Autopsy
4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits PropertyChangeListener.
Classes | |
class | HashDb |
class | HashDbIndexer |
class | HashDbManagerException |
enum | SetEvt |
Public Member Functions | |
HashDb | addExistingHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
HashDb | addNewHashDatabase (String hashSetName, String path, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws HashDbManagerException |
synchronized void | addPropertyChangeListener (PropertyChangeListener listener) |
synchronized List< HashDb > | getAllHashSets () |
synchronized List< HashDb > | getKnownBadFileHashSets () |
synchronized List< HashDb > | getKnownFileHashSets () |
synchronized List< HashDb > | getUpdateableHashSets () |
synchronized void | loadLastSavedConfiguration () |
void | propertyChange (PropertyChangeEvent event) |
synchronized void | removeHashDatabase (HashDb hashDb) throws HashDbManagerException |
Static Public Member Functions | |
static synchronized HashDbManager | getInstance () |
Private Member Functions | |
HashDbManager () | |
HashDb | addHashDatabase (int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException |
void | closeHashDatabases (List< HashDb > hashDatabases) |
List< HashDb > | getUpdateableHashSets (List< HashDb > hashDbs) |
String | getValidFilePath (String hashSetName, String configuredPath) |
boolean | hashSetsConfigurationFileExists () |
boolean | readHashSetsConfigurationFromDisk () |
String | searchForFile () |
boolean | writeHashSetConfigurationToDisk () |
Static Private Member Functions | |
static void | writeHashDbsToDisk (Document doc, Element rootEl, List< HashDb > hashDbs) |
Private Attributes | |
final String | configFilePath = PlatformUtil.getUserConfigDirectory() + File.separator + CONFIG_FILE_NAME |
Set< String > | hashSetNames = new HashSet<>() |
Set< String > | hashSetPaths = new HashSet<>() |
List< HashDb > | knownBadHashSets = new ArrayList<>() |
List< HashDb > | knownHashSets = new ArrayList<>() |
Static Private Attributes | |
static final String | CONFIG_FILE_NAME = "hashsets.xml" |
static final String | ENCODING = "UTF-8" |
static final String | HASH_DATABASE_FILE_EXTENSON = "kdb" |
static HashDbManager | instance = null |
static final String | LEGACY_PATH_NUMBER_ATTRIBUTE = "number" |
static final Logger | logger = Logger.getLogger(HashDbManager.class.getName()) |
static final String | PATH_ELEMENT = "hash_set_path" |
static final String | ROOT_ELEMENT = "hash_sets" |
static final String | SEARCH_DURING_INGEST_ATTRIBUTE = "use_for_ingest" |
static final String | SEND_INGEST_MESSAGES_ATTRIBUTE = "show_inbox_messages" |
static final String | SET_ELEMENT = "hash_set" |
static final String | SET_NAME_ATTRIBUTE = "name" |
static final String | SET_TYPE_ATTRIBUTE = "type" |
static final String | XSD_FILE_NAME = "HashsetsSchema.xsd" |
This class implements a singleton that manages the set of hash databases used to classify files as unknown, known or known bad.
Definition at line 64 of file HashDbManager.java.
|
private |
Definition at line 111 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSetsConfigurationFileExists(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.readHashSetsConfigurationFromDisk().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addExistingHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds an existing hash database to the set of hash databases used to classify files as known or known bad and saves the configuration.
hashSetName | Name used to represent the hash database in user interface components. |
path | Full path to either a hash database file or a hash database index file. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 152 of file HashDbManager.java.
|
private |
Definition at line 282 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.SetEvt.DB_ADDED, org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.MessageType.ERROR, org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getDatabasePath(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getIndexPath(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getKnownFilesType(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN, and org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.show().
HashDb org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addNewHashDatabase | ( | String | hashSetName, |
String | path, | ||
boolean | searchDuringIngest, | ||
boolean | sendIngestMessages, | ||
HashDb.KnownFilesType | knownFilesType | ||
) | throws HashDbManagerException |
Adds a new hash database to the set of hash databases used to classify files as known or known bad and saves the configuration.
hashSetName | Hash set name used to represent the hash database in user interface components. |
path | Full path to the database file to be created. |
searchDuringIngest | A flag indicating whether or not the hash database should be searched during ingest. |
sendIngestMessages | A flag indicating whether hash set hit messages should be sent as ingest messages. |
knownFilesType | The classification to apply to files whose hashes are found in the hash database. |
HashDbManagerException |
Definition at line 223 of file HashDbManager.java.
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.addPropertyChangeListener | ( | PropertyChangeListener | listener | ) |
Definition at line 107 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.customizeComponents().
|
private |
Definition at line 498 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getAllHashSets | ( | ) |
Gets all of the hash databases used to classify files as known or known bad.
Definition at line 419 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.saveSettings().
|
static |
Gets the singleton instance of this class.
Definition at line 100 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.instance.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownBadFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known bad.
Definition at line 442 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getKnownFileHashSets | ( | ) |
Gets all of the hash databases used to classify files as known.
Definition at line 431 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleFactory.getDefaultIngestJobSettings(), org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.initializeHashSetModels(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbIngestModule.startUp(), and org.sleuthkit.autopsy.modules.hashdatabase.HashLookupModuleSettingsPanel.updateHashSetModels().
synchronized List<HashDb> org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getUpdateableHashSets | ( | ) |
Gets all of the hash databases that accept updates.
Definition at line 453 of file HashDbManager.java.
|
private |
Definition at line 459 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
|
private |
Definition at line 703 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.searchForFile().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.readHashSetsConfigurationFromDisk().
|
private |
Definition at line 556 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration | ( | ) |
Restores the last saved hash sets configuration. This supports cancellation of configuration panels.
Definition at line 487 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.closeHashDatabases(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.hashSetsConfigurationFileExists(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.readHashSetsConfigurationFromDisk().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.cancel().
void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.propertyChange | ( | PropertyChangeEvent | event | ) |
Definition at line 328 of file HashDbManager.java.
References org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getIndexPath(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.Event.INDEXING_DONE.
|
private |
Definition at line 561 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.KnownFilesType.KNOWN, org.sleuthkit.autopsy.coreutils.XMLUtil.loadDoc(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.writeHashSetConfigurationToDisk().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDbManager(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.loadLastSavedConfiguration().
synchronized void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.removeHashDatabase | ( | HashDb | hashDb | ) | throws HashDbManagerException |
Removes a hash database from the set of hash databases used to classify files as known or known bad and saves the configuration.
hashDb |
HashDbManagerException |
Definition at line 352 of file HashDbManager.java.
References org.sleuthkit.autopsy.ingest.IngestManager.getInstance(), and org.sleuthkit.autopsy.ingest.IngestManager.isIngestRunning().
|
private |
Definition at line 728 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getValidFilePath().
|
staticprivate |
Definition at line 528 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.writeHashSetConfigurationToDisk().
|
private |
Definition at line 509 of file HashDbManager.java.
References org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.coreutils.XMLUtil.saveDoc(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.writeHashDbsToDisk().
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.readHashSetsConfigurationFromDisk().
|
staticprivate |
Definition at line 74 of file HashDbManager.java.
|
private |
Definition at line 79 of file HashDbManager.java.
|
staticprivate |
Definition at line 76 of file HashDbManager.java.
|
staticprivate |
Definition at line 77 of file HashDbManager.java.
|
private |
Definition at line 82 of file HashDbManager.java.
|
private |
Definition at line 83 of file HashDbManager.java.
|
staticprivate |
Definition at line 78 of file HashDbManager.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.getInstance().
|
private |
Definition at line 81 of file HashDbManager.java.
|
private |
Definition at line 80 of file HashDbManager.java.
|
staticprivate |
Definition at line 73 of file HashDbManager.java.
|
staticprivate |
Definition at line 85 of file HashDbManager.java.
|
staticprivate |
Definition at line 72 of file HashDbManager.java.
|
staticprivate |
Definition at line 66 of file HashDbManager.java.
|
staticprivate |
Definition at line 70 of file HashDbManager.java.
|
staticprivate |
Definition at line 71 of file HashDbManager.java.
|
staticprivate |
Definition at line 67 of file HashDbManager.java.
|
staticprivate |
Definition at line 68 of file HashDbManager.java.
|
staticprivate |
Definition at line 69 of file HashDbManager.java.
|
staticprivate |
Definition at line 75 of file HashDbManager.java.
Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.