Autopsy  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Static Public Member Functions | Private Member Functions | Static Private Attributes | List of all members
org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences Class Reference

Static Public Member Functions

static void addOrUpdateNodeData (final Case autopsyCase, Map< UniquePathKey, NodeData > nodeDataMap, AbstractFile newFile) throws TskCoreException, CentralRepoException
 
static AbstractFile getAbstractFileFromNode (Node node)
 
static BlackboardArtifact getBlackboardArtifactFromNode (Node node)
 
static List< AbstractFile > getCaseDbMatches (CorrelationAttributeInstance corAttr, Case openCase, AbstractFile file) throws NoCurrentCaseException, TskCoreException, CentralRepoException
 
static Map< UniquePathKey, NodeDatagetCorrelatedInstances (AbstractFile file, String deviceId, String dataSourceName, CorrelationAttributeInstance corAttr)
 
static Collection< CorrelationAttributeInstancegetCorrelationAttributeFromOsAccount (Node node, OsAccount osAccount)
 
static Collection< CorrelationAttributeInstancegetCorrelationAttributesFromNode (Node node, AbstractFile file)
 
static String getEarliestCaseDate () throws CentralRepoException
 
static String getPlaceholderUUID ()
 
static String makeDataSourceString (String caseUUID, String deviceId, String dataSourceName)
 
static void writeOtherOccurrencesToFileAsCSV (File destFile, AbstractFile abstractFile, Collection< CorrelationAttributeInstance > correlationAttList, String dataSourceName, String deviceId) throws IOException
 

Private Member Functions

 OtherOccurrences ()
 

Static Private Attributes

static final Logger logger = Logger.getLogger(OtherOccurrences.class.getName())
 
static final String UUID_PLACEHOLDER_STRING = "NoCorrelationAttributeInstance"
 

Detailed Description

Contains most of the methods for gathering data from the DB and CR for the OtherOccurrencesPanel.

Definition at line 67 of file OtherOccurrences.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.OtherOccurrences ( )
private

Definition at line 73 of file OtherOccurrences.java.

Member Function Documentation

static void org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.addOrUpdateNodeData ( final Case  autopsyCase,
Map< UniquePathKey, NodeData nodeDataMap,
AbstractFile  newFile 
) throws TskCoreException, CentralRepoException
static

Adds the file to the nodeDataMap map if it does not already exist

Parameters
autopsyCase
nodeDataMap
newFile
Exceptions
TskCoreException
CentralRepoException

Definition at line 350 of file OtherOccurrences.java.

References org.sleuthkit.autopsy.centralrepository.application.NodeData.getKnown().

Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances().

static AbstractFile org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getAbstractFileFromNode ( Node  node)
static

Get the associated AbstractFile from a node, if it exists.

Parameters
nodeThe node
Returns
The associated AbstractFile, or null

Definition at line 220 of file OtherOccurrences.java.

Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.isSupported().

static BlackboardArtifact org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getBlackboardArtifactFromNode ( Node  node)
static

Get the associated BlackboardArtifact from a node, if it exists.

Parameters
nodeThe node
Returns
The associated BlackboardArtifact, or null

Definition at line 199 of file OtherOccurrences.java.

Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelationAttributesFromNode(), and org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.isSupported().

static List<AbstractFile> org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCaseDbMatches ( CorrelationAttributeInstance  corAttr,
Case  openCase,
AbstractFile  file 
) throws NoCurrentCaseException, TskCoreException, CentralRepoException
static

Get all other abstract files in the current case with the same MD5 as the selected node.

Parameters
corAttrThe CorrelationAttribute containing the MD5 to search for
openCaseThe current case
fileThe current file.
Returns
List of matching AbstractFile objects
Exceptions
NoCurrentCaseException
TskCoreException
CentralRepoException

Definition at line 322 of file OtherOccurrences.java.

Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances().

static Map<UniquePathKey, NodeData> org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances ( AbstractFile  file,
String  deviceId,
String  dataSourceName,
CorrelationAttributeInstance  corAttr 
)
static

Query the central repo database (if enabled) and the case database to find all artifact instances correlated to the given central repository artifact. If the central repo is not enabled, this will only return files from the current case with matching MD5 hashes.

Parameters
fileThe current file.
deviceIdThe device ID for the current data source.
dataSourceNameThe name of the current data source.
corAttrCorrelationAttribute to query for
Returns
A collection of correlated artifact instances

Definition at line 255 of file OtherOccurrences.java.

References org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.addOrUpdateNodeData(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getArtifactInstancesByTypeValue(), org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCaseDbMatches(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationType(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationValue(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), org.sleuthkit.autopsy.casemodule.Case.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().

Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesPanel.SelectionWorker.doInBackground(), and org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.writeOtherOccurrencesToFileAsCSV().

static Collection<CorrelationAttributeInstance> org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelationAttributeFromOsAccount ( Node  node,
OsAccount  osAccount 
)
static
static Collection<CorrelationAttributeInstance> org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelationAttributesFromNode ( Node  node,
AbstractFile  file 
)
static
static String org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getEarliestCaseDate ( ) throws CentralRepoException
static

Gets the list of Eam Cases and determines the earliest case creation date. Sets the label to display the earliest date string to the user.

Definition at line 395 of file OtherOccurrences.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCases(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().

static String org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getPlaceholderUUID ( )
static
static String org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.makeDataSourceString ( String  caseUUID,
String  deviceId,
String  dataSourceName 
)
static

Create a unique string to be used as a key for deduping data sources as best as possible

Definition at line 387 of file OtherOccurrences.java.

static void org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.writeOtherOccurrencesToFileAsCSV ( File  destFile,
AbstractFile  abstractFile,
Collection< CorrelationAttributeInstance correlationAttList,
String  dataSourceName,
String  deviceId 
) throws IOException
static

Create a cvs file of occurrences for the given parameters.

Parameters
destFileOutput file for the csv data.
abstractFileSource file.
correlationAttListList of correclationAttributeInstances, should not be null.
dataSourceNameName of the data source.
deviceIdDevice id.
Exceptions
IOException

Definition at line 444 of file OtherOccurrences.java.

References org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances(), and org.sleuthkit.autopsy.centralrepository.application.NodeData.getCsvItemSeparator().

Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesPanel.CSVWorker.doInBackground().

Member Data Documentation

final Logger org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.logger = Logger.getLogger(OtherOccurrences.class.getName())
staticprivate

Definition at line 69 of file OtherOccurrences.java.

final String org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.UUID_PLACEHOLDER_STRING = "NoCorrelationAttributeInstance"
staticprivate

The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.