|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits Closeable.
Classes | |
| interface | FileAddProgressUpdater |
Public Member Functions | |
| FileManager (SleuthkitCase caseDb) | |
| LayoutFile | addCarvedFile (String fileName, long fileSize, long parentObjId, List< TskFileRange > layout) throws TskCoreException |
| List< LayoutFile > | addCarvedFiles (CarvingResult carvingResult) throws TskCoreException |
| List< LayoutFile > | addCarvedFiles (List< org.sleuthkit.datamodel.CarvedFileContainer > filesToAdd) throws TskCoreException |
| DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException |
| DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException |
| LocalFilesDataSource | addLocalFilesDataSource (String deviceId, String rootVirtualDirectoryName, String timeZone, List< String > localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException, TskDataException |
| LocalFilesDataSource | addLocalFilesDataSource (String deviceId, String rootVirtualDirectoryName, String timeZone, Host host, List< String > localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException, TskDataException |
| VirtualDirectory | addLocalFilesDirs (List< String > localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException |
| void | close () throws IOException |
| List< AbstractFile > | findFiles (String fileName) throws TskCoreException |
| List< AbstractFile > | findFiles (String fileName, String parentSubString) throws TskCoreException |
| List< AbstractFile > | findFiles (String fileName, AbstractFile parent) throws TskCoreException |
| List< AbstractFile > | findFiles (Content dataSource, String fileName) throws TskCoreException |
| List< AbstractFile > | findFiles (Content dataSource, String fileName, String parentSubString) throws TskCoreException |
| List< AbstractFile > | findFiles (Content dataSource, String fileName, AbstractFile parent) throws TskCoreException |
| List< AbstractFile > | findFilesByMimeType (Collection< String > mimeTypes) throws TskCoreException |
| List< AbstractFile > | findFilesByMimeType (Content dataSource, Collection< String > mimeTypes) throws TskCoreException |
| List< AbstractFile > | findFilesByParentPath (long dataSourceObjectID, String parentPath) throws TskCoreException |
| List< AbstractFile > | findFilesExactName (long parentId, String name) throws TskCoreException |
| List< AbstractFile > | openFiles (Content dataSource, String filePath) throws TskCoreException |
| DerivedFile | updateDerivedFile (DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException |
Private Member Functions | |
| AbstractFile | addLocalFile (CaseDbTransaction trans, SpecialDirectory parentDirectory, java.io.File localFile, TskData.EncodingType encodingType, FileAddProgressUpdater progressUpdater) throws TskCoreException |
| AbstractFile | addLocalFile (CaseDbTransaction trans, SpecialDirectory parentDirectory, java.io.File localFile, FileAddProgressUpdater progressUpdater) throws TskCoreException |
| List< java.io.File > | getFilesAndDirectories (List< String > localFilePaths) throws TskDataException |
Static Private Member Functions | |
| static String | createFileTypeInCondition (Collection< String > mimeTypes) |
| static String | createParentPathCondition (long dataSourceObjectID, String parentPath) |
| static String | generateFilesDataSourceName (SleuthkitCase caseDb) throws TskCoreException |
Private Attributes | |
| final SleuthkitCase | caseDb |
Static Private Attributes | |
| static final Logger | LOGGER = Logger.getLogger(FileManager.class.getName()) |
A manager that provides methods for retrieving files from the current case and for adding local files, carved files, and derived files to the current case.
Definition at line 60 of file FileManager.java.
| org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager | ( | SleuthkitCase | caseDb | ) |
Constructs a manager that provides methods for retrieving files from the current case and for adding local files, carved files, and derived files to the current case.
| caseDb | The case database. |
Definition at line 72 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.caseDb.
| LayoutFile org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFile | ( | String | fileName, |
| long | fileSize, | ||
| long | parentObjId, | ||
| List< TskFileRange > | layout | ||
| ) | throws TskCoreException |
Adds a carved file to the '$CarvedFiles' virtual directory of a data source, volume or file system.
| fileName | The name of the file. |
| fileSize | The size of the file. |
| parentObjId | The object id of the parent data source, volume or file system. |
| layout | A list of the offsets and sizes that gives the layout of the file within its parent. |
| TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 664 of file FileManager.java.
| List<LayoutFile> org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFiles | ( | CarvingResult | carvingResult | ) | throws TskCoreException |
Adds a carving result to the case database.
| carvingResult | The carving result (a set of carved files and their parent) to be added. |
| TskCoreException | If there is a problem completing a case database operation. |
Definition at line 380 of file FileManager.java.
| List<LayoutFile> org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFiles | ( | List< org.sleuthkit.datamodel.CarvedFileContainer > | filesToAdd | ) | throws TskCoreException |
Adds a collection of carved files to the '$CarvedFiles' virtual directory of a data source, volume or file system.
| filesToAdd | A collection of CarvedFileContainer objects, one per carved file, all of which must have the same parent object id. |
| TskCoreException | if there is a problem adding the files to the case database. |
Definition at line 688 of file FileManager.java.
| DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile | ( | String | fileName, |
| String | localPath, | ||
| long | size, | ||
| long | ctime, | ||
| long | crtime, | ||
| long | atime, | ||
| long | mtime, | ||
| boolean | isFile, | ||
| Content | parentObj, | ||
| String | rederiveDetails, | ||
| String | toolName, | ||
| String | toolVersion, | ||
| String | otherDetails, | ||
| TskData.EncodingType | encodingType | ||
| ) | throws TskCoreException |
Adds a derived file to the case.
| fileName | The name of the file. |
| localPath | The local path of the file, relative to the case folder and including the file name. |
| size | The size of the file in bytes. |
| ctime | The change time of the file. |
| crtime | The create time of the file |
| atime | The accessed time of the file. |
| mtime | The modified time of the file. |
| isFile | True if a file, false if a directory. |
| parentObj | The parent object from which the file was derived. |
| rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
| toolName | The name of the derivation method or tool, currently unused. |
| toolVersion | The version of the derivation method or tool, currently unused. |
| otherDetails | Other details of the derivation method or tool, currently unused. |
| encodingType | Type of encoding used on the file |
| TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 315 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile(), and org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.handleAttachments().
| DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile | ( | String | fileName, |
| String | localPath, | ||
| long | size, | ||
| long | ctime, | ||
| long | crtime, | ||
| long | atime, | ||
| long | mtime, | ||
| boolean | isFile, | ||
| AbstractFile | parentFile, | ||
| String | rederiveDetails, | ||
| String | toolName, | ||
| String | toolVersion, | ||
| String | otherDetails | ||
| ) | throws TskCoreException |
Adds a derived file to the case.
| fileName | The name of the file. |
| localPath | The local path of the file, relative to the case folder and including the file name. |
| size | The size of the file in bytes. |
| ctime | The change time of the file. |
| crtime | The create time of the file |
| atime | The accessed time of the file. |
| mtime | The modified time of the file. |
| isFile | True if a file, false if a directory. |
| parentFile | The parent file from which the file was derived. |
| rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
| toolName | The name of the derivation method or tool, currently unused. |
| toolVersion | The version of the derivation method or tool, currently unused. |
| otherDetails | Other details of the derivation method or tool, currently unused. |
| TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 723 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile().
|
private |
Adds a file or directory of logical/local files data source to the case database, recursively adding the contents of directories.
| trans | A case database transaction. |
| parentDirectory | The root virtual directory of the data source or the parent local directory. |
| localFile | The local/logical file or directory. |
| encodingType | Type of encoding used when storing the file |
| progressUpdater | Called after each file/directory is added to the case database. |
| TskCoreException | If there is a problem completing a database operation. |
Definition at line 576 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile(), and org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
|
private |
Adds a file or directory of logical/local files data source to the case database, recursively adding the contents of directories.
| trans | A case database transaction. |
| parentDirectory | The root virtual directory of the data source or the parent local directory. |
| localFile | The local/logical file or directory. |
| progressUpdater | notifier to receive progress notifications on folders added, or null if not used. Called after each file/directory is added to the case database. |
| TskCoreException | If there is a problem completing a database operation. |
Definition at line 754 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile().
| LocalFilesDataSource org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource | ( | String | deviceId, |
| String | rootVirtualDirectoryName, | ||
| String | timeZone, | ||
| List< String > | localFilePaths, | ||
| FileAddProgressUpdater | progressUpdater | ||
| ) | throws TskCoreException, TskDataException |
Adds a set of local/logical files and/or directories to the case database as data source.
| deviceId | An ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). |
| rootVirtualDirectoryName | The name to give to the virtual directory that will serve as the root for the local/logical files and/or directories that compose the data source. Pass the empty string to get a default name of the form: LogicalFileSet[N] |
| timeZone | The time zone used to process the data source, may be the empty string. |
| localFilePaths | A list of local/logical file and/or directory localFilePaths. |
| progressUpdater | Called after each file/directory is added to the case database. |
| TskCoreException | If there is a problem completing a database operation. |
| TskDataException | if any of the local file paths is for a file or directory that does not exist or cannot be read. |
Definition at line 426 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs(), and org.sleuthkit.autopsy.datasourceprocessors.xry.XRYDataSourceProcessor.XRYReportProcessorSwingWorker.doInBackground().
| LocalFilesDataSource org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource | ( | String | deviceId, |
| String | rootVirtualDirectoryName, | ||
| String | timeZone, | ||
| Host | host, | ||
| List< String > | localFilePaths, | ||
| FileAddProgressUpdater | progressUpdater | ||
| ) | throws TskCoreException, TskDataException |
Adds a set of local/logical files and/or directories to the case database as data source.
| deviceId | An ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). |
| rootVirtualDirectoryName | The name to give to the virtual directory that will serve as the root for the local/logical files and/or directories that compose the data source. Pass the empty string to get a default name of the form: LogicalFileSet[N] |
| timeZone | The time zone used to process the data source, may be the empty string. |
| host | The host for this data source (may be null). |
| localFilePaths | A list of local/logical file and/or directory localFilePaths. |
| progressUpdater | Called after each file/directory is added to the case database. |
| TskCoreException | If there is a problem completing a database operation. |
| TskDataException | if any of the local file paths is for a file or directory that does not exist or cannot be read. |
Definition at line 459 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile(), org.sleuthkit.autopsy.ingest.IngestServices.fireModuleContentEvent(), org.sleuthkit.autopsy.casemodule.services.FileManager.generateFilesDataSourceName(), org.sleuthkit.autopsy.casemodule.services.FileManager.getFilesAndDirectories(), and org.sleuthkit.autopsy.ingest.IngestServices.getInstance().
| VirtualDirectory org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs | ( | List< String > | localFilePaths, |
| FileAddProgressUpdater | progressUpdater | ||
| ) | throws TskCoreException |
Adds a set of local/logical files and/or directories to the case database as data source.
| localFilePaths | A list of local/logical file and/or directory localFilePaths. |
| progressUpdater | Called after each file/directory is added to the case database. |
| TskCoreException | If any of the local file paths is for a file or directory that does not exist or cannot be read, or there is a problem completing a database operation. |
Definition at line 637 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
| void org.sleuthkit.autopsy.casemodule.services.FileManager.close | ( | ) | throws IOException |
Closes the file manager.
| IOException | If there is a problem closing the file manager. |
Definition at line 611 of file FileManager.java.
|
staticprivate |
Converts a list of MIME types into an SQL "mime_type IN" condition.
| mimeTypes | The MIIME types. |
Definition at line 143 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType().
|
staticprivate |
Converts a data source object id and a parent path into SQL data_source_obj_id = ? AND parent_path LIKE ?%
| dataSourceObjectID | |
| parentPath |
Definition at line 157 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByParentPath().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName | ) | throws TskCoreException |
Finds all files and directories with a given file name. The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
| fileName | The full name or a pattern to match on part of the name |
| TskCoreException | if there is a problem querying the case database. |
Definition at line 173 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.extractFilesFromDataSource(), org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.extractFilesFromDataSource(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.findAbstractFile(), org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles(), and org.sleuthkit.autopsy.modules.plaso.PlasoIngestModule.getAbstractFile().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName, |
| String | parentSubString | ||
| ) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory name. The name searches are for full or partial matches and are case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
| fileName | The full name or a pattern to match on part of the name |
| parentSubString | Substring that must exist in parent path. Will be surrounded by % in LIKE query. |
| TskCoreException | if there is a problem querying the case database. |
Definition at line 198 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName, |
| AbstractFile | parent | ||
| ) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory. The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
| fileName | The full name or a pattern to match on part of the name |
| parent | The parent file or directory. |
| TskCoreException | if there is a problem querying the case database. |
Definition at line 221 of file FileManager.java.
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
| String | fileName | ||
| ) | throws TskCoreException |
Finds all files and directories with a given file name in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
| dataSource | The data source. |
| fileName | The full name or a pattern to match on part of the name |
| TskCoreException | if there is a problem querying the case database. |
Definition at line 239 of file FileManager.java.
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
| String | fileName, | ||
| String | parentSubString | ||
| ) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory name in a given data source (image, local/logical files set, etc.). The name searches are for full or partial matches and are case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
| dataSource | The data source. |
| fileName | The full name or a pattern to match on part of the name |
| parentSubString | Substring that must exist in parent path. Will be surrounded by % in LIKE query. |
| TskCoreException | if there is a problem querying the case database. |
Definition at line 261 of file FileManager.java.
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
| String | fileName, | ||
| AbstractFile | parent | ||
| ) | throws TskCoreException |
Finds all files and directories with a given file name and given parent file or directory in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
| dataSource | The data source. |
| fileName | The full name or a pattern to match on part of the name |
| parent | The parent file or directory. |
| TskCoreException | if there is a problem querying the case database. |
Definition at line 777 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType | ( | Collection< String > | mimeTypes | ) | throws TskCoreException |
Finds all files with types that match one of a collection of MIME types.
| mimeTypes | The MIME types. |
| TskCoreException | If there is a problem querying the case database. |
Definition at line 86 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createFileTypeInCondition().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType | ( | Content | dataSource, |
| Collection< String > | mimeTypes | ||
| ) | throws TskCoreException |
Finds all files in a given data source (image, local/logical files set, etc.) with types that match one of a collection of MIME types.
| dataSource | The data source. |
| mimeTypes | The MIME types. |
| TskCoreException | If there is a problem querying the case database. |
Definition at line 118 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createFileTypeInCondition().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByParentPath | ( | long | dataSourceObjectID, |
| String | parentPath | ||
| ) | throws TskCoreException |
Finds all parent_paths that match the specified parentPath and are in the specified data source.
| dataSourceObjectID | - the id of the data source to get files from |
| parentPath | - the parent path that all files should be like |
| TskCoreException | If there is a problem querying the case database. |
Definition at line 102 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createParentPathCondition().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesExactName | ( | long | parentId, |
| String | name | ||
| ) | throws TskCoreException |
Find all files with the exact given name and parentId.
| parentId | Id of the parent folder to search. |
| name | Exact file name to match. |
| TskCoreException |
Definition at line 132 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile(), and org.sleuthkit.autopsy.coreutils.SQLiteTableReader.findAndCopySQLiteMetaFile().
|
staticprivate |
Generates a name for the root virtual directory for the data source.
NOTE: Although this method is guarded by the file manager's monitor, there is currently a minimal chance of default name duplication for multi-user cases with multiple FileManagers running on different nodes.
| TskCoreException | If there is a problem querying the case database. |
Definition at line 520 of file FileManager.java.
References org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode.LOGICAL_FILE_SET_PREFIX.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
|
private |
Converts a list of local/logical file and/or directory paths to a list of file objects.
| localFilePaths | A list of local/logical file and/or directory paths. |
| TskDataException | if any of the paths is for a file or directory that does not exist or cannot be read. |
Definition at line 547 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
| List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.openFiles | ( | Content | dataSource, |
| String | filePath | ||
| ) | throws TskCoreException |
Finds all files and directories with a given file name and path in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database). Any path components at the volume level and above are removed for the search.
| dataSource | The data source. |
| filePath | The file path (path components volume at the volume level or above will be removed). |
| TskCoreException | if there is a problem querying the case database. |
Definition at line 282 of file FileManager.java.
| DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.updateDerivedFile | ( | DerivedFile | derivedFile, |
| String | localPath, | ||
| long | size, | ||
| long | ctime, | ||
| long | crtime, | ||
| long | atime, | ||
| long | mtime, | ||
| boolean | isFile, | ||
| String | mimeType, | ||
| String | rederiveDetails, | ||
| String | toolName, | ||
| String | toolVersion, | ||
| String | otherDetails, | ||
| TskData.EncodingType | encodingType | ||
| ) | throws TskCoreException |
Update a derived file which already exists in the the case.
| derivedFile | The derived file you wish to update |
| localPath | The local path of the file, relative to the case folder and including the file name. |
| size | The size of the file in bytes. |
| ctime | The change time of the file. |
| crtime | The create time of the file |
| atime | The accessed time of the file. |
| mimeType | The MIME type the updated file should have, null to unset it |
| mtime | The modified time of the file. |
| isFile | True if a file, false if a directory. |
| rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
| toolName | The name of the derivation method or tool, currently unused. |
| toolVersion | The version of the derivation method or tool, currently unused. |
| otherDetails | Other details of the derivation method or tool, currently unused. |
| encodingType | Type of encoding used on the file |
| TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 358 of file FileManager.java.
|
private |
Definition at line 63 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager().
|
staticprivate |
Definition at line 62 of file FileManager.java.
Copyright © 2012-2022 Basis Technology. Generated on: Tue May 30 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.