|
The Sleuth Kit
4.11.1
|
Functions common to all text hash databases (i.e. More...
Functions | |
| uint8_t | hdb_binsrch_accepts_updates () |
| void | hdb_binsrch_close (TSK_HDB_INFO *hdb_info_base) |
| const TSK_TCHAR * | hdb_binsrch_get_index_path (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype) |
| uint8_t | hdb_binsrch_has_index (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype) |
| uint8_t | hdb_binsrch_idx_add_entry_bin (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, unsigned char *hvalue, int hlen, TSK_OFF_T offset) |
| Add a binary entry to the intermediate index file. More... | |
| uint8_t | hdb_binsrch_idx_add_entry_str (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, char *hvalue, TSK_OFF_T offset) |
| Add a string entry to the intermediate index file. More... | |
| uint8_t | hdb_binsrch_idx_finalize (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info) |
| Finalize index creation process by sorting the index and removing the intermediate temp file. More... | |
| uint8_t | hdb_binsrch_idx_initialize (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, TSK_TCHAR *htype) |
| Initialize the TSK hash DB index file. More... | |
| int8_t | hdb_binsrch_lookup_bin (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Search the index for the given hash value given (in binary form). More... | |
| int8_t | hdb_binsrch_lookup_str (TSK_HDB_INFO *hdb_info_base, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Search the index for a text/ASCII hash value. More... | |
| int8_t | hdb_binsrch_lookup_verbose_str (TSK_HDB_INFO *hdb_info_base, const char *hash, void *lookup_result) |
| TSK_HDB_BINSRCH_INFO * | hdb_binsrch_open (FILE *hDb, const TSK_TCHAR *db_path) |
| Called by the various text-based databases to setup the TSK_HDB_BINSRCH_INFO struct. More... | |
| uint8_t | hdb_binsrch_open_idx (TSK_HDB_INFO *hdb_info_base, TSK_HDB_HTYPE_ENUM htype) |
| uint8_t | hdb_binsrch_uses_external_indexes () |
Functions common to all text hash databases (i.e.
NSRL, HashKeeper, EnCase, etc.). Examples include index management and index-based lookup.
| uint8_t hdb_binsrch_idx_add_entry_bin | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info, |
| unsigned char * | hvalue, | ||
| int | hlen, | ||
| TSK_OFF_T | offset | ||
| ) |
Add a binary entry to the intermediate index file.
| hdb_binsrch_info | Hash database state info |
| hvalue | Array of integers of hash value to add |
| hlen | Number of bytes in hvalue |
| offset | Byte offset of hash entry in original database. |
References TSK_HDB_BINSRCH_INFO::hIdxTmp.
Referenced by encase_make_index().
| uint8_t hdb_binsrch_idx_add_entry_str | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info, |
| char * | hvalue, | ||
| TSK_OFF_T | offset | ||
| ) |
Add a string entry to the intermediate index file.
Will not add an all-zero hash since this creates errors in the final index file, but does not return an error in this case.
| hdb_binsrch_info | Hash database state info |
| hvalue | String of hash value to add |
| offset | Byte offset of hash entry in original database. |
References TSK_HDB_BINSRCH_INFO::hIdxTmp.
Referenced by hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().
| uint8_t hdb_binsrch_idx_finalize | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info | ) |
Finalize index creation process by sorting the index and removing the intermediate temp file.
| hdb_binsrch_info | Hash database state info structure. |
References TSK_HDB_BINSRCH_INFO::hIdx, TSK_HDB_BINSRCH_INFO::hIdxTmp, TSK_HDB_BINSRCH_INFO::idx_fname, TSK_HDB_BINSRCH_INFO::idx_lbuf, TSK_HDB_BINSRCH_INFO::idx_llen, TSK_HDB_BINSRCH_INFO::idx_off, TSK_HDB_BINSRCH_INFO::idx_size, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), tsk_fprintf(), TSK_HDB_MAXLEN, tsk_verbose, and TSK_HDB_BINSRCH_INFO::uns_fname.
Referenced by encase_make_index(), hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().
| uint8_t hdb_binsrch_idx_initialize | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info, |
| TSK_TCHAR * | htype | ||
| ) |
Initialize the TSK hash DB index file.
This creates the intermediate file, which will have entries added to it. This file must be sorted before the process is finished.
| hdb_binsrch_info | Hash database state structure |
| htype | String of index type to create |
References TSK_HDB_INFO::db_fname, TSK_HDB_INFO::db_name, TSK_HDB_INFO::db_type, TSK_HDB_BINSRCH_INFO::hash_type, TSK_HDB_BINSRCH_INFO::hIdxTmp, PRIcTSK, PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_DBTYPE_ENCASE_ID, TSK_HDB_DBTYPE_ENCASE_STR, TSK_HDB_DBTYPE_HK_ID, TSK_HDB_DBTYPE_HK_STR, TSK_HDB_DBTYPE_IDXONLY_ID, TSK_HDB_DBTYPE_MD5SUM_ID, TSK_HDB_DBTYPE_MD5SUM_STR, TSK_HDB_DBTYPE_NSRL_ID, TSK_HDB_DBTYPE_NSRL_MD5_STR, TSK_HDB_DBTYPE_NSRL_SHA1_STR, TSK_HDB_DBTYPE_NSRL_STR, TSK_HDB_HTYPE_INVALID_ID, TSK_HDB_HTYPE_MD5_ID, TSK_HDB_HTYPE_SHA1_ID, TSK_HDB_HTYPE_STR, TSK_HDB_IDX_HEAD_TYPE_STR, and TSK_HDB_BINSRCH_INFO::uns_fname.
Referenced by encase_make_index(), hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().
| TSK_HDB_BINSRCH_INFO* hdb_binsrch_open | ( | FILE * | hDb, |
| const TSK_TCHAR * | db_path | ||
| ) |
Called by the various text-based databases to setup the TSK_HDB_BINSRCH_INFO struct.
This will setup the basic function pointers, that will be overwritten by the more specific methods.
References TSK_HDB_INFO::db_type, TSK_HDB_BINSRCH_INFO::hash_len, TSK_HDB_BINSRCH_INFO::hash_type, TSK_HDB_BINSRCH_INFO::hDb, hdb_binsrch_lookup_bin(), hdb_binsrch_lookup_str(), TSK_HDB_DBTYPE_INVALID_ID, and TSK_HDB_HTYPE_INVALID_ID.
Referenced by idxonly_open().
Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.