19 package org.sleuthkit.datamodel;
21 import com.google.common.annotations.Beta;
22 import java.io.Serializable;
23 import java.io.UnsupportedEncodingException;
24 import java.sql.SQLException;
25 import java.text.MessageFormat;
26 import java.util.ArrayList;
27 import java.util.Collection;
28 import java.util.Collections;
29 import java.util.HashMap;
30 import java.util.HashSet;
31 import java.util.List;
33 import java.util.Objects;
34 import java.util.ResourceBundle;
36 import java.util.stream.Collectors;
37 import java.util.stream.Stream;
56 private static final ResourceBundle bundle = ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle");
57 private final long artifactId;
58 private final long sourceObjId;
59 private final long artifactObjId;
60 private final Long dataSourceObjId;
61 private final int artifactTypeId;
62 private final String artifactTypeName;
63 private final String displayName;
66 private final List<BlackboardAttribute> attrsCache =
new ArrayList<BlackboardAttribute>();
67 private boolean loadedCacheFromDb =
false;
68 private volatile Content parent;
69 private volatile String uniquePath;
71 private byte[] contentBytes = null;
73 private volatile boolean checkedHasChildren;
75 private volatile int childrenCount;
97 BlackboardArtifact(
SleuthkitCase sleuthkitCase,
long artifactID,
long sourceObjId,
long artifactObjId, Long dataSourceObjId,
int artifactTypeID, String artifactTypeName, String displayName,
ReviewStatus reviewStatus) {
99 this.sleuthkitCase = sleuthkitCase;
100 this.artifactId = artifactID;
101 this.sourceObjId = sourceObjId;
102 this.artifactObjId = artifactObjId;
103 this.artifactTypeId = artifactTypeID;
104 this.dataSourceObjId = dataSourceObjId;
105 this.artifactTypeName = artifactTypeName;
106 this.displayName = displayName;
107 this.reviewStatus = reviewStatus;
109 this.checkedHasChildren =
false;
110 this.hasChildren =
false;
111 this.childrenCount = -1;
135 BlackboardArtifact(
SleuthkitCase sleuthkitCase,
long artifactID,
long sourceObjId,
long artifactObjID, Long dataSourceObjID,
int artifactTypeID, String artifactTypeName, String displayName,
ReviewStatus reviewStatus,
boolean isNew) {
136 this(sleuthkitCase, artifactID, sourceObjId, artifactObjID, dataSourceObjID, artifactTypeID, artifactTypeName, displayName, reviewStatus);
143 this.loadedCacheFromDb =
true;
154 return sleuthkitCase;
163 return this.artifactId;
173 return this.sourceObjId;
183 return this.dataSourceObjId;
192 return this.artifactTypeId;
204 if (standardTypesValue != null) {
205 return standardTypesValue;
217 return this.artifactTypeName;
226 return this.displayName;
238 StringBuilder shortDescription =
new StringBuilder(
"");
241 case TSK_WIFI_NETWORK_ADAPTER:
244 case TSK_WIFI_NETWORK:
247 case TSK_REMOTE_DRIVE:
250 case TSK_SERVICE_ACCOUNT:
251 case TSK_SCREEN_SHOTS:
252 case TSK_DELETED_PROG:
255 case TSK_PROG_NOTIFICATIONS:
257 case TSK_RECENT_OBJECT:
258 case TSK_USER_DEVICE_EVENT:
259 case TSK_WEB_SEARCH_QUERY:
262 case TSK_BLUETOOTH_PAIRING:
271 case TSK_WEB_CATEGORIZATION:
272 case TSK_BLUETOOTH_ADAPTER:
274 case TSK_GPS_BOOKMARK:
275 case TSK_GPS_LAST_KNOWN_LOCATION:
279 case TSK_WEB_FORM_AUTOFILL:
282 case TSK_WEB_ACCOUNT_TYPE:
285 case TSK_HASHSET_HIT:
286 case TSK_INTERESTING_ARTIFACT_HIT:
287 case TSK_INTERESTING_FILE_HIT:
288 case TSK_INTERESTING_ITEM:
292 case TSK_ENCRYPTION_DETECTED:
293 case TSK_ENCRYPTION_SUSPECTED:
294 case TSK_OBJECT_DETECTED:
295 case TSK_USER_CONTENT_SUSPECTED:
296 case TSK_VERIFICATION_FAILED:
299 case TSK_DATA_SOURCE_USAGE:
300 case TSK_CALENDAR_ENTRY:
303 case TSK_WEB_BOOKMARK:
305 case TSK_WEB_DOWNLOAD:
306 case TSK_WEB_HISTORY:
310 case TSK_KEYWORD_HIT:
313 case TSK_DEVICE_ATTACHED:
319 case TSK_SPEED_DIAL_ENTRY:
320 case TSK_WEB_FORM_ADDRESS:
364 shortDescription.append(
" ");
365 shortDescription.append(MessageFormat.format(bundle.getString(
"BlackboardArtifact.shortDescriptionDate.text"), date.
getDisplayString()));
392 reviewStatus = newStatus;
407 attribute.setArtifactId(artifactId);
410 attrsCache.add(attribute);
422 ArrayList<BlackboardAttribute> attributes;
423 if (
false == loadedCacheFromDb) {
426 attrsCache.addAll(attributes);
427 loadedCacheFromDb =
true;
429 attributes =
new ArrayList<>(attrsCache);
440 void setAttributes(List<BlackboardAttribute> attributes) {
442 attrsCache.addAll(attributes);
443 loadedCacheFromDb =
true;
463 if (attribute.getAttributeType().equals(attributeType)) {
480 if (attributes.isEmpty()) {
484 attribute.setArtifactId(artifactId);
488 attrsCache.addAll(attributes);
508 if (Objects.isNull(attributes) || attributes.isEmpty()) {
509 throw new TskCoreException(
"Illegal argument passed to addAttributes: null or empty attributes passed to addAttributes");
511 if (Objects.isNull(caseDbTransaction)) {
512 throw new TskCoreException(
"Illegal argument passed to addAttributes: null caseDbTransaction passed to addAttributes");
516 attribute.setArtifactId(artifactId);
518 getSleuthkitCase().addBlackBoardAttribute(attribute, artifactTypeId, caseDbTransaction.getConnection());
520 attrsCache.addAll(attributes);
521 }
catch (SQLException ex) {
522 throw new TskCoreException(
"Error adding blackboard attributes", ex);
537 if (uniquePath == null) {
538 String tempUniquePath =
"";
540 if (myParent != null) {
545 uniquePath = tempUniquePath;
552 if (parent == null) {
568 return new ArrayList<BlackboardArtifact>();
578 return sleuthkitCase.
getBlackboard().getDataArtifactsBySource(artifactObjId);
605 return new ArrayList<BlackboardArtifact>();
621 return new ArrayList<BlackboardArtifact>();
636 return new ArrayList<BlackboardArtifact>();
750 return new ArrayList<>();
763 return new HashSet<String>();
782 throw new TskCoreException(
"Cannot create artifact of an artifact. Not supported.");
818 throw new TskCoreException(
"Cannot create data artifact of an artifact. Not supported.");
823 throw new TskCoreException(
"Cannot create data artifact of an artifact. Not supported.");
846 throw new TskCoreException(
"Cannot create artifact of an artifact. Not supported.");
859 return visitor.
visit(
this);
871 if (
object == null) {
874 if (getClass() !=
object.getClass()) {
889 hash = 41 * hash + (int) (this.artifactId ^ (this.artifactId >>> 32));
900 return "BlackboardArtifact{" +
"artifactID=" + artifactId +
", objID=" +
getObjectID() +
", artifactObjID=" + artifactObjId +
", artifactTypeID=" + artifactTypeId +
", artifactTypeName=" + artifactTypeName +
", displayName=" + displayName +
", Case=" +
getSleuthkitCase() +
'}';
915 return visitor.
visit(
this);
927 if (contentBytes == null) {
929 loadArtifactContent();
935 return contentBytes.length;
962 if (contentBytes == null) {
963 loadArtifactContent();
966 if (0 == contentBytes.length) {
971 long readLen = Math.min(contentBytes.length - offset, len);
972 System.arraycopy(contentBytes, 0, buf, 0, (
int) readLen);
974 return (
int) readLen;
994 StringBuilder artifactContents =
new StringBuilder();
999 }
catch (TskCoreException ex) {
1000 throw new TskCoreException(
"Unable to get datasource for artifact: " + this.
toString(), ex);
1002 if (dataSource == null) {
1003 throw new TskCoreException(
"Datasource was null for artifact: " + this.
toString());
1008 artifactContents.append(attribute.getAttributeType().getDisplayName());
1009 artifactContents.append(
" : ");
1010 artifactContents.append(attribute.getDisplayString());
1011 artifactContents.append(System.lineSeparator());
1013 }
catch (TskCoreException ex) {
1014 throw new TskCoreException(
"Unable to get attributes for artifact: " + this.
toString(), ex);
1018 contentBytes = artifactContents.toString().getBytes(
"UTF-8");
1019 }
catch (UnsupportedEncodingException ex) {
1020 throw new TskCoreException(
"Failed to convert artifact string to bytes for artifact: " + this.
toString(), ex);
1028 public static final class Type implements Serializable {
1030 private static final long serialVersionUID = 1L;
1420 static final Map<Integer, Type> STANDARD_TYPES = Collections.unmodifiableMap(Stream.of(
1430 TSK_DEVICE_ATTACHED,
1433 TSK_WEB_SEARCH_QUERY,
1436 TSK_SERVICE_ACCOUNT,
1441 TSK_SPEED_DIAL_ENTRY,
1442 TSK_BLUETOOTH_PAIRING,
1444 TSK_GPS_LAST_KNOWN_LOCATION,
1447 TSK_ENCRYPTION_DETECTED,
1448 TSK_EXT_MISMATCH_DETECTED,
1453 TSK_ENCRYPTION_SUSPECTED,
1454 TSK_OBJECT_DETECTED,
1458 TSK_BLUETOOTH_ADAPTER,
1459 TSK_WIFI_NETWORK_ADAPTER,
1460 TSK_VERIFICATION_FAILED,
1461 TSK_DATA_SOURCE_USAGE,
1462 TSK_WEB_FORM_AUTOFILL,
1463 TSK_WEB_FORM_ADDRESS,
1466 TSK_CLIPBOARD_CONTENT,
1467 TSK_ASSOCIATED_OBJECT,
1468 TSK_USER_CONTENT_SUSPECTED,
1471 TSK_WEB_ACCOUNT_TYPE,
1473 TSK_PROG_NOTIFICATIONS,
1476 TSK_USER_DEVICE_EVENT,
1479 TSK_WEB_CATEGORIZATION,
1480 TSK_PREVIOUSLY_SEEN,
1481 TSK_PREVIOUSLY_UNSEEN,
1482 TSK_PREVIOUSLY_NOTABLE,
1483 TSK_INTERESTING_ITEM,
1485 ).collect(Collectors.toMap(type -> type.getTypeID(), type -> type)));
1487 private final String typeName;
1488 private final int typeID;
1489 private final String displayName;
1500 Type(
int typeID, String typeName, String displayName,
Category category) {
1501 this.typeID = typeID;
1502 this.typeName = typeName;
1503 this.displayName = displayName;
1504 this.category = category;
1522 return this.typeName;
1540 return this.displayName;
1563 }
else if (!(that instanceof
Type)) {
1566 return ((Type) that).sameType(
this);
1577 private boolean sameType(
Type that) {
1591 hash = 83 * hash + Objects.hashCode(this.typeID);
1592 hash = 83 * hash + Objects.hashCode(this.displayName);
1593 hash = 83 * hash + Objects.hashCode(this.typeName);
1608 TSK_GEN_INFO(1,
"TSK_GEN_INFO",
1615 TSK_WEB_BOOKMARK(2,
"TSK_WEB_BOOKMARK",
1622 TSK_WEB_COOKIE(3,
"TSK_WEB_COOKIE",
1629 TSK_WEB_HISTORY(4,
"TSK_WEB_HISTORY",
1636 TSK_WEB_DOWNLOAD(5,
"TSK_WEB_DOWNLOAD",
1641 TSK_RECENT_OBJECT(6,
"TSK_RECENT_OBJ",
1649 TSK_GPS_TRACKPOINT(7,
"TSK_GPS_TRACKPOINT",
1654 TSK_INSTALLED_PROG(8,
"TSK_INSTALLED_PROG",
1659 TSK_KEYWORD_HIT(9,
"TSK_KEYWORD_HIT",
1664 TSK_HASHSET_HIT(10,
"TSK_HASHSET_HIT",
1669 TSK_DEVICE_ATTACHED(11,
"TSK_DEVICE_ATTACHED",
1678 TSK_INTERESTING_FILE_HIT(12,
"TSK_INTERESTING_FILE_HIT",
1683 TSK_EMAIL_MSG(13,
"TSK_EMAIL_MSG",
1688 TSK_EXTRACTED_TEXT(14,
"TSK_EXTRACTED_TEXT",
1693 TSK_WEB_SEARCH_QUERY(15,
"TSK_WEB_SEARCH_QUERY",
1698 TSK_METADATA_EXIF(16,
"TSK_METADATA_EXIF",
1706 TSK_TAG_FILE(17,
"TSK_TAG_FILE",
1714 TSK_TAG_ARTIFACT(18,
"TSK_TAG_ARTIFACT",
1719 TSK_OS_INFO(19,
"TSK_OS_INFO",
1725 TSK_OS_ACCOUNT(20,
"TSK_OS_ACCOUNT",
1730 TSK_SERVICE_ACCOUNT(21,
"TSK_SERVICE_ACCOUNT",
1738 TSK_TOOL_OUTPUT(22,
"TSK_TOOL_OUTPUT",
1746 TSK_CONTACT(23,
"TSK_CONTACT",
1754 TSK_MESSAGE(24,
"TSK_MESSAGE",
1762 TSK_CALLLOG(25,
"TSK_CALLLOG",
1767 TSK_CALENDAR_ENTRY(26,
"TSK_CALENDAR_ENTRY",
1772 TSK_SPEED_DIAL_ENTRY(27,
"TSK_SPEED_DIAL_ENTRY",
1777 TSK_BLUETOOTH_PAIRING(28,
"TSK_BLUETOOTH_PAIRING",
1782 TSK_GPS_BOOKMARK(29,
"TSK_GPS_BOOKMARK",
1787 TSK_GPS_LAST_KNOWN_LOCATION(30,
"TSK_GPS_LAST_KNOWN_LOCATION",
1792 TSK_GPS_SEARCH(31,
"TSK_GPS_SEARCH",
1797 TSK_PROG_RUN(32,
"TSK_PROG_RUN",
1802 TSK_ENCRYPTION_DETECTED(33,
"TSK_ENCRYPTION_DETECTED",
1807 TSK_EXT_MISMATCH_DETECTED(34,
"TSK_EXT_MISMATCH_DETECTED",
1816 TSK_INTERESTING_ARTIFACT_HIT(35,
"TSK_INTERESTING_ARTIFACT_HIT",
1823 TSK_GPS_ROUTE(36,
"TSK_GPS_ROUTE",
1828 TSK_REMOTE_DRIVE(37,
"TSK_REMOTE_DRIVE",
1833 TSK_FACE_DETECTED(38,
"TSK_FACE_DETECTED",
1838 TSK_ACCOUNT(39,
"TSK_ACCOUNT",
1843 TSK_ENCRYPTION_SUSPECTED(40,
"TSK_ENCRYPTION_SUSPECTED",
1848 TSK_OBJECT_DETECTED(41,
"TSK_OBJECT_DETECTED",
1853 TSK_WIFI_NETWORK(42,
"TSK_WIFI_NETWORK",
1858 TSK_DEVICE_INFO(43,
"TSK_DEVICE_INFO",
1863 TSK_SIM_ATTACHED(44,
"TSK_SIM_ATTACHED",
1868 TSK_BLUETOOTH_ADAPTER(45,
"TSK_BLUETOOTH_ADAPTER",
1873 TSK_WIFI_NETWORK_ADAPTER(46,
"TSK_WIFI_NETWORK_ADAPTER",
1878 TSK_VERIFICATION_FAILED(47,
"TSK_VERIFICATION_FAILED",
1883 TSK_DATA_SOURCE_USAGE(48,
"TSK_DATA_SOURCE_USAGE",
1890 TSK_WEB_FORM_AUTOFILL(49,
"TSK_WEB_FORM_AUTOFILL",
1897 TSK_WEB_FORM_ADDRESS(50,
"TSK_WEB_FORM_ADDRESSES ",
1906 TSK_DOWNLOAD_SOURCE(51,
"TSK_DOWNLOAD_SOURCE",
1911 TSK_WEB_CACHE(52,
"TSK_WEB_CACHE",
1916 TSK_TL_EVENT(53,
"TSK_TL_EVENT",
1921 TSK_CLIPBOARD_CONTENT(54,
"TSK_CLIPBOARD_CONTENT",
1926 TSK_ASSOCIATED_OBJECT(55,
"TSK_ASSOCIATED_OBJECT",
1931 TSK_USER_CONTENT_SUSPECTED(56,
"TSK_USER_CONTENT_SUSPECTED",
1936 TSK_METADATA(57,
"TSK_METADATA",
1943 TSK_GPS_TRACK(58,
"TSK_GPS_TRACK",
1948 TSK_WEB_ACCOUNT_TYPE(59,
"TSK_WEB_ACCOUNT_TYPE",
1953 TSK_SCREEN_SHOTS(60,
"TSK_SCREEN_SHOTS",
1958 TSK_PROG_NOTIFICATIONS(62,
"TSK_PROG_NOTIFICATIONS",
1963 TSK_BACKUP_EVENT(63,
"TSK_BACKUP_EVENT",
1968 TSK_DELETED_PROG(64,
"TSK_DELETED_PROG",
1973 TSK_USER_DEVICE_EVENT(65,
"TSK_USER_DEVICE_EVENT",
1978 TSK_YARA_HIT(66,
"TSK_YARA_HIT",
1983 TSK_GPS_AREA(67,
"TSK_GPS_AREA",
1985 TSK_WEB_CATEGORIZATION(68,
"TSK_WEB_CATEGORIZATION",
1991 TSK_PREVIOUSLY_SEEN(69,
"TSK_PREVIOUSLY_SEEN",
1997 TSK_PREVIOUSLY_UNSEEN(70,
"TSK_PREVIOUSLY_UNSEEN",
2003 TSK_PREVIOUSLY_NOTABLE(71,
"TSK_PREVIOUSLY_NOTABLE",
2009 TSK_INTERESTING_ITEM(72,
"TSK_INTERESTING_ITEM",
2014 TSK_MALWARE(73,
"TSK_MALWARE",
2028 private final String label;
2029 private final int typeId;
2030 private final String displayName;
2040 private ARTIFACT_TYPE(
int typeId, String label, String displayName) {
2053 this.typeId = typeId;
2055 this.displayName = displayName;
2056 this.category = category;
2083 return this.category;
2096 if (value.getLabel().equals(label)) {
2100 throw new IllegalArgumentException(
"No ARTIFACT_TYPE matching type: " + label);
2115 if (value.getTypeID() == id) {
2119 throw new IllegalArgumentException(
"No ARTIFACT_TYPE matching type: " +
id);
2144 return visitor.
visit(
this);
2158 DATA_ARTIFACT(0,
"DATA_ARTIFACT", ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle").getString(
"CategoryType.DataArtifact")),
2159 ANALYSIS_RESULT(1,
"ANALYSIS_RESULT", ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle").getString(
"CategoryType.AnalysisResult"));
2161 private final Integer id;
2162 private final String name;
2163 private final String displayName;
2165 private final static Map<Integer, Category> idToCategory =
new HashMap<Integer, Category>();
2169 idToCategory.put(status.getID(), status);
2180 private Category(Integer
id, String name, String displayName) {
2183 this.displayName = displayName;
2194 return idToCategory.get(
id);
2234 private final Integer id;
2235 private final String name;
2236 private final String displayName;
2237 private final static Map<Integer, ReviewStatus> idToStatus =
new HashMap<Integer, ReviewStatus>();
2241 idToStatus.put(status.getID(), status);
2253 private ReviewStatus(Integer
id, String name, String displayNameKey) {
2256 this.displayName = ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle").getString(displayNameKey);
2267 return idToStatus.get(
id);
2320 protected BlackboardArtifact(
SleuthkitCase sleuthkitCase,
long artifactID,
long objID,
long artifactObjID,
long dataSourceObjId,
int artifactTypeID, String artifactTypeName, String displayName) {
2321 this(sleuthkitCase, artifactID, objID, artifactObjID, dataSourceObjId, artifactTypeID, artifactTypeName, displayName,
ReviewStatus.
UNDECIDED);
2340 if (loadedCacheFromDb ==
false) {
2343 attrsCache.addAll(attrs);
2344 loadedCacheFromDb =
true;
2346 ArrayList<BlackboardAttribute> filteredAttributes =
new ArrayList<BlackboardAttribute>();
2348 if (attr.getAttributeType().getTypeID() == attributeType.getTypeID()) {
2349 filteredAttributes.add(attr);
2352 return filteredAttributes;
2357 return this.artifactObjId;
2370 List<Long> childrenIDs =
new ArrayList<Long>();
2372 childrenIDs.addAll(
getSleuthkitCase().getBlackboardArtifactChildrenIds(
this));
2379 if (childrenCount != -1) {
2380 return childrenCount;
2385 hasChildren = childrenCount > 0;
2386 checkedHasChildren =
true;
2388 return childrenCount;
2393 if (checkedHasChildren ==
true) {
2399 hasChildren = childrenCount > 0;
2400 checkedHasChildren =
true;
2415 List<Content> children =
new ArrayList<>();
static ARTIFACT_TYPE fromID(int id)
static final Type TSK_GPS_LAST_KNOWN_LOCATION
long getAllArtifactsCount()
ArrayList< BlackboardArtifact > getArtifacts(int artifactTypeID)
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
static ARTIFACT_TYPE fromLabel(String label)
static final Type TSK_WEB_DOWNLOAD
static final Type TSK_SPEED_DIAL_ENTRY
static final Type TSK_CLIPBOARD_CONTENT
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId)
void addBlackboardAttributes(Collection< BlackboardAttribute > attributes, int artifactTypeId)
CaseDbTransaction beginTransaction()
static final Type TSK_INSTALLED_PROG
static final Type TSK_WEB_ACCOUNT_TYPE
static final Type TSK_SCREEN_SHOTS
static final Type TSK_RECENT_OBJECT
static final Type TSK_SIM_ATTACHED
static final Type TSK_METADATA
Blackboard getBlackboard()
static final Type TSK_KEYWORD_HIT
static Category fromID(int id)
String getArtifactTypeName()
void addAttributes(Collection< BlackboardAttribute > attributes)
static final Type TSK_GPS_ROUTE
void addBlackboardAttribute(BlackboardAttribute attr, int artifactTypeId)
static final Type TSK_TL_EVENT
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
List< BlackboardAttribute > getAttributes(final BlackboardAttribute.ATTRIBUTE_TYPE attributeType)
static final Type TSK_WEB_HISTORY
static final Type TSK_DATA_SOURCE_USAGE
static final Type TSK_SERVICE_ACCOUNT
static final Type TSK_INTERESTING_ARTIFACT_HIT
static final Type TSK_DEVICE_ATTACHED
static final Type TSK_CALENDAR_ENTRY
static final Type TSK_OBJECT_DETECTED
long getArtifactsCount(int artifactTypeID)
Content getContentById(long id)
BlackboardArtifact getGenInfoArtifact()
static final Type TSK_WEB_CATEGORIZATION
static final Type TSK_EXT_MISMATCH_DETECTED
static final Type TSK_DELETED_PROG
final int read(byte[] buf, long offset, long len)
String getShortDescription()
SleuthkitCase getSleuthkitCase()
static final Type TSK_GPS_AREA
void addAttribute(BlackboardAttribute attribute)
boolean equals(Object object)
ReviewStatus getReviewStatus()
static final Type TSK_PREVIOUSLY_UNSEEN
BlackboardArtifact.Type getType()
ArrayList< BlackboardArtifact > getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type)
static final Type TSK_GPS_BOOKMARK
List< AnalysisResult > getAllAnalysisResults()
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
static final Type TSK_PREVIOUSLY_SEEN
Set< String > getHashSetNames()
List< AnalysisResult > getAnalysisResults(long dataSourceObjId, Integer artifactTypeID)
static final Type TSK_ENCRYPTION_DETECTED
static final Type TSK_BACKUP_EVENT
static final Type TSK_PROG_RUN
public< T > T accept(SleuthkitItemVisitor< T > visitor)
void addAttributes(Collection< BlackboardAttribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction)
static final Type TSK_USER_DEVICE_EVENT
String getDisplayString()
BlackboardArtifact newArtifact(int artifactTypeID)
static final Type TSK_VERIFICATION_FAILED
static final Type TSK_REMOTE_DRIVE
static final Type TSK_YARA_HIT
static final Type TSK_PREVIOUSLY_NOTABLE
static final Type TSK_GPS_SEARCH
BlackboardAttribute getAttribute(BlackboardAttribute.Type attributeType)
static final Type TSK_ACCOUNT
static final Type TSK_WEB_FORM_AUTOFILL
List< Long > getChildrenIds()
static final Type TSK_WEB_CACHE
static final Type TSK_WEB_FORM_ADDRESS
long getArtifactsCount(String artifactTypeName)
static final Type TSK_CALLLOG
BlackboardArtifact.Type getArtifactType(String artTypeName)
static final Type TSK_EXTRACTED_TEXT
List< AnalysisResult > getAnalysisResults(BlackboardArtifact.Type artifactType)
static final Type TSK_METADATA_EXIF
BlackboardArtifact getGenInfoArtifact(boolean create)
static final Type TSK_BLUETOOTH_PAIRING
static final Type TSK_GEN_INFO
List< DataArtifact > getAllDataArtifacts()
BlackboardAttribute.Type getAttributeType()
static final Type TSK_DEVICE_INFO
static final Type TSK_USER_CONTENT_SUSPECTED
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId)
ArrayList< BlackboardArtifact > getArtifacts(String artifactTypeName)
Score getAggregateScore()
static final Type TSK_CONTACT
List< BlackboardAttribute > getAttributes()
BlackboardArtifact(SleuthkitCase sleuthkitCase, long artifactID, long objID, long artifactObjID, long dataSourceObjId, int artifactTypeID, String artifactTypeName, String displayName)
List< Content > getChildren()
static final Type TSK_HASHSET_HIT
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
static final Type TSK_WEB_SEARCH_QUERY
static final Type TSK_WIFI_NETWORK_ADAPTER
static final Type TSK_PROG_NOTIFICATIONS
boolean equals(Object that)
static final Type TSK_WEB_BOOKMARK
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId)
static final Type TSK_ASSOCIATED_OBJECT
ArrayList< BlackboardArtifact > getAllArtifacts()
static final Type TSK_EMAIL_MSG
static final Type TSK_MALWARE
void setReviewStatus(ReviewStatus newStatus)
long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type)
static final Type TSK_WEB_COOKIE
static final Type TSK_GPS_TRACK
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList)
static final Type TSK_OS_INFO
static final Type TSK_WIFI_NETWORK
static final Type TSK_INTERESTING_ITEM
ArrayList< BlackboardAttribute > getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type)
static ReviewStatus withID(int id)
Long getDataSourceObjectID()
static final Type TSK_MESSAGE
static final Type TSK_FACE_DETECTED
static final Type TSK_BLUETOOTH_ADAPTER
Score getAggregateScore(long objId)
static final Type TSK_ENCRYPTION_SUSPECTED
ScoringManager getScoringManager()
static final Type TSK_INTERESTING_FILE_HIT
BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type)
void setReviewStatus(BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus)