|
The Sleuth Kit
4.2
|
Create, manage, etc. More...
#include "tsk_fs_i.h"Functions | |
| TSK_FS_FILE * | tsk_fs_file_alloc (TSK_FS_INFO *a_fs) |
| const TSK_FS_ATTR * | tsk_fs_file_attr_get (TSK_FS_FILE *a_fs_file) |
| Return the default attribute for the file. More... | |
| const TSK_FS_ATTR * | tsk_fs_file_attr_get_id (TSK_FS_FILE *a_fs_file, uint16_t a_id) |
| Return a specific attribute by its ID for the file. More... | |
| const TSK_FS_ATTR * | tsk_fs_file_attr_get_idx (TSK_FS_FILE *a_fs_file, int a_idx) |
| Get a file's attribute based on the 0-based index in the list (and not type, id pair). More... | |
| const TSK_FS_ATTR * | tsk_fs_file_attr_get_type (TSK_FS_FILE *a_fs_file, TSK_FS_ATTR_TYPE_ENUM a_type, uint16_t a_id, uint8_t a_id_used) |
| Return a specific type and id attribute for the file. More... | |
| int | tsk_fs_file_attr_getsize (TSK_FS_FILE *a_fs_file) |
| Return the number of attributes in the file. More... | |
| void | tsk_fs_file_close (TSK_FS_FILE *a_fs_file) |
| Close an open file. More... | |
| uint8_t | tsk_fs_file_get_owner_sid (TSK_FS_FILE *a_fs_file, char **sid_str) |
| Returns a string representation of the security attributes of a file. More... | |
| uint8_t | tsk_fs_file_hash_calc (TSK_FS_FILE *a_fs_file, TSK_FS_HASH_RESULTS *a_hash_results, TSK_BASE_HASH_ENUM a_flags) |
| Returns a string containing the md5 hash of the given file. More... | |
| TSK_WALK_RET_ENUM | tsk_fs_file_hash_calc_callback (TSK_FS_FILE *file, TSK_OFF_T offset, TSK_DADDR_T addr, char *buf, size_t size, TSK_FS_BLOCK_FLAG_ENUM a_flags, void *ptr) |
| Helper function for tsk_fs_file_get_md5. | |
| TSK_FS_FILE * | tsk_fs_file_open (TSK_FS_INFO *a_fs, TSK_FS_FILE *a_fs_file, const char *a_path) |
| Return the handle structure for a specific file, given its full path. More... | |
| TSK_FS_FILE * | tsk_fs_file_open_meta (TSK_FS_INFO *a_fs, TSK_FS_FILE *a_fs_file, TSK_INUM_T a_addr) |
| Open a file given its metadata address. More... | |
| ssize_t | tsk_fs_file_read (TSK_FS_FILE *a_fs_file, TSK_OFF_T a_offset, char *a_buf, size_t a_len, TSK_FS_FILE_READ_FLAG_ENUM a_flags) |
| Read the contents of a specific attribute of a file using a typical read() type interface. More... | |
| ssize_t | tsk_fs_file_read_type (TSK_FS_FILE *a_fs_file, TSK_FS_ATTR_TYPE_ENUM a_type, uint16_t a_id, TSK_OFF_T a_offset, char *a_buf, size_t a_len, TSK_FS_FILE_READ_FLAG_ENUM a_flags) |
| Read the contents of a specific attribute of a file using a typical read() type interface and be able specify a specific attribute to read (applies only to file systems with multiple attributes per file, such as NTFS). More... | |
| void | tsk_fs_file_reset (TSK_FS_FILE *a_fs_file) |
| uint8_t | tsk_fs_file_walk (TSK_FS_FILE *a_fs_file, TSK_FS_FILE_WALK_FLAG_ENUM a_flags, TSK_FS_FILE_WALK_CB a_action, void *a_ptr) |
| Process a file and call a callback function with the file contents. More... | |
| uint8_t | tsk_fs_file_walk_type (TSK_FS_FILE *a_fs_file, TSK_FS_ATTR_TYPE_ENUM a_type, uint16_t a_id, TSK_FS_FILE_WALK_FLAG_ENUM a_flags, TSK_FS_FILE_WALK_CB a_action, void *a_ptr) |
| Process a specific attribute in a file and call a callback function with the file contents. More... | |
Create, manage, etc.
the TSK_FS_FILE structures.
| uint8_t tsk_fs_file_get_owner_sid | ( | TSK_FS_FILE * | a_fs_file, |
| char ** | sid_str | ||
| ) |
Returns a string representation of the security attributes of a file.
| a_fs_file | The file to get security info about. |
| sid_str | A pointer to a pointer that will contain the SID string. This function will allocate the string and the caller must free it. |
References TSK_FS_FILE::fs_info, TSK_FS_FILE::meta, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| uint8_t tsk_fs_file_hash_calc | ( | TSK_FS_FILE * | a_fs_file, |
| TSK_FS_HASH_RESULTS * | a_hash_results, | ||
| TSK_BASE_HASH_ENUM | a_flags | ||
| ) |
Returns a string containing the md5 hash of the given file.
| a_fs_file | The file to calculate the hash of |
| a_hash_results | The results will be stored here (must be allocated beforehand) |
| a_flags | Indicates which hash algorithm(s) to use |
References TSK_FS_FILE::fs_info, TSK_FS_FILE::meta, tsk_error_set_errno(), tsk_error_set_errstr(), tsk_fs_file_hash_calc_callback(), tsk_fs_file_walk(), TSK_FS_FILE_WALK_FLAG_NONE, TSK_MD5_Final(), TSK_MD5_Init(), TSK_SHA_Final(), and TSK_SHA_Init().
Copyright © 2007-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.