Autopsy
3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | EventTransaction |
class | MultipleTransactionException |
Public Member Functions | |
void | finalize () throws Throwable |
Interval | getSpanningInterval (Collection< Long > eventIDs) |
Static Public Member Functions | |
static EventDB | getEventDB (String dbPath) |
Private Member Functions | |
EventDB (String dbPath) throws SQLException, Exception | |
void | closeStatements () throws SQLException |
void | configureDB () throws SQLException |
TimeLineEvent | constructTimeLineEvent (ResultSet rs) throws SQLException |
Map< EventType, Long > | countEvents (Long startTime, Long endTime, Filter filter, EventTypeZoomLevel zoomLevel) |
List< AggregateEvent > | getAggregatedEvents (Interval timeRange, Filter filter, EventTypeZoomLevel zoomLevel, DescriptionLOD lod) |
long | getDBInfo (String key, long defaultValue) |
String | getDescriptionColumn (DescriptionLOD lod) |
String | getStrfTimeFormat (TimeUnits info) |
PreparedStatement | prepareStatement (String queryString) throws SQLException |
void | recordDBInfo (String key, long value) |
Static Private Member Functions | |
static String | getSQLWhere (Filter filter) |
static String | getSQLWhere (HideKnownFilter filter) |
static String | getSQLWhere (TextFilter filter) |
static String | getSQLWhere (TypeFilter filter) |
Private Attributes | |
volatile Connection | con |
final String | dbPath |
PreparedStatement | getDBInfoStmt |
PreparedStatement | getEventByIDStmt |
PreparedStatement | getMaxTimeStmt |
PreparedStatement | getMinTimeStmt |
PreparedStatement | insertRowStmt |
final Set< PreparedStatement > | preparedStatements = new HashSet<>() |
PreparedStatement | recordDBInfoStmt |
final ReentrantReadWriteLock | rwLock = new ReentrantReadWriteLock(true) |
final Lock | DBLock = rwLock.writeLock() |
Static Private Attributes | |
static final String | ARTIFACT_ID_COLUMN = "artifact_id" |
static final String | BASE_TYPE_COLUMN = "base_type" |
static final String | EVENT_ID_COLUMN = "event_id" |
static final String | FILE_ID_COLUMN = "file_id" |
static final String | FULL_DESCRIPTION_COLUMN = "full_description" |
static final String | KNOWN_COLUMN = "known_state" |
static final String | LAST_ARTIFACT_ID_KEY = "last_artifact_id" |
static final String | LAST_OBJECT_ID_KEY = "last_object_id" |
static final java.util.logging.Logger | LOGGER = Logger.getLogger(EventDB.class.getName()) |
static final String | MED_DESCRIPTION_COLUMN = "med_description" |
static final String | SHORT_DESCRIPTION_COLUMN = "short_description" |
static final String | SUB_TYPE_COLUMN = "sub_type" |
static final String | TIME_COLUMN = "time" |
static final String | WAS_INGEST_RUNNING_KEY = "was_ingest_running" |
This class provides access to the Timeline SQLite database. This class borrows a lot of ideas and techniques from SleuthkitCase, Creating an abstract base class for sqlite databases, or using a higherlevel persistence api may make sense in the future.
Definition at line 80 of file EventDB.java.
|
private |
Definition at line 256 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.db.EventDB.dbPath.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.getEventDB().
|
private |
Definition at line 722 of file EventDB.java.
|
private |
Definition at line 728 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.db.EventDB.LOGGER.
|
private |
Definition at line 757 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.type.EventType.allTypes, and org::sleuthkit::datamodel::TskData::FileKnown.valueOf().
|
private |
count all the events with the given options and return a map organizing the counts in a hierarchy from date > eventtype> count
startTime | events before this time will be excluded (seconds from unix epoch) |
endTime | events at or after this time will be excluded (seconds from unix epoch) |
filter | only events that pass this filter will be counted |
zoomLevel | only events of this type or a subtype will be counted and the counts will be organized into bins for each of the subtypes of the given event type |
Definition at line 787 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.type.EventType.allTypes, org.sleuthkit.autopsy.timeline.events.db.EventDB.BASE_TYPE_COLUMN, org.sleuthkit.autopsy.timeline.events.db.EventDB.LOGGER, and org.sleuthkit.autopsy.timeline.zooming.EventTypeZoomLevel.SUB_TYPE.
void org.sleuthkit.autopsy.timeline.events.db.EventDB.finalize | ( | ) | throws Throwable |
Definition at line 262 of file EventDB.java.
|
private |
//TODO: update javadoc //TODO: split this into helper methods
get a list of AggregateEvents.
General algorithm is as follows:
timeRange | the Interval within in which all returned aggregate events will be. |
filter | only events that pass the filter will be included in aggregates events returned |
zoomLevel | only events of this level will be included |
lod | description level of detail to use when grouping events |
Definition at line 858 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.type.EventType.allTypes, org.sleuthkit.autopsy.timeline.events.db.EventDB.BASE_TYPE_COLUMN, org.sleuthkit.autopsy.timeline.events.AggregateEvent.getDescription(), org.sleuthkit.autopsy.timeline.events.db.EventDB.getDescriptionColumn(), org.sleuthkit.autopsy.timeline.TimeLineController.getJodaTimeZone(), org.sleuthkit.autopsy.timeline.zooming.TimeUnits.getPeriod(), org.sleuthkit.autopsy.timeline.utils.RangeDivisionInfo.getPeriodSize(), org.sleuthkit.autopsy.timeline.utils.RangeDivisionInfo.getRangeDivisionInfo(), org.sleuthkit.autopsy.timeline.events.AggregateEvent.getSpan(), org.sleuthkit.autopsy.timeline.events.db.EventDB.getStrfTimeFormat(), org.sleuthkit.autopsy.timeline.TimeLineController.getTimeZone(), org.sleuthkit.autopsy.timeline.events.AggregateEvent.merge(), and org.sleuthkit.autopsy.timeline.zooming.EventTypeZoomLevel.SUB_TYPE.
|
private |
Definition at line 962 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.db.EventDB.LOGGER.
|
private |
Definition at line 985 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.db.EventDB.FULL_DESCRIPTION_COLUMN, org.sleuthkit.autopsy.timeline.events.db.EventDB.MED_DESCRIPTION_COLUMN, and org.sleuthkit.autopsy.timeline.events.db.EventDB.SHORT_DESCRIPTION_COLUMN.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.getAggregatedEvents().
|
static |
public factory method. Creates and opens a connection to a database at the given path. If a database does not already exist at that path, one is created.
dbPath |
Definition at line 129 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.db.EventDB.EventDB(), and org.sleuthkit.autopsy.timeline.events.db.EventDB.LOGGER.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventsRepository.EventsRepository().
Interval org.sleuthkit.autopsy.timeline.events.db.EventDB.getSpanningInterval | ( | Collection< Long > | eventIDs | ) |
Definition at line 270 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.db.EventDB.LOGGER.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventsRepository.getSpanningInterval().
|
staticprivate |
Definition at line 169 of file EventDB.java.
|
staticprivate |
Definition at line 193 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.filters.AbstractFilter.isActive(), and org::sleuthkit::datamodel::TskData::FileKnown.KNOWN.
|
staticprivate |
Definition at line 199 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.filters.TextFilter.getText(), and org.sleuthkit.autopsy.timeline.filters.AbstractFilter.isActive().
|
staticprivate |
generate a sql where clause for the given type filter, while trying to be as simple as possible to improve performance.
filter |
Definition at line 221 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.filters.TypeFilter.getEventType(), org.sleuthkit.autopsy.timeline.filters.CompoundFilter.getSubFilters(), org.sleuthkit.autopsy.timeline.filters.AbstractFilter.isActive(), and org.sleuthkit.autopsy.timeline.filters.Filter.isActive().
|
private |
Definition at line 997 of file EventDB.java.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.getAggregatedEvents().
|
private |
Definition at line 1016 of file EventDB.java.
|
private |
Definition at line 1022 of file EventDB.java.
References org.sleuthkit.autopsy.timeline.events.db.EventDB.LOGGER.
|
staticprivate |
Definition at line 82 of file EventDB.java.
|
staticprivate |
Definition at line 84 of file EventDB.java.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.countEvents(), and org.sleuthkit.autopsy.timeline.events.db.EventDB.getAggregatedEvents().
|
private |
Definition at line 234 of file EventDB.java.
|
private |
Definition at line 254 of file EventDB.java.
|
private |
Definition at line 236 of file EventDB.java.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.EventDB().
|
staticprivate |
Definition at line 86 of file EventDB.java.
|
staticprivate |
Definition at line 89 of file EventDB.java.
|
staticprivate |
Definition at line 91 of file EventDB.java.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.getDescriptionColumn().
|
private |
Definition at line 238 of file EventDB.java.
|
private |
Definition at line 240 of file EventDB.java.
|
private |
Definition at line 242 of file EventDB.java.
|
private |
Definition at line 244 of file EventDB.java.
|
private |
Definition at line 246 of file EventDB.java.
|
staticprivate |
Definition at line 93 of file EventDB.java.
|
staticprivate |
Definition at line 95 of file EventDB.java.
|
staticprivate |
Definition at line 97 of file EventDB.java.
|
staticprivate |
Definition at line 99 of file EventDB.java.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.EventTransaction.close(), org.sleuthkit.autopsy.timeline.events.db.EventDB.EventTransaction.commit(), org.sleuthkit.autopsy.timeline.events.db.EventDB.configureDB(), org.sleuthkit.autopsy.timeline.events.db.EventDB.countEvents(), org.sleuthkit.autopsy.timeline.events.db.EventDB.EventTransaction.EventTransaction(), org.sleuthkit.autopsy.timeline.events.db.EventDB.getDBInfo(), org.sleuthkit.autopsy.timeline.events.db.EventDB.getEventDB(), org.sleuthkit.autopsy.timeline.events.db.EventDB.getSpanningInterval(), org.sleuthkit.autopsy.timeline.events.db.EventDB.recordDBInfo(), and org.sleuthkit.autopsy.timeline.events.db.EventDB.EventTransaction.rollback().
|
staticprivate |
Definition at line 101 of file EventDB.java.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.getDescriptionColumn().
|
private |
Definition at line 248 of file EventDB.java.
|
private |
Definition at line 250 of file EventDB.java.
|
private |
Definition at line 252 of file EventDB.java.
|
staticprivate |
Definition at line 103 of file EventDB.java.
Referenced by org.sleuthkit.autopsy.timeline.events.db.EventDB.getDescriptionColumn().
|
staticprivate |
Definition at line 105 of file EventDB.java.
|
staticprivate |
Definition at line 107 of file EventDB.java.
|
staticprivate |
Definition at line 109 of file EventDB.java.
Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.