org.sleuthkit.datamodel.Report Class Reference

Inherits org.sleuthkit.datamodel.Content.

Public Member Functions
void	close ()
Score	getAggregateScore () throws TskCoreException
List< AnalysisResult >	getAllAnalysisResults () throws TskCoreException
ArrayList< BlackboardArtifact >	getAllArtifacts () throws TskCoreException
long	getAllArtifactsCount () throws TskCoreException
List< DataArtifact >	getAllDataArtifacts () throws TskCoreException
List< AnalysisResult >	getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException
ArrayList< BlackboardArtifact >	getArtifacts (String artifactTypeName) throws TskCoreException
ArrayList< BlackboardArtifact >	getArtifacts (int artifactTypeID) throws TskCoreException
ArrayList< BlackboardArtifact >	getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
long	getArtifactsCount (String artifactTypeName) throws TskCoreException
long	getArtifactsCount (int artifactTypeID) throws TskCoreException
long	getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
List< Content >	getChildren () throws TskCoreException
int	getChildrenCount () throws TskCoreException
List< Long >	getChildrenIds () throws TskCoreException
long	getCreatedTime ()
Content	getDataSource () throws TskCoreException
BlackboardArtifact	getGenInfoArtifact () throws TskCoreException
BlackboardArtifact	getGenInfoArtifact (boolean create) throws TskCoreException
ArrayList< BlackboardAttribute >	getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException
Set< String >	getHashSetNames () throws TskCoreException
long	getId ()
String	getName ()
Content	getParent () throws TskCoreException
String	getPath ()
String	getReportName ()
long	getSize ()
String	getSourceModuleName ()
String	getUniquePath () throws TskCoreException
boolean	hasChildren () throws TskCoreException
AnalysisResultAdded	newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException
AnalysisResultAdded	newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException
BlackboardArtifact	newArtifact (int artifactTypeID) throws TskCoreException
BlackboardArtifact	newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
DataArtifact	newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException
DataArtifact	newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException
DataArtifact	newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException
int	read (byte[] buf, long offset, long len) throws TskCoreException

Detailed Description

This is a class that models reports.

Definition at line 41 of file Report.java.

Member Function Documentation

void org.sleuthkit.datamodel.Report.close

(

)

Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.

Implements org.sleuthkit.datamodel.Content.

Definition at line 154 of file Report.java.

Score org.sleuthkit.datamodel.Report.getAggregateScore

(

)

throws TskCoreException

Returns the final score for the content object.

Returns

Score.

Exceptions

TskCoreException

if critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 376 of file Report.java.

References org.sleuthkit.datamodel.ScoringManager.getAggregateScore(), and org.sleuthkit.datamodel.SleuthkitCase.getScoringManager().

List<AnalysisResult> org.sleuthkit.datamodel.Report.getAllAnalysisResults

(

)

throws TskCoreException

Get all analysis results associated with this content.

Returns

A list of analysis results.

Exceptions

TskCoreException

If critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 361 of file Report.java.

References org.sleuthkit.datamodel.Blackboard.getAnalysisResults(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboard().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.Report.getAllArtifacts

(

)

throws TskCoreException

Get all artifacts associated with this content

Returns

a list of blackboard artifacts

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 356 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts().

long org.sleuthkit.datamodel.Report.getAllArtifactsCount

(

)

throws TskCoreException

Get count of all artifacts associated with this content

Returns

count of all blackboard artifacts for this content

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 404 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount().

List<DataArtifact> org.sleuthkit.datamodel.Report.getAllDataArtifacts

(

)

throws TskCoreException

Get all data artifacts associated with this content.

Returns

A list of data artifacts.

Exceptions

TskCoreException

If critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 366 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboard().

List<AnalysisResult> org.sleuthkit.datamodel.Report.getAnalysisResults

(

BlackboardArtifact.Type

artifactType

)

throws TskCoreException

Get all analysis results associated with this content, that have the given type.

Parameters

artifactType

Type to look up.

Returns

A list of analysis result artifacts matching the type.

Exceptions

TskCoreException

If critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 371 of file Report.java.

References org.sleuthkit.datamodel.Blackboard.getAnalysisResults(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboard().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.Report.getArtifacts

(

String

artifactTypeName

)

throws TskCoreException

Get all artifacts associated with this content that have the given type name

Parameters

artifactTypeName

name of the type to look up

Returns

a list of blackboard artifacts matching the type

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 320 of file Report.java.

References org.sleuthkit.datamodel.Blackboard.getArtifactType(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboard().

Referenced by org.sleuthkit.datamodel.Report.getArtifacts().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.Report.getArtifacts

(

int

artifactTypeID

)

throws TskCoreException

Get all artifacts associated with this content that have the given type id

Parameters

artifactTypeID

type id to look up

Returns

a list of blackboard artifacts matching the type

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 343 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), and org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.Report.getArtifacts

(

BlackboardArtifact.ARTIFACT_TYPE

type

)

throws TskCoreException

Get all artifacts associated with this content that have the given type

Parameters

type	type to look up

Returns

a list of blackboard artifacts matching the type

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 351 of file Report.java.

References org.sleuthkit.datamodel.Report.getArtifacts().

long org.sleuthkit.datamodel.Report.getArtifactsCount

(

String

artifactTypeName

)

throws TskCoreException

Get count of all artifacts associated with this content that have the given type name

Parameters

artifactTypeName

name of the type to look up

Returns

count of blackboard artifacts matching the type

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 386 of file Report.java.

References org.sleuthkit.datamodel.Blackboard.getArtifactType(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboard().

Referenced by org.sleuthkit.datamodel.Report.getArtifactsCount().

long org.sleuthkit.datamodel.Report.getArtifactsCount

(

int

artifactTypeID

)

throws TskCoreException

Get count of all artifacts associated with this content that have the given type id

Parameters

artifactTypeID

type id to look up

Returns

count of blackboard artifacts matching the type

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 391 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), and org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.

long org.sleuthkit.datamodel.Report.getArtifactsCount

(

BlackboardArtifact.ARTIFACT_TYPE

type

)

throws TskCoreException

Get count of all artifacts associated with this content that have the given type

Parameters

type	type to look up

Returns

count of blackboard artifacts matching the type

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 399 of file Report.java.

References org.sleuthkit.datamodel.Report.getArtifactsCount().

List<Content> org.sleuthkit.datamodel.Report.getChildren

(

)

throws TskCoreException

Gets the child content objects of this content.

Returns

List of children

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 202 of file Report.java.

int org.sleuthkit.datamodel.Report.getChildrenCount

(

)

throws TskCoreException

Returns count of children objects. Note, this should be more efficient than getting children and counting them.

Returns

children count

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 212 of file Report.java.

List<Long> org.sleuthkit.datamodel.Report.getChildrenIds

(

)

throws TskCoreException

Gets the child content ids of this content.

Returns

List of children ids

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 231 of file Report.java.

long org.sleuthkit.datamodel.Report.getCreatedTime

(

)

Get the creation date of the report.

Returns

Number of seconds since Jan 1, 1970.

Definition at line 103 of file Report.java.

Content org.sleuthkit.datamodel.Report.getDataSource

(

)

throws TskCoreException

Gets the root data source (image, virtual directory, etc.) of this content.

Returns

Content associated with data source or null if one can't be found

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 193 of file Report.java.

References org.sleuthkit.datamodel.Content.getDataSource().

Referenced by org.sleuthkit.datamodel.Report.newAnalysisResult(), org.sleuthkit.datamodel.Report.newArtifact(), and org.sleuthkit.datamodel.Report.newDataArtifact().

BlackboardArtifact org.sleuthkit.datamodel.Report.getGenInfoArtifact

(

)

throws TskCoreException

Return the TSK_GEN_INFO artifact for the file so that individual attributes can be added to it. Creates one if it does not already exist.

Returns

Instance of the TSK_GEN_INFO artifact

Exceptions

TskCoreException

Implements org.sleuthkit.datamodel.Content.

Definition at line 325 of file Report.java.

BlackboardArtifact org.sleuthkit.datamodel.Report.getGenInfoArtifact

(

boolean

create

)

throws TskCoreException

Return the TSK_GEN_INFO artifact for the file so that individual attributes can be added to it. If one does not create, behavior depends on the create argument.

Parameters

create

If true, an artifact will be created if it does not already exist.

Returns

Instance of the TSK_GEN_INFO artifact or null if artifact does not already exist and create was set to false

Exceptions

TskCoreException

Implements org.sleuthkit.datamodel.Content.

Definition at line 331 of file Report.java.

ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.Report.getGenInfoAttributes

(

BlackboardAttribute.ATTRIBUTE_TYPE

attr_type

)

throws TskCoreException

Return attributes of a given type from TSK_GEN_INFO.

Parameters

attr_type

Attribute type to find inside of the TSK_GEN_INFO artifact.

Returns

Attributes

Implements org.sleuthkit.datamodel.Content.

Definition at line 337 of file Report.java.

Set<String> org.sleuthkit.datamodel.Report.getHashSetNames

(

)

throws TskCoreException

Get the names of all the hashsets that this content is in.

Returns

the names of the hashsets that this content is in

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 381 of file Report.java.

long org.sleuthkit.datamodel.Report.getId

(

)

Returns the unique object ID that was assigned to it in the database. This is a Sleuth Kit database-assigned number.

Returns

object id

Implements org.sleuthkit.datamodel.Content.

Definition at line 85 of file Report.java.

Referenced by org.sleuthkit.datamodel.Report.newArtifact(), and org.sleuthkit.datamodel.Report.newDataArtifact().

String org.sleuthkit.datamodel.Report.getName

(

)

Get the name of this content object (does not include parent path)

Returns

the name

Implements org.sleuthkit.datamodel.Content.

Definition at line 182 of file Report.java.

Content org.sleuthkit.datamodel.Report.getParent

(

)

throws TskCoreException

Returns

returns the parent of this Content object or null if there isn't one as is the case for Image.

Exceptions

TskCoreException

Implements org.sleuthkit.datamodel.Content.

Definition at line 217 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getContentById().

String org.sleuthkit.datamodel.Report.getPath

(

)

Get the absolute local path to the report.

Returns

Definition at line 94 of file Report.java.

Referenced by org.sleuthkit.datamodel.Report.getUniquePath().

String org.sleuthkit.datamodel.Report.getReportName

(

)

Get the report name, if any.

Returns

The name of the report, possibly empty.

Definition at line 122 of file Report.java.

long org.sleuthkit.datamodel.Report.getSize

(

)

Get the (reported) size of the content object and, in theory, how much you should be able to read from it. In some cases, data corruption may mean that you cannot read this much data.

Returns

size of the content in bytes

Implements org.sleuthkit.datamodel.Content.

Definition at line 165 of file Report.java.

String org.sleuthkit.datamodel.Report.getSourceModuleName

(

)

Get the name of the module (e.g., ingest module, reporting module) that generated the report.

Returns

The module name.

Definition at line 113 of file Report.java.

String org.sleuthkit.datamodel.Report.getUniquePath

(

)

throws TskCoreException

Returns

returns the full path to this Content object starting with a "/" followed by the Image name and similarly for all other segments in the hierarchy.

Implements org.sleuthkit.datamodel.Content.

Definition at line 187 of file Report.java.

References org.sleuthkit.datamodel.Report.getPath().

boolean org.sleuthkit.datamodel.Report.hasChildren

(

)

throws TskCoreException

Returns true if the content object has children objects. Note, this should be more efficient than getting children and checking it empty.

Returns

true if has children, false otherwise.

Exceptions

TskCoreException

if critical error occurred within tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 207 of file Report.java.

AnalysisResultAdded org.sleuthkit.datamodel.Report.newAnalysisResult	(	BlackboardArtifact.Type	artifactType,
		Score	score,
		String	conclusion,
		String	configuration,
		String	justification,
		Collection< BlackboardAttribute >	attributesList
	)		throws TskCoreException

Create and add an analysis result associated with this content.

Parameters

artifactType	Type of analysis result artifact to create.
score	Score associated with this analysis.
conclusion	Conclusion from the analysis, may be empty.
configuration	Configuration element associated with this analysis, may be empty.
justification	Justification
attributesList	Additional attributes to attach to this analysis result artifact.

Returns

AnalysisResultAdded The analysis return added and the current aggregate score of content.

Exceptions

TskCoreException

if critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 256 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboard(), org.sleuthkit.datamodel.Report.getDataSource(), org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.Blackboard.newAnalysisResult(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

AnalysisResultAdded org.sleuthkit.datamodel.Report.newAnalysisResult	(	BlackboardArtifact.Type	artifactType,
		Score	score,
		String	conclusion,
		String	configuration,
		String	justification,
		Collection< BlackboardAttribute >	attributesList,
		long	dataSourceId
	)		throws TskCoreException

Create and add an analysis result associated with this content.

Parameters

artifactType	Type of analysis result artifact to create.
score	Score associated with this analysis.
conclusion	Conclusion from the analysis, may be empty.
configuration	Configuration element associated with this analysis, may be empty.
justification	Justification
attributesList	Additional attributes to attach to this analysis result artifact.
dataSourceId	The data source for the analysis result

Returns

AnalysisResultAdded The analysis return added and the current aggregate score of content.

Exceptions

TskCoreException

if critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 273 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboard(), org.sleuthkit.datamodel.Blackboard.newAnalysisResult(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

BlackboardArtifact org.sleuthkit.datamodel.Report.newArtifact

(

int

artifactTypeID

)

throws TskCoreException

Create and add an artifact associated with this content to the blackboard

Parameters

artifactTypeID

id of the artifact type (if the id doesn't already exist an exception will be thrown)

Returns

the blackboard artifact created (the artifact type id can be looked up from this)

Exceptions

TskCoreException

if critical error occurred within tsk core

Deprecated:

Please use newDataArtifact or newAnalysisResult.

Implements org.sleuthkit.datamodel.Content.

Definition at line 237 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboard(), org.sleuthkit.datamodel.Report.getDataSource(), org.sleuthkit.datamodel.Report.getId(), org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.Blackboard.newAnalysisResult(), org.sleuthkit.datamodel.Score.SCORE_UNKNOWN, and org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.

Referenced by org.sleuthkit.datamodel.Report.newArtifact().

BlackboardArtifact org.sleuthkit.datamodel.Report.newArtifact

(

BlackboardArtifact.ARTIFACT_TYPE

type

)

throws TskCoreException

Create and add an artifact associated with this content to the blackboard

Parameters

type	artifact enum tyoe

Returns

the blackboard artifact created (the artifact type id can be looked up from this)

Exceptions

TskCoreException

if critical error occurred within tsk core

Deprecated:

Please use newDataArtifact or newAnalysisResult.

Implements org.sleuthkit.datamodel.Content.

Definition at line 315 of file Report.java.

References org.sleuthkit.datamodel.Report.newArtifact().

DataArtifact org.sleuthkit.datamodel.Report.newDataArtifact	(	BlackboardArtifact.Type	artifactType,
		Collection< BlackboardAttribute >	attributesList,
		Long	osAccountId
	)		throws TskCoreException

Create and add a data artifact associated with this content.

Parameters

artifactType	Type of analysis result artifact to create.
attributesList	Additional attributes to attach to this data artifact.
osAccountId	The OS account id associated with the artifact. May be null.

Returns

DataArtifact New data artifact.

Exceptions

TskCoreException

If a critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 287 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboard(), org.sleuthkit.datamodel.Report.getDataSource(), org.sleuthkit.datamodel.Report.getId(), org.sleuthkit.datamodel.Blackboard.newDataArtifact(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT, and org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.

Referenced by org.sleuthkit.datamodel.Report.newDataArtifact().

DataArtifact org.sleuthkit.datamodel.Report.newDataArtifact	(	BlackboardArtifact.Type	artifactType,
		Collection< BlackboardAttribute >	attributesList,
		Long	osAccountId,
		long	dataSourceId
	)		throws TskCoreException

Create and add a data artifact associated with this content.

Parameters

artifactType	Type of analysis result artifact to create.
attributesList	Additional attributes to attach to this data artifact.
osAccountId	The OS account id associated with the artifact. May be null.
dataSourceId	The data source id of the artifact

Returns

DataArtifact New data artifact.

Exceptions

TskCoreException

If a critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 298 of file Report.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboard(), org.sleuthkit.datamodel.Blackboard.newDataArtifact(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT, and org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.

DataArtifact org.sleuthkit.datamodel.Report.newDataArtifact	(	BlackboardArtifact.Type	artifactType,
		Collection< BlackboardAttribute >	attributesList
	)		throws TskCoreException

Create and add a data artifact associated with this abstract file. This method creates the data artifact with the os account id associated with this abstract file if one exists.

Parameters

artifactType	Type of data artifact to create.
attributesList	Additional attributes to attach to this data artifact.

Returns

DataArtifact New data artifact.

Exceptions

TskCoreException

If a critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 308 of file Report.java.

References org.sleuthkit.datamodel.Report.newDataArtifact().

int org.sleuthkit.datamodel.Report.read	(	byte[]	buf,
		long	offset,
		long	len
	)		throws TskCoreException

Reads data that this content object is associated with (file contents, volume contents, etc.).

Parameters

buf	a character array of data (in bytes) to copy read data to
offset	byte offset in the content to start reading from
len	number of bytes to read into buf.

Returns

num of bytes read, or -1 on error

Exceptions

TskCoreException

if critical error occurred during read in the tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 127 of file Report.java.

---

The documentation for this class was generated from the following file:

• /home/carriersleuth/repos/sleuthkit/bindings/java/src/org/sleuthkit/datamodel/Report.java