|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Static Public Member Functions | |
| static< T > boolean | extractResourceToUserConfigDir (final Class< T > resourceClass, final String resourceFileName, boolean overWrite) throws IOException |
| static String | getAllMemUsageInfo () |
| static String | getDefaultPlatformCharset () |
| static String | getDefaultPlatformFileEncoding () |
| static String | getInstallModulesPath () |
| static String | getInstallPath () |
| static synchronized String | getJavaPath () |
| static synchronized long | getJavaPID (String sigarSubQuery) |
| static synchronized long[] | getJavaPIDs (String argsSubQuery) |
| static String | getJvmMemInfo () |
| static String | getLogDirectory () |
| static String | getLogFileEncoding () |
| static String | getModuleConfigDirectory () |
| static String | getObjectDetectionClassifierPath () |
| static List< String > | getOcrLanguagePacks () |
| static String | getOcrLanguagePacksPath () |
| static String | getOSArch () |
| static String | getOSFilePath (String origFilePath) |
| static String | getOSName () |
| static String | getOSVersion () |
| static List< LocalDisk > | getPartitions () |
| static List< LocalDisk > | getPhysicalDrives () |
| static String | getPhysicalMemInfo () |
| static synchronized long | getPID () |
| static synchronized long | getProcessVirtualMemoryUsed () |
| static List< String > | getProjectsDirs () |
| static String | getUserConfigDirectory () |
| static File | getUserDirectory () |
| static String | getUserModulesPath () |
| static String | getUserPythonModulesPath () |
| static boolean | is64BitJVM () |
| static boolean | is64BitOS () |
| static boolean | isWindowsOS () |
| static synchronized void | killProcess (long pid) |
Static Public Attributes | |
| static final String | OS_ARCH_UNKNOWN = NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.archUnknown") |
| static final String | OS_NAME_UNKNOWN = NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.nameUnknown") |
| static final String | OS_VERSION_UNKNOWN = NbBundle.getMessage(PlatformUtil.class, "PlatformUtil.verUnknown") |
Static Private Member Functions | |
| static boolean | canReadDrive (String diskPath) |
| static String | convertSqlLikeToRegex (String originalLikeStatement) |
Static Private Attributes | |
| static final String | CLASSIFIERS_SUBDIRECTORY = "object_detection_classifiers" |
| static String | javaPath = null |
| static volatile MemoryMXBean | memoryManager = null |
| static final String | OCR_LANGUAGE_PACK_EXT = "traineddata" |
| static final String | OCR_LANGUAGE_SUBDIRECTORY = "ocr_language_packs" |
| static volatile long | pid = -1 |
| static final String | PYTHON_MODULES_SUBDIRECTORY = "python_modules" |
Platform utilities
Definition at line 58 of file PlatformUtil.java.
|
staticprivate |
Are we able to read this drive? Usually related to admin permissions.
For all drives and partitions, we are using Java's ability to read the first byte of a drive to determine if TSK would be able to read the drive during the add image process. This returns whether the drive is readable or not far faster than validating if TSK can open the drive. We are assuming the results are almost exactly the same.
| diskPath | path to the disk we want to read |
| IOException | if we fail to read |
Definition at line 487 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getPartitions(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.getPhysicalDrives().
|
staticprivate |
Performs a simple conversion of a sql like statement to regex replacing '' and '_' in a like statement with regex equivalents.
| originalLikeStatement | The original like statement. |
Definition at line 540 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getJavaPIDs().
|
static |
Utility to extract a resource file to a user configuration directory, if it does not exist - useful for setting up default configurations.
| resourceClass | class in the same package as the resourceFile to extract |
| resourceFileName | Name of the resource file to extract |
| overWrite | true to overwrite an existing resource |
| IOException | exception thrown if extract the file failed for IO reasons |
Definition at line 283 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserConfigDirectory().
Referenced by org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.configExtractor(), org.sleuthkit.autopsy.report.ReportBranding.extractDefaultGeneratorLogo(), org.sleuthkit.autopsy.coreutils.XMLUtil.validateDocument(), and org.sleuthkit.autopsy.coreutils.XMLUtil.xmlIsValid().
|
static |
Return formatted string with all memory usage (jvm, physical, native)
Definition at line 713 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getJvmMemInfo(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getPhysicalMemInfo(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.getProcessVirtualMemoryUsed().
Referenced by org.sleuthkit.autopsy.ingest.IngestMonitor.MonitorTimerAction.logMemoryUsage().
|
static |
Definition at line 261 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.Installer.restored(), and org.sleuthkit.autopsy.keywordsearch.Server.InputStreamPrinterThread.run().
|
static |
Definition at line 257 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.Installer.restored().
|
static |
Get root path where the application modules are installed
Definition at line 88 of file PlatformUtil.java.
|
static |
Get root path where the application is installed
Definition at line 76 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.getAutopsyExePath(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getJavaPath(), and org.sleuthkit.autopsy.livetriage.CreateLiveTriageDriveAction.performAction().
|
static |
get file path to the java executable binary use embedded java if available, otherwise use system java in PATH no validation is done if java exists in PATH
Definition at line 173 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getInstallPath(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.javaPath.
|
static |
Query and get PID of another java process
| sigarSubQuery | a sigar subquery to identify a unique java process among other java processes, for example, by class name, use: Args.*.eq=org.jboss.Main more examples here: http://support.hyperic.com/display/SIGAR/PTQL |
Definition at line 526 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getJavaPIDs().
|
static |
Query and get PIDs of another java processes matching a query
| argsSubQuery | A like query for command line arguments |
Definition at line 583 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.convertSqlLikeToRegex(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS().
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getJavaPID().
|
static |
Return formatted string with Jvm heap and non-heap memory usage
Definition at line 679 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getAllMemUsageInfo().
|
static |
Get log directory path
Definition at line 252 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.casemodule.Case.close(), and org.sleuthkit.autopsy.actions.ThreadDumpAction.ThreadDumper.createFilePath().
|
static |
Definition at line 265 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.apputils.ApplicationLoggers.getLogger().
|
static |
Get module config directory path
Definition at line 243 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserConfigDirectory().
Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetsManager.getCustomFileIngestFilters(), org.sleuthkit.autopsy.modules.interestingitems.FilesSetsManager.getInterestingFilesSets(), and org.sleuthkit.autopsy.core.UserPreferences.getSharedPreferencePath().
|
static |
Get root path where the user's object detection classifiers are stored.
Definition at line 162 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.CLASSIFIERS_SUBDIRECTORY, and org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserDirectory().
Referenced by org.sleuthkit.autopsy.core.Installer.ensureClassifierFolderExists().
|
static |
Get the names of the language packs installed at the user directory.
Definition at line 142 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getOcrLanguagePacksPath().
|
static |
Get root path where the user's Ocr language packs are stored.
Definition at line 133 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserDirectory(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.OCR_LANGUAGE_SUBDIRECTORY.
Referenced by org.sleuthkit.autopsy.core.Installer.ensureOcrLanguagePacksFolderExists(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.getOcrLanguagePacks().
|
static |
Get OS arch details, or OS_ARCH_UNKNOWN
Definition at line 330 of file PlatformUtil.java.
|
static |
Convert file path (quote) for OS specific
| origFilePath |
Definition at line 350 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS().
|
static |
Get operating system name, or OS_NAME_UNKNOWN
Definition at line 312 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.isWindows(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS().
|
static |
Get operating system version, or OS_VERSION_UNKNOWN
Definition at line 321 of file PlatformUtil.java.
|
static |
Get a list all all the local drives and partitions on the client's machine.
Definition at line 440 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.canReadDrive(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS().
|
static |
Get a list of all physical drives attached to the client's machine. Error threshold of 4 non-existent physical drives before giving up.
Definition at line 389 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.canReadDrive(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS().
|
static |
Return formatted string with physical memory usage
Definition at line 698 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getAllMemUsageInfo().
|
static |
Query and get PID of this process
Definition at line 511 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.Installer.restored().
|
static |
Query and return virtual memory used by the process
Definition at line 669 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getAllMemUsageInfo(), and org.sleuthkit.autopsy.coreutils.Installer.restored().
|
static |
|
static |
Get user config directory path
Definition at line 234 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.report.ReportBranding.extractDefaultGeneratorLogo(), org.sleuthkit.autopsy.coreutils.PlatformUtil.extractResourceToUserConfigDir(), org.sleuthkit.autopsy.apputils.ResetWindowsAction.getCaseToReopenFilePath(), org.sleuthkit.autopsy.core.UserPreferences.getConfigPreferencePath(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getModuleConfigDirectory(), org.sleuthkit.autopsy.ingest.IngestProfiles.getRootSettingsFile(), org.sleuthkit.autopsy.centralrepository.eventlisteners.Installer.getSettingsFilePath(), org.sleuthkit.autopsy.modules.leappanalyzers.LeappFileProcessor.loadConfigFile(), org.sleuthkit.autopsy.apputils.ResetWindowsAction.performAction(), org.sleuthkit.autopsy.report.ReportBranding.ReportBranding(), org.sleuthkit.autopsy.ingest.Installer.upgradeSettings(), org.sleuthkit.autopsy.coreutils.XMLUtil.validateDocument(), and org.sleuthkit.autopsy.coreutils.XMLUtil.xmlIsValid().
|
static |
Get user directory where application wide user settings, cache, temp files are stored
Definition at line 205 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.apputils.ApplicationLoggers.getLogger(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getObjectDetectionClassifierPath(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getOcrLanguagePacksPath(), org.sleuthkit.autopsy.modules.yara.rules.RuleSetManager.getRuleSetPath(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserModulesPath(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserPythonModulesPath(), org.sleuthkit.autopsy.core.AutopsyOptionProcessor.process(), org.sleuthkit.autopsy.keywordsearch.Server.runLocalSolr8ControlCommand(), org.sleuthkit.autopsy.corecomponents.AboutWindowPanel.startVerboseLogging(), and org.sleuthkit.autopsy.centralrepository.eventlisteners.Installer.upgradeSettingsPath().
|
static |
Get root path where the user modules are installed
Definition at line 115 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserDirectory().
|
static |
Get root path where the user Python modules are installed.
Definition at line 124 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserDirectory(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.PYTHON_MODULES_SUBDIRECTORY.
Referenced by org.sleuthkit.autopsy.actions.OpenPythonModulesFolderAction.actionPerformed(), org.sleuthkit.autopsy.core.Installer.ensurePythonModulesFolderExists(), and org.sleuthkit.autopsy.python.JythonModuleLoader.getInterfaceImplementations().
|
static |
Attempts to determine whether the JVM is 64-bit or 32-bit. May not be completely reliable for non-Windows operating systems.
Definition at line 379 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.core.Installer.addGstreamerPathsToEnv(), and org.sleuthkit.autopsy.core.UserPreferences.getMaxSolrVMSize().
|
static |
Attempts to determine whether the operating system is a 64-bit operating system. May not be completely reliable for non-Windows operating systems.
Definition at line 365 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.keywordsearch.KeywordSearchJobSettingsPanel.handleOcrEnabled(), org.sleuthkit.autopsy.casemodule.LocalFilesDSProcessor.locateEwfexportExecutable(), org.sleuthkit.autopsy.modules.plaso.PlasoIngestModule.locateExecutable(), org.sleuthkit.autopsy.modules.yara.YaraIngestModule.startUp(), org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.startUp(), and org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.startUp().
|
static |
Check if running on Windows OS
Definition at line 339 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.getOSName().
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getJavaPIDs(), org.sleuthkit.autopsy.coreutils.UNCPathUtilities.getMappedDrives(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getOSFilePath(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getPartitions(), org.sleuthkit.autopsy.coreutils.PlatformUtil.getPhysicalDrives(), org.sleuthkit.autopsy.testing.AutopsyTestCases.getSystemDiagnostics(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchJobSettingsPanel.handleOcrEnabled(), org.sleuthkit.autopsy.corecomponents.DataContentViewerHex.initComponents(), org.sleuthkit.autopsy.coreutils.PathValidator.isValidForRunningOnTarget(), org.sleuthkit.autopsy.coreutils.PlatformUtil.killProcess(), org.sleuthkit.autopsy.core.Installer.loadDynLibraries(), org.sleuthkit.autopsy.casemodule.UnpackagePortableCaseProgressDialog.UnpackageWorker.locate7ZipExecutable(), org.sleuthkit.autopsy.report.modules.portablecase.PortableCaseReportModule.locate7ZipExecutable(), org.sleuthkit.autopsy.casemodule.LocalFilesDSProcessor.locateEwfexportExecutable(), org.sleuthkit.autopsy.keywordsearch.Server.runLocalSolr8ControlCommand(), org.sleuthkit.autopsy.modules.yara.YaraIngestModule.startUp(), org.sleuthkit.autopsy.modules.leappanalyzers.ALeappAnalyzerIngestModule.startUp(), org.sleuthkit.autopsy.modules.leappanalyzers.ILeappAnalyzerIngestModule.startUp(), and org.sleuthkit.autopsy.modules.plaso.PlasoIngestModule.startUp().
|
static |
Kill a process by PID by sending signal to it using Sigar
| pid | pid of the process to kill |
Definition at line 651 of file PlatformUtil.java.
References org.sleuthkit.autopsy.coreutils.PlatformUtil.isWindowsOS(), and org.sleuthkit.autopsy.coreutils.PlatformUtil.pid.
|
staticprivate |
Definition at line 61 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getObjectDetectionClassifierPath().
|
staticprivate |
Definition at line 64 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getJavaPath().
|
staticprivate |
Definition at line 69 of file PlatformUtil.java.
|
staticprivate |
Definition at line 63 of file PlatformUtil.java.
|
staticprivate |
Definition at line 62 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getOcrLanguagePacksPath().
|
static |
Definition at line 67 of file PlatformUtil.java.
|
static |
Definition at line 65 of file PlatformUtil.java.
|
static |
Definition at line 66 of file PlatformUtil.java.
|
staticprivate |
Definition at line 68 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.killProcess().
|
staticprivate |
Definition at line 60 of file PlatformUtil.java.
Referenced by org.sleuthkit.autopsy.coreutils.PlatformUtil.getUserPythonModulesPath().
Copyright © 2012-2022 Basis Technology. Generated on: Thu Jun 1 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.