Autopsy
4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
interface | ParseExceptionFunction |
class | TsvColumn |
Public Member Functions | |
LeappFileProcessor (String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException | |
ProcessResult | processFiles (Content dataSource, Path moduleOutputPath, AbstractFile LeappFile) |
ProcessResult | processFileSystem (Content dataSource, Path moduleOutputPath) |
Private Member Functions | |
void | configExtractor () throws IOException |
BlackboardArtifact | createArtifactWithAttributes (BlackboardArtifact.Type artType, Content dataSource, Collection< BlackboardAttribute > bbattributes) |
void | createCalllogRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
void | createContactRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
void | createCustomArtifacts (Blackboard blkBoard) |
void | createMessageRelationship (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
void | createRoute (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName) throws IngestModuleException |
AbstractFile | createTrackpoint (Collection< BlackboardAttribute > bbattributes, Content dataSource, String fileName, String trackpointSegmentName, GeoTrackPoints pointList) throws IngestModuleException |
AbstractFile | findAbstractFile (Content dataSource, String fileNamePath) |
List< String > | findTsvFiles (Path LeappOutputDir) throws IngestModuleException |
String | formatValueBasedOnAttrType (TsvColumn colAttr, String value) |
Account.Type | getAccountType (String AccountTypeName) |
void | getArtifactNode (Document xmlinput) |
BlackboardAttribute | getAttribute (BlackboardAttribute.Type attrType, String value, String fileName) |
void | getAttributeNodes (Document xmlinput) |
void | getFileNode (Document xmlinput) |
String | getXmlAttrIdentifier (String fileName, String attributeName) |
String | getXmlFileIdentifier (String fileName) |
void | loadConfigFile () throws IngestModuleException |
BlackboardAttribute | parseAttrValue (String value, BlackboardAttribute.Type attrType, String fileName, boolean blankIsNull, boolean zeroIsNull, ParseExceptionFunction valueConverter) |
void | processFile (File LeappFile, List< TsvColumn > attrList, String fileName, BlackboardArtifact.Type artifactType, List< BlackboardArtifact > bbartifacts, Content dataSource) throws FileNotFoundException, IOException, IngestModuleException, TskCoreException |
void | processLeappFiles (List< String > LeappFilesToProcess, AbstractFile LeappImageFile) throws FileNotFoundException, IOException, IngestModuleException |
void | processLeappFiles (List< String > LeappFilesToProcess, Content dataSource) throws IngestModuleException |
Collection< BlackboardAttribute > | processReadLine (List< String > lineValues, Map< String, Integer > columnIndexes, List< TsvColumn > attrList, String fileName, int lineNum) throws IngestModuleException |
Private Attributes | |
final String | moduleName |
final Map< String, String > | tsvFileArtifactComments |
final Map< String, BlackboardArtifact.Type > | tsvFileArtifacts |
final Map< String, List< TsvColumn > > | tsvFileAttributes |
final Map< String, String > | tsvFiles |
final String | xmlFile |
Static Private Attributes | |
static final Map< String, String > | ACCOUNT_RELATIONSHIPS |
static final Set< String > | ALLOWED_EXTENSIONS = new HashSet<>(Arrays.asList("zip", "tar", "tgz")) |
static final Map< String, String > | CUSTOM_ARTIFACT_MAP |
static final Logger | logger = Logger.getLogger(LeappFileProcessor.class.getName()) |
static final DateFormat | TIMESTAMP_FORMAT = new SimpleDateFormat("yyyy-MM-d HH:mm:ss", US) |
Find and process output from Leapp program and bring into Autopsy
Definition at line 96 of file LeappFileProcessor.java.
org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor | ( | String | xmlFile, |
String | moduleName | ||
) | throws IOException, IngestModuleException, NoCurrentCaseException |
Definition at line 197 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.configExtractor(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCustomArtifacts(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.xmlFile.
|
private |
Extract the Leapp config xml file to the user directory to process
Definition at line 1260 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.extractResourceToUserConfigDir().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Generic method for creating a blackboard artifact with attributes
artType | The artifact type. |
dataSource | is the Content object that needs to have the artifact added for it |
bbattributes | is the collection of blackboard attributes that need to be added to the artifact after the artifact has been created |
Definition at line 1220 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 738 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAccountType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 667 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAccountType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Create custom artifacts that are defined in the xLeapp xml file(s).
Definition at line 1305 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Definition at line 564 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAccountType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 424 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 494 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
private |
Definition at line 1320 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.services.Services.getFileManager(), and org.sleuthkit.autopsy.casemodule.Case.getServices().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createRoute(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createTrackpoint().
|
private |
Find the tsv files in the Leapp output directory and match them to files we know we want to process and return the list to process those files.
Definition at line 251 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().
|
private |
Check type of attribute and possibly format string based on it.
colAttr | Column Attribute information |
value | string to be formatted |
Definition at line 956 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.coreutils.NetworkUtils.extractDomain().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
|
private |
Definition at line 815 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship().
|
private |
Definition at line 1112 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlFileIdentifier(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Gets an appropriate attribute based on the attribute type and string value.
attrType | The attribute type. |
value | The string value to be converted to the appropriate data type for the attribute type. |
fileName | The file name that the value comes from. |
Definition at line 979 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.parseAttrValue().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
|
private |
Definition at line 1154 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlAttrIdentifier().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Definition at line 1100 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
|
private |
Definition at line 1148 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlFileIdentifier().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttributeNodes().
|
private |
Definition at line 1142 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getXmlAttrIdentifier().
|
private |
Read the XML config file and load the mappings into maps
Definition at line 1077 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttributeNodes(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getFileNode(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserConfigDirectory(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.xmlFile.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor().
|
private |
Runs parsing function on string value to convert to right data type and generates a blackboard attribute for that converted data type.
value | The string value. |
attrType | The blackboard attribute type. |
fileName | The name of the file from which the value comes. |
blankIsNull | If string is blank return null attribute. |
zeroIsNull | If string is some version of 0, return null attribute. |
valueConverter | The means of converting the string value to an appropriate blackboard attribute. |
Definition at line 1045 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.ParseExceptionFunction.apply().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttribute().
|
private |
Definition at line 341 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createArtifactWithAttributes(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createRoute(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createTrackpoint(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.moduleName, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processReadLine().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles | ( | Content | dataSource, |
Path | moduleOutputPath, | ||
AbstractFile | LeappFile | ||
) |
Definition at line 222 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findTsvFiles(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.processALeappFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFile().
ProcessResult org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem | ( | Content | dataSource, |
Path | moduleOutputPath | ||
) |
Definition at line 234 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.ERROR, org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findTsvFiles(), org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult.OK, and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.processALeappFs(), and org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.processILeappFs().
|
private |
Process the Leapp files that were found that match the xml mapping file
LeappFilesToProcess | List of files to process |
LeappImageFile | Abstract file to create artifact for |
FileNotFoundException | |
IOException |
Definition at line 283 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFiles(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFileSystem().
|
private |
Process the Leapp files that were found that match the xml mapping file
LeappFilesToProcess | List of files to process |
dataSource | The data source. |
FileNotFoundException | |
IOException |
Definition at line 316 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.tsvFileArtifacts.
|
private |
Process the line read and create the necessary attributes for it.
lineValues | List of column values. |
columnIndexes | Mapping of column headers (trimmed; to lower case) to column index. All header columns and only all header columns should be present. |
attrList | The list of attributes as specified for the schema of this file. |
fileName | The name of the file being processed. |
lineNum | The line number in the file. |
IngestModuleException |
Definition at line 899 of file LeappFileProcessor.java.
References org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.formatValueBasedOnAttrType(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getAttribute().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
staticprivate |
Definition at line 157 of file LeappFileProcessor.java.
|
staticprivate |
Definition at line 1265 of file LeappFileProcessor.java.
|
staticprivate |
Definition at line 153 of file LeappFileProcessor.java.
|
staticprivate |
Definition at line 144 of file LeappFileProcessor.java.
|
private |
Definition at line 146 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createCalllogRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createContactRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createMessageRelationship(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createRoute(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.createTrackpoint(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processFile().
|
staticprivate |
The format of time stamps in tsv.
Definition at line 967 of file LeappFileProcessor.java.
|
private |
Definition at line 150 of file LeappFileProcessor.java.
|
private |
Definition at line 149 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.getArtifactNode(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.processLeappFiles().
|
private |
Definition at line 151 of file LeappFileProcessor.java.
|
private |
Definition at line 148 of file LeappFileProcessor.java.
|
private |
Definition at line 145 of file LeappFileProcessor.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.LeappFileProcessor(), and org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile().
Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.