colander_data_converter.base.types.artifact

class colander_data_converter.base.types.artifact.ArtifactType[source]

Bases: CommonEntityType

ArtifactType represents metadata for artifacts in Colander.

Example

>>> artifact_type = ArtifactTypes.REPORT.value
>>> print(artifact_type.short_name)
REPORT

Fields:

Validators:

is_supported_type » short_name

validator is_supported_type » short_name[source]

Validates that the short_name is a supported artifact type.

Parameters:: short_name (str) – The short name to validate.
Returns:: The validated short name.
Return type:: str
Raises:: ValueError – If the short name is not a supported artifact type.

match_mime_type(mime_type)[source]

Checks if the given MIME type matches this artifact type.

Parameters:: mime_type – The MIME type string to check.
Returns:: True if the MIME type matches this artifact type, False otherwise.
Return type:: bool

class colander_data_converter.base.types.artifact.ArtifactTypes(*values)[source]

Bases: Enum

ArtifactTypes provides access to all supported artifact types.

This class loads artifact type definitions from the artifact types JSON file and exposes them as an enum. It also provides a method to look up an artifact type by its short name.

Example

>>> artifact_type = ArtifactTypes.REPORT.value
>>> print(artifact_type.name)
Report
>>> default_type = ArtifactTypes.by_short_name("nonexistent")
>>> print(default_type.name)
Generic

classmethod by_mime_type(mime_type)[source]

Return type:: ArtifactType

classmethod by_short_name(short_name)[source]

ANDROID_BACKUP = ANDROID_BACKUP: Android backup image - A backup image created from an Android device.

ANDROID_SAMPLE = ANDROID_SAMPLE: Android sample - A sample file specific to the Android platform.

ARCHIVE = ARCHIVE: Archive - A compressed file or collection of files, such as ZIP or TAR.

AUDIO = AUDIO: Audio - A file containing audio content, such as MP3, WAV, or AAC.

BACKUP = BACKUP: Backup image - A file containing a backup copy of data or a system image.

BINARY = BINARY: Binary file - A file containing binary data, not intended to be read as text.

CRYPTO_T = CRYPTO_T: Cryptographic activity trace - A file logging cryptographic operations or key usage.

DOCUMENT = DOCUMENT: Document - A generic document file, such as PDF, DOCX, or ODT.

EMAIL = EMAIL: Email file - A file containing email messages, such as EML or MSG format.

F_DUMP = F_DUMP: Forensic dump - A file containing a forensic image or memory dump.

GENERIC = GENERIC: Generic - A file that does not fit into any of other predefined categories.

HAR = HAR: HAR file - A file containing HTTP Archive (HAR) data for web traffic analysis.

IMAGE = IMAGE: Image - A file containing a still image, such as JPG, PNG, or GIF.

IOS_BACKUP = IOS_BACKUP: iOS backup image - A backup image created from an iOS device.

IOS_SAMPLE = IOS_SAMPLE: iOS sample - A sample file specific to the iOS platform.

JSON = JSON: JSON file - A file in JavaScript Object Notation (JSON) format.

PCAP = PCAP: PCAP file - A file capturing network traffic, typically in PCAP format.

REPORT = REPORT: Report - A file containing an analytical or investigative report.

SAMPLE = SAMPLE: Sample - A generic sample file, often used for malware or suspicious files.

SOCIAL_POST = SOCIAL_POST: Social media post - A file or record representing a post from a social media platform.

SOCKET_T = SOCKET_T: Socket activity trace - A file recording socket or network connection activity.

SSLKEYLOG = SSLKEYLOG: SSL keylog file - A file containing SSL/TLS session keys for decrypting network traffic.

TEXT = TEXT: Text file - A plain text file, such as TXT or LOG.

VIDEO = VIDEO: Video - A file containing video content, such as MP4, AVI, or MOV.

WEBPAGE = WEBPAGE: Web page - A file containing web page content, such as HTML or XHTML.

default = GENERIC