|
Sleuth Kit Java Bindings (JNI)
4.12.1
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.12.1
Java bindings for using The Sleuth Kit
|
Public Member Functions | |
| org.sleuthkit.datamodel.Account.Type | addAccountType (String accountTypeName, String displayName) throws TskCoreException |
| void | addRelationships (AccountFileInstance sender, List< AccountFileInstance > recipients, BlackboardArtifact sourceArtifact, org.sleuthkit.datamodel.Relationship.Type relationshipType, long dateTime) throws TskCoreException, TskDataException |
| AccountFileInstance | createAccountFileInstance (org.sleuthkit.datamodel.Account.Type accountType, String accountUniqueID, String moduleName, Content sourceFile, List< BlackboardAttribute > attributes, Long ingestJobId) throws TskCoreException, InvalidAccountIDException |
| AccountFileInstance | createAccountFileInstance (org.sleuthkit.datamodel.Account.Type accountType, String accountUniqueID, String moduleName, Content sourceFile) throws TskCoreException, InvalidAccountIDException |
| Account | getAccount (org.sleuthkit.datamodel.Account.Type accountType, String accountUniqueID) throws TskCoreException, InvalidAccountIDException |
| List< AccountDeviceInstance > | getAccountDeviceInstancesWithRelationships (CommunicationsFilter filter) throws TskCoreException |
| List< AccountFileInstance > | getAccountFileInstances (Account account) throws TskCoreException |
| List< Account > | getAccountsRelatedToArtifact (BlackboardArtifact artifact) throws TskCoreException |
| org.sleuthkit.datamodel.Account.Type | getAccountType (String accountTypeName) throws TskCoreException |
| List< Account.Type > | getAccountTypesInUse () throws TskCoreException |
| List< AccountDeviceInstance > | getRelatedAccountDeviceInstances (AccountDeviceInstance accountDeviceInstance, CommunicationsFilter filter) throws TskCoreException |
| Map< AccountPair, Long > | getRelationshipCountsPairwise (Set< AccountDeviceInstance > accounts, CommunicationsFilter filter) throws TskCoreException |
| Set< Content > | getRelationshipSources (Set< AccountDeviceInstance > accountDeviceInstanceList, CommunicationsFilter filter) throws TskCoreException |
| List< Content > | getRelationshipSources (AccountDeviceInstance account1, AccountDeviceInstance account2, CommunicationsFilter filter) throws TskCoreException |
| long | getRelationshipSourcesCount (AccountDeviceInstance accountDeviceInstance, CommunicationsFilter filter) throws TskCoreException |
Provides an API to create Accounts and communications/relationships between accounts.
Definition at line 47 of file CommunicationsManager.java.
| org.sleuthkit.datamodel.Account.Type org.sleuthkit.datamodel.CommunicationsManager.addAccountType | ( | String | accountTypeName, |
| String | displayName | ||
| ) | throws TskCoreException |
Add a custom account type that is not already defined in Account.Type. Will not allow duplicates and will return existing type if the name is already defined.
| accountTypeName | account type that must be unique |
| displayName | account type display name |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 191 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
| void org.sleuthkit.datamodel.CommunicationsManager.addRelationships | ( | AccountFileInstance | sender, |
| List< AccountFileInstance > | recipients, | ||
| BlackboardArtifact | sourceArtifact, | ||
| org.sleuthkit.datamodel.Relationship.Type | relationshipType, | ||
| long | dateTime | ||
| ) | throws TskCoreException, TskDataException |
Adds relationships between the sender and each of the recipient account instances and between all recipient account instances. All account instances must be from the same data source.
| sender | Sender account, may be null. |
| recipients | List of recipients, may be empty. |
| sourceArtifact | Artifact that relationships were derived from. |
| relationshipType | The type of relationships to be created. |
| dateTime | Date of communications/relationship, as epoch seconds. |
| org.sleuthkit.datamodel.TskCoreException | |
| org.sleuthkit.datamodel.TskDataException | If the all the accounts and the relationship are not from the same data source, or if the sourceArtifact and relationshipType are not compatible. |
Definition at line 373 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
| AccountFileInstance org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance | ( | org.sleuthkit.datamodel.Account.Type | accountType, |
| String | accountUniqueID, | ||
| String | moduleName, | ||
| Content | sourceFile, | ||
| List< BlackboardAttribute > | attributes, | ||
| Long | ingestJobId | ||
| ) | throws TskCoreException, InvalidAccountIDException |
Records that an account was used in a specific file. Behind the scenes, it will create a case-specific Account object if it does not already exist, and it will create the needed database entries (which currently includes making a TSK_ACCOUNT data artifact).
| accountType | The account type. |
| accountUniqueID | The unique account identifier (such as an email address). |
| moduleName | The module creating the account. |
| sourceFile | The source file the account was found in. |
| attributes | List of blackboard attributes to add to the data artifact (may be empty or null). |
| ingestJobId | The ingest job in which the analysis that found the account was performed, may be null. |
| TskCoreException | The exception is thrown if there is an issue updating the case database. |
| InvalidAccountIDException | The exception is thrown if the account ID is not valid for the account type. |
Definition at line 263 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance().
| AccountFileInstance org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance | ( | org.sleuthkit.datamodel.Account.Type | accountType, |
| String | accountUniqueID, | ||
| String | moduleName, | ||
| Content | sourceFile | ||
| ) | throws TskCoreException, InvalidAccountIDException |
Records that an account was used in a specific file. Behind the scenes, it will create a case-specific Account object if it does not already exist, and it will create the needed database entries (which currently includes making a TSK_ACCOUNT data artifact).
| accountType | The account type. |
| accountUniqueID | The unique account identifier (such as an email address). |
| moduleName | The module creating the account. |
| sourceFile | The source file the account was found in. |
| TskCoreException | The exception is thrown if there is an issue updating the case database. |
| InvalidAccountIDException | The exception is thrown if the account ID is not valid for the account type. |
Definition at line 311 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance().
| Account org.sleuthkit.datamodel.CommunicationsManager.getAccount | ( | org.sleuthkit.datamodel.Account.Type | accountType, |
| String | accountUniqueID | ||
| ) | throws TskCoreException, InvalidAccountIDException |
Get the Account with the given account type and account ID.
| accountType | account type |
| accountUniqueID | unique account identifier (such as an email address) |
| TskCoreException | If a critical error occurs within TSK core. |
| InvalidAccountIDException | If the account identifier is not valid. |
Definition at line 329 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| List<AccountDeviceInstance> org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships | ( | CommunicationsFilter | filter | ) | throws TskCoreException |
Returns a list of AccountDeviceInstances that have at least one relationship that meets the criteria listed in the filters.
Applicable filters: DeviceFilter, AccountTypeFilter, DateRangeFilter, RelationshipTypeFilter, MostRecentFilter
| filter | filters to apply |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 658 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| List<AccountFileInstance> org.sleuthkit.datamodel.CommunicationsManager.getAccountFileInstances | ( | Account | account | ) | throws TskCoreException |
Get a list AccountFileInstance for the given accounts.
| account | List of accounts |
| org.sleuthkit.datamodel.TskCoreException |
Definition at line 1206 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.Account.getTypeSpecificID(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT, and org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ID.
| List<Account> org.sleuthkit.datamodel.CommunicationsManager.getAccountsRelatedToArtifact | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Gets a list of accounts that are related to the given artifact.
| artifact |
| TskCoreException |
Definition at line 1270 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| org.sleuthkit.datamodel.Account.Type org.sleuthkit.datamodel.CommunicationsManager.getAccountType | ( | String | accountTypeName | ) | throws TskCoreException |
Get the Account.Type for the give type name.
| accountTypeName | An account type name. |
| TskCoreException | If an error occurs accessing the case database. |
Definition at line 621 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| List<Account.Type> org.sleuthkit.datamodel.CommunicationsManager.getAccountTypesInUse | ( | ) | throws TskCoreException |
Gets a list of the distinct account types that can currently be found in the case db.
| TskCoreException |
Definition at line 1232 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| List<AccountDeviceInstance> org.sleuthkit.datamodel.CommunicationsManager.getRelatedAccountDeviceInstances | ( | AccountDeviceInstance | accountDeviceInstance, |
| CommunicationsFilter | filter | ||
| ) | throws TskCoreException |
Get a set of AccountDeviceInstances that have relationships with the given AccountDeviceInstance and meet the criteria of the given filter.
Applicable filters: DeviceFilter, DateRangeFilter, RelationshipTypeFilter
| accountDeviceInstance | The account device instance. |
| filter | The filters to apply. |
| TskCoreException | if there is a serious error executing he query. |
Definition at line 1043 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| Map<AccountPair, Long> org.sleuthkit.datamodel.CommunicationsManager.getRelationshipCountsPairwise | ( | Set< AccountDeviceInstance > | accounts, |
| CommunicationsFilter | filter | ||
| ) | throws TskCoreException |
Get the number of relationships between all pairs of accounts in the given set. For each pair of accounts <a2,a1> == <a1,a2>, find the number of relationships between those two accounts that pass the given filter,.
Applicable filters: DeviceFilter, DateRangeFilter, RelationshipTypeFilter
| accounts | The set of accounts to count the relationships (pairwise) between. |
| filter | The filter that relationships must pass to be included in the count. |
| TskCoreException | if there is a problem querying the DB. |
Definition at line 768 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| Set<Content> org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources | ( | Set< AccountDeviceInstance > | accountDeviceInstanceList, |
| CommunicationsFilter | filter | ||
| ) | throws TskCoreException |
Get the unique relationship sources (such as EMAIL artifacts) associated with accounts on specific devices (AccountDeviceInstance) that meet the filter criteria.
Applicable filters: RelationshipTypeFilter, DateRangeFilter, MostRecentFilter
| accountDeviceInstanceList | set of account device instances for which to get the relationship sources. |
| filter | Filters to apply. |
| org.sleuthkit.datamodel.TskCoreException |
Definition at line 937 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.Account.getAccountID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| List<Content> org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources | ( | AccountDeviceInstance | account1, |
| AccountDeviceInstance | account2, | ||
| CommunicationsFilter | filter | ||
| ) | throws TskCoreException |
Get the sources (artifacts, content) of relationships between the given account device instances.
Applicable filters: DeviceFilter, DateRangeFilter, RelationshipTypeFilter, MostRecentFilter
| account1 | First AccountDeviceInstance |
| account2 | Second AccountDeviceInstance |
| filter | Filters to apply. |
| org.sleuthkit.datamodel.TskCoreException |
Definition at line 1148 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| long org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount | ( | AccountDeviceInstance | accountDeviceInstance, |
| CommunicationsFilter | filter | ||
| ) | throws TskCoreException |
Get the number of unique relationship sources (such as EMAIL artifacts) associated with an account on a given device (AccountDeviceInstance) that meet the filter criteria.
Applicable filters: RelationshipTypeFilter, DateRangeFilter
| accountDeviceInstance | Account of interest |
| filter | Filters to apply. |
| org.sleuthkit.datamodel.TskCoreException |
Definition at line 878 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.Account.getAccountID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
