|
Autopsy
4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | AppSQLiteDBFileBundle |
Public Member Functions | |
| AbstractFile | attachDatabase (DataSource dataSource, String dbName, String dbPath, String dbAlias) throws SQLException |
| void | close () |
| boolean | columnExists (String tableName, String columnName) throws TskCoreException |
| void | detachDatabase (String dbAlias) throws SQLException |
| AbstractFile | getDBFile () |
| ResultSet | runQuery (String queryStr) throws SQLException |
| boolean | tableExists (String tableName) throws TskCoreException |
Static Public Member Functions | |
| static Collection< AppSQLiteDB > | findAppDatabases (DataSource dataSource, String dbFileName, boolean matchExactName, String parentPathSubstr) |
Private Member Functions | |
| AppSQLiteDB (AppSQLiteDBFileBundle appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException | |
Static Private Member Functions | |
| static Collection< AppSQLiteDBFileBundle > | findAndCopySQLiteDB (DataSource dataSource, String dbName, boolean matchExactName, String dbPath, boolean matchExactPath) throws TskCoreException |
| static void | findAndCopySQLiteMetaFile (AbstractFile sqliteFile, String metaFileName) throws NoCurrentCaseException, TskCoreException, IOException |
Private Attributes | |
| final Connection | connection |
| final AbstractFile | dbAbstractFile |
| final Logger | logger = Logger.getLogger(AppSQLiteDB.class.getName()) |
| final Statement | statement |
An abstraction around an SQLite app DB found in a data source. This class makes a copy of it, along with any meta files (WAL, SHM), opens a SQLite connection to it, and runs queries on it.
Definition at line 48 of file AppSQLiteDB.java.
|
private |
Definition at line 81 of file AppSQLiteDB.java.
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases().
| AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase | ( | DataSource | dataSource, |
| String | dbName, | ||
| String | dbPath, | ||
| String | dbAlias | ||
| ) | throws SQLException |
Attaches a database to the current connection.
Finds the specified database file in the specified folder. If found, makes copy of the database in the case folder and run ATTACH DATABASE sql.
| dataSource | data source in which to look file the db file |
| dbName | name of db file to look for |
| dbPath | path in which to look for the db file |
| dbAlias | alias name to attach the database as |
| SQLException | in case of an SQL error |
Definition at line 150 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
| void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.close | ( | ) |
Closes the DB connection.
Definition at line 278 of file AppSQLiteDB.java.
| boolean org.sleuthkit.autopsy.coreutils.AppSQLiteDB.columnExists | ( | String | tableName, |
| String | columnName | ||
| ) | throws TskCoreException |
Checks if a column exists in a table.
| tableName | name of the table |
| columnName | column name to check |
| TskCoreException |
Definition at line 298 of file AppSQLiteDB.java.
| void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.detachDatabase | ( | String | dbAlias | ) | throws SQLException |
Detaches the specified database from the connection
| dbAlias | alias for database to detach |
| SQLException |
Definition at line 250 of file AppSQLiteDB.java.
|
staticprivate |
Finds database file with the specified name, makes a copy of the file in the case directory, and returns the AbstractFile as well as the file copy.
| dataSource | data source to search in |
| dbName | db file name to search |
| matchExactName | whether to look for exact file name or a pattern match |
| dbPath | path to match |
| matchExactPath | whether to look for exact path name or a substring match |
| TskCoreException |
Definition at line 186 of file AppSQLiteDB.java.
References org::sleuthkit::datamodel::SleuthkitCase.escapeSingleQuotes(), org::sleuthkit::datamodel::SleuthkitCase.findAllFilesWhere(), org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase(), and org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases().
|
staticprivate |
Searches for a meta file associated with the give SQLite database. If found, it copies this file into the temp directory of the current case.
| sqliteFile | file being processed |
| metaFileName | name of meta file to look for |
| NoCurrentCaseException | Case has been closed. |
| TskCoreException | fileManager cannot find AbstractFile files. |
| IOException | Issue during writing to file. |
Definition at line 390 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesExactName(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.services.Services.getFileManager(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB().
|
static |
Looks for application SQLite database files with a given name or name substring and a given parent path or parent path substring. For each database file found, a temporary copy is made and an open connection to the database in the form of an AppSQLiteDB object is created and returned.
| dataSource | The data source to be searched for the database files. |
| dbFileName | The database file name or file name substring for which to search. |
| matchExactName | Whether or not the database file name argument is the full database file name or a substring. |
| parentPathSubstr | The parent path substring, may pass the empty string to match any parent path. |
Definition at line 108 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB(), org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
| AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.getDBFile | ( | ) |
Definition at line 129 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.dbAbstractFile.
| ResultSet org.sleuthkit.autopsy.coreutils.AppSQLiteDB.runQuery | ( | String | queryStr | ) | throws SQLException |
Runs the given query on the database and returns result set.
| queryStr | SQL string for the query to run |
| SQLException | in case of an error. |
Definition at line 265 of file AppSQLiteDB.java.
| boolean org.sleuthkit.autopsy.coreutils.AppSQLiteDB.tableExists | ( | String | tableName | ) | throws TskCoreException |
Checks if a table exists in the case database.
| tableName | name of the table to check |
| TskCoreException |
Definition at line 342 of file AppSQLiteDB.java.
|
private |
Definition at line 54 of file AppSQLiteDB.java.
|
private |
Definition at line 52 of file AppSQLiteDB.java.
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.getDBFile().
|
private |
Definition at line 50 of file AppSQLiteDB.java.
|
private |
Definition at line 55 of file AppSQLiteDB.java.
Copyright © 2012-2024 Sleuth Kit Labs. Generated on: Mon Mar 17 2025
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.