Public Member Functions
	EamArtifactUtil ()

Static Public Member Functions
static String	getEmailAddressAttrString ()

static CorrelationAttributeInstance	getInstanceFromContent (Content content)

static boolean	isSupportedAbstractFileType (AbstractFile file)

static CorrelationAttributeInstance	makeInstanceFromContent (Content content)

static List< CorrelationAttributeInstance >	makeInstancesFromBlackboardArtifact (BlackboardArtifact bbArtifact, boolean checkEnabled)

Static Private Member Functions
static CorrelationAttributeInstance	makeCorrelationAttributeInstanceUsingTypeValue (BlackboardArtifact bbArtifact, CorrelationAttributeInstance.Type correlationType, String value)

static CorrelationAttributeInstance	makeInstanceFromBlackboardArtifact (CorrelationAttributeInstance.Type correlationType, BlackboardArtifact bbArtifact) throws EamDbException

Static Private Attributes
static final Logger	logger = Logger.getLogger(EamArtifactUtil.class.getName())

Detailed Description

Definition at line 39 of file EamArtifactUtil.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.EamArtifactUtil ( )

Definition at line 43 of file EamArtifactUtil.java.

Member Function Documentation

static String org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getEmailAddressAttrString ( )

static

Definition at line 47 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromBlackboardArtifact().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getInstanceFromContent ( Content content )

static

Retrieve CorrelationAttribute from the given Content.

Parameters

content The content object

Returns: The new CorrelationAttribute, or null if retrieval failed.

Definition at line 230 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.FILES_TYPE_ID, org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationAttributeInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCorrelationTypeById(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType().

Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), org.sleuthkit.autopsy.datamodel.AbstractAbstractFileNode< SpecialDirectory >.getCorrelationAttributeInstance(), and org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode.getCorrelationAttributeInstance().

static boolean org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.isSupportedAbstractFileType ( AbstractFile file )

static

Check whether the given abstract file should be processed for the central repository.

Parameters

file	The file to test

Returns: true if the file should be added to the central repo, false otherwise

Definition at line 342 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.CentralRepoContextMenuActionsProvider.getActions(), org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.getInstanceFromContent(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromContent().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeCorrelationAttributeInstanceUsingTypeValue	(	BlackboardArtifact	bbArtifact,
		CorrelationAttributeInstance.Type	correlationType,
		String	value
	)

staticprivate

Uses the determined type and vallue, then looks up instance details to create proper CorrelationAttributeInstance.

Parameters

bbArtifact	the blackboard artifatc
correlationType	the given type
value	the artifact value

Returns: CorrelationAttributeInstance from details

Definition at line 190 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.fromTSKDataSource(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getCase(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource.getName(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.newCase().

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromBlackboardArtifact().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromBlackboardArtifact	(	CorrelationAttributeInstance.Type	correlationType,
		BlackboardArtifact	bbArtifact
	)		throws EamDbException

staticprivate

Create an EamArtifact of type correlationType if one can be generated based on the data in the blackboard artifact.

Parameters

correlationType	The Central Repository artifact type to create
bbArtifact	The blackboard artifact to pull data from

Returns: the new EamArtifact, or null if one was not created because bbArtifact did not contain the needed data

Definition at line 101 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromBlackboardArtifact(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact().

static CorrelationAttributeInstance org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromContent ( Content content )

static

Create an EamArtifact from the given Content. Will return null if an artifact can not be created - this is not necessarily an error case, it just means an artifact can't be made. If creation fails due to an error (and not that the file is the wrong type or it has no hash), the error will be logged before returning.

Does not add the artifact to the database.

Parameters

content The content object

Returns: The new EamArtifact or null if creation failed

Definition at line 292 of file EamArtifactUtil.java.

Referenced by org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction.AddEditCentralRepoCommentAction(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.ContentTagTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().

static List<CorrelationAttributeInstance> org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstancesFromBlackboardArtifact	(	BlackboardArtifact	bbArtifact,
		boolean	checkEnabled
	)

static

Static factory method to examine a BlackboardArtifact to determine if it has contents that can be used for Correlation. If so, return a EamArtifact with a single EamArtifactInstance within. If not, return null.

Parameters

bbArtifact	BlackboardArtifact to examine
checkEnabled	If true, only create a CorrelationAttribute if it is enabled

Returns: List of EamArtifacts

Definition at line 63 of file EamArtifactUtil.java.

References org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getDefinedCorrelationTypes(), org.sleuthkit.autopsy.centralrepository.datamodel.EamDb.getInstance(), and org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.makeInstanceFromBlackboardArtifact().

Referenced by org.sleuthkit.autopsy.centralrepository.contentviewer.DataContentViewerOtherCases.getCorrelationAttributesFromNode(), org.sleuthkit.autopsy.contentviewers.AnnotationsContentViewer.populateCentralRepositoryData(), org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.BlackboardTagTask.run(), org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener.DataAddedTask.run(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.CaseEventListener.TagDefinitionChangeTask.run().

Member Data Documentation

final Logger org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil.logger = Logger.getLogger(EamArtifactUtil.class.getName())

staticprivate

Definition at line 41 of file EamArtifactUtil.java.

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java

Public Member Functions

Static Public Member Functions

Static Private Member Functions

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation