Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.blackboardutils.ArtifactHelperBase.
Classes | |
enum | CallMediaType |
enum | CommunicationDirection |
enum | MessageReadStatus |
Public Member Functions | |
CommunicationArtifactsHelper (SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType, Long ingestJobId) throws TskCoreException | |
CommunicationArtifactsHelper (SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType, Account.Type selfAccountType, String selfAccountId, Long ingestJobId) throws TskCoreException | |
CommunicationArtifactsHelper (SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType) throws TskCoreException | |
CommunicationArtifactsHelper (SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType, Account.Type selfAccountType, String selfAccountId) throws TskCoreException | |
void | addAttachments (BlackboardArtifact message, MessageAttachments attachments) throws TskCoreException |
BlackboardArtifact | addCalllog (CommunicationDirection direction, String callerId, String calleeId, long startDateTime, long endDateTime, CallMediaType mediaType) throws TskCoreException, BlackboardException |
BlackboardArtifact | addCalllog (CommunicationDirection direction, String callerId, String calleeId, long startDateTime, long endDateTime, CallMediaType mediaType, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException |
BlackboardArtifact | addCalllog (CommunicationDirection direction, String callerId, Collection< String > calleeIdsList, long startDateTime, long endDateTime, CallMediaType mediaType) throws TskCoreException, BlackboardException |
BlackboardArtifact | addCalllog (CommunicationDirection direction, String callerId, Collection< String > calleeIdsList, long startDateTime, long endDateTime, CallMediaType mediaType, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException |
BlackboardArtifact | addContact (String contactName, String phoneNumber, String homePhoneNumber, String mobilePhoneNumber, String emailAddr) throws TskCoreException, BlackboardException |
BlackboardArtifact | addContact (String contactName, String phoneNumber, String homePhoneNumber, String mobilePhoneNumber, String emailAddr, Collection< BlackboardAttribute > additionalAttributes) throws TskCoreException, BlackboardException |
BlackboardArtifact | addMessage (String messageType, CommunicationDirection direction, String senderId, String recipientId, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId) throws TskCoreException, BlackboardException |
BlackboardArtifact | addMessage (String messageType, CommunicationDirection direction, String senderId, String recipientId, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException |
BlackboardArtifact | addMessage (String messageType, CommunicationDirection direction, String senderId, List< String > recipientIdsList, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId) throws TskCoreException, BlackboardException |
BlackboardArtifact | addMessage (String messageType, CommunicationDirection direction, String senderId, List< String > recipientIdsList, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException |
A class that helps modules to create communication artifacts: contacts, messages, and call logs.
It creates a 'self' account Account - an account for the owner/user of the application being processed by the module. As an example, for a module analyzing Facebook application, this would be the account associated with the unique Facebook user ID of the device owner.
In the absence of a 'self' account, a 'device' account may be used in its place. A 'device' account is an account meant to represent the owner of the device, and uses the unique device ID as the unique account identifier.
It also creates accounts for contacts, and sender/receivers of the messages, and calls.
And it creates relationships between the self account and the contacts and sender/receiver accounts.
Definition at line 69 of file CommunicationArtifactsHelper.java.
org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CommunicationArtifactsHelper | ( | SleuthkitCase | caseDb, |
String | moduleName, | ||
Content | srcContent, | ||
Account.Type | accountsType, | ||
Long | ingestJobId | ||
) | throws TskCoreException |
Constructs an instance of a class that helps modules to create communication artifacts: contacts, messages, and call logs.
This constructor is intended to be used when there is no known application account and a device account should be used instead.
caseDb | The case database. |
moduleName | The name of the module creating the artifacts. |
srcContent | The source/parent content of the artifacts. |
accountsType | Account type Account.Type created by this module. |
ingestJobId | The numeric identifier of the ingest job within which the artifacts are being created, may be null. |
TskCoreException | The exception is thrown if there is an error querying the case database. |
Definition at line 165 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.Account.Type.DEVICE.
org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CommunicationArtifactsHelper | ( | SleuthkitCase | caseDb, |
String | moduleName, | ||
Content | srcContent, | ||
Account.Type | accountsType, | ||
Account.Type | selfAccountType, | ||
String | selfAccountId, | ||
Long | ingestJobId | ||
) | throws TskCoreException |
Constructs an instance of a class that helps modules to create communication artifacts: contacts, messages, and call logs.
This constructor is intended to be used when there is sufficent application-specific account information about the device owner to create a 'self' account.
caseDb | The case database. |
moduleName | The name of the module creating the artifacts. |
srcContent | The source/parent content of the artifacts. |
accountsType | Account type Account.Type created by this module. |
selfAccountType | Self account type to be created for this module. |
selfAccountId | Account unique id for the self account. |
ingestJobId | The numeric identifier of the ingest job within which the artifacts are being created, may be null. |
TskCoreException | The exception is thrown if there is an error querying the case database. |
Definition at line 194 of file CommunicationArtifactsHelper.java.
org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CommunicationArtifactsHelper | ( | SleuthkitCase | caseDb, |
String | moduleName, | ||
Content | srcContent, | ||
Account.Type | accountsType | ||
) | throws TskCoreException |
Constructs an instance of a class that helps modules to create communication artifacts: contacts, messages, and call logs.
This constructor is intended to be used when there is no known application account and a device account should be used instead.
caseDb | The case database. |
moduleName | The name of the module creating the artifacts. |
srcContent | The source/parent content of the artifacts. |
accountsType | Account type Account.Type created by this module. |
TskCoreException | The exception is thrown if there is an error updating the case database. |
Definition at line 221 of file CommunicationArtifactsHelper.java.
org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CommunicationArtifactsHelper | ( | SleuthkitCase | caseDb, |
String | moduleName, | ||
Content | srcContent, | ||
Account.Type | accountsType, | ||
Account.Type | selfAccountType, | ||
String | selfAccountId | ||
) | throws TskCoreException |
Constructs an instance of a class that helps modules to create communication artifacts: contacts, messages, and call logs.
This constructor is intended to be used when there is sufficent application-specific account information about the device owner to create a 'self' account.
caseDb | The case database. |
moduleName | The name of the module creating the artifacts. |
srcContent | The source/parent content of the artifacts. |
accountsType | Account type Account.Type created by this module. |
selfAccountType | Self account type to be created for this module. |
selfAccountId | Account unique id for the self account. |
TskCoreException | The exception is thrown if there is an error updating the case database. |
Definition at line 248 of file CommunicationArtifactsHelper.java.
void org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addAttachments | ( | BlackboardArtifact | message, |
MessageAttachments | attachments | ||
) | throws TskCoreException |
Adds attachments to a message.
message | Message artifact. |
attachments | Attachments to add to the message. |
TskCoreException | If there is an error in adding attachments |
Definition at line 933 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil.toAttribute().
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog | ( | CommunicationDirection | direction, |
String | callerId, | ||
String | calleeId, | ||
long | startDateTime, | ||
long | endDateTime, | ||
CallMediaType | mediaType | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_CALLLOG artifact.
Also creates an account instance for the caller/callee, and creates a relationship between the self account and the caller account as well between the self account and the callee account.
direction | Call direction, UNKNOWN if not available. |
callerId | Caller id, may be null. |
calleeId | Callee id, may be null. |
At least one of the two must be provided - the caller Id, or a callee id.
startDateTime | Start date/time, 0 if not available. |
endDateTime | End date/time, 0 if not available. |
mediaType | Media type. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 702 of file CommunicationArtifactsHelper.java.
Referenced by org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog().
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog | ( | CommunicationDirection | direction, |
String | callerId, | ||
String | calleeId, | ||
long | startDateTime, | ||
long | endDateTime, | ||
CallMediaType | mediaType, | ||
Collection< BlackboardAttribute > | otherAttributesList | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_CALLLOG artifact.
Also creates an account instance for the caller/callee, and creates a relationship between the self account and the caller account as well between the self account and the callee account.
direction | Call direction, UNKNOWN if not available. |
callerId | Caller id, may be null. |
calleeId | Callee id, may be null. |
At least one of the two must be provided - the caller Id, or a callee id.
startDateTime | Start date/time, 0 if not available. |
endDateTime | End date/time, 0 if not available. |
mediaType | Media type. |
otherAttributesList | Other attributes. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 733 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog().
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog | ( | CommunicationDirection | direction, |
String | callerId, | ||
Collection< String > | calleeIdsList, | ||
long | startDateTime, | ||
long | endDateTime, | ||
CallMediaType | mediaType | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_CALLLOG artifact.
Also creates an account instance for the caller/callees, and creates a relationship between the self account and the caller account as well between the self account and each callee account.
direction | Call direction, UNKNOWN if not available. |
callerId | Caller id, may be null. |
calleeIdsList | Callee list, may be an empty list. |
At least one of the two must be provided - the caller Id, or a callee id.
startDateTime | Start date/time, 0 if not available. |
endDateTime | End date/time, 0 if not available. |
mediaType | Call media type, UNKNOWN if not available. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 769 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog().
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog | ( | CommunicationDirection | direction, |
String | callerId, | ||
Collection< String > | calleeIdsList, | ||
long | startDateTime, | ||
long | endDateTime, | ||
CallMediaType | mediaType, | ||
Collection< BlackboardAttribute > | otherAttributesList | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_CALLLOG artifact.
Also creates an account instance for the caller and each of the callees, and creates relationships between caller and callees.
direction | Call direction, UNKNOWN if not available. |
callerId | Caller id, required for incoming call. |
calleeIdsList | Callee ids list, required for an outgoing call. |
At least one of the two must be provided - the caller Id, or a callee id.
startDateTime | Start date/time, 0 if not available. |
endDateTime | End date/time, 0 if not available. |
mediaType | Call media type, UNKNOWN if not available. |
otherAttributesList | other attributes, can be an empty list |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 804 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.BlackboardArtifact.addAttributes(), org.sleuthkit.datamodel.Relationship.Type.CALL_LOG, org.sleuthkit.datamodel.AccountFileInstance.getAccount(), org.sleuthkit.datamodel.Account.getTypeSpecificID(), org.sleuthkit.datamodel.Content.newDataArtifact(), org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, and org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addContact | ( | String | contactName, |
String | phoneNumber, | ||
String | homePhoneNumber, | ||
String | mobilePhoneNumber, | ||
String | emailAddr | ||
) | throws TskCoreException, BlackboardException |
Creates and adds a TSK_CONTACT artifact to the case, with specified attributes. Also creates an account instance of specified type for the contact with the specified ID.
contactName | Contact name, required. |
phoneNumber | Primary phone number for contact, may be empty or null. |
homePhoneNumber | Home phone number, may be empty or null. |
mobilePhoneNumber | Mobile phone number, may be empty or null. |
emailAddr | Email address for the contact, may be empty or null. |
At least one phone number or email address is required.
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 273 of file CommunicationArtifactsHelper.java.
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addContact | ( | String | contactName, |
String | phoneNumber, | ||
String | homePhoneNumber, | ||
String | mobilePhoneNumber, | ||
String | emailAddr, | ||
Collection< BlackboardAttribute > | additionalAttributes | ||
) | throws TskCoreException, BlackboardException |
Creates and adds a TSK_CONTACT artifact to the case, with specified attributes. Also creates an account instance for the contact with the specified ID.
contactName | Contact name, may be empty or null. |
phoneNumber | Primary phone number for contact, may be empty or null. |
homePhoneNumber | Home phone number, may be empty or null. |
mobilePhoneNumber | Mobile phone number, may be empty or null. |
emailAddr | Email address for the contact, may be empty or null. |
At least one phone number or email address or an Id is required. An Id may be passed in as a TSK_ID attribute in additionalAttributes.
additionalAttributes | Additional attributes for contact, may be an empty list. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 306 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.Account.Type.EMAIL, org.sleuthkit.datamodel.Content.newDataArtifact(), org.sleuthkit.datamodel.Account.Type.PHONE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME, and org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE.
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage | ( | String | messageType, |
CommunicationDirection | direction, | ||
String | senderId, | ||
String | recipientId, | ||
long | dateTime, | ||
MessageReadStatus | readStatus, | ||
String | subject, | ||
String | messageText, | ||
String | threadId | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_MESSAGE artifact.
Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver account.
messageType | Message type, required. |
direction | Message direction, UNKNOWN if not available. |
senderId | Sender address id, may be null. |
recipientId | Recipient id, may be null. |
dateTime | Date/time of message, 0 if not available. |
readStatus | Message read status, UNKNOWN if not available. |
subject | Message subject, may be empty or null. |
messageText | Message body, may be empty or null. |
threadId | Message thread id, may be empty or null. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 445 of file CommunicationArtifactsHelper.java.
Referenced by org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage().
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage | ( | String | messageType, |
CommunicationDirection | direction, | ||
String | senderId, | ||
String | recipientId, | ||
long | dateTime, | ||
MessageReadStatus | readStatus, | ||
String | subject, | ||
String | messageText, | ||
String | threadId, | ||
Collection< BlackboardAttribute > | otherAttributesList | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_MESSAGE artifact.
Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver account.
messageType | Message type, required. |
direction | Message direction, UNKNOWN if not available. |
senderId | Sender id, may be null. |
recipientId | Recipient id, may be null. |
dateTime | Date/time of message, 0 if not available. |
readStatus | Message read status, UNKNOWN if not available. |
subject | Message subject, may be empty or null. |
messageText | Message body, may be empty or null. |
threadId | Message thread id, may be empty or null. |
otherAttributesList | Additional attributes, may be an empty list. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 480 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage().
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage | ( | String | messageType, |
CommunicationDirection | direction, | ||
String | senderId, | ||
List< String > | recipientIdsList, | ||
long | dateTime, | ||
MessageReadStatus | readStatus, | ||
String | subject, | ||
String | messageText, | ||
String | threadId | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_MESSAGE artifact.
Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver accounts.
messageType | Message type, required. |
direction | Message direction, UNKNOWN if not available. |
senderId | Sender id, may be null. |
recipientIdsList | Recipient ids list, may be null or empty list. |
dateTime | Date/time of message, 0 if not available. |
readStatus | Message read status, UNKNOWN if not available. |
subject | Message subject, may be empty or null. |
messageText | Message body, may be empty or null. |
threadId | Message thread id, may be empty or null. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 518 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage().
BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage | ( | String | messageType, |
CommunicationDirection | direction, | ||
String | senderId, | ||
List< String > | recipientIdsList, | ||
long | dateTime, | ||
MessageReadStatus | readStatus, | ||
String | subject, | ||
String | messageText, | ||
String | threadId, | ||
Collection< BlackboardAttribute > | otherAttributesList | ||
) | throws TskCoreException, BlackboardException |
Adds a TSK_MESSAGE artifact.
Also creates accounts for the sender/receivers, and creates relationships between the sender/receivers account.
messageType | Message type, required. |
direction | Message direction, UNKNOWN if not available. |
senderId | Sender id, may be null. |
recipientIdsList | Recipient list, may be null or empty an list. |
dateTime | Date/time of message, 0 if not available. |
readStatus | Message read status, UNKNOWN if not available. |
subject | Message subject, may be empty or null. |
messageText | Message body, may be empty or null. |
threadId | Message thread id, may be empty or null. |
otherAttributesList | Other attributes, may be an empty list. |
TskCoreException | If there is an error creating the artifact. |
BlackboardException | If there is a problem posting the artifact. |
Definition at line 553 of file CommunicationArtifactsHelper.java.
References org.sleuthkit.datamodel.AccountFileInstance.getAccount(), org.sleuthkit.datamodel.Account.getTypeSpecificID(), org.sleuthkit.datamodel.Relationship.Type.MESSAGE, org.sleuthkit.datamodel.Content.newDataArtifact(), org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, and org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_THREAD_ID.
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.