|
The Sleuth Kit
4.2
|
Functions | |
| void | hdb_base_db_name_from_path (TSK_HDB_INFO *hdb_info) |
| Sets hash database name in hdb_info based on database file path. More... | |
| int8_t | hdb_binsrch_lookup_bin (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Search the index for the given hash value given (in binary form). More... | |
| int8_t | hdb_binsrch_lookup_str (TSK_HDB_INFO *hdb_info_base, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Search the index for a text/ASCII hash value. More... | |
| int8_t | hdb_binsrch_lookup_verbose_str (TSK_HDB_INFO *hdb_info_base, const char *hash, void *lookup_result) |
| void | hdb_info_base_close (TSK_HDB_INFO *hdb_info) |
| De-initializes struct representation of a hash database. More... | |
| uint8_t | hdb_info_base_open (TSK_HDB_INFO *hdb_info, const TSK_TCHAR *db_path) |
| uint8_t | sqlite_hdb_add_entry (TSK_HDB_INFO *hdb_info_base, const char *filename, const char *md5, const char *sha1, const char *sha256, const char *comment) |
| uint8_t | sqlite_hdb_begin_transaction (TSK_HDB_INFO *hdb_info_base) |
| uint8_t | sqlite_hdb_commit_transaction (TSK_HDB_INFO *hdb_info_base) |
| uint8_t | sqlite_hdb_create_db (TSK_TCHAR *db_file_path) |
| uint8_t | sqlite_hdb_is_sqlite_file (FILE *hFile) |
| int8_t | sqlite_hdb_lookup_bin (TSK_HDB_INFO *hdb_info_base, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| int8_t | sqlite_hdb_lookup_str (TSK_HDB_INFO *hdb_info_base, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| int8_t | sqlite_hdb_lookup_verbose_bin (TSK_HDB_INFO *hdb_info_base, uint8_t *hash, uint8_t hash_len, void *lookup_result) |
| int8_t | sqlite_hdb_lookup_verbose_str (TSK_HDB_INFO *hdb_info_base, const char *hash, void *result) |
| TSK_HDB_INFO * | sqlite_hdb_open (TSK_TCHAR *db_path) |
| uint8_t | sqlite_hdb_rollback_transaction (TSK_HDB_INFO *hdb_info_base) |
| uint8_t | tsk_hdb_accepts_updates (TSK_HDB_INFO *hdb_info) |
| Indicates whether a hash database accepts updates. More... | |
| uint8_t | tsk_hdb_add_entry (TSK_HDB_INFO *hdb_info, const char *filename, const char *md5, const char *sha1, const char *sha256, const char *comment) |
| Adds a new entry to a hash database. More... | |
| uint8_t | tsk_hdb_begin_transaction (TSK_HDB_INFO *hdb_info) |
| Begins a transaction on a hash database. More... | |
| void | tsk_hdb_close (TSK_HDB_INFO *hdb_info) |
| Closes an open hash database. More... | |
| uint8_t | tsk_hdb_commit_transaction (TSK_HDB_INFO *hdb_info) |
| Commits a transaction on a hash database. More... | |
| uint8_t | tsk_hdb_create (TSK_TCHAR *file_path) |
| Creates a new hash database. More... | |
| uint8_t | tsk_hdb_has_idx (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype) |
| Determine if the open hash database has an index. More... | |
| uint8_t | tsk_hdb_is_idx_only (TSK_HDB_INFO *hdb_info) |
| Test for index only (legacy) Assumes that the db was opened using the TSK_HDB_OPEN_TRY option. More... | |
| int8_t | tsk_hdb_lookup_raw (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Search the index for the given hash value given (in binary form). More... | |
| int8_t | tsk_hdb_lookup_str (TSK_HDB_INFO *hdb_info, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Searches a hash database for a text/ASCII hash value. More... | |
| uint8_t | tsk_hdb_make_index (TSK_HDB_INFO *hdb_info, TSK_TCHAR *type) |
| Create an index for an open hash database. More... | |
| TSK_HDB_INFO * | tsk_hdb_open (TSK_TCHAR *file_path, TSK_HDB_OPEN_ENUM flags) |
| Opens an existing hash database. More... | |
| uint8_t | tsk_hdb_rollback_transaction (TSK_HDB_INFO *hdb_info) |
| Rolls back a transaction on a hash database. More... | |
| void hdb_base_db_name_from_path | ( | TSK_HDB_INFO * | hdb_info | ) |
Sets hash database name in hdb_info based on database file path.
| hdb_info | Struct representation of an open hash database. |
References TSK_HDB_INFO::db_fname, and TSK_HDB_INFO::db_name.
| int8_t hdb_binsrch_lookup_bin | ( | TSK_HDB_INFO * | hdb_info, |
| uint8_t * | hash, | ||
| uint8_t | len, | ||
| TSK_HDB_FLAG_ENUM | flags, | ||
| TSK_HDB_LOOKUP_FN | action, | ||
| void * | ptr | ||
| ) |
Search the index for the given hash value given (in binary form).
| hdb_info | Open hash database (with index) |
| hash | Array with binary hash value to search for |
| len | Number of bytes in binary hash value |
| flags | Flags to use in lookup |
| action | Callback function to call for each hash db entry (not called if QUICK flag is given) |
| ptr | Pointer to data to pass to each callback |
References tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_HTYPE_SHA1_LEN, and tsk_hdb_lookup_str().
Referenced by hdb_binsrch_open().
| int8_t hdb_binsrch_lookup_str | ( | TSK_HDB_INFO * | hdb_info_base, |
| const char * | hash, | ||
| TSK_HDB_FLAG_ENUM | flags, | ||
| TSK_HDB_LOOKUP_FN | action, | ||
| void * | ptr | ||
| ) |
Search the index for a text/ASCII hash value.
| hdb_info_base | Open hash database (with index) |
| hash | Hash value to search for (NULL terminated string) |
| flags | Flags to use in lookup |
| action | Callback function to call for each hash db entry (not called if QUICK flag is given) |
| ptr | Pointer to data to pass to each callback |
References TSK_HDB_BINSRCH_INFO::hash_len, TSK_HDB_BINSRCH_INFO::hIdx, TSK_HDB_BINSRCH_INFO::idx_lbuf, TSK_HDB_BINSRCH_INFO::idx_llen, TSK_HDB_BINSRCH_INFO::idx_off, TSK_HDB_BINSRCH_INFO::idx_offsets, TSK_HDB_BINSRCH_INFO::idx_size, TSK_HDB_INFO::lock, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), TSK_HDB_FLAG_QUICK, TSK_HDB_HTYPE_MD5_ID, TSK_HDB_HTYPE_MD5_LEN, TSK_HDB_HTYPE_SHA1_ID, and TSK_HDB_HTYPE_SHA1_LEN.
Referenced by hdb_binsrch_open().
| void hdb_info_base_close | ( | TSK_HDB_INFO * | hdb_info | ) |
De-initializes struct representation of a hash database.
| hdb_info | Struct representation of a hash database. |
References TSK_HDB_INFO::db_fname, and TSK_HDB_INFO::lock.
| uint8_t tsk_hdb_accepts_updates | ( | TSK_HDB_INFO * | hdb_info | ) |
Indicates whether a hash database accepts updates.
| hdb_info | The hash database object |
References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| uint8_t tsk_hdb_add_entry | ( | TSK_HDB_INFO * | hdb_info, |
| const char * | filename, | ||
| const char * | md5, | ||
| const char * | sha1, | ||
| const char * | sha256, | ||
| const char * | comment | ||
| ) |
Adds a new entry to a hash database.
| hdb_info | The hash database object |
| filename | Name of the file that was hashed (can be NULL) |
| md5 | Text representation of MD5 hash (can be NULL) |
| sha1 | Text representation of SHA1 hash (can be NULL) |
| sha256 | Text representation of SHA256 hash (can be NULL) |
| comment | A comment to asociate with the hash (can be NULL) |
References TSK_HDB_INFO::db_type, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| uint8_t tsk_hdb_begin_transaction | ( | TSK_HDB_INFO * | hdb_info | ) |
Begins a transaction on a hash database.
| hdb_info | A hash database info object |
References TSK_HDB_INFO::db_type, TSK_HDB_INFO::transaction_in_progress, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| void tsk_hdb_close | ( | TSK_HDB_INFO * | hdb_info | ) |
Closes an open hash database.
| hdb_info | The hash database object |
References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
Referenced by TskHdbInfo::~TskHdbInfo().
| uint8_t tsk_hdb_commit_transaction | ( | TSK_HDB_INFO * | hdb_info | ) |
Commits a transaction on a hash database.
| hdb_info | A hash database info object |
References TSK_HDB_INFO::db_type, TSK_HDB_INFO::transaction_in_progress, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| uint8_t tsk_hdb_create | ( | TSK_TCHAR * | file_path | ) |
Creates a new hash database.
| file_path | Path for database to create. |
References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
| uint8_t tsk_hdb_has_idx | ( | TSK_HDB_INFO * | hdb_info, |
| TSK_HDB_HTYPE_ENUM | htype | ||
| ) |
Determine if the open hash database has an index.
| hdb_info | Hash database to consider |
| htype | Hash type that index should be of |
References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
Referenced by TskHdbInfo::hasIndex().
| uint8_t tsk_hdb_is_idx_only | ( | TSK_HDB_INFO * | hdb_info | ) |
Test for index only (legacy) Assumes that the db was opened using the TSK_HDB_OPEN_TRY option.
| hdb_info | Hash database to consider |
References TSK_HDB_INFO::db_type, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), and TSK_HDB_DBTYPE_IDXONLY_ID.
| int8_t tsk_hdb_lookup_raw | ( | TSK_HDB_INFO * | hdb_info, |
| uint8_t * | hash, | ||
| uint8_t | len, | ||
| TSK_HDB_FLAG_ENUM | flags, | ||
| TSK_HDB_LOOKUP_FN | action, | ||
| void * | ptr | ||
| ) |
Search the index for the given hash value given (in binary form).
| hdb_info | Open hash database (with index) |
| hash | Array with binary hash value to search for |
| len | Number of bytes in binary hash value |
| flags | Flags to use in lookup |
| action | Callback function to call for each hash db entry (not called if QUICK flag is given) |
| ptr | Pointer to data to pass to each callback |
References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
Referenced by TskHdbInfo::lookupRaw().
| int8_t tsk_hdb_lookup_str | ( | TSK_HDB_INFO * | hdb_info, |
| const char * | hash, | ||
| TSK_HDB_FLAG_ENUM | flags, | ||
| TSK_HDB_LOOKUP_FN | action, | ||
| void * | ptr | ||
| ) |
Searches a hash database for a text/ASCII hash value.
| hdb_info | Struct representing an open hash database. |
| hash | Hash value to search for (NULL terminated string). |
| flags | Flags to control behavior of the lookup. |
| action | Callback function to call for each entry in the hash database that matches the hash value argument (not called if QUICK flag is given). |
| ptr | Pointer to data to pass to each invocation of the callback. |
References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
Referenced by hdb_binsrch_lookup_bin(), and TskHdbInfo::lookupStr().
| uint8_t tsk_hdb_make_index | ( | TSK_HDB_INFO * | hdb_info, |
| TSK_TCHAR * | type | ||
| ) |
Create an index for an open hash database.
| hdb_info | Open hash database to index |
| type | Text of hash database type |
References tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
Referenced by TskHdbInfo::createIndex().
| TSK_HDB_INFO* tsk_hdb_open | ( | TSK_TCHAR * | file_path, |
| TSK_HDB_OPEN_ENUM | flags | ||
| ) |
Opens an existing hash database.
| file_path | Path to database or database index file. |
| flags | Flags for opening the database. |
References PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_DBTYPE_ENCASE_ID, TSK_HDB_DBTYPE_HK_ID, TSK_HDB_DBTYPE_IDXONLY_ID, TSK_HDB_DBTYPE_INVALID_ID, TSK_HDB_DBTYPE_MD5SUM_ID, TSK_HDB_DBTYPE_NSRL_ID, TSK_HDB_DBTYPE_SQLITE_ID, and TSK_HDB_OPEN_IDXONLY.
Referenced by TskHdbInfo::open().
| uint8_t tsk_hdb_rollback_transaction | ( | TSK_HDB_INFO * | hdb_info | ) |
Rolls back a transaction on a hash database.
| hdb_info | A hash database info object |
References TSK_HDB_INFO::db_type, TSK_HDB_INFO::transaction_in_progress, tsk_error_reset(), tsk_error_set_errno(), and tsk_error_set_errstr().
Copyright © 2007-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.