Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Classes | |
class | ArtifactsPostedEvent |
class | BlackboardException |
Public Member Functions | |
boolean | artifactExists (Content content, BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributes) throws TskCoreException |
boolean | artifactExists (Content content, BlackboardArtifact.ARTIFACT_TYPE artifactType, Collection< BlackboardAttribute > attributes) throws TskCoreException |
Score | deleteAnalysisResult (AnalysisResult analysisResult) throws TskCoreException |
Score | deleteAnalysisResult (long artifactObjId, CaseDbTransaction transaction) throws TskCoreException |
AnalysisResult | getAnalysisResultById (long artifactObjId) throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (long dataSourceObjId, Integer artifactTypeID) throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (long sourceObjId) throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (long sourceObjId, int artifactTypeId) throws TskCoreException |
List< AnalysisResult > | getAnalysisResultsByType (int artifactTypeId) throws TskCoreException |
List< AnalysisResult > | getAnalysisResultsByType (int artifactTypeId, long dataSourceObjId) throws TskCoreException |
List< AnalysisResult > | getAnalysisResultsWhere (String whereClause) throws TskCoreException |
List< BlackboardArtifact > | getArtifacts (int artifactTypeID, long dataSourceObjId) throws TskCoreException |
List< BlackboardArtifact > | getArtifacts (Collection< BlackboardArtifact.Type > artifactTypes, Collection< Long > dataSourceObjIds) throws TskCoreException |
List< BlackboardArtifact > | getArtifacts (BlackboardArtifact.Type artifactType, BlackboardAttribute.Type attributeType, String value, Long dataSourceObjId, boolean showRejected) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID, long dataSourceObjId) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
BlackboardArtifact.Type | getArtifactType (String artTypeName) throws TskCoreException |
BlackboardArtifact.Type | getArtifactType (int artTypeId) throws TskCoreException |
List< BlackboardArtifact.Type > | getArtifactTypesInUse (long dataSourceObjId) throws TskCoreException |
BlackboardAttribute.Type | getAttributeType (String attrTypeName) throws TskCoreException |
ArrayList< BlackboardAttribute > | getBlackboardAttributes (final BlackboardArtifact artifact) throws TskCoreException |
DataArtifact | getDataArtifactById (long artifactObjId) throws TskCoreException |
List< DataArtifact > | getDataArtifacts (long dataSourceObjId, Integer artifactTypeID) throws TskCoreException |
List< DataArtifact > | getDataArtifacts (int artifactTypeID, long dataSourceObjId) throws TskCoreException |
List< DataArtifact > | getDataArtifacts (int artifactTypeID) throws TskCoreException |
List< DataArtifact > | getDataArtifactsWhere (String whereClause) throws TskCoreException |
List< BlackboardArtifact > | getExactMatchKeywordSearchResults (String keyword, TskData.KeywordSearchQueryType searchType, String kwsListName, Long dataSourceId) throws TskCoreException |
List< BlackboardArtifact > | getKeywordSearchResults (String keyword, String regex, TskData.KeywordSearchQueryType searchType, String kwsListName, Long dataSourceId) throws TskCoreException |
BlackboardArtifact.Type | getOrAddArtifactType (String typeName, String displayName) throws BlackboardException |
BlackboardArtifact.Type | getOrAddArtifactType (String typeName, String displayName, BlackboardArtifact.Category category) throws BlackboardException |
synchronized BlackboardAttribute.Type | getOrAddAttributeType (String typeName, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName) throws BlackboardException |
boolean | hasAnalysisResults (long sourceObjId) throws TskCoreException |
boolean | hasDataArtifacts (long sourceObjId) throws TskCoreException |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws BlackboardException, TskCoreException |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, CaseDbTransaction transaction) throws BlackboardException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, long sourceObjId, Long dataSourceObjId, Collection< BlackboardAttribute > attributes, Long osAccountId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, long sourceObjId, Long dataSourceObjId, Collection< BlackboardAttribute > attributes, Long osAccountObjId, final CaseDbTransaction transaction) throws TskCoreException |
void | postArtifact (BlackboardArtifact artifact, String moduleName) throws BlackboardException |
void | postArtifact (BlackboardArtifact artifact, String moduleName, Long ingestJobId) throws BlackboardException |
void | postArtifacts (Collection< BlackboardArtifact > artifacts, String moduleName) throws BlackboardException |
void | postArtifacts (Collection< BlackboardArtifact > artifacts, String moduleName, Long ingestJobId) throws BlackboardException |
A representation of the blackboard, a place where artifacts and their attributes are posted.
Definition at line 53 of file Blackboard.java.
boolean org.sleuthkit.datamodel.Blackboard.artifactExists | ( | Content | content, |
BlackboardArtifact.Type | artifactType, | ||
Collection< BlackboardAttribute > | attributes | ||
) | throws TskCoreException |
Determines whether or not an artifact of a given type with a given set of attributes already exists for a given content.
content | The content. |
artifactType | The artifact type. |
attributes | The attributes. |
TskCoreException | The exception is thrown if there is an issue querying the case database. |
Definition at line 2012 of file Blackboard.java.
Referenced by org.sleuthkit.datamodel.Blackboard.artifactExists().
boolean org.sleuthkit.datamodel.Blackboard.artifactExists | ( | Content | content, |
BlackboardArtifact.ARTIFACT_TYPE | artifactType, | ||
Collection< BlackboardAttribute > | attributes | ||
) | throws TskCoreException |
Determines whether or not an artifact of a given type with a given set of attributes already exists for a given content.
content | The content. |
artifactType | The artifact type. |
attributes | The attributes. |
TskCoreException | The exception is thrown if there is an issue querying the case database. |
Definition at line 2038 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.artifactExists(), and org.sleuthkit.datamodel.Blackboard.getArtifactType().
Score org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult | ( | AnalysisResult | analysisResult | ) | throws TskCoreException |
Delete the specified analysis result.
Deletes the result from blackboard_artifacts and tsk_analysis_results, and recalculates and updates the aggregate score of the content. Fires an event to indicate that the analysis result has been deleted and that the score of the item has changed.
analysisResult | AnalysisResult to delete. |
TskCoreException |
Definition at line 904 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult().
Score org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult | ( | long | artifactObjId, |
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Delete the specified analysis result.
Deletes the result from blackboard_artifacts and tsk_analysis_results, and recalculates and updates the aggregate score of the content.
artifactObjId | Artifact Obj Id to be deleted |
transaction |
TskCoreException |
Definition at line 933 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult(), and org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere().
AnalysisResult org.sleuthkit.datamodel.Blackboard.getAnalysisResultById | ( | long | artifactObjId | ) | throws TskCoreException |
Get the analysis results by its artifact_obj_id.
artifactObjId | Artifact object id of the analysis result. |
TskCoreException | If a critical error occurred within TSK core. |
Definition at line 1249 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId(), and org.sleuthkit.datamodel.SleuthkitCase.getArtifactById().
List<AnalysisResult> org.sleuthkit.datamodel.Blackboard.getAnalysisResults | ( | long | dataSourceObjId, |
Integer | artifactTypeID | ||
) | throws TskCoreException |
Gets all analysis results of a given type for a given data source. To get all the analysis results for the data source, pass null for the type ID.
dataSourceObjId | The object ID of the data source. |
artifactTypeID | The type ID of the desired analysis results or null. |
TskCoreException | This exception is thrown if there is an error querying the case database. |
Definition at line 1046 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Report.getAllAnalysisResults(), org.sleuthkit.datamodel.AbstractContent.getAllAnalysisResults(), org.sleuthkit.datamodel.BlackboardArtifact.getAllAnalysisResults(), org.sleuthkit.datamodel.Report.getAnalysisResults(), org.sleuthkit.datamodel.AbstractContent.getAnalysisResults(), and org.sleuthkit.datamodel.BlackboardArtifact.getAnalysisResults().
List<AnalysisResult> org.sleuthkit.datamodel.Blackboard.getAnalysisResults | ( | long | sourceObjId | ) | throws TskCoreException |
Get all analysis results for a given object.
sourceObjId | Object id. |
TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1069 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere().
List<AnalysisResult> org.sleuthkit.datamodel.Blackboard.getAnalysisResults | ( | long | sourceObjId, |
int | artifactTypeId | ||
) | throws TskCoreException |
Get analysis results of the given type, for the given object.
sourceObjId | Object id. |
artifactTypeId | Result type to get. |
TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1181 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere(), and org.sleuthkit.datamodel.Blackboard.getArtifactType().
List<AnalysisResult> org.sleuthkit.datamodel.Blackboard.getAnalysisResultsByType | ( | int | artifactTypeId | ) | throws TskCoreException |
Get all analysis results of given artifact type.
artifactTypeId | The artifact type id for which to search. |
TskCoreException | Exception thrown if a critical error occurs within TSK core. |
Definition at line 1014 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere().
List<AnalysisResult> org.sleuthkit.datamodel.Blackboard.getAnalysisResultsByType | ( | int | artifactTypeId, |
long | dataSourceObjId | ||
) | throws TskCoreException |
Get all analysis results of given artifact type.
artifactTypeId | The artifact type id for which to search. |
dataSourceObjId | Object Id of the data source to look under. |
TskCoreException | Exception thrown if a critical error occurs within TSK core. |
Definition at line 1029 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere().
List<AnalysisResult> org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere | ( | String | whereClause | ) | throws TskCoreException |
Get all analysis results matching the given where sub-clause.
whereClause | Where sub clause, specifies conditions to match. |
TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1204 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult(), org.sleuthkit.datamodel.Blackboard.getAnalysisResultById(), org.sleuthkit.datamodel.Blackboard.getAnalysisResults(), org.sleuthkit.datamodel.Blackboard.getAnalysisResultsByType(), org.sleuthkit.datamodel.Blackboard.getArtifacts(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact().
List<BlackboardArtifact> org.sleuthkit.datamodel.Blackboard.getArtifacts | ( | int | artifactTypeID, |
long | dataSourceObjId | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type. Does not included rejected artifacts.
artifactTypeID | artifact type to get |
dataSourceObjId | data source to look under |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1697 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.getArtifactType().
List<BlackboardArtifact> org.sleuthkit.datamodel.Blackboard.getArtifacts | ( | Collection< BlackboardArtifact.Type > | artifactTypes, |
Collection< Long > | dataSourceObjIds | ||
) | throws TskCoreException |
Get all blackboard artifacts of the given type(s) for the given data source(s). Does not included rejected artifacts.
artifactTypes | list of artifact types to get |
dataSourceObjIds | data sources to look under |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1714 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere(), and org.sleuthkit.datamodel.Blackboard.getDataArtifactsWhere().
List<BlackboardArtifact> org.sleuthkit.datamodel.Blackboard.getArtifacts | ( | BlackboardArtifact.Type | artifactType, |
BlackboardAttribute.Type | attributeType, | ||
String | value, | ||
Long | dataSourceObjId, | ||
boolean | showRejected | ||
) | throws TskCoreException |
Get all blackboard artifacts of the given type that contain attribute of given type and value, for a given data source(s).
artifactType | artifact type to get |
attributeType | attribute type to be included |
value | attribute value to be included. can be empty. |
dataSourceObjId | data source to look under. If Null, then search all data sources. |
showRejected | a flag whether to display rejected artifacts |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1777 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.Blackboard.getArtifactsCount | ( | int | artifactTypeID, |
long | dataSourceObjId | ||
) | throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given data source. Does not include rejected artifacts.
artifactTypeID | artifact type id (must exist in database) |
dataSourceObjId | data source object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1665 of file Blackboard.java.
long org.sleuthkit.datamodel.Blackboard.getArtifactsCount | ( | int | artifactTypeID | ) | throws TskCoreException |
Get count of all blackboard artifacts of a given type. Does not include rejected artifacts.
artifactTypeID | artifact type id (must exist in database) |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1681 of file Blackboard.java.
BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getArtifactType | ( | String | artTypeName | ) | throws TskCoreException |
Get the artifact type associated with an artifact type name.
artTypeName | An artifact type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 358 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Blackboard.artifactExists(), org.sleuthkit.datamodel.Blackboard.getAnalysisResults(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.Report.getArtifacts(), org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.Blackboard.getArtifacts(), org.sleuthkit.datamodel.Report.getArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.Blackboard.getDataArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType(), org.sleuthkit.datamodel.BlackboardArtifact.getType(), org.sleuthkit.datamodel.AbstractContent.newArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().
BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getArtifactType | ( | int | artTypeId | ) | throws TskCoreException |
Get the artifact type associated with an artifact type id.
artTypeId | An artifact type id. |
TskCoreException | If an error occurs accessing the case database or no value is found. |
Definition at line 400 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<BlackboardArtifact.Type> org.sleuthkit.datamodel.Blackboard.getArtifactTypesInUse | ( | long | dataSourceObjId | ) | throws TskCoreException |
Gets the list of all artifact types in use for the given data source. Gets both standard and custom types.
dataSourceObjId | data source object id |
TskCoreException | exception thrown if a critical error occurred within tsk core |
Definition at line 1623 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
BlackboardAttribute.Type org.sleuthkit.datamodel.Blackboard.getAttributeType | ( | String | attrTypeName | ) | throws TskCoreException |
Get the attribute type associated with an attribute type name.
attrTypeName | An attribute type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 278 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), and org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes().
ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.Blackboard.getBlackboardAttributes | ( | final BlackboardArtifact | artifact | ) | throws TskCoreException |
Get the list of attributes for the given artifact.
artifact | The artifact to load attributes for. |
TskCoreException |
Definition at line 442 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.getAttributes(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes().
DataArtifact org.sleuthkit.datamodel.Blackboard.getDataArtifactById | ( | long | artifactObjId | ) | throws TskCoreException |
Get the data artifact with the given artifact obj id.
artifactObjId | Object id of the data artifact to get. |
TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1409 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.Blackboard.getDataArtifactsWhere(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId(), and org.sleuthkit.datamodel.SleuthkitCase.getArtifactById().
List<DataArtifact> org.sleuthkit.datamodel.Blackboard.getDataArtifacts | ( | long | dataSourceObjId, |
Integer | artifactTypeID | ||
) | throws TskCoreException |
Gets all data artifacts of a given type for a given data source. To get all the data artifacts for the data source, pass null for the type ID.
dataSourceObjId | The object ID of the data source. |
artifactTypeID | The type ID of the desired artifacts or null. |
TskCoreException | This exception is thrown if there is an error querying the case database. |
Definition at line 1329 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.Blackboard.getDataArtifactsWhere(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<DataArtifact> org.sleuthkit.datamodel.Blackboard.getDataArtifacts | ( | int | artifactTypeID, |
long | dataSourceObjId | ||
) | throws TskCoreException |
Get all data artifacts of a given type for a given data source.
artifactTypeID | Artifact type to get. |
dataSourceObjId | Data source to look under. |
TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1353 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, org.sleuthkit.datamodel.Blackboard.getArtifactType(), org.sleuthkit.datamodel.Blackboard.getDataArtifactsWhere(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<DataArtifact> org.sleuthkit.datamodel.Blackboard.getDataArtifacts | ( | int | artifactTypeID | ) | throws TskCoreException |
Get all data artifacts of a given type.
artifactTypeID | Artifact type to get. |
TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1382 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, org.sleuthkit.datamodel.Blackboard.getArtifactType(), org.sleuthkit.datamodel.Blackboard.getDataArtifactsWhere(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<DataArtifact> org.sleuthkit.datamodel.Blackboard.getDataArtifactsWhere | ( | String | whereClause | ) | throws TskCoreException |
Get all data artifacts matching the given where sub-clause.
whereClause | SQL Where sub-clause, specifies conditions to match. |
TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1438 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Blackboard.getArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.Blackboard.getDataArtifactById(), and org.sleuthkit.datamodel.Blackboard.getDataArtifacts().
List<BlackboardArtifact> org.sleuthkit.datamodel.Blackboard.getExactMatchKeywordSearchResults | ( | String | keyword, |
TskData.KeywordSearchQueryType | searchType, | ||
String | kwsListName, | ||
Long | dataSourceId | ||
) | throws TskCoreException |
Returns a list of "Exact match / Literal" keyword hits blackboard artifacts according to the input conditions.
keyword | The keyword string to search for. This should always be populated unless you are trying to get all keyword hits of specific keyword search type or keyword list name. |
searchType | Type of keyword search query. |
kwsListName | (Optional) Name of the keyword list for which the search results are for. If not specified, then the results will be for ad-hoc keyword searches. |
dataSourceId | (Optional) Data source id of the target data source. If null, then the results will be for all data sources. |
TskCoreException | If an exception is encountered while running database query to obtain the keyword hits. |
Definition at line 1833 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.getKeywordSearchResults().
List<BlackboardArtifact> org.sleuthkit.datamodel.Blackboard.getKeywordSearchResults | ( | String | keyword, |
String | regex, | ||
TskData.KeywordSearchQueryType | searchType, | ||
String | kwsListName, | ||
Long | dataSourceId | ||
) | throws TskCoreException |
Returns a list of keyword hits blackboard artifacts according to the input conditions.
keyword | The keyword string to search for. This should always be populated unless you are trying to get all keyword hits of specific keyword search type or keyword list name. |
regex | For substring and regex keyword search types, the regex/substring query string should be specified as well as the keyword. It should be empty for literal exact match keyword search types. |
searchType | Type of keyword search query. |
kwsListName | (Optional) Name of the keyword list for which the search results are for. If not specified, then the results will be for ad-hoc keyword searches. |
dataSourceId | (Optional) Data source id of the target data source. If null, then the results will be for all data sources. |
TskCoreException | If an exception is encountered while running database query to obtain the keyword hits. |
Definition at line 1862 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.BlackboardAttribute.Type.getTypeID(), org.sleuthkit.datamodel.BlackboardArtifact.Type.getTypeID(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardAttribute.Type.TSK_KEYWORD, org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_KEYWORD_HIT, org.sleuthkit.datamodel.BlackboardAttribute.Type.TSK_KEYWORD_REGEXP, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, and org.sleuthkit.datamodel.BlackboardAttribute.Type.TSK_SET_NAME.
Referenced by org.sleuthkit.datamodel.Blackboard.getExactMatchKeywordSearchResults().
BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType | ( | String | typeName, |
String | displayName | ||
) | throws BlackboardException |
Gets an artifact type, creating it if it does not already exist. Use this method to define custom artifact types.
This assumes that the artifact type is of category DATA_ARTIFACT.
typeName | The type name of the artifact type. |
displayName | The display name of the artifact type. |
BlackboardException | If there is a problem getting or adding the artifact type. |
Definition at line 182 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT.
BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType | ( | String | typeName, |
String | displayName, | ||
BlackboardArtifact.Category | category | ||
) | throws BlackboardException |
Gets an artifact type, creating it if it does not already exist. Use this method to define custom artifact types.
typeName | The type name of the artifact type. |
displayName | The display name of the artifact type. |
category | The artifact type category. |
BlackboardException | If there is a problem getting or adding the artifact type. |
Definition at line 199 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.Blackboard.getArtifactType(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
synchronized BlackboardAttribute.Type org.sleuthkit.datamodel.Blackboard.getOrAddAttributeType | ( | String | typeName, |
BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE | valueType, | ||
String | displayName | ||
) | throws BlackboardException |
Gets an attribute type, creating it if it does not already exist. Use this method to define custom attribute types.
NOTE: This method is synchronized to prevent simultaneous access from different threads, but there is still the possibility of concurrency issues from different clients.
typeName | The type name of the attribute type. |
valueType | The value type of the attribute type. |
displayName | The display name of the attribute type. |
BlackboardException | If there is a problem getting or adding the attribute type. |
Definition at line 1526 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType().
boolean org.sleuthkit.datamodel.Blackboard.hasAnalysisResults | ( | long | sourceObjId | ) | throws TskCoreException |
Returns true if there are analysis results belonging to the sourceObjId.
sourceObjId | The source content object id. |
TskCoreException |
Definition at line 1115 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT.
boolean org.sleuthkit.datamodel.Blackboard.hasDataArtifacts | ( | long | sourceObjId | ) | throws TskCoreException |
Returns true if there are data artifacts belonging to the sourceObjId.
sourceObjId | The source content object id. |
TskCoreException |
Definition at line 1101 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT.
AnalysisResultAdded org.sleuthkit.datamodel.Blackboard.newAnalysisResult | ( | BlackboardArtifact.Type | artifactType, |
long | objId, | ||
Long | dataSourceObjId, | ||
Score | score, | ||
String | conclusion, | ||
String | configuration, | ||
String | justification, | ||
Collection< BlackboardAttribute > | attributesList | ||
) | throws BlackboardException, TskCoreException |
Adds new analysis result artifact.
artifactType | Type of analysis result artifact to create. |
objId | Object id of parent. |
dataSourceObjId | Data source object id, may be null. |
score | Score associated with this analysis result. |
conclusion | Conclusion of the analysis, may be null or an empty string. |
configuration | Configuration associated with this analysis, may be null or an empty string. |
justification | Justification, may be null or an empty string. |
attributesList | Attributes to be attached to this analysis result artifact. |
TskCoreException | |
BlackboardException | exception thrown if a critical error occurs within TSK core |
Definition at line 814 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.Report.newAnalysisResult(), org.sleuthkit.datamodel.AbstractContent.newAnalysisResult(), org.sleuthkit.datamodel.BlackboardArtifact.newAnalysisResult(), and org.sleuthkit.datamodel.Report.newArtifact().
AnalysisResultAdded org.sleuthkit.datamodel.Blackboard.newAnalysisResult | ( | BlackboardArtifact.Type | artifactType, |
long | objId, | ||
Long | dataSourceObjId, | ||
Score | score, | ||
String | conclusion, | ||
String | configuration, | ||
String | justification, | ||
Collection< BlackboardAttribute > | attributesList, | ||
CaseDbTransaction | transaction | ||
) | throws BlackboardException |
Adds new analysis result artifact.
artifactType | Type of analysis result artifact to create. |
objId | Object id of parent. |
dataSourceObjId | Data source object id, may be null. |
score | Score associated with this analysis result. |
conclusion | Conclusion of the analysis, may be null or an empty string. |
configuration | Configuration associated with this analysis, may be null or an empty string. |
justification | Justification, may be null or an empty string. |
attributesList | Attributes to be attached to this analysis result artifact. |
transaction | DB transaction to use. |
BlackboardException | exception thrown if a critical error occurs within TSK core |
Definition at line 863 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.addAttributes(), org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.AnalysisResult.getScore(), and org.sleuthkit.datamodel.SleuthkitCase.getScoringManager().
DataArtifact org.sleuthkit.datamodel.Blackboard.newDataArtifact | ( | BlackboardArtifact.Type | artifactType, |
long | sourceObjId, | ||
Long | dataSourceObjId, | ||
Collection< BlackboardAttribute > | attributes, | ||
Long | osAccountId | ||
) | throws TskCoreException |
Add a new data artifact with the given type.
artifactType | The type of the data artifact. |
sourceObjId | The content that is the source of this artifact. |
dataSourceObjId | The data source the artifact source content belongs to, may be the same as the sourceObjId. May be null. |
attributes | The attributes. May be empty or null. |
osAccountId | The OS account id associated with the artifact. May be null. |
TskCoreException | If a critical error occurs within tsk core. |
Definition at line 2165 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.Report.newDataArtifact(), and org.sleuthkit.datamodel.AbstractContent.newDataArtifact().
DataArtifact org.sleuthkit.datamodel.Blackboard.newDataArtifact | ( | BlackboardArtifact.Type | artifactType, |
long | sourceObjId, | ||
Long | dataSourceObjId, | ||
Collection< BlackboardAttribute > | attributes, | ||
Long | osAccountObjId, | ||
final CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add a new data artifact with the given type.
This api executes in the context of the given transaction.
artifactType | The type of the data artifact. |
sourceObjId | The content that is the source of this artifact. |
dataSourceObjId | The data source the artifact source content belongs to, may be the same as the sourceObjId. May be null. |
attributes | The attributes. May be empty or null. |
osAccountObjId | The OS account associated with the artifact. May be null. |
transaction | The transaction in the scope of which the operation is to be performed. |
TskCoreException | If a critical error occurs within tsk core. |
Definition at line 2209 of file Blackboard.java.
References org.sleuthkit.datamodel.OsAccountInstance.OsAccountInstanceType.ACCESSED, org.sleuthkit.datamodel.BlackboardArtifact.addAttributes(), org.sleuthkit.datamodel.TskData.ObjectType.ARTIFACT, org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, org.sleuthkit.datamodel.SleuthkitCase.getOsAccountManager(), org.sleuthkit.datamodel.OsAccountManager.newOsAccountInstance(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.UNDECIDED.
void org.sleuthkit.datamodel.Blackboard.postArtifact | ( | BlackboardArtifact | artifact, |
String | moduleName | ||
) | throws BlackboardException |
Posts an artifact to the blackboard. The artifact should be complete (all attributes have been added) before it is posted. Posting the artifact triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifact is ready for further analysis.
artifact | The artifact. |
moduleName | The display name of the module posting the artifact. |
BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 99 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.postArtifacts().
void org.sleuthkit.datamodel.Blackboard.postArtifact | ( | BlackboardArtifact | artifact, |
String | moduleName, | ||
Long | ingestJobId | ||
) | throws BlackboardException |
Posts an artifact to the blackboard. The artifact should be complete (all attributes have been added) before it is posted. Posting the artifact triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifact is ready for further analysis.
artifact | The artifact. |
moduleName | The display name of the module posting the artifact. |
ingestJobId | The numeric identifier of the ingest job for which the artifact was posted, may be null. |
BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 138 of file Blackboard.java.
References org.sleuthkit.datamodel.Blackboard.postArtifacts().
void org.sleuthkit.datamodel.Blackboard.postArtifacts | ( | Collection< BlackboardArtifact > | artifacts, |
String | moduleName | ||
) | throws BlackboardException |
Posts a collection of artifacts to the blackboard. The artifacts should be complete (all attributes have been added) before they are posted. Posting the artifacts triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifacts are ready for further analysis.
artifacts | The artifacts. |
moduleName | The display name of the module posting the artifacts. |
BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 119 of file Blackboard.java.
Referenced by org.sleuthkit.datamodel.Blackboard.postArtifact().
void org.sleuthkit.datamodel.Blackboard.postArtifacts | ( | Collection< BlackboardArtifact > | artifacts, |
String | moduleName, | ||
Long | ingestJobId | ||
) | throws BlackboardException |
Posts a collection of artifacts to the blackboard. The artifacts should be complete (all attributes have been added) before they are posted. Posting the artifacts triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifacts are ready for further analysis.
artifacts | The artifacts. |
moduleName | The display name of the module posting the artifacts. |
ingestJobId | The numeric identifier of the ingest job for which the artifacts were posted, may be null. |
BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 157 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.