api-docs/4.14.0/_files_set_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2011-2018 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.modules.interestingitems;


 import java.io.Serializable;

 import java.util.ArrayList;

 import java.util.HashMap;

 import java.util.List;

 import java.util.Map;

 import java.util.UUID;

 import java.util.regex.Pattern;

 import org.openide.util.NbBundle;

 import org.sleuthkit.datamodel.AbstractFile;

 import org.sleuthkit.datamodel.TskData;


 public final class FilesSet implements Serializable {


     private static final long serialVersionUID = 1L;

     private final String name;

     private final String description;

     private final boolean ignoreKnownFiles;

     private final boolean ignoreUnallocatedSpace;

     private final Map<String, Rule> rules = new HashMap<>();


     public FilesSet(String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map<String, Rule> rules) {

         if ((name == null) || (name.isEmpty())) {

             throw new IllegalArgumentException("Interesting files set name cannot be null or empty");

         }

         this.name = name;

         this.description = (description != null ? description : "");

         this.ignoreKnownFiles = ignoreKnownFiles;

         this.ignoreUnallocatedSpace = ignoreUnallocatedSpace;

         if (rules != null) {

             this.rules.putAll(rules);

         }

     }


     public String getName() {

         return this.name;

     }


     public String getDescription() {

         return this.description;

     }


     public boolean ignoresKnownFiles() {

         return this.ignoreKnownFiles;

     }


     public boolean ingoresUnallocatedSpace() {

         return this.ignoreUnallocatedSpace;

     }


     public Map<String, Rule> getRules() {

         return new HashMap<>(this.rules);

     }


     public String fileIsMemberOf(AbstractFile file) {

         if ((this.ignoreKnownFiles) && (file.getKnown() == TskData.FileKnown.KNOWN)) {

             return null;

         }


         if ((this.ignoreUnallocatedSpace)

                 && (file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)

                 || file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK)

                 || file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS))) {

             return null;

         }


         for (Rule rule : rules.values()) {

             if (rule.isSatisfied(file)) {

                 return rule.getName();

             }

         }

         return null;

     }


     @Override

     public String toString() {

         // This override is designed to provide a display name for use with

         // javax.swing.DefaultListModel<E>.

         return this.name;

     }


     public final static class Rule implements Serializable {


         private static final long serialVersionUID = 1L;

         private final String uuid;

         private final String ruleName;

         private final FileNameCondition fileNameCondition;

         private final MetaTypeCondition metaTypeCondition;

         private final ParentPathCondition pathCondition;

         private final MimeTypeCondition mimeTypeCondition;

         private final FileSizeCondition fileSizeCondition;

         private final DateCondition dateCondition;

         private final List<FileAttributeCondition> conditions = new ArrayList<>();


         public Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition, ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition, FileSizeCondition fileSizeCondition, DateCondition dateCondition) {

             // since ruleName is optional, ruleUUID can be used to uniquely identify a rule.

             this.uuid = UUID.randomUUID().toString();

             if (metaTypeCondition == null) {

                 throw new IllegalArgumentException("Interesting files set rule meta-type condition cannot be null");

             }


             this.ruleName = ruleName;


             /*

              * The rules are evaluated in the order added. MetaType check is

              * fastest, so do it first

              */

             this.metaTypeCondition = metaTypeCondition;

             this.conditions.add(this.metaTypeCondition);


             this.fileSizeCondition = fileSizeCondition;

             if (this.fileSizeCondition != null) {

                 this.conditions.add(this.fileSizeCondition);

             }


             this.fileNameCondition = fileNameCondition;

             if (this.fileNameCondition != null) {

                 this.conditions.add(fileNameCondition);

             }


             this.mimeTypeCondition = mimeTypeCondition;

             if (this.mimeTypeCondition != null) {

                 this.conditions.add(mimeTypeCondition);

             }


             this.pathCondition = pathCondition;

             if (this.pathCondition != null) {

                 this.conditions.add(this.pathCondition);

             }

             this.dateCondition = dateCondition;

             if (this.dateCondition != null) {

                 this.conditions.add(this.dateCondition);

             }

         }


         public String getName() {

             return ruleName;

         }


         public FileNameCondition getFileNameCondition() {

             return this.fileNameCondition;

         }


         public MetaTypeCondition getMetaTypeCondition() {

             return this.metaTypeCondition;

         }


         public ParentPathCondition getPathCondition() {

             return this.pathCondition;

         }


         public DateCondition getDateCondition() {

             return this.dateCondition;

         }


         public boolean isSatisfied(AbstractFile file) {

             for (FileAttributeCondition condition : conditions) {

                 if (!condition.passes(file)) {

                     return false;

                 }

             }

             return true;

         }


         @NbBundle.Messages({

             "# {0} - daysIncluded",

             "FilesSet.rule.dateRule.toString=(modified within {0} day(s))"

         })

         @Override

         public String toString() {

             // This override is designed to provide a display name for use with

             // javax.swing.DefaultListModel<E>.

             if (fileNameCondition != null) {

                 return this.ruleName + " (" + fileNameCondition.getTextToMatch() + ")";

             } else if (this.pathCondition != null) {

                 return this.ruleName + " (" + pathCondition.getTextToMatch() + ")";

             } else if (this.mimeTypeCondition != null) {

                 return this.ruleName + " (" + mimeTypeCondition.getMimeType() + ")";

             } else if (this.fileSizeCondition != null) {

                 return this.ruleName + " (" + fileSizeCondition.getComparator().getSymbol() + " " + fileSizeCondition.getSizeValue()

                         + " " + fileSizeCondition.getUnit().getName() + ")";

             } else if (this.dateCondition != null) {

                 return this.ruleName + Bundle.FilesSet_rule_dateRule_toString(dateCondition.getDaysIncluded());

             } else {

                 return this.ruleName + " ()";

             }


         }


         public String getUuid() {

             return this.uuid;

         }


         public MimeTypeCondition getMimeTypeCondition() {

             return mimeTypeCondition;

         }


         public FileSizeCondition getFileSizeCondition() {

             return fileSizeCondition;

         }


         static interface FileAttributeCondition extends Serializable {


             boolean passes(AbstractFile file);

         }


         public static final class MimeTypeCondition implements FileAttributeCondition {


             private static final long serialVersionUID = 1L;

             private final String mimeType;


             public MimeTypeCondition(String mimeType) {

                 this.mimeType = mimeType;

             }


             @Override

             public boolean passes(AbstractFile file) {

                 return this.mimeType.equals(file.getMIMEType());

             }


             public String getMimeType() {

                 return this.mimeType;

             }


         }


         public static final class FileSizeCondition implements FileAttributeCondition {


             private static final long serialVersionUID = 1L;


             public static enum COMPARATOR {


                 LESS_THAN("<"),

                 LESS_THAN_EQUAL("≤"),

                 EQUAL("="),

                 GREATER_THAN(">"),

                 GREATER_THAN_EQUAL("≥");


                 private String symbol;


                 private COMPARATOR(String symbol) {

                     this.symbol = symbol;

                 }


                 public static COMPARATOR fromSymbol(String symbol) {

                     switch (symbol) {

                         case "<=":

                         case "≤":

                             return LESS_THAN_EQUAL;

                         case "<":

                             return LESS_THAN;

                         case "==":

                         case "=":

                             return EQUAL;

                         case ">":

                             return GREATER_THAN;

                         case ">=":

                         case "≥":

                             return GREATER_THAN_EQUAL;

                         default:

                             throw new IllegalArgumentException("Invalid symbol");

                     }

                 }


                 public String getSymbol() {

                     return symbol;

                 }

             }


             public static enum SIZE_UNIT {


                 BYTE(1, "Bytes"),

                 KILOBYTE(1024, "Kilobytes"),

                 MEGABYTE(1024 * 1024, "Megabytes"),

                 GIGABYTE(1024 * 1024 * 1024, "Gigabytes");

                 private long size;

                 private String name;


                 private SIZE_UNIT(long size, String name) {

                     this.size = size;

                     this.name = name;

                 }


                 public long getSize() {

                     return this.size;

                 }


                 public static SIZE_UNIT fromName(String name) {

                     for (SIZE_UNIT unit : SIZE_UNIT.values()) {

                         if (unit.getName().equals(name)) {

                             return unit;

                         }

                     }

                     throw new IllegalArgumentException("Invalid name for size unit.");

                 }


                 public String getName() {

                     return name;

                 }

             }

             private final COMPARATOR comparator;

             private final SIZE_UNIT unit;

             private final int sizeValue;


             public FileSizeCondition(COMPARATOR comparator, SIZE_UNIT unit, int sizeValue) {

                 this.comparator = comparator;

                 this.unit = unit;

                 this.sizeValue = sizeValue;

             }


             public COMPARATOR getComparator() {

                 return comparator;

             }


             public SIZE_UNIT getUnit() {

                 return unit;

             }


             public int getSizeValue() {

                 return sizeValue;

             }


             @Override

             public boolean passes(AbstractFile file) {

                 long fileSize = file.getSize();

                 long conditionSize = this.getUnit().getSize() * this.getSizeValue();

                 switch (this.getComparator()) {

                     case GREATER_THAN:

                         return fileSize > conditionSize;

                     case GREATER_THAN_EQUAL:

                         return fileSize >= conditionSize;

                     case LESS_THAN_EQUAL:

                         return fileSize <= conditionSize;

                     case LESS_THAN:

                         return fileSize < conditionSize;

                     default:

                         return fileSize == conditionSize;


                 }

             }


         }


         public static final class MetaTypeCondition implements FileAttributeCondition {


             private static final long serialVersionUID = 1L;


             public enum Type {


                 FILES,

                 DIRECTORIES,

                 FILES_AND_DIRECTORIES,

                 ALL

             }


             private final Type type;


             public MetaTypeCondition(Type type) {

                 this.type = type;

             }


             @Override

             public boolean passes(AbstractFile file) {

                 switch (this.type) {

                     case FILES:

                         return file.isFile();

                     case DIRECTORIES:

                         return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR

                                 || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR;

                     case FILES_AND_DIRECTORIES:

                         return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG

                                 || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR

                                 || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR;

                     case ALL:

                         return true;  //Effectively ignores the metatype condition when All is selected.

                     default:

                         return true;

                 }

             }


             public Type getMetaType() {

                 return this.type;

             }

         }


         static interface TextCondition extends FileAttributeCondition {


             String getTextToMatch();


             boolean isRegex();


             boolean textMatches(String textToMatch);


         }


         private static abstract class AbstractTextCondition implements TextCondition {


             /*

              * To ensure compatibility with existing serialized configuration

              * settings, this class cannot have a 'serialVersionUID'.

              */


             private final TextMatcher textMatcher;


             AbstractTextCondition(String text, Boolean partialMatch) {

                 if (partialMatch) {

                     this.textMatcher = new FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher(text);

                 } else {

                     this.textMatcher = new FilesSet.Rule.CaseInsensitiveStringComparisionMatcher(text);

                 }

             }


             AbstractTextCondition(Pattern regex) {

                 this.textMatcher = new FilesSet.Rule.RegexMatcher(regex);

             }


             AbstractTextCondition(List<String> values) {

                 this.textMatcher = new FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher(values);

             }


             @Override

             public String getTextToMatch() {

                 return this.textMatcher.getTextToMatch();

             }


             @Override

             public boolean isRegex() {

                 return this.textMatcher.isRegex();

             }


             @Override

             public boolean textMatches(String textToMatch) {

                 return this.textMatcher.textMatches(textToMatch);

             }


             @Override

             public abstract boolean passes(AbstractFile file);


         }


         public static final class ParentPathCondition extends AbstractTextCondition {


             private static final long serialVersionUID = 1L;


             public ParentPathCondition(String path) {

                 super(path, true);

             }


             public ParentPathCondition(Pattern path) {

                 super(path);

             }


             @Override

             public boolean passes(AbstractFile file) {

                 return this.textMatches(file.getParentPath() + "/");

             }


         }


         static interface FileNameCondition extends TextCondition {

         }


         public static final class FullNameCondition extends AbstractTextCondition implements FileNameCondition {


             private static final long serialVersionUID = 1L;


             public FullNameCondition(String name) {

                 super(name, false);

             }


             public FullNameCondition(Pattern name) {

                 super(name);

             }


             @Override

             public boolean passes(AbstractFile file) {

                 return this.textMatches(file.getName());

             }


         }


         public static final class DateCondition implements FileAttributeCondition {


             /*

              * To ensure compatibility with existing serialized configuration

              * settings, this class cannot have a 'serialVersionUID'.

              */


             private final static long SECS_PER_DAY = 60 * 60 * 24;


             private int daysIncluded;


             public DateCondition(int days) {

                 daysIncluded = days;

             }


             public int getDaysIncluded() {

                 return daysIncluded;

             }


             @Override

             public boolean passes(AbstractFile file) {

                 long dateThreshold = System.currentTimeMillis() / 1000 - daysIncluded * SECS_PER_DAY;

                 return file.getCrtime() > dateThreshold || file.getMtime() > dateThreshold;

             }


         }


         public static final class ExtensionCondition extends AbstractTextCondition implements FileNameCondition {


             private static final long serialVersionUID = 1L;


             public ExtensionCondition(String extension) {

                 // If there is a leading ".", strip it since

                 // AbstractFile.getFileNameExtension() returns just the

                 // extension chars and not the dot.

                 super(normalize(extension), false);

             }


             public ExtensionCondition(List<String> extensions) {

                 // If there is a leading "." in any list value, strip it since

                 // AbstractFile.getFileNameExtension() returns just the

                 // extension chars and not the dot.

                 super(normalize(extensions));

             }


             public ExtensionCondition(Pattern extension) {

                 super(extension);

             }


             @Override

             public boolean passes(AbstractFile file) {

                 return this.textMatches(file.getNameExtension());

             }


             private static List<String> normalize(List<String> extensions) {

                 List<String> values = new ArrayList<>(extensions);


                 for (int i=0; i < values.size(); i++) {

                     values.set(i, normalize(values.get(i)));

                 }


                 return values;

             }


             private static String normalize(String extension) {

                 return extension.startsWith(".") ? extension.substring(1) : extension;

             }


         }


         private static interface TextMatcher extends Serializable {


             String getTextToMatch();


             boolean isRegex();


             boolean textMatches(String subject);


         }


         private static class CaseInsensitiveStringComparisionMatcher implements TextMatcher {


             private static final long serialVersionUID = 1L;

             private final String textToMatch;


             CaseInsensitiveStringComparisionMatcher(String textToMatch) {

                 this.textToMatch = textToMatch;

             }


             @Override

             public String getTextToMatch() {

                 return this.textToMatch;

             }


             @Override

             public boolean isRegex() {

                 return false;

             }


             @Override

             public boolean textMatches(String subject) {

                 return subject.equalsIgnoreCase(textToMatch);

             }


         }


         private static class CaseInsensitivePartialStringComparisionMatcher implements TextMatcher {


             private static final long serialVersionUID = 1L;

             private final String textToMatch;

             private final Pattern pattern;


             CaseInsensitivePartialStringComparisionMatcher(String textToMatch) {

                 this.textToMatch = textToMatch;

                 this.pattern = Pattern.compile(Pattern.quote(textToMatch), Pattern.CASE_INSENSITIVE);

             }


             @Override

             public String getTextToMatch() {

                 return this.textToMatch;

             }


             @Override

             public boolean isRegex() {

                 return false;

             }


             @Override

             public boolean textMatches(String subject) {

                 return pattern.matcher(subject).find();

             }

         }


         private static class CaseInsensitiveMultiValueStringComparisionMatcher implements TextMatcher {


             private static final long serialVersionUID = 1L;

             private final List<String> valuesToMatch;


             CaseInsensitiveMultiValueStringComparisionMatcher(List<String> valuesToMatch) {

                 this.valuesToMatch = valuesToMatch;

             }


             @Override

             public String getTextToMatch() {

                 return String.join(",", this.valuesToMatch);

             }


             @Override

             public boolean isRegex() {

                 return false;

             }


             @Override

             public boolean textMatches(String subject) {

                 for (String value : valuesToMatch) {

                     if (value.equalsIgnoreCase(subject)) {

                         return true;

                     }

                 }

                 return false;

             }


         }


         private static class RegexMatcher implements TextMatcher {


             private static final long serialVersionUID = 1L;

             private final Pattern regex;


             RegexMatcher(Pattern regex) {

                 this.regex = regex;

             }


             @Override

             public String getTextToMatch() {

                 return this.regex.pattern();

             }


             @Override

             public boolean isRegex() {

                 return true;

             }


             @Override

             public boolean textMatches(String subject) {

                 // A single match is sufficient.

                 return this.regex.matcher(subject).find();

             }


         }


     }


 }

org.sleuthkit

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.fileIsMemberOf
String fileIsMemberOf(AbstractFile file)
Definition: FilesSet.java:132

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.ExtensionCondition
ExtensionCondition(Pattern extension)
Definition: FilesSet.java:857

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher
Definition: FilesSet.java:1045

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition.ParentPathCondition
ParentPathCondition(Pattern path)
Definition: FilesSet.java:723

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.symbol
String symbol
Definition: FilesSet.java:399

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.textToMatch
final String textToMatch
Definition: FilesSet.java:935

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.LESS_THAN_EQUAL
LESS_THAN_EQUAL
Definition: FilesSet.java:394

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.getTextToMatch
String getTextToMatch()
Definition: FilesSet.java:985

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT
Definition: FilesSet.java:436

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.passes
boolean passes(AbstractFile file)
Definition: FilesSet.java:508

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher.isRegex
boolean isRegex()

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.normalize
static String normalize(String extension)
Definition: FilesSet.java:890

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.DateCondition
DateCondition(int days)
Definition: FilesSet.java:797

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition
Definition: FilesSet.java:621

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.FileSizeCondition
FileSizeCondition(COMPARATOR comparator, SIZE_UNIT unit, int sizeValue)
Definition: FilesSet.java:474

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.getTextToMatch
String getTextToMatch()
Definition: FilesSet.java:1061

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.isRegex
boolean isRegex()
Definition: FilesSet.java:953

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher
Definition: FilesSet.java:967

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.textMatches
boolean textMatches(String textToMatch)
Definition: FilesSet.java:691

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher
Definition: FilesSet.java:932

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getMetaTypeCondition
MetaTypeCondition getMetaTypeCondition()
Definition: FilesSet.java:252

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type.FILES
FILES
Definition: FilesSet.java:539

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type
Definition: FilesSet.java:537

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.COMPARATOR
COMPARATOR(String symbol)
Definition: FilesSet.java:401

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition
Definition: FilesSet.java:384

org

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.MetaTypeCondition
MetaTypeCondition(Type type)
Definition: FilesSet.java:552

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.comparator
final COMPARATOR comparator
Definition: FilesSet.java:470

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.isRegex
boolean isRegex()
Definition: FilesSet.java:1066

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.GREATER_THAN_EQUAL
GREATER_THAN_EQUAL
Definition: FilesSet.java:397

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getPathCondition
ParentPathCondition getPathCondition()
Definition: FilesSet.java:261

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.FilesSet
FilesSet(String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map< String, Rule > rules)
Definition: FilesSet.java:61

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.passes
abstract boolean passes(AbstractFile file)

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher.textMatches
boolean textMatches(String subject)

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.fromName
static SIZE_UNIT fromName(String name)
Definition: FilesSet.java:454

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.pathCondition
final ParentPathCondition pathCondition
Definition: FilesSet.java:170

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getDateCondition
DateCondition getDateCondition()
Definition: FilesSet.java:265

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.regex
final Pattern regex
Definition: FilesSet.java:1048

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.LESS_THAN
LESS_THAN
Definition: FilesSet.java:393

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.passes
boolean passes(AbstractFile file)
Definition: FilesSet.java:557

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition.ParentPathCondition
ParentPathCondition(String path)
Definition: FilesSet.java:714

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.getSymbol
String getSymbol()
Definition: FilesSet.java:428

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.Rule
Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition, ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition, FileSizeCondition fileSizeCondition, DateCondition dateCondition)
Definition: FilesSet.java:188

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.metaTypeCondition
final MetaTypeCondition metaTypeCondition
Definition: FilesSet.java:169

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.getTextToMatch
String getTextToMatch()
Definition: FilesSet.java:667

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.unit
final SIZE_UNIT unit
Definition: FilesSet.java:471

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition
Definition: FilesSet.java:823

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition.passes
boolean passes(AbstractFile file)
Definition: FilesSet.java:728

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.EQUAL
EQUAL
Definition: FilesSet.java:395

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.textMatches
boolean textMatches(String subject)
Definition: FilesSet.java:995

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.mimeType
final String mimeType
Definition: FilesSet.java:353

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.MimeTypeCondition
MimeTypeCondition(String mimeType)
Definition: FilesSet.java:360

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.isRegex
boolean isRegex()
Definition: FilesSet.java:1026

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.GIGABYTE
GIGABYTE
Definition: FilesSet.java:441

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type.DIRECTORIES
DIRECTORIES
Definition: FilesSet.java:540

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.isSatisfied
boolean isSatisfied(AbstractFile file)
Definition: FilesSet.java:276

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ruleName
final String ruleName
Definition: FilesSet.java:167

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.isRegex
boolean isRegex()
Definition: FilesSet.java:990

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getName
String getName()
Definition: FilesSet.java:79

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getName
String getName()
Definition: FilesSet.java:234

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher.getTextToMatch
String getTextToMatch()

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.textMatcher
final TextMatcher textMatcher
Definition: FilesSet.java:628

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.getUnit
SIZE_UNIT getUnit()
Definition: FilesSet.java:494

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition
Definition: FilesSet.java:350

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition.FullNameCondition
FullNameCondition(Pattern name)
Definition: FilesSet.java:765

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.fileSizeCondition
final FileSizeCondition fileSizeCondition
Definition: FilesSet.java:172

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition
Definition: FilesSet.java:705

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition
Definition: FilesSet.java:747

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.getTextToMatch
String getTextToMatch()
Definition: FilesSet.java:948

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.serialVersionUID
static final long serialVersionUID
Definition: FilesSet.java:42

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition
Definition: FilesSet.java:780

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.getTextToMatch
String getTextToMatch()
Definition: FilesSet.java:1021

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.ExtensionCondition
ExtensionCondition(List< String > extensions)
Definition: FilesSet.java:844

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition.passes
boolean passes(AbstractFile file)
Definition: FilesSet.java:770

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.getName
String getName()
Definition: FilesSet.java:466

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getUuid
String getUuid()
Definition: FilesSet.java:313

org.sleuthkit.autopsy.modules.interestingitems.FilesSet
Definition: FilesSet.java:40

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.dateCondition
final DateCondition dateCondition
Definition: FilesSet.java:173

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.AbstractTextCondition.isRegex
boolean isRegex()
Definition: FilesSet.java:679

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.KILOBYTE
KILOBYTE
Definition: FilesSet.java:439

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreUnallocatedSpace
final boolean ignoreUnallocatedSpace
Definition: FilesSet.java:46

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.textToMatch
final String textToMatch
Definition: FilesSet.java:970

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.name
final String name
Definition: FilesSet.java:43

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.sizeValue
final int sizeValue
Definition: FilesSet.java:472

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveStringComparisionMatcher.textMatches
boolean textMatches(String subject)
Definition: FilesSet.java:958

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.uuid
final String uuid
Definition: FilesSet.java:166

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.valuesToMatch
final List< String > valuesToMatch
Definition: FilesSet.java:1007

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoreKnownFiles
final boolean ignoreKnownFiles
Definition: FilesSet.java:45

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.size
long size
Definition: FilesSet.java:442

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.getComparator
COMPARATOR getComparator()
Definition: FilesSet.java:485

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getDescription
String getDescription()
Definition: FilesSet.java:88

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getMimeTypeCondition
MimeTypeCondition getMimeTypeCondition()
Definition: FilesSet.java:320

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.passes
boolean passes(AbstractFile file)
Definition: FilesSet.java:862

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.SECS_PER_DAY
static final long SECS_PER_DAY
Definition: FilesSet.java:787

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.getRules
Map< String, Rule > getRules()
Definition: FilesSet.java:120

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.RegexMatcher.textMatches
boolean textMatches(String subject)
Definition: FilesSet.java:1071

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.getSizeValue
int getSizeValue()
Definition: FilesSet.java:503

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.SIZE_UNIT
SIZE_UNIT(long size, String name)
Definition: FilesSet.java:445

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.rules
final Map< String, Rule > rules
Definition: FilesSet.java:47

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.type
final Type type
Definition: FilesSet.java:545

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitivePartialStringComparisionMatcher.pattern
final Pattern pattern
Definition: FilesSet.java:971

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getFileSizeCondition
FileSizeCondition getFileSizeCondition()
Definition: FilesSet.java:327

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.Type.FILES_AND_DIRECTORIES
FILES_AND_DIRECTORIES
Definition: FilesSet.java:541

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ignoresKnownFiles
boolean ignoresKnownFiles()
Definition: FilesSet.java:101

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.passes
boolean passes(AbstractFile file)
Definition: FilesSet.java:811

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher
Definition: FilesSet.java:1004

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.TextMatcher
Definition: FilesSet.java:900

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.description
final String description
Definition: FilesSet.java:44

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.ExtensionCondition
ExtensionCondition(String extension)
Definition: FilesSet.java:832

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.daysIncluded
int daysIncluded
Definition: FilesSet.java:789

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition.getDaysIncluded
int getDaysIncluded()
Definition: FilesSet.java:806

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR
Definition: FilesSet.java:391

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.MEGABYTE
MEGABYTE
Definition: FilesSet.java:440

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ExtensionCondition.normalize
static List< String > normalize(List< String > extensions)
Definition: FilesSet.java:873

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule
Definition: FilesSet.java:163

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.passes
boolean passes(AbstractFile file)
Definition: FilesSet.java:365

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.getFileNameCondition
FileNameCondition getFileNameCondition()
Definition: FilesSet.java:243

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition.getMimeType
String getMimeType()
Definition: FilesSet.java:374

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.toString
String toString()
Definition: FilesSet.java:153

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FullNameCondition.FullNameCondition
FullNameCondition(String name)
Definition: FilesSet.java:756

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.getSize
long getSize()
Definition: FilesSet.java:450

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.ingoresUnallocatedSpace
boolean ingoresUnallocatedSpace()
Definition: FilesSet.java:111

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.fromSymbol
static COMPARATOR fromSymbol(String symbol)
Definition: FilesSet.java:405

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.conditions
final List< FileAttributeCondition > conditions
Definition: FilesSet.java:174

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition.getMetaType
Type getMetaType()
Definition: FilesSet.java:580

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.toString
String toString()
Definition: FilesSet.java:290

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.COMPARATOR.GREATER_THAN
GREATER_THAN
Definition: FilesSet.java:396

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition
Definition: FilesSet.java:533

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.mimeTypeCondition
final MimeTypeCondition mimeTypeCondition
Definition: FilesSet.java:171

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.fileNameCondition
final FileNameCondition fileNameCondition
Definition: FilesSet.java:168

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.name
String name
Definition: FilesSet.java:443

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition.SIZE_UNIT.BYTE
BYTE
Definition: FilesSet.java:438

org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.CaseInsensitiveMultiValueStringComparisionMatcher.textMatches
boolean textMatches(String subject)
Definition: FilesSet.java:1031