
857  }
858 
862  @Override
863  public void close() {
864  contentBytes = null;
865  }
866 
880  @Override
881  public final int read(byte[] buf, long offset, long len) throws TskCoreException {
882 
883  if (contentBytes == null) {
884  loadArtifactContent();
885  }
886 
887  if (0 == contentBytes.length) {
888  return 0;
889  }
890 
891  // Copy bytes
892  long readLen = Math.min(contentBytes.length - offset, len);
893  System.arraycopy(contentBytes, 0, buf, 0, (int) readLen);
894 
895  return (int) readLen;
896  }
897 
898  @Override
899  public String getName() {
900  return this.displayName + getArtifactID();
901  }
902 
903  @Override
904  public Content getDataSource() throws TskCoreException {
905  return dataSourceObjId != null ? getSleuthkitCase().getContentById(dataSourceObjId) : null;
906  }
907 
914  private void loadArtifactContent() throws TskCoreException {
915  StringBuilder artifactContents = new StringBuilder();
916 
917  Content dataSource = null;
918  try {
919  dataSource = getDataSource();
920  } catch (TskCoreException ex) {
921  throw new TskCoreException("Unable to get datasource for artifact: " + this.toString(), ex);
922  }
923  if (dataSource == null) {
924  throw new TskCoreException("Datasource was null for artifact: " + this.toString());
925  }
926 
927  try {
928  for (BlackboardAttribute attribute : getAttributes()) {
929  artifactContents.append(attribute.getAttributeType().getDisplayName());
930  artifactContents.append(" : ");
931  artifactContents.append(attribute.getDisplayString());
932  artifactContents.append(System.lineSeparator());
933  }
934  } catch (TskCoreException ex) {
935  throw new TskCoreException("Unable to get attributes for artifact: " + this.toString(), ex);
936  }
937 
938  try {
939  contentBytes = artifactContents.toString().getBytes("UTF-8");
940  } catch (UnsupportedEncodingException ex) {
941  throw new TskCoreException("Failed to convert artifact string to bytes for artifact: " + this.toString(), ex);
942  }
943 
944  }
945 
949  public static final class Type implements Serializable {
950 
951  private static final long serialVersionUID = 1L;
952 
956  public static final Type TSK_GEN_INFO = new BlackboardArtifact.Type(1, "TSK_GEN_INFO", bundle.getString("BlackboardArtifact.tskGenInfo.text"), Category.DATA_ARTIFACT);
957 
963  public static final Type TSK_WEB_BOOKMARK = new BlackboardArtifact.Type(2, "TSK_WEB_BOOKMARK", bundle.getString("BlackboardArtifact.tskWebBookmark.text"), Category.DATA_ARTIFACT);
964 
970  public static final Type TSK_WEB_COOKIE = new BlackboardArtifact.Type(3, "TSK_WEB_COOKIE", bundle.getString("BlackboardArtifact.tskWebCookie.text"), Category.DATA_ARTIFACT);
971 
977  public static final Type TSK_WEB_HISTORY = new BlackboardArtifact.Type(4, "TSK_WEB_HISTORY", bundle.getString("BlackboardArtifact.tskWebHistory.text"), Category.DATA_ARTIFACT);
978 
984  public static final Type TSK_WEB_DOWNLOAD = new BlackboardArtifact.Type(5, "TSK_WEB_DOWNLOAD", bundle.getString("BlackboardArtifact.tskWebDownload.text"), Category.DATA_ARTIFACT);
985 
989  public static final Type TSK_RECENT_OBJECT = new BlackboardArtifact.Type(6, "TSK_RECENT_OBJ", bundle.getString("BlackboardArtifact.tsk.recentObject.text"), Category.DATA_ARTIFACT);
990 
991  // 7 was used for deprecated TSK_GPS_TRACKPOINT.
995  public static final Type TSK_INSTALLED_PROG = new BlackboardArtifact.Type(8, "TSK_INSTALLED_PROG", bundle.getString("BlackboardArtifact.tskInstalledProg.text"), Category.DATA_ARTIFACT);
996 
1000  public static final Type TSK_KEYWORD_HIT = new BlackboardArtifact.Type(9, "TSK_KEYWORD_HIT", bundle.getString("BlackboardArtifact.tskKeywordHits.text"), Category.ANALYSIS_RESULT);
1001 
1005  public static final Type TSK_HASHSET_HIT = new BlackboardArtifact.Type(10, "TSK_HASHSET_HIT", bundle.getString("BlackboardArtifact.tskHashsetHit.text"), Category.ANALYSIS_RESULT);
1006 
1010  public static final Type TSK_DEVICE_ATTACHED = new BlackboardArtifact.Type(11, "TSK_DEVICE_ATTACHED", bundle.getString("BlackboardArtifact.tskDeviceAttached.text"), Category.DATA_ARTIFACT);
1011 
1016  public static final Type TSK_INTERESTING_FILE_HIT = new BlackboardArtifact.Type(12, "TSK_INTERESTING_FILE_HIT", bundle.getString("BlackboardArtifact.tskInterestingFileHit.text"), Category.ANALYSIS_RESULT);
1017 
1021  public static final Type TSK_EMAIL_MSG = new BlackboardArtifact.Type(13, "TSK_EMAIL_MSG", bundle.getString("BlackboardArtifact.tskEmailMsg.text"), Category.DATA_ARTIFACT);
1022 
1026  public static final Type TSK_EXTRACTED_TEXT = new BlackboardArtifact.Type(14, "TSK_EXTRACTED_TEXT", bundle.getString("BlackboardArtifact.tskExtractedText.text"), Category.DATA_ARTIFACT);
1027 
1031  public static final Type TSK_WEB_SEARCH_QUERY = new BlackboardArtifact.Type(15, "TSK_WEB_SEARCH_QUERY", bundle.getString("BlackboardArtifact.tskWebSearchQuery.text"), Category.DATA_ARTIFACT);
1032 
1036  public static final Type TSK_METADATA_EXIF = new BlackboardArtifact.Type(16, "TSK_METADATA_EXIF", bundle.getString("BlackboardArtifact.tskMetadataExif.text"), Category.DATA_ARTIFACT);
1037 
1038  // 17 was used for deprecated TSK_TAG_FILE.
1039  // 18 was used for deprecated TSK_TAG_ARTIFACT.
1043  public static final Type TSK_OS_INFO = new BlackboardArtifact.Type(19, "TSK_OS_INFO", bundle.getString("BlackboardArtifact.tskOsInfo.text"), Category.DATA_ARTIFACT);
1044 
1045  // 20 was used for deprecated TSK_OS_ACCOUNT.
1049  public static final Type TSK_SERVICE_ACCOUNT = new BlackboardArtifact.Type(21, "TSK_SERVICE_ACCOUNT", bundle.getString("BlackboardArtifact.tskServiceAccount.text"), Category.DATA_ARTIFACT);
1050 
1051  // 22 was used for deprecated TSK_TOOL_OUTPUT.
1058  public static final Type TSK_CONTACT = new BlackboardArtifact.Type(23, "TSK_CONTACT", bundle.getString("BlackboardArtifact.tskContact.text"), Category.DATA_ARTIFACT);
1059 
1066  public static final Type TSK_MESSAGE = new BlackboardArtifact.Type(24, "TSK_MESSAGE", bundle.getString("BlackboardArtifact.tskMessage.text"), Category.DATA_ARTIFACT);
1067 
1074  public static final Type TSK_CALLLOG = new BlackboardArtifact.Type(25, "TSK_CALLLOG", bundle.getString("BlackboardArtifact.tskCalllog.text"), Category.DATA_ARTIFACT);
1075 
1079  public static final Type TSK_CALENDAR_ENTRY = new BlackboardArtifact.Type(26, "TSK_CALENDAR_ENTRY", bundle.getString("BlackboardArtifact.tskCalendarEntry.text"), Category.DATA_ARTIFACT);
1080 
1084  public static final Type TSK_SPEED_DIAL_ENTRY = new BlackboardArtifact.Type(27, "TSK_SPEED_DIAL_ENTRY", bundle.getString("BlackboardArtifact.tskSpeedDialEntry.text"), Category.DATA_ARTIFACT);
1085 
1089  public static final Type TSK_BLUETOOTH_PAIRING = new BlackboardArtifact.Type(28, "TSK_BLUETOOTH_PAIRING", bundle.getString("BlackboardArtifact.tskBluetoothPairing.text"), Category.DATA_ARTIFACT);
1090 
1094  public static final Type TSK_GPS_BOOKMARK = new BlackboardArtifact.Type(29, "TSK_GPS_BOOKMARK", bundle.getString("BlackboardArtifact.tskGpsBookmark.text"), Category.DATA_ARTIFACT);
1095 
1099  public static final Type TSK_GPS_LAST_KNOWN_LOCATION = new BlackboardArtifact.Type(30, "TSK_GPS_LAST_KNOWN_LOCATION", bundle.getString("BlackboardArtifact.tskGpsLastKnownLocation.text"), Category.DATA_ARTIFACT);
1100 
1104  public static final Type TSK_GPS_SEARCH = new BlackboardArtifact.Type(31, "TSK_GPS_SEARCH", bundle.getString("BlackboardArtifact.tskGpsSearch.text"), Category.DATA_ARTIFACT);
1105 
1109  public static final Type TSK_PROG_RUN = new BlackboardArtifact.Type(32, "TSK_PROG_RUN", bundle.getString("BlackboardArtifact.tskProgRun.text"), Category.DATA_ARTIFACT);
1110 
1114  public static final Type TSK_ENCRYPTION_DETECTED = new BlackboardArtifact.Type(33, "TSK_ENCRYPTION_DETECTED", bundle.getString("BlackboardArtifact.tskEncryptionDetected.text"), Category.ANALYSIS_RESULT);
1115 
1119  public static final Type TSK_EXT_MISMATCH_DETECTED = new BlackboardArtifact.Type(34, "TSK_EXT_MISMATCH_DETECTED", bundle.getString("BlackboardArtifact.tskExtMismatchDetected.text"), Category.ANALYSIS_RESULT);
1120 
1125  public static final Type TSK_INTERESTING_ARTIFACT_HIT = new BlackboardArtifact.Type(35, "TSK_INTERESTING_ARTIFACT_HIT", bundle.getString("BlackboardArtifact.tskInterestingArtifactHit.text"), Category.ANALYSIS_RESULT);
1126 
1132  public static final Type TSK_GPS_ROUTE = new BlackboardArtifact.Type(36, "TSK_GPS_ROUTE", bundle.getString("BlackboardArtifact.tskGpsRoute.text"), Category.DATA_ARTIFACT);
1133 
1137  public static final Type TSK_REMOTE_DRIVE = new BlackboardArtifact.Type(37, "TSK_REMOTE_DRIVE", bundle.getString("BlackboardArtifact.tskRemoteDrive.text"), Category.DATA_ARTIFACT);
1138 
1142  public static final Type TSK_FACE_DETECTED = new BlackboardArtifact.Type(38, "TSK_FACE_DETECTED", bundle.getString("BlackboardArtifact.tskFaceDetected.text"), Category.ANALYSIS_RESULT);
1143 
1147  public static final Type TSK_ACCOUNT = new BlackboardArtifact.Type(39, "TSK_ACCOUNT", bundle.getString("BlackboardArtifact.tskAccount.text"), Category.DATA_ARTIFACT);
1148 
1152  public static final Type TSK_ENCRYPTION_SUSPECTED = new BlackboardArtifact.Type(40, "TSK_ENCRYPTION_SUSPECTED", bundle.getString("BlackboardArtifact.tskEncryptionSuspected.text"), Category.ANALYSIS_RESULT);
1153 
1154  /*
1155  * A classifier detected an object in a media file.
1156  */
1157  public static final Type TSK_OBJECT_DETECTED = new BlackboardArtifact.Type(41, "TSK_OBJECT_DETECTED", bundle.getString("BlackboardArtifact.tskObjectDetected.text"), Category.ANALYSIS_RESULT);
1158 
1162  public static final Type TSK_WIFI_NETWORK = new BlackboardArtifact.Type(42, "TSK_WIFI_NETWORK", bundle.getString("BlackboardArtifact.tskWIFINetwork.text"), Category.DATA_ARTIFACT);
1163 
1167  public static final Type TSK_DEVICE_INFO = new BlackboardArtifact.Type(43, "TSK_DEVICE_INFO", bundle.getString("BlackboardArtifact.tskDeviceInfo.text"), Category.DATA_ARTIFACT);
1168 
1172  public static final Type TSK_SIM_ATTACHED = new BlackboardArtifact.Type(44, "TSK_SIM_ATTACHED", bundle.getString("BlackboardArtifact.tskSimAttached.text"), Category.DATA_ARTIFACT);
1173 
1177  public static final Type TSK_BLUETOOTH_ADAPTER = new BlackboardArtifact.Type(45, "TSK_BLUETOOTH_ADAPTER", bundle.getString("BlackboardArtifact.tskBluetoothAdapter.text"), Category.DATA_ARTIFACT);
1178 
1182  public static final Type TSK_WIFI_NETWORK_ADAPTER = new BlackboardArtifact.Type(46, "TSK_WIFI_NETWORK_ADAPTER", bundle.getString("BlackboardArtifact.tskWIFINetworkAdapter.text"), Category.DATA_ARTIFACT);
1183 
1187  public static final Type TSK_VERIFICATION_FAILED = new BlackboardArtifact.Type(47, "TSK_VERIFICATION_FAILED", bundle.getString("BlackboardArtifact.tskVerificationFailed.text"), Category.ANALYSIS_RESULT);
1188 
1192  public static final Type TSK_DATA_SOURCE_USAGE = new BlackboardArtifact.Type(48, "TSK_DATA_SOURCE_USAGE", bundle.getString("BlackboardArtifact.tskDataSourceUsage.text"), Category.ANALYSIS_RESULT);
1193 
1199  public static final Type TSK_WEB_FORM_AUTOFILL = new BlackboardArtifact.Type(49, "TSK_WEB_FORM_AUTOFILL", bundle.getString("BlackboardArtifact.tskWebFormAutofill.text"), Category.DATA_ARTIFACT);
1200 
1206  public static final Type TSK_WEB_FORM_ADDRESS = new BlackboardArtifact.Type(50, "TSK_WEB_FORM_ADDRESSES ", bundle.getString("BlackboardArtifact.tskWebFormAddresses.text"), Category.DATA_ARTIFACT);
1207 
1208  // 51 was used for deprecated TSK_DOWNLOAD_SOURCE
1212  public static final Type TSK_WEB_CACHE = new BlackboardArtifact.Type(52, "TSK_WEB_CACHE", bundle.getString("BlackboardArtifact.tskWebCache.text"), Category.DATA_ARTIFACT);
1213 
1217  public static final Type TSK_TL_EVENT = new BlackboardArtifact.Type(53, "TSK_TL_EVENT", bundle.getString("BlackboardArtifact.tskTLEvent.text"), Category.DATA_ARTIFACT);
1218 
1222  public static final Type TSK_CLIPBOARD_CONTENT = new BlackboardArtifact.Type(54, "TSK_CLIPBOARD_CONTENT", bundle.getString("BlackboardArtifact.tskClipboardContent.text"), Category.DATA_ARTIFACT);
1223 
1227  public static final Type TSK_ASSOCIATED_OBJECT = new BlackboardArtifact.Type(55, "TSK_ASSOCIATED_OBJECT", bundle.getString("BlackboardArtifact.tskAssociatedObject.text"), Category.DATA_ARTIFACT);
1228 
1232  public static final Type TSK_USER_CONTENT_SUSPECTED = new BlackboardArtifact.Type(56, "TSK_USER_CONTENT_SUSPECTED", bundle.getString("BlackboardArtifact.tskUserContentSuspected.text"), Category.ANALYSIS_RESULT);
1233 
1237  public static final Type TSK_METADATA = new BlackboardArtifact.Type(57, "TSK_METADATA", bundle.getString("BlackboardArtifact.tskMetadata.text"), Category.DATA_ARTIFACT);
1238 
1244  public static final Type TSK_GPS_TRACK = new BlackboardArtifact.Type(58, "TSK_GPS_TRACK", bundle.getString("BlackboardArtifact.tskTrack.text"), Category.DATA_ARTIFACT);
1245 
1249  public static final Type TSK_WEB_ACCOUNT_TYPE = new BlackboardArtifact.Type(59, "TSK_WEB_ACCOUNT_TYPE", bundle.getString("BlackboardArtifact.tskWebAccountType.text"), Category.ANALYSIS_RESULT);
1250 
1254  public static final Type TSK_SCREEN_SHOTS = new BlackboardArtifact.Type(60, "TSK_SCREEN_SHOTS", bundle.getString("BlackboardArtifact.tskScreenShots.text"), Category.DATA_ARTIFACT);
1255 
1259  public static final Type TSK_PROG_NOTIFICATIONS = new BlackboardArtifact.Type(62, "TSK_PROG_NOTIFICATIONS", bundle.getString("BlackboardArtifact.tskProgNotifications.text"), Category.DATA_ARTIFACT);
1260 
1264  public static final Type TSK_BACKUP_EVENT = new BlackboardArtifact.Type(63, "TSK_BACKUP_EVENT", bundle.getString("BlackboardArtifact.tskBackupEvent.text"), Category.DATA_ARTIFACT);
1265 
1269  public static final Type TSK_DELETED_PROG = new BlackboardArtifact.Type(64, "TSK_DELETED_PROG", bundle.getString("BlackboardArtifact.tskDeletedProg.text"), Category.DATA_ARTIFACT);
1270 
1274  public static final Type TSK_USER_DEVICE_EVENT = new BlackboardArtifact.Type(65, "TSK_USER_DEVICE_EVENT", bundle.getString("BlackboardArtifact.tskUserDeviceEvent.text"), Category.DATA_ARTIFACT);
1275 
1279  public static final Type TSK_YARA_HIT = new BlackboardArtifact.Type(66, "TSK_YARA_HIT", bundle.getString("BlackboardArtifact.tskYaraHit.text"), Category.ANALYSIS_RESULT);
1280 
1284  public static final Type TSK_GPS_AREA = new BlackboardArtifact.Type(67, "TSK_GPS_AREA", bundle.getString("BlackboardArtifact.tskGPSArea.text"), Category.DATA_ARTIFACT);
1285 
1289  public static final Type TSK_WEB_CATEGORIZATION = new BlackboardArtifact.Type(68, "TSK_WEB_CATEGORIZATION", bundle.getString("BlackboardArtifact.tskWebCategorization.text"), Category.ANALYSIS_RESULT);
1290 
1291  // NOTE: When adding a new standard BlackboardArtifact.Type, add the instance and then add to the STANDARD_TYPES map.
1295  static final Map<Integer, Type> STANDARD_TYPES = Collections.unmodifiableMap(Stream.of(
1296  TSK_GEN_INFO,
1297  TSK_WEB_BOOKMARK,
1298  TSK_WEB_COOKIE,
1299  TSK_WEB_HISTORY,
1300  TSK_WEB_DOWNLOAD,
1301  TSK_RECENT_OBJECT,
1302  TSK_INSTALLED_PROG,
1303  TSK_KEYWORD_HIT,
1304  TSK_HASHSET_HIT,
1305  TSK_DEVICE_ATTACHED,
1306  TSK_INTERESTING_FILE_HIT,
1307  TSK_EMAIL_MSG,
1308  TSK_EXTRACTED_TEXT,
1309  TSK_WEB_SEARCH_QUERY,
1310  TSK_METADATA_EXIF,
1311  TSK_OS_INFO,
1312  TSK_SERVICE_ACCOUNT,
1313  TSK_CONTACT,
1314  TSK_MESSAGE,
1315  TSK_CALLLOG,
1316  TSK_CALENDAR_ENTRY,
1317  TSK_SPEED_DIAL_ENTRY,
1318  TSK_BLUETOOTH_PAIRING,
1319  TSK_GPS_BOOKMARK,
1320  TSK_GPS_LAST_KNOWN_LOCATION,
1321  TSK_GPS_SEARCH,
1322  TSK_PROG_RUN,
1323  TSK_ENCRYPTION_DETECTED,
1324  TSK_EXT_MISMATCH_DETECTED,
1325  TSK_INTERESTING_ARTIFACT_HIT,
1326  TSK_GPS_ROUTE,
1327  TSK_REMOTE_DRIVE,
1328  TSK_FACE_DETECTED,
1329  TSK_ACCOUNT,
1330  TSK_ENCRYPTION_SUSPECTED,
1331  TSK_OBJECT_DETECTED,
1332  TSK_WIFI_NETWORK,
1333  TSK_DEVICE_INFO,
1334  TSK_SIM_ATTACHED,
1335  TSK_BLUETOOTH_ADAPTER,
1336  TSK_WIFI_NETWORK_ADAPTER,
1337  TSK_VERIFICATION_FAILED,
1338  TSK_DATA_SOURCE_USAGE,
1339  TSK_WEB_FORM_AUTOFILL,
1340  TSK_WEB_FORM_ADDRESS,
1341  TSK_WEB_CACHE,
1342  TSK_TL_EVENT,
1343  TSK_CLIPBOARD_CONTENT,
1344  TSK_ASSOCIATED_OBJECT,
1345  TSK_USER_CONTENT_SUSPECTED,
1346  TSK_METADATA,
1347  TSK_GPS_TRACK,
1348  TSK_WEB_ACCOUNT_TYPE,
1349  TSK_SCREEN_SHOTS,
1350  TSK_PROG_NOTIFICATIONS,
1351  TSK_BACKUP_EVENT,
1352  TSK_DELETED_PROG,
1353  TSK_USER_DEVICE_EVENT,
1354  TSK_YARA_HIT,
1355  TSK_GPS_AREA,
1356  TSK_WEB_CATEGORIZATION
1357  ).collect(Collectors.toMap(type -> type.getTypeID(), type -> type)));
1358 
1359  private final String typeName;
1360  private final int typeID;
1361  private final String displayName;
1362  private final Category category;
1363 
1372  Type(int typeID, String typeName, String displayName, Category category) {
1373  this.typeID = typeID;
1374  this.typeName = typeName;
1375  this.displayName = displayName;
1376  this.category = category;
1377  }
1378 
1384  public Type(ARTIFACT_TYPE type) {
1385  this(type.getTypeID(), type.getLabel(), type.getDisplayName(), type.getCategory());
1386  }
1387 
1393  public String getTypeName() {
1394  return this.typeName;
1395  }
1396 
1402  public int getTypeID() {
1403  return this.typeID;
1404  }
1405 
1411  public String getDisplayName() {
1412  return this.displayName;
1413  }
1414 
1420  public Category getCategory() {
1421  return category;
1422  }
1423 
1431  @Override
1432  public boolean equals(Object that) {
1433  if (this == that) {
1434  return true;
1435  } else if (!(that instanceof Type)) {
1436  return false;
1437  } else {
1438  return ((Type) that).sameType(this);
1439  }
1440  }
1441 
1449  private boolean sameType(Type that) {
1450  return this.typeName.equals(that.getTypeName())
1451  && this.displayName.equals(that.getDisplayName())
1452  && this.typeID == that.getTypeID();
1453  }
1454 
1460  @Override
1461  public int hashCode() {
1462  int hash = 11;
1463  hash = 83 * hash + Objects.hashCode(this.typeID);
1464  hash = 83 * hash + Objects.hashCode(this.displayName);
1465  hash = 83 * hash + Objects.hashCode(this.typeName);
1466  return hash;
1467  }
1468  }
1469 
1475  public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
1476 
1480  TSK_GEN_INFO(1, "TSK_GEN_INFO", //NON-NLS
1481  bundle.getString("BlackboardArtifact.tskGenInfo.text"), Category.DATA_ARTIFACT),
1487  TSK_WEB_BOOKMARK(2, "TSK_WEB_BOOKMARK", //NON-NLS
1488  bundle.getString("BlackboardArtifact.tskWebBookmark.text"), Category.DATA_ARTIFACT),
1494  TSK_WEB_COOKIE(3, "TSK_WEB_COOKIE",
1495  bundle.getString("BlackboardArtifact.tskWebCookie.text"), Category.DATA_ARTIFACT), //NON-NLS
1501  TSK_WEB_HISTORY(4, "TSK_WEB_HISTORY", //NON-NLS
1502  bundle.getString("BlackboardArtifact.tskWebHistory.text"), Category.DATA_ARTIFACT),
1508  TSK_WEB_DOWNLOAD(5, "TSK_WEB_DOWNLOAD", //NON-NLS
1509  bundle.getString("BlackboardArtifact.tskWebDownload.text"), Category.DATA_ARTIFACT),
1513  TSK_RECENT_OBJECT(6, "TSK_RECENT_OBJ", //NON-NLS
1514  bundle.getString("BlackboardArtifact.tsk.recentObject.text"), Category.DATA_ARTIFACT),
1520  @Deprecated
1521  TSK_GPS_TRACKPOINT(7, "TSK_GPS_TRACKPOINT", //NON-NLS
1522  bundle.getString("BlackboardArtifact.tskGpsTrackpoint.text"), Category.DATA_ARTIFACT),
1526  TSK_INSTALLED_PROG(8, "TSK_INSTALLED_PROG", //NON-NLS
1527  bundle.getString("BlackboardArtifact.tskInstalledProg.text"), Category.DATA_ARTIFACT),
1531  TSK_KEYWORD_HIT(9, "TSK_KEYWORD_HIT",
1532  bundle.getString("BlackboardArtifact.tskKeywordHits.text"), Category.ANALYSIS_RESULT),
1536  TSK_HASHSET_HIT(10, "TSK_HASHSET_HIT", //NON-NLS
1537  bundle.getString("BlackboardArtifact.tskHashsetHit.text"), Category.ANALYSIS_RESULT),
1541  TSK_DEVICE_ATTACHED(11, "TSK_DEVICE_ATTACHED", //NON-NLS
1542  bundle.getString("BlackboardArtifact.tskDeviceAttached.text"), Category.DATA_ARTIFACT),
1547  TSK_INTERESTING_FILE_HIT(12, "TSK_INTERESTING_FILE_HIT", //NON-NLS
1548  bundle.getString("BlackboardArtifact.tskInterestingFileHit.text"), Category.ANALYSIS_RESULT),
1549 
1552  TSK_EMAIL_MSG(13, "TSK_EMAIL_MSG", //NON-NLS
1553  bundle.getString("BlackboardArtifact.tskEmailMsg.text"), Category.DATA_ARTIFACT),
1557  TSK_EXTRACTED_TEXT(14, "TSK_EXTRACTED_TEXT", //NON-NLS
1558  bundle.getString("BlackboardArtifact.tskExtractedText.text"), Category.DATA_ARTIFACT),
1562  TSK_WEB_SEARCH_QUERY(15, "TSK_WEB_SEARCH_QUERY", //NON-NLS
1563  bundle.getString("BlackboardArtifact.tskWebSearchQuery.text"), Category.DATA_ARTIFACT),
1567  TSK_METADATA_EXIF(16, "TSK_METADATA_EXIF", //NON-NLS
1568  bundle.getString("BlackboardArtifact.tskMetadataExif.text"), Category.DATA_ARTIFACT),
1574  @Deprecated
1575  TSK_TAG_FILE(17, "TSK_TAG_FILE", //NON-NLS
1576  bundle.getString("BlackboardArtifact.tagFile.text"), Category.ANALYSIS_RESULT),
1582  @Deprecated
1583  TSK_TAG_ARTIFACT(18, "TSK_TAG_ARTIFACT", //NON-NLS
1584  bundle.getString("BlackboardArtifact.tskTagArtifact.text"), Category.ANALYSIS_RESULT),
1588  TSK_OS_INFO(19, "TSK_OS_INFO", //NON-NLS
1589  bundle.getString("BlackboardArtifact.tskOsInfo.text"), Category.DATA_ARTIFACT),
1593  @Deprecated
1594  TSK_OS_ACCOUNT(20, "TSK_OS_ACCOUNT", //NON-NLS
1595  bundle.getString("BlackboardArtifact.tskOsAccount.text"), Category.DATA_ARTIFACT),
1599  TSK_SERVICE_ACCOUNT(21, "TSK_SERVICE_ACCOUNT", //NON-NLS
1600  bundle.getString("BlackboardArtifact.tskServiceAccount.text"), Category.DATA_ARTIFACT),
1606  @Deprecated
1607  TSK_TOOL_OUTPUT(22, "TSK_TOOL_OUTPUT", //NON-NLS
1608  bundle.getString("BlackboardArtifact.tskToolOutput.text"), Category.DATA_ARTIFACT),
1615  TSK_CONTACT(23, "TSK_CONTACT", //NON-NLS
1616  bundle.getString("BlackboardArtifact.tskContact.text"), Category.DATA_ARTIFACT),
1623  TSK_MESSAGE(24, "TSK_MESSAGE", //NON-NLS
1624  bundle.getString("BlackboardArtifact.tskMessage.text"), Category.DATA_ARTIFACT),
1631  TSK_CALLLOG(25, "TSK_CALLLOG", //NON-NLS
1632  bundle.getString("BlackboardArtifact.tskCalllog.text"), Category.DATA_ARTIFACT),
1636  TSK_CALENDAR_ENTRY(26, "TSK_CALENDAR_ENTRY", //NON-NLS
1637  bundle.getString("BlackboardArtifact.tskCalendarEntry.text"), Category.DATA_ARTIFACT),
1641  TSK_SPEED_DIAL_ENTRY(27, "TSK_SPEED_DIAL_ENTRY", //NON-NLS
1642  bundle.getString("BlackboardArtifact.tskSpeedDialEntry.text"), Category.DATA_ARTIFACT),
1646  TSK_BLUETOOTH_PAIRING(28, "TSK_BLUETOOTH_PAIRING", //NON-NLS
1647  bundle.getString("BlackboardArtifact.tskBluetoothPairing.text"), Category.DATA_ARTIFACT),
1651  TSK_GPS_BOOKMARK(29, "TSK_GPS_BOOKMARK", //NON-NLS
1652  bundle.getString("BlackboardArtifact.tskGpsBookmark.text"), Category.DATA_ARTIFACT),
1656  TSK_GPS_LAST_KNOWN_LOCATION(30, "TSK_GPS_LAST_KNOWN_LOCATION", //NON-NLS
1657  bundle.getString("BlackboardArtifact.tskGpsLastKnownLocation.text"), Category.DATA_ARTIFACT),
1661  TSK_GPS_SEARCH(31, "TSK_GPS_SEARCH", //NON-NLS
1662  bundle.getString("BlackboardArtifact.tskGpsSearch.text"), Category.DATA_ARTIFACT),
1666  TSK_PROG_RUN(32, "TSK_PROG_RUN", //NON-NLS
1667  bundle.getString("BlackboardArtifact.tskProgRun.text"), Category.DATA_ARTIFACT),
1671  TSK_ENCRYPTION_DETECTED(33, "TSK_ENCRYPTION_DETECTED", //NON-NLS
1672  bundle.getString("BlackboardArtifact.tskEncryptionDetected.text"), Category.ANALYSIS_RESULT),
1676  TSK_EXT_MISMATCH_DETECTED(34, "TSK_EXT_MISMATCH_DETECTED", //NON-NLS
1677  bundle.getString("BlackboardArtifact.tskExtMismatchDetected.text"), Category.ANALYSIS_RESULT),
1682  TSK_INTERESTING_ARTIFACT_HIT(35, "TSK_INTERESTING_ARTIFACT_HIT", //NON-NLS
1683  bundle.getString("BlackboardArtifact.tskInterestingArtifactHit.text"), Category.ANALYSIS_RESULT),
1689  TSK_GPS_ROUTE(36, "TSK_GPS_ROUTE", //NON-NLS
1690  bundle.getString("BlackboardArtifact.tskGpsRoute.text"), Category.DATA_ARTIFACT),
1694  TSK_REMOTE_DRIVE(37, "TSK_REMOTE_DRIVE", //NON-NLS
1695  bundle.getString("BlackboardArtifact.tskRemoteDrive.text"), Category.DATA_ARTIFACT),
1699  TSK_FACE_DETECTED(38, "TSK_FACE_DETECTED", //NON-NLS
1700  bundle.getString("BlackboardArtifact.tskFaceDetected.text"), Category.ANALYSIS_RESULT),
1704  TSK_ACCOUNT(39, "TSK_ACCOUNT", //NON-NLS
1705  bundle.getString("BlackboardArtifact.tskAccount.text"), Category.DATA_ARTIFACT),
1709  TSK_ENCRYPTION_SUSPECTED(40, "TSK_ENCRYPTION_SUSPECTED", //NON-NLS
1710  bundle.getString("BlackboardArtifact.tskEncryptionSuspected.text"), Category.ANALYSIS_RESULT),
1711  /*
1712  * A classifier detected an object in a media file.
1713  */
1714  TSK_OBJECT_DETECTED(41, "TSK_OBJECT_DETECTED", //NON-NLS
1715  bundle.getString("BlackboardArtifact.tskObjectDetected.text"), Category.ANALYSIS_RESULT),
1719  TSK_WIFI_NETWORK(42, "TSK_WIFI_NETWORK", //NON-NLS
1720  bundle.getString("BlackboardArtifact.tskWIFINetwork.text"), Category.DATA_ARTIFACT),
1724  TSK_DEVICE_INFO(43, "TSK_DEVICE_INFO", //NON-NLS
1725  bundle.getString("BlackboardArtifact.tskDeviceInfo.text"), Category.DATA_ARTIFACT),
1729  TSK_SIM_ATTACHED(44, "TSK_SIM_ATTACHED", //NON-NLS
1730  bundle.getString("BlackboardArtifact.tskSimAttached.text"), Category.DATA_ARTIFACT),
1734  TSK_BLUETOOTH_ADAPTER(45, "TSK_BLUETOOTH_ADAPTER", //NON-NLS
1735  bundle.getString("BlackboardArtifact.tskBluetoothAdapter.text"), Category.DATA_ARTIFACT),
1739  TSK_WIFI_NETWORK_ADAPTER(46, "TSK_WIFI_NETWORK_ADAPTER", //NON-NLS
1740  bundle.getString("BlackboardArtifact.tskWIFINetworkAdapter.text"), Category.DATA_ARTIFACT),
1744  TSK_VERIFICATION_FAILED(47, "TSK_VERIFICATION_FAILED", //NON-NLS
1745  bundle.getString("BlackboardArtifact.tskVerificationFailed.text"), Category.ANALYSIS_RESULT),
1749  TSK_DATA_SOURCE_USAGE(48, "TSK_DATA_SOURCE_USAGE", //NON-NLS
1750  bundle.getString("BlackboardArtifact.tskDataSourceUsage.text"), Category.ANALYSIS_RESULT),
1756  TSK_WEB_FORM_AUTOFILL(49, "TSK_WEB_FORM_AUTOFILL", //NON-NLS
1757  bundle.getString("BlackboardArtifact.tskWebFormAutofill.text"), Category.DATA_ARTIFACT),
1763  TSK_WEB_FORM_ADDRESS(50, "TSK_WEB_FORM_ADDRESSES ", //NON-NLS
1764  bundle.getString("BlackboardArtifact.tskWebFormAddresses.text"), Category.DATA_ARTIFACT),
1771  @Deprecated
1772  TSK_DOWNLOAD_SOURCE(51, "TSK_DOWNLOAD_SOURCE", //NON-NLS
1773  bundle.getString("BlackboardArtifact.tskDownloadSource.text"), Category.DATA_ARTIFACT),
1777  TSK_WEB_CACHE(52, "TSK_WEB_CACHE", //NON-NLS
1778  bundle.getString("BlackboardArtifact.tskWebCache.text"), Category.DATA_ARTIFACT),
1782  TSK_TL_EVENT(53, "TSK_TL_EVENT", //NON-NLS
1783  bundle.getString("BlackboardArtifact.tskTLEvent.text"), Category.DATA_ARTIFACT),
1787  TSK_CLIPBOARD_CONTENT(54, "TSK_CLIPBOARD_CONTENT", //NON-NLS
1788  bundle.getString("BlackboardArtifact.tskClipboardContent.text"), Category.DATA_ARTIFACT),
1792  TSK_ASSOCIATED_OBJECT(55, "TSK_ASSOCIATED_OBJECT", //NON-NLS
1793  bundle.getString("BlackboardArtifact.tskAssociatedObject.text"), Category.DATA_ARTIFACT),
1797  TSK_USER_CONTENT_SUSPECTED(56, "TSK_USER_CONTENT_SUSPECTED", //NON-NLS
1798  bundle.getString("BlackboardArtifact.tskUserContentSuspected.text"), Category.ANALYSIS_RESULT),
1802  TSK_METADATA(57, "TSK_METADATA", //NON-NLS
1803  bundle.getString("BlackboardArtifact.tskMetadata.text"), Category.DATA_ARTIFACT),
1809  TSK_GPS_TRACK(58, "TSK_GPS_TRACK",
1810  bundle.getString("BlackboardArtifact.tskTrack.text"), Category.DATA_ARTIFACT),
1814  TSK_WEB_ACCOUNT_TYPE(59, "TSK_WEB_ACCOUNT_TYPE",
1815  bundle.getString("BlackboardArtifact.tskWebAccountType.text"), Category.ANALYSIS_RESULT),
1819  TSK_SCREEN_SHOTS(60, "TSK_SCREEN_SHOTS",
1820  bundle.getString("BlackboardArtifact.tskScreenShots.text"), Category.DATA_ARTIFACT),
1824  TSK_PROG_NOTIFICATIONS(62, "TSK_PROG_NOTIFICATIONS",
1825  bundle.getString("BlackboardArtifact.tskProgNotifications.text"), Category.DATA_ARTIFACT),
1829  TSK_BACKUP_EVENT(63, "TSK_BACKUP_EVENT",
1830  bundle.getString("BlackboardArtifact.tskBackupEvent.text"), Category.DATA_ARTIFACT),
1834  TSK_DELETED_PROG(64, "TSK_DELETED_PROG",
1835  bundle.getString("BlackboardArtifact.tskDeletedProg.text"), Category.DATA_ARTIFACT),
1839  TSK_USER_DEVICE_EVENT(65, "TSK_USER_DEVICE_EVENT",
1840  bundle.getString("BlackboardArtifact.tskUserDeviceEvent.text"), Category.DATA_ARTIFACT),
1844  TSK_YARA_HIT(66, "TSK_YARA_HIT",
1845  bundle.getString("BlackboardArtifact.tskYaraHit.text"), Category.ANALYSIS_RESULT),
1849  TSK_GPS_AREA(67, "TSK_GPS_AREA",
1850  bundle.getString("BlackboardArtifact.tskGPSArea.text"), Category.DATA_ARTIFACT),
1851  TSK_WEB_CATEGORIZATION(68, "TSK_WEB_CATEGORIZATION",
1852  bundle.getString("BlackboardArtifact.tskWebCategorization.text"), Category.ANALYSIS_RESULT),;
1853 
1854  /*
1855  * To developers: For each new artifact, ensure that: - The enum value
1856  * has 1-line JavaDoc description - The artifact catalog
1857  * (artifact_catalog.dox) is updated to reflect the attributes it uses
1858  */
1859  private final String label;
1860  private final int typeId;
1861  private final String displayName;
1862  private final Category category;
1863 
1871  private ARTIFACT_TYPE(int typeId, String label, String displayName) {
1872  this(typeId, label, displayName, Category.DATA_ARTIFACT);
1873  }
1874 
1883  private ARTIFACT_TYPE(int typeId, String label, String displayName, Category category) {
1884  this.typeId = typeId;
1885  this.label = label;
1886  this.displayName = displayName;
1887  this.category = category;
1888  }
1889 
1895  public int getTypeID() {
1896  return this.typeId;
1897  }
1898 
1904  public String getLabel() {
1905  return this.label;
1906  }
1907 
1913  public Category getCategory() {
1914  return this.category;
1915  }
1916 
1925  static public ARTIFACT_TYPE fromLabel(String label) {
1926  for (ARTIFACT_TYPE value : ARTIFACT_TYPE.values()) {
1927  if (value.getLabel().equals(label)) {
1928  return value;
1929  }
1930  }
1931  throw new IllegalArgumentException("No ARTIFACT_TYPE matching type: " + label);
1932  }
1933 
1944  static public ARTIFACT_TYPE fromID(int id) {
1945  for (ARTIFACT_TYPE value : ARTIFACT_TYPE.values()) {
1946  if (value.getTypeID() == id) {
1947  return value;
1948  }
1949  }
1950  throw new IllegalArgumentException("No ARTIFACT_TYPE matching type: " + id);
1951  }
1952 
1958  public String getDisplayName() {
1959  return displayName;
1960  }
1961 
1973  @Override
1974  public <T> T accept(SleuthkitItemVisitor<T> visitor) {
1975  return visitor.visit(this);
1976  }
1977 
1978  }
1979 
1987  public enum Category {
1988  // NOTE: The schema code defaults to '0', so that code must be updated too if DATA_ARTIFACT changes from being 0
1989  DATA_ARTIFACT(0, "DATA_ARTIFACT", ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle").getString("CategoryType.DataArtifact")), // artifact is data that is directly/indirectly extracted from a data source.
1990  ANALYSIS_RESULT(1, "ANALYSIS_RESULT", ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle").getString("CategoryType.AnalysisResult")); // artifacts represents outcome of analysis of data.
1991 
1992  private final Integer id;
1993  private final String name;
1994  private final String displayName;
1995 
1996  private final static Map<Integer, Category> idToCategory = new HashMap<Integer, Category>();
1997 
1998  static {
1999  for (Category status : values()) {
2000  idToCategory.put(status.getID(), status);
2001  }
2002  }
2003 
2011  private Category(Integer id, String name, String displayName) {
2012  this.id = id;
2013  this.name = name;
2014  this.displayName = displayName;
2015  }
2016 
2024  public static Category fromID(int id) {
2025  return idToCategory.get(id);
2026  }
2027 
2033  public Integer getID() {
2034  return id;
2035  }
2036 
2042  String getName() {
2043  return name;
2044  }
2045 
2051  public String getDisplayName() {
2052  return displayName;
2053  }
2054  }
2055 
2059  public enum ReviewStatus {
2060 
2061  APPROVED(1, "APPROVED", "ReviewStatus.Approved"), //approved by human user
2062  REJECTED(2, "REJECTED", "ReviewStatus.Rejected"), //rejected by humna user
2063  UNDECIDED(3, "UNDECIDED", "ReviewStatus.Undecided"); // not yet reviewed by human user
2064 
2065  private final Integer id;
2066  private final String name;
2067  private final String displayName;
2068  private final static Map<Integer, ReviewStatus> idToStatus = new HashMap<Integer, ReviewStatus>();
2069 
2070  static {
2071  for (ReviewStatus status : values()) {
2072  idToStatus.put(status.getID(), status);
2073  }
2074  }
2075 
2084  private ReviewStatus(Integer id, String name, String displayNameKey) {
2085  this.id = id;
2086  this.name = name;
2087  this.displayName = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle").getString(displayNameKey);
2088  }
2089 
2097  public static ReviewStatus withID(int id) {
2098  return idToStatus.get(id);
2099  }
2100 
2106  public Integer getID() {
2107  return id;
2108  }
2109 
2115  String getName() {
2116  return name;
2117  }
2118 
2124  public String getDisplayName() {
2125  return displayName;
2126  }
2127  }
2128 
2150  @Deprecated
2151  protected BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName) {
2152  this(sleuthkitCase, artifactID, objID, artifactObjID, dataSourceObjId, artifactTypeID, artifactTypeName, displayName, ReviewStatus.UNDECIDED);
2153  }
2154 
2169  @Deprecated
2170  public List<BlackboardAttribute> getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType) throws TskCoreException {
2171  if (loadedCacheFromDb == false) {
2172  List<BlackboardAttribute> attrs = getSleuthkitCase().getBlackboardAttributes(this);
2173  attrsCache.clear();
2174  attrsCache.addAll(attrs);
2175  loadedCacheFromDb = true;
2176  }
2177  ArrayList<BlackboardAttribute> filteredAttributes = new ArrayList<BlackboardAttribute>();
2178  for (BlackboardAttribute attr : attrsCache) {
2179  if (attr.getAttributeType().getTypeID() == attributeType.getTypeID()) {
2180  filteredAttributes.add(attr);
2181  }
2182  }
2183  return filteredAttributes;
2184  }
2185 
2186  @Override
2187  public long getId() {
2188  return this.artifactObjId;
2189  }
2190 
2199  @Override
2200  public List<Long> getChildrenIds() throws TskCoreException {
2201  List<Long> childrenIDs = new ArrayList<Long>();
2202  childrenIDs.addAll(getSleuthkitCase().getAbstractFileChildrenIds(this));
2203  childrenIDs.addAll(getSleuthkitCase().getBlackboardArtifactChildrenIds(this));
2204 
2205  return childrenIDs;
2206  }
2207 
2208  @Override
2209  public int getChildrenCount() throws TskCoreException {
2210  if (childrenCount != -1) {
2211  return childrenCount;
2212  }
2213 
2214  childrenCount = this.getSleuthkitCase().getContentChildrenCount(this);
2215 
2216  hasChildren = childrenCount > 0;
2217  checkedHasChildren = true;
2218 
2219  return childrenCount;
2220  }
2221 
2222  @Override
2223  public boolean hasChildren() throws TskCoreException {
2224  if (checkedHasChildren == true) {
2225  return hasChildren;
2226  }
2227 
2228  childrenCount = this.getSleuthkitCase().getContentChildrenCount(this);
2229 
2230  hasChildren = childrenCount > 0;
2231  checkedHasChildren = true;
2232 
2233  return hasChildren;
2234  }
2235 
2244  @Override
2245  public List<Content> getChildren() throws TskCoreException {
2246  List<Content> children = new ArrayList<>();
2247  children.addAll(getSleuthkitCase().getAbstractFileChildren(this));
2248  children.addAll(getSleuthkitCase().getBlackboardArtifactChildren(this));
2249 
2250  return children;
2251  }
2252 }
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromID
static ARTIFACT_TYPE fromID(int id)
Definition: BlackboardArtifact.java:1944
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(int artifactTypeID)
Definition: BlackboardArtifact.java:545
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO
TSK_PHONE_NUMBER_TO
Definition: BlackboardAttribute.java:1275
org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
Definition: SleuthkitCase.java:4903
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromLabel
static ARTIFACT_TYPE fromLabel(String label)
Definition: BlackboardArtifact.java:1925
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW
TSK_KEYWORD_PREVIEW
Definition: BlackboardAttribute.java:1043
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME
TSK_NAME
Definition: BlackboardAttribute.java:1022
org.sleuthkit.datamodel.BlackboardArtifact.newDataArtifact
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId)
Definition: BlackboardArtifact.java:739
org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes
void addBlackboardAttributes(Collection< BlackboardAttribute > attributes, int artifactTypeId)
Definition: SleuthkitCase.java:4368
org.sleuthkit.datamodel.BlackboardArtifact.addAttributes
void addAttributes(Collection< BlackboardAttribute > attributes)
Definition: BlackboardArtifact.java:397
org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute
void addBlackboardAttribute(BlackboardAttribute attr, int artifactTypeId)
Definition: SleuthkitCase.java:4348
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DOMAIN
TSK_DOMAIN
Definition: BlackboardAttribute.java:1056
org.sleuthkit.datamodel.BlackboardArtifact.getAttributes
List< BlackboardAttribute > getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType)
Definition: BlackboardArtifact.java:2170
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER
TSK_PHONE_NUMBER
Definition: BlackboardAttribute.java:1124
org.sleuthkit.datamodel.ContentVisitor.visit
T visit(Directory d)
org.sleuthkit.datamodel.BlackboardArtifact.read
final int read(byte[] buf, long offset, long len)
Definition: BlackboardArtifact.java:881
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START
TSK_DATETIME_START
Definition: BlackboardAttribute.java:1287
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_OFFICE
TSK_EMAIL_OFFICE
Definition: BlackboardAttribute.java:1284
org.sleuthkit.datamodel.BlackboardArtifact.addAttribute
void addAttribute(BlackboardAttribute attribute)
Definition: BlackboardArtifact.java:336
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID
TSK_DEVICE_ID
Definition: BlackboardAttribute.java:1071
org.sleuthkit.datamodel.Blackboard.getAnalysisResults
List< AnalysisResult > getAnalysisResults(long sourceObjId)
Definition: Blackboard.java:400
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:560
org.sleuthkit.datamodel.BlackboardArtifact.newAnalysisResult
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
Definition: BlackboardArtifact.java:711
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_HOME
TSK_EMAIL_HOME
Definition: BlackboardAttribute.java:1281
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME
TSK_DATETIME
Definition: BlackboardAttribute.java:1019
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE
TSK_PHONE_NUMBER_MOBILE
Definition: BlackboardAttribute.java:1269
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.accept
public< T > T accept(SleuthkitItemVisitor< T > visitor)
Definition: BlackboardArtifact.java:1974
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_RCVD
TSK_DATETIME_RCVD
Definition: BlackboardAttribute.java:1173
org.sleuthkit.datamodel.BlackboardArtifact.addAttributes
void addAttributes(Collection< BlackboardAttribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction)
Definition: BlackboardArtifact.java:424
org.sleuthkit.datamodel.BlackboardArtifact.newArtifact
BlackboardArtifact newArtifact(int artifactTypeID)
Definition: BlackboardArtifact.java:706
org.sleuthkit.datamodel.BlackboardArtifact.getAttribute
BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType)
Definition: BlackboardArtifact.java:378
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_SENT
TSK_DATETIME_SENT
Definition: BlackboardAttribute.java:1176
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_OFFICE
TSK_PHONE_NUMBER_OFFICE
Definition: BlackboardAttribute.java:1266
org.sleuthkit.datamodel.BlackboardArtifact.getArtifactsCount
long getArtifactsCount(String artifactTypeName)
Definition: BlackboardArtifact.java:589
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME
TSK_PHONE_NUMBER_HOME
Definition: BlackboardAttribute.java:1263
org.sleuthkit.datamodel.Content
Definition: Content.java:33
org.sleuthkit.datamodel.BlackboardArtifact.getAnalysisResults
List< AnalysisResult > getAnalysisResults(BlackboardArtifact.Type artifactType)
Definition: BlackboardArtifact.java:514
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END
TSK_DATETIME_END
Definition: BlackboardAttribute.java:1290
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL
TSK_EMAIL
Definition: BlackboardAttribute.java:1074
org.sleuthkit.datamodel.ContentVisitor
Definition: ContentVisitor.java:32
org.sleuthkit.datamodel.BlackboardArtifact.getGenInfoArtifact
BlackboardArtifact getGenInfoArtifact(boolean create)
Definition: BlackboardArtifact.java:654
org.sleuthkit.datamodel.SleuthkitCase.getArtifactType
BlackboardArtifact.Type getArtifactType(String artTypeName)
Definition: SleuthkitCase.java:4751
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getDisplayName
String getDisplayName()
Definition: BlackboardArtifact.java:1958
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getLabel
String getLabel()
Definition: BlackboardArtifact.java:1904
org.sleuthkit.datamodel.BlackboardArtifact.newAnalysisResult
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId)
Definition: BlackboardArtifact.java:725
org.sleuthkit.datamodel.BlackboardArtifact.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(String artifactTypeName)
Definition: BlackboardArtifact.java:529
org.sleuthkit.datamodel.BlackboardArtifact.BlackboardArtifact
BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName)
Definition: BlackboardArtifact.java:2151
org.sleuthkit.datamodel.Blackboard.newAnalysisResult
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
Definition: Blackboard.java:178
org.sleuthkit.datamodel.BlackboardArtifact.newDataArtifact
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId)
Definition: BlackboardArtifact.java:744
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED
TSK_DATETIME_ACCESSED
Definition: BlackboardAttribute.java:1118
org.sleuthkit.datamodel.BlackboardArtifact.getAllArtifacts
ArrayList< BlackboardArtifact > getAllArtifacts()
Definition: BlackboardArtifact.java:492
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getCategory
Category getCategory()
Definition: BlackboardArtifact.java:1913
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM
TSK_PHONE_NUMBER_FROM
Definition: BlackboardAttribute.java:1272
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED
TSK_DATETIME_CREATED
Definition: BlackboardAttribute.java:1242
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getTypeID
int getTypeID()
Definition: BlackboardArtifact.java:1895
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE
Definition: BlackboardAttribute.java:1014
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED
TSK_DATETIME_MODIFIED
Definition: BlackboardAttribute.java:1245
org.sleuthkit.datamodel.BlackboardArtifact.getArtifactsCount
long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:621
org.sleuthkit.datamodel.BlackboardArtifact.newDataArtifact
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList)
Definition: BlackboardArtifact.java:749
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_TO
TSK_EMAIL_TO
Definition: BlackboardAttribute.java:1146
org.sleuthkit.datamodel.BlackboardArtifact.getGenInfoAttributes
ArrayList< BlackboardAttribute > getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type)
Definition: BlackboardArtifact.java:674
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE
Definition: BlackboardArtifact.java:1475
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_FROM
TSK_EMAIL_FROM
Definition: BlackboardAttribute.java:1155
org.sleuthkit.datamodel.Content.getUniquePath
String getUniquePath()
org.sleuthkit.datamodel.BlackboardArtifact.newArtifact
BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: BlackboardArtifact.java:766
org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus
void setReviewStatus(BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus)
Definition: SleuthkitCase.java:10958

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.