TskFileTsk is a Sleuthkit and Poco based implementation of the TskFile interface. More...
#include <TskFileTsk.h>
Inheritance diagram for TskFileTsk:
Public Member Functions | |
| virtual void | close () |
| Close the file. | |
| virtual bool | exists () const |
| Does a file exist on disk for this TskFile object. More... | |
| virtual std::string | getPath () const |
| Fully qualified path to on-disk representation of file. | |
| virtual bool | isDirectory () const |
| Does this file represent a directory. More... | |
| virtual bool | isVirtual () const |
| Is this a Sleuthkit "virtual" file (created by TSK for file system areas). More... | |
| virtual void | open () |
| Open the file. Must be called before reading. | |
| virtual ssize_t | read (char *buf, const size_t count) |
| Read file content into a buffer. More... | |
| virtual TSK_OFF_T | seek (const TSK_OFF_T off, std::ios::seekdir origin=std::ios::beg) |
| Set the byte offset within the file. More... | |
| virtual TSK_OFF_T | tell () const |
| Get the current byte offset within the file. More... | |
 Public Member Functions inherited from TskFile | |
| virtual void | addGenInfoAttribute (TskBlackboardAttribute attr) |
| Add an attribute to the general info artifact for this file. More... | |
| virtual TskBlackboardArtifact | createArtifact (int artifactTypeID) |
| Create a new artifact with the given type id. More... | |
| virtual TskBlackboardArtifact | createArtifact (TSK_ARTIFACT_TYPE type) |
| Create a new artifact with the given type. More... | |
| virtual TskBlackboardArtifact | createArtifact (string artifactTypeName) |
| Create a new artifact with the given type name. More... | |
| virtual vector < TskBlackboardArtifact > | getAllArtifacts () |
| Get all artifacts associated with this file. More... | |
| virtual vector < TskBlackboardArtifact > | getArtifacts (string artifactTypeName) |
| Get all artifacts associated with this file with the given type name. More... | |
| virtual vector < TskBlackboardArtifact > | getArtifacts (int artifactTypeID) |
| Get all artifacts associated with this file with the given type id. More... | |
| virtual vector < TskBlackboardArtifact > | getArtifacts (TSK_ARTIFACT_TYPE type) |
| Get all artifacts associated with this file with the given type. More... | |
| time_t | getAtime () const |
| Get the last access time. More... | |
| time_t | getCrtime () const |
| Get the creation time. More... | |
| time_t | getCtime () const |
| Get the change time. More... | |
| TSK_FS_NAME_FLAG_ENUM | getDirFlags () const |
| Get the directory flags. More... | |
| TSK_FS_NAME_TYPE_ENUM | getDirType () const |
| Get the directory type. More... | |
| std::string | getExtension () const |
| Get the extension. More... | |
| std::string | getFullPath () const |
| Get the path of the file in the disk image. More... | |
| virtual TskBlackboardArtifact | getGenInfo () |
| Get the general info artifact for this file. More... | |
| TSK_GID_T | getGid () const |
| Get the group id. More... | |
| std::string | getHash (TskImgDB::HASH_TYPE hashType) const |
| Get the pre-calculated hash value of the specified type. More... | |
| uint64_t | getId () const |
| Returns the file id. More... | |
| TskImgDB::KNOWN_STATUS | getKnownStatus () const |
| Return the known status of the file. More... | |
| TSK_FS_META_FLAG_ENUM | getMetaFlags () const |
| Get the metadata flags. More... | |
| TSK_FS_META_TYPE_ENUM | getMetaType () const |
| Get the metadata flags. More... | |
| TSK_FS_META_MODE_ENUM | getMode () const |
| Get the mode. More... | |
| time_t | getMtime () const |
| Get the modify time. More... | |
| std::string | getName () const |
| Get the name. More... | |
| uint64_t | getParentFileId () const |
| Get the parent file id. More... | |
| TSK_OFF_T | getSize () const |
| Get the file size. More... | |
| TskImgDB::FILE_STATUS | getStatus () const |
| Get the analysis status of the file (where it is in the analysis life cycle) More... | |
| TskImgDB::FILE_TYPES | getTypeId () const |
| Get the high-level type (file system, local, carved, etc.) | |
| TSK_UID_T | getUid () const |
| Get the user id. More... | |
| std::string | getUniquePath () const |
| Get the path of the file in the disk image. More... | |
| virtual void | save () |
| Save the file to the default location. More... | |
| void | setHash (TskImgDB::HASH_TYPE hashType, const std::string hash) |
| Sets the file's hash value in the database. More... | |
| void | setStatus (TskImgDB::FILE_STATUS status) |
| Set the file status (where it is in its analysis life cycle) | |
| virtual | ~TskFile () |
| Delete the TskFile object. | |
Protected Member Functions | |
| TskFileTsk (const uint64_t id) | |
| Create a TskFileTsk object given a file id. | |
| Protected Member Functions inherited from TskFile | |
| void | initialize () |
| Loads the raw file data from the database. More... | |
Protected Attributes | |
| Poco::File | m_file |
| Poco::FileInputStream * | m_fileInStream |
| int | m_handle |
| TskUnusedSectorsRecord | m_unusedSectorsRecord |
| Protected Attributes inherited from TskFile | |
| TskFileRecord | m_fileRecord |
| uint64_t | m_id |
| bool | m_isOpen |
| TSK_OFF_T | m_offset |
Friends | |
| class | TskFileManagerImpl |
Detailed Description
TskFileTsk is a Sleuthkit and Poco based implementation of the TskFile interface.
Member Function Documentation
|
virtual |
|
virtual |
Does this file represent a directory.
- Returns
- True if this is a directory, false otherwise
Implements TskFile.
References TSK_FS_NAME_TYPE_DIR.
|
virtual |
Is this a Sleuthkit "virtual" file (created by TSK for file system areas).
- Returns
- True if this is a "virtual" file, false otherwise
Implements TskFile.
References TSK_FS_NAME_TYPE_VIRT.
|
virtual |
Read file content into a buffer.
Reads from end of last read.
- Parameters
-
buf Buffer into which file content will be placed. Must be at least "count" bytes in size. count The number of bytes to read from the file.
- Returns
- The number of bytes read or -1 on error.
Implements TskFile.
References TskImageFile::getByteData(), TskServices::getImageFile(), TskFile::getSize(), TskFile::getTypeId(), TskServices::Instance(), LOGERROR, and TskImageFile::readFile().
|
virtual |
Set the byte offset within the file.
If the second parameter is not supplied the offset will be set relative to the beginning of the file.
- Parameters
-
off Number off bytes to offset from origin. origin The point from which the given offset is relative to. Defaults to beginning of file. If origin is std::ios::end the offset must be a negative number.
- Returns
- The absolute file offset resulting from the repositioning.
- Exceptions
-
TskFileException if file is not open or if you attempt to seek to an invalid offset.
Implements TskFile.
References TskFile::getSize(), and LOGERROR.
|
virtual |
The documentation for this class was generated from the following files:
- framework/tsk/framework/file/TskFileTsk.h
- framework/tsk/framework/file/TskFileTsk.cpp