Autopsy
3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
enum | Event |
enum | KnownFilesType |
Public Member Functions | |
void | addPropertyChangeListener (PropertyChangeListener pcl) |
void | removePropertyChangeListener (PropertyChangeListener pcl) |
String | getHashSetName () |
String | getDatabasePath () throws TskCoreException |
String | getIndexPath () throws TskCoreException |
KnownFilesType | getKnownFilesType () |
boolean | getSearchDuringIngest () |
boolean | getSendIngestMessages () |
boolean | isUpdateable () throws TskCoreException |
void | addHashes (Content content) throws TskCoreException |
void | addHashes (Content content, String comment) throws TskCoreException |
void | addHashes (List< HashEntry > hashes) throws TskCoreException |
boolean | lookupMD5Quick (Content content) throws TskCoreException |
HashHitInfo | lookupMD5 (Content content) throws TskCoreException |
Private Member Functions | |
HashDb (int handle, String hashSetName, boolean useForIngest, boolean sendHitMessages, KnownFilesType knownFilesType) | |
void | close () throws TskCoreException |
Private Attributes | |
int | handle |
String | hashSetName |
boolean | searchDuringIngest |
boolean | sendIngestMessages |
KnownFilesType | knownFilesType |
boolean | indexing |
final PropertyChangeSupport | propertyChangeSupport = new PropertyChangeSupport(this) |
Instances of this class represent hash databases used to classify files as known or know bad.
Definition at line 745 of file HashDbManager.java.
|
private |
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addHashes | ( | Content | content | ) | throws TskCoreException |
Adds hashes of content (if calculated) to the hash database.
content | The content for which the calculated hashes, if any, are to be added to the hash database. |
TskCoreException |
Definition at line 852 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.AddContentToHashDbAction.AddContentToHashDbMenu.addFilesToHashSet().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addHashes | ( | Content | content, |
String | comment | ||
) | throws TskCoreException |
Adds hashes of content (if calculated) to the hash database.
content | The content for which the calculated hashes, if any, are to be added to the hash database. |
comment | A comment to associate with the hashes, e.g., the name of the case in which the content was encountered. |
TskCoreException |
Definition at line 865 of file HashDbManager.java.
References org::sleuthkit::datamodel::SleuthkitJNI.addToHashDatabase(), org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.handle.
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addHashes | ( | List< HashEntry > | hashes | ) | throws TskCoreException |
Adds a list of hashes to the hash database at once
hashes | List of hashes |
TskCoreException |
Definition at line 882 of file HashDbManager.java.
References org::sleuthkit::datamodel::SleuthkitJNI.addToHashDatabase().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addPropertyChangeListener | ( | PropertyChangeListener | pcl | ) |
Adds a listener for the events defined in HashDb.Event.
Definition at line 793 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.indexButtonActionPerformed().
|
private |
Definition at line 940 of file HashDbManager.java.
References org::sleuthkit::datamodel::SleuthkitJNI.closeHashDatabase().
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getDatabasePath | ( | ) | throws TskCoreException |
Definition at line 808 of file HashDbManager.java.
References org::sleuthkit::datamodel::SleuthkitJNI.getHashDatabasePath().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName | ( | ) |
Definition at line 804 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.hashSetName.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.createDatabaseButtonActionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbIndexer.doInBackground(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbIndexer.done(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.importDatabaseButtonActionPerformed(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.isHashDbIndexed(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getIndexPath | ( | ) | throws TskCoreException |
Definition at line 812 of file HashDbManager.java.
References org::sleuthkit::datamodel::SleuthkitJNI.getHashDatabaseIndexPath().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
KnownFilesType org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getKnownFilesType | ( | ) |
Definition at line 816 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.knownFilesType.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addHashDatabase(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSearchDuringIngest | ( | ) |
Definition at line 820 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.searchDuringIngest.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSendIngestMessages | ( | ) |
Definition at line 828 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.sendIngestMessages.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.updateComponentsForSelection().
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.isUpdateable | ( | ) | throws TskCoreException |
Indicates whether the hash database accepts updates.
Definition at line 841 of file HashDbManager.java.
References org::sleuthkit::datamodel::SleuthkitJNI.isUpdateableHashDatabase().
HashHitInfo org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.lookupMD5 | ( | Content | content | ) | throws TskCoreException |
Lookup hash value in DB and provide details on file.
content |
TskCoreException |
Definition at line 910 of file HashDbManager.java.
References org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.handle, and org::sleuthkit::datamodel::SleuthkitJNI.lookupInHashDatabaseVerbose().
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.lookupMD5Quick | ( | Content | content | ) | throws TskCoreException |
Perform a basic boolean lookup of the file's hash.
content |
TskCoreException |
Definition at line 892 of file HashDbManager.java.
References org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.handle, and org::sleuthkit::datamodel::SleuthkitJNI.lookupInHashDatabase().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.removePropertyChangeListener | ( | PropertyChangeListener | pcl | ) |
Removes a listener for the events defined in HashDb.Event.
Definition at line 800 of file HashDbManager.java.
|
private |
Definition at line 773 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addHashes(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbIndexer.doInBackground(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.HashDb(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.lookupMD5(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.lookupMD5Quick().
|
private |
Definition at line 774 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbIndexer.doInBackground(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.HashDb().
|
private |
Definition at line 778 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbIndexer.doInBackground(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbIndexer.done().
|
private |
Definition at line 777 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getKnownFilesType(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.HashDb().
|
private |
Definition at line 779 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbIndexer.done().
|
private |
Definition at line 775 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSearchDuringIngest().
|
private |
Definition at line 776 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSendIngestMessages().
Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.