Framework data access layer the uses PostgreSQL as the back end. More...
#include <TskImgDBPostgreSQL.h>
Public Member Functions | |
| virtual int | addAllocUnallocMapInfo (int unallocVolID, int unallocImgID, uint64_t unallocImgStart, uint64_t length, uint64_t origImgStart) |
| Add information about how the unallocated images were created so that we can later map where data was recovered from. More... | |
| virtual int | addCarvedFileInfo (int vol_id, const char *name, uint64_t size, uint64_t *runStarts, uint64_t *runLengths, int numRuns, uint64_t &fileId) |
| Adds information about a carved file into the database. More... | |
| virtual int | addDerivedFileInfo (const std::string &name, const uint64_t parentId, const bool isDirectory, const uint64_t size, const std::string &details, const int ctime, const int crtime, const int atime, const int mtime, uint64_t &fileId, std::string path) |
| Adds information about derived files to the database. More... | |
| virtual int | addFsBlockInfo (int fsID, uint64_t a_mFileId, int count, uint64_t blk_addr, uint64_t len) |
| Add block info to the database. More... | |
| virtual int | addFsFileInfo (int fileSystemID, const TSK_FS_FILE *fileSystemFile, const char *fileName, int fileSystemAttrType, int fileSystemAttrID, uint64_t &fileID, const char *filePath) |
| Add data for a file system file to the image database. More... | |
| virtual int | addFsInfo (int volId, int fsId, const TSK_FS_INFO *fs_info) |
| virtual int | addImageInfo (int type, int sectorSize) |
| virtual int | addImageName (char const *imgName) |
| Add the path to the image to the image database. More... | |
| virtual int | addModule (const std::string &name, const std::string &description, int &moduleId) |
| Insert the Module record, if module name does not already exist in modules table. More... | |
| virtual int | addToolInfo (const char *name, const char *version) |
| virtual int | addUnallocImg (int &unallocImgId) |
| Add a new row to the unalloc_img_status table, returning the unalloc_img_id. More... | |
| virtual int | addUnusedSectors (int unallocImgId, std::vector< TskUnusedSectorsRecord > &unusedSectorsList) |
| Find and add all the unused sectors (unallocated and uncarved bytes) in the given unallocImgId. More... | |
| virtual int | addVolumeInfo (const TSK_VS_PART_INFO *vs_part) |
| Adds the sector addresses of the volumes into the db. | |
| virtual int | begin () |
| begin is a no-op since all PostgreSQL statements are run in the context of a transaction. | |
| virtual int | close () |
| Close the database. More... | |
| virtual int | commit () |
| commit is a no-op since all PostgreSQL statements are run in the context of a transaction. | |
| virtual bool | dbExist () const |
| virtual int | getAllUnallocImgStatus (std::vector< TskUnallocImgStatusRecord > &unallocImgStatusList) const |
| Get all the unalloc_img_status table. More... | |
| virtual std::vector< uint64_t > | getCarvedFileIds () const |
| virtual std::string | getCfileName (const uint64_t a_file_id) const |
| virtual int | getFileCount (const std::string &condition) const |
| Get the number of files that match the given condition. More... | |
| virtual uint64_t | getFileId (int fsId, uint64_t fs_file_id) const |
| Given a file system and fs_file_id, return the file_id. | |
| virtual int | getFileIds (char *a_fileName, uint64_t *a_outBuffer, int a_buffSize) const |
| Fills outBuffer with file IDs that match the name fileName. More... | |
| virtual std::vector< uint64_t > | getFileIds (const std::string &condition) const |
| Get set of file ids that match the given condition (i.e. SQL where clause) More... | |
| virtual std::vector< uint64_t > | getFileIds () const |
| virtual int | getFileInfoSummary (std::list< TskFileTypeRecord > &fileTypeInfoList) const |
| Return a list of TskFileTypeRecord for all files. More... | |
| virtual int | getFileInfoSummary (FILE_TYPES fileType, std::list< TskFileTypeRecord > &fileTypeInfoList) const |
| Return a list of TskFileTypeRecord for fileType. More... | |
| virtual std::string | getFileName (uint64_t file_id) const |
| virtual int | getFileRecord (const uint64_t fileId, TskFileRecord &fileRecord) const |
| virtual const std::vector < TskFileRecord > | getFileRecords (const std::string &condition) const |
| Get the list of file records that match the given criteria. More... | |
| virtual SectorRuns * | getFileSectors (uint64_t fileId) const |
| virtual int | getFileUniqueIdentifiers (uint64_t a_fileId, uint64_t &a_fsOffset, uint64_t &a_fsFileId, int &a_attrType, int &a_attrId) const |
| virtual SectorRuns * | getFreeSectors () const |
| Get information on all of the free sectors in an image. More... | |
| virtual int | getFsInfo (std::list< TskFsInfoRecord > &FsInfoList) const |
| Return a list of TskFsInfoRecord. More... | |
| virtual std::string | getImageBaseName () const |
| Gets the base name of the image, i.e., the file name of the first image path stored in the database. More... | |
| virtual int | getImageInfo (int &type, int §orSize) const |
| Return the ImageInfo. More... | |
| virtual std::vector< std::string > | getImageNames () const |
| virtual std::vector< std::wstring > | getImageNamesW () const |
| Gets a list of image paths. More... | |
| virtual TskImgDB::KNOWN_STATUS | getKnownStatus (const uint64_t fileId) const |
| Return the known status of the file with the given id. More... | |
| virtual int | getMaxFileIdReadyForAnalysis (uint64_t a_lastFileId, uint64_t &maxFileId) const |
| Given the last file ID ready for analysis, find the largest file ID ready of analysis (in maxFileId) Returns 0 on success or -1 on error. | |
| virtual int | getMinFileIdReadyForAnalysis (uint64_t &minFileId) const |
| virtual int | getModuleErrors (std::vector< TskModuleStatus > &moduleStatusList) const |
| Get a list of TskModuleStatus. More... | |
| virtual int | getModuleInfo (std::vector< TskModuleInfo > &moduleInfoList) const |
| Get a list of TskModuleStatus. More... | |
| virtual int | getNumFiles () const |
| Get number of files in image. More... | |
| virtual int | getNumVolumes () const |
| Get number of volumes in image. More... | |
| virtual int | getSessionID () const |
| virtual TskImgDB::UNALLOC_IMG_STATUS | getUnallocImgStatus (int unallocImgId) const |
| Get the status of the unalloc_img_status table given the unalloc_img_id. More... | |
| virtual UnallocRun * | getUnallocRun (int file_id, int file_offset) const |
| Given an offset in an unallocated image that was created for carving, return information about where that data came from in the original image. More... | |
| virtual std::map< uint64_t, std::string > | getUniqueCarvedFiles (HASH_TYPE hashType) const |
| Returns the file ids and carved file names for a unique set of carved files. More... | |
| virtual std::vector < TskCarvedFileInfo > | getUniqueCarvedFilesInfo (HASH_TYPE hashType) const |
| Returns the file ids, content hashes and, carved file names for a unique set of carved files. More... | |
| virtual std::vector< uint64_t > | getUniqueFileIds (HASH_TYPE hashType) const |
| virtual int | getUnusedSector (uint64_t fileId, TskUnusedSectorsRecord &unusedSectorsRecord) const |
| Get unused sector record given a file id. More... | |
| virtual int | getVolumeInfo (std::list< TskVolumeInfoRecord > &volumeInfoList) const |
| Return a list of TskVolumeInfoRecord. More... | |
| virtual int | initialize () |
| Open the DB and create the tables. More... | |
| virtual int | initializePreparedStatements () |
| Initialize prepared statements (server-side function-like objects) in the DB. More... | |
| virtual int | open () |
| Opens an existing database. More... | |
| virtual int | setHash (const uint64_t a_file_id, const TskImgDB::HASH_TYPE hashType, const std::string &hash) const |
| virtual int | setModuleStatus (uint64_t file_id, int module_id, int status) |
| Insert the module status record. More... | |
| virtual int | setUnallocImgStatus (int unallocImgId, TskImgDB::UNALLOC_IMG_STATUS status) |
| Set the status in the unalloc_img_status table given the unalloc_img_id. More... | |
| TskImgDBPostgreSQL (const std::string dbName) | |
| virtual int | updateFileStatus (uint64_t a_file_id, TskImgDB::FILE_STATUS a_status) |
| update the status field in the database for a given file. More... | |
| virtual int | updateKnownStatus (uint64_t a_file_id, TskImgDB::KNOWN_STATUS a_status) |
| update the known status field in the database for a given file. More... | |
 Public Member Functions inherited from TskImgDB | |
| TskImgDB () | |
| Default constructor. | |
| virtual | ~TskImgDB () |
| Destructor. | |
Protected Member Functions | |
| virtual void | addArtifactType (int typeID, string artifactTypeName, string displayName) |
| Add a new artifact type with the given name, display name and id. More... | |
| virtual void | addAttributeType (int typeID, string attributeTypeName, string displayName) |
| Add a new attribute type with the given name, display name and id. More... | |
| virtual void | addBlackboardAttribute (TskBlackboardAttribute attr) |
| BLACKBOARD FUNCTIONS. More... | |
| virtual TskBlackboardArtifact | createBlackboardArtifact (uint64_t file_id, int artifactTypeID) |
| Create a new blackboard artifact with the given type id and file id. More... | |
| virtual vector< int > | findAttributeTypes (int artifactTypeId) |
| virtual string | getArtifactTypeDisplayName (int artifactTypeID) |
| Get the display name for the given artifact type id. More... | |
| virtual int | getArtifactTypeID (string artifactTypeString) |
| Get the artifact type id for the given artifact type string. More... | |
| virtual string | getArtifactTypeName (int artifactTypeID) |
| Get the artifact type name for the given artifact type id. More... | |
| virtual string | getAttributeTypeDisplayName (int attributeTypeID) |
| Get the display name for the given attribute type id. More... | |
| virtual int | getAttributeTypeID (string attributeTypeString) |
| Get the attribute type id for the given artifact type string. More... | |
| virtual string | getAttributeTypeName (int attributeTypeID) |
| Get the attribute type name for the given artifact type id. More... | |
| virtual vector < TskBlackboardArtifact > | getMatchingArtifacts (string condition) |
| Get all artifacts with that match the given where clause. More... | |
| virtual vector < TskBlackboardAttribute > | getMatchingAttributes (string condition) |
| Get all attributes with that match the given where clause. More... | |
| std::string | quote (const std::string str) const |
| Protected Member Functions inherited from TskImgDB | |
| TskBlackboardArtifact | createArtifact (uint64_t artifactID, uint64_t objID, int artifactTypeID) |
| TskBlackboardAttribute | createAttribute (uint64_t artifactID, int attributeTypeID, uint64_t objectID, string moduleName, string context, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, int valueInt, uint64_t valueLong, double valueDouble, string valueString, vector< unsigned char > valueBytes) |
| int64_t | findParObjId (const TSK_FS_FILE *fs_file, const int64_t &fsObjId) |
| Find parent object id of TSK_FS_FILE. More... | |
|
virtual map< int, TskArtifactNames > | getAllArtifactTypes () |
|
virtual map< int, TskAttributeNames > | getAllAttributeTypes () |
| void | storeParObjId (const int64_t &fsObjId, const TSK_FS_FILE *fs_file, const int64_t &objId) |
| Store meta_addr to object id mapping of the directory in a local cache map. More... | |
Friends | |
| class | TskDBBlackboard |
Additional Inherited Members | |
| Public Types inherited from TskImgDB | |
| enum | FILE_STATUS { IMGDB_FILES_STATUS_CREATED = 0, IMGDB_FILES_STATUS_READY_FOR_ANALYSIS, IMGDB_FILES_STATUS_ANALYSIS_IN_PROGRESS, IMGDB_FILES_STATUS_ANALYSIS_COMPLETE, IMGDB_FILES_STATUS_ANALYSIS_FAILED, IMGDB_FILES_STATUS_ANALYSIS_SKIPPED } |
| File analysis statuses used by the framework. | |
| enum | FILE_TYPES { IMGDB_FILES_TYPE_FS = 0, IMGDB_FILES_TYPE_CARVED, IMGDB_FILES_TYPE_DERIVED, IMGDB_FILES_TYPE_UNUSED } |
| File type classifications used by the framework. | |
| enum | HASH_TYPE { MD5 = 0, SHA1, SHA2_256, SHA2_512 } |
| Hash types supported by framework. More... | |
| enum | KNOWN_STATUS { IMGDB_FILES_KNOWN = 0, IMGDB_FILES_KNOWN_GOOD, IMGDB_FILES_KNOWN_BAD, IMGDB_FILES_UNKNOWN } |
| Files have a 'known' status that is updated with the use of hash databases. More... | |
| enum | UNALLOC_IMG_STATUS { IMGDB_UNALLOC_IMG_STATUS_CREATED = 0, IMGDB_UNALLOC_IMG_STATUS_SCHEDULE_OK, IMGDB_UNALLOC_IMG_STATUS_SCHEDULE_ERR, IMGDB_UNALLOC_IMG_STATUS_CARVED_OK, IMGDB_UNALLOC_IMG_STATUS_CARVED_ERR, IMGDB_UNALLOC_IMG_STATUS_CARVED_NOT_NEEDED } |
| Unallocated sectors file statuses used by the framework. | |
| enum | VALUE_TYPE { BB_VALUE_TYPE_BYTE = 0, BB_VALUE_TYPE_STRING, BB_VALUE_TYPE_INT32, BB_VALUE_TYPE_INT64, BB_VALUE_TYPE_DOUBLE } |
| Data types that can be stored in blackboard. More... | |
| Protected Attributes inherited from TskImgDB | |
|
map< int64_t, map< TSK_INUM_T, map< uint32_t, int64_t > > > | m_parentDirIdCache |
Detailed Description
Framework data access layer the uses PostgreSQL as the back end.
Member Function Documentation
|
virtual |
Add information about how the unallocated images were created so that we can later map where data was recovered from.
This is typically used by CarvePrep and the results are used by CarveExtract via getUnallocRun().
- Parameters
-
a_volID Volume ID that the data was extracted from. unallocImgID ID of the unallocated image that the sectors were copied into. unallocImgStart Sector offset of where in the unallocated image that t he run starts. length Number of sectors that are in the run. origImgStart Sector offset in the original image (relative to start of image) where the run starts
- Returns
- 1 on errror
Implements TskImgDB.
References LOGERROR.
|
protectedvirtual |
Add a new artifact type with the given name, display name and id.
- Parameters
-
artifactTypeName type name displayName display name typeID type id
Implements TskImgDB.
References LOGERROR.
Referenced by initialize().
|
protectedvirtual |
Add a new attribute type with the given name, display name and id.
- Parameters
-
attributeTypeName type name displayName display name typeID type id
Implements TskImgDB.
References LOGERROR.
Referenced by initialize().
|
protectedvirtual |
BLACKBOARD FUNCTIONS.
Add the given blackboard attribute to the database
- Parameters
-
attr input attribute. should be fully populated
Implements TskImgDB.
References TskBlackboardAttribute::getArtifactID(), TskBlackboardAttribute::getAttributeTypeID(), TskBlackboardAttribute::getContext(), TskBlackboardAttribute::getModuleName(), TskBlackboardAttribute::getObjectID(), TskBlackboardAttribute::getValueBytes(), TskBlackboardAttribute::getValueDouble(), TskBlackboardAttribute::getValueInt(), TskBlackboardAttribute::getValueLong(), TskBlackboardAttribute::getValueString(), TskBlackboardAttribute::getValueType(), LOGERROR, TSK_DOUBLE, TSK_INTEGER, TSK_LONG, and TSK_STRING.
|
virtual |
Adds information about a carved file into the database.
This includes the sector layout information.
- Parameters
-
size Number of bytes in file runStarts Array with starting sector (relative to start of image) for each run in file. runLengths Array with number of sectors in each run numRuns Number of entries in previous arrays fileId Carved file Id (output)
- Returns
- 0 on success or -1 on error.
Implements TskImgDB.
References LOGERROR, TSK_FS_META_FLAG_UNALLOC, TSK_FS_META_TYPE_REG, TSK_FS_NAME_FLAG_UNALLOC, and TSK_FS_NAME_TYPE_REG.
|
virtual |
Adds information about derived files to the database.
Derived files typically come from archives and may be compressed.
- Parameters
-
name The name of the file. parentId The id of the file from which this file is derived. size The size of the file. details This is a string that may contain extra details related to the particular type of mechanism that was used to derive this file, e.g. files derived from zip archives may have extra information about the compressed size of the file. ctime Time file system file entry was changed. crtime Time the file was created. atime Last access time. mtime Last modified time. fileId Return the file_id value.
- Returns
- 0 on success or -1 on error.
Implements TskImgDB.
References LOGERROR, TSK_FS_META_TYPE_DIR, TSK_FS_META_TYPE_REG, TSK_FS_NAME_TYPE_DIR, and TSK_FS_NAME_TYPE_REG.
|
virtual |
Add block info to the database.
This table stores the run information for each file so that we can map which blocks are used by what files.
- Parameters
-
a_fsId Id that the file is located in a_fileId ID of the file a_sequence The sequence number of this run in the file (0 for the first run, 1 for the second run, etc.) a_blk_addr Block address (the address that the file system uses – NOT the physical sector addr) a_len The number of blocks in the run
- Returns
- 1 on error
Implements TskImgDB.
References LOGERROR.
|
virtual |
Add data for a file system file to the image database.
- Parameters
-
fileSystemID File system ID of the file system the file belongs to fileSystemFile TSK_FS_FILE object for the file fileName File name fileSystemAttrType File system attribute type (see TSK_FS_ATTR_TYPE_ENUM) fileSystemAttrID File system attribute ID, used to index attributes for files with multiple attributes [out] fileID File ID assigned to the file by the image database filePath Path to the file in the image, file name omitted
- Returns
- 0 on success or -1 on error.
Implements TskImgDB.
References TSK_FS_META::atime, TSK_FS_META::crtime, TSK_FS_META::ctime, TskImgDB::findParObjId(), TSK_FS_NAME::flags, TSK_FS_META::flags, TSK_FS_META::gid, LOGERROR, TSK_FS_FILE::meta, TSK_FS_NAME::meta_addr, TSK_FS_META::mode, TSK_FS_META::mtime, TSK_FS_FILE::name, TSK_FS_ATTR::size, TskImgDB::storeParObjId(), tsk_fs_file_attr_get_id(), TSK_FS_META_TYPE_DIR, TSK_FS_NAME::type, TSK_FS_META::type, and TSK_FS_META::uid.
|
virtual |
|
virtual |
|
virtual |
|
virtual |
Find and add all the unused sectors (unallocated and uncarved bytes) in the given unallocImgId.
- Parameters
-
unallocImgId The unalloc image id. unusedSectorsList A vector of TskUnusedSectorsRecord
- Returns
- -1 on error, 0 on success.
Implements TskImgDB.
References LOGERROR.
|
virtual |
|
protectedvirtual |
Create a new blackboard artifact with the given type id and file id.
- Parameters
-
artifactTypeID artifact type id file_id associated file id
- Returns
- the new artifact
Implements TskImgDB.
References LOGERROR, and TskException::what().
|
virtual |
Get all the unalloc_img_status table.
- Parameters
-
unallocImgStatusList A vector of TskUnallocImgStatusRecord (output)
- Returns
- -1 on error, 0 on success.
Implements TskImgDB.
References LOGERROR.
|
protectedvirtual |
|
protectedvirtual |
|
protectedvirtual |
|
protectedvirtual |
|
protectedvirtual |
|
protectedvirtual |
|
virtual |
Get the number of files that match the given condition.
Get the number of files that match the given criteria.
The given string will be appended to "select files.file_id from files".
- Parameters
-
condition Must be a valid SQL string defining the selection criteria.
- Returns
- The number of files matching the selection criteria.
Implements TskImgDB.
References LOGERROR.
Referenced by getNumFiles().
|
virtual |
Fills outBuffer with file IDs that match the name fileName.
Returns the number of file IDs written into outBuffer or -1 on error.
Implements TskImgDB.
References getFileIds(), and LOGERROR.
Referenced by getFileIds().
|
virtual |
Get set of file ids that match the given condition (i.e. SQL where clause)
Get the list of file ids that match the given criteria.
The given string will be appended to "select files.file_id from files".
- Parameters
-
condition Must be a valid SQL string defining the selection criteria.
- Returns
- The collection of file ids matching the selection criteria. Throws TskException if database not initialized.
Implements TskImgDB.
References getFileIds(), and LOGERROR.
|
virtual |
Return a list of TskFileTypeRecord for all files.
- Parameters
-
fileTypeInfoList A list of TskFileTypeRecord (output)
- Returns
- 0 on success or -1 on error.
Implements TskImgDB.
References TSK_FS_NAME_TYPE_REG.
|
virtual |
Return a list of TskFileTypeRecord for fileType.
- Parameters
-
fileType FILE_TYPE to report fileTypeInfoList A list of TskFileTypeRecord (output)
- Returns
- 0 on success or -1 on error.
Implements TskImgDB.
References TSK_FS_NAME_TYPE_REG.
|
virtual |
|
virtual |
Get the list of file records that match the given criteria.
The given string will be appended to "select .... from files".
- Parameters
-
condition Must be a valid SQL string defining the selection criteria.
- Returns
- The collection of file records matching the selection criteria. Throws TskException if database not initialized.
Implements TskImgDB.
References LOGERROR.
|
virtual |
- Parameters
-
a_fileId File id to get information about a_fsOffset Byte offset of start of file system that the file is located in a_fsFileId File system-specific id of the file a_attrType Type of attribute for this file a_attrId The ID of the attribute for this file
- Returns
- 0 on success, -1 on error
Implements TskImgDB.
References LOGERROR.
|
virtual |
Get information on all of the free sectors in an image.
- Returns
- Info on unallocated runs (or NULL on error). Caller must free this when done.
Implements TskImgDB.
References SectorRuns::addRun(), LOGERROR, LOGINFO, TSK_FS_META_FLAG_UNALLOC, tsk_list_add(), tsk_list_find(), tsk_list_free(), and TSK_VS_PART_FLAG_UNALLOC.
|
virtual |
Return a list of TskFsInfoRecord.
- Parameters
-
fsInfoList A list of TskFsInfoRecord (output)
- Returns
- 0 on success or -1 on error.
Implements TskImgDB.
References LOGERROR.
|
virtual |
Gets the base name of the image, i.e., the file name of the first image path stored in the database.
- Returns
- The name of the image, possibly the empty string if no image paths have been stored.
Implements TskImgDB.
|
virtual |
|
virtual |
|
virtual |
|
protectedvirtual |
|
protectedvirtual |
|
virtual |
Get a list of TskModuleStatus.
- Parameters
-
moduleStatusList A list of TskModuleStatus (output)
- Returns
- 0 on success, -1 on error.
Implements TskImgDB.
References LOGERROR.
|
virtual |
Get a list of TskModuleStatus.
- Parameters
-
moduleStatusList A list of TskModuleStatus (output)
- Returns
- 0 on success, -1 on error.
Implements TskImgDB.
References LOGERROR.
|
virtual |
Get number of files in image.
- Returns
- Number of files in image or -1 on error
Implements TskImgDB.
References getFileCount().
|
virtual |
|
virtual |
|
virtual |
Get the status of the unalloc_img_status table given the unalloc_img_id.
Can throws TskException.
- Parameters
-
unallocImgId unalloc_img_id
- Returns
- TskImgDB::UNALLOC_IMG_STATUS
Implements TskImgDB.
References LOGERROR.
|
virtual |
Given an offset in an unallocated image that was created for carving, return information about where that data came from in the original image.
This is used to map where a carved file is located in the original image.
- Parameters
-
a_unalloc_img_id ID of the unallocated image that you want data about a_file_offset Sector offset where file was found in the unallocated image
- Returns
- NULL on error or a run descriptor.
Implements TskImgDB.
References LOGERROR.
|
virtual |
Returns the file ids and carved file names for a unique set of carved files.
Uniqueness is based on the value of a particular hash type. Where duplicate hash values exist, the lowest file_id is chosen. NOTE: This function is deprecated and will be removed in the next major release, use the getUniqueCarvedFilesInfo() member function instead.
- Parameters
-
hashType The type of hash value to use when determining uniqueness.
- Returns
- A map of file ids to the corresponding carved file name.
Implements TskImgDB.
References LOGERROR, LOGWARN, TskImgDB::MD5, TskImgDB::SHA1, TskImgDB::SHA2_256, and TskImgDB::SHA2_512.
|
virtual |
Returns the file ids, content hashes and, carved file names for a unique set of carved files.
Uniqueness is based on the value of a particular hash type. Where duplicate hash values exist, the lowest file_id is chosen.
- Parameters
-
hashType The type of hash value to use when determining uniqueness.
- Returns
- A map of file ids to the corresponding carved file name. Throws TskException.
Implements TskImgDB.
References LOGWARN, TskImgDB::MD5, TskImgDB::SHA1, TskImgDB::SHA2_256, and TskImgDB::SHA2_512.
|
virtual |
Get unused sector record given a file id.
- Parameters
-
fileId File id of the unused sector. unusedSectorsRecord TskUnusedSectorsRecord (output)
- Returns
- -1 on error, 0 on success.
Implements TskImgDB.
References LOGERROR.
|
virtual |
Return a list of TskVolumeInfoRecord.
- Parameters
-
volumeInfoList A list of TskVolumeInfoRecord (output)
- Returns
- 0 on success or -1 on error.
Implements TskImgDB.
References LOGERROR.
|
virtual |
Open the DB and create the tables.
- Returns
- 1 on error
Implements TskImgDB.
References addArtifactType(), addAttributeType(), LOGERROR, LOGINFO, and open().
|
virtual |
|
virtual |
Opens an existing database.
Use initialize() to create a new one.
- Returns
- 1 on error and 0 on success.
Implements TskImgDB.
References TskSystemProperties::DB_HOST, TskSystemProperties::DB_PORT, TskUtilities::getHostIP(), initializePreparedStatements(), LOGERROR, and LOGINFO.
Referenced by initialize().
|
virtual |
|
virtual |
|
virtual |
|
virtual |
update the known status field in the database for a given file.
- Parameters
-
a_file_id File to update. a_status Status flag to update to.
- Returns
- 1 on error.
Implements TskImgDB.
References TskImgDB::IMGDB_FILES_KNOWN, TskImgDB::IMGDB_FILES_KNOWN_BAD, TskImgDB::IMGDB_FILES_KNOWN_GOOD, TskImgDB::IMGDB_FILES_UNKNOWN, and LOGERROR.
The documentation for this class was generated from the following files:
- framework/tsk/framework/services/TskImgDBPostgreSQL.h
- framework/tsk/framework/services/TskImgDBPostgreSQL.cpp