@@ -8,6 +8,24 @@ The Sleuth Kit is primarily a C/C++ library and set of command line tools. These
Expand on this to mention what classes to use, etc.
\section jni_hierarchy Class Hierarchy
Flush out here on general layout.
- org.sleuthkit.datamodel.Content is top-level interface and gets more specific as it goes down.
- Types disk and file system organization concepts (org.sleuthkit.datamodel.FileSystem, org.sleuthkit.datamodel.Image, etc. )
- org.sleuthkit.datamodel.AbstractFile is interface for various types of files with more specific classes below it ( org.sleuthkit.datamodel.DerivedFile, org.sleuthkit.datamodel.FsContent, etc.)
\section jni_blackboard The Blackboard
The blackboard in the database is used to communicate with modules in The Sleuth Kit framework and in Autopsy. The blackboard concepts are described in the framework documentation (http://sleuthkit.org/sleuthkit/docs/framework-docs/mod_bbpage.html).
This section provides a high-level overview of the relevant topics from the Java perspective (since the previous document focuses on the C++ APIs).
To make an artifact, one first calls the org.sleuthkit.datamodel.AbstractContent.newArtifact() method for the object that the artifact is being added to. This returns a org.sleuthkit.datamodel.BlackboardArtifact object. Attributes of type org.sleuthkit.datamodel.BlackboardAttribute are then created and added to the artifact.
To find artifacts, you have two general options. If you have an org.sleuthkit.datamodel.AbstractContent object or a derived object, then you can use the org.sleuthkit.datamodel.AbstractContent.getArtifacts() methods to perform various queries. If you want artifacts beyond those for a single file, then you must use the various get methods in org.sleuthkit.datamodel.SleuthkitCase.
