|
Sleuth Kit Java Bindings (JNI) 4.14.0
Java bindings for using The Sleuth Kit
|
Classes | |
| class | ArtifactsPostedEvent |
| class | BlackboardException |
Public Member Functions | |
| boolean | artifactExists (Content content, BlackboardArtifact.ARTIFACT_TYPE artifactType, Collection< BlackboardAttribute > attributes) throws TskCoreException |
| boolean | artifactExists (Content content, BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributes) throws TskCoreException |
| Score | deleteAnalysisResult (AnalysisResult analysisResult) throws TskCoreException |
| Score | deleteAnalysisResult (long artifactObjId, CaseDbTransaction transaction) throws TskCoreException |
| AnalysisResult | getAnalysisResultById (long artifactObjId) throws TskCoreException |
| List< AnalysisResult > | getAnalysisResults (long dataSourceObjId, Integer artifactTypeID) throws TskCoreException |
| List< AnalysisResult > | getAnalysisResults (long sourceObjId) throws TskCoreException |
| List< AnalysisResult > | getAnalysisResults (long sourceObjId, int artifactTypeId) throws TskCoreException |
| List< AnalysisResult > | getAnalysisResultsByType (int artifactTypeId) throws TskCoreException |
| List< AnalysisResult > | getAnalysisResultsByType (int artifactTypeId, long dataSourceObjId) throws TskCoreException |
| List< AnalysisResult > | getAnalysisResultsWhere (String whereClause) throws TskCoreException |
| List< BlackboardArtifact > | getArtifacts (BlackboardArtifact.Type artifactType, BlackboardAttribute.Type attributeType, String value, Long dataSourceObjId, boolean showRejected) throws TskCoreException |
| List< BlackboardArtifact > | getArtifacts (Collection< BlackboardArtifact.Type > artifactTypes, Collection< Long > dataSourceObjIds) throws TskCoreException |
| List< BlackboardArtifact > | getArtifacts (int artifactTypeID, long dataSourceObjId) throws TskCoreException |
| long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
| long | getArtifactsCount (int artifactTypeID, long dataSourceObjId) throws TskCoreException |
| BlackboardArtifact.Type | getArtifactType (int artTypeId) throws TskCoreException |
| BlackboardArtifact.Type | getArtifactType (String artTypeName) throws TskCoreException |
| List< BlackboardArtifact.Type > | getArtifactTypesInUse (long dataSourceObjId) throws TskCoreException |
| BlackboardAttribute.Type | getAttributeType (String attrTypeName) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getBlackboardAttributes (final BlackboardArtifact artifact) throws TskCoreException |
| DataArtifact | getDataArtifactById (long artifactObjId) throws TskCoreException |
| List< DataArtifact > | getDataArtifacts (int artifactTypeID) throws TskCoreException |
| List< DataArtifact > | getDataArtifacts (int artifactTypeID, long dataSourceObjId) throws TskCoreException |
| List< DataArtifact > | getDataArtifacts (long dataSourceObjId, Integer artifactTypeID) throws TskCoreException |
| List< DataArtifact > | getDataArtifactsWhere (String whereClause) throws TskCoreException |
| List< BlackboardArtifact > | getExactMatchKeywordSearchResults (String keyword, TskData.KeywordSearchQueryType searchType, String kwsListName, Long dataSourceId) throws TskCoreException |
| List< BlackboardArtifact > | getKeywordSearchResults (String keyword, String regex, TskData.KeywordSearchQueryType searchType, String kwsListName, Long dataSourceId) throws TskCoreException |
| BlackboardArtifact.Type | getOrAddArtifactType (String typeName, String displayName) throws BlackboardException |
| BlackboardArtifact.Type | getOrAddArtifactType (String typeName, String displayName, BlackboardArtifact.Category category) throws BlackboardException |
| synchronized BlackboardAttribute.Type | getOrAddAttributeType (String typeName, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName) throws BlackboardException |
| boolean | hasAnalysisResults (long sourceObjId) throws TskCoreException |
| boolean | hasDataArtifacts (long sourceObjId) throws TskCoreException |
| Score | ignoreAnalysisResultScore (AnalysisResult analysisResult, boolean ignore) throws TskCoreException |
| Score | ignoreAnalysisResultScore (long artifactObjId, boolean ignore, CaseDbTransaction transaction) throws TskCoreException |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws BlackboardException, TskCoreException |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, CaseDbTransaction transaction) throws BlackboardException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, long sourceObjId, Long dataSourceObjId, Collection< BlackboardAttribute > attributes, Long osAccountId) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, long sourceObjId, Long dataSourceObjId, Collection< BlackboardAttribute > attributes, Long osAccountObjId, final CaseDbTransaction transaction) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, long sourceObjId, Long dataSourceObjId, Collection< BlackboardAttribute > attributes, Long osAccountObjId, OsAccountInstance.OsAccountInstanceType osAccountInstanceType, final CaseDbTransaction transaction) throws TskCoreException |
| void | postArtifact (BlackboardArtifact artifact, String moduleName) throws BlackboardException |
| void | postArtifact (BlackboardArtifact artifact, String moduleName, Long ingestJobId) throws BlackboardException |
| void | postArtifacts (Collection< BlackboardArtifact > artifacts, String moduleName) throws BlackboardException |
| void | postArtifacts (Collection< BlackboardArtifact > artifacts, String moduleName, Long ingestJobId) throws BlackboardException |
| void | updateFileAttributes (long fileObjId, List< Attribute > attributes) throws TskCoreException |
A representation of the blackboard, a place where artifacts and their attributes are posted.
Definition at line 53 of file Blackboard.java.
| boolean org.sleuthkit.datamodel.Blackboard.artifactExists | ( | Content | content, |
| BlackboardArtifact.ARTIFACT_TYPE | artifactType, | ||
| Collection< BlackboardAttribute > | attributes ) throws TskCoreException |
Determines whether or not an artifact of a given type with a given set of attributes already exists for a given content.
| content | The content. |
| artifactType | The artifact type. |
| attributes | The attributes. |
| TskCoreException | The exception is thrown if there is an issue querying the case database. |
Definition at line 2237 of file Blackboard.java.
References artifactExists(), and getArtifactType().
| boolean org.sleuthkit.datamodel.Blackboard.artifactExists | ( | Content | content, |
| BlackboardArtifact.Type | artifactType, | ||
| Collection< BlackboardAttribute > | attributes ) throws TskCoreException |
Determines whether or not an artifact of a given type with a given set of attributes already exists for a given content.
| content | The content. |
| artifactType | The artifact type. |
| attributes | The attributes. |
| TskCoreException | The exception is thrown if there is an issue querying the case database. |
Definition at line 2211 of file Blackboard.java.
Referenced by artifactExists().
| Score org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult | ( | AnalysisResult | analysisResult | ) | throws TskCoreException |
Delete the specified analysis result.
Deletes the result from blackboard_artifacts and tsk_analysis_results, and recalculates and updates the aggregate score of the content. Fires an event to indicate that the analysis result has been deleted and that the score of the item has changed.
| analysisResult | AnalysisResult to delete. |
| TskCoreException |
Definition at line 1005 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), deleteAnalysisResult(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by deleteAnalysisResult(), and deleteAnalysisResult().
| Score org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult | ( | long | artifactObjId, |
| CaseDbTransaction | transaction ) throws TskCoreException |
Delete the specified analysis result.
Deletes the result from blackboard_artifacts and tsk_analysis_results, and recalculates and updates the aggregate score of the content.
| artifactObjId | Artifact Obj Id to be deleted |
| transaction |
| TskCoreException |
Definition at line 1034 of file Blackboard.java.
References deleteAnalysisResult(), and getAnalysisResultsWhere().
| AnalysisResult org.sleuthkit.datamodel.Blackboard.getAnalysisResultById | ( | long | artifactObjId | ) | throws TskCoreException |
Get the analysis results by its artifact_obj_id.
| artifactObjId | Artifact object id of the analysis result. |
| TskCoreException | If a critical error occurred within TSK core. |
Definition at line 1447 of file Blackboard.java.
References getAnalysisResultsWhere().
| List< AnalysisResult > org.sleuthkit.datamodel.Blackboard.getAnalysisResults | ( | long | dataSourceObjId, |
| Integer | artifactTypeID ) throws TskCoreException |
Gets all analysis results of a given type for a given data source. To get all the analysis results for the data source, pass null for the type ID.
| dataSourceObjId | The object ID of the data source. |
| artifactTypeID | The type ID of the desired analysis results or null. |
| TskCoreException | This exception is thrown if there is an error querying the case database. |
Definition at line 1244 of file Blackboard.java.
References getAnalysisResultsWhere().
| List< AnalysisResult > org.sleuthkit.datamodel.Blackboard.getAnalysisResults | ( | long | sourceObjId | ) | throws TskCoreException |
Get all analysis results for a given object.
| sourceObjId | Object id. |
| TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1267 of file Blackboard.java.
References getAnalysisResultsWhere().
| List< AnalysisResult > org.sleuthkit.datamodel.Blackboard.getAnalysisResults | ( | long | sourceObjId, |
| int | artifactTypeId ) throws TskCoreException |
Get analysis results of the given type, for the given object.
| sourceObjId | Object id. |
| artifactTypeId | Result type to get. |
| TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1379 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, getAnalysisResultsWhere(), and getArtifactType().
| List< AnalysisResult > org.sleuthkit.datamodel.Blackboard.getAnalysisResultsByType | ( | int | artifactTypeId | ) | throws TskCoreException |
Get all analysis results of given artifact type.
| artifactTypeId | The artifact type id for which to search. |
| TskCoreException | Exception thrown if a critical error occurs within TSK core. |
Definition at line 1212 of file Blackboard.java.
References getAnalysisResultsWhere().
| List< AnalysisResult > org.sleuthkit.datamodel.Blackboard.getAnalysisResultsByType | ( | int | artifactTypeId, |
| long | dataSourceObjId ) throws TskCoreException |
Get all analysis results of given artifact type.
| artifactTypeId | The artifact type id for which to search. |
| dataSourceObjId | Object Id of the data source to look under. |
| TskCoreException | Exception thrown if a critical error occurs within TSK core. |
Definition at line 1227 of file Blackboard.java.
References getAnalysisResultsWhere().
| List< AnalysisResult > org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere | ( | String | whereClause | ) | throws TskCoreException |
Get all analysis results matching the given where sub-clause.
| whereClause | Where sub clause, specifies conditions to match. |
| TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1402 of file Blackboard.java.
References getAnalysisResultsWhere().
Referenced by deleteAnalysisResult(), getAnalysisResultById(), getAnalysisResults(), getAnalysisResults(), getAnalysisResults(), getAnalysisResultsByType(), getAnalysisResultsByType(), getAnalysisResultsWhere(), getArtifacts(), and ignoreAnalysisResultScore().
| List< BlackboardArtifact > org.sleuthkit.datamodel.Blackboard.getArtifacts | ( | BlackboardArtifact.Type | artifactType, |
| BlackboardAttribute.Type | attributeType, | ||
| String | value, | ||
| Long | dataSourceObjId, | ||
| boolean | showRejected ) throws TskCoreException |
Get all blackboard artifacts of the given type that contain attribute of given type and value, for a given data source(s).
| artifactType | artifact type to get |
| attributeType | attribute type to be included |
| value | attribute value to be included. can be empty. |
| dataSourceObjId | data source to look under. If Null, then search all data sources. |
| showRejected | a flag whether to display rejected artifacts |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1976 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED.
| List< BlackboardArtifact > org.sleuthkit.datamodel.Blackboard.getArtifacts | ( | Collection< BlackboardArtifact.Type > | artifactTypes, |
| Collection< Long > | dataSourceObjIds ) throws TskCoreException |
Get all blackboard artifacts of the given type(s) for the given data source(s). Does not included rejected artifacts.
| artifactTypes | list of artifact types to get |
| dataSourceObjIds | data sources to look under |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1913 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, getAnalysisResultsWhere(), and getDataArtifactsWhere().
| List< BlackboardArtifact > org.sleuthkit.datamodel.Blackboard.getArtifacts | ( | int | artifactTypeID, |
| long | dataSourceObjId ) throws TskCoreException |
Get all blackboard artifacts of a given type. Does not included rejected artifacts.
| artifactTypeID | artifact type to get |
| dataSourceObjId | data source to look under |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1896 of file Blackboard.java.
References getArtifactType().
| long org.sleuthkit.datamodel.Blackboard.getArtifactsCount | ( | int | artifactTypeID | ) | throws TskCoreException |
Get count of all blackboard artifacts of a given type. Does not include rejected artifacts.
| artifactTypeID | artifact type id (must exist in database) |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1880 of file Blackboard.java.
| long org.sleuthkit.datamodel.Blackboard.getArtifactsCount | ( | int | artifactTypeID, |
| long | dataSourceObjId ) throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given data source. Does not include rejected artifacts.
| artifactTypeID | artifact type id (must exist in database) |
| dataSourceObjId | data source object id |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1864 of file Blackboard.java.
| BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getArtifactType | ( | int | artTypeId | ) | throws TskCoreException |
Get the artifact type associated with an artifact type id.
| artTypeId | An artifact type id. |
| TskCoreException | If an error occurs accessing the case database or no value is found. |
Definition at line 423 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID().
| BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getArtifactType | ( | String | artTypeName | ) | throws TskCoreException |
Get the artifact type associated with an artifact type name.
| artTypeName | An artifact type name. |
| TskCoreException | If an error occurs accessing the case database. |
Definition at line 383 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID().
Referenced by artifactExists(), getAnalysisResults(), getArtifacts(), getDataArtifacts(), getDataArtifacts(), getOrAddArtifactType(), and org.sleuthkit.datamodel.BlackboardArtifact.getType().
| List< BlackboardArtifact.Type > org.sleuthkit.datamodel.Blackboard.getArtifactTypesInUse | ( | long | dataSourceObjId | ) | throws TskCoreException |
Gets the list of all artifact types in use for the given data source. Gets both standard and custom types.
| dataSourceObjId | data source object id |
| TskCoreException | exception thrown if a critical error occurred within tsk core |
Definition at line 1822 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID().
| BlackboardAttribute.Type org.sleuthkit.datamodel.Blackboard.getAttributeType | ( | String | attrTypeName | ) | throws TskCoreException |
Get the attribute type associated with an attribute type name.
| attrTypeName | An attribute type name. |
| TskCoreException | If an error occurs accessing the case database. |
Definition at line 303 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType().
| ArrayList< BlackboardAttribute > org.sleuthkit.datamodel.Blackboard.getBlackboardAttributes | ( | final BlackboardArtifact | artifact | ) | throws TskCoreException |
Get the list of attributes for the given artifact.
| artifact | The artifact to load attributes for. |
| TskCoreException |
Definition at line 465 of file Blackboard.java.
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.getAttributes().
| DataArtifact org.sleuthkit.datamodel.Blackboard.getDataArtifactById | ( | long | artifactObjId | ) | throws TskCoreException |
Get the data artifact with the given artifact obj id.
| artifactObjId | Object id of the data artifact to get. |
| TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1608 of file Blackboard.java.
References getDataArtifactsWhere().
| List< DataArtifact > org.sleuthkit.datamodel.Blackboard.getDataArtifacts | ( | int | artifactTypeID | ) | throws TskCoreException |
Get all data artifacts of a given type.
| artifactTypeID | Artifact type to get. |
| TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1581 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, getArtifactType(), and getDataArtifactsWhere().
| List< DataArtifact > org.sleuthkit.datamodel.Blackboard.getDataArtifacts | ( | int | artifactTypeID, |
| long | dataSourceObjId ) throws TskCoreException |
Get all data artifacts of a given type for a given data source.
| artifactTypeID | Artifact type to get. |
| dataSourceObjId | Data source to look under. |
| TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1552 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, getArtifactType(), and getDataArtifactsWhere().
| List< DataArtifact > org.sleuthkit.datamodel.Blackboard.getDataArtifacts | ( | long | dataSourceObjId, |
| Integer | artifactTypeID ) throws TskCoreException |
Gets all data artifacts of a given type for a given data source. To get all the data artifacts for the data source, pass null for the type ID.
| dataSourceObjId | The object ID of the data source. |
| artifactTypeID | The type ID of the desired artifacts or null. |
| TskCoreException | This exception is thrown if there is an error querying the case database. |
Definition at line 1528 of file Blackboard.java.
References getDataArtifactsWhere().
| List< DataArtifact > org.sleuthkit.datamodel.Blackboard.getDataArtifactsWhere | ( | String | whereClause | ) | throws TskCoreException |
Get all data artifacts matching the given where sub-clause.
| whereClause | SQL Where sub-clause, specifies conditions to match. |
| TskCoreException | exception thrown if a critical error occurs within TSK core. |
Definition at line 1637 of file Blackboard.java.
References getDataArtifactsWhere().
Referenced by getArtifacts(), getDataArtifactById(), getDataArtifacts(), getDataArtifacts(), getDataArtifacts(), and getDataArtifactsWhere().
| List< BlackboardArtifact > org.sleuthkit.datamodel.Blackboard.getExactMatchKeywordSearchResults | ( | String | keyword, |
| TskData.KeywordSearchQueryType | searchType, | ||
| String | kwsListName, | ||
| Long | dataSourceId ) throws TskCoreException |
Returns a list of "Exact match / Literal" keyword hits blackboard artifacts according to the input conditions.
| keyword | The keyword string to search for. This should always be populated unless you are trying to get all keyword hits of specific keyword search type or keyword list name. |
| searchType | Type of keyword search query. |
| kwsListName | (Optional) Name of the keyword list for which the search results are for. If not specified, then the results will be for ad-hoc keyword searches. |
| dataSourceId | (Optional) Data source id of the target data source. If null, then the results will be for all data sources. |
| TskCoreException | If an exception is encountered while running database query to obtain the keyword hits. |
Definition at line 2032 of file Blackboard.java.
References getKeywordSearchResults().
| List< BlackboardArtifact > org.sleuthkit.datamodel.Blackboard.getKeywordSearchResults | ( | String | keyword, |
| String | regex, | ||
| TskData.KeywordSearchQueryType | searchType, | ||
| String | kwsListName, | ||
| Long | dataSourceId ) throws TskCoreException |
Returns a list of keyword hits blackboard artifacts according to the input conditions.
| keyword | The keyword string to search for. This should always be populated unless you are trying to get all keyword hits of specific keyword search type or keyword list name. |
| regex | For substring and regex keyword search types, the regex/substring query string should be specified as well as the keyword. It should be empty for literal exact match keyword search types. |
| searchType | Type of keyword search query. |
| kwsListName | (Optional) Name of the keyword list for which the search results are for. If not specified, then the results will be for ad-hoc keyword searches. |
| dataSourceId | (Optional) Data source id of the target data source. If null, then the results will be for all data sources. |
| TskCoreException | If an exception is encountered while running database query to obtain the keyword hits. |
Definition at line 2061 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.BlackboardArtifact.Type.getTypeID(), org.sleuthkit.datamodel.BlackboardAttribute.Type.getTypeID(), org.sleuthkit.datamodel.BlackboardAttribute.Type.TSK_KEYWORD, org.sleuthkit.datamodel.BlackboardArtifact.Type.TSK_KEYWORD_HIT, org.sleuthkit.datamodel.BlackboardAttribute.Type.TSK_KEYWORD_REGEXP, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, and org.sleuthkit.datamodel.BlackboardAttribute.Type.TSK_SET_NAME.
Referenced by getExactMatchKeywordSearchResults().
| BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType | ( | String | typeName, |
| String | displayName ) throws BlackboardException |
Gets an artifact type, creating it if it does not already exist. Use this method to define custom artifact types.
This assumes that the artifact type is of category DATA_ARTIFACT.
| typeName | The type name of the artifact type. |
| displayName | The display name of the artifact type. |
| BlackboardException | If there is a problem getting or adding the artifact type. |
Definition at line 182 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, and getOrAddArtifactType().
Referenced by getOrAddArtifactType().
| BlackboardArtifact.Type org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType | ( | String | typeName, |
| String | displayName, | ||
| BlackboardArtifact.Category | category ) throws BlackboardException |
Gets an artifact type, creating it if it does not already exist. Use this method to define custom artifact types.
| typeName | The type name of the artifact type. |
| displayName | The display name of the artifact type. |
| category | The artifact type category. |
| BlackboardException | If there is a problem getting or adding the artifact type. |
Definition at line 199 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), getArtifactType(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
| synchronized BlackboardAttribute.Type org.sleuthkit.datamodel.Blackboard.getOrAddAttributeType | ( | String | typeName, |
| BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE | valueType, | ||
| String | displayName ) throws BlackboardException |
Gets an attribute type, creating it if it does not already exist. Use this method to define custom attribute types.
NOTE: This method is synchronized to prevent simultaneous access from different threads, but there is still the possibility of concurrency issues from different clients.
| typeName | The type name of the attribute type. |
| valueType | The value type of the attribute type. |
| displayName | The display name of the attribute type. |
| BlackboardException | If there is a problem getting or adding the attribute type. |
Definition at line 1725 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
| boolean org.sleuthkit.datamodel.Blackboard.hasAnalysisResults | ( | long | sourceObjId | ) | throws TskCoreException |
Returns true if there are analysis results belonging to the sourceObjId.
| sourceObjId | The source content object id. |
| TskCoreException |
Definition at line 1313 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT.
| boolean org.sleuthkit.datamodel.Blackboard.hasDataArtifacts | ( | long | sourceObjId | ) | throws TskCoreException |
Returns true if there are data artifacts belonging to the sourceObjId.
| sourceObjId | The source content object id. |
| TskCoreException |
Definition at line 1299 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT.
| Score org.sleuthkit.datamodel.Blackboard.ignoreAnalysisResultScore | ( | AnalysisResult | analysisResult, |
| boolean | ignore ) throws TskCoreException |
Ignore the score of the specified analysis result.Updates “ignore_score” field in tsk_analysis_results table, and recalculates and updates the aggregate score of the content.
Fires an event to indicate that the analysis result score is being ignored and that the score of the item has changed.
| analysisResult | AnalysisResult to ignore. |
| ignore | a flag whether to ignore the score. |
| TskCoreException |
Definition at line 1097 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), ignoreAnalysisResultScore(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by ignoreAnalysisResultScore(), and ignoreAnalysisResultScore().
| Score org.sleuthkit.datamodel.Blackboard.ignoreAnalysisResultScore | ( | long | artifactObjId, |
| boolean | ignore, | ||
| CaseDbTransaction | transaction ) throws TskCoreException |
Ignore the score of the specified analysis result.
Updates “ignore_score” field in tsk_analysis_results table, and recalculates and updates the aggregate score of the content. Fires an event to indicate that the analysis result score is being ignored and that the score of the item has changed.
| artifactObjId | Artifact Obj Id to be ignored |
| ignore | a flag whether to ignore the score. |
| transaction |
| TskCoreException |
Definition at line 1129 of file Blackboard.java.
References getAnalysisResultsWhere(), and ignoreAnalysisResultScore().
| AnalysisResultAdded org.sleuthkit.datamodel.Blackboard.newAnalysisResult | ( | BlackboardArtifact.Type | artifactType, |
| long | objId, | ||
| Long | dataSourceObjId, | ||
| Score | score, | ||
| String | conclusion, | ||
| String | configuration, | ||
| String | justification, | ||
| Collection< BlackboardAttribute > | attributesList ) throws BlackboardException, TskCoreException |
Adds new analysis result artifact.
| artifactType | Type of analysis result artifact to create. |
| objId | Object id of parent. |
| dataSourceObjId | Data source object id, may be null. |
| score | Score associated with this analysis result. |
| conclusion | Conclusion of the analysis, may be null or an empty string. |
| configuration | Configuration associated with this analysis, may be null or an empty string. |
| justification | Justification, may be null or an empty string. |
| attributesList | Attributes to be attached to this analysis result artifact. |
| TskCoreException | |
| BlackboardException | exception thrown if a critical error occurs within TSK core |
Definition at line 915 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), newAnalysisResult(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by newAnalysisResult().
| AnalysisResultAdded org.sleuthkit.datamodel.Blackboard.newAnalysisResult | ( | BlackboardArtifact.Type | artifactType, |
| long | objId, | ||
| Long | dataSourceObjId, | ||
| Score | score, | ||
| String | conclusion, | ||
| String | configuration, | ||
| String | justification, | ||
| Collection< BlackboardAttribute > | attributesList, | ||
| CaseDbTransaction | transaction ) throws BlackboardException |
Adds new analysis result artifact.
| artifactType | Type of analysis result artifact to create. |
| objId | Object id of parent. |
| dataSourceObjId | Data source object id, may be null. |
| score | Score associated with this analysis result. |
| conclusion | Conclusion of the analysis, may be null or an empty string. |
| configuration | Configuration associated with this analysis, may be null or an empty string. |
| justification | Justification, may be null or an empty string. |
| attributesList | Attributes to be attached to this analysis result artifact. |
| transaction | DB transaction to use. |
| BlackboardException | exception thrown if a critical error occurs within TSK core |
Definition at line 964 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.addAttributes(), org.sleuthkit.datamodel.BlackboardArtifact.Category.ANALYSIS_RESULT, org.sleuthkit.datamodel.AnalysisResult.getScore(), and org.sleuthkit.datamodel.BlackboardArtifact.newAnalysisResult().
| DataArtifact org.sleuthkit.datamodel.Blackboard.newDataArtifact | ( | BlackboardArtifact.Type | artifactType, |
| long | sourceObjId, | ||
| Long | dataSourceObjId, | ||
| Collection< BlackboardAttribute > | attributes, | ||
| Long | osAccountId ) throws TskCoreException |
Add a new data artifact with the given type.
| artifactType | The type of the data artifact. |
| sourceObjId | The content that is the source of this artifact. |
| dataSourceObjId | The data source the artifact source content belongs to, may be the same as the sourceObjId. May be null. |
| attributes | The attributes. May be empty or null. |
| osAccountId | The OS account id associated with the artifact. May be null. |
| TskCoreException | If a critical error occurs within tsk core. |
Definition at line 2364 of file Blackboard.java.
References org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, newDataArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by newDataArtifact(), and newDataArtifact().
| DataArtifact org.sleuthkit.datamodel.Blackboard.newDataArtifact | ( | BlackboardArtifact.Type | artifactType, |
| long | sourceObjId, | ||
| Long | dataSourceObjId, | ||
| Collection< BlackboardAttribute > | attributes, | ||
| Long | osAccountObjId, | ||
| final CaseDbTransaction | transaction ) throws TskCoreException |
Add a new data artifact with the given type.
This api executes in the context of the given transaction.
| artifactType | The type of the data artifact. |
| sourceObjId | The content that is the source of this artifact. |
| dataSourceObjId | The data source the artifact source content belongs to, may be the same as the sourceObjId. May be null. |
| attributes | The attributes. May be empty or null. |
| osAccountObjId | The OS account associated with the artifact. This method adds a instance type of ACCESSED to this account. May be null. |
| transaction | The transaction in the scope of which the operation is to be performed. |
| TskCoreException | If a critical error occurs within tsk core. |
Definition at line 2409 of file Blackboard.java.
References org.sleuthkit.datamodel.OsAccountInstance.OsAccountInstanceType.ACCESSED, and newDataArtifact().
| DataArtifact org.sleuthkit.datamodel.Blackboard.newDataArtifact | ( | BlackboardArtifact.Type | artifactType, |
| long | sourceObjId, | ||
| Long | dataSourceObjId, | ||
| Collection< BlackboardAttribute > | attributes, | ||
| Long | osAccountObjId, | ||
| OsAccountInstance.OsAccountInstanceType | osAccountInstanceType, | ||
| final CaseDbTransaction | transaction ) throws TskCoreException |
Add a new data artifact with the given type.
This api executes in the context of the given transaction.
| artifactType | The type of the data artifact. |
| sourceObjId | The content that is the source of this artifact. |
| dataSourceObjId | The data source the artifact source content belongs to, may be the same as the sourceObjId. May be null. |
| attributes | The attributes. May be empty or null. |
| osAccountObjId | The OS account associated with the artifact. May be null. |
| osAccountInstanceType | The instance type to associate with the osAccountObjId. May be null. |
| transaction | The transaction in the scope of which the operation is to be performed. |
| TskCoreException | If a critical error occurs within tsk core. |
Definition at line 2438 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardArtifact.addAttributes(), org.sleuthkit.datamodel.TskData.ObjectType.ARTIFACT, org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT, and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.UNDECIDED.
| void org.sleuthkit.datamodel.Blackboard.postArtifact | ( | BlackboardArtifact | artifact, |
| String | moduleName ) throws BlackboardException |
Posts an artifact to the blackboard. The artifact should be complete (all attributes have been added) before it is posted. Posting the artifact triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifact is ready for further analysis.
| artifact | The artifact. |
| moduleName | The display name of the module posting the artifact. |
| BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 99 of file Blackboard.java.
References postArtifacts().
| void org.sleuthkit.datamodel.Blackboard.postArtifact | ( | BlackboardArtifact | artifact, |
| String | moduleName, | ||
| Long | ingestJobId ) throws BlackboardException |
Posts an artifact to the blackboard. The artifact should be complete (all attributes have been added) before it is posted. Posting the artifact triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifact is ready for further analysis.
| artifact | The artifact. |
| moduleName | The display name of the module posting the artifact. |
| ingestJobId | The numeric identifier of the ingest job for which the artifact was posted, may be null. |
| BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 138 of file Blackboard.java.
References postArtifacts().
| void org.sleuthkit.datamodel.Blackboard.postArtifacts | ( | Collection< BlackboardArtifact > | artifacts, |
| String | moduleName ) throws BlackboardException |
Posts a collection of artifacts to the blackboard. The artifacts should be complete (all attributes have been added) before they are posted. Posting the artifacts triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifacts are ready for further analysis.
| artifacts | The artifacts. |
| moduleName | The display name of the module posting the artifacts. |
| BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 119 of file Blackboard.java.
References postArtifacts().
Referenced by postArtifact(), postArtifact(), and postArtifacts().
| void org.sleuthkit.datamodel.Blackboard.postArtifacts | ( | Collection< BlackboardArtifact > | artifacts, |
| String | moduleName, | ||
| Long | ingestJobId ) throws BlackboardException |
Posts a collection of artifacts to the blackboard. The artifacts should be complete (all attributes have been added) before they are posted. Posting the artifacts triggers the creation of appropriate timeline events, if any, and broadcast of a notification that the artifacts are ready for further analysis.
| artifacts | The artifacts. |
| moduleName | The display name of the module posting the artifacts. |
| ingestJobId | The numeric identifier of the ingest job for which the artifacts were posted, may be null. |
| BlackboardException | The exception is thrown if there is an issue posting the artifact. |
Definition at line 157 of file Blackboard.java.
| void org.sleuthkit.datamodel.Blackboard.updateFileAttributes | ( | long | fileObjId, |
| List< Attribute > | attributes ) throws TskCoreException |
Update file attributes for file with the given object ID. For each attribute present, the current attribute of that type will be overwitten with the new value.
| fileObjId | File object ID |
| attributes | List of attributes. Each of the given attributes types should already be present in the database. |
| TskCoreException |
Definition at line 641 of file Blackboard.java.
References org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DOUBLE, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.INTEGER, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG, and org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING.
Copyright © 2011-2024 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.