GET /forensics/capture/recoveries

Retrieves a list of capture recoveries.

Retrieves a list of recoveries.

Table 1. GET /forensics/capture/recoveries resource details
MIME Type
application/json

Table 2. GET /forensics/capture/recoveries request parameter details
Parameter	Type	Optionality	Data Type	MIME Type	Description
filter	query	Optional	String	text/plain	Optional - This parameter is used to restrict the elements in a list base on the contents of various fields.
Range	header	Optional	String	text/plain	Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero.
fields	query	Optional	String	text/plain	Optional - Use this parameter to specify which fields you would like to get back in the response. Fields that are not named are excluded. Specify subfields in brackets and multiple fields in the same object are separated by commas.

Table 3. GET /forensics/capture/recoveries response codes
HTTP Response Code	Unique Code	Description
200		The Workflow Recovery Jobs were retrieved.
500	1020	An error occurred while the recovery job list was being retrieved.

Response Description

A list of recoveries. A recovery contains the following fields:

assigned_to - String - The username of the user the recovery is assigned to.
bpf - String - The Berkeley Packet Filter to pass to the capture device.
case_id - String - ID of the case where the collection(s) are created.
collection_name_suffix - String - Suffix that is used to name the collection(s) to store the recovered data in.
id - Long - ID for the recovery.
recovery_task_ids - Long Array - IDs for all recovery tasks belonging to this recovery.
recovery_window_end_time - Long - End of time range for data recovery.
recovery_window_start_time - Long - Start of time range for data recovery.
tags - String - Identifiers applied to recovered data to assist with grouping when searching. These are user supplied string identifiers that are used to mark the data so the user can easily look up the data later.

Response Sample


[
    {
        "assigned_to": "String",
        "bpf": "String",
        "case_id": 42,
        "collection_name_suffix": "String",
        "id": 42,
        "recovery_task_ids": [
            42
        ],
        "recovery_window_end_time": 42,
        "recovery_window_start_time": 42,
        "session_ids": [
            "String"
        ],
        "tags": [
            "String"
        ]
    }
]