|
The Sleuth Kit
4.12.1
|
Meta data layer support for FAT file systems. More...
Functions | |
| uint8_t | fatfs_dentry_load (FATFS_INFO *a_fatfs, FATFS_DENTRY *a_dentry, TSK_INUM_T a_inum) |
| TSK_FS_ATTR_TYPE_ENUM | fatfs_get_default_attr_type (const TSK_FS_FILE *a_file) |
| uint8_t | fatfs_inode_lookup (TSK_FS_INFO *a_fs, TSK_FS_FILE *a_fs_file, TSK_INUM_T a_inum) |
| uint8_t | fatfs_inode_walk (TSK_FS_INFO *a_fs, TSK_INUM_T a_start_inum, TSK_INUM_T a_end_inum, TSK_FS_META_FLAG_ENUM a_selection_flags, TSK_FS_META_WALK_CB a_action, void *a_ptr) |
| Walk the inodes in a specified range and do a TSK_FS_META_WALK_CB callback for each inode that satisfies criteria specified by a set of TSK_FS_META_FLAG_ENUM flags. More... | |
| uint8_t | fatfs_istat (TSK_FS_INFO *a_fs, TSK_FS_ISTAT_FLAG_ENUM istat_flags, FILE *a_hFile, TSK_INUM_T a_inum, TSK_DADDR_T a_numblock, int32_t a_sec_skew) |
| Print details on a specific file to a file handle. More... | |
| uint8_t | fatfs_make_data_runs (TSK_FS_FILE *a_fs_file) |
Meta data layer support for FAT file systems.
| uint8_t fatfs_inode_walk | ( | TSK_FS_INFO * | a_fs, |
| TSK_INUM_T | a_start_inum, | ||
| TSK_INUM_T | a_end_inum, | ||
| TSK_FS_META_FLAG_ENUM | a_selection_flags, | ||
| TSK_FS_META_WALK_CB | a_action, | ||
| void * | a_ptr | ||
| ) |
Walk the inodes in a specified range and do a TSK_FS_META_WALK_CB callback for each inode that satisfies criteria specified by a set of TSK_FS_META_FLAG_ENUM flags.
The following flags are supported: TSK_FS_META_FLAG_ALLOC, TSK_FS_META_FLAG_UNALLOC, TSK_FS_META_FLAG_ORPHAN, TSK_FS_META_FLAG_USED (FATXX only), and TSK_FS_META_FLAG_UNUSED (FATXX only).
| [in] | a_fs | File system that contains the inodes. |
| [in] | a_start_inum | Inclusive lower bound of inode range. |
| [in] | a_end_inum | Inclusive upper bound of inode range. |
| [in] | a_selection_flags | Inode selection criteria. |
| [in] | a_action | Callback function for selected inodes. |
| [in] | a_ptr | Private data pointer passed through to callback function. |
References TSK_FS_INFO::block_count, TSK_FS_INFO::last_block, TSK_FS_INFO::last_inum, TSK_FS_FILE::meta, TSK_FS_INFO::root_inum, TSK_COR, tsk_error_errstr2_concat(), tsk_error_print(), tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), tsk_fprintf(), tsk_fs_dir_walk(), TSK_FS_DIR_WALK_FLAG_ALLOC, TSK_FS_DIR_WALK_FLAG_NOORPHAN, TSK_FS_DIR_WALK_FLAG_RECURSE, tsk_fs_file_close(), tsk_fs_file_walk(), TSK_FS_FILE_WALK_FLAG_AONLY, TSK_FS_FILE_WALK_FLAG_SLACK, TSK_FS_META_FLAG_ALLOC, TSK_FS_META_FLAG_ORPHAN, TSK_FS_META_FLAG_UNALLOC, TSK_FS_META_FLAG_UNUSED, TSK_FS_META_FLAG_USED, tsk_fs_read_block(), TSK_OK, tsk_verbose, TSK_WALK_CONT, TSK_WALK_ERROR, and TSK_WALK_STOP.
| uint8_t fatfs_istat | ( | TSK_FS_INFO * | a_fs, |
| TSK_FS_ISTAT_FLAG_ENUM | istat_flags, | ||
| FILE * | a_hFile, | ||
| TSK_INUM_T | a_inum, | ||
| TSK_DADDR_T | a_numblock, | ||
| int32_t | a_sec_skew | ||
| ) |
Print details on a specific file to a file handle.
| a_fs | File system file is located in. |
| a_hFile | File handle to print text to. |
| a_inum | Address of file in file system. |
| a_numblock | The number of blocks in file to force print (can go beyond file size). |
| a_sec_skew | Clock skew in seconds to also print times in. |
References TSK_FS_META::addr, TSK_FS_META::atime, TSK_FS_INFO::block_size, TSK_FS_META::crtime, TSK_FS_ATTR::flags, TSK_FS_META::flags, TSK_FS_FILE::meta, TSK_FS_META::mtime, TSK_FS_META_NAME_LIST::name, TSK_FS_META::name2, TSK_FS_INFO::root_inum, TSK_FS_META::size, tsk_error_print(), tsk_error_reset(), tsk_fprintf(), TSK_FS_ATTR_NONRES, tsk_fs_file_attr_get_type(), tsk_fs_file_close(), tsk_fs_file_open_meta(), tsk_fs_file_walk(), TSK_FS_FILE_WALK_FLAG_AONLY, TSK_FS_FILE_WALK_FLAG_SLACK, TSK_FS_META_FLAG_UNALLOC, TSK_FS_META_TYPE_VIRT, tsk_fs_time_to_str(), and TSK_FS_META::type.
Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.