19 package org.sleuthkit.datamodel;
21 import java.io.Serializable;
22 import java.io.UnsupportedEncodingException;
23 import java.sql.SQLException;
24 import java.text.MessageFormat;
25 import java.util.ArrayList;
26 import java.util.Collection;
27 import java.util.Collections;
28 import java.util.HashMap;
29 import java.util.HashSet;
30 import java.util.List;
32 import java.util.Objects;
33 import java.util.ResourceBundle;
35 import java.util.stream.Collectors;
36 import java.util.stream.Stream;
55 private static final ResourceBundle bundle = ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle");
56 private final long artifactId;
57 private final long sourceObjId;
58 private final long artifactObjId;
59 private final Long dataSourceObjId;
60 private final int artifactTypeId;
61 private final String artifactTypeName;
62 private final String displayName;
65 private final List<BlackboardAttribute> attrsCache =
new ArrayList<BlackboardAttribute>();
66 private boolean loadedCacheFromDb =
false;
67 private volatile Content parent;
68 private volatile String uniquePath;
70 private byte[] contentBytes = null;
72 private volatile boolean checkedHasChildren;
74 private volatile int childrenCount;
96 BlackboardArtifact(
SleuthkitCase sleuthkitCase,
long artifactID,
long sourceObjId,
long artifactObjId, Long dataSourceObjId,
int artifactTypeID, String artifactTypeName, String displayName,
ReviewStatus reviewStatus) {
98 this.sleuthkitCase = sleuthkitCase;
99 this.artifactId = artifactID;
100 this.sourceObjId = sourceObjId;
101 this.artifactObjId = artifactObjId;
102 this.artifactTypeId = artifactTypeID;
103 this.dataSourceObjId = dataSourceObjId;
104 this.artifactTypeName = artifactTypeName;
105 this.displayName = displayName;
106 this.reviewStatus = reviewStatus;
108 this.checkedHasChildren =
false;
109 this.hasChildren =
false;
110 this.childrenCount = -1;
134 BlackboardArtifact(
SleuthkitCase sleuthkitCase,
long artifactID,
long sourceObjId,
long artifactObjID, Long dataSourceObjID,
int artifactTypeID, String artifactTypeName, String displayName,
ReviewStatus reviewStatus,
boolean isNew) {
135 this(sleuthkitCase, artifactID, sourceObjId, artifactObjID, dataSourceObjID, artifactTypeID, artifactTypeName, displayName, reviewStatus);
142 this.loadedCacheFromDb =
true;
153 return sleuthkitCase;
162 return this.artifactId;
172 return this.sourceObjId;
180 Long getDataSourceObjectID() {
181 return this.dataSourceObjId;
190 return this.artifactTypeId;
200 if (standardTypesValue != null) {
201 return standardTypesValue;
213 return this.artifactTypeName;
222 return this.displayName;
234 StringBuilder shortDescription =
new StringBuilder(
"");
237 case TSK_WIFI_NETWORK_ADAPTER:
240 case TSK_WIFI_NETWORK:
243 case TSK_REMOTE_DRIVE:
246 case TSK_SERVICE_ACCOUNT:
247 case TSK_SCREEN_SHOTS:
248 case TSK_DELETED_PROG:
251 case TSK_PROG_NOTIFICATIONS:
253 case TSK_RECENT_OBJECT:
254 case TSK_USER_DEVICE_EVENT:
255 case TSK_WEB_SEARCH_QUERY:
258 case TSK_BLUETOOTH_PAIRING:
264 case TSK_WEB_CATEGORIZATION:
265 case TSK_BLUETOOTH_ADAPTER:
267 case TSK_GPS_BOOKMARK:
268 case TSK_GPS_LAST_KNOWN_LOCATION:
272 case TSK_WEB_FORM_AUTOFILL:
275 case TSK_WEB_ACCOUNT_TYPE:
278 case TSK_HASHSET_HIT:
279 case TSK_INTERESTING_ARTIFACT_HIT:
280 case TSK_INTERESTING_FILE_HIT:
284 case TSK_ENCRYPTION_DETECTED:
285 case TSK_ENCRYPTION_SUSPECTED:
286 case TSK_OBJECT_DETECTED:
287 case TSK_USER_CONTENT_SUSPECTED:
288 case TSK_VERIFICATION_FAILED:
291 case TSK_DATA_SOURCE_USAGE:
292 case TSK_CALENDAR_ENTRY:
295 case TSK_WEB_BOOKMARK:
297 case TSK_WEB_DOWNLOAD:
298 case TSK_WEB_HISTORY:
302 case TSK_KEYWORD_HIT:
305 case TSK_DEVICE_ATTACHED:
311 case TSK_SPEED_DIAL_ENTRY:
312 case TSK_WEB_FORM_ADDRESS:
356 shortDescription.append(
" ");
357 shortDescription.append(MessageFormat.format(bundle.getString(
"BlackboardArtifact.shortDescriptionDate.text"), date.
getDisplayString()));
384 reviewStatus = newStatus;
399 attribute.setArtifactId(artifactId);
402 attrsCache.add(attribute);
414 ArrayList<BlackboardAttribute> attributes;
415 if (
false == loadedCacheFromDb) {
418 attrsCache.addAll(attributes);
419 loadedCacheFromDb =
true;
421 attributes =
new ArrayList<BlackboardAttribute>(attrsCache);
443 if (attribute.getAttributeType().equals(attributeType)) {
460 if (attributes.isEmpty()) {
464 attribute.setArtifactId(artifactId);
468 attrsCache.addAll(attributes);
488 if (Objects.isNull(attributes) || attributes.isEmpty()) {
489 throw new TskCoreException(
"Illegal argument passed to addAttributes: null or empty attributes passed to addAttributes");
491 if (Objects.isNull(caseDbTransaction)) {
492 throw new TskCoreException(
"Illegal argument passed to addAttributes: null caseDbTransaction passed to addAttributes");
496 attribute.setArtifactId(artifactId);
498 getSleuthkitCase().addBlackBoardAttribute(attribute, artifactTypeId, caseDbTransaction.getConnection());
500 attrsCache.addAll(attributes);
501 }
catch (SQLException ex) {
502 throw new TskCoreException(
"Error adding blackboard attributes", ex);
517 if (uniquePath == null) {
518 String tempUniquePath =
"";
520 if (myParent != null) {
525 uniquePath = tempUniquePath;
532 if (parent == null) {
548 return new ArrayList<BlackboardArtifact>();
558 return sleuthkitCase.
getBlackboard().getDataArtifactsBySource(artifactObjId);
585 return new ArrayList<BlackboardArtifact>();
601 return new ArrayList<BlackboardArtifact>();
616 return new ArrayList<BlackboardArtifact>();
730 return new ArrayList<>();
743 return new HashSet<String>();
761 throw new TskCoreException(
"Cannot create artifact of an artifact. Not supported.");
794 throw new TskCoreException(
"Cannot create data artifact of an artifact. Not supported.");
799 throw new TskCoreException(
"Cannot create data artifact of an artifact. Not supported.");
821 throw new TskCoreException(
"Cannot create artifact of an artifact. Not supported.");
834 return visitor.
visit(
this);
846 if (
object == null) {
849 if (getClass() !=
object.getClass()) {
864 hash = 41 * hash + (int) (this.artifactId ^ (this.artifactId >>> 32));
875 return "BlackboardArtifact{" +
"artifactID=" + artifactId +
", objID=" +
getObjectID() +
", artifactObjID=" + artifactObjId +
", artifactTypeID=" + artifactTypeId +
", artifactTypeName=" + artifactTypeName +
", displayName=" + displayName +
", Case=" +
getSleuthkitCase() +
'}';
890 return visitor.
visit(
this);
902 if (contentBytes == null) {
904 loadArtifactContent();
910 return contentBytes.length;
937 if (contentBytes == null) {
938 loadArtifactContent();
941 if (0 == contentBytes.length) {
946 long readLen = Math.min(contentBytes.length - offset, len);
947 System.arraycopy(contentBytes, 0, buf, 0, (
int) readLen);
949 return (
int) readLen;
969 StringBuilder artifactContents =
new StringBuilder();
974 }
catch (TskCoreException ex) {
975 throw new TskCoreException(
"Unable to get datasource for artifact: " + this.
toString(), ex);
977 if (dataSource == null) {
978 throw new TskCoreException(
"Datasource was null for artifact: " + this.
toString());
983 artifactContents.append(attribute.getAttributeType().getDisplayName());
984 artifactContents.append(
" : ");
985 artifactContents.append(attribute.getDisplayString());
986 artifactContents.append(System.lineSeparator());
988 }
catch (TskCoreException ex) {
989 throw new TskCoreException(
"Unable to get attributes for artifact: " + this.
toString(), ex);
993 contentBytes = artifactContents.toString().getBytes(
"UTF-8");
994 }
catch (UnsupportedEncodingException ex) {
995 throw new TskCoreException(
"Failed to convert artifact string to bytes for artifact: " + this.
toString(), ex);
1003 public static final class Type implements Serializable {
1005 private static final long serialVersionUID = 1L;
1364 static final Map<Integer, Type> STANDARD_TYPES = Collections.unmodifiableMap(Stream.of(
1374 TSK_DEVICE_ATTACHED,
1375 TSK_INTERESTING_FILE_HIT,
1378 TSK_WEB_SEARCH_QUERY,
1381 TSK_SERVICE_ACCOUNT,
1386 TSK_SPEED_DIAL_ENTRY,
1387 TSK_BLUETOOTH_PAIRING,
1389 TSK_GPS_LAST_KNOWN_LOCATION,
1392 TSK_ENCRYPTION_DETECTED,
1393 TSK_EXT_MISMATCH_DETECTED,
1394 TSK_INTERESTING_ARTIFACT_HIT,
1399 TSK_ENCRYPTION_SUSPECTED,
1400 TSK_OBJECT_DETECTED,
1404 TSK_BLUETOOTH_ADAPTER,
1405 TSK_WIFI_NETWORK_ADAPTER,
1406 TSK_VERIFICATION_FAILED,
1407 TSK_DATA_SOURCE_USAGE,
1408 TSK_WEB_FORM_AUTOFILL,
1409 TSK_WEB_FORM_ADDRESS,
1412 TSK_CLIPBOARD_CONTENT,
1413 TSK_ASSOCIATED_OBJECT,
1414 TSK_USER_CONTENT_SUSPECTED,
1417 TSK_WEB_ACCOUNT_TYPE,
1419 TSK_PROG_NOTIFICATIONS,
1422 TSK_USER_DEVICE_EVENT,
1425 TSK_WEB_CATEGORIZATION,
1426 TSK_PREVIOUSLY_SEEN,
1427 TSK_PREVIOUSLY_UNSEEN,
1428 TSK_PREVIOUSLY_NOTABLE
1429 ).collect(Collectors.toMap(type -> type.getTypeID(), type -> type)));
1431 private final String typeName;
1432 private final int typeID;
1433 private final String displayName;
1444 Type(
int typeID, String typeName, String displayName,
Category category) {
1445 this.typeID = typeID;
1446 this.typeName = typeName;
1447 this.displayName = displayName;
1448 this.category = category;
1466 return this.typeName;
1484 return this.displayName;
1507 }
else if (!(that instanceof
Type)) {
1510 return ((Type) that).sameType(
this);
1521 private boolean sameType(
Type that) {
1535 hash = 83 * hash + Objects.hashCode(this.typeID);
1536 hash = 83 * hash + Objects.hashCode(this.displayName);
1537 hash = 83 * hash + Objects.hashCode(this.typeName);
1552 TSK_GEN_INFO(1,
"TSK_GEN_INFO",
1559 TSK_WEB_BOOKMARK(2,
"TSK_WEB_BOOKMARK",
1566 TSK_WEB_COOKIE(3,
"TSK_WEB_COOKIE",
1573 TSK_WEB_HISTORY(4,
"TSK_WEB_HISTORY",
1580 TSK_WEB_DOWNLOAD(5,
"TSK_WEB_DOWNLOAD",
1585 TSK_RECENT_OBJECT(6,
"TSK_RECENT_OBJ",
1593 TSK_GPS_TRACKPOINT(7,
"TSK_GPS_TRACKPOINT",
1598 TSK_INSTALLED_PROG(8,
"TSK_INSTALLED_PROG",
1603 TSK_KEYWORD_HIT(9,
"TSK_KEYWORD_HIT",
1608 TSK_HASHSET_HIT(10,
"TSK_HASHSET_HIT",
1613 TSK_DEVICE_ATTACHED(11,
"TSK_DEVICE_ATTACHED",
1619 TSK_INTERESTING_FILE_HIT(12,
"TSK_INTERESTING_FILE_HIT",
1624 TSK_EMAIL_MSG(13,
"TSK_EMAIL_MSG",
1629 TSK_EXTRACTED_TEXT(14,
"TSK_EXTRACTED_TEXT",
1634 TSK_WEB_SEARCH_QUERY(15,
"TSK_WEB_SEARCH_QUERY",
1639 TSK_METADATA_EXIF(16,
"TSK_METADATA_EXIF",
1647 TSK_TAG_FILE(17,
"TSK_TAG_FILE",
1655 TSK_TAG_ARTIFACT(18,
"TSK_TAG_ARTIFACT",
1660 TSK_OS_INFO(19,
"TSK_OS_INFO",
1666 TSK_OS_ACCOUNT(20,
"TSK_OS_ACCOUNT",
1671 TSK_SERVICE_ACCOUNT(21,
"TSK_SERVICE_ACCOUNT",
1679 TSK_TOOL_OUTPUT(22,
"TSK_TOOL_OUTPUT",
1687 TSK_CONTACT(23,
"TSK_CONTACT",
1695 TSK_MESSAGE(24,
"TSK_MESSAGE",
1703 TSK_CALLLOG(25,
"TSK_CALLLOG",
1708 TSK_CALENDAR_ENTRY(26,
"TSK_CALENDAR_ENTRY",
1713 TSK_SPEED_DIAL_ENTRY(27,
"TSK_SPEED_DIAL_ENTRY",
1718 TSK_BLUETOOTH_PAIRING(28,
"TSK_BLUETOOTH_PAIRING",
1723 TSK_GPS_BOOKMARK(29,
"TSK_GPS_BOOKMARK",
1728 TSK_GPS_LAST_KNOWN_LOCATION(30,
"TSK_GPS_LAST_KNOWN_LOCATION",
1733 TSK_GPS_SEARCH(31,
"TSK_GPS_SEARCH",
1738 TSK_PROG_RUN(32,
"TSK_PROG_RUN",
1743 TSK_ENCRYPTION_DETECTED(33,
"TSK_ENCRYPTION_DETECTED",
1748 TSK_EXT_MISMATCH_DETECTED(34,
"TSK_EXT_MISMATCH_DETECTED",
1754 TSK_INTERESTING_ARTIFACT_HIT(35,
"TSK_INTERESTING_ARTIFACT_HIT",
1761 TSK_GPS_ROUTE(36,
"TSK_GPS_ROUTE",
1766 TSK_REMOTE_DRIVE(37,
"TSK_REMOTE_DRIVE",
1771 TSK_FACE_DETECTED(38,
"TSK_FACE_DETECTED",
1776 TSK_ACCOUNT(39,
"TSK_ACCOUNT",
1781 TSK_ENCRYPTION_SUSPECTED(40,
"TSK_ENCRYPTION_SUSPECTED",
1786 TSK_OBJECT_DETECTED(41,
"TSK_OBJECT_DETECTED",
1791 TSK_WIFI_NETWORK(42,
"TSK_WIFI_NETWORK",
1796 TSK_DEVICE_INFO(43,
"TSK_DEVICE_INFO",
1801 TSK_SIM_ATTACHED(44,
"TSK_SIM_ATTACHED",
1806 TSK_BLUETOOTH_ADAPTER(45,
"TSK_BLUETOOTH_ADAPTER",
1811 TSK_WIFI_NETWORK_ADAPTER(46,
"TSK_WIFI_NETWORK_ADAPTER",
1816 TSK_VERIFICATION_FAILED(47,
"TSK_VERIFICATION_FAILED",
1821 TSK_DATA_SOURCE_USAGE(48,
"TSK_DATA_SOURCE_USAGE",
1828 TSK_WEB_FORM_AUTOFILL(49,
"TSK_WEB_FORM_AUTOFILL",
1835 TSK_WEB_FORM_ADDRESS(50,
"TSK_WEB_FORM_ADDRESSES ",
1844 TSK_DOWNLOAD_SOURCE(51,
"TSK_DOWNLOAD_SOURCE",
1849 TSK_WEB_CACHE(52,
"TSK_WEB_CACHE",
1854 TSK_TL_EVENT(53,
"TSK_TL_EVENT",
1859 TSK_CLIPBOARD_CONTENT(54,
"TSK_CLIPBOARD_CONTENT",
1864 TSK_ASSOCIATED_OBJECT(55,
"TSK_ASSOCIATED_OBJECT",
1869 TSK_USER_CONTENT_SUSPECTED(56,
"TSK_USER_CONTENT_SUSPECTED",
1874 TSK_METADATA(57,
"TSK_METADATA",
1881 TSK_GPS_TRACK(58,
"TSK_GPS_TRACK",
1886 TSK_WEB_ACCOUNT_TYPE(59,
"TSK_WEB_ACCOUNT_TYPE",
1891 TSK_SCREEN_SHOTS(60,
"TSK_SCREEN_SHOTS",
1896 TSK_PROG_NOTIFICATIONS(62,
"TSK_PROG_NOTIFICATIONS",
1901 TSK_BACKUP_EVENT(63,
"TSK_BACKUP_EVENT",
1906 TSK_DELETED_PROG(64,
"TSK_DELETED_PROG",
1911 TSK_USER_DEVICE_EVENT(65,
"TSK_USER_DEVICE_EVENT",
1916 TSK_YARA_HIT(66,
"TSK_YARA_HIT",
1921 TSK_GPS_AREA(67,
"TSK_GPS_AREA",
1923 TSK_WEB_CATEGORIZATION(68,
"TSK_WEB_CATEGORIZATION",
1928 TSK_PREVIOUSLY_SEEN(69,
"TSK_PREVIOUSLY_SEEN",
1933 TSK_PREVIOUSLY_UNSEEN(70,
"TSK_PREVIOUSLY_UNSEEN",
1938 TSK_PREVIOUSLY_NOTABLE(71,
"TSK_PREVIOUSLY_NOTABLE",
1947 private final String label;
1948 private final int typeId;
1949 private final String displayName;
1959 private ARTIFACT_TYPE(
int typeId, String label, String displayName) {
1972 this.typeId = typeId;
1974 this.displayName = displayName;
1975 this.category = category;
2002 return this.category;
2015 if (value.getLabel().equals(label)) {
2019 throw new IllegalArgumentException(
"No ARTIFACT_TYPE matching type: " + label);
2034 if (value.getTypeID() == id) {
2038 throw new IllegalArgumentException(
"No ARTIFACT_TYPE matching type: " +
id);
2063 return visitor.
visit(
this);
2077 DATA_ARTIFACT(0,
"DATA_ARTIFACT", ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle").getString(
"CategoryType.DataArtifact")),
2078 ANALYSIS_RESULT(1,
"ANALYSIS_RESULT", ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle").getString(
"CategoryType.AnalysisResult"));
2080 private final Integer id;
2081 private final String name;
2082 private final String displayName;
2084 private final static Map<Integer, Category> idToCategory =
new HashMap<Integer, Category>();
2088 idToCategory.put(status.getID(), status);
2099 private Category(Integer
id, String name, String displayName) {
2102 this.displayName = displayName;
2113 return idToCategory.get(
id);
2153 private final Integer id;
2154 private final String name;
2155 private final String displayName;
2156 private final static Map<Integer, ReviewStatus> idToStatus =
new HashMap<Integer, ReviewStatus>();
2160 idToStatus.put(status.getID(), status);
2172 private ReviewStatus(Integer
id, String name, String displayNameKey) {
2175 this.displayName = ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle").getString(displayNameKey);
2186 return idToStatus.get(
id);
2239 protected BlackboardArtifact(
SleuthkitCase sleuthkitCase,
long artifactID,
long objID,
long artifactObjID,
long dataSourceObjId,
int artifactTypeID, String artifactTypeName, String displayName) {
2240 this(sleuthkitCase, artifactID, objID, artifactObjID, dataSourceObjId, artifactTypeID, artifactTypeName, displayName,
ReviewStatus.
UNDECIDED);
2259 if (loadedCacheFromDb ==
false) {
2262 attrsCache.addAll(attrs);
2263 loadedCacheFromDb =
true;
2265 ArrayList<BlackboardAttribute> filteredAttributes =
new ArrayList<BlackboardAttribute>();
2267 if (attr.getAttributeType().getTypeID() == attributeType.getTypeID()) {
2268 filteredAttributes.add(attr);
2271 return filteredAttributes;
2276 return this.artifactObjId;
2289 List<Long> childrenIDs =
new ArrayList<Long>();
2291 childrenIDs.addAll(
getSleuthkitCase().getBlackboardArtifactChildrenIds(
this));
2298 if (childrenCount != -1) {
2299 return childrenCount;
2304 hasChildren = childrenCount > 0;
2305 checkedHasChildren =
true;
2307 return childrenCount;
2312 if (checkedHasChildren ==
true) {
2318 hasChildren = childrenCount > 0;
2319 checkedHasChildren =
true;
2334 List<Content> children =
new ArrayList<>();
static ARTIFACT_TYPE fromID(int id)
static final Type TSK_GPS_LAST_KNOWN_LOCATION
long getAllArtifactsCount()
ArrayList< BlackboardArtifact > getArtifacts(int artifactTypeID)
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
static ARTIFACT_TYPE fromLabel(String label)
static final Type TSK_WEB_DOWNLOAD
static final Type TSK_SPEED_DIAL_ENTRY
static final Type TSK_CLIPBOARD_CONTENT
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId)
void addBlackboardAttributes(Collection< BlackboardAttribute > attributes, int artifactTypeId)
CaseDbTransaction beginTransaction()
static final Type TSK_INSTALLED_PROG
static final Type TSK_WEB_ACCOUNT_TYPE
static final Type TSK_SCREEN_SHOTS
static final Type TSK_RECENT_OBJECT
static final Type TSK_SIM_ATTACHED
static final Type TSK_METADATA
Blackboard getBlackboard()
static final Type TSK_KEYWORD_HIT
static Category fromID(int id)
String getArtifactTypeName()
void addAttributes(Collection< BlackboardAttribute > attributes)
static final Type TSK_GPS_ROUTE
void addBlackboardAttribute(BlackboardAttribute attr, int artifactTypeId)
static final Type TSK_TL_EVENT
List< BlackboardAttribute > getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType)
static final Type TSK_WEB_HISTORY
static final Type TSK_DATA_SOURCE_USAGE
static final Type TSK_SERVICE_ACCOUNT
static final Type TSK_INTERESTING_ARTIFACT_HIT
static final Type TSK_DEVICE_ATTACHED
static final Type TSK_CALENDAR_ENTRY
static final Type TSK_OBJECT_DETECTED
long getArtifactsCount(int artifactTypeID)
Content getContentById(long id)
BlackboardArtifact getGenInfoArtifact()
static final Type TSK_WEB_CATEGORIZATION
static final Type TSK_EXT_MISMATCH_DETECTED
static final Type TSK_DELETED_PROG
final int read(byte[] buf, long offset, long len)
String getShortDescription()
SleuthkitCase getSleuthkitCase()
static final Type TSK_GPS_AREA
void addAttribute(BlackboardAttribute attribute)
boolean equals(Object object)
ReviewStatus getReviewStatus()
List< AnalysisResult > getAnalysisResults(long sourceObjId)
static final Type TSK_PREVIOUSLY_UNSEEN
BlackboardArtifact.Type getType()
ArrayList< BlackboardArtifact > getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type)
static final Type TSK_GPS_BOOKMARK
List< AnalysisResult > getAllAnalysisResults()
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
static final Type TSK_PREVIOUSLY_SEEN
Set< String > getHashSetNames()
static final Type TSK_ENCRYPTION_DETECTED
static final Type TSK_BACKUP_EVENT
static final Type TSK_PROG_RUN
public< T > T accept(SleuthkitItemVisitor< T > visitor)
void addAttributes(Collection< BlackboardAttribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction)
static final Type TSK_USER_DEVICE_EVENT
String getDisplayString()
BlackboardArtifact newArtifact(int artifactTypeID)
static final Type TSK_VERIFICATION_FAILED
static final Type TSK_REMOTE_DRIVE
static final Type TSK_YARA_HIT
static final Type TSK_PREVIOUSLY_NOTABLE
static final Type TSK_GPS_SEARCH
BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType)
static final Type TSK_ACCOUNT
static final Type TSK_WEB_FORM_AUTOFILL
List< Long > getChildrenIds()
static final Type TSK_WEB_CACHE
static final Type TSK_WEB_FORM_ADDRESS
long getArtifactsCount(String artifactTypeName)
static final Type TSK_CALLLOG
static final Type TSK_EXTRACTED_TEXT
List< AnalysisResult > getAnalysisResults(BlackboardArtifact.Type artifactType)
static final Type TSK_METADATA_EXIF
BlackboardArtifact getGenInfoArtifact(boolean create)
BlackboardArtifact.Type getArtifactType(String artTypeName)
static final Type TSK_BLUETOOTH_PAIRING
static final Type TSK_GEN_INFO
List< DataArtifact > getAllDataArtifacts()
BlackboardAttribute.Type getAttributeType()
static final Type TSK_DEVICE_INFO
static final Type TSK_USER_CONTENT_SUSPECTED
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId)
ArrayList< BlackboardArtifact > getArtifacts(String artifactTypeName)
Score getAggregateScore()
static final Type TSK_CONTACT
List< BlackboardAttribute > getAttributes()
BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName)
List< Content > getChildren()
static final Type TSK_HASHSET_HIT
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
static final Type TSK_WEB_SEARCH_QUERY
static final Type TSK_WIFI_NETWORK_ADAPTER
static final Type TSK_PROG_NOTIFICATIONS
boolean equals(Object that)
static final Type TSK_WEB_BOOKMARK
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId)
static final Type TSK_ASSOCIATED_OBJECT
ArrayList< BlackboardArtifact > getAllArtifacts()
static final Type TSK_EMAIL_MSG
void setReviewStatus(ReviewStatus newStatus)
long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type)
static final Type TSK_WEB_COOKIE
static final Type TSK_GPS_TRACK
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList)
static final Type TSK_OS_INFO
static final Type TSK_WIFI_NETWORK
ArrayList< BlackboardAttribute > getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type)
static ReviewStatus withID(int id)
static final Type TSK_MESSAGE
static final Type TSK_FACE_DETECTED
static final Type TSK_BLUETOOTH_ADAPTER
Score getAggregateScore(long objId)
static final Type TSK_ENCRYPTION_SUSPECTED
ScoringManager getScoringManager()
static final Type TSK_INTERESTING_FILE_HIT
BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type)
void setReviewStatus(BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus)