Sleuth Kit Java Bindings (JNI)
4.12.1
Java bindings for using The Sleuth Kit
|
Classes | |
class | TimelineEventAddedEvent |
Public Member Functions | |
TimelineEvent | addTimelineEvent (TimelineEventType eventType, String shortDesc, String medDesc, String longDesc, long dataSourceId, long contentId, Long artifactId, long time, boolean hashHit, boolean tagged, CaseDbTransaction trans) throws TskCoreException |
Map< TimelineEventType, Long > | countEventsByType (Long startTime, Long endTime, TimelineFilter.RootFilter filter, TimelineEventType.HierarchyLevel typeHierachyLevel) throws TskCoreException |
TimelineEvent | getEventById (long eventID) throws TskCoreException |
List< Long > | getEventIDs (Interval timeRange, TimelineFilter.RootFilter filter) throws TskCoreException |
List< Long > | getEventIDsForArtifact (BlackboardArtifact artifact) throws TskCoreException |
Set< Long > | getEventIDsForContent (Content content, boolean includeDerivedArtifacts) throws TskCoreException |
List< TimelineEvent > | getEvents (Interval timeRange, TimelineFilter.RootFilter filter) throws TskCoreException |
Optional< TimelineEventType > | getEventType (long eventTypeID) |
ImmutableList< TimelineEventType > | getEventTypes () |
Long | getMaxEventTime () throws TskCoreException |
Long | getMinEventTime () throws TskCoreException |
Interval | getSpanningInterval (Collection< Long > eventIDs) throws TskCoreException |
Interval | getSpanningInterval (Interval timeRange, TimelineFilter.RootFilter filter, DateTimeZone timeZone) throws TskCoreException |
Set< Long > | updateEventsForArtifactTagAdded (BlackboardArtifact artifact) throws TskCoreException |
Set< Long > | updateEventsForArtifactTagDeleted (BlackboardArtifact artifact) throws TskCoreException |
Set< Long > | updateEventsForContentTagAdded (Content content) throws TskCoreException |
Set< Long > | updateEventsForContentTagDeleted (Content content) throws TskCoreException |
Set< Long > | updateEventsForHashSetHit (Content content) throws TskCoreException |
Provides access to the timeline data in a case database.
Definition at line 58 of file TimelineManager.java.
TimelineEvent org.sleuthkit.datamodel.TimelineManager.addTimelineEvent | ( | TimelineEventType | eventType, |
String | shortDesc, | ||
String | medDesc, | ||
String | longDesc, | ||
long | dataSourceId, | ||
long | contentId, | ||
Long | artifactId, | ||
long | time, | ||
boolean | hashHit, | ||
boolean | tagged, | ||
CaseDbTransaction | trans | ||
) | throws TskCoreException |
Adds a timeline event to the database in a transaction.
eventType | The event type. |
shortDesc | The short description. |
medDesc | The medium description. |
longDesc | The long description. |
dataSourceId | The data source id of the event. |
contentId | The content id of the event. |
artifactId | The artifact id of the event (can be null). |
time | Unix epoch offset time of the event in seconds. |
hashHit | True if a hash hit. |
tagged | True if tagged. |
trans | The transaction. |
TskCoreException |
Definition at line 814 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Map<TimelineEventType, Long> org.sleuthkit.datamodel.TimelineManager.countEventsByType | ( | Long | startTime, |
Long | endTime, | ||
TimelineFilter.RootFilter | filter, | ||
TimelineEventType.HierarchyLevel | typeHierachyLevel | ||
) | throws TskCoreException |
Counts the timeline events events that satisfy the given conditions.
startTime | Events that occurred before this time are not counted (units: seconds from UNIX epoch) |
endTime | Events that occurred at or after this time are not counted (seconds from unix epoch) |
filter | Events that fall within the specified time range are only ocunted if they pass this filter. |
typeHierachyLevel | Events that fall within the specified time range and pass the specified filter asre only counted if their types are at the specified level of the event type hierarchy. |
TskCoreException | If there is an error querying the case database. |
Definition at line 1173 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineEventType.HierarchyLevel.EVENT, org.sleuthkit.datamodel.TimelineManager.getEventType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
TimelineEvent org.sleuthkit.datamodel.TimelineManager.getEventById | ( | long | eventID | ) | throws TskCoreException |
Gets the timeline event with a given event ID.
eventID | An event ID. |
TskCoreException | If there is an error querying the case database. |
Definition at line 229 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineManager.getEventType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<Long> org.sleuthkit.datamodel.TimelineManager.getEventIDs | ( | Interval | timeRange, |
TimelineFilter.RootFilter | filter | ||
) | throws TskCoreException |
Gets the event IDs of the timeline events within a given time range that pass a given timeline events filter.
timeRange | The time range that the events must be within. |
filter | The timeline events filter that the events must pass. |
TskCoreException | If there is an error querying the case database. |
Definition at line 269 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<Long> org.sleuthkit.datamodel.TimelineManager.getEventIDsForArtifact | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Gets a list of event IDs for the timeline events that have a given artifact as the event source.
artifact | An artifact. |
TskCoreException | If there is an error querying the case database. |
Definition at line 413 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.getEventIDsForContent | ( | Content | content, |
boolean | includeDerivedArtifacts | ||
) | throws TskCoreException |
Gets a list of event IDs for the timeline events that have a given content as the event source.
content | The content. |
includeDerivedArtifacts | If true, also get event IDs for events where the event source is an artifact that has the given content as its source. |
TskCoreException | If there is an error querying the case database. |
Definition at line 448 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
List<TimelineEvent> org.sleuthkit.datamodel.TimelineManager.getEvents | ( | Interval | timeRange, |
TimelineFilter.RootFilter | filter | ||
) | throws TskCoreException |
Gets the timeline events that fall within a given time interval and satisfy a given event filter.
timeRange | The time level. |
filter | The event filter. |
TskCoreException | If there is an error querying the case database. |
Definition at line 1294 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineManager.getEventType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Optional<TimelineEventType> org.sleuthkit.datamodel.TimelineManager.getEventType | ( | long | eventTypeID | ) |
Gets the timeline event type with a given event type ID.
eventTypeID | An event type ID. |
Definition at line 354 of file TimelineManager.java.
References org.sleuthkit.datamodel.TimelineEventType.DEPRECATED_OTHER_EVENT_ID, and org.sleuthkit.datamodel.TimelineEventType.MISC_TYPES.
Referenced by org.sleuthkit.datamodel.TimelineManager.countEventsByType(), org.sleuthkit.datamodel.TimelineManager.getEventById(), and org.sleuthkit.datamodel.TimelineManager.getEvents().
ImmutableList<TimelineEventType> org.sleuthkit.datamodel.TimelineManager.getEventTypes | ( | ) |
Gets all of the timeline event types in the case database.
Definition at line 369 of file TimelineManager.java.
Long org.sleuthkit.datamodel.TimelineManager.getMaxEventTime | ( | ) | throws TskCoreException |
Gets the maximum timeline event time in the case database.
TskCoreException | If there is an error querying the case database. |
Definition at line 306 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.TimelineManager.getSpanningInterval().
Long org.sleuthkit.datamodel.TimelineManager.getMinEventTime | ( | ) | throws TskCoreException |
Gets the minimum timeline event time in the case database.
TskCoreException | If there is an error querying the case database. |
Definition at line 330 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Interval org.sleuthkit.datamodel.TimelineManager.getSpanningInterval | ( | Collection< Long > | eventIDs | ) | throws TskCoreException |
Gets the smallest possible time interval that spans a collection of timeline events.
eventIDs | The event IDs of the events for which to obtain the spanning interval. |
TskCoreException | If there is an error querying the case database. |
Definition at line 157 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Interval org.sleuthkit.datamodel.TimelineManager.getSpanningInterval | ( | Interval | timeRange, |
TimelineFilter.RootFilter | filter, | ||
DateTimeZone | timeZone | ||
) | throws TskCoreException |
Gets the smallest possible time interval that spans a collection of timeline events.
timeRange | A time range that the events must be within. |
filter | A timeline events filter that the events must pass. |
timeZone | The time zone for the returned time interval. |
TskCoreException | If there is an error querying the case database. |
Definition at line 189 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineManager.getMaxEventTime(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagAdded | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given artifact and marks them as having an event source that is tagged.
artifact | The artifact. |
TskCoreException | If there is an error updating the case database. |
Definition at line 1063 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given artifact and marks them as not having an event source that is tagged, if and only if there are no other tags on the artifact.
artifact | The artifact. |
TskCoreException | If there is an error updating the case database. |
Definition at line 1086 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagAdded | ( | Content | content | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given content and marks them as having an event source that is tagged. This does not include timeline events where the event source is an artifact, even if the artifact source is the tagged content.
content | The content. |
TskCoreException | If there is an error updating the case database. |
WARNING: THIS IS A BETA VERSION OF THIS METHOD, SUBJECT TO CHANGE AT ANY TIME.
Definition at line 1008 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted | ( | Content | content | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given content and marks them as not having an event source that is tagged, if and only if there are no other tags on the content. The inspection of events does not include events where the event source is an artifact, even if the artifact source is the content from which trhe tag was removed.
content | The content. |
TskCoreException | If there is an error updating the case database. |
WARNING: THIS IS A BETA VERSION OF THIS METHOD, SUBJECT TO CHANGE AT ANY TIME.
Definition at line 1037 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForHashSetHit | ( | Content | content | ) | throws TskCoreException |
Finds all of the timeline events associated directly or indirectly with a given content and marks them as having an event source that has a hash set hit. This includes both the events that have the content as their event source and the events for which the content is the source content for the source artifact of the event.
content | The content. |
TskCoreException | If there is an error updating the case database. |
Definition at line 1128 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.