Autopsy
3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | IngestEventPublisher |
enum | IngestJobEvent |
class | IngestJobStarter |
enum | IngestModuleEvent |
class | IngestTaskExecuter |
class | IngestThreadActivitySnapshot |
Public Member Functions | |
synchronized void | setRunInteractively (boolean runInteractively) |
int | getNumberOfFileIngestThreads () |
synchronized void | queueIngestJob (Collection< Content > dataSources, IngestJobSettings settings) |
synchronized IngestJob | startIngestJob (Collection< Content > dataSources, IngestJobSettings settings) |
boolean | isIngestRunning () |
synchronized void | cancelAllIngestJobs () |
void | addIngestJobEventListener (final PropertyChangeListener listener) |
void | removeIngestJobEventListener (final PropertyChangeListener listener) |
void | addIngestModuleEventListener (final PropertyChangeListener listener) |
void | removeIngestModuleEventListener (final PropertyChangeListener listener) |
Static Public Member Functions | |
static synchronized IngestManager | getInstance () |
static void | addPropertyChangeListener (final PropertyChangeListener listener) |
static void | removePropertyChangeListener (final PropertyChangeListener listener) |
Private Member Functions | |
IngestManager () | |
void | startDataSourceIngestThread () |
void | startFileIngestThread () |
void | subscribeToCaseEvents () |
void | clearIngestMessageBox () |
boolean | startIngestJob (IngestJob job) |
void | incrementModuleRunTime (String moduleName, Long duration) |
Private Attributes | |
final ConcurrentHashMap< Long, IngestJob > | jobsById |
final AtomicLong | nextThreadId |
final ConcurrentHashMap< Long, Future< Void > > | ingestJobStarters |
final ExecutorService | startIngestJobsThreadPool |
final ExecutorService | dataSourceIngestThreadPool |
int | numberOfFileIngestThreads |
final ExecutorService | fileIngestThreadPool |
final PropertyChangeSupport | ingestJobEventPublisher |
final PropertyChangeSupport | ingestModuleEventPublisher |
final ExecutorService | fireIngestEventsThreadPool |
final IngestMonitor | ingestMonitor |
volatile IngestMessageTopComponent | ingestMessageBox |
final AtomicLong | ingestErrorMessagePosts |
final ConcurrentHashMap< Long, IngestThreadActivitySnapshot > | ingestThreadActivitySnapshots |
final ConcurrentHashMap< String, Long > | ingestModuleRunTimes |
volatile boolean | jobCreationIsEnabled |
volatile boolean | runInteractively |
Static Private Attributes | |
static final Logger | logger = Logger.getLogger(IngestManager.class.getName()) |
static IngestManager | instance |
static final int | MIN_NUMBER_OF_FILE_INGEST_THREADS = 1 |
static final int | MAX_NUMBER_OF_FILE_INGEST_THREADS = 16 |
static final int | DEFAULT_NUMBER_OF_FILE_INGEST_THREADS = 2 |
static final int | MAX_ERROR_MESSAGE_POSTS = 200 |
Manages the creation and execution of ingest jobs, i.e., the processing of data sources by ingest modules.
Definition at line 55 of file IngestManager.java.
|
private |
Constructs a manager of the creation and execution of ingest jobs, i.e., the processing of data sources by ingest modules. The manager immediately submits ingest task executers (Callable objects) to the data source level ingest and file level ingest thread pools. These ingest task executers are simple consumers that will normally run as long as the application runs.
Definition at line 223 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.DEFAULT_NUMBER_OF_FILE_INGEST_THREADS, org.sleuthkit.autopsy.core.UserPreferences.numberOfFileIngestThreads(), org.sleuthkit.autopsy.ingest.IngestManager.numberOfFileIngestThreads, org.sleuthkit.autopsy.core.UserPreferences.setNumberOfFileIngestThreads(), org.sleuthkit.autopsy.ingest.IngestManager.startDataSourceIngestThread(), and org.sleuthkit.autopsy.ingest.IngestManager.startFileIngestThread().
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.getInstance().
void org.sleuthkit.autopsy.ingest.IngestManager.addIngestJobEventListener | ( | final PropertyChangeListener | listener | ) |
Adds an ingest job event property change listener.
listener | The PropertyChangeListener to register. |
Definition at line 510 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.datamodel.Tags.TagNameNodeFactory.addNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.TypeFactory.addNotify(), org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.addNotify(), org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetNameFactory.addNotify(), org.sleuthkit.autopsy.datamodel.EmailExtracted.AccountFactory.addNotify(), org.sleuthkit.autopsy.datamodel.KeywordHits.ListFactory.addNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.ArtifactFactory.addNotify(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.HashLookupSettingsPanel(), and org.sleuthkit.autopsy.directorytree.DirectoryTreeTopComponent.subscribeToChangeEvents().
void org.sleuthkit.autopsy.ingest.IngestManager.addIngestModuleEventListener | ( | final PropertyChangeListener | listener | ) |
Adds an ingest module event property change listener.
listener | The PropertyChangeListener to register. |
Definition at line 528 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.datamodel.Tags.TagNameNodeFactory.addNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.TypeFactory.addNotify(), org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.addNotify(), org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetNameFactory.addNotify(), org.sleuthkit.autopsy.datamodel.EmailExtracted.AccountFactory.addNotify(), org.sleuthkit.autopsy.datamodel.KeywordHits.ListFactory.addNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.ArtifactFactory.addNotify(), and org.sleuthkit.autopsy.directorytree.DirectoryTreeTopComponent.subscribeToChangeEvents().
|
static |
Adds an ingest job and ingest module event property change listener.
listener | The PropertyChangeListener to register. |
Definition at line 549 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.ingestJobEventPublisher, and org.sleuthkit.autopsy.ingest.IngestManager.ingestModuleEventPublisher.
synchronized void org.sleuthkit.autopsy.ingest.IngestManager.cancelAllIngestJobs | ( | ) |
Cancels all ingest jobs in progress.
Definition at line 493 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestJob.cancel().
Referenced by org.sleuthkit.autopsy.ingest.IngestMonitor.MonitorAction.actionPerformed().
|
private |
Definition at line 342 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.startIngestJob().
|
static |
Gets the manager of the creation and execution of ingest jobs, i.e., the processing of data sources by ingest modules.
Two stage construction to avoid allowing the "this" reference to be prematurely published from the constructor via the Case property change listener.
Definition at line 202 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.IngestManager(), org.sleuthkit.autopsy.ingest.IngestManager.instance, and org.sleuthkit.autopsy.ingest.IngestManager.subscribeToCaseEvents().
Referenced by org.sleuthkit.autopsy.casemodule.AddImageAction.actionPerformed(), org.sleuthkit.autopsy.ingest.IngestMonitor.MonitorAction.actionPerformed(), org.sleuthkit.autopsy.datamodel.Tags.TagNameNodeFactory.addNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.TypeFactory.addNotify(), org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.addNotify(), org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetNameFactory.addNotify(), org.sleuthkit.autopsy.datamodel.EmailExtracted.AccountFactory.addNotify(), org.sleuthkit.autopsy.datamodel.KeywordHits.ListFactory.addNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.ArtifactFactory.addNotify(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), org.sleuthkit.autopsy.timeline.TimeLineController.closeTimeLine(), org.sleuthkit.autopsy.ingest.RunIngestModulesDialog.doButtonAction(), org.sleuthkit.autopsy.ingest.IngestServices.fireModuleContentEvent(), org.sleuthkit.autopsy.ingest.IngestServices.fireModuleDataEvent(), org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchContextMenuActionsProvider.getActions(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.HashLookupSettingsPanel(), org.sleuthkit.autopsy.ingest.IngestProgressSnapshotPanel.IngestThreadActivitySnapshotsTableModel.refresh(), org.sleuthkit.autopsy.ingest.IngestProgressSnapshotPanel.IngestJobTableModel.refresh(), org.sleuthkit.autopsy.ingest.IngestProgressSnapshotPanel.ModuleTableModel.refresh(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase(), org.sleuthkit.autopsy.datamodel.FileTypesNode.FileTypesChildren.FileTypesChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootChildren.FileSizeRootChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.DeletedContent.DeletedContentsChildren.DeletedContentsChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.Tags.TagNameNodeFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.TypeFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetNameFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.EmailExtracted.AccountFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.KeywordHits.ListFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.ArtifactFactory.removeNotify(), org.sleuthkit.autopsy.ingest.Installer.restored(), org.sleuthkit.autopsy.ingest.IngestJobConfigurator.startIngestJobs(), org.sleuthkit.autopsy.directorytree.DirectoryTreeTopComponent.subscribeToChangeEvents(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForNoSelection(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
int org.sleuthkit.autopsy.ingest.IngestManager.getNumberOfFileIngestThreads | ( | ) |
Gets the number of file ingest threads the ingest manager will use to do ingest jobs.
Definition at line 355 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.numberOfFileIngestThreads.
|
private |
Internal method to update the times associated with each module.
moduleName | |
duration |
Definition at line 674 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.ingestModuleRunTimes.
boolean org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning | ( | ) |
Queries whether or not any ingest jobs are in progress.
Definition at line 486 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.AddImageAction.actionPerformed(), org.sleuthkit.autopsy.ingest.IngestMonitor.MonitorAction.actionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchContextMenuActionsProvider.getActions(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForNoSelection(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
synchronized void org.sleuthkit.autopsy.ingest.IngestManager.queueIngestJob | ( | Collection< Content > | dataSources, |
IngestJobSettings | settings | ||
) |
Queues an ingest job that will process a collection of data sources. The job will be started on a worker thread.
dataSources | The data sources to process. |
settings | The settings for the ingest job. |
Definition at line 366 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.RunIngestModulesDialog.doButtonAction(), and org.sleuthkit.autopsy.ingest.IngestJobConfigurator.startIngestJobs().
void org.sleuthkit.autopsy.ingest.IngestManager.removeIngestJobEventListener | ( | final PropertyChangeListener | listener | ) |
Removes an ingest job event property change listener.
listener | The PropertyChangeListener to unregister. |
Definition at line 519 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.timeline.TimeLineController.closeTimeLine(), org.sleuthkit.autopsy.datamodel.FileTypesNode.FileTypesChildren.FileTypesChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootChildren.FileSizeRootChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.DeletedContent.DeletedContentsChildren.DeletedContentsChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.Tags.TagNameNodeFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.TypeFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetNameFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.EmailExtracted.AccountFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.KeywordHits.ListFactory.removeNotify(), and org.sleuthkit.autopsy.datamodel.ExtractedContent.ArtifactFactory.removeNotify().
void org.sleuthkit.autopsy.ingest.IngestManager.removeIngestModuleEventListener | ( | final PropertyChangeListener | listener | ) |
Removes an ingest module event property change listener.
listener | The PropertyChangeListener to unregister. |
Definition at line 537 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.timeline.TimeLineController.closeTimeLine(), org.sleuthkit.autopsy.datamodel.FileTypesNode.FileTypesChildren.FileTypesChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.FileSize.FileSizeRootChildren.FileSizeRootChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.DeletedContent.DeletedContentsChildren.DeletedContentsChildrenObservable.removeListeners(), org.sleuthkit.autopsy.datamodel.Tags.TagNameNodeFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.ExtractedContent.TypeFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.HashsetHits.HashsetNameFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.EmailExtracted.AccountFactory.removeNotify(), org.sleuthkit.autopsy.datamodel.KeywordHits.ListFactory.removeNotify(), and org.sleuthkit.autopsy.datamodel.ExtractedContent.ArtifactFactory.removeNotify().
|
static |
Removes an ingest job and ingest module event property change listener.
listener | The PropertyChangeListener to unregister. |
Definition at line 562 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.ingestJobEventPublisher, and org.sleuthkit.autopsy.ingest.IngestManager.ingestModuleEventPublisher.
synchronized void org.sleuthkit.autopsy.ingest.IngestManager.setRunInteractively | ( | boolean | runInteractively | ) |
The ingest manager can be directed to forgo use of message boxes, the ingest message box, NetBeans progress handles, etc. Running interactively is the default.
runInteractively | whether or not to this ingest manager should run ingest interactively. |
Definition at line 305 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.runInteractively.
|
private |
Submits an ingest task executer Callable to the data source level ingest thread pool.
Definition at line 255 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.IngestManager().
|
private |
Submits a ingest task executer Callable to the file level ingest thread pool.
Definition at line 265 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.IngestManager().
synchronized IngestJob org.sleuthkit.autopsy.ingest.IngestManager.startIngestJob | ( | Collection< Content > | dataSources, |
IngestJobSettings | settings | ||
) |
Starts an ingest job that will process a collection of data sources.
dataSources | The data sources to process. |
settings | The settings for the ingest job. |
Definition at line 384 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.IngestJobStarter.call().
|
private |
Starts an ingest job for a collection of data sources.
job | The ingest job to start. |
TODO: This is not really reliable.
Add the job to the jobs map now so that isIngestRunning() will return true while the modules read global settings during start up. This works because the core global settings panels restrict changes while analysis is in progress.
Definition at line 402 of file IngestManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.clearIngestMessageBox(), org.sleuthkit.autopsy.ingest.IngestJob.getId(), and org.sleuthkit.autopsy.ingest.IngestManager.logger.
|
private |
Definition at line 271 of file IngestManager.java.
References org.sleuthkit.autopsy.casemodule.Case.addPropertyChangeListener(), and org.sleuthkit.autopsy.casemodule.Case.Events.CURRENT_CASE.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.getInstance().
|
private |
Ingest jobs use an ingest task scheduler to break themselves down into data source level and file level tasks. The ingest scheduler puts these ingest tasks into queues for execution on ingest manager pool threads by ingest task executers. There is a single data source level ingest thread and a user configurable number of file level ingest threads.
Definition at line 88 of file IngestManager.java.
|
staticprivate |
Definition at line 91 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.IngestManager().
|
private |
Definition at line 93 of file IngestManager.java.
|
private |
Definition at line 103 of file IngestManager.java.
|
private |
Definition at line 119 of file IngestManager.java.
|
private |
The ingest manager uses the property change feature from Java Beans as an event publishing mechanism. There are two kinds of events, ingest job events and ingest module events. Property changes are fired by ingest event publishers on a pool thread.
Definition at line 101 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.addPropertyChangeListener(), and org.sleuthkit.autopsy.ingest.IngestManager.removePropertyChangeListener().
|
private |
Ingest jobs may be queued to be started on a pool thread by ingest job starters. A mapping of thread/task IDs to the result objects associated with each ingest job starter is maintained to provide handles that can be used to cancel the ingest job starter.
Definition at line 78 of file IngestManager.java.
|
private |
Definition at line 118 of file IngestManager.java.
|
private |
Definition at line 102 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.addPropertyChangeListener(), and org.sleuthkit.autopsy.ingest.IngestManager.removePropertyChangeListener().
|
private |
Definition at line 127 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.incrementModuleRunTime().
|
private |
The ingest manager uses an ingest monitor to determine when system resources are under pressure. If the monitor detects such a situation, it calls back to the ingest manager to cancel all ingest jobs in progress.
Definition at line 110 of file IngestManager.java.
|
private |
The ingest manager supports reporting of ingest processing progress by collecting snapshots of the activities of the ingest threads, ingest job progress, and ingest module run times.
Definition at line 126 of file IngestManager.java.
|
staticprivate |
Definition at line 58 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.getInstance().
|
private |
The ingest job creation capability of the ingest manager can be turned on and off to support an orderly shut down of the application.
Definition at line 133 of file IngestManager.java.
|
private |
The ingest manager maintains a mapping of ingest job IDs to running ingest jobs.
Definition at line 64 of file IngestManager.java.
|
staticprivate |
Definition at line 57 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.startIngestJob().
|
staticprivate |
The ingest manager provides access to a top component that is used by ingest module to post messages for the user. A count of the posts is used as a cap to avoid bogging down the application.
Definition at line 117 of file IngestManager.java.
|
staticprivate |
Definition at line 90 of file IngestManager.java.
|
staticprivate |
Definition at line 89 of file IngestManager.java.
|
private |
Each runnable/callable task the ingest manager submits to its thread pools is given a unique thread/task ID.
Definition at line 70 of file IngestManager.java.
|
private |
Definition at line 92 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.getNumberOfFileIngestThreads(), and org.sleuthkit.autopsy.ingest.IngestManager.IngestManager().
|
private |
The ingest manager can be directed to forgo use of message boxes, the ingest message box, NetBeans progress handles, etc. Running interactively is the default.
Definition at line 140 of file IngestManager.java.
Referenced by org.sleuthkit.autopsy.ingest.IngestManager.setRunInteractively().
|
private |
Definition at line 79 of file IngestManager.java.
Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.