Skip to content
Snippets Groups Projects
Commit 128115aa authored by Ann Priestman's avatar Ann Priestman
Browse files

Removed outdated paragraph about custom artifacts. 

Replaced some deprecated methods.
Fixed a link in the communications doc.
parent 7f6f66ff
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bindings/java/doxygen/blackboard.dox
+ 5
10
View file @ 128115aa
...@@ -27,7 +27,7 @@ There are special methods on the Content object, such as org.sleuthkit.datamodel ...@@ -27,7 +27,7 @@ There are special methods on the Content object, such as org.sleuthkit.datamodel
Java modules can access the blackboard from either org.sleuthkit.datamodel.SleuthkitCase or a org.sleuthkit.datamodel.Content object. The methods associated with org.sleuthkit.datamodel.Content all limit the Blackboard to a specific file. Java modules can access the blackboard from either org.sleuthkit.datamodel.SleuthkitCase or a org.sleuthkit.datamodel.Content object. The methods associated with org.sleuthkit.datamodel.Content all limit the Blackboard to a specific file.
Refer to http://wiki.sleuthkit.org/index.php?title=Artifact_Examples for artifact and attribute combinations that are commonly used. Refer to the <a href="http://wiki.sleuthkit.org/index.php?title=Artifact_Examples">artifact examples wiki page</a> for artifact and attribute combinations that are commonly used.
\subsection jni_bb_access_post Posting to the Blackboard \subsection jni_bb_access_post Posting to the Blackboard
...@@ -63,21 +63,16 @@ You can find artifacts using a variety of ways: ...@@ -63,21 +63,16 @@ You can find artifacts using a variety of ways:
\section jni_bb_custom_types Custom Artifacts and Attributes \section jni_bb_custom_types Custom Artifacts and Attributes
This section outlines how to create artifact and attribute types because the standard ones do not meet your needs. This section outlines how to create artifact and attribute types because the standard ones do not meet your needs. These custom artifacts will be displayed
in the Autopsy UI alongside the built in artifacts and will also appear in the reports. However, before you make a custom type, you should consider the
\subsection jni_bb_custom_limitations Limitations
There is a big limitation right now in Autopsy (and the datamodel) with respect to custom artifact and attribute types. You can create them and query for them in modules, but the Autopsy UI and reporting infrastructure will not show them. This is because we rely on enums for the types and the custom types do not map into the enum. We will need to address this in the future.
Before you make a custom type, you should consider the
TSK_INTERESTING_FILE_HIT artifact. It is very generic and we have used it TSK_INTERESTING_FILE_HIT artifact. It is very generic and we have used it
in the past when we did not want to make a new artifact type. You create the artifact, use the TSK_SET_NAME attribute to define the equivalent name of the custom artifact that you wanted to create, and then add whatever attributes you want. in the past when we did not want to make a new artifact type. You create the artifact, use the TSK_SET_NAME attribute to define the equivalent name of the custom artifact that you wanted to create, and then add whatever attributes you want.
\subsection jni_bb_custom_make Making Custom Artifacts and Attributes \subsection jni_bb_custom_make Making Custom Artifacts and Attributes
org.sleuthkit.datamodel.SleuthkitCase.addArtifactType() is used to create a custom artifact. Give it the display and unique name and it will return the unique ID. You will need to call this once for each case to create the artifact ID. You can then use this ID to make an artifact of the given type. To check if the artifact type has already been added to the blackboard or to get the ID after it was created, use org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(). org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType() is used to create a custom artifact. Give it the display and unique name and it will return a org.sleuthkit.datamodel.BlackboardArtifact.Type object with a unique ID. You will need to call this once for each case to create the artifact ID. You can then use this ID to make an artifact of the given type. To check if the artifact type has already been added to the blackboard or to get the ID after it was created, use org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().
To create custom attributes, use org.sleuthkit.datamodel.SleuthkitCase.addAttrType() to create the type and get its ID. Like artifacts, you must create the type for each new case. To get a type after it has been created in the case, use org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(). To create custom attributes, use org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType() to create the type and get its ID. Like artifacts, you must create the type for each new case. To get a type after it has been created in the case, use org.sleuthkit.datamodel.SleuthkitCase.getAttributeType().
*/ */
bindings/java/doxygen/communications.dox
+ 1
1
View file @ 128115aa
...@@ -60,6 +60,6 @@ The final step is to create store the relationships between the accounts. You c ...@@ -60,6 +60,6 @@ The final step is to create store the relationships between the accounts. You c
\section jni_com_schema Database Schema \section jni_com_schema Database Schema
For details of how this is stored in the database, refer to the For details of how this is stored in the database, refer to the
<a href="http://wiki.sleuthkit.org/index.php?title=Database_v7.2_Schema#Communications_.2F_Accounts]">wiki</a>. <a href="http://wiki.sleuthkit.org/index.php?title=Database_v7.2_Schema#Communications_.2F_Accounts">wiki</a>.
*/ */
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment