Autopsy
4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits Closeable.
Classes | |
interface | FileAddProgressUpdater |
Public Member Functions | |
FileManager (SleuthkitCase caseDb) | |
synchronized LayoutFile | addCarvedFile (String fileName, long fileSize, long parentObjId, List< TskFileRange > layout) throws TskCoreException |
synchronized List< LayoutFile > | addCarvedFiles (CarvingResult carvingResult) throws TskCoreException |
synchronized List< LayoutFile > | addCarvedFiles (List< org.sleuthkit.datamodel.CarvedFileContainer > filesToAdd) throws TskCoreException |
synchronized DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException |
synchronized DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException |
synchronized LocalFilesDataSource | addLocalFilesDataSource (String deviceId, String rootVirtualDirectoryName, String timeZone, List< String > localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException, TskDataException |
synchronized VirtualDirectory | addLocalFilesDirs (List< String > localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException |
synchronized void | close () throws IOException |
synchronized List< AbstractFile > | findFiles (String fileName) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (String fileName, String parentName) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (String fileName, AbstractFile parent) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (Content dataSource, String fileName) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (Content dataSource, String fileName, String parentName) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (Content dataSource, String fileName, AbstractFile parent) throws TskCoreException |
synchronized List< AbstractFile > | findFilesByMimeType (Collection< String > mimeTypes) throws TskCoreException |
synchronized List< AbstractFile > | findFilesByMimeType (Content dataSource, Collection< String > mimeTypes) throws TskCoreException |
synchronized List< AbstractFile > | openFiles (Content dataSource, String filePath) throws TskCoreException |
Private Member Functions | |
AbstractFile | addLocalFile (CaseDbTransaction trans, VirtualDirectory parentDirectory, java.io.File localFile, TskData.EncodingType encodingType, FileAddProgressUpdater progressUpdater) throws TskCoreException |
AbstractFile | addLocalFile (CaseDbTransaction trans, VirtualDirectory parentDirectory, java.io.File localFile, FileAddProgressUpdater progressUpdater) throws TskCoreException |
List< java.io.File > | getFilesAndDirectories (List< String > localFilePaths) throws TskDataException |
Static Private Member Functions | |
static String | createFileTypeInCondition (Collection< String > mimeTypes) |
static synchronized String | generateFilesDataSourceName (SleuthkitCase caseDb) throws TskCoreException |
Private Attributes | |
SleuthkitCase | caseDb |
Static Private Attributes | |
static final Logger | LOGGER = Logger.getLogger(FileManager.class.getName()) |
A manager that provides methods for retrieving files from the current case and for adding local files, carved files, and derived files to the current case.
Definition at line 56 of file FileManager.java.
org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager | ( | SleuthkitCase | caseDb | ) |
Constructs a manager that provides methods for retrieving files from the current case and for adding local files, carved files, and derived files to the current case.
caseDb | The case database. |
Definition at line 68 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.caseDb.
synchronized LayoutFile org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFile | ( | String | fileName, |
long | fileSize, | ||
long | parentObjId, | ||
List< TskFileRange > | layout | ||
) | throws TskCoreException |
Adds a carved file to the '$CarvedFiles' virtual directory of a data source, volume or file system.
fileName | The name of the file. |
fileSize | The size of the file. |
parentObjId | The object id of the parent data source, volume or file system. |
layout | A list of the offsets and sizes that gives the layout of the file within its parent. |
TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 599 of file FileManager.java.
synchronized List<LayoutFile> org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFiles | ( | CarvingResult | carvingResult | ) | throws TskCoreException |
Adds a carving result to the case database.
carvingResult | The carving result (a set of carved files and their parent) to be added. |
TskCoreException | If there is a problem completing a case database operation. |
Definition at line 342 of file FileManager.java.
synchronized List<LayoutFile> org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFiles | ( | List< org.sleuthkit.datamodel.CarvedFileContainer > | filesToAdd | ) | throws TskCoreException |
Adds a collection of carved files to the '$CarvedFiles' virtual directory of a data source, volume or file system.
filesToAdd | A collection of CarvedFileContainer objects, one per carved file, all of which must have the same parent object id. |
TskCoreException | if there is a problem adding the files to the case database. |
Definition at line 626 of file FileManager.java.
synchronized DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parentFile, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails, | ||
TskData.EncodingType | encodingType | ||
) | throws TskCoreException |
Adds a derived file to the case.
fileName | The name of the file. |
localPath | The local path of the file, relative to the case folder and including the file name. |
size | The size of the file in bytes. |
ctime | The change time of the file. |
crtime | The create time of the file |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
isFile | True if a file, false if a directory. |
parentFile | The parent file from which the file was derived. |
rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
toolName | The name of the derivation method or tool, currently unused. |
toolVersion | The version of the derivation method or tool, currently unused. |
otherDetails | Other details of the derivation method or tool, currently unused. |
encodingType | Type of encoding used on the file |
TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 315 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.addDerivedFilesToCaseRec(), org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.handleAttachments(), and org.sleuthkit.autopsy.externalresults.ExternalResultsImporter.importDerivedFiles().
synchronized DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parentFile, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails | ||
) | throws TskCoreException |
Adds a derived file to the case.
fileName | The name of the file. |
localPath | The local path of the file, relative to the case folder and including the file name. |
size | The size of the file in bytes. |
ctime | The change time of the file. |
crtime | The create time of the file |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
isFile | True if a file, false if a directory. |
parentFile | The parent file from which the file was derived. |
rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
toolName | The name of the derivation method or tool, currently unused. |
toolVersion | The version of the derivation method or tool, currently unused. |
otherDetails | Other details of the derivation method or tool, currently unused. |
TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 664 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile().
|
private |
Adds a file or directory of logical/local files data source to the case database, recursively adding the contents of directories.
trans | A case database transaction. |
parentDirectory | The root virtual direcotry of the data source. |
localFile | The local/logical file or directory. |
encodingType | Type of encoding used when storing the file |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If there is a problem completing a database operation. |
Definition at line 513 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile(), and org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
|
private |
Adds a file or directory of logical/local files data source to the case database, recursively adding the contents of directories.
trans | A case database transaction. |
parentDirectory | The root virtual direcotry of the data source. |
localFile | The local/logical file or directory. |
progressUpdater | notifier to receive progress notifications on folders added, or null if not used |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If there is a problem completing a database operation. |
Definition at line 698 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile().
synchronized LocalFilesDataSource org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource | ( | String | deviceId, |
String | rootVirtualDirectoryName, | ||
String | timeZone, | ||
List< String > | localFilePaths, | ||
FileAddProgressUpdater | progressUpdater | ||
) | throws TskCoreException, TskDataException |
Adds a set of local/logical files and/or directories to the case database as data source.
deviceId | An ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). |
rootVirtualDirectoryName | The name to give to the virtual directory that will serve as the root for the local/logical files and/or directories that compose the data source. Pass the empty string to get a default name of the form: LogicalFileSet[N] |
timeZone | The time zone used to process the data source, may be the empty string. |
localFilePaths | A list of local/logical file and/or directory localFilePaths. |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If there is a problem completing a database operation. |
TskDataException | if any of the local file paths is for a file or directory that does not exist or cannot be read. |
Definition at line 391 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile(), org.sleuthkit.autopsy.ingest.IngestServices.fireModuleContentEvent(), org.sleuthkit.autopsy.casemodule.services.FileManager.generateFilesDataSourceName(), org.sleuthkit.autopsy.casemodule.services.FileManager.getFilesAndDirectories(), and org.sleuthkit.autopsy.ingest.IngestServices.getInstance().
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs().
synchronized VirtualDirectory org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs | ( | List< String > | localFilePaths, |
FileAddProgressUpdater | progressUpdater | ||
) | throws TskCoreException |
Adds a set of local/logical files and/or directories to the case database as data source.
localFilePaths | A list of local/logical file and/or directory localFilePaths. |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If any of the local file paths is for a file or directory that does not exist or cannot be read, or there is a problem completing a database operation. |
Definition at line 569 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
synchronized void org.sleuthkit.autopsy.casemodule.services.FileManager.close | ( | ) | throws IOException |
Closes the file manager.
IOException | If there is a problem closing the file manager. |
Definition at line 546 of file FileManager.java.
|
staticprivate |
Converts a list of MIME types into an SQL "mime_type IN" condition.
mimeTypes | The MIIME types. |
Definition at line 115 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName | ) | throws TskCoreException |
Finds all files and directories with a given file name. The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
fileName | The full or partial file name. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 132 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName, |
String | parentName | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory name. The name searches are for full or partial matches and are case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
fileName | The full or partial file name. |
parentName | The full or partial parent file or directory name. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 158 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName, |
AbstractFile | parent | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory. The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
fileName | The full or partial file name. |
parent | The parent file or directory. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 184 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
String | fileName | ||
) | throws TskCoreException |
Finds all files and directories with a given file name in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
dataSource | The data source. |
fileName | The full or partial file name. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 210 of file FileManager.java.
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
String | fileName, | ||
String | parentName | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory name in a given data source (image, local/logical files set, etc.). The name searches are for full or partial matches and are case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
dataSource | The data source. |
fileName | The full or partial file name. |
parentName | The full or partial parent file or directory name. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 233 of file FileManager.java.
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
String | fileName, | ||
AbstractFile | parent | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and given parent file or directory in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
dataSource | The data source. |
fileName | The full or partial file name. |
parent | The parent file or directory. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 256 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType | ( | Collection< String > | mimeTypes | ) | throws TskCoreException |
Finds all files with types that match one of a collection of MIME types.
mimeTypes | The MIME types. |
TskCoreException | If there is a problem querying the case database. |
Definition at line 82 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createFileTypeInCondition().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType | ( | Content | dataSource, |
Collection< String > | mimeTypes | ||
) | throws TskCoreException |
Finds all files in a given data source (image, local/logical files set, etc.) with types that match one of a collection of MIME types.
dataSource | The data source. |
mimeTypes | The MIME types. |
TskCoreException | If there is a problem querying the case database. |
Definition at line 101 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createFileTypeInCondition().
|
staticprivate |
Generates a name for the root virtual directory for the data source.
NOTE: Although this method is guarded by the file manager's monitor, there is currently a minimal chance of default name duplication for multi-user cases with multiple FileManagers running on different nodes.
TskCoreException | If there is a problem querying the case database. |
Definition at line 455 of file FileManager.java.
References org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode.LOGICAL_FILE_SET_PREFIX.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
|
private |
Converts a list of local/logical file and/or directory paths to a list of file objects.
localFilePaths | A list of local/logical file and/or directory paths. |
TskDataException | if any of the paths is for a file or directory that does not exist or cannot be read. |
Definition at line 482 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.openFiles | ( | Content | dataSource, |
String | filePath | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and path in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database). Any path components at the volume level and above are removed for the search.
dataSource | The data source. |
filePath | The file path (path components volume at the volume level or above will be removed). |
TskCoreException | if there is a problem querying the case database. |
Definition at line 279 of file FileManager.java.
|
private |
Definition at line 59 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager().
|
staticprivate |
Definition at line 58 of file FileManager.java.
Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.