Autopsy  4.4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Public Member Functions | Static Public Member Functions | Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.timeline.datamodel.EventCluster Class Reference

Inherits org.sleuthkit.autopsy.timeline.datamodel.MultiEvent< EventStripe >.

Public Member Functions

 EventCluster (Interval spanningInterval, EventType type, Collection< Long > eventIDs, Collection< Long > hashHits, Collection< Long > tagged, String description, DescriptionLoD lod)
 
boolean equals (Object obj)
 
SortedSet< EventClustergetClusters ()
 
String getDescription ()
 
DescriptionLoD getDescriptionLoD ()
 
long getEndMillis ()
 
ImmutableSet< Long > getEventIDs ()
 
ImmutableSet< Long > getEventIDsWithHashHits ()
 
ImmutableSet< Long > getEventIDsWithTags ()
 
EventType getEventType ()
 
Optional< EventStripegetParent ()
 
Optional< EventStripegetParentStripe ()
 
Interval getSpan ()
 
long getStartMillis ()
 
int hashCode ()
 
String toString ()
 
EventCluster withParent (EventStripe parent)
 

Static Public Member Functions

static EventCluster merge (EventCluster cluster1, EventCluster cluster2)
 

Private Member Functions

 EventCluster (Interval spanningInterval, EventType type, Collection< Long > eventIDs, Collection< Long > hashHits, Collection< Long > tagged, String description, DescriptionLoD lod, EventStripe parent)
 

Private Attributes

final String description
 
final ImmutableSet< Long > eventIDs
 
final ImmutableSet< Long > hashHits
 
final DescriptionLoD lod
 
final EventStripe parent
 
final Interval span
 
final ImmutableSet< Long > tagged
 
final EventType type
 

Detailed Description

Represents a set of other events clustered together. All the sub events should have the same type and matching descriptions at the designated "zoom level", and be "close together" in time.

Definition at line 41 of file EventCluster.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster ( Interval  spanningInterval,
EventType  type,
Collection< Long >  eventIDs,
Collection< Long >  hashHits,
Collection< Long >  tagged,
String  description,
DescriptionLoD  lod,
EventStripe  parent 
)
private
org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster ( Interval  spanningInterval,
EventType  type,
Collection< Long >  eventIDs,
Collection< Long >  hashHits,
Collection< Long >  tagged,
String  description,
DescriptionLoD  lod 
)

Member Function Documentation

boolean org.sleuthkit.autopsy.timeline.datamodel.EventCluster.equals ( Object  obj)
SortedSet<EventCluster> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getClusters ( )
String org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescription ( )
DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getDescriptionLoD ( )
long org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEndMillis ( )

Definition at line 163 of file EventCluster.java.

ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDs ( )
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithHashHits ( )
ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithTags ( )
EventType org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventType ( )
Optional<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParent ( )

get the EventStripe (if any) that contains this cluster

Returns
an Optional containg the parent stripe of this cluster, or is empty if the cluster has no parent set.

Definition at line 137 of file EventCluster.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParentStripe().

Optional<EventStripe> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParentStripe ( )

get the EventStripe (if any) that contains this cluster

Returns
an Optional containg the parent stripe of this cluster, or is empty if the cluster has no parent set.

Definition at line 148 of file EventCluster.java.

References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getParent().

Interval org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getSpan ( )
long org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getStartMillis ( )
int org.sleuthkit.autopsy.timeline.datamodel.EventCluster.hashCode ( )

Definition at line 221 of file EventCluster.java.

static EventCluster org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge ( EventCluster  cluster1,
EventCluster  cluster2 
)
static
String org.sleuthkit.autopsy.timeline.datamodel.EventCluster.toString ( )

Definition at line 216 of file EventCluster.java.

EventCluster org.sleuthkit.autopsy.timeline.datamodel.EventCluster.withParent ( EventStripe  parent)

return a new EventCluster identical to this one, except with the given EventBundle as the parent.

Parameters
parent
Returns
a new EventCluster identical to this one, except with the given EventBundle as the parent.

Definition at line 206 of file EventCluster.java.

References org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster().

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventStripe.EventStripe().

Member Data Documentation

final String org.sleuthkit.autopsy.timeline.datamodel.EventCluster.description
private
final ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.eventIDs
private
final ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.hashHits
private

the ids of the subset of clustered events that have at least one hash set hit

Definition at line 109 of file EventCluster.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithHashHits().

final DescriptionLoD org.sleuthkit.autopsy.timeline.datamodel.EventCluster.lod
private
final EventStripe org.sleuthkit.autopsy.timeline.datamodel.EventCluster.parent
private
final Interval org.sleuthkit.autopsy.timeline.datamodel.EventCluster.span
private

the smallest time interval containing all the clustered events

Definition at line 77 of file EventCluster.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getSpan(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.merge().

final ImmutableSet<Long> org.sleuthkit.autopsy.timeline.datamodel.EventCluster.tagged
private

the ids of the subset of clustered events that have at least one tag applied to them

Definition at line 103 of file EventCluster.java.

Referenced by org.sleuthkit.autopsy.timeline.datamodel.EventCluster.EventCluster(), and org.sleuthkit.autopsy.timeline.datamodel.EventCluster.getEventIDsWithTags().

final EventType org.sleuthkit.autopsy.timeline.datamodel.EventCluster.type
private

The documentation for this class was generated from the following file:

Copyright © 2012-2016 Basis Technology. Generated on: Fri Sep 29 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.