Sleuth Kit Java Bindings (JNI)
4.6
Java bindings for using The Sleuth Kit
|
Classes | |
class | TimelineEventAddedEvent |
Public Member Functions | |
Map< TimelineEventType, Long > | countEventsByType (Long startTime, Long endTime, TimelineFilter.RootFilter filter, TimelineEventType.HierarchyLevel typeHierachyLevel) throws TskCoreException |
TimelineEvent | getEventById (long eventID) throws TskCoreException |
List< Long > | getEventIDs (Interval timeRange, TimelineFilter.RootFilter filter) throws TskCoreException |
List< Long > | getEventIDsForArtifact (BlackboardArtifact artifact) throws TskCoreException |
Set< Long > | getEventIDsForContent (Content content, boolean includeDerivedArtifacts) throws TskCoreException |
List< TimelineEvent > | getEvents (Interval timeRange, TimelineFilter.RootFilter filter) throws TskCoreException |
Optional< TimelineEventType > | getEventType (long eventTypeID) |
ImmutableList< TimelineEventType > | getEventTypes () |
Long | getMaxEventTime () throws TskCoreException |
Long | getMinEventTime () throws TskCoreException |
Interval | getSpanningInterval (Collection< Long > eventIDs) throws TskCoreException |
Interval | getSpanningInterval (Interval timeRange, TimelineFilter.RootFilter filter, DateTimeZone timeZone) throws TskCoreException |
Set< Long > | updateEventsForArtifactTagAdded (BlackboardArtifact artifact) throws TskCoreException |
Set< Long > | updateEventsForArtifactTagDeleted (BlackboardArtifact artifact) throws TskCoreException |
Set< Long > | updateEventsForContentTagAdded (Content content) throws TskCoreException |
Set< Long > | updateEventsForContentTagDeleted (Content content) throws TskCoreException |
Set< Long > | updateEventsForHashSetHit (Content content) throws TskCoreException |
Provides access to the timeline data in a case database.
Definition at line 52 of file TimelineManager.java.
Map<TimelineEventType, Long> org.sleuthkit.datamodel.TimelineManager.countEventsByType | ( | Long | startTime, |
Long | endTime, | ||
TimelineFilter.RootFilter | filter, | ||
TimelineEventType.HierarchyLevel | typeHierachyLevel | ||
) | throws TskCoreException |
Counts the timeline events events that satisfy the given conditions.
startTime | Events that occurred before this time are not counted (units: seconds from UNIX epoch) |
endTime | Events that occurred at or after this time are not counted (seconds from unix epoch) |
filter | Events that fall within the specified time range are only ocunted if they pass this filter. |
typeHierachyLevel | Events that fall within the specified time range and pass the specified filter asre only counted if their types are at the specified level of the event type hierarchy. |
TskCoreException | If there is an error querying the case database. |
Definition at line 879 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineEventType.HierarchyLevel.EVENT, org.sleuthkit.datamodel.TimelineManager.getEventType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
TimelineEvent org.sleuthkit.datamodel.TimelineManager.getEventById | ( | long | eventID | ) | throws TskCoreException |
Gets the timeline event with a given event ID.
eventID | An event ID. |
TskCoreException | If there is an error querying the case database. |
Definition at line 207 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineManager.getEventType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<Long> org.sleuthkit.datamodel.TimelineManager.getEventIDs | ( | Interval | timeRange, |
TimelineFilter.RootFilter | filter | ||
) | throws TskCoreException |
Gets the event IDs of the timeline events within a given time range that pass a given timeline events filter.
timeRange | The time range that the events must be within. |
filter | The timeline events filter that the events must pass. |
TskCoreException | If there is an error querying the case database. |
Definition at line 247 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<Long> org.sleuthkit.datamodel.TimelineManager.getEventIDsForArtifact | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Gets a list of event IDs for the timeline events that have a given artifact as the event source.
artifact | An artifact. |
TskCoreException | If there is an error querying the case database. |
Definition at line 385 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.getEventIDsForContent | ( | Content | content, |
boolean | includeDerivedArtifacts | ||
) | throws TskCoreException |
Gets a list of event IDs for the timeline events that have a given content as the event source.
content | The content. |
includeDerivedArtifacts | If true, also get event IDs for events where the event source is an artifact that has the given content as its source. |
TskCoreException | If there is an error querying the case database. |
Definition at line 420 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
List<TimelineEvent> org.sleuthkit.datamodel.TimelineManager.getEvents | ( | Interval | timeRange, |
TimelineFilter.RootFilter | filter | ||
) | throws TskCoreException |
Gets the timeline events that fall within a given time interval and satisfy a given event filter.
timeRange | The time level. |
filter | The event filter. |
TskCoreException | If there is an error querying the case database. |
Definition at line 1000 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineManager.getEventType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Optional<TimelineEventType> org.sleuthkit.datamodel.TimelineManager.getEventType | ( | long | eventTypeID | ) |
Gets the timeline event type with a given event type ID.
eventTypeID | An event type ID. |
Definition at line 332 of file TimelineManager.java.
Referenced by org.sleuthkit.datamodel.TimelineManager.countEventsByType(), org.sleuthkit.datamodel.TimelineManager.getEventById(), and org.sleuthkit.datamodel.TimelineManager.getEvents().
ImmutableList<TimelineEventType> org.sleuthkit.datamodel.TimelineManager.getEventTypes | ( | ) |
Gets all of the timeline event types in the case database.
Definition at line 341 of file TimelineManager.java.
Long org.sleuthkit.datamodel.TimelineManager.getMaxEventTime | ( | ) | throws TskCoreException |
Gets the maximum timeline event time in the case database.
TskCoreException | If there is an error querying the case database. |
Definition at line 284 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.TimelineManager.getSpanningInterval().
Long org.sleuthkit.datamodel.TimelineManager.getMinEventTime | ( | ) | throws TskCoreException |
Gets the minimum timeline event time in the case database.
TskCoreException | If there is an error querying the case database. |
Definition at line 308 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Interval org.sleuthkit.datamodel.TimelineManager.getSpanningInterval | ( | Collection< Long > | eventIDs | ) | throws TskCoreException |
Gets the smallest possible time interval that spans a collection of timeline events.
eventIDs | The event IDs of the events for which to obtain the spanning interval. |
TskCoreException | If there is an error querying the case database. |
Definition at line 135 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Interval org.sleuthkit.datamodel.TimelineManager.getSpanningInterval | ( | Interval | timeRange, |
TimelineFilter.RootFilter | filter, | ||
DateTimeZone | timeZone | ||
) | throws TskCoreException |
Gets the smallest possible time interval that spans a collection of timeline events.
timeRange | A time range that the events must be within. |
filter | A timeline events filter that the events must pass. |
timeZone | The time zone for the returned time interval. |
TskCoreException | If there is an error querying the case database. |
Definition at line 167 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TimelineManager.getMaxEventTime(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagAdded | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given artifact and marks them as having an event source that is tagged.
artifact | The artifact. |
TskCoreException | If there is an error updating the case database. |
Definition at line 769 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given artifact and marks them as not having an event source that is tagged, if and only if there are no other tags on the artifact.
artifact | The artifact. |
TskCoreException | If there is an error updating the case database. |
Definition at line 792 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagAdded | ( | Content | content | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given content and marks them as having an event source that is tagged. This does not include timeline events where the event source is an artifact, even if the artifact source is the tagged content.
content | The content. |
TskCoreException | If there is an error updating the case database. |
WARNING: THIS IS A BETA VERSION OF THIS METHOD, SUBJECT TO CHANGE AT ANY TIME.
Definition at line 714 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted | ( | Content | content | ) | throws TskCoreException |
Finds all of the timeline events directly associated with a given content and marks them as not having an event source that is tagged, if and only if there are no other tags on the content. The inspection of events does not include events where the event source is an artifact, even if the artifact source is the content from which trhe tag was removed.
content | The content. |
TskCoreException | If there is an error updating the case database. |
WARNING: THIS IS A BETA VERSION OF THIS METHOD, SUBJECT TO CHANGE AT ANY TIME.
Definition at line 743 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Set<Long> org.sleuthkit.datamodel.TimelineManager.updateEventsForHashSetHit | ( | Content | content | ) | throws TskCoreException |
Finds all of the timeline events associated directly or indirectly with a given content and marks them as having an event source that has a hash set hit. This includes both the events that have the content as their event source and the events for which the content is the source content for the source artifact of the event.
content | The content. |
TskCoreException | If there is an error updating the case database. |
Definition at line 834 of file TimelineManager.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Copyright © 2011-2018 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.