Autopsy  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor Class Reference

Classes

interface  ParseExceptionFunction
 
class  TsvColumn
 

Public Member Functions

 LeappFileProcessor (String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException
 
ProcessResult processFiles (Content dataSource, Path moduleOutputPath, AbstractFile LeappFile)
 
ProcessResult processFileSystem (Content dataSource, Path moduleOutputPath)
 

Private Member Functions

void configExtractor () throws IOException
 
BlackboardArtifact createArtifactWithAttributes (BlackboardArtifact.Type artType, Content dataSource, Collection< BlackboardAttribute > bbattributes)
 
void createCalllogRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException
 
void createContactRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException
 
void createCustomArtifacts (Blackboard blkBoard)
 
void createMessageRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException
 
void createRoute (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException
 
AbstractFile createTrackpoint (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName, String trackpointSegmentName, GeoTrackPoints pointList) throws IngestModuleException
 
AbstractFile findAbstractFile (Content dataSource, String fileNamePath)
 
List< String > findTsvFiles (Path LeappOutputDir) throws IngestModuleException
 
String formatValueBasedOnAttrType (TsvColumn colAttr, String value)
 
Account.Type getAccountType (String AccountTypeName)
 
void getArtifactNode (Document xmlinput)
 
BlackboardAttribute getAttribute (BlackboardAttribute.Type attrType, String value, String fileName)
 
void getAttributeNodes (Document xmlinput)
 
void getFileNode (Document xmlinput)
 
String getXmlAttrIdentifier (String fileName, String attributeName)
 
String getXmlFileIdentifier (String fileName)
 
void loadConfigFile () throws IngestModuleException
 
BlackboardAttribute parseAttrValue (String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter)
 
void processFile (File LeappFile, List< TsvColumn > attrList, String fileName, BlackboardArtifact.Type artifactType, List< BlackboardArtifact > bbartifacts, Content dataSource) throws FileNotFoundException, IOException, IngestModuleException, TskCoreException
 
void processLeappFiles (List< String > LeappFilesToProcess, AbstractFile LeappImageFile) throws FileNotFoundException, IOException, IngestModuleException
 
void processLeappFiles (List< String > LeappFilesToProcess, Content dataSource) throws IngestModuleException
 
Collection< BlackboardAttribute > processReadLine (List< String > lineValues, Map< String, Integer > columnIndexes, List< TsvColumn > attrList, String fileName, int lineNum) throws IngestModuleException
 

Private Attributes

final String moduleName
 
final Map< String, String > tsvFileArtifactComments
 
final Map< String, BlackboardArtifact.Type > tsvFileArtifacts
 
final Map< String, List< TsvColumn > > tsvFileAttributes
 
final Map< String, String > tsvFiles
 
final String xmlFile
 

Static Private Attributes

static final Map< String, String > ACCOUNT_RELATIONSHIPS
 
static final Set< String > ALLOWED_EXTENSIONS = new HashSet<>(Arrays.asList("zip", "tar", "tgz"))
 
static final Map< String, String > CUSTOM_ARTIFACT_MAP
 
static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName())
 
static final DateFormat TIMESTAMP_FORMAT = new SimpleDateFormat("yyyy-MM-d HH:mm:ss", US)
 

Detailed Description

Find and process output from Leapp program and bring into Autopsy

Definition at line 96 of file LeappFileProcessor.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor ( String  xmlFile,
String  moduleName 
) throws IOException, IngestModuleException, NoCurrentCaseException

Member Function Documentation

void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.configExtractor ( ) throws IOException
private
BlackboardArtifact org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createArtifactWithAttributes ( BlackboardArtifact.Type  artType,
Content  dataSource,
Collection< BlackboardAttribute >  bbattributes 
)
private

Generic method for creating a blackboard artifact with attributes

Parameters
artTypeThe artifact type.
dataSourceis the Content object that needs to have the artifact added for it
bbattributesis the collection of blackboard attributes that need to be added to the artifact after the artifact has been created
Returns
The newly-created artifact, or null on error

Definition at line 1220 of file LeappFileProcessor.java.

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().

void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship ( Collection< BlackboardAttribute >  bbattributes,
Content  dataSource,
String  fileName 
) throws IngestModuleException
private
void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship ( Collection< BlackboardAttribute >  bbattributes,
Content  dataSource,
String  fileName 
) throws IngestModuleException
private
void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCustomArtifacts ( Blackboard  blkBoard)
private

Create custom artifacts that are defined in the xLeapp xml file(s).

Definition at line 1305 of file LeappFileProcessor.java.

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().

void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship ( Collection< BlackboardAttribute >  bbattributes,
Content  dataSource,
String  fileName 
) throws IngestModuleException
private
void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createRoute ( Collection< BlackboardAttribute >  bbattributes,
Content  dataSource,
String  fileName 
) throws IngestModuleException
private
AbstractFile org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createTrackpoint ( Collection< BlackboardAttribute >  bbattributes,
Content  dataSource,
String  fileName,
String  trackpointSegmentName,
GeoTrackPoints  pointList 
) throws IngestModuleException
private
AbstractFile org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile ( Content  dataSource,
String  fileNamePath 
)
private
List<String> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findTsvFiles ( Path  LeappOutputDir) throws IngestModuleException
private

Find the tsv files in the Leapp output directory and match them to files we know we want to process and return the list to process those files.

Definition at line 251 of file LeappFileProcessor.java.

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().

String org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.formatValueBasedOnAttrType ( TsvColumn  colAttr,
String  value 
)
private

Check type of attribute and possibly format string based on it.

Parameters
colAttrColumn Attribute information
valuestring to be formatted
Returns
formatted string based on attribute type if no attribute type found then return original string

Definition at line 956 of file LeappFileProcessor.java.

References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain().

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().

Account.Type org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAccountType ( String  AccountTypeName)
private
void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode ( Document  xmlinput)
private
BlackboardAttribute org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttribute ( BlackboardAttribute.Type  attrType,
String  value,
String  fileName 
)
private

Gets an appropriate attribute based on the attribute type and string value.

Parameters
attrTypeThe attribute type.
valueThe string value to be converted to the appropriate data type for the attribute type.
fileNameThe file name that the value comes from.
Returns
The generated blackboard attribute.

Definition at line 979 of file LeappFileProcessor.java.

References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.parseAttrValue().

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().

void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttributeNodes ( Document  xmlinput)
private
void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getFileNode ( Document  xmlinput)
private
String org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlAttrIdentifier ( String  fileName,
String  attributeName 
)
private
String org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlFileIdentifier ( String  fileName)
private
void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile ( ) throws IngestModuleException
private
BlackboardAttribute org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.parseAttrValue ( String  value,
BlackboardAttribute.Type  attrType,
String  fileName,
boolean  blankIsNull,
boolean  zeroIsNull,
ParseExceptionFunction  valueConverter 
)
private

Runs parsing function on string value to convert to right data type and generates a blackboard attribute for that converted data type.

Parameters
valueThe string value.
attrTypeThe blackboard attribute type.
fileNameThe name of the file from which the value comes.
blankIsNullIf string is blank return null attribute.
zeroIsNullIf string is some version of 0, return null attribute.
valueConverterThe means of converting the string value to an appropriate blackboard attribute.
Returns
The generated blackboard attribute or null if not determined.

Definition at line 1045 of file LeappFileProcessor.java.

References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.ParseExceptionFunction.apply().

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttribute().

void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile ( File  LeappFile,
List< TsvColumn attrList,
String  fileName,
BlackboardArtifact.Type  artifactType,
List< BlackboardArtifact >  bbartifacts,
Content  dataSource 
) throws FileNotFoundException, IOException, IngestModuleException, TskCoreException
private
ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles ( Content  dataSource,
Path  moduleOutputPath,
AbstractFile  LeappFile 
)
ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem ( Content  dataSource,
Path  moduleOutputPath 
)
void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles ( List< String >  LeappFilesToProcess,
AbstractFile  LeappImageFile 
) throws FileNotFoundException, IOException, IngestModuleException
private

Process the Leapp files that were found that match the xml mapping file

Parameters
LeappFilesToProcessList of files to process
LeappImageFileAbstract file to create artifact for
Exceptions
FileNotFoundException
IOException

Definition at line 283 of file LeappFileProcessor.java.

References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts.

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().

void org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles ( List< String >  LeappFilesToProcess,
Content  dataSource 
) throws IngestModuleException
private

Process the Leapp files that were found that match the xml mapping file

Parameters
LeappFilesToProcessList of files to process
dataSourceThe data source.
Exceptions
FileNotFoundException
IOException

Definition at line 316 of file LeappFileProcessor.java.

References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts.

Collection<BlackboardAttribute> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine ( List< String >  lineValues,
Map< String, Integer >  columnIndexes,
List< TsvColumn attrList,
String  fileName,
int  lineNum 
) throws IngestModuleException
private

Process the line read and create the necessary attributes for it.

Parameters
lineValuesList of column values.
columnIndexesMapping of column headers (trimmed; to lower case) to column index. All header columns and only all header columns should be present.
attrListThe list of attributes as specified for the schema of this file.
fileNameThe name of the file being processed.
lineNumThe line number in the file.
Returns
The collection of blackboard attributes for the artifact created from this line.
Exceptions
IngestModuleException

Definition at line 899 of file LeappFileProcessor.java.

References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.formatValueBasedOnAttrType(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttribute().

Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().

Member Data Documentation

final Map<String, String> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.ACCOUNT_RELATIONSHIPS
staticprivate

Definition at line 157 of file LeappFileProcessor.java.

final Set<String> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.ALLOWED_EXTENSIONS = new HashSet<>(Arrays.asList("zip", "tar", "tgz"))
staticprivate

Definition at line 1265 of file LeappFileProcessor.java.

final Map<String, String> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.CUSTOM_ARTIFACT_MAP
staticprivate
Initial value:
= ImmutableMap.<String, String>builder()
.put("TSK_IP_DHCP", "DHCP Information")
.build()

Definition at line 153 of file LeappFileProcessor.java.

final Logger org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.logger = Logger.getLogger(LeappFileProcessor.class.getName())
staticprivate

Definition at line 144 of file LeappFileProcessor.java.

final String org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName
private
final DateFormat org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.TIMESTAMP_FORMAT = new SimpleDateFormat("yyyy-MM-d HH:mm:ss", US)
staticprivate

The format of time stamps in tsv.

Definition at line 967 of file LeappFileProcessor.java.

final Map<String, String> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifactComments
private

Definition at line 150 of file LeappFileProcessor.java.

final Map<String, BlackboardArtifact.Type> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts
private
final Map<String, List<TsvColumn> > org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileAttributes
private

Definition at line 151 of file LeappFileProcessor.java.

final Map<String, String> org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFiles
private

Definition at line 148 of file LeappFileProcessor.java.

final String org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.xmlFile
private

The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.