mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Skeleton for creating correlation attrs for account artifacts

Browse Source
This commit is contained in:
Richard Cordovano 2020-02-24 16:14:16 -05:00
parent c8bf39e715
commit b1050b9670
1 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeUtil.java
View File

@ -77,16 +77,16 @@ public class CorrelationAttributeUtil {
} }
/* /*
* *
*/ */
if (artToExamine != null) { if (artToExamine != null) {
int artifactTypeID = artToExamine.getArtifactTypeID(); int artifactTypeID = artToExamine.getArtifactTypeID();
if (artifactTypeID == ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { if (artifactTypeID == ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
BlackboardAttribute setNameAttr = artToExamine.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME)); BlackboardAttribute setNameAttr = artToExamine.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME));
if (setNameAttr != null && CorrelationAttributeUtil.getEmailAddressAttrString().equals(setNameAttr.getValueString())) { if (setNameAttr != null && CorrelationAttributeUtil.getEmailAddressAttrString().equals(setNameAttr.getValueString())) {
makeCorrAttrFromArtifactAttr(correlationAttrs, artToExamine, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD, CorrelationAttributeInstance.EMAIL_TYPE_ID); makeCorrAttrFromArtifactAttr(correlationAttrs, artToExamine, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD, CorrelationAttributeInstance.EMAIL_TYPE_ID);
} }
} else if (artifactTypeID == ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID() } else if (artifactTypeID == ARTIFACT_TYPE.TSK_WEB_BOOKMARK.getTypeID()
|| artifactTypeID == ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID() || artifactTypeID == ARTIFACT_TYPE.TSK_WEB_COOKIE.getTypeID()
|| artifactTypeID == ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID() || artifactTypeID == ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID()
@ -147,7 +147,7 @@ public class CorrelationAttributeUtil {
makeCorrAttrFromArtifactAttr(correlationAttrs, artToExamine, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, CorrelationAttributeInstance.EMAIL_TYPE_ID); makeCorrAttrFromArtifactAttr(correlationAttrs, artToExamine, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, CorrelationAttributeInstance.EMAIL_TYPE_ID);
} else if (artifactTypeID == ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID()) { } else if (artifactTypeID == ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID()) {
// RJCTODO: Make a correlation attribute by switching on account type makeAttributeFromAccountArtifact(correlationAttrs, artToExamine);
} }
} }
} catch (CentralRepoException ex) { } catch (CentralRepoException ex) {
@ -163,6 +163,21 @@ public class CorrelationAttributeUtil {
return correlationAttrs; return correlationAttrs;
} }
/**
* Makes a correlation attribute instance for an account artifact.
*
* IMPORTANT: The correlation attribute instance is NOT added to the central
* repository by this method.
*
* @param acctArtifact An account artifact.
*/
private static CorrelationAttributeInstance makeAttributeFromAccountArtifact(List<CorrelationAttributeInstance> correlationAttrs, BlackboardArtifact acctArtifact) {
// TODO: Convert TSK_ACCOUNT_TYPE attribute to correlation attribute type
// TODO: Extract TSK_ID as value
// return makeCorrelationAttributeInstanceUsingTypeValue(acctArtifact, null, "");
return null;
}
/** /**
* Add a CorrelationAttributeInstance of the specified type to the provided * Add a CorrelationAttributeInstance of the specified type to the provided
* list if the artifactForInstance has an Attribute of the given type with a * list if the artifactForInstance has an Attribute of the given type with a