|
Sleuth Kit Java Bindings (JNI)
4.5.0
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.5.0
Java bindings for using The Sleuth Kit
|
Classes | |
| class | UnorderedAccountPair |
Public Member Functions | |
| Account.Type | addAccountType (String accountTypeName, String displayName) throws TskCoreException |
| void | addRelationships (AccountFileInstance sender, List< AccountFileInstance > recipients, BlackboardArtifact sourceArtifact, Relationship.Type relationshipType, long dateTime) throws TskCoreException, TskDataException |
| AccountFileInstance | createAccountFileInstance (Account.Type accountType, String accountUniqueID, String moduleName, Content sourceFile) throws TskCoreException |
| Account | getAccount (Account.Type accountType, String accountUniqueID) throws TskCoreException |
| List< AccountDeviceInstance > | getAccountDeviceInstancesWithRelationships (CommunicationsFilter filter) throws TskCoreException |
| Account.Type | getAccountType (String accountTypeName) throws TskCoreException |
| Set< Content > | getRelationshipSources (Set< AccountDeviceInstance > accountDeviceInstanceList, CommunicationsFilter filter) throws TskCoreException |
| long | getRelationshipSourcesCount (AccountDeviceInstance accountDeviceInstance, CommunicationsFilter filter) throws TskCoreException |
Private Member Functions | |
| void | addAccountsRelationship (long account1_id, long account2_id, BlackboardArtifact relationshipaArtifact, Relationship.Type relationshipType, long dateTime) throws TskCoreException |
| Account | getAccount (long account_id) throws TskCoreException |
| BlackboardArtifact | getAccountFileInstanceArtifact (Account.Type accountType, String accountUniqueID, Content sourceFile) throws TskCoreException |
| String | getCommunicationsFilterSQL (CommunicationsFilter commFilter, Set< String > applicableFilters) |
| Account | getOrCreateAccount (Account.Type accountType, String accountUniqueID) throws TskCoreException |
| void | initAccountTypes () throws TskCoreException |
| Set< UnorderedAccountPair > | listToUnorderedPairs (List< Long > account_ids) |
| String | normalizeAccountID (Account.Type accountType, String accountUniqueID) |
| String | normalizeEmailAddress (String emailAddress) |
| String | normalizePhoneNum (String phoneNum) |
| int | readAccountTypes () throws SQLException, TskCoreException |
Private Attributes | |
| final Map< Account.Type, Integer > | accountTypeToTypeIdMap = new ConcurrentHashMap<Account.Type, Integer>() |
| final SleuthkitCase | db |
| final Map< String, Account.Type > | typeNameToAccountTypeMap = new ConcurrentHashMap<String, Account.Type>() |
Static Private Attributes | |
| static final Logger | LOGGER = Logger.getLogger(CommunicationsManager.class.getName()) |
| static final Set< Integer > | RELATIONSHIP_ARTIFACT_TYPE_IDS |
| static final String | RELATIONSHIP_ARTIFACT_TYPE_IDS_CSV_STR = StringUtils.buildCSVString(RELATIONSHIP_ARTIFACT_TYPE_IDS) |
Provides an API to create Accounts and communications/relationships between accounts.
Definition at line 45 of file CommunicationsManager.java.
|
private |
Adds a row in account relationships table
| account1_id | account_id for account1 |
| account2_id | account_id for account2 |
| relationshipaArtifact | relationship artifact |
| relationshipType | The type of relationship to be created |
| dateTime | datetime of communication/relationship as epoch seconds |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 662 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addRelationships().
| Account.Type org.sleuthkit.datamodel.CommunicationsManager.addAccountType | ( | String | accountTypeName, |
| String | displayName | ||
| ) | throws TskCoreException |
Add a custom account type that is not already defined in Account.Type. Will not allow duplicates and will return existing type if the name is already defined.
@param accountTypeName account type that must be unique
@param displayName account type display name
@return Account.Type
@throws TskCoreException exception thrown if a critical error occurs
within TSK core
Definition at line 192 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
| void org.sleuthkit.datamodel.CommunicationsManager.addRelationships | ( | AccountFileInstance | sender, |
| List< AccountFileInstance > | recipients, | ||
| BlackboardArtifact | sourceArtifact, | ||
| Relationship.Type | relationshipType, | ||
| long | dateTime | ||
| ) | throws TskCoreException, TskDataException |
Returns an account instance for the given account instance artifact
| artifact |
| org.sleuthkit.datamodel.TskCoreException | Add one or more relationships between the sender and recipient account instances. All account instances must be from the same data source. |
| sender | sender account |
| recipients | list of recipients |
| sourceArtifact | Artifact that relationships were derived from |
| relationshipType | The type of relationships to be created |
| dateTime | Date of communications/relationship, as epoch seconds |
| org.sleuthkit.datamodel.TskCoreException | |
| org.sleuthkit.datamodel.TskDataException | If the all the accounts and the relationship are not from the same data source, or if the sourceArtifact and relationshipType are not compatible. |
Definition at line 369 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.addAccountsRelationship(), org.sleuthkit.datamodel.CommunicationsManager.UnorderedAccountPair.getFirst(), org.sleuthkit.datamodel.CommunicationsManager.UnorderedAccountPair.getSecond(), and org.sleuthkit.datamodel.CommunicationsManager.listToUnorderedPairs().
| AccountFileInstance org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance | ( | Account.Type | accountType, |
| String | accountUniqueID, | ||
| String | moduleName, | ||
| Content | sourceFile | ||
| ) | throws TskCoreException |
Records that an account was used in a specific file. Behind the scenes, it will create a case-specific Account object if it does not already exist and create the needed database entries (which currently include making a BlackboardArtifact.
| accountType | account type |
| accountUniqueID | unique account identifier (such as email address) |
| moduleName | module creating the account |
| sourceFile | source file the account was found in (for the blackboard) |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 262 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.getOrCreateAccount(), and org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID().
| Account org.sleuthkit.datamodel.CommunicationsManager.getAccount | ( | Account.Type | accountType, |
| String | accountUniqueID | ||
| ) | throws TskCoreException |
Get the Account with the given account type and account ID.
| accountType | account type |
| accountUniqueID | unique account identifier (such as an email address) |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 296 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.CommunicationsManager.getOrCreateAccount().
|
private |
Get the Account object for the given account_id returns null, if does not exist
| account_id | account_id |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 615 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
| List<AccountDeviceInstance> org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships | ( | CommunicationsFilter | filter | ) | throws TskCoreException |
Returns a list of AccountDeviceInstances that at least one relationship that meets the criteria listed in the filters.
Applicable filters: DeviceFilter, AccountTypeFilter, DateRangeFilter,
RelationshipTypeFilter
@param filter filters to apply
@return list of AccountDeviceInstances
@throws TskCoreException exception thrown if a critical error occurs
within TSK core
Definition at line 712 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.CommunicationsManager.getCommunicationsFilterSQL(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
|
private |
Get the blackboard artifact for the given account type, account ID, and source file
| accountType | account type |
| accountUniqueID | accountID |
| sourceFile | Source file (for the artifact) |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 517 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ID, and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
| Account.Type org.sleuthkit.datamodel.CommunicationsManager.getAccountType | ( | String | accountTypeName | ) | throws TskCoreException |
Get the Account.Type for the give type name.
| accountTypeName | An attribute type name. |
| TskCoreException | If an error occurs accessing the case database. |
Definition at line 574 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
|
private |
Builds the SQL for the given CommunicationsFilter.
Gets the SQL for each subfilter and combines using AND.
| commFilter | The CommunicationsFilter to get the SQL for. |
| applicableFilters | A Set of names of classes of subfilters that are applicable. SubFilters not in this list will be ignored. |
Definition at line 1033 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources(), and org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount().
|
private |
Get the Account for the given account type and account ID. Create an a new account if one doesn't exist
| accountType | account type |
| accountUniqueID | unique account identifier |
| TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 428 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance().
| Set<Content> org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources | ( | Set< AccountDeviceInstance > | accountDeviceInstanceList, |
| CommunicationsFilter | filter | ||
| ) | throws TskCoreException |
Get the unique relationship sources (such as EMAIL artifacts) associated with an account on a given device (AccountDeviceInstance) that meet the filter criteria.
Applicable filters: RelationshipTypeFilter, DateRangeFilter
@param accountDeviceInstanceList set of account device instances for
which to get the relationship sources.
@param filter Filters to apply.
@return number of relationship sources found for given account(s).
@throws org.sleuthkit.datamodel.TskCoreException
Definition at line 876 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.CommunicationsManager.getCommunicationsFilterSQL(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
| long org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount | ( | AccountDeviceInstance | accountDeviceInstance, |
| CommunicationsFilter | filter | ||
| ) | throws TskCoreException |
Get the number of unique relationship sources (such as EMAIL artifacts) associated with an account on a given device (AccountDeviceInstance) that meet the filter criteria.
Applicable filters: RelationshipTypeFilter, DateRangeFilter @param accountDeviceInstance Account of interest @param filter Filters to apply. @return number of account relationships found for this account. @throws org.sleuthkit.datamodel.TskCoreException
Definition at line 818 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.CommunicationsManager.getCommunicationsFilterSQL(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
|
private |
Make sure the predefined account types are in the account types table.
| TskCoreException |
Definition at line 78 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.Account.Type.PREDEFINED_ACCOUNT_TYPES, org.sleuthkit.datamodel.CommunicationsManager.readAccountTypes(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
|
private |
Converts a list of accountIDs into a set of possible unordered pairs.
| account_ids | - list of accountID. |
Definition at line 981 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addRelationships().
|
private |
Definition at line 993 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.Account.Type.EMAIL, org.sleuthkit.datamodel.CommunicationsManager.normalizeEmailAddress(), org.sleuthkit.datamodel.CommunicationsManager.normalizePhoneNum(), and org.sleuthkit.datamodel.Account.Type.PHONE.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.createAccountFileInstance(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), and org.sleuthkit.datamodel.CommunicationsManager.getOrCreateAccount().
|
private |
Definition at line 1015 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID().
|
private |
Definition at line 1005 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.normalizeAccountID().
|
private |
Reads in in the account types table.
Returns the number of account types read in
| SQLException | |
| TskCoreException |
Definition at line 133 of file CommunicationsManager.java.
References org.sleuthkit.datamodel.CommunicationsManager.accountTypeToTypeIdMap, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.CommunicationsManager.typeNameToAccountTypeMap.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.initAccountTypes().
|
private |
Definition at line 52 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.initAccountTypes(), and org.sleuthkit.datamodel.CommunicationsManager.readAccountTypes().
|
private |
Definition at line 49 of file CommunicationsManager.java.
|
staticprivate |
Definition at line 47 of file CommunicationsManager.java.
|
staticprivate |
Definition at line 58 of file CommunicationsManager.java.
|
staticprivate |
Definition at line 65 of file CommunicationsManager.java.
|
private |
Definition at line 54 of file CommunicationsManager.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.initAccountTypes(), and org.sleuthkit.datamodel.CommunicationsManager.readAccountTypes().
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.