Autopsy
4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | ItemEntry |
class | SectionConfig |
Static Public Member Functions | |
static Document | buildDocument (Node node) |
Private Member Functions | |
Annotations () | |
Static Private Member Functions | |
static< T > boolean | appendEntries (Element parent, Annotations.SectionConfig< T > config, List<?extends T > items, boolean isSubsection, boolean isFirstSection) |
static Element | appendMessage (Element parent, String message) |
static Element | appendRow (Element rowParent, List< String > data, int columnNumber, boolean isHeader) |
static Element | appendSection (Element parent, String headerText) |
static Element | appendSubsection (Element parent, String headerText) |
static Element | appendTable (Element parent, int columnNumber, List< List< String >> content, List< String > columnHeaders) |
static< T > Element | appendVerticalEntryTables (Element parent, List<?extends T > items, List< ItemEntry< T >> rowHeaders) |
static List< CorrelationAttributeInstance > | getCentralRepositoryData (BlackboardArtifact artifact) |
static List< CorrelationAttributeInstance > | getCentralRepositoryData (AbstractFile sourceFile) |
static List< CorrelationAttributeInstance > | getCorrelationAttributeComments (List< Pair< CorrelationAttributeInstance.Type, String >> lookupKeys) |
static List< BlackboardArtifact > | getFileSetHits (AbstractFile sourceFile, BlackboardArtifact.ARTIFACT_TYPE type) |
static List< ContentTag > | getTags (Content sourceContent) |
static List< BlackboardArtifactTag > | getTags (BlackboardArtifact bba) |
static boolean | hasTskComment (BlackboardArtifact artifact) |
static boolean | renderArtifact (Element parent, BlackboardArtifact bba, Content sourceContent) |
static boolean | renderContent (Element parent, Content sourceContent, boolean isSubheader) |
static String | tryGetAttribute (BlackboardArtifact artifact, BlackboardAttribute.ATTRIBUTE_TYPE attributeType) |
Static Private Attributes | |
static final SectionConfig< BlackboardArtifact > | ARTIFACT_COMMENT_CONFIG = new SectionConfig<>(Bundle.Annotations_fileHitEntry_artifactCommentTitle(), FILESET_HIT_ENTRIES) |
static final SectionConfig< CorrelationAttributeInstance > | CR_COMMENTS_CONFIG = new SectionConfig<>(Bundle.Annotations_centralRepositoryEntry_title(), CR_COMMENTS_ENTRIES) |
static final List< ItemEntry< CorrelationAttributeInstance > > | CR_COMMENTS_ENTRIES |
static final String | EMPTY_HTML = "<html><head></head><body></body></html>" |
static final List< ItemEntry< BlackboardArtifact > > | FILESET_HIT_ENTRIES |
static final SectionConfig< BlackboardArtifact > | HASHSET_CONFIG = new SectionConfig<>(Bundle.Annotations_fileHitEntry_hashSetHitTitle(), FILESET_HIT_ENTRIES) |
static final SectionConfig< BlackboardArtifact > | INTERESTING_FILE_CONFIG = new SectionConfig<>(Bundle.Annotations_fileHitEntry_interestingFileHitTitle(), FILESET_HIT_ENTRIES) |
static final Logger | logger = Logger.getLogger(Annotations.class.getName()) |
static final SectionConfig< Tag > | TAG_CONFIG = new SectionConfig<>(Bundle.Annotations_tagEntry_title(), TAG_ENTRIES) |
static final List< ItemEntry< Tag > > | TAG_ENTRIES |
The business logic for the Annotations content panel.
Definition at line 56 of file Annotations.java.
|
private |
Definition at line 125 of file Annotations.java.
|
staticprivate |
Append entries to the parent element in the annotations viewer. Entries will be formatted as a table in the format specified in the SectionConfig.
parent | The parent element for which the entries will be attached. |
config | The display configuration for this entry type (i.e. table type, name, if data is not present). |
items | The items to display. |
isSubsection | Whether or not this should be displayed as a subsection. If not displayed as a top-level section. |
isFirstSection | Whether or not this is the first section appended. |
Definition at line 467 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.appendSection(), org.sleuthkit.autopsy.contentviewers.application.Annotations.appendSubsection(), org.sleuthkit.autopsy.contentviewers.application.Annotations.appendVerticalEntryTables(), org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getIndentedClassName(), and org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getSpacedSectionClassName().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Appends a message to the parent element. This is typically used in the event that no data exists for a certain type.
parent | The parent element that will have this message appended to it. |
message | The message to append. |
Definition at line 620 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getMessageClassName().
|
staticprivate |
Appends a row to the parent element (should be thead or tbody).
rowParent | The parent table element. |
data | The data to place in columns within the table. |
columnNumber | The number of columns to append. |
isHeader | Whether or not this should have header cells ('th') instead of regular cells ('td'). |
Definition at line 559 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getKeyColumnClassName(), and org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getTextClassName().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.appendTable().
|
staticprivate |
Appends a new section with a section header to the parent element.
parent | The element to append this section to. |
headerText | The text for the section. |
Definition at line 586 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getHeaderClassName().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.appendEntries(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact().
|
staticprivate |
Appends a new subsection with a subsection header to the parent element.
parent | The element to append this subsection to. |
headerText | The text for the subsection. |
Definition at line 602 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getHeaderClassName().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.appendEntries().
|
staticprivate |
Appends a generic table to the parent element.
parent | The parent element that will have a table appended to it. |
columnNumber | The number of columns to append. |
content | The content in content.get(row).get(column) format. |
columnHeaders | The column headers or null if no column headers should be created. |
Definition at line 533 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.appendRow().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.appendVerticalEntryTables().
|
staticprivate |
Appends a table where items are displayed in rows of key-value pairs.
parent | The parent to append the table. |
items | The items to process into a series of tables. |
rowHeaders | The keys and the means to process items in order to get key-value pairs. |
Definition at line 498 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.appendTable(), and org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getSpacedSectionClassName().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.appendEntries().
|
static |
Returns the formatted Annotation information for the given node. If no data was found the method will return null;
node | Node to get data for. |
Definition at line 138 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.logger, org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
Referenced by org.sleuthkit.autopsy.contentviewers.AnnotationsContentViewer.AnnotationWorker.doInBackground().
|
staticprivate |
Gets the "Central Repository Comments" section with data for the blackboard artifact.
artifact | The selected artifact. |
Definition at line 370 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.getCorrelationAttributeComments(), and org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil.makeCorrAttrsForCorrelation().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Gets the "Central Repository Comments" section with data.
sourceFile | A selected file, or a source file of the selected artifact. |
Definition at line 392 of file Annotations.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.contentviewers.application.Annotations.getCorrelationAttributeComments(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.logger.
|
staticprivate |
Given a type and a value for that type, does a lookup in the Central Repository for matching values that have comments.
lookupKeys | The type and value to lookup. |
Definition at line 427 of file Annotations.java.
References org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getArtifactInstancesByTypeValue(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.getInstance(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.logger.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.getCentralRepositoryData().
|
staticprivate |
Retrieves the blackboard artifacts for a source file matching a certain type that have a non-blank TSK_COMMENT.
sourceFile | The source file for which to fetch artifacts. |
type | The type of blackboard artifact to fetch. |
Definition at line 308 of file Annotations.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.contentviewers.application.Annotations.hasTskComment(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.logger.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Retrieves tags associated with a content item.
sourceContent | The content for which to gather content. |
Definition at line 268 of file Annotations.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.logger.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Retrieves tags for blackboard artifact tags.
bba | The blackboard artifact for which to retrieve tags. |
Definition at line 287 of file Annotations.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.logger.
|
staticprivate |
Returns true if the artifact contains a non-blank TSK_COMMENT attribute.
artifact | The artifact to check. |
Definition at line 329 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.tryGetAttribute().
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.getFileSetHits(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact().
|
staticprivate |
Renders annotations for an artifact.
parent | The html element to render content int. |
bba | The blackboard artifact to render. |
sourceContent | The content from which the blackboard artifact comes. |
Definition at line 190 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.appendEntries(), org.sleuthkit.autopsy.contentviewers.application.Annotations.appendSection(), org.sleuthkit.autopsy.contentviewers.application.Annotations.ARTIFACT_COMMENT_CONFIG, org.sleuthkit.autopsy.contentviewers.application.Annotations.CR_COMMENTS_CONFIG, org.sleuthkit.autopsy.contentviewers.application.Annotations.getCentralRepositoryData(), org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getIndentedClassName(), org.sleuthkit.autopsy.contentviewers.layout.ContentViewerHtmlStyles.getSpacedSectionClassName(), org.sleuthkit.autopsy.contentviewers.application.Annotations.getTags(), org.sleuthkit.autopsy.contentviewers.application.Annotations.hasTskComment(), org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled(), org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.TAG_CONFIG.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.buildDocument().
|
staticprivate |
Renders annotations for a content item.
parent | The parent within which to render. |
sourceContent | The content for which annotations will be gathered. |
isSubheader | True if this section should be rendered as a subheader as opposed to a top-level header. |
Definition at line 233 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.appendEntries(), org.sleuthkit.autopsy.contentviewers.application.Annotations.CR_COMMENTS_CONFIG, org.sleuthkit.autopsy.contentviewers.application.Annotations.getCentralRepositoryData(), org.sleuthkit.autopsy.contentviewers.application.Annotations.getFileSetHits(), org.sleuthkit.autopsy.contentviewers.application.Annotations.getTags(), org.sleuthkit.autopsy.contentviewers.application.Annotations.HASHSET_CONFIG, org.sleuthkit.autopsy.contentviewers.application.Annotations.INTERESTING_FILE_CONFIG, org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository.isEnabled(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.TAG_CONFIG.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.buildDocument(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact().
|
staticprivate |
Attempts to retrieve the attribute of a particular type from a blackboard artifact.
artifact | The artifact from which to retrieve the information. |
attributeType | The attribute type to retrieve from the artifact. |
Definition at line 342 of file Annotations.java.
References org.sleuthkit.autopsy.contentviewers.application.Annotations.logger.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.hasTskComment().
|
staticprivate |
Definition at line 109 of file Annotations.java.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact().
|
staticprivate |
Definition at line 120 of file Annotations.java.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Definition at line 112 of file Annotations.java.
|
staticprivate |
Definition at line 81 of file Annotations.java.
|
staticprivate |
Definition at line 95 of file Annotations.java.
|
staticprivate |
Definition at line 106 of file Annotations.java.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Definition at line 103 of file Annotations.java.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Definition at line 79 of file Annotations.java.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.buildDocument(), org.sleuthkit.autopsy.contentviewers.application.Annotations.getCentralRepositoryData(), org.sleuthkit.autopsy.contentviewers.application.Annotations.getCorrelationAttributeComments(), org.sleuthkit.autopsy.contentviewers.application.Annotations.getFileSetHits(), org.sleuthkit.autopsy.contentviewers.application.Annotations.getTags(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.tryGetAttribute().
|
staticprivate |
Definition at line 92 of file Annotations.java.
Referenced by org.sleuthkit.autopsy.contentviewers.application.Annotations.renderArtifact(), and org.sleuthkit.autopsy.contentviewers.application.Annotations.renderContent().
|
staticprivate |
Definition at line 84 of file Annotations.java.
Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.