Sleuth Kit Java Bindings (JNI)
4.5.0
Java bindings for using The Sleuth Kit
|
Classes | |
class | UnorderedAccountPair |
Public Member Functions | |
Account.Type | addAccountType (String accountTypeName, String displayName) throws TskCoreException |
void | addRelationships (AccountFileInstance sender, List< AccountFileInstance > recipients, BlackboardArtifact sourceArtifact, Relationship.Type relationshipType, long dateTime) throws TskCoreException, TskDataException |
AccountFileInstance | createAccountFileInstance (Account.Type accountType, String accountUniqueID, String moduleName, Content sourceFile) throws TskCoreException |
Account | getAccount (Account.Type accountType, String accountUniqueID) throws TskCoreException |
List< AccountDeviceInstance > | getAccountDeviceInstancesWithRelationships (CommunicationsFilter filter) throws TskCoreException |
Account.Type | getAccountType (String accountTypeName) throws TskCoreException |
Set< Content > | getRelationshipSources (Set< AccountDeviceInstance > accountDeviceInstanceList, CommunicationsFilter filter) throws TskCoreException |
long | getRelationshipSourcesCount (AccountDeviceInstance accountDeviceInstance, CommunicationsFilter filter) throws TskCoreException |
Private Member Functions | |
void | addAccountsRelationship (long account1_id, long account2_id, BlackboardArtifact relationshipaArtifact, Relationship.Type relationshipType, long dateTime) throws TskCoreException |
Account | getAccount (long account_id) throws TskCoreException |
BlackboardArtifact | getAccountFileInstanceArtifact (Account.Type accountType, String accountUniqueID, Content sourceFile) throws TskCoreException |
String | getCommunicationsFilterSQL (CommunicationsFilter commFilter, Set< String > applicableFilters) |
Account | getOrCreateAccount (Account.Type accountType, String accountUniqueID) throws TskCoreException |
void | initAccountTypes () throws TskCoreException |
Set< UnorderedAccountPair > | listToUnorderedPairs (List< Long > account_ids) |
String | normalizeAccountID (Account.Type accountType, String accountUniqueID) |
String | normalizeEmailAddress (String emailAddress) |
String | normalizePhoneNum (String phoneNum) |
int | readAccountTypes () throws SQLException, TskCoreException |
Private Attributes | |
final Map< Account.Type, Integer > | accountTypeToTypeIdMap = new ConcurrentHashMap<Account.Type, Integer>() |
final SleuthkitCase | db |
final Map< String, Account.Type > | typeNameToAccountTypeMap = new ConcurrentHashMap<String, Account.Type>() |
Static Private Attributes | |
static final Logger | LOGGER = Logger.getLogger(CommunicationsManager.class.getName()) |
static final Set< Integer > | RELATIONSHIP_ARTIFACT_TYPE_IDS |
static final String | RELATIONSHIP_ARTIFACT_TYPE_IDS_CSV_STR = StringUtils.buildCSVString(RELATIONSHIP_ARTIFACT_TYPE_IDS) |
Provides an API to create Accounts and communications/relationships between accounts.
Definition at line 45 of file CommunicationsManager.java.
|
private |
Adds a row in account relationships table
account1_id | account_id for account1 |
account2_id | account_id for account2 |
relationshipaArtifact | relationship artifact |
relationshipType | The type of relationship to be created |
dateTime | datetime of communication/relationship as epoch seconds |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 662 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addRelationships().
Account.Type org.sleuthkit.datamodel.CommunicationsManager.addAccountType | ( | String | accountTypeName, |
String | displayName | ||
) | throws TskCoreException |
Add a custom account type that is not already defined in Account.Type. Will not allow duplicates and will return existing type if the name is already defined.
@param accountTypeName account type that must be unique @param displayName account type display name @return Account.Type @throws TskCoreException exception thrown if a critical error occurs within TSK core
Definition at line 192 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
void org.sleuthkit.datamodel.CommunicationsManager.addRelationships | ( | AccountFileInstance | sender, |
List< AccountFileInstance > | recipients, | ||
BlackboardArtifact | sourceArtifact, | ||
Relationship.Type | relationshipType, | ||
long | dateTime | ||
) | throws TskCoreException, TskDataException |
Returns an account instance for the given account instance artifact
artifact |
org.sleuthkit.datamodel.TskCoreException | Add one or more relationships between the sender and recipient account instances. All account instances must be from the same data source. |
sender | sender account |
recipients | list of recipients |
sourceArtifact | Artifact that relationships were derived from |
relationshipType | The type of relationships to be created |
dateTime | Date of communications/relationship, as epoch seconds |
org.sleuthkit.datamodel.TskCoreException | |
org.sleuthkit.datamodel.TskDataException | If the all the accounts and the relationship are not from the same data source, or if the sourceArtifact and relationshipType are not compatible. |
Definition at line 369 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.addAccountsRelationship(), org.sleuthkit.datamodel.CommunicationsManager.UnorderedAccountPair.getFirst(), org.sleuthkit.datamodel.CommunicationsManager.UnorderedAccountPair.getSecond(), and org.sleuthkit.datamodel.CommunicationsManager.listToUnorderedPairs().
AccountFileInstance org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance | ( | Account.Type | accountType, |
String | accountUniqueID, | ||
String | moduleName, | ||
Content | sourceFile | ||
) | throws TskCoreException |
Records that an account was used in a specific file. Behind the scenes, it will create a case-specific Account object if it does not already exist and create the needed database entries (which currently include making a BlackboardArtifact.
accountType | account type |
accountUniqueID | unique account identifier (such as email address) |
moduleName | module creating the account |
sourceFile | source file the account was found in (for the blackboard) |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 262 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.getOrCreateAccount(), and org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID().
Account org.sleuthkit.datamodel.CommunicationsManager.getAccount | ( | Account.Type | accountType, |
String | accountUniqueID | ||
) | throws TskCoreException |
Get the Account with the given account type and account ID.
accountType | account type |
accountUniqueID | unique account identifier (such as an email address) |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 296 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.CommunicationsManager.getOrCreateAccount().
|
private |
Get the Account object for the given account_id returns null, if does not exist
account_id | account_id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 615 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<AccountDeviceInstance> org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships | ( | CommunicationsFilter | filter | ) | throws TskCoreException |
Returns a list of AccountDeviceInstances that at least one relationship that meets the criteria listed in the filters.
Applicable filters: DeviceFilter, AccountTypeFilter, DateRangeFilter, RelationshipTypeFilter @param filter filters to apply @return list of AccountDeviceInstances @throws TskCoreException exception thrown if a critical error occurs within TSK core
Definition at line 712 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.CommunicationsManager.getCommunicationsFilterSQL(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
|
private |
Get the blackboard artifact for the given account type, account ID, and source file
accountType | account type |
accountUniqueID | accountID |
sourceFile | Source file (for the artifact) |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 517 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ID, and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
Account.Type org.sleuthkit.datamodel.CommunicationsManager.getAccountType | ( | String | accountTypeName | ) | throws TskCoreException |
Get the Account.Type for the give type name.
accountTypeName | An attribute type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 574 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
|
private |
Builds the SQL for the given CommunicationsFilter.
Gets the SQL for each subfilter and combines using AND.
commFilter | The CommunicationsFilter to get the SQL for. |
applicableFilters | A Set of names of classes of subfilters that are applicable. SubFilters not in this list will be ignored. |
Definition at line 1033 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources(), and org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount().
|
private |
Get the Account for the given account type and account ID. Create an a new account if one doesn't exist
accountType | account type |
accountUniqueID | unique account identifier |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 428 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance().
Set<Content> org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources | ( | Set< AccountDeviceInstance > | accountDeviceInstanceList, |
CommunicationsFilter | filter | ||
) | throws TskCoreException |
Get the unique relationship sources (such as EMAIL artifacts) associated with an account on a given device (AccountDeviceInstance) that meet the filter criteria.
Applicable filters: RelationshipTypeFilter, DateRangeFilter @param accountDeviceInstanceList set of account device instances for which to get the relationship sources. @param filter Filters to apply. @return number of relationship sources found for given account(s). @throws org.sleuthkit.datamodel.TskCoreException
Definition at line 876 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.CommunicationsManager.getCommunicationsFilterSQL(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
long org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount | ( | AccountDeviceInstance | accountDeviceInstance, |
CommunicationsFilter | filter | ||
) | throws TskCoreException |
Get the number of unique relationship sources (such as EMAIL artifacts) associated with an account on a given device (AccountDeviceInstance) that meet the filter criteria.
Applicable filters: RelationshipTypeFilter, DateRangeFilter @param accountDeviceInstance Account of interest @param filter Filters to apply. @return number of account relationships found for this account. @throws org.sleuthkit.datamodel.TskCoreException
Definition at line 818 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.CommunicationsManager.getCommunicationsFilterSQL(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
|
private |
Make sure the predefined account types are in the account types table.
TskCoreException |
Definition at line 78 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.Account.Type.PREDEFINED_ACCOUNT_TYPES, org.sleuthkit.datamodel.CommunicationsManager.readAccountTypes(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
|
private |
Converts a list of accountIDs into a set of possible unordered pairs.
account_ids | - list of accountID. |
Definition at line 981 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addRelationships().
|
private |
Definition at line 993 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.Account.Type.EMAIL, org.sleuthkit.datamodel.CommunicationsManager.normalizeEmailAddress(), org.sleuthkit.datamodel.CommunicationsManager.normalizePhoneNum(), and org.sleuthkit.datamodel.Account.Type.PHONE.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), and org.sleuthkit.datamodel.CommunicationsManager.getOrCreateAccount().
|
private |
Definition at line 1015 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID().
|
private |
Definition at line 1005 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID().
|
private |
Reads in in the account types table.
Returns the number of account types read in
SQLException | |
TskCoreException |
Definition at line 133 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.initAccountTypes().
|
private |
Definition at line 52 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.initAccountTypes(), and org.sleuthkit.datamodel.CommunicationsManager.readAccountTypes().
|
private |
Definition at line 49 of file CommunicationsManager.java.
|
staticprivate |
Definition at line 47 of file CommunicationsManager.java.
|
staticprivate |
Definition at line 58 of file CommunicationsManager.java.
|
staticprivate |
Definition at line 65 of file CommunicationsManager.java.
|
private |
Definition at line 54 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.initAccountTypes(), and org.sleuthkit.datamodel.CommunicationsManager.readAccountTypes().
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.