Autopsy  4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults Class Reference

Public Member Functions

Map< String, Map< String, CommonAttributeValueList > > getMetadata ()
 

Private Member Functions

Map< String, CommonAttributeValueListcreateTreeForCase (Map< String, CommonAttributeValue > valuesToKeepCurrentCase, Map< String, CommonAttributeValueList > dataSourceToValueList) throws CentralRepoException
 
Map< String, Map< String, CommonAttributeValueList > > filterMetadata (Map< String, Map< String, CommonAttributeValueList >> metadata, int percentageThreshold, int resultTypeId)
 
boolean filterValue (CorrelationAttributeInstance.Type attributeType, CommonAttributeValue value, int maximumPercentageThreshold, Double uniqueCaseDataSourceTuples) throws CentralRepoException
 
Map< String, CommonAttributeValuegetValuesToKeepFromCurrentCase (Map< String, CommonAttributeValueList > dataSourceToValueList, CorrelationAttributeInstance.Type attributeType, int maximumPercentageThreshold, Double uniqueCaseDataSourceTuples) throws CentralRepoException
 

Private Attributes

final Map< String, Map< String, CommonAttributeValueList > > caseNameToDataSources
 

Static Private Attributes

static final Logger LOGGER = Logger.getLogger(CommonAttributeCaseSearchResults.class.getName())
 

Detailed Description

Stores the results from the various types of common attribute searching Stores results based on how they are currently displayed in the UI

Definition at line 41 of file CommonAttributeCaseSearchResults.java.

Member Function Documentation

Map<String, CommonAttributeValueList> org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.createTreeForCase ( Map< String, CommonAttributeValue valuesToKeepCurrentCase,
Map< String, CommonAttributeValueList dataSourceToValueList 
) throws CentralRepoException
private

Create a new map representing the portion of the tree for a single case

Parameters
valuesToKeepCurrentCasea map of correlation value to CommonAttributeValue for results from the current case to substitute in
dataSourceToValueListthe reslts for a single case which need to be filtered
Returns
the modified results for the case
Exceptions
CentralRepoException

Definition at line 198 of file CommonAttributeCaseSearchResults.java.

References org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeValue.getValue().

Referenced by org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterMetadata().

Map<String, Map<String, CommonAttributeValueList> > org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterMetadata ( Map< String, Map< String, CommonAttributeValueList >>  metadata,
int  percentageThreshold,
int  resultTypeId 
)
private

Get an unmodifiable collection of values, indexed by case name, which represents the common attributes found in the search.

Remove results which are not found in the portion of available data sources described by maximumPercentageThreshold.

Parameters
metadatathe unfiltered metadata
percentageThresholdthe percentage threshold that a file should not be more common than
resultTypeIdthe ID of the result type contained in the metadata
Returns
metadata

Definition at line 113 of file CommonAttributeCaseSearchResults.java.

References org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.createTreeForCase(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCountUniqueDataSources(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.casemodule.Case.getDisplayName(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), and org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.getValuesToKeepFromCurrentCase().

boolean org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterValue ( CorrelationAttributeInstance.Type  attributeType,
CommonAttributeValue  value,
int  maximumPercentageThreshold,
Double  uniqueCaseDataSourceTuples 
) throws CentralRepoException
private

Determine if a value should be included in the results displayed to the user

Parameters
attributeTypethe result type contained in the metadata
valuethe correlationAttributeValue we are evaluating
maximumPercentageThresholdthe percentage threshold that a file should not be more common than
uniqueCaseDataSourceTuplesthe number of unique data sources in the CR
Returns
true if the value should be filtered and removed from what is shown to the user, false if the value should not be removed and the user will see it as a result
Exceptions
CentralRepoException

Definition at line 232 of file CommonAttributeCaseSearchResults.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getCountUniqueCaseDataSourceTuplesHavingTypeValue(), and org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance().

Referenced by org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.getValuesToKeepFromCurrentCase().

Map<String, Map<String, CommonAttributeValueList> > org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.getMetadata ( )

Get an unmodifiable collection of values, indexed by case name, which represents the common attributes found in the search.

Returns
map of cases to data sources and their list of matches

Definition at line 94 of file CommonAttributeCaseSearchResults.java.

Map<String, CommonAttributeValue> org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.getValuesToKeepFromCurrentCase ( Map< String, CommonAttributeValueList dataSourceToValueList,
CorrelationAttributeInstance.Type  attributeType,
int  maximumPercentageThreshold,
Double  uniqueCaseDataSourceTuples 
) throws CentralRepoException
private

Get the values from the results for the current case

Parameters
dataSourceToValueListthe map of datasources to their CommonAttributeValueLists for the current case
attributeTypethe result type contained in the metadata
maximumPercentageThresholdthe percentage threshold that a file should not be more common than
uniqueCaseDataSourceTuplesthe number of unique data sources in the CR
Returns
a map of correlation value to CommonAttributeValue for results from the current case
Exceptions
CentralRepoException

Definition at line 168 of file CommonAttributeCaseSearchResults.java.

References org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterValue(), and org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeValue.getValue().

Referenced by org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.filterMetadata().

Member Data Documentation

final Map<String, Map<String, CommonAttributeValueList> > org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.caseNameToDataSources
private

Definition at line 46 of file CommonAttributeCaseSearchResults.java.

final Logger org.sleuthkit.autopsy.commonpropertiessearch.CommonAttributeCaseSearchResults.LOGGER = Logger.getLogger(CommonAttributeCaseSearchResults.class.getName())
staticprivate

Definition at line 43 of file CommonAttributeCaseSearchResults.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.