Difference between revisions of "Autopsy 3 Design"

From SleuthKitWiki
Jump to: navigation, search
(Added javadoc links)
Line 1: Line 1:
= Nodes =
+
Much of the Autopsy API docs are in JavaDocsThis page provides a high-level overview and links to the relevant javadoc packages, which contain more details.  
Autopsy 3 uses NetBeans Nodes to pass data aroundThe Sleuth Kit comes with Java datamodel classes in org.sleuthkit.datamodel and it contains classes for files, directories, file systems, volumes, and other
+
data types that can be found in a disk image. These classes are not NetBeans specific.  
+
  
The org.sleuthkit.autopsy.datamodel package contains classes that are NetBeans-specific and map to classes in the Sleuth Kit datamodel.  For example org.sleuthkit.autopsy.datamodel.DirectoryNode is the  
+
= Case =
Node class for the org.sleuthkit.datamodel.Directory class.
+
A case must be created before Autopsy can do any analysis.  A case will have one or more image files.  The  
 +
[http://www.sleuthkit.org/autopsy/javadoc/org-sleuthkit-autopsy-casemodule/ Case Module] documentation has information on getting access to the current case.  
  
See the JavaDocs for the org.sleuthkit.autopsy.datamodel for more details (ADD LINK WHEN IT IS POSTED)
 
  
= Autopsy Zones =
+
= Nodes and Explorer Manager =
There are three major zones in the Autopsy UI. The left hand side has the <b>Data Explorer</b> areaThis area is where you can search for data.  It has all of the analysis smarts. An example of a data explorer is the Directory tree that shows the hierarchy of directories (and hides the files from view).  
+
Autopsy 3 leverages the NetBeans nodes and Explorer Manager to pass data around to different parts of the UI. The Node is a generic encapsulation of the various data types that Autopsy encountersIt encapsulates the data model objects that The Sleuthkit providesRefer to the [http://www.sleuthkit.org/autopsy/javadoc/org-sleuthkit-autopsy-datamodel/ Datamodel Module] documentation for details on the Autopsy-specific classes that encapsulate the more generic TSK classes.  
  
The Data Explorer area identifies a subset of the data to show the user and passes the data to the <b>Data Results</b> area in the upper right. In the previous example, the contents of a specific folder would be passed to this area and displayed in a table or thumbnail form.  
+
Refer to the [http://www.sleuthkit.org/autopsy/javadoc/org-sleuthkit-autopsy-corecomponentinterfaces/ CoreComponentInterface Module] documentation on the areas of the Autopsy UI, how to pass data between them using Nodes, and how to make new windows.  
  
When a file or object is selected in the Data Results area, it is passed to the <b>Data Content</b> zone in the lower right. This is where file content can be viewed in hex form, strings, etc.
+
The CoreComponentInterfaces docs provide general information on the different components.  For details on specific implementations, refer to:
 
+
* [http://www.sleuthkit.org/autopsy/javadoc/org-sleuthkit-autopsy-corecomponents/ CoreComponents Module]
= Data Flow =
+
* [http://www.sleuthkit.org/autopsy/javadoc/org-sleuthkit-autopsy-directorytree/ DirectoryTree Module]
== Creating Nodes in DataExplorer ==
+
* [http://www.sleuthkit.org/autopsy/javadoc/org-sleuthkit-autopsy-filesearch/ FileSearch Module]
The data explorer modules create the NetBeans nodes. They query the SQLite database or do whatever they want to identify the set of files that are of interest. They create the NetBeans nodes based on Sleuthkit data model objects.
+
 
+
== Getting Nodes to DataResult ==
+
Each Data Explorer TopComponent is responsible for creating its own Data Result TopComponent to display its results. It can choose to re-use the same TopComponent for multiple searches (as DirectoryTree does) or it can choose to make a new one each time (as FileSearch does). The setNode() method on the DataResult object is used to set the root node to display.  A dummy root node must be created as the parent if a parent does not already exist.
+
 
+
NEED TO ADD INFO ABOUT SETTING ACTIONS
+
 
+
== Getting Nodes to DataContent ==
+

Revision as of 13:38, 9 November 2011

Much of the Autopsy API docs are in JavaDocs. This page provides a high-level overview and links to the relevant javadoc packages, which contain more details.

Case

A case must be created before Autopsy can do any analysis. A case will have one or more image files. The Case Module documentation has information on getting access to the current case.


Nodes and Explorer Manager

Autopsy 3 leverages the NetBeans nodes and Explorer Manager to pass data around to different parts of the UI. The Node is a generic encapsulation of the various data types that Autopsy encounters. It encapsulates the data model objects that The Sleuthkit provides. Refer to the Datamodel Module documentation for details on the Autopsy-specific classes that encapsulate the more generic TSK classes.

Refer to the CoreComponentInterface Module documentation on the areas of the Autopsy UI, how to pass data between them using Nodes, and how to make new windows.

The CoreComponentInterfaces docs provide general information on the different components. For details on specific implementations, refer to: