Autopsy  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Attributes | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.datamodel.KeywordHits Class Reference

Inherits org.sleuthkit.autopsy.datamodel.AutopsyVisitableItem.

Classes

class  DetachableObserverChildFactory
 
class  HitsFactory
 
class  KeywordResults
 
class  KWHitsNodeBase
 
class  ListFactory
 
class  ListNode
 
class  RegExpInstanceNode
 
class  RegExpInstancesFactory
 
class  RootNode
 
class  TermFactory
 
class  TermNode
 

Public Member Functions

 KeywordHits (SleuthkitCase skCase, long objId)
 

Static Public Attributes

static final String NAME = BlackboardArtifact.Type.TSK_KEYWORD_HIT.getTypeName()
 

Private Member Functions

BlackboardArtifactNode createBlackboardArtifactNode (AnalysisResult art)
 

Static Private Member Functions

static boolean isOnlyDefaultInstance (List< String > instances)
 

Private Attributes

final long filteringDSObjId
 
final KeywordResults keywordResults
 
SleuthkitCase skCase
 

Static Private Attributes

static final String DEFAULT_INSTANCE_NAME = "DEFAULT_INSTANCE_NAME"
 
static final Set< IngestManager.IngestJobEvent > INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED)
 
static final Set< IngestManager.IngestModuleEvent > INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestModuleEvent.DATA_ADDED)
 
static final String KEYWORD_HIT_ATTRIBUTES_QUERY
 
static final String KEYWORD_HITS = KeywordHits_kwHits_text()
 
static final Logger logger = Logger.getLogger(KeywordHits.class.getName())
 
static final String SIMPLE_LITERAL_SEARCH = KeywordHits_simpleLiteralSearch_text()
 
static final String SIMPLE_REGEX_SEARCH = KeywordHits_singleRegexSearch_text()
 

Detailed Description

Keyword hits node support

Definition at line 67 of file KeywordHits.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHits ( SleuthkitCase  skCase,
long  objId 
)

Constructor

Parameters
skCaseCase DB
objIdObject id of the data source

Definition at line 128 of file KeywordHits.java.

References org.sleuthkit.autopsy.datamodel.KeywordHits.skCase.

Member Function Documentation

BlackboardArtifactNode org.sleuthkit.autopsy.datamodel.KeywordHits.createBlackboardArtifactNode ( AnalysisResult  art)
private

Create a blackboard node for the given Keyword Hit artifact

Parameters
art
Returns
Node or null on error

Definition at line 867 of file KeywordHits.java.

References org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.addNodeProperty(), and org.sleuthkit.autopsy.coreutils.TimeZoneUtils.getFormattedTime().

Referenced by org.sleuthkit.autopsy.datamodel.KeywordHits.HitsFactory.createNodeForKey().

static boolean org.sleuthkit.autopsy.datamodel.KeywordHits.isOnlyDefaultInstance ( List< String >  instances)
staticprivate

Definition at line 108 of file KeywordHits.java.

Member Data Documentation

final String org.sleuthkit.autopsy.datamodel.KeywordHits.DEFAULT_INSTANCE_NAME = "DEFAULT_INSTANCE_NAME"
staticprivate

String used in the instance MAP so that exact matches and substring can fit into the same data structure as regexps, even though they don't use instances.

Definition at line 90 of file KeywordHits.java.

final long org.sleuthkit.autopsy.datamodel.KeywordHits.filteringDSObjId
private
final Set<IngestManager.IngestJobEvent> org.sleuthkit.autopsy.datamodel.KeywordHits.INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED)
staticprivate
final Set<IngestManager.IngestModuleEvent> org.sleuthkit.autopsy.datamodel.KeywordHits.INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestModuleEvent.DATA_ADDED)
staticprivate
final String org.sleuthkit.autopsy.datamodel.KeywordHits.KEYWORD_HIT_ATTRIBUTES_QUERY
staticprivate
Initial value:
= "SELECT blackboard_attributes.value_text, "
+ "blackboard_attributes.value_int32, "
+ "blackboard_artifacts.artifact_obj_id, "
+ "blackboard_attributes.attribute_type_id "
+ "FROM blackboard_attributes, blackboard_artifacts "
+ "WHERE blackboard_attributes.artifact_id = blackboard_artifacts.artifact_id "
+ " AND blackboard_artifacts.artifact_type_id = " + BlackboardArtifact.Type.TSK_KEYWORD_HIT.getTypeID()
+ " AND (attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()
+ " OR attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID()
+ " OR attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE.getTypeID()
+ " OR attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID()
+ ")"

query attributes table for the ones that we need for the tree

Definition at line 95 of file KeywordHits.java.

Referenced by org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordResults.update().

final String org.sleuthkit.autopsy.datamodel.KeywordHits.KEYWORD_HITS = KeywordHits_kwHits_text()
staticprivate
final KeywordResults org.sleuthkit.autopsy.datamodel.KeywordHits.keywordResults
private

Definition at line 82 of file KeywordHits.java.

final Logger org.sleuthkit.autopsy.datamodel.KeywordHits.logger = Logger.getLogger(KeywordHits.class.getName())
staticprivate

Definition at line 69 of file KeywordHits.java.

final String org.sleuthkit.autopsy.datamodel.KeywordHits.NAME = BlackboardArtifact.Type.TSK_KEYWORD_HIT.getTypeName()
static

Definition at line 79 of file KeywordHits.java.

final String org.sleuthkit.autopsy.datamodel.KeywordHits.SIMPLE_LITERAL_SEARCH = KeywordHits_simpleLiteralSearch_text()
staticprivate

Definition at line 75 of file KeywordHits.java.

final String org.sleuthkit.autopsy.datamodel.KeywordHits.SIMPLE_REGEX_SEARCH = KeywordHits_singleRegexSearch_text()
staticprivate

Definition at line 77 of file KeywordHits.java.

SleuthkitCase org.sleuthkit.autopsy.datamodel.KeywordHits.skCase
private

The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.