|
Autopsy
4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | UnpackedNode |
Private Member Functions | |
| UnpackedNode | addNode (UnpackedNode parent, List< String > tokenPath, List< byte[]> tokenPathBytes) |
| String | bytesToString (byte[] bytes) |
| void | commitCurrentTransaction () throws TskCoreException |
| void | getAllFileObjectsRec (List< AbstractFile > list, UnpackedNode parent) |
| CaseDbTransaction | getCurrentTransaction () throws TskCoreException |
| void | rollbackCurrentTransaction () |
| void | startTransaction () throws TskCoreException |
| void | updateOrAddFileToCaseRec (UnpackedNode node, FileManager fileManager, HashMap< String, ZipFileStatusWrapper > statusMap, String archiveFilePath, Archive parentAr, AbstractFile archiveFile, ConcurrentHashMap< Long, Archive > depthMap) throws TskCoreException |
Private Attributes | |
| CaseDbTransaction | currentTransaction = null |
| int | nodesProcessed = 0 |
| long | transactionCounter = 0 |
Static Private Attributes | |
| static final long | MAX_TRANSACTION_SIZE = 1000 |
Representation of the files in the archive. Used to track of local tree file hierarchy, archive depth, and files created to easily and reliably get parent AbstractFile for unpacked file. So that we don't have to depend on type of traversal of unpacked files handed to us by 7zip unpacker.
Definition at line 1268 of file SevenZipExtractor.java.
|
private |
recursive method that traverses the path
| parent | |
| tokenPath | |
| tokenPathBytes |
Definition at line 1376 of file SevenZipExtractor.java.
|
private |
Convert byte array to string representation.
| bytes | Byte array |
Definition at line 1359 of file SevenZipExtractor.java.
|
private |
Commit the current transaction.
| TskCoreException |
Definition at line 1585 of file SevenZipExtractor.java.
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction().
|
private |
Definition at line 1429 of file SevenZipExtractor.java.
|
private |
Get the current transaction being used in updateOrAddFileToCaseRec(). If there is no transaction, one will be started. After the transaction has been used MAX_TRANSACTION_SIZE, it will be committed and a new transaction will be opened.
| TskCoreException |
Definition at line 1551 of file SevenZipExtractor.java.
References org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.commitCurrentTransaction(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.currentTransaction, and org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.startTransaction().
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.updateOrAddFileToCaseRec().
|
private |
Rollback the current transaction.
Definition at line 1595 of file SevenZipExtractor.java.
|
private |
Open a transaction.
| TskCoreException |
Definition at line 1571 of file SevenZipExtractor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction().
|
private |
Add derived files to the case if they do not exist, update the derived file data if the new file contains more information than the existing one, and do nothing if the existing information is complete.
| node | - the UnpackedNode for the file which is being added or updated |
| fileManager | - the file manager to perform the adding or updating |
| statusMap | - the map of existing files and their status |
| archiveFilePath | - the archive file path for the unpacked node |
| parentAr | - the parent archive as an Archive object |
| archiveFile | - the parent archive as an AbstractFile |
| depthMap | - the depth map (to prevent zip bombs) |
| TskCoreException |
Definition at line 1464 of file SevenZipExtractor.java.
References org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatus.EXISTS, org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatusWrapper.getFile(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatusWrapper.getStatus(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatusWrapper.setStatus(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatus.SKIP, and org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatus.UPDATE.
|
private |
Definition at line 1278 of file SevenZipExtractor.java.
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction().
|
staticprivate |
Definition at line 1280 of file SevenZipExtractor.java.
|
private |
Definition at line 1271 of file SevenZipExtractor.java.
|
private |
Definition at line 1279 of file SevenZipExtractor.java.
Copyright © 2012-2022 Basis Technology. Generated on: Sun Mar 26 2023
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.