|
Autopsy
4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Static Public Member Functions | |
| static void | addOrUpdateNodeData (final Case autopsyCase, Map< UniquePathKey, NodeData > nodeDataMap, AbstractFile newFile) throws TskCoreException, CentralRepoException |
| static AbstractFile | getAbstractFileFromNode (Node node) |
| static BlackboardArtifact | getBlackboardArtifactFromNode (Node node) |
| static List< AbstractFile > | getCaseDbMatches (CorrelationAttributeInstance corAttr, Case openCase, AbstractFile file) throws NoCurrentCaseException, TskCoreException, CentralRepoException |
| static Map< UniquePathKey, NodeData > | getCorrelatedInstances (AbstractFile file, String deviceId, String dataSourceName, CorrelationAttributeInstance corAttr) |
| static Collection< CorrelationAttributeInstance > | getCorrelationAttributeFromOsAccount (Node node, OsAccount osAccount) |
| static Collection< CorrelationAttributeInstance > | getCorrelationAttributesFromNode (Node node, AbstractFile file) |
| static String | getEarliestCaseDate () throws CentralRepoException |
| static String | getPlaceholderUUID () |
| static String | makeDataSourceString (String caseUUID, String deviceId, String dataSourceName) |
| static void | writeOtherOccurrencesToFileAsCSV (File destFile, AbstractFile abstractFile, Collection< CorrelationAttributeInstance > correlationAttList, String dataSourceName, String deviceId) throws IOException |
Private Member Functions | |
| OtherOccurrences () | |
Static Private Attributes | |
| static final Logger | logger = Logger.getLogger(OtherOccurrences.class.getName()) |
| static final String | UUID_PLACEHOLDER_STRING = "NoCorrelationAttributeInstance" |
Contains most of the methods for gathering data from the DB and CR for the OtherOccurrencesPanel.
Definition at line 67 of file OtherOccurrences.java.
|
private |
Definition at line 73 of file OtherOccurrences.java.
|
static |
Adds the file to the nodeDataMap map if it does not already exist
| autopsyCase | |
| nodeDataMap | |
| newFile |
| TskCoreException | |
| CentralRepoException |
Definition at line 350 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.application.NodeData.getKnown().
Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances().
|
static |
Get the associated AbstractFile from a node, if it exists.
| node | The node |
Definition at line 220 of file OtherOccurrences.java.
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.isSupported().
|
static |
Get the associated BlackboardArtifact from a node, if it exists.
| node | The node |
Definition at line 199 of file OtherOccurrences.java.
Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelationAttributesFromNode(), and org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.isSupported().
|
static |
Get all other abstract files in the current case with the same MD5 as the selected node.
| corAttr | The CorrelationAttribute containing the MD5 to search for |
| openCase | The current case |
| file | The current file. |
| NoCurrentCaseException | |
| TskCoreException | |
| CentralRepoException |
Definition at line 322 of file OtherOccurrences.java.
Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances().
|
static |
Query the central repo database (if enabled) and the case database to find all artifact instances correlated to the given central repository artifact. If the central repo is not enabled, this will only return files from the current case with matching MD5 hashes.
| file | The current file. |
| deviceId | The device ID for the current data source. |
| dataSourceName | The name of the current data source. |
| corAttr | CorrelationAttribute to query for |
Definition at line 255 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.addOrUpdateNodeData(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getArtifactInstancesByTypeValue(), org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCaseDbMatches(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationType(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getCorrelationValue(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), org.sleuthkit.autopsy.casemodule.Case.getName(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesPanel.SelectionWorker.doInBackground(), and org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.writeOtherOccurrencesToFileAsCSV().
|
static |
Determine what attributes can be used for correlation based on the node.
| node | The node to correlate |
| osAccount | the osAccount to correlate |
Definition at line 84 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.OSACCOUNT_TYPE_ID.
|
static |
Determine what attributes can be used for correlation based on the node. If EamDB is not enabled, get the default Files correlation.
| node | The node to correlate. |
| file | The file to correlate. |
Definition at line 130 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getBlackboardArtifactFromNode(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCase(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.getDefaultCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil.makeCorrAttrsForCorrelation().
|
static |
Gets the list of Eam Cases and determines the earliest case creation date. Sets the label to display the earliest date string to the user.
Definition at line 395 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCases(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled().
|
static |
Get a placeholder string to use in place of case uuid when it isn't available
Definition at line 475 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.UUID_PLACEHOLDER_STRING.
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesFilesTableModel.createNodeKey(), and org.sleuthkit.autopsy.centralrepository.application.UniquePathKey.UniquePathKey().
|
static |
Create a unique string to be used as a key for deduping data sources as best as possible
Definition at line 387 of file OtherOccurrences.java.
|
static |
Create a cvs file of occurrences for the given parameters.
| destFile | Output file for the csv data. |
| abstractFile | Source file. |
| correlationAttList | List of correclationAttributeInstances, should not be null. |
| dataSourceName | Name of the data source. |
| deviceId | Device id. |
| IOException |
Definition at line 444 of file OtherOccurrences.java.
References org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getCorrelatedInstances(), and org.sleuthkit.autopsy.centralrepository.application.NodeData.getCsvItemSeparator().
Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.OtherOccurrencesPanel.CSVWorker.doInBackground().
|
staticprivate |
Definition at line 69 of file OtherOccurrences.java.
|
staticprivate |
Definition at line 71 of file OtherOccurrences.java.
Referenced by org.sleuthkit.autopsy.centralrepository.application.OtherOccurrences.getPlaceholderUUID().
Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.