|
The Sleuth Kit
4.11.1
|
External header file for hash database support. More...
Classes | |
| struct | TSK_HDB_BINSRCH_INFO |
| Represents a text-format hash database (NSRL, EnCase, etc.) with the TSK binary search index. More... | |
| struct | TSK_HDB_INFO |
| Represents an open hash database. More... | |
| class | TskHdbInfo |
| Stores information about an open hash database. More... | |
Macros | |
| #define | TSK_HDB_DBTYPE_ENCASE_STR "encase" |
| EnCase. | |
| #define | TSK_HDB_DBTYPE_HK_STR "hk" |
| Hash Keeper. | |
| #define | TSK_HDB_DBTYPE_MD5SUM_STR "md5sum" |
| md5sum | |
| #define | TSK_HDB_DBTYPE_NSRL_MD5_STR "nsrl-md5" |
| NSRL database with MD5 index. | |
| #define | TSK_HDB_DBTYPE_NSRL_SHA1_STR "nsrl-sha1" |
| NSRL database with SHA1 index. | |
| #define | TSK_HDB_DBTYPE_NSRL_STR "nsrl" |
| String versions of DB types. More... | |
| #define | TSK_HDB_DBTYPE_SUPPORT_STR "nsrl-md5, nsrl-sha1, md5sum, encase, hk" |
| List of supported hash database types with external indexes; essentially index types. | |
| #define | TSK_HDB_HTYPE_CRC32_LEN 8 |
| Length of CRC hash. | |
| #define | TSK_HDB_HTYPE_LEN(x) |
| Return the length of a hash, given its ID. More... | |
| #define | TSK_HDB_HTYPE_MD5_LEN 32 |
| Length of MD5 hash. | |
| #define | TSK_HDB_HTYPE_MD5_STR "md5" |
| String name for MD5 algorithm. | |
| #define | TSK_HDB_HTYPE_SHA1_LEN 40 |
| Length of SHA1 hash. | |
| #define | TSK_HDB_HTYPE_SHA1_STR "sha1" |
| String name for SHA1 algorithm. | |
| #define | TSK_HDB_HTYPE_SHA2_256_LEN 64 |
| Length of SHA256 hash. | |
| #define | TSK_HDB_HTYPE_SHA2_256_STR "sha2_256" |
| String name for SHA256 algorithm. | |
| #define | TSK_HDB_HTYPE_STR(x) |
| Return the name of the hash algorithm, given its ID. More... | |
| #define | TSK_HDB_MAX_BINHASH_LEN 32 |
| Half the length of biggest hash. | |
| #define | TSK_HDB_NAME_MAXLEN 512 |
Typedefs | |
| typedef struct TSK_HDB_BINSRCH_INFO | TSK_HDB_BINSRCH_INFO |
| Represents a text-format hash database (NSRL, EnCase, etc.) with the TSK binary search index. | |
| typedef enum TSK_HDB_DBTYPE_ENUM | TSK_HDB_DBTYPE_ENUM |
| typedef enum TSK_HDB_FLAG_ENUM | TSK_HDB_FLAG_ENUM |
| typedef enum TSK_HDB_HTYPE_ENUM | TSK_HDB_HTYPE_ENUM |
| typedef struct TSK_HDB_INFO | TSK_HDB_INFO |
| typedef TSK_WALK_RET_ENUM(* | TSK_HDB_LOOKUP_FN) (TSK_HDB_INFO *, const char *hash, const char *name, void *) |
| typedef enum TSK_HDB_OPEN_ENUM | TSK_HDB_OPEN_ENUM |
Enumerations | |
| enum | TSK_HDB_DBTYPE_ENUM { TSK_HDB_DBTYPE_INVALID_ID = 0, TSK_HDB_DBTYPE_NSRL_ID = 1, TSK_HDB_DBTYPE_MD5SUM_ID = 2, TSK_HDB_DBTYPE_HK_ID = 3, TSK_HDB_DBTYPE_IDXONLY_ID = 4, TSK_HDB_DBTYPE_ENCASE_ID = 5, TSK_HDB_DBTYPE_SQLITE_ID = 6 } |
| Hash Database types. More... | |
| enum | TSK_HDB_FLAG_ENUM { TSK_HDB_FLAG_QUICK = 0x01, TSK_HDB_FLAG_EXT = 0x02 } |
| Flags used for lookups. More... | |
| enum | TSK_HDB_HTYPE_ENUM { TSK_HDB_HTYPE_INVALID_ID = 0, TSK_HDB_HTYPE_MD5_ID = 1, TSK_HDB_HTYPE_SHA1_ID = 2, TSK_HDB_HTYPE_SHA2_256_ID = 4 } |
| Hash algorithm types. More... | |
| enum | TSK_HDB_OPEN_ENUM { TSK_HDB_OPEN_NONE = 0, TSK_HDB_OPEN_IDXONLY = (0x1 << 0) } |
| Options for opening a hash database. More... | |
Functions | |
| uint8_t | tsk_hdb_accepts_updates (TSK_HDB_INFO *) |
| Indicates whether a hash database accepts updates. More... | |
| uint8_t | tsk_hdb_add_entry (TSK_HDB_INFO *, const char *, const char *, const char *, const char *, const char *) |
| Adds a new entry to a hash database. More... | |
| uint8_t | tsk_hdb_begin_transaction (TSK_HDB_INFO *) |
| Begins a transaction on a hash database. More... | |
| void | tsk_hdb_close (TSK_HDB_INFO *) |
| Closes an open hash database. More... | |
| uint8_t | tsk_hdb_commit_transaction (TSK_HDB_INFO *) |
| Commits a transaction on a hash database. More... | |
| uint8_t | tsk_hdb_create (TSK_TCHAR *) |
| Creates a new hash database. More... | |
| const TSK_TCHAR * | tsk_hdb_get_db_path (TSK_HDB_INFO *hdb_info) |
| const char * | tsk_hdb_get_display_name (TSK_HDB_INFO *hdb_info) |
| const TSK_TCHAR * | tsk_hdb_get_idx_path (TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM) |
| uint8_t | tsk_hdb_has_idx (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM) |
| Determine if the open hash database has an index. More... | |
| uint8_t | tsk_hdb_is_idx_only (TSK_HDB_INFO *) |
| Test for index only (legacy) Assumes that the db was opened using the TSK_HDB_OPEN_TRY option. More... | |
| int8_t | tsk_hdb_lookup_raw (TSK_HDB_INFO *, uint8_t *, uint8_t, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *) |
| Search the index for the given hash value given (in binary form). More... | |
| int8_t | tsk_hdb_lookup_str (TSK_HDB_INFO *, const char *, TSK_HDB_FLAG_ENUM, TSK_HDB_LOOKUP_FN, void *) |
| Searches a hash database for a text/ASCII hash value. More... | |
| int8_t | tsk_hdb_lookup_verbose_str (TSK_HDB_INFO *, const char *, void *) |
| uint8_t | tsk_hdb_make_index (TSK_HDB_INFO *, TSK_TCHAR *) |
| Create an index for an open hash database. More... | |
| TSK_HDB_INFO * | tsk_hdb_open (TSK_TCHAR *, TSK_HDB_OPEN_ENUM) |
| Opens an existing hash database. More... | |
| uint8_t | tsk_hdb_open_idx (TSK_HDB_INFO *, TSK_HDB_HTYPE_ENUM) |
| uint8_t | tsk_hdb_rollback_transaction (TSK_HDB_INFO *) |
| Rolls back a transaction on a hash database. More... | |
| uint8_t | tsk_hdb_uses_external_indexes (TSK_HDB_INFO *) |
External header file for hash database support.
Note that this file is not meant to be directly included. It is included by both libtsk.h and tsk_hashdb_i.h.
| #define TSK_HDB_DBTYPE_NSRL_STR "nsrl" |
| #define TSK_HDB_HTYPE_LEN | ( | x | ) |
Return the length of a hash, given its ID.
| #define TSK_HDB_HTYPE_STR | ( | x | ) |
Return the name of the hash algorithm, given its ID.
Referenced by hdb_binsrch_idx_initialize().
| enum TSK_HDB_DBTYPE_ENUM |
Hash Database types.
| enum TSK_HDB_FLAG_ENUM |
| enum TSK_HDB_HTYPE_ENUM |
| enum TSK_HDB_OPEN_ENUM |
Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.