19 package org.sleuthkit.datamodel;
21 import com.google.common.collect.ImmutableSet;
22 import com.google.common.eventbus.EventBus;
23 import com.mchange.v2.c3p0.ComboPooledDataSource;
24 import com.mchange.v2.c3p0.DataSources;
25 import com.mchange.v2.c3p0.PooledDataSource;
26 import com.zaxxer.sparsebits.SparseBitSet;
27 import java.beans.PropertyVetoException;
28 import java.io.BufferedInputStream;
29 import java.io.BufferedOutputStream;
31 import java.io.FileInputStream;
32 import java.io.FileOutputStream;
33 import java.io.IOException;
34 import java.io.InputStream;
35 import java.io.OutputStream;
36 import java.io.UnsupportedEncodingException;
37 import java.net.InetAddress;
38 import java.net.URLEncoder;
39 import java.nio.charset.StandardCharsets;
40 import java.nio.file.Paths;
41 import java.sql.Connection;
42 import java.sql.DriverManager;
43 import java.sql.PreparedStatement;
44 import java.sql.ResultSet;
45 import java.sql.SQLException;
46 import java.sql.Statement;
47 import java.text.SimpleDateFormat;
48 import java.util.ArrayList;
49 import java.util.Arrays;
50 import java.util.Collection;
51 import java.util.Collections;
52 import java.util.Date;
53 import java.util.EnumMap;
54 import java.util.HashMap;
55 import java.util.HashSet;
56 import java.util.LinkedHashMap;
57 import java.util.List;
59 import java.util.MissingResourceException;
60 import java.util.Properties;
61 import java.util.ResourceBundle;
63 import java.util.UUID;
64 import java.util.concurrent.ConcurrentHashMap;
65 import java.util.concurrent.locks.ReentrantReadWriteLock;
66 import java.util.logging.Level;
67 import java.util.logging.Logger;
68 import org.postgresql.util.PSQLState;
84 import org.sqlite.SQLiteConfig;
85 import org.sqlite.SQLiteDataSource;
86 import org.sqlite.SQLiteJDBCLoader;
94 private static final int MAX_DB_NAME_LEN_BEFORE_TIMESTAMP = 47;
103 private static final long BASE_ARTIFACT_ID = Long.MIN_VALUE;
104 private static final Logger logger = Logger.getLogger(
SleuthkitCase.class.getName());
105 private static final ResourceBundle bundle = ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle");
106 private static final int IS_REACHABLE_TIMEOUT_MS = 1000;
107 private static final String SQL_ERROR_CONNECTION_GROUP =
"08";
108 private static final String SQL_ERROR_AUTHENTICATION_GROUP =
"28";
109 private static final String SQL_ERROR_PRIVILEGE_GROUP =
"42";
110 private static final String SQL_ERROR_RESOURCE_GROUP =
"53";
111 private static final String SQL_ERROR_LIMIT_GROUP =
"54";
112 private static final String SQL_ERROR_INTERNAL_GROUP =
"xx";
113 private static final int MIN_USER_DEFINED_TYPE_ID = 10000;
115 private static final Set<String> CORE_TABLE_NAMES = ImmutableSet.of(
117 "tsk_event_descriptions",
130 "tsk_files_derived_method",
133 "blackboard_artifact_tags",
134 "blackboard_artifacts",
135 "blackboard_attributes",
136 "blackboard_artifact_types",
137 "blackboard_attribute_types",
139 "file_encoding_types",
140 "ingest_module_types",
141 "ingest_job_status_types",
144 "ingest_job_modules",
147 "account_relationships",
151 private static final Set<String> CORE_INDEX_NAMES = ImmutableSet.of(
155 "artifact_artifact_objID",
160 "relationships_account1",
161 "relationships_account2",
162 "relationships_relationship_source_obj_id",
163 "relationships_date_time",
164 "relationships_relationship_type",
165 "relationships_data_source_obj_id",
168 "events_data_source_obj_id",
169 "events_file_obj_id",
170 "events_artifact_id");
172 private static final String TSK_VERSION_KEY =
"TSK_VER";
173 private static final String SCHEMA_MAJOR_VERSION_KEY =
"SCHEMA_MAJOR_VERSION";
174 private static final String SCHEMA_MINOR_VERSION_KEY =
"SCHEMA_MINOR_VERSION";
175 private static final String CREATION_SCHEMA_MAJOR_VERSION_KEY =
"CREATION_SCHEMA_MAJOR_VERSION";
176 private static final String CREATION_SCHEMA_MINOR_VERSION_KEY =
"CREATION_SCHEMA_MINOR_VERSION";
178 private final ConnectionPool connections;
179 private final Map<Long, VirtualDirectory> rootIdsToCarvedFileDirs =
new HashMap<>();
180 private final Map<Long, FileSystem> fileSystemIdMap =
new HashMap<>();
181 private final List<ErrorObserver> sleuthkitCaseErrorObservers =
new ArrayList<>();
182 private final String databaseName;
183 private final String dbPath;
184 private final DbType dbType;
185 private final String caseDirPath;
187 private final String caseHandleIdentifier;
188 private String dbBackupPath;
199 private final Map<Long, SparseBitSet> hasChildrenBitSetMap =
new HashMap<>();
201 private long nextArtifactId;
206 private final ReentrantReadWriteLock rwLock =
new ReentrantReadWriteLock(
true);
214 private final Map<String, Set<Long>> deviceIdToDatasourceObjIdMap =
new HashMap<>();
216 private final EventBus eventBus =
new EventBus(
"SleuthkitCase-EventBus");
219 eventBus.register(listener);
223 eventBus.unregister(listener);
226 void fireTSKEvent(Object event) {
227 eventBus.post(event);
231 private final Map<Long, Content> frequentlyUsedContentMap =
new HashMap<>();
233 private Examiner cachedCurrentExaminer = null;
236 Properties p =
new Properties(System.getProperties());
237 p.put(
"com.mchange.v2.log.MLog",
"com.mchange.v2.log.FallbackMLog");
238 p.put(
"com.mchange.v2.log.FallbackMLog.DEFAULT_CUTOFF_LEVEL",
"SEVERE");
239 System.setProperties(p);
258 if (info.getHost() == null || info.getHost().isEmpty()) {
259 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingHostname"));
260 }
else if (info.getPort() == null || info.getPort().isEmpty()) {
261 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingPort"));
262 }
else if (info.getUserName() == null || info.getUserName().isEmpty()) {
263 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingUsername"));
264 }
else if (info.getPassword() == null || info.getPassword().isEmpty()) {
265 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingPassword"));
269 Class.forName(
"org.postgresql.Driver");
270 Connection conn = DriverManager.getConnection(
"jdbc:postgresql://" + info.getHost() +
":" + info.getPort() +
"/postgres", info.getUserName(), info.getPassword());
274 }
catch (SQLException ex) {
276 String sqlState = ex.getSQLState().toLowerCase();
277 if (sqlState.startsWith(SQL_ERROR_CONNECTION_GROUP)) {
279 if (InetAddress.getByName(info.getHost()).isReachable(IS_REACHABLE_TIMEOUT_MS)) {
281 result = bundle.getString(
"DatabaseConnectionCheck.Port");
283 result = bundle.getString(
"DatabaseConnectionCheck.HostnameOrPort");
285 }
catch (IOException | MissingResourceException any) {
287 result = bundle.getString(
"DatabaseConnectionCheck.Everything");
289 }
else if (sqlState.startsWith(SQL_ERROR_AUTHENTICATION_GROUP)) {
290 result = bundle.getString(
"DatabaseConnectionCheck.Authentication");
291 }
else if (sqlState.startsWith(SQL_ERROR_PRIVILEGE_GROUP)) {
292 result = bundle.getString(
"DatabaseConnectionCheck.Access");
293 }
else if (sqlState.startsWith(SQL_ERROR_RESOURCE_GROUP)) {
294 result = bundle.getString(
"DatabaseConnectionCheck.ServerDiskSpace");
295 }
else if (sqlState.startsWith(SQL_ERROR_LIMIT_GROUP)) {
296 result = bundle.getString(
"DatabaseConnectionCheck.ServerRestart");
297 }
else if (sqlState.startsWith(SQL_ERROR_INTERNAL_GROUP)) {
298 result = bundle.getString(
"DatabaseConnectionCheck.InternalServerIssue");
300 result = bundle.getString(
"DatabaseConnectionCheck.Connection");
303 }
catch (ClassNotFoundException ex) {
304 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.Installation"));
320 Class.forName(
"org.sqlite.JDBC");
321 this.dbPath = dbPath;
322 this.dbType = dbType;
324 this.caseDirPath = dbFile.getParentFile().getAbsolutePath();
325 this.databaseName = dbFile.
getName();
326 this.connections =
new SQLiteConnections(dbPath);
327 this.caseHandle = caseHandle;
328 this.caseHandleIdentifier = caseHandle.getCaseDbIdentifier();
330 logSQLiteJDBCDriverInfo();
350 private SleuthkitCase(String host,
int port, String dbName, String userName, String password, SleuthkitJNI.CaseDbHandle caseHandle, String caseDirPath, DbType dbType)
throws Exception {
352 this.databaseName = dbName;
353 this.dbType = dbType;
354 this.caseDirPath = caseDirPath;
355 this.connections =
new PostgreSQLConnections(host, port, dbName, userName, password);
356 this.caseHandle = caseHandle;
357 this.caseHandleIdentifier = caseHandle.getCaseDbIdentifier();
361 private void init() throws Exception {
362 typeIdToArtifactTypeMap =
new ConcurrentHashMap<>();
363 typeIdToAttributeTypeMap =
new ConcurrentHashMap<>();
364 typeNameToArtifactTypeMap =
new ConcurrentHashMap<>();
365 typeNameToAttributeTypeMap =
new ConcurrentHashMap<>();
371 initBlackboardArtifactTypes();
372 initBlackboardAttributeTypes();
373 initNextArtifactId();
374 updateDatabaseSchema(null);
376 try (CaseDbConnection connection = connections.getConnection()) {
377 initIngestModuleTypes(connection);
378 initIngestStatusTypes(connection);
379 initReviewStatuses(connection);
380 initEncodingTypes(connection);
381 populateHasChildrenMap(connection);
382 updateExaminers(connection);
383 initDBSchemaCreationVersion(connection);
386 blackboard =
new Blackboard(
this);
387 communicationsMgr =
new CommunicationsManager(
this);
388 timelineMgr =
new TimelineManager(
this);
389 dbAccessManager =
new CaseDbAccessManager(
this);
390 taggingMgr =
new TaggingManager(
this);
398 static Set<String> getCoreTableNames() {
399 return CORE_TABLE_NAMES;
407 static Set<String> getCoreIndexNames() {
408 return CORE_INDEX_NAMES;
419 boolean getHasChildren(Content content) {
420 long objId = content.getId();
421 long mapIndex = objId / Integer.MAX_VALUE;
422 int mapValue = (int) (objId % Integer.MAX_VALUE);
424 synchronized (hasChildrenBitSetMap) {
425 if (hasChildrenBitSetMap.containsKey(mapIndex)) {
426 return hasChildrenBitSetMap.get(mapIndex).get(mapValue);
437 private void setHasChildren(Long objId) {
438 long mapIndex = objId / Integer.MAX_VALUE;
439 int mapValue = (int) (objId % Integer.MAX_VALUE);
441 synchronized (hasChildrenBitSetMap) {
442 if (hasChildrenBitSetMap.containsKey(mapIndex)) {
443 hasChildrenBitSetMap.get(mapIndex).set(mapValue);
445 SparseBitSet bitSet =
new SparseBitSet();
446 bitSet.set(mapValue);
447 hasChildrenBitSetMap.put(mapIndex, bitSet);
460 return communicationsMgr;
491 return dbAccessManager;
509 private void initBlackboardArtifactTypes() throws SQLException,
TskCoreException {
510 CaseDbConnection connection = connections.getConnection();
511 Statement statement = null;
512 ResultSet resultSet = null;
515 statement = connection.createStatement();
518 statement.execute(
"INSERT INTO blackboard_artifact_types (artifact_type_id, type_name, display_name) VALUES (" + type.getTypeID() +
" , '" + type.getLabel() +
"', '" + type.getDisplayName() +
"')");
519 }
catch (SQLException ex) {
520 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) AS count FROM blackboard_artifact_types WHERE artifact_type_id = '" + type.getTypeID() +
"'");
522 if (resultSet.getLong(
"count") == 0) {
528 this.typeIdToArtifactTypeMap.put(type.getTypeID(),
new BlackboardArtifact.Type(type));
529 this.typeNameToArtifactTypeMap.put(type.getLabel(),
new BlackboardArtifact.Type(type));
532 int newPrimaryKeyIndex = Collections.max(Arrays.asList(ARTIFACT_TYPE.values())).getTypeID() + 1;
533 statement.execute(
"ALTER SEQUENCE blackboard_artifact_types_artifact_type_id_seq RESTART WITH " + newPrimaryKeyIndex);
536 closeResultSet(resultSet);
537 closeStatement(statement);
550 private void initBlackboardAttributeTypes() throws SQLException, TskCoreException {
551 CaseDbConnection connection = connections.getConnection();
552 Statement statement = null;
553 ResultSet resultSet = null;
556 statement = connection.createStatement();
557 for (ATTRIBUTE_TYPE type : ATTRIBUTE_TYPE.values()) {
559 statement.execute(
"INSERT INTO blackboard_attribute_types (attribute_type_id, type_name, display_name, value_type) VALUES (" + type.getTypeID() +
", '" + type.getLabel() +
"', '" + type.getDisplayName() +
"', '" + type.getValueType().getType() +
"')");
560 }
catch (SQLException ex) {
561 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) AS count FROM blackboard_attribute_types WHERE attribute_type_id = '" + type.getTypeID() +
"'");
563 if (resultSet.getLong(
"count") == 0) {
569 this.typeIdToAttributeTypeMap.put(type.getTypeID(),
new BlackboardAttribute.Type(type));
570 this.typeNameToAttributeTypeMap.put(type.getLabel(),
new BlackboardAttribute.Type(type));
573 int newPrimaryKeyIndex = Collections.max(Arrays.asList(ATTRIBUTE_TYPE.values())).getTypeID() + 1;
574 statement.execute(
"ALTER SEQUENCE blackboard_attribute_types_attribute_type_id_seq RESTART WITH " + newPrimaryKeyIndex);
577 closeResultSet(resultSet);
578 closeStatement(statement);
593 private void initNextArtifactId() throws SQLException, TskCoreException {
594 CaseDbConnection connection = connections.getConnection();
595 Statement statement = null;
596 ResultSet resultSet = null;
599 statement = connection.createStatement();
600 resultSet = connection.executeQuery(statement,
"SELECT MAX(artifact_id) AS max_artifact_id FROM blackboard_artifacts");
602 this.nextArtifactId = resultSet.getLong(
"max_artifact_id") + 1;
603 if (this.nextArtifactId == 1) {
604 this.nextArtifactId = BASE_ARTIFACT_ID;
607 closeResultSet(resultSet);
608 closeStatement(statement);
621 private void initIngestModuleTypes(CaseDbConnection connection)
throws SQLException, TskCoreException {
622 Statement statement = null;
623 ResultSet resultSet = null;
626 statement = connection.createStatement();
627 for (IngestModuleType type : IngestModuleType.values()) {
629 statement.execute(
"INSERT INTO ingest_module_types (type_id, type_name) VALUES (" + type.ordinal() +
", '" + type.toString() +
"');");
630 }
catch (SQLException ex) {
631 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM ingest_module_types WHERE type_id = " + type.ordinal() +
";");
633 if (resultSet.getLong(
"count") == 0) {
641 closeResultSet(resultSet);
642 closeStatement(statement);
654 private void initIngestStatusTypes(CaseDbConnection connection)
throws SQLException, TskCoreException {
655 Statement statement = null;
656 ResultSet resultSet = null;
659 statement = connection.createStatement();
660 for (IngestJobStatusType type : IngestJobStatusType.values()) {
662 statement.execute(
"INSERT INTO ingest_job_status_types (type_id, type_name) VALUES (" + type.ordinal() +
", '" + type.toString() +
"');");
663 }
catch (SQLException ex) {
664 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM ingest_job_status_types WHERE type_id = " + type.ordinal() +
";");
666 if (resultSet.getLong(
"count") == 0) {
674 closeResultSet(resultSet);
675 closeStatement(statement);
686 private void initReviewStatuses(CaseDbConnection connection)
throws SQLException, TskCoreException {
687 Statement statement = null;
688 ResultSet resultSet = null;
691 statement = connection.createStatement();
692 for (BlackboardArtifact.ReviewStatus status : BlackboardArtifact.ReviewStatus.values()) {
694 statement.execute(
"INSERT INTO review_statuses (review_status_id, review_status_name, display_name) "
695 +
"VALUES (" + status.getID() +
",'" + status.getName() +
"','" + status.getDisplayName() +
"')");
696 }
catch (SQLException ex) {
697 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM review_statuses WHERE review_status_id = " + status.getID());
699 if (resultSet.getLong(
"count") == 0) {
707 closeResultSet(resultSet);
708 closeStatement(statement);
720 private void initEncodingTypes(CaseDbConnection connection)
throws SQLException, TskCoreException {
721 Statement statement = null;
722 ResultSet resultSet = null;
725 statement = connection.createStatement();
726 for (TskData.EncodingType type : TskData.EncodingType.values()) {
728 statement.execute(
"INSERT INTO file_encoding_types (encoding_type, name) VALUES (" + type.getType() +
" , '" + type.name() +
"')");
729 }
catch (SQLException ex) {
730 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM file_encoding_types WHERE encoding_type = " + type.getType());
732 if (resultSet.getLong(
"count") == 0) {
740 closeResultSet(resultSet);
741 closeStatement(statement);
754 private void updateExaminers(CaseDbConnection connection)
throws SQLException, TskCoreException {
756 String loginName = System.getProperty(
"user.name");
757 if (loginName.isEmpty()) {
758 logger.log(Level.SEVERE,
"Cannot determine logged in user name");
764 PreparedStatement statement;
767 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_EXAMINER_POSTGRESQL);
770 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_EXAMINER_SQLITE);
773 throw new TskCoreException(
"Unknown DB Type: " +
getDatabaseType().name());
775 statement.clearParameters();
776 statement.setString(1, loginName);
777 connection.executeUpdate(statement);
778 }
catch (SQLException ex) {
779 throw new TskCoreException(
"Error inserting row in tsk_examiners. login name: " + loginName, ex);
792 private void populateHasChildrenMap(CaseDbConnection connection)
throws TskCoreException {
793 long timestamp = System.currentTimeMillis();
795 Statement statement = null;
796 ResultSet resultSet = null;
799 statement = connection.createStatement();
800 resultSet = statement.executeQuery(
"select distinct par_obj_id from tsk_objects");
802 synchronized (hasChildrenBitSetMap) {
803 while (resultSet.next()) {
804 setHasChildren(resultSet.getLong(
"par_obj_id"));
807 long delay = System.currentTimeMillis() - timestamp;
808 logger.log(Level.INFO,
"Time to initialize parent node cache: {0} ms", delay);
809 }
catch (SQLException ex) {
810 throw new TskCoreException(
"Error populating parent node cache", ex);
812 closeResultSet(resultSet);
813 closeStatement(statement);
824 void addDataSourceToHasChildrenMap() throws TskCoreException {
826 CaseDbConnection connection = connections.getConnection();
828 populateHasChildrenMap(connection);
830 if (connection != null) {
845 private void updateDatabaseSchema(String dbPath)
throws Exception {
846 CaseDbConnection connection = connections.getConnection();
847 ResultSet resultSet = null;
848 Statement statement = null;
851 connection.beginTransaction();
853 boolean hasMinorVersion =
false;
854 ResultSet columns = connection.getConnection().getMetaData().getColumns(null, null,
"tsk_db_info",
"schema%");
855 while (columns.next()) {
856 if (columns.getString(
"COLUMN_NAME").equals(
"schema_minor_ver")) {
857 hasMinorVersion =
true;
862 int dbSchemaMajorVersion;
863 int dbSchemaMinorVersion = 0;
865 statement = connection.createStatement();
866 resultSet = connection.executeQuery(statement,
"SELECT schema_ver"
867 + (hasMinorVersion ?
", schema_minor_ver" :
"")
868 +
" FROM tsk_db_info");
869 if (resultSet.next()) {
870 dbSchemaMajorVersion = resultSet.getInt(
"schema_ver");
871 if (hasMinorVersion) {
873 dbSchemaMinorVersion = resultSet.getInt(
"schema_minor_ver");
876 throw new TskCoreException();
878 CaseDbSchemaVersionNumber dbSchemaVersion =
new CaseDbSchemaVersionNumber(dbSchemaMajorVersion, dbSchemaMinorVersion);
885 if (
false == CURRENT_DB_SCHEMA_VERSION.
isCompatible(dbSchemaVersion)) {
887 throw new TskUnsupportedSchemaVersionException(
888 "Unsupported DB schema version " + dbSchemaVersion +
", the highest supported schema version is " + CURRENT_DB_SCHEMA_VERSION.
getMajor() +
".X");
889 }
else if (dbSchemaVersion.compareTo(CURRENT_DB_SCHEMA_VERSION) < 0) {
892 if (null != dbPath) {
895 String backupFilePath = dbPath +
".schemaVer" + dbSchemaVersion.toString() +
".backup";
897 dbBackupPath = backupFilePath;
904 dbSchemaVersion = updateFromSchema2toSchema3(dbSchemaVersion, connection);
905 dbSchemaVersion = updateFromSchema3toSchema4(dbSchemaVersion, connection);
906 dbSchemaVersion = updateFromSchema4toSchema5(dbSchemaVersion, connection);
907 dbSchemaVersion = updateFromSchema5toSchema6(dbSchemaVersion, connection);
908 dbSchemaVersion = updateFromSchema6toSchema7(dbSchemaVersion, connection);
909 dbSchemaVersion = updateFromSchema7toSchema7dot1(dbSchemaVersion, connection);
910 dbSchemaVersion = updateFromSchema7dot1toSchema7dot2(dbSchemaVersion, connection);
911 dbSchemaVersion = updateFromSchema7dot2toSchema8dot0(dbSchemaVersion, connection);
912 dbSchemaVersion = updateFromSchema8dot0toSchema8dot1(dbSchemaVersion, connection);
913 dbSchemaVersion = updateFromSchema8dot1toSchema8dot2(dbSchemaVersion, connection);
914 dbSchemaVersion = updateFromSchema8dot2toSchema8dot3(dbSchemaVersion, connection);
915 dbSchemaVersion = updateFromSchema8dot3toSchema8dot4(dbSchemaVersion, connection);
916 dbSchemaVersion = updateFromSchema8dot4toSchema8dot5(dbSchemaVersion, connection);
917 statement = connection.createStatement();
918 connection.executeUpdate(statement,
"UPDATE tsk_db_info SET schema_ver = " + dbSchemaVersion.getMajor() +
", schema_minor_ver = " + dbSchemaVersion.getMinor());
919 connection.executeUpdate(statement,
"UPDATE tsk_db_info_extended SET value = " + dbSchemaVersion.getMajor() +
" WHERE name = '" + SCHEMA_MAJOR_VERSION_KEY +
"'");
920 connection.executeUpdate(statement,
"UPDATE tsk_db_info_extended SET value = " + dbSchemaVersion.getMinor() +
" WHERE name = '" + SCHEMA_MINOR_VERSION_KEY +
"'");
925 connection.commitTransaction();
926 }
catch (Exception ex) {
927 connection.rollbackTransaction();
930 closeResultSet(resultSet);
931 closeStatement(statement);
944 private void initDBSchemaCreationVersion(CaseDbConnection connection)
throws SQLException {
946 Statement statement = null;
947 ResultSet resultSet = null;
948 String createdSchemaMajorVersion =
"0";
949 String createdSchemaMinorVersion =
"0";
952 statement = connection.createStatement();
953 resultSet = connection.executeQuery(statement,
"SELECT name, value FROM tsk_db_info_extended");
954 while (resultSet.next()) {
955 String name = resultSet.getString(
"name");
956 if (name.equals(CREATION_SCHEMA_MAJOR_VERSION_KEY) || name.equals(
"CREATED_SCHEMA_MAJOR_VERSION")) {
957 createdSchemaMajorVersion = resultSet.getString(
"value");
958 }
else if (name.equals(CREATION_SCHEMA_MINOR_VERSION_KEY) || name.equals(
"CREATED_SCHEMA_MINOR_VERSION")) {
959 createdSchemaMinorVersion = resultSet.getString(
"value");
964 closeResultSet(resultSet);
965 closeStatement(statement);
969 caseDBSchemaCreationVersion =
new CaseDbSchemaVersionNumber(Integer.parseInt(createdSchemaMajorVersion), Integer.parseInt(createdSchemaMinorVersion));
981 public void copyCaseDB(String newDBPath)
throws IOException {
982 if (dbPath.isEmpty()) {
983 throw new IOException(
"Copying case database files is not supported for this type of case database");
985 InputStream in = null;
986 OutputStream out = null;
989 InputStream inFile =
new FileInputStream(dbPath);
990 in =
new BufferedInputStream(inFile);
991 OutputStream outFile =
new FileOutputStream(newDBPath);
992 out =
new BufferedOutputStream(outFile);
993 int bytesRead = in.read();
994 while (bytesRead != -1) {
995 out.write(bytesRead);
996 bytesRead = in.read();
1007 }
catch (IOException e) {
1008 logger.log(Level.WARNING,
"Could not close streams after db copy", e);
1017 private void logSQLiteJDBCDriverInfo() {
1019 SleuthkitCase.logger.info(String.format(
"sqlite-jdbc version %s loaded in %s mode",
1020 SQLiteJDBCLoader.getVersion(), SQLiteJDBCLoader.isNativeMode()
1021 ?
"native" :
"pure-java"));
1022 }
catch (Exception ex) {
1023 SleuthkitCase.logger.log(Level.SEVERE,
"Error querying case database mode", ex);
1040 @SuppressWarnings(
"deprecation")
1041 private CaseDbSchemaVersionNumber updateFromSchema2toSchema3(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection) throws SQLException, TskCoreException {
1042 if (schemaVersion.getMajor() != 2) {
1043 return schemaVersion;
1045 Statement statement = null;
1046 Statement updateStatement = null;
1047 ResultSet resultSet = null;
1050 statement = connection.createStatement();
1053 statement.execute(
"CREATE TABLE tag_names (tag_name_id INTEGER PRIMARY KEY, display_name TEXT UNIQUE, description TEXT NOT NULL, color TEXT NOT NULL)");
1054 statement.execute(
"CREATE TABLE content_tags (tag_id INTEGER PRIMARY KEY, obj_id INTEGER NOT NULL, tag_name_id INTEGER NOT NULL, comment TEXT NOT NULL, begin_byte_offset INTEGER NOT NULL, end_byte_offset INTEGER NOT NULL)");
1055 statement.execute(
"CREATE TABLE blackboard_artifact_tags (tag_id INTEGER PRIMARY KEY, artifact_id INTEGER NOT NULL, tag_name_id INTEGER NOT NULL, comment TEXT NOT NULL)");
1058 statement.execute(
"CREATE TABLE reports (report_id INTEGER PRIMARY KEY, path TEXT NOT NULL, crtime INTEGER NOT NULL, src_module_name TEXT NOT NULL, report_name TEXT NOT NULL)");
1061 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN size INTEGER;");
1062 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN md5 TEXT;");
1063 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN display_name TEXT;");
1066 statement.execute(
"ALTER TABLE tsk_fs_info ADD COLUMN display_name TEXT;");
1069 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN meta_seq INTEGER;");
1074 statement.execute(
"ALTER TABLE blackboard_attributes ADD COLUMN artifact_type_id INTEGER NULL NOT NULL DEFAULT -1;");
1075 statement.execute(
"CREATE INDEX attribute_artifactTypeId ON blackboard_attributes(artifact_type_id);");
1076 statement.execute(
"CREATE INDEX attribute_valueText ON blackboard_attributes(value_text);");
1077 statement.execute(
"CREATE INDEX attribute_valueInt32 ON blackboard_attributes(value_int32);");
1078 statement.execute(
"CREATE INDEX attribute_valueInt64 ON blackboard_attributes(value_int64);");
1079 statement.execute(
"CREATE INDEX attribute_valueDouble ON blackboard_attributes(value_double);");
1080 resultSet = statement.executeQuery(
"SELECT attrs.artifact_id AS artifact_id, "
1081 +
"arts.artifact_type_id AS artifact_type_id "
1082 +
"FROM blackboard_attributes AS attrs "
1083 +
"INNER JOIN blackboard_artifacts AS arts "
1084 +
"WHERE attrs.artifact_id = arts.artifact_id;");
1085 updateStatement = connection.createStatement();
1086 while (resultSet.next()) {
1087 long artifactId = resultSet.getLong(
"artifact_id");
1088 int artifactTypeId = resultSet.getInt(
"artifact_type_id");
1089 updateStatement.executeUpdate(
1090 "UPDATE blackboard_attributes "
1091 +
"SET artifact_type_id = " + artifactTypeId
1092 +
" WHERE blackboard_attributes.artifact_id = " + artifactId +
";");
1101 HashMap<String, TagName> tagNames =
new HashMap<String, TagName>();
1105 String comment =
"";
1107 for (BlackboardAttribute attribute : attributes) {
1108 if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()) {
1109 name = attribute.getValueString();
1110 }
else if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID()) {
1111 comment = attribute.getValueString();
1114 if (!name.isEmpty()) {
1116 if (tagNames.containsKey(name)) {
1117 tagName = tagNames.get(name);
1119 tagName =
addTagName(name,
"", TagName.HTML_COLOR.NONE);
1120 tagNames.put(name, tagName);
1122 addContentTag(content, tagName, comment, 0, content.getSize() - 1);
1126 long taggedArtifactId = -1;
1128 String comment =
"";
1130 for (BlackboardAttribute attribute : attributes) {
1131 if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()) {
1132 name = attribute.getValueString();
1133 }
else if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID()) {
1134 comment = attribute.getValueString();
1135 }
else if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID()) {
1136 taggedArtifactId = attribute.getValueLong();
1139 if (taggedArtifactId != -1 && !name.isEmpty()) {
1141 if (tagNames.containsKey(name)) {
1142 tagName = tagNames.get(name);
1144 tagName =
addTagName(name,
"", TagName.HTML_COLOR.NONE);
1145 tagNames.put(name, tagName);
1151 "DELETE FROM blackboard_attributes WHERE artifact_id IN "
1152 +
"(SELECT artifact_id FROM blackboard_artifacts WHERE artifact_type_id = "
1153 + ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID()
1154 +
" OR artifact_type_id = " + ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID() +
");");
1156 "DELETE FROM blackboard_artifacts WHERE artifact_type_id = "
1157 + ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID()
1158 +
" OR artifact_type_id = " + ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID() +
";");
1160 return new CaseDbSchemaVersionNumber(3, 0);
1162 closeStatement(updateStatement);
1163 closeResultSet(resultSet);
1164 closeStatement(statement);
1183 private CaseDbSchemaVersionNumber updateFromSchema3toSchema4(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1184 if (schemaVersion.getMajor() != 3) {
1185 return schemaVersion;
1188 Statement statement = null;
1189 ResultSet resultSet = null;
1190 Statement queryStatement = null;
1191 ResultSet queryResultSet = null;
1192 Statement updateStatement = null;
1197 statement = connection.createStatement();
1198 updateStatement = connection.createStatement();
1199 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN mime_type TEXT;");
1200 resultSet = statement.executeQuery(
"SELECT files.obj_id AS obj_id, attrs.value_text AS value_text "
1201 +
"FROM tsk_files AS files, blackboard_attributes AS attrs, blackboard_artifacts AS arts "
1202 +
"WHERE files.obj_id = arts.obj_id AND "
1203 +
"arts.artifact_id = attrs.artifact_id AND "
1204 +
"arts.artifact_type_id = 1 AND "
1205 +
"attrs.attribute_type_id = 62");
1206 while (resultSet.next()) {
1207 updateStatement.executeUpdate(
1209 +
"SET mime_type = '" + resultSet.getString(
"value_text") +
"' "
1210 +
"WHERE tsk_files.obj_id = " + resultSet.getInt(
"obj_id") +
";");
1215 statement.execute(
"ALTER TABLE blackboard_attribute_types ADD COLUMN value_type INTEGER NOT NULL DEFAULT -1;");
1216 resultSet = statement.executeQuery(
"SELECT * FROM blackboard_attribute_types AS types");
1217 while (resultSet.next()) {
1218 int attributeTypeId = resultSet.getInt(
"attribute_type_id");
1219 String attributeLabel = resultSet.getString(
"type_name");
1220 if (attributeTypeId < MIN_USER_DEFINED_TYPE_ID) {
1221 updateStatement.executeUpdate(
1222 "UPDATE blackboard_attribute_types "
1223 +
"SET value_type = " + ATTRIBUTE_TYPE.fromLabel(attributeLabel).getValueType().getType() +
" "
1224 +
"WHERE blackboard_attribute_types.attribute_type_id = " + attributeTypeId +
";");
1230 queryStatement = connection.createStatement();
1231 statement.execute(
"CREATE TABLE data_source_info (obj_id INTEGER PRIMARY KEY, device_id TEXT NOT NULL, time_zone TEXT NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id));");
1232 resultSet = statement.executeQuery(
"SELECT * FROM tsk_objects WHERE par_obj_id IS NULL");
1233 while (resultSet.next()) {
1234 long objectId = resultSet.getLong(
"obj_id");
1235 String timeZone =
"";
1236 queryResultSet = queryStatement.executeQuery(
"SELECT tzone FROM tsk_image_info WHERE obj_id = " + objectId);
1237 if (queryResultSet.next()) {
1238 timeZone = queryResultSet.getString(
"tzone");
1240 queryResultSet.close();
1241 updateStatement.executeUpdate(
"INSERT INTO data_source_info (obj_id, device_id, time_zone) "
1242 +
"VALUES(" + objectId +
", '" + UUID.randomUUID().toString() +
"' , '" + timeZone +
"');");
1256 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN data_source_obj_id BIGINT NOT NULL DEFAULT -1;");
1257 resultSet = statement.executeQuery(
"SELECT tsk_files.obj_id AS obj_id, par_obj_id FROM tsk_files, tsk_objects WHERE tsk_files.obj_id = tsk_objects.obj_id");
1258 while (resultSet.next()) {
1259 long fileId = resultSet.getLong(
"obj_id");
1260 long dataSourceId = getDataSourceObjectId(connection, fileId);
1261 updateStatement.executeUpdate(
"UPDATE tsk_files SET data_source_obj_id = " + dataSourceId +
" WHERE obj_id = " + fileId +
";");
1264 statement.execute(
"CREATE TABLE ingest_module_types (type_id INTEGER PRIMARY KEY, type_name TEXT NOT NULL)");
1265 statement.execute(
"CREATE TABLE ingest_job_status_types (type_id INTEGER PRIMARY KEY, type_name TEXT NOT NULL)");
1266 if (this.dbType.equals(DbType.SQLITE)) {
1267 statement.execute(
"CREATE TABLE ingest_modules (ingest_module_id INTEGER PRIMARY KEY, display_name TEXT NOT NULL, unique_name TEXT UNIQUE NOT NULL, type_id INTEGER NOT NULL, version TEXT NOT NULL, FOREIGN KEY(type_id) REFERENCES ingest_module_types(type_id));");
1268 statement.execute(
"CREATE TABLE ingest_jobs (ingest_job_id INTEGER PRIMARY KEY, obj_id BIGINT NOT NULL, host_name TEXT NOT NULL, start_date_time BIGINT NOT NULL, end_date_time BIGINT NOT NULL, status_id INTEGER NOT NULL, settings_dir TEXT, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(status_id) REFERENCES ingest_job_status_types(type_id));");
1270 statement.execute(
"CREATE TABLE ingest_modules (ingest_module_id BIGSERIAL PRIMARY KEY, display_name TEXT NOT NULL, unique_name TEXT UNIQUE NOT NULL, type_id INTEGER NOT NULL, version TEXT NOT NULL, FOREIGN KEY(type_id) REFERENCES ingest_module_types(type_id));");
1271 statement.execute(
"CREATE TABLE ingest_jobs (ingest_job_id BIGSERIAL PRIMARY KEY, obj_id BIGINT NOT NULL, host_name TEXT NOT NULL, start_date_time BIGINT NOT NULL, end_date_time BIGINT NOT NULL, status_id INTEGER NOT NULL, settings_dir TEXT, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(status_id) REFERENCES ingest_job_status_types(type_id));");
1274 statement.execute(
"CREATE TABLE ingest_job_modules (ingest_job_id INTEGER, ingest_module_id INTEGER, pipeline_position INTEGER, PRIMARY KEY(ingest_job_id, ingest_module_id), FOREIGN KEY(ingest_job_id) REFERENCES ingest_jobs(ingest_job_id), FOREIGN KEY(ingest_module_id) REFERENCES ingest_modules(ingest_module_id));");
1275 initIngestModuleTypes(connection);
1276 initIngestStatusTypes(connection);
1278 return new CaseDbSchemaVersionNumber(4, 0);
1281 closeResultSet(queryResultSet);
1282 closeStatement(queryStatement);
1283 closeStatement(updateStatement);
1284 closeResultSet(resultSet);
1285 closeStatement(statement);
1303 private CaseDbSchemaVersionNumber updateFromSchema4toSchema5(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1304 if (schemaVersion.getMajor() != 4) {
1305 return schemaVersion;
1308 Statement statement = null;
1312 statement = connection.createStatement();
1313 statement.execute(
"CREATE TABLE review_statuses (review_status_id INTEGER PRIMARY KEY, review_status_name TEXT NOT NULL, display_name TEXT NOT NULL)");
1323 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN review_status_id INTEGER NOT NULL DEFAULT " + BlackboardArtifact.ReviewStatus.UNDECIDED.getID());
1326 statement.execute(
"CREATE TABLE file_encoding_types (encoding_type INTEGER PRIMARY KEY, name TEXT NOT NULL);");
1327 initEncodingTypes(connection);
1334 initReviewStatuses(connection);
1339 statement.execute(
"ALTER TABLE tsk_files_path ADD COLUMN encoding_type INTEGER NOT NULL DEFAULT 0;");
1341 return new CaseDbSchemaVersionNumber(5, 0);
1344 closeStatement(statement);
1362 private CaseDbSchemaVersionNumber updateFromSchema5toSchema6(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1363 if (schemaVersion.getMajor() != 5) {
1364 return schemaVersion;
1371 Statement statement = null;
1372 ResultSet resultSet = null;
1378 statement = connection.createStatement();
1379 statement.execute(
"CREATE TABLE IF NOT EXISTS review_statuses (review_status_id INTEGER PRIMARY KEY, review_status_name TEXT NOT NULL, display_name TEXT NOT NULL)");
1381 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) AS count FROM review_statuses");
1383 if (resultSet.getLong(
"count") == 0) {
1392 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN review_status_id INTEGER NOT NULL DEFAULT " + BlackboardArtifact.ReviewStatus.UNDECIDED.getID());
1395 return new CaseDbSchemaVersionNumber(6, 0);
1398 closeResultSet(resultSet);
1399 closeStatement(statement);
1417 private CaseDbSchemaVersionNumber updateFromSchema6toSchema7(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1418 if (schemaVersion.getMajor() != 6) {
1419 return schemaVersion;
1425 Statement statement = null;
1426 Statement updstatement = null;
1427 ResultSet resultSet = null;
1430 statement = connection.createStatement();
1431 updstatement = connection.createStatement();
1432 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN extension TEXT");
1434 resultSet = connection.executeQuery(statement,
"SELECT obj_id,name FROM tsk_files");
1435 while (resultSet.next()) {
1436 long objID = resultSet.getLong(
"obj_id");
1437 String name = resultSet.getString(
"name");
1438 updstatement.executeUpdate(
"UPDATE tsk_files SET extension = '" +
escapeSingleQuotes(extractExtension(name)) +
"' "
1439 +
"WHERE obj_id = " + objID);
1442 statement.execute(
"CREATE INDEX file_extension ON tsk_files ( extension )");
1445 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN artifact_obj_id INTEGER NOT NULL DEFAULT -1");
1447 return new CaseDbSchemaVersionNumber(7, 0);
1450 closeResultSet(resultSet);
1451 closeStatement(statement);
1452 closeStatement(updstatement);
1470 private CaseDbSchemaVersionNumber updateFromSchema7toSchema7dot1(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1471 if (schemaVersion.getMajor() != 7) {
1472 return schemaVersion;
1475 if (schemaVersion.getMinor() != 0) {
1476 return schemaVersion;
1482 Statement statement = null;
1483 ResultSet resultSet = null;
1486 statement = connection.createStatement();
1489 if (schemaVersion.getMinor() == 0) {
1491 statement.execute(
"ALTER TABLE tsk_db_info ADD COLUMN schema_minor_ver INTEGER DEFAULT 1");
1493 return new CaseDbSchemaVersionNumber(7, 1);
1496 closeResultSet(resultSet);
1497 closeStatement(statement);
1515 private CaseDbSchemaVersionNumber updateFromSchema7dot1toSchema7dot2(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1516 if (schemaVersion.getMajor() != 7) {
1517 return schemaVersion;
1520 if (schemaVersion.getMinor() != 1) {
1521 return schemaVersion;
1524 Statement statement = null;
1525 Statement updstatement = null;
1526 ResultSet resultSet = null;
1530 statement = connection.createStatement();
1531 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN data_source_obj_id INTEGER NOT NULL DEFAULT -1");
1534 updstatement = connection.createStatement();
1535 resultSet = connection.executeQuery(statement,
"SELECT artifact_id, obj_id FROM blackboard_artifacts");
1536 while (resultSet.next()) {
1537 long artifact_id = resultSet.getLong(
"artifact_id");
1538 long obj_id = resultSet.getLong(
"obj_id");
1539 long data_source_obj_id = getDataSourceObjectId(connection, obj_id);
1540 updstatement.executeUpdate(
"UPDATE blackboard_artifacts SET data_source_obj_id = " + data_source_obj_id +
" "
1541 +
"WHERE artifact_id = " + artifact_id);
1543 closeResultSet(resultSet);
1544 closeStatement(statement);
1545 closeStatement(updstatement);
1550 statement = connection.createStatement();
1551 statement.execute(
"ALTER TABLE tag_names ADD COLUMN knownStatus INTEGER NOT NULL DEFAULT " + TskData.FileKnown.UNKNOWN.getFileKnownValue());
1554 if (this.dbType.equals(DbType.SQLITE)) {
1555 statement.execute(
"CREATE TABLE account_types (account_type_id INTEGER PRIMARY KEY, type_name TEXT UNIQUE NOT NULL, display_name TEXT NOT NULL)");
1556 statement.execute(
"CREATE TABLE accounts (account_id INTEGER PRIMARY KEY, account_type_id INTEGER NOT NULL, account_unique_identifier TEXT NOT NULL, UNIQUE(account_type_id, account_unique_identifier) , FOREIGN KEY(account_type_id) REFERENCES account_types(account_type_id))");
1557 statement.execute(
"CREATE TABLE account_relationships (relationship_id INTEGER PRIMARY KEY, account1_id INTEGER NOT NULL, account2_id INTEGER NOT NULL, relationship_source_obj_id INTEGER NOT NULL, date_time INTEGER, relationship_type INTEGER NOT NULL, data_source_obj_id INTEGER NOT NULL, UNIQUE(account1_id, account2_id, relationship_source_obj_id), FOREIGN KEY(account1_id) REFERENCES accounts(account_id), FOREIGN KEY(account2_id) REFERENCES accounts(account_id), FOREIGN KEY(relationship_source_obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(data_source_obj_id) REFERENCES tsk_objects(obj_id))");
1559 statement.execute(
"CREATE TABLE account_types (account_type_id BIGSERIAL PRIMARY KEY, type_name TEXT UNIQUE NOT NULL, display_name TEXT NOT NULL)");
1560 statement.execute(
"CREATE TABLE accounts (account_id BIGSERIAL PRIMARY KEY, account_type_id INTEGER NOT NULL, account_unique_identifier TEXT NOT NULL, UNIQUE(account_type_id, account_unique_identifier) , FOREIGN KEY(account_type_id) REFERENCES account_types(account_type_id))");
1561 statement.execute(
"CREATE TABLE account_relationships (relationship_id BIGSERIAL PRIMARY KEY, account1_id INTEGER NOT NULL, account2_id INTEGER NOT NULL, relationship_source_obj_id INTEGER NOT NULL, date_time BIGINT, relationship_type INTEGER NOT NULL, data_source_obj_id INTEGER NOT NULL, UNIQUE(account1_id, account2_id, relationship_source_obj_id), FOREIGN KEY(account1_id) REFERENCES accounts(account_id), FOREIGN KEY(account2_id) REFERENCES accounts(account_id), FOREIGN KEY(relationship_source_obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(data_source_obj_id) REFERENCES tsk_objects(obj_id))");
1565 statement.execute(
"CREATE INDEX artifact_artifact_objID ON blackboard_artifacts(artifact_obj_id)");
1566 statement.execute(
"CREATE INDEX relationships_account1 ON account_relationships(account1_id)");
1567 statement.execute(
"CREATE INDEX relationships_account2 ON account_relationships(account2_id)");
1568 statement.execute(
"CREATE INDEX relationships_relationship_source_obj_id ON account_relationships(relationship_source_obj_id)");
1569 statement.execute(
"CREATE INDEX relationships_date_time ON account_relationships(date_time)");
1570 statement.execute(
"CREATE INDEX relationships_relationship_type ON account_relationships(relationship_type)");
1571 statement.execute(
"CREATE INDEX relationships_data_source_obj_id ON account_relationships(data_source_obj_id)");
1573 return new CaseDbSchemaVersionNumber(7, 2);
1575 closeResultSet(resultSet);
1576 closeStatement(statement);
1577 closeStatement(updstatement);
1595 private CaseDbSchemaVersionNumber updateFromSchema7dot2toSchema8dot0(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1596 if (schemaVersion.getMajor() != 7) {
1597 return schemaVersion;
1600 if (schemaVersion.getMinor() != 2) {
1601 return schemaVersion;
1604 Statement updateSchemaStatement = connection.createStatement();
1605 Statement getExistingReportsStatement = connection.createStatement();
1606 ResultSet resultSet = null;
1607 ResultSet existingReports = null;
1615 updateSchemaStatement.execute(
"ALTER TABLE reports RENAME TO old_reports");
1618 updateSchemaStatement.execute(
"CREATE TABLE reports (obj_id BIGSERIAL PRIMARY KEY, path TEXT NOT NULL, crtime INTEGER NOT NULL, src_module_name TEXT NOT NULL, report_name TEXT NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id))");
1621 existingReports = getExistingReportsStatement.executeQuery(
"SELECT * FROM old_reports");
1622 while (existingReports.next()) {
1623 String path = existingReports.getString(2);
1624 long crtime = existingReports.getInt(3);
1625 String sourceModule = existingReports.getString(4);
1626 String reportName = existingReports.getString(5);
1628 PreparedStatement insertObjectStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_OBJECT, Statement.RETURN_GENERATED_KEYS);
1629 insertObjectStatement.clearParameters();
1630 insertObjectStatement.setNull(1, java.sql.Types.BIGINT);
1631 insertObjectStatement.setLong(2, TskData.ObjectType.REPORT.getObjectType());
1632 connection.executeUpdate(insertObjectStatement);
1633 resultSet = insertObjectStatement.getGeneratedKeys();
1634 if (!resultSet.next()) {
1635 throw new TskCoreException(String.format(
"Failed to INSERT report %s (%s) in tsk_objects table", reportName, path));
1637 long objectId = resultSet.getLong(1);
1640 PreparedStatement insertReportStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_REPORT);
1641 insertReportStatement.clearParameters();
1642 insertReportStatement.setLong(1, objectId);
1643 insertReportStatement.setString(2, path);
1644 insertReportStatement.setLong(3, crtime);
1645 insertReportStatement.setString(4, sourceModule);
1646 insertReportStatement.setString(5, reportName);
1647 connection.executeUpdate(insertReportStatement);
1651 updateSchemaStatement.execute(
"DROP TABLE old_reports");
1653 return new CaseDbSchemaVersionNumber(8, 0);
1655 closeResultSet(resultSet);
1656 closeResultSet(existingReports);
1657 closeStatement(updateSchemaStatement);
1658 closeStatement(getExistingReportsStatement);
1676 private CaseDbSchemaVersionNumber updateFromSchema8dot0toSchema8dot1(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1677 if (schemaVersion.getMajor() != 8) {
1678 return schemaVersion;
1681 if (schemaVersion.getMinor() != 0) {
1682 return schemaVersion;
1687 try (Statement statement = connection.createStatement();) {
1689 if (this.dbType.equals(DbType.SQLITE)) {
1690 statement.execute(
"CREATE TABLE tsk_examiners (examiner_id INTEGER PRIMARY KEY, login_name TEXT NOT NULL, display_name TEXT, UNIQUE(login_name) )");
1691 statement.execute(
"ALTER TABLE content_tags ADD COLUMN examiner_id INTEGER REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1692 statement.execute(
"ALTER TABLE blackboard_artifact_tags ADD COLUMN examiner_id INTEGER REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1694 statement.execute(
"CREATE TABLE tsk_examiners (examiner_id BIGSERIAL PRIMARY KEY, login_name TEXT NOT NULL, display_name TEXT, UNIQUE(login_name))");
1695 statement.execute(
"ALTER TABLE content_tags ADD COLUMN examiner_id BIGINT REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1696 statement.execute(
"ALTER TABLE blackboard_artifact_tags ADD COLUMN examiner_id BIGINT REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1699 return new CaseDbSchemaVersionNumber(8, 1);
1718 private CaseDbSchemaVersionNumber updateFromSchema8dot1toSchema8dot2(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1719 if (schemaVersion.getMajor() != 8) {
1720 return schemaVersion;
1723 if (schemaVersion.getMinor() != 1) {
1724 return schemaVersion;
1729 try (Statement statement = connection.createStatement();) {
1730 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN sha1 TEXT DEFAULT NULL");
1731 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN sha256 TEXT DEFAULT NULL");
1733 statement.execute(
"ALTER TABLE data_source_info ADD COLUMN acquisition_details TEXT");
1741 statement.execute(
"CREATE TABLE tsk_db_info_extended (name TEXT PRIMARY KEY, value TEXT NOT NULL)");
1742 ResultSet result = statement.executeQuery(
"SELECT tsk_ver FROM tsk_db_info");
1744 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + TSK_VERSION_KEY +
"', '" + result.getLong(
"tsk_ver") +
"')");
1745 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + SCHEMA_MAJOR_VERSION_KEY +
"', '8')");
1746 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + SCHEMA_MINOR_VERSION_KEY +
"', '2')");
1747 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + CREATION_SCHEMA_MAJOR_VERSION_KEY +
"', '0')");
1748 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + CREATION_SCHEMA_MINOR_VERSION_KEY +
"', '0')");
1750 String primaryKeyType;
1753 primaryKeyType =
"BIGSERIAL";
1756 primaryKeyType =
"INTEGER";
1759 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
1763 statement.execute(
"CREATE TABLE tsk_event_types ("
1764 +
" event_type_id " + primaryKeyType +
" PRIMARY KEY, "
1765 +
" display_name TEXT UNIQUE NOT NULL, "
1766 +
" super_type_id INTEGER REFERENCES tsk_event_types(event_type_id) )");
1767 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1768 +
" values( 0, 'Event Types', null)");
1769 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1770 +
" values(1, 'File System', 0)");
1771 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1772 +
" values(2, 'Web Activity', 0)");
1773 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1774 +
" values(3, 'Misc Types', 0)");
1775 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1776 +
" values(4, 'Modified', 1)");
1777 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1778 +
" values(5, 'Accessed', 1)");
1779 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1780 +
" values(6, 'Created', 1)");
1781 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1782 +
" values(7, 'Changed', 1)");
1785 statement.execute(
"CREATE TABLE tsk_event_descriptions ("
1786 +
" event_description_id " + primaryKeyType +
" PRIMARY KEY, "
1787 +
" full_description TEXT NOT NULL, "
1788 +
" med_description TEXT, "
1789 +
" short_description TEXT,"
1790 +
" data_source_obj_id BIGINT NOT NULL, "
1791 +
" file_obj_id BIGINT NOT NULL, "
1792 +
" artifact_id BIGINT, "
1793 +
" hash_hit INTEGER NOT NULL, "
1794 +
" tagged INTEGER NOT NULL, "
1795 +
" FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id), "
1796 +
" FOREIGN KEY(file_obj_id) REFERENCES tsk_files(obj_id), "
1797 +
" FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id))"
1800 statement.execute(
"CREATE TABLE tsk_events ( "
1801 +
" event_id " + primaryKeyType +
" PRIMARY KEY, "
1802 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
1803 +
" event_description_id BIGINT NOT NULL REFERENCES tsk_event_descriptions(event_description_id) ,"
1804 +
" time INTEGER NOT NULL) "
1808 statement.execute(
"CREATE INDEX events_time ON tsk_events(time)");
1809 statement.execute(
"CREATE INDEX events_type ON tsk_events(event_type_id)");
1810 statement.execute(
"CREATE INDEX events_data_source_obj_id ON tsk_event_descriptions(data_source_obj_id) ");
1811 statement.execute(
"CREATE INDEX events_file_obj_id ON tsk_event_descriptions(file_obj_id) ");
1812 statement.execute(
"CREATE INDEX events_artifact_id ON tsk_event_descriptions(artifact_id) ");
1813 statement.execute(
"CREATE INDEX events_sub_type_time ON tsk_events(event_type_id, time) ");
1814 return new CaseDbSchemaVersionNumber(8, 2);
1834 private CaseDbSchemaVersionNumber updateFromSchema8dot2toSchema8dot3(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1835 if (schemaVersion.getMajor() != 8) {
1836 return schemaVersion;
1839 if (schemaVersion.getMinor() != 2) {
1840 return schemaVersion;
1845 ResultSet resultSet = null;
1847 try (Statement statement = connection.createStatement();) {
1852 String primaryKeyType;
1855 primaryKeyType =
"BIGSERIAL";
1858 primaryKeyType =
"INTEGER";
1861 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
1865 statement.execute(
"CREATE TABLE IF NOT EXISTS tsk_event_types ("
1866 +
" event_type_id " + primaryKeyType +
" PRIMARY KEY, "
1867 +
" display_name TEXT UNIQUE NOT NULL, "
1868 +
" super_type_id INTEGER REFERENCES tsk_event_types(event_type_id) )");
1870 resultSet = statement.executeQuery(
"SELECT * from tsk_event_types");
1874 if (!resultSet.next()) {
1876 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1877 +
" values( 0, 'Event Types', null)");
1878 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1879 +
" values(1, 'File System', 0)");
1880 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1881 +
" values(2, 'Web Activity', 0)");
1882 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1883 +
" values(3, 'Misc Types', 0)");
1884 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1885 +
" values(4, 'Modified', 1)");
1886 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1887 +
" values(5, 'Accessed', 1)");
1888 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1889 +
" values(6, 'Created', 1)");
1890 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1891 +
" values(7, 'Changed', 1)");
1896 statement.execute(
"DROP TABLE IF EXISTS tsk_events");
1900 statement.execute(
"DROP TABLE IF EXISTS tsk_event_descriptions");
1903 statement.execute(
"CREATE TABLE tsk_event_descriptions ("
1904 +
" event_description_id " + primaryKeyType +
" PRIMARY KEY, "
1905 +
" full_description TEXT NOT NULL, "
1906 +
" med_description TEXT, "
1907 +
" short_description TEXT,"
1908 +
" data_source_obj_id BIGINT NOT NULL, "
1909 +
" file_obj_id BIGINT NOT NULL, "
1910 +
" artifact_id BIGINT, "
1911 +
" hash_hit INTEGER NOT NULL, "
1912 +
" tagged INTEGER NOT NULL, "
1913 +
" UNIQUE(full_description, file_obj_id, artifact_id), "
1914 +
" FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id), "
1915 +
" FOREIGN KEY(file_obj_id) REFERENCES tsk_files(obj_id), "
1916 +
" FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id))"
1920 statement.execute(
"CREATE TABLE tsk_events ( "
1921 +
" event_id " + primaryKeyType +
" PRIMARY KEY, "
1922 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
1923 +
" event_description_id BIGINT NOT NULL REFERENCES tsk_event_descriptions(event_description_id) ,"
1924 +
" time INTEGER NOT NULL, "
1925 +
" UNIQUE (event_type_id, event_description_id, time))"
1929 statement.execute(
"UPDATE tsk_db_info_extended SET name = 'CREATION_SCHEMA_MAJOR_VERSION' WHERE name = 'CREATED_SCHEMA_MAJOR_VERSION'");
1930 statement.execute(
"UPDATE tsk_db_info_extended SET name = 'CREATION_SCHEMA_MINOR_VERSION' WHERE name = 'CREATED_SCHEMA_MINOR_VERSION'");
1932 return new CaseDbSchemaVersionNumber(8, 3);
1934 closeResultSet(resultSet);
1960 private CaseDbSchemaVersionNumber updateFromSchema8dot3toSchema8dot4(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1961 if (schemaVersion.getMajor() != 8) {
1962 return schemaVersion;
1965 if (schemaVersion.getMinor() != 3) {
1966 return schemaVersion;
1969 Statement statement = connection.createStatement();
1970 ResultSet results = null;
1977 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
1983 results = statement.executeQuery(
"SELECT column_name FROM information_schema.columns "
1984 +
"WHERE table_name='tsk_event_descriptions' and column_name='file_obj_id'");
1985 if (results.next()) {
1987 statement.execute(
"ALTER TABLE tsk_event_descriptions "
1988 +
"RENAME COLUMN file_obj_id TO content_obj_id");
1992 statement.execute(
"CREATE TABLE temp_tsk_events ( "
1993 +
" event_id BIGSERIAL PRIMARY KEY, "
1994 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
1995 +
" event_description_id BIGINT NOT NULL REFERENCES tsk_event_descriptions(event_description_id),"
1996 +
" time BIGINT NOT NULL, "
1997 +
" UNIQUE (event_type_id, event_description_id, time))"
2001 statement.execute(
"INSERT INTO temp_tsk_events(event_id, event_type_id, "
2002 +
"event_description_id, time) SELECT * FROM tsk_events");
2005 statement.execute(
"DROP TABLE tsk_events");
2008 statement.execute(
"ALTER TABLE temp_tsk_events RENAME TO tsk_events");
2011 statement.execute(
"CREATE INDEX events_data_source_obj_id ON tsk_event_descriptions(data_source_obj_id) ");
2012 statement.execute(
"CREATE INDEX events_content_obj_id ON tsk_event_descriptions(content_obj_id) ");
2013 statement.execute(
"CREATE INDEX events_artifact_id ON tsk_event_descriptions(artifact_id) ");
2014 statement.execute(
"CREATE INDEX events_sub_type_time ON tsk_events(event_type_id, time) ");
2015 statement.execute(
"CREATE INDEX events_time ON tsk_events(time) ");
2019 boolean hasMisnamedColumn =
false;
2020 results = statement.executeQuery(
"pragma table_info('tsk_event_descriptions')");
2021 while (results.next()) {
2022 if (results.getString(
"name") != null && results.getString(
"name").equals(
"file_obj_id")) {
2023 hasMisnamedColumn =
true;
2028 if (hasMisnamedColumn) {
2030 statement.execute(
"CREATE TABLE temp_tsk_event_descriptions ("
2031 +
" event_description_id INTEGER PRIMARY KEY, "
2032 +
" full_description TEXT NOT NULL, "
2033 +
" med_description TEXT, "
2034 +
" short_description TEXT,"
2035 +
" data_source_obj_id BIGINT NOT NULL, "
2036 +
" content_obj_id BIGINT NOT NULL, "
2037 +
" artifact_id BIGINT, "
2038 +
" hash_hit INTEGER NOT NULL, "
2039 +
" tagged INTEGER NOT NULL, "
2040 +
" UNIQUE(full_description, content_obj_id, artifact_id), "
2041 +
" FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id), "
2042 +
" FOREIGN KEY(content_obj_id) REFERENCES tsk_files(obj_id), "
2043 +
" FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id))"
2046 statement.execute(
"CREATE TABLE temp_tsk_events ( "
2047 +
" event_id INTEGER PRIMARY KEY, "
2048 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
2049 +
" event_description_id BIGINT NOT NULL REFERENCES temp_tsk_event_descriptions(event_description_id),"
2050 +
" time INTEGER NOT NULL, "
2051 +
" UNIQUE (event_type_id, event_description_id, time))"
2055 statement.execute(
"INSERT INTO temp_tsk_event_descriptions(event_description_id, full_description, "
2056 +
"med_description, short_description, data_source_obj_id, content_obj_id, artifact_id, "
2057 +
"hash_hit, tagged) SELECT * FROM tsk_event_descriptions");
2059 statement.execute(
"INSERT INTO temp_tsk_events(event_id, event_type_id, "
2060 +
"event_description_id, time) SELECT * FROM tsk_events");
2063 statement.execute(
"DROP TABLE tsk_events");
2064 statement.execute(
"DROP TABLE tsk_event_descriptions");
2067 statement.execute(
"ALTER TABLE temp_tsk_event_descriptions RENAME TO tsk_event_descriptions");
2068 statement.execute(
"ALTER TABLE temp_tsk_events RENAME TO tsk_events");
2071 statement.execute(
"CREATE INDEX events_data_source_obj_id ON tsk_event_descriptions(data_source_obj_id) ");
2072 statement.execute(
"CREATE INDEX events_content_obj_id ON tsk_event_descriptions(content_obj_id) ");
2073 statement.execute(
"CREATE INDEX events_artifact_id ON tsk_event_descriptions(artifact_id) ");
2074 statement.execute(
"CREATE INDEX events_sub_type_time ON tsk_events(event_type_id, time) ");
2075 statement.execute(
"CREATE INDEX events_time ON tsk_events(time) ");
2079 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
2083 if (this.dbType.equals(DbType.SQLITE)) {
2084 statement.execute(
"CREATE TABLE tsk_pool_info (obj_id INTEGER PRIMARY KEY, pool_type INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
2086 statement.execute(
"CREATE TABLE tsk_pool_info (obj_id BIGSERIAL PRIMARY KEY, pool_type INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
2090 insertAccountTypeIfNotExists(statement,
"IMO",
"IMO");
2091 insertAccountTypeIfNotExists(statement,
"LINE",
"LINE");
2092 insertAccountTypeIfNotExists(statement,
"SKYPE",
"Skype");
2093 insertAccountTypeIfNotExists(statement,
"TANGO",
"Tango");
2094 insertAccountTypeIfNotExists(statement,
"TEXTNOW",
"TextNow");
2095 insertAccountTypeIfNotExists(statement,
"THREEMA",
"ThreeMa");
2096 insertAccountTypeIfNotExists(statement,
"VIBER",
"Viber");
2097 insertAccountTypeIfNotExists(statement,
"XENDER",
"Xender");
2098 insertAccountTypeIfNotExists(statement,
"ZAPYA",
"Zapya");
2099 insertAccountTypeIfNotExists(statement,
"SHAREIT",
"ShareIt");
2101 return new CaseDbSchemaVersionNumber(8, 4);
2103 closeResultSet(results);
2104 closeStatement(statement);
2109 private CaseDbSchemaVersionNumber updateFromSchema8dot4toSchema8dot5(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
2110 if (schemaVersion.getMajor() != 8) {
2111 return schemaVersion;
2114 if (schemaVersion.getMinor() != 4) {
2115 return schemaVersion;
2118 Statement statement = connection.createStatement();
2123 statement.execute(
"CREATE TABLE tsk_tag_sets (tag_set_id BIGSERIAL PRIMARY KEY, name TEXT UNIQUE)");
2124 statement.execute(
"ALTER TABLE tag_names ADD COLUMN tag_set_id BIGINT REFERENCES tsk_tag_sets(tag_set_id)");
2127 statement.execute(
"CREATE TABLE tsk_tag_sets (tag_set_id INTEGER PRIMARY KEY, name TEXT UNIQUE)");
2128 statement.execute(
"ALTER TABLE tag_names ADD COLUMN tag_set_id INTEGER REFERENCES tsk_tag_sets(tag_set_id)");
2132 statement.execute(
"ALTER TABLE tag_names ADD COLUMN rank INTEGER");
2134 String insertStmt =
"INSERT INTO tsk_tag_sets (name) VALUES ('Project VIC')";
2136 statement.execute(insertStmt, Statement.RETURN_GENERATED_KEYS);
2138 statement.execute(insertStmt);
2140 try (ResultSet resultSet = statement.getGeneratedKeys()) {
2141 if (resultSet != null && resultSet.next()) {
2142 int tagSetId = resultSet.getInt(1);
2144 String updateQuery =
"UPDATE tag_names SET tag_set_id = %d, color = '%s', rank = %d, display_name = '%s' WHERE display_name = '%s'";
2145 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Red", 1,
"Child Exploitation (Illegal)",
"CAT-1: Child Exploitation (Illegal)"));
2146 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Lime", 2,
"Child Exploitation (Non-Illegal/Age Difficult)",
"CAT-2: Child Exploitation (Non-Illegal/Age Difficult)"));
2147 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Yellow", 3,
"CGI/Animation (Child Exploitive)",
"CAT-3: CGI/Animation (Child Exploitive)"));
2148 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Purple", 4,
"Exemplar/Comparison (Internal Use Only)",
"CAT-4: Exemplar/Comparison (Internal Use Only)"));
2149 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Fuchsia", 5,
"Non-pertinent",
"CAT-5: Non-pertinent"));
2151 String
deleteContentTag =
"DELETE FROM content_tags WHERE tag_name_id IN (SELECT tag_name_id from tag_names WHERE display_name LIKE 'CAT-0: Uncategorized')";
2152 String deleteArtifactTag =
"DELETE FROM blackboard_artifact_tags WHERE tag_name_id IN (SELECT tag_name_id from tag_names WHERE display_name LIKE 'CAT-0: Uncategorized')";
2153 String deleteCat0 =
"DELETE FROM tag_names WHERE display_name = 'CAT-0: Uncategorized'";
2154 statement.executeUpdate(deleteContentTag);
2155 statement.executeUpdate(deleteArtifactTag);
2156 statement.executeUpdate(deleteCat0);
2159 throw new TskCoreException(
"Failed to retrieve the default tag_set_id from DB");
2169 statement.execute(
"ALTER TABLE tsk_fs_info ADD COLUMN data_source_obj_id BIGINT NOT NULL DEFAULT -1;");
2172 statement.execute(
"ALTER TABLE tsk_fs_info ADD COLUMN data_source_obj_id INTEGER NOT NULL DEFAULT -1;");
2175 Statement updateStatement = connection.createStatement();
2176 try (ResultSet resultSet = statement.executeQuery(
"SELECT obj_id FROM tsk_fs_info")) {
2177 while (resultSet.next()) {
2178 long fsId = resultSet.getLong(
"obj_id");
2179 long dataSourceId = getDataSourceObjectId(connection, fsId);
2180 updateStatement.executeUpdate(
"UPDATE tsk_fs_info SET data_source_obj_id = " + dataSourceId +
" WHERE obj_id = " + fsId +
";");
2183 closeStatement(updateStatement);
2186 return new CaseDbSchemaVersionNumber(8, 5);
2189 closeStatement(statement);
2205 private void insertAccountTypeIfNotExists(Statement statement, String type_name, String display_name)
throws TskCoreException, SQLException {
2207 String insertSQL = String.format(
"INTO account_types(type_name, display_name) VALUES ('%s', '%s')", type_name, display_name);
2210 insertSQL =
"INSERT " + insertSQL +
" ON CONFLICT DO NOTHING";
2213 insertSQL =
"INSERT OR IGNORE " + insertSQL;
2216 throw new TskCoreException(
"Unknown DB Type: " +
getDatabaseType().name());
2218 statement.execute(insertSQL);
2228 static String extractExtension(
final String fileName) {
2230 int i = fileName.lastIndexOf(
".");
2232 if ((i > 0) && ((i + 1) < fileName.length())) {
2233 ext = fileName.substring(i + 1);
2244 return ext.toLowerCase();
2268 return CURRENT_DB_SCHEMA_VERSION;
2278 return caseDBSchemaCreationVersion;
2297 return dbBackupPath;
2324 return databaseName;
2344 rwLock.writeLock().lock();
2355 rwLock.writeLock().unlock();
2366 rwLock.readLock().lock();
2377 rwLock.readLock().unlock();
2397 }
catch (Exception ex) {
2398 throw new TskCoreException(
"Failed to open case database at " + dbPath, ex);
2428 return new SleuthkitCase(info.getHost(), Integer.parseInt(info.getPort()), databaseName, info.getUserName(), info.getPassword(), caseHandle, caseDir, info.getDbType());
2429 }
catch (PropertyVetoException exp) {
2431 throw new TskCoreException(exp.getMessage(), exp);
2435 }
catch (Exception exp) {
2437 throw new TskCoreException(exp.getMessage(), exp);
2452 CaseDatabaseFactory factory =
new CaseDatabaseFactory(dbPath);
2453 factory.createCaseDatabase();
2457 }
catch (Exception ex) {
2458 throw new TskCoreException(
"Failed to create case database at " + dbPath, ex);
2478 String databaseName = createCaseDataBaseName(caseName);
2492 CaseDatabaseFactory factory =
new CaseDatabaseFactory(databaseName, info);
2493 factory.createCaseDatabase();
2496 return new SleuthkitCase(info.getHost(), Integer.parseInt(info.getPort()),
2497 databaseName, info.getUserName(), info.getPassword(), caseHandle, caseDirPath, info.getDbType());
2498 }
catch (PropertyVetoException exp) {
2500 throw new TskCoreException(exp.getMessage(), exp);
2501 }
catch (Exception exp) {
2503 throw new TskCoreException(exp.getMessage(), exp);
2516 private static String createCaseDataBaseName(String candidateDbName) {
2518 if (!candidateDbName.isEmpty()) {
2522 dbName = candidateDbName.replaceAll(
"[^\\p{ASCII}]",
"_");
2527 dbName = dbName.replaceAll(
"[\\p{Cntrl}]",
"_");
2532 dbName = dbName.replaceAll(
"[ /?:'\"\\\\]",
"_");
2537 dbName = dbName.toLowerCase();
2543 if ((dbName.length() > 0 && !(Character.isLetter(dbName.codePointAt(0))) && !(dbName.codePointAt(0) ==
'_'))) {
2544 dbName =
"_" + dbName;
2551 if (dbName.length() > MAX_DB_NAME_LEN_BEFORE_TIMESTAMP) {
2552 dbName = dbName.substring(0, MAX_DB_NAME_LEN_BEFORE_TIMESTAMP);
2564 SimpleDateFormat dateFormat =
new SimpleDateFormat(
"yyyyMMdd_HHmmss");
2565 Date date =
new Date();
2566 dbName = dbName +
"_" + dateFormat.format(date);
2581 if (cachedCurrentExaminer != null) {
2582 return cachedCurrentExaminer;
2584 String loginName = System.getProperty(
"user.name");
2585 if (loginName == null || loginName.isEmpty()) {
2586 throw new TskCoreException(
"Failed to determine logged in user name.");
2589 CaseDbConnection connection = connections.getConnection();
2591 ResultSet resultSet = null;
2593 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_EXAMINER_BY_LOGIN_NAME);
2594 statement.clearParameters();
2595 statement.setString(1, loginName);
2596 resultSet = connection.executeQuery(statement);
2597 if (resultSet.next()) {
2598 cachedCurrentExaminer =
new Examiner(resultSet.getLong(
"examiner_id"), resultSet.getString(
"login_name"), resultSet.getString(
"display_name"));
2599 return cachedCurrentExaminer;
2601 throw new TskCoreException(
"Error getting examaminer for name = " + loginName);
2604 }
catch (SQLException ex) {
2605 throw new TskCoreException(
"Error getting examaminer for name = " + loginName, ex);
2607 closeResultSet(resultSet);
2623 Examiner getExaminerById(
long id)
throws TskCoreException {
2625 CaseDbConnection connection = connections.getConnection();
2627 ResultSet resultSet = null;
2629 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_EXAMINER_BY_ID);
2630 statement.clearParameters();
2631 statement.setLong(1,
id);
2632 resultSet = connection.executeQuery(statement);
2633 if (resultSet.next()) {
2634 return new Examiner(resultSet.getLong(
"examiner_id"), resultSet.getString(
"login_name"), resultSet.getString(
"full_name"));
2636 throw new TskCoreException(
"Error getting examaminer for id = " +
id);
2638 }
catch (SQLException ex) {
2639 throw new TskCoreException(
"Error getting examaminer for id = " +
id, ex);
2641 closeResultSet(resultSet);
2665 return this.caseHandle.initAddImageProcess(timeZone, addUnallocSpace, noFatFsOrphans, imageCopyPath,
this);
2677 CaseDbConnection connection = connections.getConnection();
2680 ResultSet rs = null;
2682 s = connection.createStatement();
2683 rs = connection.executeQuery(s,
"SELECT obj_id, type FROM tsk_objects "
2684 +
"WHERE par_obj_id IS NULL");
2685 Collection<ObjectInfo> infos =
new ArrayList<ObjectInfo>();
2687 infos.add(
new ObjectInfo(rs.getLong(
"obj_id"),
ObjectType.
valueOf(rs.getShort(
"type"))));
2690 List<Content> rootObjs =
new ArrayList<Content>();
2691 for (ObjectInfo i : infos) {
2692 if (null != i.type) {
2703 throw new TskCoreException(
"Parentless object has wrong type to be a root (ABSTRACTFILE, but not VIRTUAL_DIRECTORY: " + i.type);
2709 throw new TskCoreException(
"Parentless object has wrong type to be a root: " + i.type);
2714 }
catch (SQLException ex) {
2715 throw new TskCoreException(
"Error getting root objects", ex);
2735 List<Long> getDataSourceObjIds(String deviceId)
throws TskCoreException {
2738 synchronized (deviceIdToDatasourceObjIdMap) {
2739 if (deviceIdToDatasourceObjIdMap.containsKey(deviceId)) {
2740 return new ArrayList<Long>(deviceIdToDatasourceObjIdMap.get(deviceId));
2743 CaseDbConnection connection = connections.getConnection();
2746 ResultSet rs = null;
2748 s = connection.createStatement();
2749 rs = connection.executeQuery(s,
"SELECT obj_id FROM data_source_info WHERE device_id = '" + deviceId +
"'");
2750 List<Long> dataSourceObjIds =
new ArrayList<Long>();
2752 dataSourceObjIds.add(rs.getLong(
"obj_id"));
2755 long ds_obj_id = rs.getLong(
"obj_id");
2756 if (deviceIdToDatasourceObjIdMap.containsKey(deviceId)) {
2757 deviceIdToDatasourceObjIdMap.get(deviceId).add(ds_obj_id);
2759 deviceIdToDatasourceObjIdMap.put(deviceId,
new HashSet<Long>(Arrays.asList(ds_obj_id)));
2762 return dataSourceObjIds;
2763 }
catch (SQLException ex) {
2764 throw new TskCoreException(
"Error getting data sources", ex);
2791 CaseDbConnection connection = connections.getConnection();
2793 Statement statement = null;
2794 ResultSet resultSet = null;
2795 Statement statement2 = null;
2796 ResultSet resultSet2 = null;
2798 statement = connection.createStatement();
2799 statement2 = connection.createStatement();
2800 resultSet = connection.executeQuery(statement,
2801 "SELECT ds.obj_id, ds.device_id, ds.time_zone, img.type, img.ssize, img.size, img.md5, img.sha1, img.sha256, img.display_name "
2802 +
"FROM data_source_info AS ds "
2803 +
"LEFT JOIN tsk_image_info AS img "
2804 +
"ON ds.obj_id = img.obj_id");
2806 List<DataSource> dataSourceList =
new ArrayList<DataSource>();
2809 while (resultSet.next()) {
2811 Long objectId = resultSet.getLong(
"obj_id");
2812 String deviceId = resultSet.getString(
"device_id");
2813 String timezone = resultSet.getString(
"time_zone");
2814 String type = resultSet.getString(
"type");
2822 resultSet2 = connection.executeQuery(statement2,
"SELECT name FROM tsk_files WHERE tsk_files.obj_id = " + objectId);
2823 String dsName = (resultSet2.next()) ? resultSet2.getString(
"name") :
"";
2831 String parentPath =
"/";
2832 dataSource =
new LocalFilesDataSource(
this, objectId, objectId, deviceId, dsName, dirType, metaType, dirFlag, metaFlags, timezone, null,
FileKnown.
UNKNOWN, parentPath);
2837 Long ssize = resultSet.getLong(
"ssize");
2838 Long size = resultSet.getLong(
"size");
2839 String md5 = resultSet.getString(
"md5");
2840 String sha1 = resultSet.getString(
"sha1");
2841 String sha256 = resultSet.getString(
"sha256");
2842 String name = resultSet.getString(
"display_name");
2844 List<String> imagePaths = imagePathsMap.get(objectId);
2846 if (imagePaths.size() > 0) {
2847 String path = imagePaths.get(0);
2848 name = (
new java.io.File(path)).getName();
2854 dataSource =
new Image(
this, objectId, Long.valueOf(type), deviceId, ssize, name,
2855 imagePaths.toArray(
new String[imagePaths.size()]), timezone, md5, sha1, sha256, size);
2858 dataSourceList.add(dataSource);
2861 return dataSourceList;
2863 }
catch (SQLException ex) {
2864 throw new TskCoreException(
"Error getting data sources", ex);
2866 closeResultSet(resultSet);
2867 closeStatement(statement);
2868 closeResultSet(resultSet2);
2869 closeStatement(statement2);
2896 CaseDbConnection connection = connections.getConnection();
2898 Statement statement = null;
2899 ResultSet resultSet = null;
2900 Statement statement2 = null;
2901 ResultSet resultSet2 = null;
2903 statement = connection.createStatement();
2904 statement2 = connection.createStatement();
2905 resultSet = connection.executeQuery(statement,
2906 "SELECT ds.device_id, ds.time_zone, img.type, img.ssize, img.size, img.md5, img.sha1, img.sha256, img.display_name "
2907 +
"FROM data_source_info AS ds "
2908 +
"LEFT JOIN tsk_image_info AS img "
2909 +
"ON ds.obj_id = img.obj_id "
2910 +
"WHERE ds.obj_id = " + objectId);
2911 if (resultSet.next()) {
2912 String deviceId = resultSet.getString(
"device_id");
2913 String timezone = resultSet.getString(
"time_zone");
2914 String type = resultSet.getString(
"type");
2922 resultSet2 = connection.executeQuery(statement2,
"SELECT name FROM tsk_files WHERE tsk_files.obj_id = " + objectId);
2923 String dsName = (resultSet2.next()) ? resultSet2.getString(
"name") :
"";
2930 String parentPath =
"/";
2931 dataSource =
new LocalFilesDataSource(
this, objectId, objectId, deviceId, dsName, dirType, metaType, dirFlag, metaFlags, timezone, null,
FileKnown.
UNKNOWN, parentPath);
2936 Long ssize = resultSet.getLong(
"ssize");
2937 Long size = resultSet.getLong(
"size");
2938 String md5 = resultSet.getString(
"md5");
2939 String sha1 = resultSet.getString(
"sha1");
2940 String sha256 = resultSet.getString(
"sha256");
2941 String name = resultSet.getString(
"display_name");
2943 List<String> imagePaths = getImagePathsById(objectId);
2945 if (imagePaths.size() > 0) {
2946 String path = imagePaths.get(0);
2947 name = (
new java.io.File(path)).getName();
2953 dataSource =
new Image(
this, objectId, Long.valueOf(type), deviceId, ssize, name,
2954 imagePaths.toArray(
new String[imagePaths.size()]), timezone, md5, sha1, sha256, size);
2957 throw new TskDataException(String.format(
"There is no data source with obj_id = %d", objectId));
2959 }
catch (SQLException ex) {
2960 throw new TskCoreException(String.format(
"Error getting data source with obj_id = %d", objectId), ex);
2962 closeResultSet(resultSet);
2963 closeStatement(statement);
2964 closeResultSet(resultSet2);
2965 closeStatement(statement2);
2984 return getArtifactsHelper(
"blackboard_artifacts.artifact_type_id = " + artifactTypeID);
2998 CaseDbConnection connection = connections.getConnection();
3000 ResultSet rs = null;
3003 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_FROM_SOURCE);
3004 statement.clearParameters();
3005 statement.setLong(1, objId);
3006 rs = connection.executeQuery(statement);
3009 count = rs.getLong(
"count");
3012 }
catch (SQLException ex) {
3013 throw new TskCoreException(
"Error getting number of blackboard artifacts by content", ex);
3032 CaseDbConnection connection = connections.getConnection();
3034 ResultSet rs = null;
3037 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_OF_TYPE);
3038 statement.clearParameters();
3039 statement.setInt(1, artifactTypeID);
3040 rs = connection.executeQuery(statement);
3043 count = rs.getLong(
"count");
3046 }
catch (SQLException ex) {
3047 throw new TskCoreException(
"Error getting number of blackboard artifacts by type", ex);
3067 CaseDbConnection connection = connections.getConnection();
3069 ResultSet rs = null;
3072 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_OF_TYPE_BY_DATA_SOURCE);
3073 statement.clearParameters();
3074 statement.setInt(2, artifactTypeID);
3075 statement.setLong(1, dataSourceID);
3076 rs = connection.executeQuery(statement);
3079 count = rs.getLong(
"count");
3082 }
catch (SQLException ex) {
3083 throw new TskCoreException(String.format(
"Error getting number of blackboard artifacts by type (%d) and data source (%d)", artifactTypeID, dataSourceID), ex);
3106 CaseDbConnection connection = connections.getConnection();
3109 ResultSet rs = null;
3111 s = connection.createStatement();
3112 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3113 +
"arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3114 +
"types.type_name AS type_name, types.display_name AS display_name, "
3115 +
" arts.review_status_id AS review_status_id "
3116 +
"FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3117 +
"WHERE arts.artifact_id = attrs.artifact_id "
3118 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3119 +
" AND attrs.value_text = '" + value +
"'"
3120 +
" AND types.artifact_type_id=arts.artifact_type_id"
3122 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3124 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3125 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3129 }
catch (SQLException ex) {
3130 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3157 String valSubStr =
"%" + subString;
3158 if (startsWith ==
false) {
3161 CaseDbConnection connection = connections.getConnection();
3164 ResultSet rs = null;
3166 s = connection.createStatement();
3167 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3168 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3169 +
" types.type_name AS type_name, types.display_name AS display_name, "
3170 +
" arts.review_status_id AS review_status_id "
3171 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3172 +
" WHERE arts.artifact_id = attrs.artifact_id "
3173 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3174 +
" AND LOWER(attrs.value_text) LIKE LOWER('" + valSubStr +
"')"
3175 +
" AND types.artifact_type_id=arts.artifact_type_id "
3177 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3179 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3180 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3184 }
catch (SQLException ex) {
3185 throw new TskCoreException(
"Error getting blackboard artifacts by attribute. " + ex.getMessage(), ex);
3209 CaseDbConnection connection = connections.getConnection();
3212 ResultSet rs = null;
3214 s = connection.createStatement();
3215 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3216 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3217 +
" types.type_name AS type_name, types.display_name AS display_name, "
3218 +
" arts.review_status_id AS review_status_id "
3219 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3220 +
"WHERE arts.artifact_id = attrs.artifact_id "
3221 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3222 +
" AND attrs.value_int32 = " + value
3223 +
" AND types.artifact_type_id=arts.artifact_type_id "
3225 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3227 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3228 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3232 }
catch (SQLException ex) {
3233 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3257 CaseDbConnection connection = connections.getConnection();
3260 ResultSet rs = null;
3262 s = connection.createStatement();
3263 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3264 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3265 +
" types.type_name AS type_name, types.display_name AS display_name, "
3266 +
" arts.review_status_id AS review_status_id "
3267 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3268 +
" WHERE arts.artifact_id = attrs.artifact_id "
3269 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3270 +
" AND attrs.value_int64 = " + value
3271 +
" AND types.artifact_type_id=arts.artifact_type_id "
3273 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3275 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3276 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3280 }
catch (SQLException ex) {
3281 throw new TskCoreException(
"Error getting blackboard artifacts by attribute. " + ex.getMessage(), ex);
3305 CaseDbConnection connection = connections.getConnection();
3308 ResultSet rs = null;
3310 s = connection.createStatement();
3311 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3312 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3313 +
" types.type_name AS type_name, types.display_name AS display_name, "
3314 +
" arts.review_status_id AS review_status_id "
3315 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3316 +
" WHERE arts.artifact_id = attrs.artifact_id "
3317 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3318 +
" AND attrs.value_double = " + value
3319 +
" AND types.artifact_type_id=arts.artifact_type_id "
3321 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3323 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3324 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3328 }
catch (SQLException ex) {
3329 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3353 CaseDbConnection connection = connections.getConnection();
3356 ResultSet rs = null;
3358 s = connection.createStatement();
3359 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3360 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3361 +
" types.type_name AS type_name, types.display_name AS display_name, "
3362 +
" arts.review_status_id AS review_status_id "
3363 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3364 +
" WHERE arts.artifact_id = attrs.artifact_id "
3365 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3366 +
" AND attrs.value_byte = " + value
3367 +
" AND types.artifact_type_id=arts.artifact_type_id "
3369 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3371 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3372 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3376 }
catch (SQLException ex) {
3377 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3394 CaseDbConnection connection = connections.getConnection();
3397 ResultSet rs = null;
3399 s = connection.createStatement();
3400 rs = connection.executeQuery(s,
"SELECT artifact_type_id, type_name, display_name FROM blackboard_artifact_types");
3404 rs.getString(
"type_name"), rs.getString(
"display_name")));
3406 return artifactTypes;
3407 }
catch (SQLException ex) {
3408 throw new TskCoreException(
"Error getting artifact types", ex);
3426 String typeIdList =
"";
3433 String query =
"SELECT DISTINCT artifact_type_id FROM blackboard_artifacts "
3434 +
"WHERE artifact_type_id IN (" + typeIdList +
")";
3435 CaseDbConnection connection = connections.getConnection();
3438 ResultSet rs = null;
3440 s = connection.createStatement();
3441 rs = connection.executeQuery(s, query);
3447 }
catch (SQLException ex) {
3448 throw new TskCoreException(
"Error getting artifact types in use", ex);
3468 CaseDbConnection connection = connections.getConnection();
3471 ResultSet rs = null;
3473 s = connection.createStatement();
3474 rs = connection.executeQuery(s,
3475 "SELECT DISTINCT arts.artifact_type_id AS artifact_type_id, "
3476 +
"types.type_name AS type_name, types.display_name AS display_name "
3477 +
"FROM blackboard_artifact_types AS types "
3478 +
"INNER JOIN blackboard_artifacts AS arts "
3479 +
"ON arts.artifact_type_id = types.artifact_type_id");
3483 rs.getString(
"type_name"), rs.getString(
"display_name")));
3485 return uniqueArtifactTypes;
3486 }
catch (SQLException ex) {
3487 throw new TskCoreException(
"Error getting attribute types", ex);
3504 CaseDbConnection connection = connections.getConnection();
3507 ResultSet rs = null;
3509 s = connection.createStatement();
3510 rs = connection.executeQuery(s,
"SELECT attribute_type_id, type_name, display_name, value_type FROM blackboard_attribute_types");
3516 return attribute_types;
3517 }
catch (SQLException ex) {
3518 throw new TskCoreException(
"Error getting attribute types", ex);
3539 CaseDbConnection connection = connections.getConnection();
3542 ResultSet rs = null;
3544 s = connection.createStatement();
3545 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM blackboard_attribute_types");
3548 count = rs.getInt(
"count");
3551 }
catch (SQLException ex) {
3552 throw new TskCoreException(
"Error getting number of blackboard artifacts by type", ex);
3573 ArrayList<BlackboardArtifact> getArtifactsHelper(String whereClause)
throws TskCoreException {
3574 CaseDbConnection connection = connections.getConnection();
3576 ResultSet rs = null;
3578 Statement statement = connection.createStatement();
3579 String query =
"SELECT blackboard_artifacts.artifact_id AS artifact_id, "
3580 +
"blackboard_artifacts.obj_id AS obj_id, "
3581 +
"blackboard_artifacts.artifact_obj_id AS artifact_obj_id, "
3582 +
"blackboard_artifacts.data_source_obj_id AS data_source_obj_id, "
3583 +
"blackboard_artifact_types.artifact_type_id AS artifact_type_id, "
3584 +
"blackboard_artifact_types.type_name AS type_name, "
3585 +
"blackboard_artifact_types.display_name AS display_name, "
3586 +
"blackboard_artifacts.review_status_id AS review_status_id "
3587 +
"FROM blackboard_artifacts, blackboard_artifact_types "
3588 +
"WHERE blackboard_artifacts.artifact_type_id = blackboard_artifact_types.artifact_type_id "
3590 +
" AND " + whereClause;
3591 rs = connection.executeQuery(statement, query);
3592 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3594 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3595 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3599 }
catch (SQLException ex) {
3600 throw new TskCoreException(
"Error getting or creating a blackboard artifact", ex);
3620 private long getArtifactsCountHelper(
int artifactTypeID,
long obj_id)
throws TskCoreException {
3621 CaseDbConnection connection = connections.getConnection();
3623 ResultSet rs = null;
3626 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_SOURCE_AND_TYPE);
3627 statement.clearParameters();
3628 statement.setLong(1, obj_id);
3629 statement.setInt(2, artifactTypeID);
3630 rs = connection.executeQuery(statement);
3633 count = rs.getLong(
"count");
3636 }
catch (SQLException ex) {
3637 throw new TskCoreException(
"Error getting blackboard artifact count", ex);
3658 return getArtifactsHelper(
"blackboard_artifacts.obj_id = " + obj_id +
" AND blackboard_artifact_types.type_name = '" + artifactTypeName +
"';");
3674 return getArtifactsHelper(
"blackboard_artifacts.obj_id = " + obj_id +
" AND blackboard_artifact_types.artifact_type_id = " + artifactTypeID +
";");
3706 int artifactTypeID = this.
getArtifactType(artifactTypeName).getTypeID();
3707 if (artifactTypeID == -1) {
3710 return getArtifactsCountHelper(artifactTypeID, obj_id);
3726 return getArtifactsCountHelper(artifactTypeID, obj_id);
3742 return getArtifactsCountHelper(artifactType.getTypeID(), obj_id);
3757 return getArtifactsHelper(
"blackboard_artifact_types.type_name = '" + artifactTypeName +
"';");
3772 return getArtifactsHelper(
"blackboard_artifact_types.artifact_type_id = " + artifactType.getTypeID() +
";");
3789 CaseDbConnection connection = connections.getConnection();
3792 ResultSet rs = null;
3794 s = connection.createStatement();
3795 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3796 +
"arts.obj_id AS obj_id, arts.artifact_obj_id as artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3797 +
"types.type_name AS type_name, types.display_name AS display_name,"
3798 +
"arts.review_status_id AS review_status_id "
3799 +
"FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3800 +
"WHERE arts.artifact_id = attrs.artifact_id "
3801 +
"AND attrs.attribute_type_id = " + attrType.getTypeID()
3802 +
" AND arts.artifact_type_id = " + artifactType.getTypeID()
3803 +
" AND attrs.value_text = '" + value +
"'"
3804 +
" AND types.artifact_type_id=arts.artifact_type_id"
3806 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3808 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3809 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3813 }
catch (SQLException ex) {
3814 throw new TskCoreException(
"Error getting blackboard artifacts by artifact type and attribute. " + ex.getMessage(), ex);
3834 CaseDbConnection connection = connections.getConnection();
3836 ResultSet rs = null;
3839 s = connection.createStatement();
3840 rs = connection.executeQuery(s,
"SELECT arts.artifact_id AS artifact_id, "
3841 +
"arts.obj_id AS obj_id, arts.artifact_obj_id as artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3842 +
"types.type_name AS type_name, types.display_name AS display_name,"
3843 +
"arts.review_status_id AS review_status_id "
3844 +
"FROM blackboard_artifacts AS arts, blackboard_artifact_types AS types "
3845 +
"WHERE arts.artifact_id = " + artifactID
3846 +
" AND arts.artifact_type_id = types.artifact_type_id");
3848 return new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3849 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3857 throw new TskCoreException(
"No blackboard artifact with id " + artifactID);
3859 }
catch (SQLException ex) {
3860 throw new TskCoreException(
"Error getting a blackboard artifact. " + ex.getMessage(), ex);
3877 CaseDbConnection connection = connections.getConnection();
3880 addBlackBoardAttribute(attr, artifactTypeId, connection);
3881 }
catch (SQLException ex) {
3882 throw new TskCoreException(
"Error adding blackboard attribute " + attr.toString(), ex);
3899 CaseDbConnection connection = connections.getConnection();
3902 connection.beginTransaction();
3904 addBlackBoardAttribute(attr, artifactTypeId, connection);
3906 connection.commitTransaction();
3907 }
catch (SQLException ex) {
3908 connection.rollbackTransaction();
3909 throw new TskCoreException(
"Error adding blackboard attributes", ex);
3916 private void addBlackBoardAttribute(
BlackboardAttribute attr,
int artifactTypeId, CaseDbConnection connection)
throws SQLException, TskCoreException {
3917 PreparedStatement statement;
3918 switch (attr.getAttributeType().getValueType()) {
3921 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_STRING_ATTRIBUTE);
3922 statement.clearParameters();
3923 statement.setString(7, attr.getValueString());
3926 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_BYTE_ATTRIBUTE);
3927 statement.clearParameters();
3928 statement.setBytes(7, attr.getValueBytes());
3931 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_INT_ATTRIBUTE);
3932 statement.clearParameters();
3933 statement.setInt(7, attr.getValueInt());
3936 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LONG_ATTRIBUTE);
3937 statement.clearParameters();
3938 statement.setLong(7, attr.getValueLong());
3941 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_DOUBLE_ATTRIBUTE);
3942 statement.clearParameters();
3943 statement.setDouble(7, attr.getValueDouble());
3946 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LONG_ATTRIBUTE);
3947 statement.clearParameters();
3948 statement.setLong(7, attr.getValueLong());
3951 throw new TskCoreException(
"Unrecognized artifact attribute value type");
3953 statement.setLong(1, attr.getArtifactID());
3954 statement.setInt(2, artifactTypeId);
3955 statement.setString(3, attr.getSourcesCSV());
3956 statement.setString(4,
"");
3957 statement.setInt(5, attr.getAttributeType().getTypeID());
3958 statement.setLong(6, attr.getAttributeType().getValueType().getType());
3959 connection.executeUpdate(statement);
3972 String addSourceToArtifactAttribute(BlackboardAttribute attr, String source)
throws TskCoreException {
3980 if (null == source || source.isEmpty()) {
3981 throw new TskCoreException(
"Attempt to add null or empty source module name to artifact attribute");
3983 CaseDbConnection connection = connections.getConnection();
3985 Statement queryStmt = null;
3986 Statement updateStmt = null;
3987 ResultSet result = null;
3988 String newSources =
"";
3990 connection.beginTransaction();
3991 String valueClause =
"";
3992 BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType = attr.getAttributeType().getValueType();
3993 if (BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE != valueType) {
3994 switch (valueType) {
4000 valueClause =
" value_int32 = " + attr.getValueInt();
4004 valueClause =
" value_int64 = " + attr.getValueLong();
4007 valueClause =
" value_double = " + attr.getValueDouble();
4010 throw new TskCoreException(String.format(
"Unrecognized value type for attribute %s", attr.getDisplayString()));
4012 String query =
"SELECT source FROM blackboard_attributes WHERE"
4013 +
" artifact_id = " + attr.getArtifactID()
4014 +
" AND attribute_type_id = " + attr.getAttributeType().getTypeID()
4015 +
" AND value_type = " + attr.getAttributeType().getValueType().getType()
4016 +
" AND " + valueClause +
";";
4017 queryStmt = connection.createStatement();
4018 updateStmt = connection.createStatement();
4019 result = connection.executeQuery(queryStmt, query);
4026 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ATTR_BY_VALUE_BYTE);
4027 statement.clearParameters();
4028 statement.setLong(1, attr.getArtifactID());
4029 statement.setLong(2, attr.getAttributeType().getTypeID());
4030 statement.setBytes(3, attr.getValueBytes());
4031 result = connection.executeQuery(statement);
4033 while (result.next()) {
4034 String oldSources = result.getString(
"source");
4035 if (null != oldSources && !oldSources.isEmpty()) {
4036 Set<String> uniqueSources =
new HashSet<String>(Arrays.asList(oldSources.split(
",")));
4037 if (!uniqueSources.contains(source)) {
4038 newSources = oldSources +
"," + source;
4040 newSources = oldSources;
4043 newSources = source;
4045 if (BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE != valueType) {
4046 String update =
"UPDATE blackboard_attributes SET source = '" + newSources +
"' WHERE"
4047 +
" artifact_id = " + attr.getArtifactID()
4048 +
" AND attribute_type_id = " + attr.getAttributeType().getTypeID()
4049 +
" AND value_type = " + attr.getAttributeType().getValueType().getType()
4050 +
" AND " + valueClause +
";";
4051 connection.executeUpdate(updateStmt, update);
4058 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_ATTR_BY_VALUE_BYTE);
4059 statement.clearParameters();
4060 statement.setString(1, newSources);
4061 statement.setLong(2, attr.getArtifactID());
4062 statement.setLong(3, attr.getAttributeType().getTypeID());
4063 statement.setBytes(4, attr.getValueBytes());
4064 connection.executeUpdate(statement);
4067 connection.commitTransaction();
4069 }
catch (SQLException ex) {
4070 connection.rollbackTransaction();
4071 throw new TskCoreException(String.format(
"Error adding source module to attribute %s", attr.getDisplayString()), ex);
4073 closeResultSet(result);
4074 closeStatement(updateStmt);
4075 closeStatement(queryStmt);
4096 CaseDbConnection connection = connections.getConnection();
4099 ResultSet rs = null;
4101 connection.beginTransaction();
4102 s = connection.createStatement();
4103 rs = connection.executeQuery(s,
"SELECT attribute_type_id FROM blackboard_attribute_types WHERE type_name = '" + attrTypeString +
"'");
4106 rs = connection.executeQuery(s,
"SELECT MAX(attribute_type_id) AS highest_id FROM blackboard_attribute_types");
4109 maxID = rs.getInt(
"highest_id");
4110 if (maxID < MIN_USER_DEFINED_TYPE_ID) {
4111 maxID = MIN_USER_DEFINED_TYPE_ID;
4116 connection.executeUpdate(s,
"INSERT INTO blackboard_attribute_types (attribute_type_id, type_name, display_name, value_type) VALUES ('" + maxID +
"', '" + attrTypeString +
"', '" + displayName +
"', '" + valueType.getType() +
"')");
4118 this.typeIdToAttributeTypeMap.put(type.getTypeID(), type);
4119 this.typeNameToAttributeTypeMap.put(type.getTypeName(), type);
4120 connection.commitTransaction();
4123 throw new TskDataException(
"The attribute type that was added was already within the system.");
4126 }
catch (SQLException ex) {
4127 connection.rollbackTransaction();
4128 throw new TskCoreException(
"Error adding attribute type", ex);
4148 if (this.typeNameToAttributeTypeMap.containsKey(attrTypeName)) {
4149 return this.typeNameToAttributeTypeMap.get(attrTypeName);
4151 CaseDbConnection connection = connections.getConnection();
4154 ResultSet rs = null;
4156 s = connection.createStatement();
4157 rs = connection.executeQuery(s,
"SELECT attribute_type_id, type_name, display_name, value_type FROM blackboard_attribute_types WHERE type_name = '" + attrTypeName +
"'");
4162 this.typeIdToAttributeTypeMap.put(type.getTypeID(), type);
4163 this.typeNameToAttributeTypeMap.put(attrTypeName, type);
4166 }
catch (SQLException ex) {
4167 throw new TskCoreException(
"Error getting attribute type id", ex);
4187 if (this.typeIdToAttributeTypeMap.containsKey(typeID)) {
4188 return this.typeIdToAttributeTypeMap.get(typeID);
4190 CaseDbConnection connection = connections.getConnection();
4193 ResultSet rs = null;
4195 s = connection.createStatement();
4196 rs = connection.executeQuery(s,
"SELECT attribute_type_id, type_name, display_name, value_type FROM blackboard_attribute_types WHERE attribute_type_id = " + typeID +
"");
4197 BlackboardAttribute.Type type = null;
4199 type =
new BlackboardAttribute.Type(rs.getInt(
"attribute_type_id"), rs.getString(
"type_name"),
4200 rs.getString(
"display_name"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(rs.getLong(
"value_type")));
4201 this.typeIdToAttributeTypeMap.put(typeID, type);
4202 this.typeNameToAttributeTypeMap.put(type.getTypeName(), type);
4205 }
catch (SQLException ex) {
4206 throw new TskCoreException(
"Error getting attribute type id", ex);
4226 if (this.typeNameToArtifactTypeMap.containsKey(artTypeName)) {
4227 return this.typeNameToArtifactTypeMap.get(artTypeName);
4229 CaseDbConnection connection = connections.getConnection();
4232 ResultSet rs = null;
4234 s = connection.createStatement();
4235 rs = connection.executeQuery(s,
"SELECT artifact_type_id, type_name, display_name FROM blackboard_artifact_types WHERE type_name = '" + artTypeName +
"'");
4239 rs.getString(
"type_name"), rs.getString(
"display_name"));
4240 this.typeIdToArtifactTypeMap.put(type.getTypeID(), type);
4241 this.typeNameToArtifactTypeMap.put(artTypeName, type);
4244 }
catch (SQLException ex) {
4245 throw new TskCoreException(
"Error getting artifact type from the database", ex);
4265 if (this.typeIdToArtifactTypeMap.containsKey(artTypeId)) {
4266 return typeIdToArtifactTypeMap.get(artTypeId);
4268 CaseDbConnection connection = connections.getConnection();
4271 ResultSet rs = null;
4273 s = connection.createStatement();
4274 rs = connection.executeQuery(s,
"SELECT artifact_type_id, type_name, display_name FROM blackboard_artifact_types WHERE artifact_type_id = " + artTypeId +
"");
4275 BlackboardArtifact.Type type = null;
4277 type =
new BlackboardArtifact.Type(rs.getInt(
"artifact_type_id"),
4278 rs.getString(
"type_name"), rs.getString(
"display_name"));
4279 this.typeIdToArtifactTypeMap.put(artTypeId, type);
4280 this.typeNameToArtifactTypeMap.put(type.getTypeName(), type);
4283 }
catch (SQLException ex) {
4284 throw new TskCoreException(
"Error getting artifact type from the database", ex);
4306 CaseDbConnection connection = connections.getConnection();
4309 ResultSet rs = null;
4311 connection.beginTransaction();
4312 s = connection.createStatement();
4313 rs = connection.executeQuery(s,
"SELECT artifact_type_id FROM blackboard_artifact_types WHERE type_name = '" + artifactTypeName +
"'");
4316 rs = connection.executeQuery(s,
"SELECT MAX(artifact_type_id) AS highest_id FROM blackboard_artifact_types");
4319 maxID = rs.getInt(
"highest_id");
4320 if (maxID < MIN_USER_DEFINED_TYPE_ID) {
4321 maxID = MIN_USER_DEFINED_TYPE_ID;
4326 connection.executeUpdate(s,
"INSERT INTO blackboard_artifact_types (artifact_type_id, type_name, display_name) VALUES ('" + maxID +
"', '" + artifactTypeName +
"', '" + displayName +
"')");
4328 this.typeIdToArtifactTypeMap.put(type.getTypeID(), type);
4329 this.typeNameToArtifactTypeMap.put(type.getTypeName(), type);
4330 connection.commitTransaction();
4333 throw new TskDataException(
"The attribute type that was added was already within the system.");
4335 }
catch (SQLException ex) {
4336 connection.rollbackTransaction();
4337 throw new TskCoreException(
"Error adding artifact type", ex);
4347 CaseDbConnection connection = connections.getConnection();
4349 ResultSet rs = null;
4351 Statement statement = connection.createStatement();
4352 rs = connection.executeQuery(statement,
"SELECT attrs.artifact_id AS artifact_id, "
4353 +
"attrs.source AS source, attrs.context AS context, attrs.attribute_type_id AS attribute_type_id, "
4354 +
"attrs.value_type AS value_type, attrs.value_byte AS value_byte, "
4355 +
"attrs.value_text AS value_text, attrs.value_int32 AS value_int32, "
4356 +
"attrs.value_int64 AS value_int64, attrs.value_double AS value_double, "
4357 +
"types.type_name AS type_name, types.display_name AS display_name "
4358 +
"FROM blackboard_attributes AS attrs, blackboard_attribute_types AS types WHERE attrs.artifact_id = " + artifact.getArtifactID()
4359 +
" AND attrs.attribute_type_id = types.attribute_type_id");
4360 ArrayList<BlackboardAttribute> attributes =
new ArrayList<BlackboardAttribute>();
4362 int attributeTypeId = rs.getInt(
"attribute_type_id");
4363 String attributeTypeName = rs.getString(
"type_name");
4365 if (this.typeIdToAttributeTypeMap.containsKey(attributeTypeId)) {
4366 attributeType = this.typeIdToAttributeTypeMap.get(attributeTypeId);
4369 rs.getString(
"display_name"),
4371 this.typeIdToAttributeTypeMap.put(attributeTypeId, attributeType);
4372 this.typeNameToAttributeTypeMap.put(attributeTypeName, attributeType);
4376 rs.getLong(
"artifact_id"),
4378 rs.getString(
"source"),
4379 rs.getString(
"context"),
4380 rs.getInt(
"value_int32"),
4381 rs.getLong(
"value_int64"),
4382 rs.getDouble(
"value_double"),
4383 rs.getString(
"value_text"),
4384 rs.getBytes(
"value_byte"), this
4386 attributes.add(attr);
4389 }
catch (SQLException ex) {
4390 throw new TskCoreException(
"Error getting attributes for artifact, artifact id = " + artifact.getArtifactID(), ex);
4411 CaseDbConnection connection = connections.getConnection();
4414 ResultSet rs = null;
4416 s = connection.createStatement();
4417 rs = connection.executeQuery(s,
"SELECT blackboard_attributes.artifact_id AS artifact_id, "
4418 +
"blackboard_attributes.source AS source, blackboard_attributes.context AS context, "
4419 +
"blackboard_attributes.attribute_type_id AS attribute_type_id, "
4420 +
"blackboard_attributes.value_type AS value_type, blackboard_attributes.value_byte AS value_byte, "
4421 +
"blackboard_attributes.value_text AS value_text, blackboard_attributes.value_int32 AS value_int32, "
4422 +
"blackboard_attributes.value_int64 AS value_int64, blackboard_attributes.value_double AS value_double "
4423 +
"FROM blackboard_attributes " + whereClause);
4424 ArrayList<BlackboardAttribute> matches =
new ArrayList<BlackboardAttribute>();
4430 rs.getLong(
"artifact_id"),
4432 rs.getString(
"source"),
4433 rs.getString(
"context"),
4434 rs.getInt(
"value_int32"),
4435 rs.getLong(
"value_int64"),
4436 rs.getDouble(
"value_double"),
4437 rs.getString(
"value_text"),
4438 rs.getBytes(
"value_byte"), this
4443 }
catch (SQLException ex) {
4444 throw new TskCoreException(
"Error getting attributes using this where clause: " + whereClause, ex);
4465 CaseDbConnection connection = connections.getConnection();
4467 ResultSet rs = null;
4470 s = connection.createStatement();
4471 rs = connection.executeQuery(s,
"SELECT blackboard_artifacts.artifact_id AS artifact_id, "
4472 +
"blackboard_artifacts.obj_id AS obj_id, blackboard_artifacts.artifact_obj_id AS artifact_obj_id, blackboard_artifacts.data_source_obj_id AS data_source_obj_id, blackboard_artifacts.artifact_type_id AS artifact_type_id, "
4473 +
"blackboard_artifacts.review_status_id AS review_status_id "
4474 +
"FROM blackboard_artifacts " + whereClause);
4475 ArrayList<BlackboardArtifact> matches =
new ArrayList<BlackboardArtifact>();
4481 type.getTypeID(), type.getTypeName(), type.getDisplayName(),
4483 matches.add(artifact);
4486 }
catch (SQLException ex) {
4487 throw new TskCoreException(
"Error getting attributes using this where clause: " + whereClause, ex);
4526 return newBlackboardArtifact(artifactType.getTypeID(), obj_id, artifactType.getLabel(), artifactType.getDisplayName());
4543 return newBlackboardArtifact(artifactTypeID, obj_id, type.getTypeName(), type.getDisplayName(), data_source_obj_id);
4546 private BlackboardArtifact
newBlackboardArtifact(
int artifact_type_id,
long obj_id, String artifactTypeName, String artifactDisplayName)
throws TskCoreException {
4547 try (CaseDbConnection connection = connections.getConnection()) {
4548 long data_source_obj_id = getDataSourceObjectId(connection, obj_id);
4549 return this.
newBlackboardArtifact(artifact_type_id, obj_id, artifactTypeName, artifactDisplayName, data_source_obj_id);
4553 private BlackboardArtifact
newBlackboardArtifact(
int artifact_type_id,
long obj_id, String artifactTypeName, String artifactDisplayName,
long data_source_obj_id)
throws TskCoreException {
4555 try (CaseDbConnection connection = connections.getConnection()) {
4556 long artifact_obj_id = addObject(obj_id, TskData.ObjectType.ARTIFACT.getObjectType(), connection);
4557 PreparedStatement statement = null;
4559 statement = connection.getPreparedStatement(PREPARED_STATEMENT.POSTGRESQL_INSERT_ARTIFACT, Statement.RETURN_GENERATED_KEYS);
4560 statement.clearParameters();
4561 statement.setLong(1, obj_id);
4562 statement.setLong(2, artifact_obj_id);
4563 statement.setLong(3, data_source_obj_id);
4564 statement.setInt(4, artifact_type_id);
4567 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_ARTIFACT, Statement.RETURN_GENERATED_KEYS);
4568 statement.clearParameters();
4569 this.nextArtifactId++;
4570 statement.setLong(1, this.nextArtifactId);
4571 statement.setLong(2, obj_id);
4572 statement.setLong(3, artifact_obj_id);
4573 statement.setLong(4, data_source_obj_id);
4574 statement.setInt(5, artifact_type_id);
4577 connection.executeUpdate(statement);
4578 try (ResultSet resultSet = statement.getGeneratedKeys()) {
4580 return new BlackboardArtifact(
this, resultSet.getLong(1),
4581 obj_id, artifact_obj_id, data_source_obj_id, artifact_type_id, artifactTypeName, artifactDisplayName, BlackboardArtifact.ReviewStatus.UNDECIDED,
true);
4583 }
catch (SQLException ex) {
4584 throw new TskCoreException(
"Error creating a blackboard artifact", ex);
4602 boolean getContentHasChildren(Content content)
throws TskCoreException {
4603 CaseDbConnection connection = connections.getConnection();
4605 ResultSet rs = null;
4608 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CHILD_OBJECTS_BY_PARENT);
4609 statement.clearParameters();
4610 statement.setLong(1, content.getId());
4611 rs = connection.executeQuery(statement);
4612 boolean hasChildren =
false;
4614 hasChildren = rs.getInt(
"count") > 0;
4617 }
catch (SQLException e) {
4618 throw new TskCoreException(
"Error checking for children of parent " + content, e);
4638 int getContentChildrenCount(Content content)
throws TskCoreException {
4640 if (!this.getHasChildren(content)) {
4644 CaseDbConnection connection = connections.getConnection();
4646 ResultSet rs = null;
4649 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CHILD_OBJECTS_BY_PARENT);
4650 statement.clearParameters();
4651 statement.setLong(1, content.getId());
4652 rs = connection.executeQuery(statement);
4653 int countChildren = -1;
4655 countChildren = rs.getInt(
"count");
4657 return countChildren;
4658 }
catch (SQLException e) {
4659 throw new TskCoreException(
"Error checking for children of parent " + content, e);
4678 List<Content> getAbstractFileChildren(Content parent, TSK_DB_FILES_TYPE_ENUM type)
throws TskCoreException {
4679 CaseDbConnection connection = connections.getConnection();
4681 ResultSet rs = null;
4683 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_PARENT_AND_TYPE);
4684 statement.clearParameters();
4685 long parentId = parent.getId();
4686 statement.setLong(1, parentId);
4687 statement.setShort(2, type.getFileType());
4688 rs = connection.executeQuery(statement);
4689 return fileChildren(rs, connection, parentId);
4690 }
catch (SQLException ex) {
4691 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4708 List<Content> getAbstractFileChildren(Content parent)
throws TskCoreException {
4709 CaseDbConnection connection = connections.getConnection();
4711 ResultSet rs = null;
4713 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_PARENT);
4714 statement.clearParameters();
4715 long parentId = parent.getId();
4716 statement.setLong(1, parentId);
4717 rs = connection.executeQuery(statement);
4718 return fileChildren(rs, connection, parentId);
4719 }
catch (SQLException ex) {
4720 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4739 List<Long> getAbstractFileChildrenIds(Content parent, TSK_DB_FILES_TYPE_ENUM type)
throws TskCoreException {
4740 CaseDbConnection connection = connections.getConnection();
4742 ResultSet rs = null;
4744 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_IDS_BY_PARENT_AND_TYPE);
4745 statement.clearParameters();
4746 statement.setLong(1, parent.getId());
4747 statement.setShort(2, type.getFileType());
4748 rs = connection.executeQuery(statement);
4749 List<Long> children =
new ArrayList<Long>();
4751 children.add(rs.getLong(
"obj_id"));
4754 }
catch (SQLException ex) {
4755 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4772 List<Long> getAbstractFileChildrenIds(Content parent)
throws TskCoreException {
4773 CaseDbConnection connection = connections.getConnection();
4775 ResultSet rs = null;
4777 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_IDS_BY_PARENT);
4778 statement.clearParameters();
4779 statement.setLong(1, parent.getId());
4780 rs = connection.executeQuery(statement);
4781 List<Long> children =
new ArrayList<Long>();
4783 children.add(rs.getLong(
"obj_id"));
4786 }
catch (SQLException ex) {
4787 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4805 List<Long> getBlackboardArtifactChildrenIds(Content parent)
throws TskCoreException {
4806 CaseDbConnection connection = connections.getConnection();
4808 ResultSet rs = null;
4810 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_OBJECTIDS_BY_PARENT);
4811 statement.clearParameters();
4812 statement.setLong(1, parent.getId());
4813 rs = connection.executeQuery(statement);
4814 List<Long> children =
new ArrayList<Long>();
4816 children.add(rs.getLong(
"obj_id"));
4819 }
catch (SQLException ex) {
4820 throw new TskCoreException(
"Error getting children for BlackboardArtifact", ex);
4837 List<Content> getBlackboardArtifactChildren(Content parent)
throws TskCoreException {
4839 long parentId = parent.getId();
4840 ArrayList<BlackboardArtifact> artsArray = getArtifactsHelper(
"blackboard_artifacts.obj_id = " + parentId +
";");
4842 List<Content> lc =
new ArrayList<Content>();
4843 lc.addAll(artsArray);
4855 Collection<ObjectInfo> getChildrenInfo(Content c)
throws TskCoreException {
4856 CaseDbConnection connection = connections.getConnection();
4859 ResultSet rs = null;
4861 s = connection.createStatement();
4862 rs = connection.executeQuery(s,
"SELECT tsk_objects.obj_id AS obj_id, tsk_objects.type AS type "
4863 +
"FROM tsk_objects LEFT JOIN tsk_files "
4864 +
"ON tsk_objects.obj_id = tsk_files.obj_id "
4865 +
"WHERE tsk_objects.par_obj_id = " + c.getId()
4866 +
" ORDER BY tsk_objects.obj_id");
4867 Collection<ObjectInfo> infos =
new ArrayList<ObjectInfo>();
4869 infos.add(
new ObjectInfo(rs.getLong(
"obj_id"), ObjectType.valueOf(rs.getShort(
"type"))));
4872 }
catch (SQLException ex) {
4873 throw new TskCoreException(
"Error getting Children Info for Content", ex);
4892 ObjectInfo getParentInfo(Content c)
throws TskCoreException {
4893 return getParentInfo(c.getId());
4906 ObjectInfo getParentInfo(
long contentId)
throws TskCoreException {
4907 CaseDbConnection connection = connections.getConnection();
4910 ResultSet rs = null;
4912 s = connection.createStatement();
4913 rs = connection.executeQuery(s,
"SELECT parent.obj_id AS obj_id, parent.type AS type "
4914 +
"FROM tsk_objects AS parent INNER JOIN tsk_objects AS child "
4915 +
"ON child.par_obj_id = parent.obj_id "
4916 +
"WHERE child.obj_id = " + contentId);
4918 return new ObjectInfo(rs.getLong(
"obj_id"), ObjectType.valueOf(rs.getShort(
"type")));
4922 }
catch (SQLException ex) {
4923 throw new TskCoreException(
"Error getting Parent Info for Content: " + contentId, ex);
4942 Directory getParentDirectory(FsContent fsc)
throws TskCoreException {
4947 ObjectInfo parentInfo = getParentInfo(fsc);
4948 if (parentInfo == null) {
4951 Directory parent = null;
4952 if (parentInfo.type == ObjectType.ABSTRACTFILE) {
4953 parent = getDirectoryById(parentInfo.id, fsc.getFileSystem());
4955 throw new TskCoreException(
"Parent of FsContent (id: " + fsc.getId() +
") has wrong type to be directory: " + parentInfo.type);
4974 Content content = frequentlyUsedContentMap.get(
id);
4975 if (null != content) {
4979 CaseDbConnection connection = connections.getConnection();
4982 ResultSet rs = null;
4987 s = connection.createStatement();
4988 rs = connection.executeQuery(s,
"SELECT * FROM tsk_objects WHERE obj_id = " +
id +
" LIMIT 1");
4992 parentId = rs.getLong(
"par_obj_id");
4994 }
catch (SQLException ex) {
4995 throw new TskCoreException(
"Error getting Content by ID.", ex);
5007 frequentlyUsedContentMap.put(
id, content);
5010 content = getVolumeSystemById(
id, parentId);
5013 content = getVolumeById(
id, parentId);
5014 frequentlyUsedContentMap.put(
id, content);
5017 content = getPoolById(
id, parentId);
5020 content = getFileSystemById(
id, parentId);
5021 frequentlyUsedContentMap.put(
id, content);
5032 frequentlyUsedContentMap.put(
id, content);
5042 throw new TskCoreException(
"Could not obtain Content object with ID: " +
id);
5055 String getFilePath(
long id) {
5056 CaseDbConnection connection;
5058 connection = connections.getConnection();
5059 }
catch (TskCoreException ex) {
5060 logger.log(Level.SEVERE,
"Error getting file path for file " +
id, ex);
5063 String filePath = null;
5065 ResultSet rs = null;
5067 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_LOCAL_PATH_FOR_FILE);
5068 statement.clearParameters();
5069 statement.setLong(1,
id);
5070 rs = connection.executeQuery(statement);
5072 filePath = rs.getString(
"path");
5074 }
catch (SQLException ex) {
5075 logger.log(Level.SEVERE,
"Error getting file path for file " +
id, ex);
5091 TskData.EncodingType getEncodingType(
long id) {
5092 CaseDbConnection connection;
5094 connection = connections.getConnection();
5095 }
catch (TskCoreException ex) {
5096 logger.log(Level.SEVERE,
"Error getting file path for file " +
id, ex);
5099 TskData.EncodingType type = TskData.EncodingType.NONE;
5101 ResultSet rs = null;
5103 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ENCODING_FOR_FILE);
5104 statement.clearParameters();
5105 statement.setLong(1,
id);
5106 rs = connection.executeQuery(statement);
5108 type = TskData.EncodingType.valueOf(rs.getInt(1));
5110 }
catch (SQLException ex) {
5111 logger.log(Level.SEVERE,
"Error getting encoding type for file " +
id, ex);
5128 String getFileParentPath(
long objectId, CaseDbConnection connection) {
5129 String parentPath = null;
5131 ResultSet rs = null;
5133 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_PATH_FOR_FILE);
5134 statement.clearParameters();
5135 statement.setLong(1, objectId);
5136 rs = connection.executeQuery(statement);
5138 parentPath = rs.getString(
"parent_path");
5140 }
catch (SQLException ex) {
5141 logger.log(Level.SEVERE,
"Error getting file parent_path for file " + objectId, ex);
5157 String getFileName(
long objectId, CaseDbConnection connection) {
5158 String fileName = null;
5160 ResultSet rs = null;
5162 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_NAME);
5163 statement.clearParameters();
5164 statement.setLong(1, objectId);
5165 rs = connection.executeQuery(statement);
5167 fileName = rs.getString(
"name");
5169 }
catch (SQLException ex) {
5170 logger.log(Level.SEVERE,
"Error getting file parent_path for file " + objectId, ex);
5188 DerivedFile.DerivedMethod getDerivedMethod(
long id)
throws TskCoreException {
5189 CaseDbConnection connection = connections.getConnection();
5190 DerivedFile.DerivedMethod method = null;
5192 ResultSet rs1 = null;
5193 ResultSet rs2 = null;
5195 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_DERIVED_FILE);
5196 statement.clearParameters();
5197 statement.setLong(1,
id);
5198 rs1 = connection.executeQuery(statement);
5200 int method_id = rs1.getInt(
"derived_id");
5201 String rederive = rs1.getString(
"rederive");
5202 method =
new DerivedFile.DerivedMethod(method_id, rederive);
5203 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_DERIVATION_METHOD);
5204 statement.clearParameters();
5205 statement.setInt(1, method_id);
5206 rs2 = connection.executeQuery(statement);
5208 method.setToolName(rs2.getString(
"tool_name"));
5209 method.setToolVersion(rs2.getString(
"tool_version"));
5210 method.setOther(rs2.getString(
"other"));
5213 }
catch (SQLException e) {
5214 logger.log(Level.SEVERE,
"Error getting derived method for file: " +
id, e);
5216 closeResultSet(rs2);
5217 closeResultSet(rs1);
5235 CaseDbConnection connection = connections.getConnection();
5257 ResultSet rs = null;
5259 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_BY_ID);
5260 statement.clearParameters();
5261 statement.setLong(1, objectId);
5262 rs = connection.executeQuery(statement);
5263 List<AbstractFile> files = resultSetToAbstractFiles(rs, connection);
5264 if (files.size() > 0) {
5265 return files.get(0);
5269 }
catch (SQLException ex) {
5270 throw new TskCoreException(
"Error getting file by id, id = " + objectId, ex);
5288 CaseDbConnection connection = connections.getConnection();
5290 ResultSet rs = null;
5292 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_BY_ARTIFACT_OBJ_ID);
5293 statement.clearParameters();
5294 statement.setLong(1,
id);
5295 rs = connection.executeQuery(statement);
5296 List<BlackboardArtifact> artifacts = resultSetToArtifacts(rs);
5297 if (artifacts.size() > 0) {
5298 return artifacts.get(0);
5302 }
catch (SQLException ex) {
5303 throw new TskCoreException(
"Error getting artifacts by artifact_obj_id, artifact_obj_id = " +
id, ex);
5322 CaseDbConnection connection = connections.getConnection();
5324 ResultSet rs = null;
5326 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_BY_ARTIFACT_ID);
5327 statement.clearParameters();
5328 statement.setLong(1,
id);
5329 rs = connection.executeQuery(statement);
5330 List<BlackboardArtifact> artifacts = resultSetToArtifacts(rs);
5331 if (artifacts.size() > 0) {
5332 return artifacts.get(0);
5336 }
catch (SQLException ex) {
5337 throw new TskCoreException(
"Error getting artifacts by artifact id, artifact id = " +
id, ex);
5357 private long getFileSystemId(
long fileId, CaseDbConnection connection) {
5359 ResultSet rs = null;
5362 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_SYSTEM_BY_OBJECT);
5363 statement.clearParameters();
5364 statement.setLong(1, fileId);
5365 rs = connection.executeQuery(statement);
5367 ret = rs.getLong(
"fs_obj_id");
5372 }
catch (SQLException e) {
5373 logger.log(Level.SEVERE,
"Error checking file system id of a file, id = " + fileId, e);
5393 String query = String.format(
"SELECT COUNT(*) AS count FROM tsk_files WHERE obj_id = %d AND data_source_obj_id = %d", fileId, dataSource.getId());
5394 CaseDbConnection connection = connections.getConnection();
5396 Statement statement = null;
5397 ResultSet resultSet = null;
5399 statement = connection.createStatement();
5400 resultSet = connection.executeQuery(statement, query);
5402 return (resultSet.getLong(
"count") > 0L);
5403 }
catch (SQLException ex) {
5404 throw new TskCoreException(String.format(
"Error executing query %s", query), ex);
5406 closeResultSet(resultSet);
5407 closeStatement(statement);
5424 public List<AbstractFile>
findFiles(
Content dataSource, String fileName)
throws TskCoreException {
5425 List<AbstractFile> files =
new ArrayList<AbstractFile>();
5426 CaseDbConnection connection = connections.getConnection();
5428 ResultSet resultSet = null;
5430 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_NAME);
5431 statement.clearParameters();
5432 statement.setString(1, fileName.toLowerCase());
5433 statement.setLong(2, dataSource.getId());
5434 resultSet = connection.executeQuery(statement);
5435 files.addAll(resultSetToAbstractFiles(resultSet, connection));
5436 }
catch (SQLException e) {
5437 throw new TskCoreException(bundle.getString(
"SleuthkitCase.findFiles.exception.msg3.text"), e);
5439 closeResultSet(resultSet);
5459 public List<AbstractFile>
findFiles(
Content dataSource, String fileName, String dirSubString)
throws TskCoreException {
5460 List<AbstractFile> files =
new ArrayList<AbstractFile>();
5461 CaseDbConnection connection = connections.getConnection();
5463 ResultSet resultSet = null;
5465 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_PARENT_PATH_AND_NAME);
5466 statement.clearParameters();
5467 statement.setString(1, fileName.toLowerCase());
5468 statement.setString(2,
"%" + dirSubString.toLowerCase() +
"%");
5469 statement.setLong(3, dataSource.getId());
5470 resultSet = connection.executeQuery(statement);
5471 files.addAll(resultSetToAbstractFiles(resultSet, connection));
5472 }
catch (SQLException e) {
5473 throw new TskCoreException(bundle.getString(
"SleuthkitCase.findFiles3.exception.msg3.text"), e);
5475 closeResultSet(resultSet);
5501 if (null != localTrans) {
5504 }
catch (TskCoreException ex2) {
5505 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
5523 long addObject(
long parentId,
int objectType, CaseDbConnection connection)
throws SQLException {
5524 ResultSet resultSet = null;
5528 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_OBJECT, Statement.RETURN_GENERATED_KEYS);
5529 statement.clearParameters();
5530 if (parentId != 0) {
5531 statement.setLong(1, parentId);
5533 statement.setNull(1, java.sql.Types.BIGINT);
5535 statement.setInt(2, objectType);
5536 connection.executeUpdate(statement);
5537 resultSet = statement.getGeneratedKeys();
5539 if (resultSet.next()) {
5540 if (parentId != 0) {
5541 setHasChildren(parentId);
5543 return resultSet.getLong(1);
5545 throw new SQLException(
"Error inserting object with parent " + parentId +
" into tsk_objects");
5548 closeResultSet(resultSet);
5571 if (transaction == null) {
5572 throw new TskCoreException(
"Passed null CaseDbTransaction");
5575 ResultSet resultSet = null;
5578 CaseDbConnection connection = transaction.getConnection();
5583 if (isRootDirectory((AbstractFile) parent, transaction)) {
5586 parentPath = ((AbstractFile) parent).getParentPath() + parent.
getName() +
"/";
5600 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
5601 statement.clearParameters();
5602 statement.setLong(1, newObjId);
5605 if (0 != parentId) {
5606 long parentFs = this.getFileSystemId(parentId, connection);
5607 if (parentFs != -1) {
5608 statement.setLong(2, parentFs);
5610 statement.setNull(2, java.sql.Types.BIGINT);
5613 statement.setNull(2, java.sql.Types.BIGINT);
5617 statement.setString(3, directoryName);
5621 statement.setShort(5, (
short) 1);
5625 statement.setShort(6, dirType.
getValue());
5627 statement.setShort(7, metaType.
getValue());
5631 statement.setShort(8, dirFlag.
getValue());
5634 statement.setShort(9, metaFlags);
5637 statement.setLong(10, 0);
5640 statement.setNull(11, java.sql.Types.BIGINT);
5641 statement.setNull(12, java.sql.Types.BIGINT);
5642 statement.setNull(13, java.sql.Types.BIGINT);
5643 statement.setNull(14, java.sql.Types.BIGINT);
5645 statement.setNull(15, java.sql.Types.VARCHAR);
5647 statement.setNull(17, java.sql.Types.VARCHAR);
5650 statement.setString(18, parentPath);
5653 long dataSourceObjectId;
5654 if (0 == parentId) {
5655 dataSourceObjectId = newObjId;
5657 dataSourceObjectId = getDataSourceObjectId(connection, parentId);
5659 statement.setLong(19, dataSourceObjectId);
5662 statement.setString(20, null);
5663 connection.executeUpdate(statement);
5665 return new VirtualDirectory(
this, newObjId, dataSourceObjectId, directoryName, dirType,
5668 }
catch (SQLException e) {
5669 throw new TskCoreException(
"Error creating virtual directory '" + directoryName +
"'", e);
5671 closeResultSet(resultSet);
5693 }
catch (TskCoreException ex) {
5696 }
catch (TskCoreException ex2) {
5697 logger.log(Level.SEVERE, String.format(
"Failed to rollback transaction after exception: %s", ex.getMessage()), ex2);
5721 if (transaction == null) {
5722 throw new TskCoreException(
"Passed null CaseDbTransaction");
5725 ResultSet resultSet = null;
5728 CaseDbConnection connection = transaction.getConnection();
5731 if ((parent == null) || isRootDirectory(parent, transaction)) {
5744 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
5745 statement.clearParameters();
5746 statement.setLong(1, newObjId);
5749 statement.setNull(2, java.sql.Types.BIGINT);
5752 statement.setString(3, directoryName);
5756 statement.setShort(5, (
short) 1);
5760 statement.setShort(6, dirType.
getValue());
5762 statement.setShort(7, metaType.
getValue());
5766 statement.setShort(8, dirFlag.
getValue());
5769 statement.setShort(9, metaFlags);
5772 statement.setLong(10, 0);
5775 statement.setNull(11, java.sql.Types.BIGINT);
5776 statement.setNull(12, java.sql.Types.BIGINT);
5777 statement.setNull(13, java.sql.Types.BIGINT);
5778 statement.setNull(14, java.sql.Types.BIGINT);
5780 statement.setNull(15, java.sql.Types.VARCHAR);
5782 statement.setNull(17, java.sql.Types.VARCHAR);
5785 statement.setString(18, parentPath);
5788 long dataSourceObjectId = getDataSourceObjectId(connection, parentId);
5789 statement.setLong(19, dataSourceObjectId);
5792 statement.setString(20, null);
5794 connection.executeUpdate(statement);
5796 return new LocalDirectory(
this, newObjId, dataSourceObjectId, directoryName, dirType,
5799 }
catch (SQLException e) {
5800 throw new TskCoreException(
"Error creating local directory '" + directoryName +
"'", e);
5802 closeResultSet(resultSet);
5827 Statement statement = null;
5831 CaseDbConnection connection = transaction.getConnection();
5836 statement = connection.createStatement();
5837 statement.executeUpdate(
"INSERT INTO data_source_info (obj_id, device_id, time_zone) "
5838 +
"VALUES(" + newObjId +
", '" + deviceId +
"', '" + timeZone +
"');");
5847 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
5848 preparedStatement.clearParameters();
5849 preparedStatement.setLong(1, newObjId);
5850 preparedStatement.setNull(2, java.sql.Types.BIGINT);
5851 preparedStatement.setString(3, rootDirectoryName);
5853 preparedStatement.setShort(5, (
short) 1);
5857 preparedStatement.setShort(7, metaType.
getValue());
5859 preparedStatement.setShort(8, dirFlag.
getValue());
5862 preparedStatement.setShort(9, metaFlags);
5863 preparedStatement.setLong(10, 0);
5864 preparedStatement.setNull(11, java.sql.Types.BIGINT);
5865 preparedStatement.setNull(12, java.sql.Types.BIGINT);
5866 preparedStatement.setNull(13, java.sql.Types.BIGINT);
5867 preparedStatement.setNull(14, java.sql.Types.BIGINT);
5868 preparedStatement.setNull(15, java.sql.Types.VARCHAR);
5870 preparedStatement.setNull(17, java.sql.Types.VARCHAR);
5871 String parentPath =
"/";
5872 preparedStatement.setString(18, parentPath);
5873 preparedStatement.setLong(19, newObjId);
5874 preparedStatement.setString(20, null);
5875 connection.executeUpdate(preparedStatement);
5877 return new LocalFilesDataSource(
this, newObjId, newObjId, deviceId, rootDirectoryName, dirType, metaType, dirFlag, metaFlags, timeZone, null,
FileKnown.
UNKNOWN, parentPath);
5879 }
catch (SQLException ex) {
5880 throw new TskCoreException(String.format(
"Error creating local files data source with device id %s and directory name %s", deviceId, rootDirectoryName), ex);
5882 closeStatement(statement);
5907 String timezone, String md5, String sha1, String sha256,
5911 Statement statement = null;
5914 CaseDbConnection connection = transaction.getConnection();
5919 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_IMAGE_INFO);
5920 preparedStatement.clearParameters();
5921 preparedStatement.setLong(1, newObjId);
5922 preparedStatement.setShort(2, (
short) type.getValue());
5923 preparedStatement.setLong(3, sectorSize);
5924 preparedStatement.setString(4, timezone);
5926 long savedSize = size < 0 ? 0 : size;
5927 preparedStatement.setLong(5, savedSize);
5928 preparedStatement.setString(6, md5);
5929 preparedStatement.setString(7, sha1);
5930 preparedStatement.setString(8, sha256);
5931 preparedStatement.setString(9, displayName);
5932 connection.executeUpdate(preparedStatement);
5935 for (
int i = 0; i < imagePaths.size(); i++) {
5936 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_IMAGE_NAME);
5937 preparedStatement.clearParameters();
5938 preparedStatement.setLong(1, newObjId);
5939 preparedStatement.setString(2, imagePaths.get(i));
5940 preparedStatement.setLong(3, i);
5941 connection.executeUpdate(preparedStatement);
5945 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_DATA_SOURCE_INFO);
5946 statement = connection.createStatement();
5947 preparedStatement.setLong(1, newObjId);
5948 preparedStatement.setString(2, deviceId);
5949 preparedStatement.setString(3, timezone);
5950 connection.executeUpdate(preparedStatement);
5953 String name = displayName;
5954 if (name == null || name.isEmpty()) {
5955 if (imagePaths.size() > 0) {
5956 String path = imagePaths.get(0);
5957 name = (
new java.io.File(path)).getName();
5962 return new Image(
this, newObjId, type.getValue(), deviceId, sectorSize, name,
5963 imagePaths.toArray(
new String[imagePaths.size()]), timezone, md5, sha1, sha256, savedSize);
5964 }
catch (SQLException ex) {
5965 if (!imagePaths.isEmpty()) {
5966 throw new TskCoreException(String.format(
"Error adding image with path %s to database", imagePaths.get(0)), ex);
5968 throw new TskCoreException(String.format(
"Error adding image with display name %s to database", displayName), ex);
5971 closeStatement(statement);
5994 CaseDbConnection connection = transaction.getConnection();
5995 long newObjId = addObject(parentObjId,
TskData.
ObjectType.
VS.getObjectType(), connection);
5999 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_VS_INFO);
6000 preparedStatement.clearParameters();
6001 preparedStatement.setLong(1, newObjId);
6002 preparedStatement.setShort(2, (
short) type.getVsType());
6003 preparedStatement.setLong(3, imgOffset);
6004 preparedStatement.setLong(4, blockSize);
6005 connection.executeUpdate(preparedStatement);
6008 return new VolumeSystem(
this, newObjId,
"", type.getVsType(), imgOffset, blockSize);
6009 }
catch (SQLException ex) {
6010 throw new TskCoreException(String.format(
"Error creating volume system with parent ID %d and image offset %d",
6011 parentObjId, imgOffset), ex);
6032 public Volume addVolume(
long parentObjId,
long addr,
long start,
long length, String desc,
6035 Statement statement = null;
6038 CaseDbConnection connection = transaction.getConnection();
6043 PreparedStatement preparedStatement;
6045 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_VS_PART_POSTGRESQL);
6047 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_VS_PART_SQLITE);
6049 preparedStatement.clearParameters();
6050 preparedStatement.setLong(1, newObjId);
6051 preparedStatement.setLong(2, addr);
6052 preparedStatement.setLong(3, start);
6053 preparedStatement.setLong(4, length);
6054 preparedStatement.setString(5, desc);
6055 preparedStatement.setShort(6, (
short) flags);
6056 connection.executeUpdate(preparedStatement);
6059 return new Volume(
this, newObjId, addr, start, length, flags, desc);
6060 }
catch (SQLException ex) {
6061 throw new TskCoreException(String.format(
"Error creating volume with address %d and parent ID %d", addr, parentObjId), ex);
6063 closeStatement(statement);
6081 Statement statement = null;
6084 CaseDbConnection connection = transaction.getConnection();
6089 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_POOL_INFO);
6090 preparedStatement.clearParameters();
6091 preparedStatement.setLong(1, newObjId);
6092 preparedStatement.setShort(2, type.getValue());
6093 connection.executeUpdate(preparedStatement);
6096 return new Pool(
this, newObjId, type.getName(), type.getValue());
6097 }
catch (SQLException ex) {
6098 throw new TskCoreException(String.format(
"Error creating pool with type %d and parent ID %d", type.getValue(), parentObjId), ex);
6100 closeStatement(statement);
6124 long rootInum,
long firstInum,
long lastInum, String displayName,
6127 Statement statement = null;
6130 CaseDbConnection connection = transaction.getConnection();
6131 long newObjId = addObject(parentObjId,
TskData.
ObjectType.
FS.getObjectType(), connection);
6134 long dataSourceId = getDataSourceObjectId(connection, newObjId);
6138 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FS_INFO);
6139 preparedStatement.clearParameters();
6140 preparedStatement.setLong(1, newObjId);
6141 preparedStatement.setLong(2, dataSourceId);
6142 preparedStatement.setLong(3, imgOffset);
6143 preparedStatement.setInt(4, type.getValue());
6144 preparedStatement.setLong(5, blockSize);
6145 preparedStatement.setLong(6, blockCount);
6146 preparedStatement.setLong(7, rootInum);
6147 preparedStatement.setLong(8, firstInum);
6148 preparedStatement.setLong(9, lastInum);
6149 preparedStatement.setString(10, displayName);
6150 connection.executeUpdate(preparedStatement);
6153 return new FileSystem(
this, newObjId, displayName, imgOffset, type, blockSize, blockCount, rootInum,
6154 firstInum, lastInum);
6155 }
catch (SQLException ex) {
6156 throw new TskCoreException(String.format(
"Error creating file system with image offset %d and parent ID %d",
6157 imgOffset, parentObjId), ex);
6159 closeStatement(statement);
6191 long metaAddr,
int metaSeq,
6194 long ctime,
long crtime,
long atime,
long mtime,
6195 boolean isFile,
Content parent)
throws TskCoreException {
6200 Statement queryStatement = null;
6202 CaseDbConnection connection = transaction.getConnection();
6211 AbstractFile parentFile = (AbstractFile) parent;
6212 if (isRootDirectory(parentFile, transaction)) {
6215 parentPath = parentFile.
getParentPath() + parent.getName() +
"/";
6221 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE_SYSTEM_FILE);
6222 statement.clearParameters();
6223 statement.setLong(1, objectId);
6224 statement.setLong(2, fsObjId);
6225 statement.setLong(3, dataSourceObjId);
6226 statement.setShort(4, (
short) attrType.getValue());
6227 statement.setInt(5, attrId);
6228 statement.setString(6, fileName);
6229 statement.setLong(7, metaAddr);
6230 statement.setInt(8, metaSeq);
6232 statement.setShort(10, (
short) 1);
6234 statement.setShort(11, dirType.
getValue());
6236 statement.setShort(12, metaType.
getValue());
6237 statement.setShort(13, dirFlag.getValue());
6238 statement.setShort(14, metaFlags);
6239 statement.setLong(15, size < 0 ? 0 : size);
6240 statement.setLong(16, ctime);
6241 statement.setLong(17, crtime);
6242 statement.setLong(18, atime);
6243 statement.setLong(19, mtime);
6244 statement.setString(20, parentPath);
6245 final String extension = extractExtension(fileName);
6246 statement.setString(21, extension);
6248 connection.executeUpdate(statement);
6250 DerivedFile derivedFile =
new DerivedFile(
this, objectId, dataSourceObjId, fileName, dirType, metaType, dirFlag, metaFlags,
6251 size, ctime, crtime, atime, mtime, null, null, parentPath, null, parent.getId(), null, null, extension);
6253 timelineManager.addEventsForNewFile(derivedFile, connection);
6259 attrType, attrId, fileName, metaAddr, metaSeq,
6260 dirType, metaType, dirFlag, metaFlags,
6261 size, ctime, crtime, atime, mtime,
6262 (
short) 0, 0, 0, null, null, parentPath, null,
6265 }
catch (SQLException ex) {
6266 logger.log(Level.WARNING,
"Failed to add file system file", ex);
6268 closeStatement(queryStatement);
6269 if (null != transaction) {
6272 }
catch (TskCoreException ex2) {
6273 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6289 CaseDbConnection connection = connections.getConnection();
6292 ResultSet rs = null;
6294 s = connection.createStatement();
6295 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE"
6297 +
" AND obj_id = data_source_obj_id"
6298 +
" ORDER BY dir_type, LOWER(name)");
6299 List<VirtualDirectory> virtDirRootIds =
new ArrayList<VirtualDirectory>();
6301 virtDirRootIds.add(virtualDirectory(rs, connection));
6303 return virtDirRootIds;
6304 }
catch (SQLException ex) {
6305 throw new TskCoreException(
"Error getting local files virtual folder id", ex);
6327 assert (null != fileRanges);
6328 if (null == fileRanges) {
6329 throw new TskCoreException(
"TskFileRange object is null");
6332 assert (null != parent);
6333 if (null == parent) {
6334 throw new TskCoreException(
"Conent is null");
6338 Statement statement = null;
6339 ResultSet resultSet = null;
6343 CaseDbConnection connection = transaction.getConnection();
6345 List<LayoutFile> fileRangeLayoutFiles =
new ArrayList<LayoutFile>();
6353 long end_byte_in_parent = fileRange.getByteStart() + fileRange.getByteLen() - 1;
6362 PreparedStatement prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
6363 prepStmt.clearParameters();
6364 prepStmt.setLong(1, fileRangeId);
6365 prepStmt.setNull(2, java.sql.Types.BIGINT);
6366 prepStmt.setString(3,
"Unalloc_" + parent.getId() +
"_" + fileRange.getByteStart() +
"_" + end_byte_in_parent);
6368 prepStmt.setNull(5, java.sql.Types.BIGINT);
6373 prepStmt.setLong(10, fileRange.getByteLen());
6374 prepStmt.setNull(11, java.sql.Types.BIGINT);
6375 prepStmt.setNull(12, java.sql.Types.BIGINT);
6376 prepStmt.setNull(13, java.sql.Types.BIGINT);
6377 prepStmt.setNull(14, java.sql.Types.BIGINT);
6378 prepStmt.setNull(15, java.sql.Types.VARCHAR);
6380 prepStmt.setNull(17, java.sql.Types.VARCHAR);
6381 prepStmt.setNull(18, java.sql.Types.VARCHAR);
6382 prepStmt.setLong(19, parent.getId());
6385 prepStmt.setString(20, null);
6386 connection.executeUpdate(prepStmt);
6393 prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LAYOUT_FILE);
6394 prepStmt.clearParameters();
6395 prepStmt.setLong(1, fileRangeId);
6396 prepStmt.setLong(2, fileRange.getByteStart());
6397 prepStmt.setLong(3, fileRange.getByteLen());
6398 prepStmt.setLong(4, fileRange.getSequence());
6399 connection.executeUpdate(prepStmt);
6404 fileRangeLayoutFiles.add(
new LayoutFile(
this,
6407 Long.toString(fileRange.getSequence()),
6413 fileRange.getByteLen(),
6417 parent.getUniquePath(),
6423 return fileRangeLayoutFiles;
6425 }
catch (SQLException ex) {
6426 throw new TskCoreException(
"Failed to add layout files to case database", ex);
6428 closeResultSet(resultSet);
6429 closeStatement(statement);
6431 if (null != transaction) {
6434 }
catch (TskCoreException ex2) {
6435 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6453 assert (null != carvingResult);
6454 if (null == carvingResult) {
6455 throw new TskCoreException(
"Carving is null");
6457 assert (null != carvingResult.getParent());
6458 if (null == carvingResult.getParent()) {
6459 throw new TskCoreException(
"Carving result has null parent");
6461 assert (null != carvingResult.getCarvedFiles());
6462 if (null == carvingResult.getCarvedFiles()) {
6463 throw new TskCoreException(
"Carving result has null carved files");
6466 Statement statement = null;
6467 ResultSet resultSet = null;
6468 long newCacheKey = 0;
6471 CaseDbConnection connection = transaction.getConnection();
6480 while (null != root) {
6495 if (null == carvedFilesDir) {
6496 List<Content> rootChildren;
6498 rootChildren = ((FileSystem) root).getRootDirectory().
getChildren();
6502 for (
Content child : rootChildren) {
6508 if (null == carvedFilesDir) {
6509 long parId = root.
getId();
6511 if (root instanceof FileSystem) {
6512 Content rootDir = ((FileSystem) root).getRootDirectory();
6513 parId = rootDir.
getId();
6517 newCacheKey = root.
getId();
6518 rootIdsToCarvedFileDirs.put(newCacheKey, carvedFilesDir);
6525 String parentPath = getFileParentPath(carvedFilesDir.
getId(), connection) + carvedFilesDir.
getName() +
"/";
6526 List<LayoutFile> carvedFiles =
new ArrayList<LayoutFile>();
6542 PreparedStatement prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
6543 prepStmt.clearParameters();
6544 prepStmt.setLong(1, carvedFileId);
6546 prepStmt.setLong(2, root.
getId());
6548 prepStmt.setNull(2, java.sql.Types.BIGINT);
6550 prepStmt.setString(3, carvedFile.getName());
6552 prepStmt.setShort(5, (
short) 1);
6557 prepStmt.setLong(10, carvedFile.getSizeInBytes());
6558 prepStmt.setNull(11, java.sql.Types.BIGINT);
6559 prepStmt.setNull(12, java.sql.Types.BIGINT);
6560 prepStmt.setNull(13, java.sql.Types.BIGINT);
6561 prepStmt.setNull(14, java.sql.Types.BIGINT);
6562 prepStmt.setNull(15, java.sql.Types.VARCHAR);
6564 prepStmt.setNull(17, java.sql.Types.VARCHAR);
6565 prepStmt.setString(18, parentPath);
6567 prepStmt.setString(20, extractExtension(carvedFile.getName()));
6568 connection.executeUpdate(prepStmt);
6575 prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LAYOUT_FILE);
6576 for (
TskFileRange tskFileRange : carvedFile.getLayoutInParent()) {
6577 prepStmt.clearParameters();
6578 prepStmt.setLong(1, carvedFileId);
6579 prepStmt.setLong(2, tskFileRange.getByteStart());
6580 prepStmt.setLong(3, tskFileRange.getByteLen());
6581 prepStmt.setLong(4, tskFileRange.getSequence());
6582 connection.executeUpdate(prepStmt);
6591 carvedFile.getName(),
6597 carvedFile.getSizeInBytes(),
6609 }
catch (SQLException ex) {
6610 throw new TskCoreException(
"Failed to add carved files to case database", ex);
6612 closeResultSet(resultSet);
6613 closeStatement(statement);
6615 if (null != transaction) {
6618 }
catch (TskCoreException ex2) {
6619 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6621 if (0 != newCacheKey) {
6622 rootIdsToCarvedFileDirs.remove(newCacheKey);
6659 long size,
long ctime,
long crtime,
long atime,
long mtime,
6660 boolean isFile,
Content parentObj,
6661 String rederiveDetails, String toolName, String toolVersion,
6664 localPath = localPath.replaceAll(
"^[/\\\\]+",
"");
6669 CaseDbConnection connection = transaction.getConnection();
6671 final long parentId = parentObj.
getId();
6672 String parentPath =
"";
6676 parentPath = ((AbstractFile) parentObj).getParentPath() + parentObj.
getName() +
'/';
6688 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
6689 statement.clearParameters();
6690 statement.setLong(1, newObjId);
6693 long fsObjId = this.getFileSystemId(parentId, connection);
6694 if (fsObjId != -1) {
6695 statement.setLong(2, fsObjId);
6697 statement.setNull(2, java.sql.Types.BIGINT);
6699 statement.setString(3, fileName);
6703 statement.setShort(5, (
short) 1);
6707 statement.setShort(6, dirType.
getValue());
6709 statement.setShort(7, metaType.
getValue());
6713 statement.setShort(8, dirFlag.
getValue());
6716 statement.setShort(9, metaFlags);
6720 long savedSize = size < 0 ? 0 : size;
6721 statement.setLong(10, savedSize);
6725 statement.setLong(11, ctime);
6726 statement.setLong(12, crtime);
6727 statement.setLong(13, atime);
6728 statement.setLong(14, mtime);
6730 statement.setNull(15, java.sql.Types.VARCHAR);
6732 statement.setNull(17, java.sql.Types.VARCHAR);
6735 statement.setString(18, parentPath);
6738 long dataSourceObjId = getDataSourceObjectId(connection, parentId);
6739 statement.setLong(19, dataSourceObjId);
6740 final String extension = extractExtension(fileName);
6742 statement.setString(20, extension);
6744 connection.executeUpdate(statement);
6747 addFilePath(connection, newObjId, localPath, encodingType);
6749 DerivedFile derivedFile =
new DerivedFile(
this, newObjId, dataSourceObjId, fileName, dirType, metaType, dirFlag, metaFlags,
6750 savedSize, ctime, crtime, atime, mtime, null, null, parentPath, localPath, parentId, null, encodingType, extension);
6752 timelineManager.addEventsForNewFile(derivedFile, connection);
6756 }
catch (SQLException ex) {
6757 connection.rollbackTransaction();
6758 throw new TskCoreException(
"Failed to add derived file to case database", ex);
6795 long size,
long ctime,
long crtime,
long atime,
long mtime,
6796 boolean isFile, String mimeType,
6797 String rederiveDetails, String toolName, String toolVersion,
6801 localPath = localPath.replaceAll(
"^[/\\\\]+",
"");
6803 CaseDbConnection connection = connections.getConnection();
6805 ResultSet rs = null;
6808 connection.beginTransaction();
6809 final long parentId = parentObj.
getId();
6810 String parentPath =
"";
6814 parentPath = ((AbstractFile) parentObj).getParentPath() + parentObj.
getName() +
'/';
6818 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_DERIVED_FILE);
6819 statement.clearParameters();
6826 statement.setShort(2, dirType.
getValue());
6828 statement.setShort(3, metaType.
getValue());
6832 statement.setShort(4, dirFlag.
getValue());
6835 statement.setShort(5, metaFlags);
6839 long savedSize = size < 0 ? 0 : size;
6840 statement.setLong(6, savedSize);
6844 statement.setLong(7, ctime);
6845 statement.setLong(8, crtime);
6846 statement.setLong(9, atime);
6847 statement.setLong(10, mtime);
6848 statement.setString(11, mimeType);
6849 statement.setString(12, String.valueOf(derivedFile.
getId()));
6850 connection.executeUpdate(statement);
6853 updateFilePath(connection, derivedFile.
getId(), localPath, encodingType);
6855 connection.commitTransaction();
6857 long dataSourceObjId = getDataSourceObjectId(connection, parentId);
6858 final String extension = extractExtension(derivedFile.
getName());
6859 return new DerivedFile(
this, derivedFile.
getId(), dataSourceObjId, derivedFile.
getName(), dirType, metaType, dirFlag, metaFlags,
6860 savedSize, ctime, crtime, atime, mtime, null, null, parentPath, localPath, parentId, null, encodingType, extension);
6861 }
catch (SQLException ex) {
6862 connection.rollbackTransaction();
6863 throw new TskCoreException(
"Failed to add derived file to case database", ex);
6891 long size,
long ctime,
long crtime,
long atime,
long mtime,
6897 LocalFile created =
addLocalFile(fileName, localPath, size, ctime, crtime, atime, mtime, isFile, encodingType, parent, localTrans);
6902 if (null != localTrans) {
6905 }
catch (TskCoreException ex2) {
6906 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6937 long size,
long ctime,
long crtime,
long atime,
long mtime,
6942 size, ctime, crtime, atime, mtime,
6944 isFile, encodingType,
6945 parent, transaction);
6976 long size,
long ctime,
long crtime,
long atime,
long mtime,
6977 String md5,
FileKnown known, String mimeType,
6980 CaseDbConnection connection = transaction.getConnection();
6981 Statement queryStatement = null;
6993 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
6994 statement.clearParameters();
6995 statement.setLong(1, objectId);
6996 statement.setNull(2, java.sql.Types.BIGINT);
6997 statement.setString(3, fileName);
6999 statement.setShort(5, (
short) 1);
7001 statement.setShort(6, dirType.
getValue());
7003 statement.setShort(7, metaType.
getValue());
7005 statement.setShort(8, dirFlag.
getValue());
7007 statement.setShort(9, metaFlags);
7009 long savedSize = size < 0 ? 0 : size;
7010 statement.setLong(10, savedSize);
7011 statement.setLong(11, ctime);
7012 statement.setLong(12, crtime);
7013 statement.setLong(13, atime);
7014 statement.setLong(14, mtime);
7015 statement.setString(15, md5);
7016 if (known != null) {
7017 statement.setByte(16, known.getFileKnownValue());
7021 statement.setString(17, mimeType);
7023 long dataSourceObjId;
7026 AbstractFile parentFile = (AbstractFile) parent;
7027 if (isRootDirectory(parentFile, transaction)) {
7030 parentPath = parentFile.
getParentPath() + parent.getName() +
"/";
7035 dataSourceObjId = getDataSourceObjectId(connection, parent.getId());
7037 statement.setString(18, parentPath);
7038 statement.setLong(19, dataSourceObjId);
7039 final String extension = extractExtension(fileName);
7040 statement.setString(20, extension);
7042 connection.executeUpdate(statement);
7043 addFilePath(connection, objectId, localPath, encodingType);
7053 ctime, crtime, atime, mtime,
7054 mimeType, md5, known,
7055 parent.getId(), parentPath,
7058 encodingType, extension);
7062 }
catch (SQLException ex) {
7063 throw new TskCoreException(String.format(
"Failed to INSERT local file %s (%s) with parent id %d in tsk_files table", fileName, localPath, parent.getId()), ex);
7065 closeStatement(queryStatement);
7082 CaseDbConnection connection = transaction.getConnection();
7083 Statement statement = null;
7084 ResultSet resultSet = null;
7087 String query = String.format(
"SELECT ParentRow.type AS parent_type, ParentRow.obj_id AS parent_object_id "
7088 +
"FROM tsk_objects ParentRow JOIN tsk_objects ChildRow ON ChildRow.par_obj_id = ParentRow.obj_id "
7089 +
"WHERE ChildRow.obj_id = %s;", file.
getId());
7091 statement = connection.createStatement();
7092 resultSet = statement.executeQuery(query);
7093 if (resultSet.next()) {
7094 long parentId = resultSet.getLong(
"parent_object_id");
7095 if (parentId == 0) {
7098 int type = resultSet.getInt(
"parent_type");
7099 return (type == TskData.ObjectType.IMG.getObjectType()
7100 || type == TskData.ObjectType.VS.getObjectType()
7101 || type == TskData.ObjectType.VOL.getObjectType()
7102 || type == TskData.ObjectType.FS.getObjectType());
7107 }
catch (SQLException ex) {
7108 throw new TskCoreException(String.format(
"Failed to lookup parent of file (%s) with id %d", file.
getName(), file.
getId()), ex);
7110 closeResultSet(resultSet);
7111 closeStatement(statement);
7137 long ctime,
long crtime,
long atime,
long mtime,
7138 List<TskFileRange> fileRanges,
7139 Content parent)
throws TskCoreException {
7141 if (null == parent) {
7142 throw new TskCoreException(
"Parent can not be null");
7147 parentPath = ((AbstractFile) parent).getParentPath() + parent.getName() +
'/';
7153 Statement statement = null;
7154 ResultSet resultSet = null;
7157 CaseDbConnection connection = transaction.getConnection();
7173 PreparedStatement prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
7174 prepStmt.clearParameters();
7175 prepStmt.setLong(1, newFileId);
7178 if (0 != parent.getId()) {
7179 long parentFs = this.getFileSystemId(parent.getId(), connection);
7180 if (parentFs != -1) {
7181 prepStmt.setLong(2, parentFs);
7183 prepStmt.setNull(2, java.sql.Types.BIGINT);
7186 prepStmt.setNull(2, java.sql.Types.BIGINT);
7188 prepStmt.setString(3, fileName);
7190 prepStmt.setShort(5, (
short) 0);
7193 prepStmt.setShort(8, dirFlag.getValue());
7194 prepStmt.setShort(9, metaFlag.getValue());
7196 long savedSize = size < 0 ? 0 : size;
7197 prepStmt.setLong(10, savedSize);
7198 prepStmt.setLong(11, ctime);
7199 prepStmt.setLong(12, crtime);
7200 prepStmt.setLong(13, atime);
7201 prepStmt.setLong(14, mtime);
7202 prepStmt.setNull(15, java.sql.Types.VARCHAR);
7204 prepStmt.setNull(17, java.sql.Types.VARCHAR);
7205 prepStmt.setString(18, parentPath);
7206 prepStmt.setLong(19, parent.getDataSource().getId());
7208 prepStmt.setString(20, extractExtension(fileName));
7209 connection.executeUpdate(prepStmt);
7216 prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LAYOUT_FILE);
7218 prepStmt.clearParameters();
7219 prepStmt.setLong(1, newFileId);
7220 prepStmt.setLong(2, tskFileRange.getByteStart());
7221 prepStmt.setLong(3, tskFileRange.getByteLen());
7222 prepStmt.setLong(4, tskFileRange.getSequence());
7223 connection.executeUpdate(prepStmt);
7231 parent.getDataSource().getId(),
7237 metaFlag.getValue(),
7239 ctime, crtime, atime, mtime,
7249 }
catch (SQLException ex) {
7250 throw new TskCoreException(
"Failed to add layout file " + fileName +
" to case database", ex);
7252 closeResultSet(resultSet);
7253 closeStatement(statement);
7255 if (null != transaction) {
7258 }
catch (TskCoreException ex2) {
7259 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
7277 private long getDataSourceObjectId(CaseDbConnection connection,
long objectId)
throws TskCoreException {
7279 Statement statement = null;
7280 ResultSet resultSet = null;
7282 statement = connection.createStatement();
7283 long dataSourceObjId;
7284 long ancestorId = objectId;
7286 dataSourceObjId = ancestorId;
7287 String query = String.format(
"SELECT par_obj_id FROM tsk_objects WHERE obj_id = %s;", ancestorId);
7288 resultSet = statement.executeQuery(query);
7289 if (resultSet.next()) {
7290 ancestorId = resultSet.getLong(
"par_obj_id");
7292 throw new TskCoreException(String.format(
"tsk_objects table is corrupt, SQL query returned no result: %s", query));
7296 }
while (0 != ancestorId);
7297 return dataSourceObjId;
7298 }
catch (SQLException ex) {
7299 throw new TskCoreException(String.format(
"Error finding root data source for object (obj_id = %d)", objectId), ex);
7301 closeResultSet(resultSet);
7302 closeStatement(statement);
7318 private void addFilePath(CaseDbConnection connection,
long objId, String path, TskData.EncodingType type) throws SQLException {
7319 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LOCAL_PATH);
7320 statement.clearParameters();
7321 statement.setLong(1, objId);
7322 statement.setString(2, path);
7323 statement.setInt(3, type.getType());
7324 connection.executeUpdate(statement);
7338 private void updateFilePath(CaseDbConnection connection,
long objId, String path, TskData.EncodingType type) throws SQLException {
7339 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_LOCAL_PATH);
7340 statement.clearParameters();
7341 statement.setString(1, path);
7342 statement.setInt(2, type.getType());
7343 statement.setLong(3, objId);
7344 connection.executeUpdate(statement);
7363 return findFiles(dataSource, fileName, parentFile.getName());
7378 CaseDbConnection connection = connections.getConnection();
7381 ResultSet rs = null;
7383 s = connection.createStatement();
7384 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files WHERE " + sqlWhereClause);
7386 return rs.getLong(
"count");
7387 }
catch (SQLException e) {
7388 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.countFilesWhere().", e);
7415 CaseDbConnection connection = connections.getConnection();
7418 ResultSet rs = null;
7420 s = connection.createStatement();
7421 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE " + sqlWhereClause);
7422 return resultSetToAbstractFiles(rs, connection);
7423 }
catch (SQLException e) {
7424 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findAllFilesWhere(): " + sqlWhereClause, e);
7452 String queryTemplate =
"SELECT tsk_files.* FROM tsk_files JOIN tsk_objects ON tsk_objects.obj_id = tsk_files.obj_id WHERE par_obj_id = %d AND %s";
7454 try(CaseDbConnection connection = connections.getConnection()) {
7457 String query = String.format(queryTemplate, parentId, sqlWhereClause);
7458 try(Statement s = connection.createStatement(); ResultSet rs = connection.executeQuery(s, query)) {
7459 return resultSetToAbstractFiles(rs, connection);
7460 }
catch(SQLException ex) {
7461 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findAllFilesInFolderWhere(): " + query, ex);
7481 CaseDbConnection connection = connections.getConnection();
7484 ResultSet rs = null;
7486 s = connection.createStatement();
7487 rs = connection.executeQuery(s,
"SELECT obj_id FROM tsk_files WHERE " + sqlWhereClause);
7488 List<Long> ret =
new ArrayList<Long>();
7490 ret.add(rs.getLong(
"obj_id"));
7493 }
catch (SQLException e) {
7494 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findAllFileIdsWhere(): " + sqlWhereClause, e);
7514 public List<AbstractFile>
openFiles(
Content dataSource, String filePath)
throws TskCoreException {
7521 int lastSlash = path.lastIndexOf(
'/');
7524 if (lastSlash == path.length()) {
7525 path = path.substring(0, lastSlash - 1);
7526 lastSlash = path.lastIndexOf(
'/');
7529 String parentPath = path.substring(0, lastSlash);
7530 String fileName = path.substring(lastSlash);
7532 return findFiles(dataSource, fileName, parentPath);
7546 CaseDbConnection connection = connections.getConnection();
7549 ResultSet rs = null;
7551 s = connection.createStatement();
7552 rs = connection.executeQuery(s,
"SELECT * FROM tsk_file_layout WHERE obj_id = " +
id +
" ORDER BY sequence");
7553 List<TskFileRange> ranges =
new ArrayList<TskFileRange>();
7556 rs.getLong(
"byte_len"), rs.getLong(
"sequence"));
7560 }
catch (SQLException ex) {
7561 throw new TskCoreException(
"Error getting TskFileLayoutRanges by id, id = " +
id, ex);
7581 CaseDbConnection connection = connections.getConnection();
7583 Statement s1 = null;
7584 ResultSet rs1 = null;
7585 Statement s2 = null;
7586 ResultSet rs2 = null;
7588 s1 = connection.createStatement();
7589 rs1 = connection.executeQuery(s1,
"SELECT tsk_image_info.type, tsk_image_info.ssize, tsk_image_info.tzone, tsk_image_info.size, tsk_image_info.md5, tsk_image_info.sha1, tsk_image_info.sha256, tsk_image_info.display_name, data_source_info.device_id "
7590 +
"FROM tsk_image_info "
7591 +
"INNER JOIN data_source_info ON tsk_image_info.obj_id = data_source_info.obj_id "
7592 +
"WHERE tsk_image_info.obj_id = " +
id);
7594 s2 = connection.createStatement();
7595 rs2 = connection.executeQuery(s2,
"SELECT name FROM tsk_image_names WHERE tsk_image_names.obj_id = " +
id);
7596 List<String> imagePaths =
new ArrayList<String>();
7597 while (rs2.next()) {
7598 imagePaths.add(rs2.getString(
"name"));
7600 long type = rs1.getLong(
"type");
7601 long ssize = rs1.getLong(
"ssize");
7602 String tzone = rs1.getString(
"tzone");
7603 long size = rs1.getLong(
"size");
7604 String md5 = rs1.getString(
"md5");
7605 String sha1 = rs1.getString(
"sha1");
7606 String sha256 = rs1.getString(
"sha256");
7607 String name = rs1.getString(
"display_name");
7609 if (imagePaths.size() > 0) {
7610 String path = imagePaths.get(0);
7611 name = (
new java.io.File(path)).getName();
7616 String device_id = rs1.getString(
"device_id");
7618 return new Image(
this,
id, type, device_id, ssize, name,
7619 imagePaths.toArray(
new String[imagePaths.size()]), tzone, md5, sha1, sha256, size);
7621 throw new TskCoreException(
"No image found for id: " +
id);
7623 }
catch (SQLException ex) {
7624 throw new TskCoreException(
"Error getting Image by id, id = " +
id, ex);
7626 closeResultSet(rs2);
7628 closeResultSet(rs1);
7647 CaseDbConnection connection = connections.getConnection();
7650 ResultSet rs = null;
7652 s = connection.createStatement();
7653 rs = connection.executeQuery(s,
"SELECT * FROM tsk_vs_info "
7654 +
"where obj_id = " +
id);
7656 long type = rs.getLong(
"vs_type");
7657 long imgOffset = rs.getLong(
"img_offset");
7658 long blockSize = rs.getLong(
"block_size");
7660 vs.setParent(parent);
7663 throw new TskCoreException(
"No volume system found for id:" +
id);
7665 }
catch (SQLException ex) {
7666 throw new TskCoreException(
"Error getting Volume System by ID.", ex);
7683 VolumeSystem getVolumeSystemById(
long id,
long parentId)
throws TskCoreException {
7684 VolumeSystem vs = getVolumeSystemById(
id, null);
7685 vs.setParentId(parentId);
7700 FileSystem getFileSystemById(
long id, Image parent)
throws TskCoreException {
7701 return getFileSystemByIdHelper(
id, parent);
7712 FileSystem getFileSystemById(
long id,
long parentId)
throws TskCoreException {
7714 FileSystem fs = getFileSystemById(
id, vol);
7715 fs.setParentId(parentId);
7730 FileSystem getFileSystemById(
long id, Volume parent)
throws TskCoreException {
7731 return getFileSystemByIdHelper(
id, parent);
7745 Pool getPoolById(
long id, Content parent)
throws TskCoreException {
7746 return getPoolByIdHelper(
id, parent);
7757 Pool getPoolById(
long id,
long parentId)
throws TskCoreException {
7758 Pool pool = getPoolById(
id, null);
7759 pool.setParentId(parentId);
7774 private Pool getPoolByIdHelper(
long id, Content parent)
throws TskCoreException {
7777 try (CaseDbConnection connection = connections.getConnection();
7778 Statement s = connection.createStatement();
7779 ResultSet rs = connection.executeQuery(s,
"SELECT * FROM tsk_pool_info "
7780 +
"where obj_id = " +
id);) {
7782 Pool pool =
new Pool(
this, rs.getLong(
"obj_id"), TskData.TSK_POOL_TYPE_ENUM.valueOf(rs.getLong(
"pool_type")).getName(), rs.getLong(
"pool_type"));
7783 pool.setParent(parent);
7787 throw new TskCoreException(
"No pool found for ID:" +
id);
7789 }
catch (SQLException ex) {
7790 throw new TskCoreException(
"Error getting Pool by ID", ex);
7807 private FileSystem getFileSystemByIdHelper(
long id, Content parent)
throws TskCoreException {
7811 synchronized (fileSystemIdMap) {
7812 if (fileSystemIdMap.containsKey(
id)) {
7813 return fileSystemIdMap.get(
id);
7816 CaseDbConnection connection = connections.getConnection();
7819 ResultSet rs = null;
7821 s = connection.createStatement();
7822 rs = connection.executeQuery(s,
"SELECT * FROM tsk_fs_info "
7823 +
"where obj_id = " +
id);
7825 TskData.TSK_FS_TYPE_ENUM fsType = TskData.TSK_FS_TYPE_ENUM.valueOf(rs.getInt(
"fs_type"));
7826 FileSystem fs =
new FileSystem(
this, rs.getLong(
"obj_id"),
"", rs.getLong(
"img_offset"),
7827 fsType, rs.getLong(
"block_size"), rs.getLong(
"block_count"),
7828 rs.getLong(
"root_inum"), rs.getLong(
"first_inum"), rs.getLong(
"last_inum"));
7829 fs.setParent(parent);
7831 synchronized (fileSystemIdMap) {
7832 fileSystemIdMap.put(
id, fs);
7836 throw new TskCoreException(
"No file system found for id:" +
id);
7838 }
catch (SQLException ex) {
7839 throw new TskCoreException(
"Error getting File System by ID", ex);
7859 Volume getVolumeById(
long id, VolumeSystem parent)
throws TskCoreException {
7860 CaseDbConnection connection = connections.getConnection();
7863 ResultSet rs = null;
7865 s = connection.createStatement();
7866 rs = connection.executeQuery(s,
"SELECT * FROM tsk_vs_parts "
7867 +
"where obj_id = " +
id);
7878 description = rs.getString(
"desc");
7879 }
catch (Exception ex) {
7880 description = rs.getString(
"descr");
7882 Volume vol =
new Volume(
this, rs.getLong(
"obj_id"), rs.getLong(
"addr"),
7883 rs.getLong(
"start"), rs.getLong(
"length"), rs.getLong(
"flags"),
7885 vol.setParent(parent);
7888 throw new TskCoreException(
"No volume found for id:" +
id);
7890 }
catch (SQLException ex) {
7891 throw new TskCoreException(
"Error getting Volume by ID", ex);
7908 Volume getVolumeById(
long id,
long parentId)
throws TskCoreException {
7909 Volume vol = getVolumeById(
id, null);
7910 vol.setParentId(parentId);
7925 Directory getDirectoryById(
long id, FileSystem parentFs)
throws TskCoreException {
7926 CaseDbConnection connection = connections.getConnection();
7929 ResultSet rs = null;
7931 s = connection.createStatement();
7932 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files "
7933 +
"WHERE obj_id = " +
id);
7934 Directory temp = null;
7936 final short type = rs.getShort(
"type");
7937 if (type == TSK_DB_FILES_TYPE_ENUM.FS.getFileType()) {
7938 if (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()
7939 || rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue()) {
7940 temp = directory(rs, parentFs);
7942 }
else if (type == TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()) {
7943 throw new TskCoreException(
"Expecting an FS-type directory, got virtual, id: " +
id);
7946 throw new TskCoreException(
"No Directory found for id:" +
id);
7949 }
catch (SQLException ex) {
7950 throw new TskCoreException(
"Error getting Directory by ID", ex);
7969 List<FileSystem> fileSystems =
new ArrayList<>();
7970 CaseDbConnection connection = connections.getConnection();
7974 ResultSet rs = null;
7975 String queryStr =
"SELECT * FROM tsk_fs_info WHERE data_source_obj_id = " + image.getId();
7977 s = connection.createStatement();
7978 rs = connection.executeQuery(s, queryStr);
7982 fsType, rs.getLong(
"block_size"), rs.getLong(
"block_count"),
7983 rs.getLong(
"root_inum"), rs.getLong(
"first_inum"), rs.getLong(
"last_inum"));
7985 fileSystems.add(fs);
7987 }
catch (SQLException ex) {
7988 throw new TskCoreException(
"Error looking up files systems. Query: " + queryStr, ex);
8008 List<Content> getImageChildren(
Image img)
throws TskCoreException {
8009 Collection<ObjectInfo> childInfos = getChildrenInfo(img);
8010 List<Content> children =
new ArrayList<Content>();
8011 for (ObjectInfo info : childInfos) {
8012 if (null != info.type) {
8013 switch (info.type) {
8015 children.add(getVolumeSystemById(info.id, img));
8018 children.add(getPoolById(info.id, img));
8021 children.add(getFileSystemById(info.id, img));
8039 throw new TskCoreException(
"Image has child of invalid type: " + info.type);
8056 List<Long> getImageChildrenIds(Image img)
throws TskCoreException {
8057 Collection<ObjectInfo> childInfos = getChildrenInfo(img);
8058 List<Long> children =
new ArrayList<Long>();
8059 for (ObjectInfo info : childInfos) {
8060 if (info.type == ObjectType.VS
8061 || info.type == ObjectType.POOL
8062 || info.type == ObjectType.FS
8063 || info.type == ObjectType.ABSTRACTFILE
8064 || info.type == ObjectType.ARTIFACT) {
8065 children.add(info.id);
8066 }
else if (info.type == ObjectType.REPORT) {
8069 throw new TskCoreException(
"Image has child of invalid type: " + info.type);
8085 List<Content> getPoolChildren(Pool pool)
throws TskCoreException {
8086 Collection<ObjectInfo> childInfos = getChildrenInfo(pool);
8087 List<Content> children =
new ArrayList<Content>();
8088 for (ObjectInfo info : childInfos) {
8089 if (null != info.type) {
8090 switch (info.type) {
8092 children.add(getVolumeSystemById(info.id, pool));
8107 throw new TskCoreException(
"Pool has child of invalid type: " + info.type);
8124 List<Long> getPoolChildrenIds(Pool pool)
throws TskCoreException {
8125 Collection<ObjectInfo> childInfos = getChildrenInfo(pool);
8126 List<Long> children =
new ArrayList<Long>();
8127 for (ObjectInfo info : childInfos) {
8128 if (info.type == ObjectType.VS || info.type == ObjectType.ABSTRACTFILE || info.type == ObjectType.ARTIFACT) {
8129 children.add(info.id);
8131 throw new TskCoreException(
"Pool has child of invalid type: " + info.type);
8147 List<Content> getVolumeSystemChildren(VolumeSystem vs)
throws TskCoreException {
8148 Collection<ObjectInfo> childInfos = getChildrenInfo(vs);
8149 List<Content> children =
new ArrayList<Content>();
8150 for (ObjectInfo info : childInfos) {
8151 if (null != info.type) {
8152 switch (info.type) {
8154 children.add(getVolumeById(info.id, vs));
8169 throw new TskCoreException(
"VolumeSystem has child of invalid type: " + info.type);
8186 List<Long> getVolumeSystemChildrenIds(VolumeSystem vs)
throws TskCoreException {
8187 Collection<ObjectInfo> childInfos = getChildrenInfo(vs);
8188 List<Long> children =
new ArrayList<Long>();
8189 for (ObjectInfo info : childInfos) {
8190 if (info.type == ObjectType.VOL || info.type == ObjectType.ABSTRACTFILE || info.type == ObjectType.ARTIFACT) {
8191 children.add(info.id);
8193 throw new TskCoreException(
"VolumeSystem has child of invalid type: " + info.type);
8209 List<Content> getVolumeChildren(Volume vol)
throws TskCoreException {
8210 Collection<ObjectInfo> childInfos = getChildrenInfo(vol);
8211 List<Content> children =
new ArrayList<Content>();
8212 for (ObjectInfo info : childInfos) {
8213 if (null != info.type) {
8214 switch (info.type) {
8216 children.add(getPoolById(info.id, vol));
8219 children.add(getFileSystemById(info.id, vol));
8234 throw new TskCoreException(
"Volume has child of invalid type: " + info.type);
8251 List<Long> getVolumeChildrenIds(Volume vol)
throws TskCoreException {
8252 final Collection<ObjectInfo> childInfos = getChildrenInfo(vol);
8253 final List<Long> children =
new ArrayList<Long>();
8254 for (ObjectInfo info : childInfos) {
8255 if (info.type == ObjectType.FS || info.type == ObjectType.ABSTRACTFILE || info.type == ObjectType.ARTIFACT) {
8256 children.add(info.id);
8258 throw new TskCoreException(
"Volume has child of invalid type: " + info.type);
8277 public Image addImageInfo(
long deviceObjId, List<String> imageFilePaths, String timeZone)
throws TskCoreException {
8278 long imageId = this.caseHandle.addImageInfo(deviceObjId, imageFilePaths, timeZone,
this);
8292 CaseDbConnection connection = connections.getConnection();
8294 Statement s1 = null;
8295 Statement s2 = null;
8296 ResultSet rs1 = null;
8297 ResultSet rs2 = null;
8299 s1 = connection.createStatement();
8300 rs1 = connection.executeQuery(s1,
"SELECT obj_id FROM tsk_image_info");
8301 s2 = connection.createStatement();
8302 Map<Long, List<String>> imgPaths =
new LinkedHashMap<Long, List<String>>();
8303 while (rs1.next()) {
8304 long obj_id = rs1.getLong(
"obj_id");
8305 rs2 = connection.executeQuery(s2,
"SELECT * FROM tsk_image_names WHERE obj_id = " + obj_id);
8306 List<String> paths =
new ArrayList<String>();
8307 while (rs2.next()) {
8308 paths.add(rs2.getString(
"name"));
8312 imgPaths.put(obj_id, paths);
8315 }
catch (SQLException ex) {
8316 throw new TskCoreException(
"Error getting image paths.", ex);
8318 closeResultSet(rs2);
8320 closeResultSet(rs1);
8337 private List<String> getImagePathsById(
long objectId)
throws TskCoreException {
8338 List<String> imagePaths =
new ArrayList<String>();
8339 CaseDbConnection connection = connections.getConnection();
8341 Statement statement = null;
8342 ResultSet resultSet = null;
8344 statement = connection.createStatement();
8345 resultSet = connection.executeQuery(statement,
"SELECT name FROM tsk_image_names WHERE tsk_image_names.obj_id = " + objectId);
8346 while (resultSet.next()) {
8347 imagePaths.add(resultSet.getString(
"name"));
8349 }
catch (SQLException ex) {
8350 throw new TskCoreException(String.format(
"Error getting image names with obj_id = %d", objectId), ex);
8352 closeResultSet(resultSet);
8353 closeStatement(statement);
8368 CaseDbConnection connection = connections.getConnection();
8371 ResultSet rs = null;
8373 s = connection.createStatement();
8374 rs = connection.executeQuery(s,
"SELECT obj_id FROM tsk_image_info");
8375 Collection<Long> imageIDs =
new ArrayList<Long>();
8377 imageIDs.add(rs.getLong(
"obj_id"));
8379 List<Image> images =
new ArrayList<Image>();
8380 for (
long id : imageIDs) {
8384 }
catch (SQLException ex) {
8385 throw new TskCoreException(
"Error retrieving images.", ex);
8404 public void setImagePaths(
long obj_id, List<String> paths)
throws TskCoreException {
8405 CaseDbConnection connection = connections.getConnection();
8407 PreparedStatement statement = null;
8409 connection.beginTransaction();
8410 statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_IMAGE_NAME);
8411 statement.clearParameters();
8412 statement.setLong(1, obj_id);
8413 connection.executeUpdate(statement);
8414 for (
int i = 0; i < paths.size(); i++) {
8415 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_IMAGE_NAME);
8416 statement.clearParameters();
8417 statement.setLong(1, obj_id);
8418 statement.setString(2, paths.get(i));
8419 statement.setLong(3, i);
8420 connection.executeUpdate(statement);
8422 connection.commitTransaction();
8423 }
catch (SQLException ex) {
8424 connection.rollbackTransaction();
8425 throw new TskCoreException(
"Error updating image paths.", ex);
8443 void deleteDataSource(
long dataSourceObjectId)
throws TskCoreException {
8444 CaseDbConnection connection = connections.getConnection();
8445 Statement statement = null;
8448 statement = connection.createStatement();
8449 connection.beginTransaction();
8452 statement.execute(
"DELETE FROM tsk_objects WHERE obj_id = " + dataSourceObjectId);
8455 String accountSql =
"DELETE FROM accounts WHERE account_id in (SELECT account_id FROM accounts "
8456 +
"WHERE account_id NOT IN (SELECT account1_id FROM account_relationships) "
8457 +
"AND account_id NOT IN (SELECT account2_id FROM account_relationships))";
8458 statement.execute(accountSql);
8459 connection.commitTransaction();
8460 }
catch (SQLException ex) {
8461 connection.rollbackTransaction();
8462 throw new TskCoreException(
"Error deleting data source.", ex);
8494 private List<AbstractFile> resultSetToAbstractFiles(ResultSet rs, CaseDbConnection connection)
throws SQLException {
8495 ArrayList<AbstractFile> results =
new ArrayList<AbstractFile>();
8498 final short type = rs.getShort(
"type");
8499 if (type == TSK_DB_FILES_TYPE_ENUM.FS.getFileType()
8500 && (rs.getShort(
"meta_type") != TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue())) {
8502 if (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()) {
8503 result = directory(rs, null);
8505 result = file(rs, null);
8507 results.add(result);
8508 }
else if (type == TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()
8509 || (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue())) {
8510 final VirtualDirectory virtDir = virtualDirectory(rs, connection);
8511 results.add(virtDir);
8512 }
else if (type == TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR.getFileType()) {
8513 final LocalDirectory localDir = localDirectory(rs);
8514 results.add(localDir);
8515 }
else if (type == TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS.getFileType()
8516 || type == TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS.getFileType()
8517 || type == TSK_DB_FILES_TYPE_ENUM.CARVED.getFileType()
8518 || type == TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE.getFileType()) {
8519 TSK_DB_FILES_TYPE_ENUM atype = TSK_DB_FILES_TYPE_ENUM.valueOf(type);
8520 String parentPath = rs.getString(
"parent_path");
8521 if (parentPath == null) {
8524 LayoutFile lf =
new LayoutFile(
this,
8525 rs.getLong(
"obj_id"),
8526 rs.getLong(
"data_source_obj_id"),
8527 rs.getString(
"name"),
8529 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")), TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8530 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8532 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8533 rs.getString(
"md5"), FileKnown.valueOf(rs.getByte(
"known")), parentPath, rs.getString(
"mime_type"));
8535 }
else if (type == TSK_DB_FILES_TYPE_ENUM.DERIVED.getFileType()) {
8536 final DerivedFile df;
8537 df = derivedFile(rs, connection, AbstractContent.UNKNOWN_ID);
8539 }
else if (type == TSK_DB_FILES_TYPE_ENUM.LOCAL.getFileType()) {
8541 lf = localFile(rs, connection, AbstractContent.UNKNOWN_ID);
8543 }
else if (type == TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType()) {
8544 final SlackFile sf = slackFile(rs, null);
8548 }
catch (SQLException e) {
8549 logger.log(Level.SEVERE,
"Error getting abstract files from result set", e);
8569 rs.getLong(
"data_source_obj_id"), rs.getLong(
"fs_obj_id"),
8570 TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf(rs.getShort(
"attr_type")),
8571 rs.getInt(
"attr_id"), rs.getString(
"name"), rs.getLong(
"meta_addr"), rs.getInt(
"meta_seq"),
8572 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8573 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8574 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8575 rs.getShort(
"meta_flags"), rs.getLong(
"size"),
8576 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8577 (short) rs.getInt(
"mode"), rs.getInt(
"uid"), rs.getInt(
"gid"),
8578 rs.getString(
"md5"), FileKnown.valueOf(rs.getByte(
"known")),
8579 rs.getString(
"parent_path"), rs.getString(
"mime_type"), rs.getString(
"extension"));
8580 f.setFileSystem(fs);
8595 Directory directory(ResultSet rs, FileSystem fs)
throws SQLException {
8596 Directory dir =
new Directory(
this, rs.getLong(
"obj_id"), rs.getLong(
"data_source_obj_id"), rs.getLong(
"fs_obj_id"),
8597 TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf(rs.getShort(
"attr_type")),
8598 rs.getInt(
"attr_id"), rs.getString(
"name"), rs.getLong(
"meta_addr"), rs.getInt(
"meta_seq"),
8599 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8600 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8601 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8602 rs.getShort(
"meta_flags"), rs.getLong(
"size"),
8603 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8604 rs.getShort(
"mode"), rs.getInt(
"uid"), rs.getInt(
"gid"),
8605 rs.getString(
"md5"), FileKnown.valueOf(rs.getByte(
"known")),
8606 rs.getString(
"parent_path"));
8607 dir.setFileSystem(fs);
8621 VirtualDirectory virtualDirectory(ResultSet rs, CaseDbConnection connection)
throws SQLException {
8622 String parentPath = rs.getString(
"parent_path");
8623 if (parentPath == null) {
8627 long objId = rs.getLong(
"obj_id");
8628 long dsObjId = rs.getLong(
"data_source_obj_id");
8629 if (objId == dsObjId) {
8631 String deviceId =
"";
8632 String timeZone =
"";
8634 ResultSet rsDataSourceInfo = null;
8638 s = connection.createStatement();
8639 rsDataSourceInfo = connection.executeQuery(s,
"SELECT device_id, time_zone FROM data_source_info WHERE obj_id = " + objId);
8640 if (rsDataSourceInfo.next()) {
8641 deviceId = rsDataSourceInfo.getString(
"device_id");
8642 timeZone = rsDataSourceInfo.getString(
"time_zone");
8644 }
catch (SQLException ex) {
8645 logger.log(Level.SEVERE,
"Error data source info for datasource id " + objId, ex);
8647 closeResultSet(rsDataSourceInfo);
8652 return new LocalFilesDataSource(
this,
8655 rs.getString(
"name"),
8656 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8657 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8658 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8659 rs.getShort(
"meta_flags"),
8661 rs.getString(
"md5"),
8662 FileKnown.valueOf(rs.getByte(
"known")),
8665 final VirtualDirectory vd =
new VirtualDirectory(
this,
8667 rs.getString(
"name"),
8668 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8669 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8670 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8671 rs.getShort(
"meta_flags"), rs.getString(
"md5"),
8672 FileKnown.valueOf(rs.getByte(
"known")), parentPath);
8686 LocalDirectory localDirectory(ResultSet rs)
throws SQLException {
8687 String parentPath = rs.getString(
"parent_path");
8688 if (parentPath == null) {
8691 final LocalDirectory ld =
new LocalDirectory(
this, rs.getLong(
"obj_id"),
8692 rs.getLong(
"data_source_obj_id"), rs.getString(
"name"),
8693 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8694 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8695 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8696 rs.getShort(
"meta_flags"), rs.getString(
"md5"),
8697 FileKnown.valueOf(rs.getByte(
"known")), parentPath);
8714 private DerivedFile derivedFile(ResultSet rs, CaseDbConnection connection,
long parentId)
throws SQLException {
8715 boolean hasLocalPath = rs.getBoolean(
"has_path");
8716 long objId = rs.getLong(
"obj_id");
8717 String localPath = null;
8718 TskData.EncodingType encodingType = TskData.EncodingType.NONE;
8720 ResultSet rsFilePath = null;
8723 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_LOCAL_PATH_AND_ENCODING_FOR_FILE);
8724 statement.clearParameters();
8725 statement.setLong(1, objId);
8726 rsFilePath = connection.executeQuery(statement);
8727 if (rsFilePath.next()) {
8728 localPath = rsFilePath.getString(
"path");
8729 encodingType = TskData.EncodingType.valueOf(rsFilePath.getInt(
"encoding_type"));
8731 }
catch (SQLException ex) {
8732 logger.log(Level.SEVERE,
"Error getting encoding type for file " + objId, ex);
8734 closeResultSet(rsFilePath);
8738 String parentPath = rs.getString(
"parent_path");
8739 if (parentPath == null) {
8742 final DerivedFile df =
new DerivedFile(
this, objId, rs.getLong(
"data_source_obj_id"),
8743 rs.getString(
"name"),
8744 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8745 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8746 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8748 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8749 rs.getString(
"md5"), FileKnown.valueOf(rs.getByte(
"known")),
8750 parentPath, localPath, parentId, rs.getString(
"mime_type"),
8751 encodingType, rs.getString(
"extension"));
8768 private LocalFile localFile(ResultSet rs, CaseDbConnection connection,
long parentId)
throws SQLException {
8769 long objId = rs.getLong(
"obj_id");
8770 String localPath = null;
8771 TskData.EncodingType encodingType = TskData.EncodingType.NONE;
8772 if (rs.getBoolean(
"has_path")) {
8773 ResultSet rsFilePath = null;
8776 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_LOCAL_PATH_AND_ENCODING_FOR_FILE);
8777 statement.clearParameters();
8778 statement.setLong(1, objId);
8779 rsFilePath = connection.executeQuery(statement);
8780 if (rsFilePath.next()) {
8781 localPath = rsFilePath.getString(
"path");
8782 encodingType = TskData.EncodingType.valueOf(rsFilePath.getInt(
"encoding_type"));
8784 }
catch (SQLException ex) {
8785 logger.log(Level.SEVERE,
"Error getting encoding type for file " + objId, ex);
8787 closeResultSet(rsFilePath);
8791 String parentPath = rs.getString(
"parent_path");
8792 if (null == parentPath) {
8795 LocalFile file =
new LocalFile(
this, objId, rs.getString(
"name"),
8796 TSK_DB_FILES_TYPE_ENUM.valueOf(rs.getShort(
"type")),
8797 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8798 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8799 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8801 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8802 rs.getString(
"mime_type"), rs.getString(
"md5"), FileKnown.valueOf(rs.getByte(
"known")),
8803 parentId, parentPath, rs.getLong(
"data_source_obj_id"),
8804 localPath, encodingType, rs.getString(
"extension"));
8821 rs.getLong(
"data_source_obj_id"), rs.getLong(
"fs_obj_id"),
8822 TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf(rs.getShort(
"attr_type")),
8823 rs.getInt(
"attr_id"), rs.getString(
"name"), rs.getLong(
"meta_addr"), rs.getInt(
"meta_seq"),
8824 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8825 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8826 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8827 rs.getShort(
"meta_flags"), rs.getLong(
"size"),
8828 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8829 (short) rs.getInt(
"mode"), rs.getInt(
"uid"), rs.getInt(
"gid"),
8830 rs.getString(
"md5"), FileKnown.valueOf(rs.getByte(
"known")),
8831 rs.getString(
"parent_path"), rs.getString(
"mime_type"), rs.getString(
"extension"));
8832 f.setFileSystem(fs);
8847 List<Content> fileChildren(ResultSet rs, CaseDbConnection connection,
long parentId)
throws SQLException {
8848 List<Content> children =
new ArrayList<Content>();
8851 TskData.TSK_DB_FILES_TYPE_ENUM type = TskData.TSK_DB_FILES_TYPE_ENUM.valueOf(rs.getShort(
"type"));
8856 if (rs.getShort(
"meta_type") != TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue()) {
8858 if (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()) {
8859 result = directory(rs, null);
8861 result = file(rs, null);
8863 children.add(result);
8865 VirtualDirectory virtDir = virtualDirectory(rs, connection);
8866 children.add(virtDir);
8870 VirtualDirectory virtDir = virtualDirectory(rs, connection);
8871 children.add(virtDir);
8874 LocalDirectory localDir = localDirectory(rs);
8875 children.add(localDir);
8877 case UNALLOC_BLOCKS:
8881 String parentPath = rs.getString(
"parent_path");
8882 if (parentPath == null) {
8885 final LayoutFile lf =
new LayoutFile(
this, rs.getLong(
"obj_id"),
8886 rs.getLong(
"data_source_obj_id"), rs.getString(
"name"), type,
8887 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8888 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8889 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8891 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8892 rs.getString(
"md5"),
8893 FileKnown.valueOf(rs.getByte(
"known")), parentPath, rs.getString(
"mime_type"));
8898 final DerivedFile df = derivedFile(rs, connection, parentId);
8902 final LocalFile lf = localFile(rs, connection, parentId);
8907 final SlackFile sf = slackFile(rs, null);
8934 private List<BlackboardArtifact> resultSetToArtifacts(ResultSet rs)
throws SQLException, TskCoreException {
8935 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
8938 BlackboardArtifact.Type artifactType =
getArtifactType(rs.getInt(
"artifact_type_id"));
8939 if (artifactType != null) {
8940 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
8941 rs.getInt(
"artifact_type_id"), artifactType.getTypeName(), artifactType.getDisplayName(),
8942 BlackboardArtifact.ReviewStatus.withID(rs.getInt(
"review_status_id"))));
8944 throw new TskCoreException(
"Error looking up artifact type ID " + rs.getInt(
"artifact_type_id") +
" from artifact " + rs.getLong(
"artifact_id"));
8947 }
catch (SQLException e) {
8948 logger.log(Level.SEVERE,
"Error getting artifacts from result set", e);
9011 CaseDbConnection getConnection() throws TskCoreException {
9012 return connections.getConnection();
9021 String getCaseHandleIdentifier() {
9022 return caseHandleIdentifier;
9041 connections.close();
9042 }
catch (TskCoreException ex) {
9043 logger.log(Level.SEVERE,
"Error closing database connection pool.", ex);
9046 fileSystemIdMap.clear();
9049 if (this.caseHandle != null) {
9050 this.caseHandle.free();
9051 this.caseHandle = null;
9053 }
catch (TskCoreException ex) {
9054 logger.log(Level.SEVERE,
"Error freeing case handle.", ex);
9073 long id = file.getId();
9074 FileKnown currentKnown = file.getKnown();
9075 if (currentKnown.compareTo(fileKnown) > 0) {
9078 CaseDbConnection connection = connections.getConnection();
9080 Statement statement = null;
9082 statement = connection.createStatement();
9083 connection.executeUpdate(statement,
"UPDATE tsk_files "
9084 +
"SET known='" + fileKnown.getFileKnownValue() +
"' "
9085 +
"WHERE obj_id=" + id);
9087 file.setKnown(fileKnown);
9088 }
catch (SQLException ex) {
9089 throw new TskCoreException(
"Error setting Known status.", ex);
9091 closeStatement(statement);
9106 void setFileName(String name,
long objId)
throws TskCoreException {
9108 CaseDbConnection connection = connections.getConnection();
9112 preparedStatement.clearParameters();
9113 preparedStatement.setString(1, name);
9114 preparedStatement.setLong(2, objId);
9115 connection.executeUpdate(preparedStatement);
9116 }
catch (SQLException ex) {
9117 throw new TskCoreException(String.format(
"Error updating while the name for object ID %d to %s", objId, name), ex);
9132 void setImageName(String name,
long objId)
throws TskCoreException {
9134 CaseDbConnection connection = connections.getConnection();
9137 PreparedStatement preparedStatement = connection.getPreparedStatement(SleuthkitCase.PREPARED_STATEMENT.UPDATE_IMAGE_NAME);
9138 preparedStatement.clearParameters();
9139 preparedStatement.setString(1, name);
9140 preparedStatement.setLong(2, objId);
9141 connection.executeUpdate(preparedStatement);
9142 }
catch (SQLException ex) {
9143 throw new TskCoreException(String.format(
"Error updating while the name for object ID %d to %s", objId, name), ex);
9160 CaseDbConnection connection = connections.getConnection();
9161 Statement statement = null;
9162 ResultSet rs = null;
9165 statement = connection.createStatement();
9166 connection.executeUpdate(statement, String.format(
"UPDATE tsk_files SET mime_type = '%s' WHERE obj_id = %d", mimeType, file.getId()));
9167 file.setMIMEType(mimeType);
9168 }
catch (SQLException ex) {
9169 throw new TskCoreException(String.format(
"Error setting MIME type for file (obj_id = %s)", file.getId()), ex);
9172 closeStatement(statement);
9187 void setMd5Hash(
AbstractFile file, String md5Hash)
throws TskCoreException {
9188 if (md5Hash == null) {
9191 long id = file.getId();
9192 CaseDbConnection connection = connections.getConnection();
9195 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_FILE_MD5);
9196 statement.clearParameters();
9197 statement.setString(1, md5Hash.toLowerCase());
9198 statement.setLong(2,
id);
9199 connection.executeUpdate(statement);
9200 file.setMd5Hash(md5Hash.toLowerCase());
9201 }
catch (SQLException ex) {
9202 throw new TskCoreException(
"Error setting MD5 hash", ex);
9218 void setMd5ImageHash(Image img, String md5Hash)
throws TskCoreException {
9219 if (md5Hash == null) {
9222 long id = img.getId();
9223 CaseDbConnection connection = connections.getConnection();
9226 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_MD5);
9227 statement.clearParameters();
9228 statement.setString(1, md5Hash.toLowerCase());
9229 statement.setLong(2,
id);
9230 connection.executeUpdate(statement);
9231 }
catch (SQLException ex) {
9232 throw new TskCoreException(
"Error setting MD5 hash", ex);
9249 String getMd5ImageHash(Image img)
throws TskCoreException {
9250 long id = img.getId();
9251 CaseDbConnection connection = connections.getConnection();
9253 ResultSet rs = null;
9256 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_IMAGE_MD5);
9257 statement.clearParameters();
9258 statement.setLong(1,
id);
9259 rs = connection.executeQuery(statement);
9261 hash = rs.getString(
"md5");
9264 }
catch (SQLException ex) {
9265 throw new TskCoreException(
"Error getting MD5 hash", ex);
9282 void setSha1ImageHash(Image img, String sha1Hash)
throws TskCoreException {
9283 if (sha1Hash == null) {
9286 long id = img.getId();
9287 CaseDbConnection connection = connections.getConnection();
9290 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_SHA1);
9291 statement.clearParameters();
9292 statement.setString(1, sha1Hash.toLowerCase());
9293 statement.setLong(2,
id);
9294 connection.executeUpdate(statement);
9295 }
catch (SQLException ex) {
9296 throw new TskCoreException(
"Error setting SHA1 hash", ex);
9313 String getSha1ImageHash(Image img)
throws TskCoreException {
9314 long id = img.getId();
9315 CaseDbConnection connection = connections.getConnection();
9317 ResultSet rs = null;
9320 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_IMAGE_SHA1);
9321 statement.clearParameters();
9322 statement.setLong(1,
id);
9323 rs = connection.executeQuery(statement);
9325 hash = rs.getString(
"sha1");
9328 }
catch (SQLException ex) {
9329 throw new TskCoreException(
"Error getting SHA1 hash", ex);
9346 void setSha256ImageHash(Image img, String sha256Hash)
throws TskCoreException {
9347 if (sha256Hash == null) {
9350 long id = img.getId();
9351 CaseDbConnection connection = connections.getConnection();
9354 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_SHA256);
9355 statement.clearParameters();
9356 statement.setString(1, sha256Hash.toLowerCase());
9357 statement.setLong(2,
id);
9358 connection.executeUpdate(statement);
9359 }
catch (SQLException ex) {
9360 throw new TskCoreException(
"Error setting SHA256 hash", ex);
9377 String getSha256ImageHash(Image img)
throws TskCoreException {
9378 long id = img.getId();
9379 CaseDbConnection connection = connections.getConnection();
9381 ResultSet rs = null;
9384 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_IMAGE_SHA256);
9385 statement.clearParameters();
9386 statement.setLong(1,
id);
9387 rs = connection.executeQuery(statement);
9389 hash = rs.getString(
"sha256");
9392 }
catch (SQLException ex) {
9393 throw new TskCoreException(
"Error setting SHA256 hash", ex);
9409 void setAcquisitionDetails(DataSource datasource, String details)
throws TskCoreException {
9411 long id = datasource.getId();
9412 CaseDbConnection connection = connections.getConnection();
9415 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_ACQUISITION_DETAILS);
9416 statement.clearParameters();
9417 statement.setString(1, details);
9418 statement.setLong(2,
id);
9419 connection.executeUpdate(statement);
9420 }
catch (SQLException ex) {
9421 throw new TskCoreException(
"Error setting acquisition details", ex);
9437 void setAcquisitionDetails(
long dataSourceId, String details, CaseDbTransaction trans)
throws TskCoreException {
9440 CaseDbConnection connection = trans.getConnection();
9441 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_ACQUISITION_DETAILS);
9442 statement.clearParameters();
9443 statement.setString(1, details);
9444 statement.setLong(2, dataSourceId);
9445 connection.executeUpdate(statement);
9446 }
catch (SQLException ex) {
9447 throw new TskCoreException(
"Error setting acquisition details", ex);
9462 String getAcquisitionDetails(DataSource datasource)
throws TskCoreException {
9463 long id = datasource.getId();
9464 CaseDbConnection connection = connections.getConnection();
9466 ResultSet rs = null;
9469 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ACQUISITION_DETAILS);
9470 statement.clearParameters();
9471 statement.setLong(1,
id);
9472 rs = connection.executeQuery(statement);
9474 hash = rs.getString(
"acquisition_details");
9477 }
catch (SQLException ex) {
9478 throw new TskCoreException(
"Error setting acquisition details", ex);
9497 if (newStatus == null) {
9500 CaseDbConnection connection = connections.getConnection();
9502 Statement statement = null;
9504 statement = connection.createStatement();
9505 connection.executeUpdate(statement,
"UPDATE blackboard_artifacts "
9506 +
" SET review_status_id=" + newStatus.getID()
9507 +
" WHERE blackboard_artifacts.artifact_id = " + artifact.
getArtifactID());
9508 }
catch (SQLException ex) {
9509 throw new TskCoreException(
"Error setting review status", ex);
9511 closeStatement(statement);
9528 CaseDbConnection connection = connections.getConnection();
9531 ResultSet rs = null;
9533 s = connection.createStatement();
9534 Short contentShort = contentType.getValue();
9535 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files WHERE meta_type = '" + contentShort.toString() +
"'");
9538 count = rs.getInt(
"count");
9541 }
catch (SQLException ex) {
9542 throw new TskCoreException(
"Error getting number of objects.", ex);
9560 String escapedText = null;
9562 escapedText = text.replaceAll(
"'",
"''");
9575 if (md5Hash == null) {
9578 CaseDbConnection connection;
9580 connection = connections.getConnection();
9581 }
catch (TskCoreException ex) {
9582 logger.log(Level.SEVERE,
"Error finding files by md5 hash " + md5Hash, ex);
9587 ResultSet rs = null;
9589 s = connection.createStatement();
9590 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE "
9591 +
" md5 = '" + md5Hash.toLowerCase() +
"' "
9593 return resultSetToAbstractFiles(rs, connection);
9594 }
catch (SQLException ex) {
9595 logger.log(Level.WARNING,
"Error querying database.", ex);
9612 CaseDbConnection connection;
9614 connection = connections.getConnection();
9615 }
catch (TskCoreException ex) {
9616 logger.log(Level.SEVERE,
"Error checking md5 hashing status", ex);
9619 boolean allFilesAreHashed =
false;
9622 ResultSet rs = null;
9624 s = connection.createStatement();
9625 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files "
9627 +
"AND md5 IS NULL "
9628 +
"AND size > '0'");
9629 if (rs.next() && rs.getInt(
"count") == 0) {
9630 allFilesAreHashed =
true;
9632 }
catch (SQLException ex) {
9633 logger.log(Level.WARNING,
"Failed to query whether all files have MD5 hashes", ex);
9640 return allFilesAreHashed;
9649 CaseDbConnection connection;
9651 connection = connections.getConnection();
9652 }
catch (TskCoreException ex) {
9653 logger.log(Level.SEVERE,
"Error getting database connection for hashed files count", ex);
9659 ResultSet rs = null;
9661 s = connection.createStatement();
9662 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files "
9663 +
"WHERE md5 IS NOT NULL "
9664 +
"AND size > '0'");
9666 count = rs.getInt(
"count");
9668 }
catch (SQLException ex) {
9669 logger.log(Level.WARNING,
"Failed to query for all the files.", ex);
9689 CaseDbConnection connection = connections.getConnection();
9691 ResultSet resultSet = null;
9694 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAMES);
9695 resultSet = connection.executeQuery(statement);
9696 ArrayList<TagName> tagNames =
new ArrayList<>();
9697 while (resultSet.next()) {
9698 tagNames.add(
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9700 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank")));
9703 }
catch (SQLException ex) {
9704 throw new TskCoreException(
"Error selecting rows from tag_names table", ex);
9706 closeResultSet(resultSet);
9723 CaseDbConnection connection = connections.getConnection();
9725 ResultSet resultSet = null;
9728 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAMES_IN_USE);
9729 resultSet = connection.executeQuery(statement);
9730 ArrayList<TagName> tagNames =
new ArrayList<>();
9731 while (resultSet.next()) {
9732 tagNames.add(
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9734 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank")));
9737 }
catch (SQLException ex) {
9738 throw new TskCoreException(
"Error selecting rows from tag_names table", ex);
9740 closeResultSet(resultSet);
9760 ArrayList<TagName> tagNames =
new ArrayList<TagName>();
9766 CaseDbConnection connection = connections.getConnection();
9768 ResultSet resultSet = null;
9771 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAMES_IN_USE_BY_DATASOURCE);
9772 statement.setLong(1, dsObjId);
9773 statement.setLong(2, dsObjId);
9774 resultSet = connection.executeQuery(statement);
9775 while (resultSet.next()) {
9776 tagNames.add(
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9778 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank")));
9781 }
catch (SQLException ex) {
9782 throw new TskCoreException(
"Failed to get tag names in use for data source objID : " + dsObjId, ex);
9784 closeResultSet(resultSet);
9823 CaseDbConnection connection = connections.getConnection();
9825 ResultSet resultSet = null;
9827 PreparedStatement statement;
9829 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_OR_UPDATE_TAG_NAME, Statement.RETURN_GENERATED_KEYS);
9830 statement.clearParameters();
9831 statement.setString(5, description);
9832 statement.setString(6, color.getName());
9833 statement.setByte(7, knownStatus.getFileKnownValue());
9834 statement.setString(1, displayName);
9835 statement.setString(2, description);
9836 statement.setString(3, color.getName());
9837 statement.setByte(4, knownStatus.getFileKnownValue());
9838 connection.executeUpdate(statement);
9840 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAME_BY_NAME);
9841 statement.clearParameters();
9842 statement.setString(1, displayName);
9843 resultSet = connection.executeQuery(statement);
9846 return new TagName(resultSet.getLong(
"tag_name_id"), displayName, description, color, knownStatus, resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
9848 }
catch (SQLException ex) {
9849 throw new TskCoreException(
"Error adding row for " + displayName +
" tag name to tag_names table", ex);
9851 closeResultSet(resultSet);
9882 CaseDbConnection connection = connections.getConnection();
9886 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_CONTENT_TAG);
9887 statement.clearParameters();
9888 statement.setLong(1, tag.getId());
9889 connection.executeUpdate(statement);
9890 }
catch (SQLException ex) {
9891 throw new TskCoreException(
"Error deleting row from content_tags table (id = " + tag.getId() +
")", ex);
9907 CaseDbConnection connection = connections.getConnection();
9909 ResultSet resultSet = null;
9915 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS);
9916 resultSet = connection.executeQuery(statement);
9917 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
9918 while (resultSet.next()) {
9919 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9921 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
9923 tags.add(
new ContentTag(resultSet.getLong(
"tag_id"), content, tagName, resultSet.getString(
"comment"),
9924 resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name")));
9927 }
catch (SQLException ex) {
9928 throw new TskCoreException(
"Error selecting rows from content_tags table", ex);
9930 closeResultSet(resultSet);
9947 if (tagName.getId() ==
Tag.ID_NOT_SET) {
9948 throw new TskCoreException(
"TagName object is invalid, id not set");
9950 CaseDbConnection connection = connections.getConnection();
9952 ResultSet resultSet = null;
9955 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CONTENT_TAGS_BY_TAG_NAME);
9956 statement.clearParameters();
9957 statement.setLong(1, tagName.getId());
9958 resultSet = connection.executeQuery(statement);
9959 if (resultSet.next()) {
9960 return resultSet.getLong(
"count");
9962 throw new TskCoreException(
"Error getting content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")");
9964 }
catch (SQLException ex) {
9965 throw new TskCoreException(
"Error getting content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")", ex);
9967 closeResultSet(resultSet);
9990 if (tagName.getId() ==
Tag.ID_NOT_SET) {
9991 throw new TskCoreException(
"TagName object is invalid, id not set");
9994 CaseDbConnection connection = connections.getConnection();
9996 ResultSet resultSet = null;
10001 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE);
10002 statement.clearParameters();
10003 statement.setLong(1, tagName.getId());
10004 statement.setLong(2, dsObjId);
10006 resultSet = connection.executeQuery(statement);
10007 if (resultSet.next()) {
10008 return resultSet.getLong(
"count");
10010 throw new TskCoreException(
"Error getting content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")" +
" for dsObjId = " + dsObjId);
10012 }
catch (SQLException ex) {
10013 throw new TskCoreException(
"Failed to get content_tags row count for tag_name_id = " + tagName.getId() +
"data source objID : " + dsObjId, ex);
10015 closeResultSet(resultSet);
10016 connection.close();
10033 CaseDbConnection connection = connections.getConnection();
10035 ResultSet resultSet = null;
10043 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAG_BY_ID);
10044 statement.clearParameters();
10045 statement.setLong(1, contentTagID);
10046 resultSet = connection.executeQuery(statement);
10048 while (resultSet.next()) {
10049 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10051 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10053 resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10057 }
catch (SQLException ex) {
10058 throw new TskCoreException(
"Error getting content tag with id = " + contentTagID, ex);
10060 closeResultSet(resultSet);
10061 connection.close();
10079 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10080 throw new TskCoreException(
"TagName object is invalid, id not set");
10082 CaseDbConnection connection = connections.getConnection();
10084 ResultSet resultSet = null;
10090 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_TAG_NAME);
10091 statement.clearParameters();
10092 statement.setLong(1, tagName.getId());
10093 resultSet = connection.executeQuery(statement);
10094 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
10095 while (resultSet.next()) {
10097 tagName, resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10102 }
catch (SQLException ex) {
10103 throw new TskCoreException(
"Error getting content_tags rows (tag_name_id = " + tagName.getId() +
")", ex);
10105 closeResultSet(resultSet);
10106 connection.close();
10125 CaseDbConnection connection = connections.getConnection();
10127 ResultSet resultSet = null;
10136 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE);
10137 statement.clearParameters();
10138 statement.setLong(1, tagName.getId());
10139 statement.setLong(2, dsObjId);
10140 resultSet = connection.executeQuery(statement);
10141 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
10142 while (resultSet.next()) {
10144 tagName, resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10149 }
catch (SQLException ex) {
10150 throw new TskCoreException(
"Failed to get content_tags row count for tag_name_id = " + tagName.getId() +
" data source objID : " + dsObjId, ex);
10152 closeResultSet(resultSet);
10153 connection.close();
10170 CaseDbConnection connection = connections.getConnection();
10172 ResultSet resultSet = null;
10179 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_CONTENT);
10180 statement.clearParameters();
10181 statement.setLong(1, content.getId());
10182 resultSet = connection.executeQuery(statement);
10183 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
10184 while (resultSet.next()) {
10185 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10187 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10189 resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10193 }
catch (SQLException ex) {
10194 throw new TskCoreException(
"Error getting content tags data for content (obj_id = " + content.getId() +
")", ex);
10196 closeResultSet(resultSet);
10197 connection.close();
10227 CaseDbConnection connection = connections.getConnection();
10231 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_ARTIFACT_TAG);
10232 statement.clearParameters();
10233 statement.setLong(1, tag.getId());
10234 connection.executeUpdate(statement);
10235 }
catch (SQLException ex) {
10236 throw new TskCoreException(
"Error deleting row from blackboard_artifact_tags table (id = " + tag.getId() +
")", ex);
10238 connection.close();
10253 CaseDbConnection connection = connections.getConnection();
10255 ResultSet resultSet = null;
10261 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS);
10262 resultSet = connection.executeQuery(statement);
10263 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<>();
10264 while (resultSet.next()) {
10265 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10267 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10271 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10275 }
catch (SQLException ex) {
10276 throw new TskCoreException(
"Error selecting rows from blackboard_artifact_tags table", ex);
10278 closeResultSet(resultSet);
10279 connection.close();
10295 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10296 throw new TskCoreException(
"TagName object is invalid, id not set");
10298 CaseDbConnection connection = connections.getConnection();
10300 ResultSet resultSet = null;
10303 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_TAG_NAME);
10304 statement.clearParameters();
10305 statement.setLong(1, tagName.getId());
10306 resultSet = connection.executeQuery(statement);
10307 if (resultSet.next()) {
10308 return resultSet.getLong(
"count");
10310 throw new TskCoreException(
"Error getting blackboard_artifact_tags row count for tag name (tag_name_id = " + tagName.getId() +
")");
10312 }
catch (SQLException ex) {
10313 throw new TskCoreException(
"Error getting blackboard artifact_content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")", ex);
10315 closeResultSet(resultSet);
10316 connection.close();
10337 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10338 throw new TskCoreException(
"TagName object is invalid, id not set");
10341 CaseDbConnection connection = connections.getConnection();
10343 ResultSet resultSet = null;
10348 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_TAG_NAME_BY_DATASOURCE);
10349 statement.clearParameters();
10350 statement.setLong(1, tagName.getId());
10351 statement.setLong(2, dsObjId);
10352 resultSet = connection.executeQuery(statement);
10353 if (resultSet.next()) {
10354 return resultSet.getLong(
"count");
10356 throw new TskCoreException(
"Error getting blackboard_artifact_tags row count for tag name (tag_name_id = " + tagName.getId() +
")" +
" for dsObjId = " + dsObjId);
10358 }
catch (SQLException ex) {
10359 throw new TskCoreException(
"Failed to get blackboard_artifact_tags row count for tag_name_id = " + tagName.getId() +
"data source objID : " + dsObjId, ex);
10361 closeResultSet(resultSet);
10362 connection.close();
10379 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10380 throw new TskCoreException(
"TagName object is invalid, id not set");
10382 CaseDbConnection connection = connections.getConnection();
10384 ResultSet resultSet = null;
10390 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_TAG_NAME);
10391 statement.clearParameters();
10392 statement.setLong(1, tagName.getId());
10393 resultSet = connection.executeQuery(statement);
10394 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<BlackboardArtifactTag>();
10395 while (resultSet.next()) {
10399 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10403 }
catch (SQLException ex) {
10404 throw new TskCoreException(
"Error getting blackboard artifact tags data (tag_name_id = " + tagName.getId() +
")", ex);
10406 closeResultSet(resultSet);
10407 connection.close();
10428 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10429 throw new TskCoreException(
"TagName object is invalid, id not set");
10432 CaseDbConnection connection = connections.getConnection();
10434 ResultSet resultSet = null;
10442 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_TAG_NAME_BY_DATASOURCE);
10443 statement.clearParameters();
10444 statement.setLong(1, tagName.getId());
10445 statement.setLong(2, dsObjId);
10446 resultSet = connection.executeQuery(statement);
10447 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<BlackboardArtifactTag>();
10448 while (resultSet.next()) {
10452 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10456 }
catch (SQLException ex) {
10457 throw new TskCoreException(
"Failed to get blackboard_artifact_tags row count for tag_name_id = " + tagName.getId() +
"data source objID : " + dsObjId, ex);
10459 closeResultSet(resultSet);
10460 connection.close();
10479 CaseDbConnection connection = connections.getConnection();
10481 ResultSet resultSet = null;
10489 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAG_BY_ID);
10490 statement.clearParameters();
10491 statement.setLong(1, artifactTagID);
10492 resultSet = connection.executeQuery(statement);
10494 while (resultSet.next()) {
10495 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10497 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10501 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10505 }
catch (SQLException ex) {
10506 throw new TskCoreException(
"Error getting blackboard artifact tag with id = " + artifactTagID, ex);
10508 closeResultSet(resultSet);
10509 connection.close();
10528 CaseDbConnection connection = connections.getConnection();
10530 ResultSet resultSet = null;
10537 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_ARTIFACT);
10538 statement.clearParameters();
10539 statement.setLong(1, artifact.getArtifactID());
10540 resultSet = connection.executeQuery(statement);
10541 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<>();
10542 while (resultSet.next()) {
10543 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10545 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10548 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10552 }
catch (SQLException ex) {
10553 throw new TskCoreException(
"Error getting blackboard artifact tags data (artifact_id = " + artifact.getArtifactID() +
")", ex);
10555 closeResultSet(resultSet);
10556 connection.close();
10570 CaseDbConnection connection = connections.getConnection();
10574 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_PATH);
10575 statement.clearParameters();
10576 statement.setString(1, newPath);
10577 statement.setLong(2, objectId);
10578 connection.executeUpdate(statement);
10579 }
catch (SQLException ex) {
10580 throw new TskCoreException(
"Error updating image path in database for object " + objectId, ex);
10582 connection.close();
10600 public Report addReport(String localPath, String sourceModuleName, String reportName)
throws TskCoreException {
10601 return addReport(localPath, sourceModuleName, reportName, null);
10622 String relativePath =
"";
10623 long createTime = 0;
10624 String localPathLower = localPath.toLowerCase();
10626 if (localPathLower.startsWith(
"http")) {
10627 relativePath = localPathLower;
10628 createTime = System.currentTimeMillis() / 1000;
10639 int length =
new File(casePathLower).toURI().relativize(
new File(localPathLower).toURI()).getPath().length();
10640 relativePath =
new File(localPath.substring(localPathLower.length() - length)).getPath();
10641 }
catch (IllegalArgumentException ex) {
10642 String errorMessage = String.format(
"Local path %s not in the database directory or one of its subdirectories", localPath);
10643 throw new TskCoreException(errorMessage, ex);
10647 java.io.File tempFile =
new java.io.File(localPath);
10649 createTime = tempFile.lastModified() / 1000;
10650 }
catch (Exception ex) {
10651 throw new TskCoreException(
"Could not get create time for report at " + localPath, ex);
10656 CaseDbConnection connection = connections.getConnection();
10658 ResultSet resultSet = null;
10662 long parentObjId = 0;
10663 if (parent != null) {
10664 parentObjId = parent.getId();
10669 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_REPORT);
10670 statement.clearParameters();
10671 statement.setLong(1, objectId);
10672 statement.setString(2, relativePath);
10673 statement.setLong(3, createTime);
10674 statement.setString(4, sourceModuleName);
10675 statement.setString(5, reportName);
10676 connection.executeUpdate(statement);
10677 return new Report(
this, objectId, localPath, createTime, sourceModuleName, reportName, parent);
10678 }
catch (SQLException ex) {
10679 throw new TskCoreException(
"Error adding report " + localPath +
" to reports table", ex);
10681 closeResultSet(resultSet);
10682 connection.close();
10696 CaseDbConnection connection = connections.getConnection();
10698 ResultSet resultSet = null;
10699 ResultSet parentResultSet = null;
10700 PreparedStatement statement = null;
10701 Statement parentStatement = null;
10704 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_REPORTS);
10705 parentStatement = connection.createStatement();
10706 resultSet = connection.executeQuery(statement);
10707 ArrayList<Report> reports =
new ArrayList<Report>();
10708 while (resultSet.next()) {
10709 String localpath = resultSet.getString(
"path");
10710 if (localpath.toLowerCase().startsWith(
"http") ==
false) {
10712 localpath = Paths.get(
getDbDirPath(), localpath).normalize().toString();
10717 long reportId = resultSet.getLong(
"obj_id");
10718 String parentQuery = String.format(
"SELECT * FROM tsk_objects WHERE obj_id = %s;", reportId);
10719 parentResultSet = parentStatement.executeQuery(parentQuery);
10720 if (parentResultSet.next()) {
10721 long parentId = parentResultSet.getLong(
"par_obj_id");
10724 parentResultSet.close();
10726 reports.add(
new Report(
this,
10729 resultSet.getLong(
"crtime"),
10730 resultSet.getString(
"src_module_name"),
10731 resultSet.getString(
"report_name"),
10735 }
catch (SQLException ex) {
10736 throw new TskCoreException(
"Error querying reports table", ex);
10738 closeResultSet(resultSet);
10739 closeResultSet(parentResultSet);
10740 closeStatement(statement);
10741 closeStatement(parentStatement);
10743 connection.close();
10758 CaseDbConnection connection = connections.getConnection();
10760 PreparedStatement statement = null;
10761 Statement parentStatement = null;
10762 ResultSet resultSet = null;
10763 ResultSet parentResultSet = null;
10767 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_REPORT_BY_ID);
10768 parentStatement = connection.createStatement();
10769 statement.clearParameters();
10770 statement.setLong(1,
id);
10771 resultSet = connection.executeQuery(statement);
10773 if (resultSet.next()) {
10776 String parentQuery = String.format(
"SELECT * FROM tsk_objects WHERE obj_id = %s;",
id);
10777 parentResultSet = parentStatement.executeQuery(parentQuery);
10778 if (parentResultSet.next()) {
10779 long parentId = parentResultSet.getLong(
"par_obj_id");
10783 report =
new Report(
this, resultSet.getLong(
"obj_id"),
10784 Paths.get(
getDbDirPath(), resultSet.getString(
"path")).normalize().toString(),
10785 resultSet.getLong(
"crtime"),
10786 resultSet.getString(
"src_module_name"),
10787 resultSet.getString(
"report_name"),
10790 throw new TskCoreException(
"No report found for id: " +
id);
10792 }
catch (SQLException ex) {
10793 throw new TskCoreException(
"Error querying reports table for id: " +
id, ex);
10795 closeResultSet(resultSet);
10796 closeResultSet(parentResultSet);
10797 closeStatement(statement);
10798 closeStatement(parentStatement);
10799 connection.close();
10814 CaseDbConnection connection = connections.getConnection();
10818 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_REPORT);
10819 statement.setLong(1, report.getId());
10820 connection.executeUpdate(statement);
10821 }
catch (SQLException ex) {
10822 throw new TskCoreException(
"Error querying reports table", ex);
10824 connection.close();
10829 static void closeResultSet(ResultSet resultSet) {
10830 if (resultSet != null) {
10833 }
catch (SQLException ex) {
10834 logger.log(Level.SEVERE,
"Error closing ResultSet", ex);
10839 static void closeStatement(Statement statement) {
10840 if (statement != null) {
10843 }
catch (SQLException ex) {
10844 logger.log(Level.SEVERE,
"Error closing Statement", ex);
10858 void setIngestJobEndDateTime(
long ingestJobId,
long endDateTime)
throws TskCoreException {
10859 CaseDbConnection connection = connections.getConnection();
10862 Statement statement = connection.createStatement();
10863 statement.executeUpdate(
"UPDATE ingest_jobs SET end_date_time=" + endDateTime +
" WHERE ingest_job_id=" + ingestJobId +
";");
10864 }
catch (SQLException ex) {
10865 throw new TskCoreException(
"Error updating the end date (ingest_job_id = " + ingestJobId +
".", ex);
10867 connection.close();
10872 void setIngestJobStatus(
long ingestJobId, IngestJobStatusType status)
throws TskCoreException {
10873 CaseDbConnection connection = connections.getConnection();
10876 Statement statement = connection.createStatement();
10877 statement.executeUpdate(
"UPDATE ingest_jobs SET status_id=" + status.ordinal() +
" WHERE ingest_job_id=" + ingestJobId +
";");
10878 }
catch (SQLException ex) {
10879 throw new TskCoreException(
"Error ingest job status (ingest_job_id = " + ingestJobId +
".", ex);
10881 connection.close();
10903 CaseDbConnection connection = connections.getConnection();
10905 ResultSet resultSet = null;
10906 Statement statement;
10908 connection.beginTransaction();
10909 statement = connection.createStatement();
10910 PreparedStatement insertStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_INGEST_JOB, Statement.RETURN_GENERATED_KEYS);
10911 insertStatement.setLong(1, dataSource.getId());
10912 insertStatement.setString(2, hostName);
10913 insertStatement.setLong(3, jobStart.getTime());
10914 insertStatement.setLong(4, jobEnd.getTime());
10915 insertStatement.setInt(5, status.ordinal());
10916 insertStatement.setString(6, settingsDir);
10917 connection.executeUpdate(insertStatement);
10918 resultSet = insertStatement.getGeneratedKeys();
10920 long id = resultSet.getLong(1);
10921 for (
int i = 0; i < ingestModules.size(); i++) {
10923 statement.executeUpdate(
"INSERT INTO ingest_job_modules (ingest_job_id, ingest_module_id, pipeline_position) "
10924 +
"VALUES (" +
id +
", " + ingestModule.
getIngestModuleId() +
", " + i +
");");
10928 connection.commitTransaction();
10929 return new IngestJobInfo(
id, dataSource.getId(), hostName, jobStart,
"", ingestModules,
this);
10930 }
catch (SQLException ex) {
10931 connection.rollbackTransaction();
10932 throw new TskCoreException(
"Error adding the ingest job.", ex);
10934 closeResultSet(resultSet);
10935 connection.close();
10954 CaseDbConnection connection = connections.getConnection();
10955 ResultSet resultSet = null;
10956 Statement statement = null;
10957 String uniqueName = factoryClassName +
"-" + displayName +
"-" + type.toString() +
"-" + version;
10960 statement = connection.createStatement();
10961 resultSet = statement.executeQuery(
"SELECT * FROM ingest_modules WHERE unique_name = '" + uniqueName +
"'");
10962 if (!resultSet.next()) {
10965 PreparedStatement insertStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_INGEST_MODULE, Statement.RETURN_GENERATED_KEYS);
10966 insertStatement.setString(1, displayName);
10967 insertStatement.setString(2, uniqueName);
10968 insertStatement.setInt(3, type.ordinal());
10969 insertStatement.setString(4, version);
10970 connection.executeUpdate(insertStatement);
10971 resultSet = statement.getGeneratedKeys();
10973 long id = resultSet.getLong(1);
10978 return new IngestModuleInfo(resultSet.getInt(
"ingest_module_id"), resultSet.getString(
"display_name"),
10979 resultSet.getString(
"unique_name"),
IngestModuleType.
fromID(resultSet.getInt(
"type_id")), resultSet.getString(
"version"));
10981 }
catch (SQLException ex) {
10983 closeStatement(statement);
10984 statement = connection.createStatement();
10985 resultSet = statement.executeQuery(
"SELECT * FROM ingest_modules WHERE unique_name = '" + uniqueName +
"'");
10986 if (resultSet.next()) {
10987 return new IngestModuleInfo(resultSet.getInt(
"ingest_module_id"), resultSet.getString(
"display_name"),
10990 throw new TskCoreException(
"Couldn't add new module to database.", ex);
10992 }
catch (SQLException ex1) {
10993 throw new TskCoreException(
"Couldn't add new module to database.", ex1);
10996 closeResultSet(resultSet);
10997 closeStatement(statement);
10998 connection.close();
11011 CaseDbConnection connection = connections.getConnection();
11012 ResultSet resultSet = null;
11013 Statement statement = null;
11014 List<IngestJobInfo> ingestJobs =
new ArrayList<IngestJobInfo>();
11017 statement = connection.createStatement();
11018 resultSet = statement.executeQuery(
"SELECT * FROM ingest_jobs");
11019 while (resultSet.next()) {
11020 ingestJobs.add(
new IngestJobInfo(resultSet.getInt(
"ingest_job_id"), resultSet.getLong(
"obj_id"),
11021 resultSet.getString(
"host_name"),
new Date(resultSet.getLong(
"start_date_time")),
11023 resultSet.getString(
"settings_dir"), this.getIngestModules(resultSet.getInt(
"ingest_job_id"), connection),
this));
11026 }
catch (SQLException ex) {
11027 throw new TskCoreException(
"Couldn't get the ingest jobs.", ex);
11029 closeResultSet(resultSet);
11030 closeStatement(statement);
11031 connection.close();
11046 private List<IngestModuleInfo> getIngestModules(
int ingestJobId, CaseDbConnection connection)
throws SQLException {
11047 ResultSet resultSet = null;
11048 Statement statement = null;
11049 List<IngestModuleInfo> ingestModules =
new ArrayList<IngestModuleInfo>();
11052 statement = connection.createStatement();
11053 resultSet = statement.executeQuery(
"SELECT ingest_job_modules.ingest_module_id AS ingest_module_id, "
11054 +
"ingest_job_modules.pipeline_position AS pipeline_position, "
11055 +
"ingest_modules.display_name AS display_name, ingest_modules.unique_name AS unique_name, "
11056 +
"ingest_modules.type_id AS type_id, ingest_modules.version AS version "
11057 +
"FROM ingest_job_modules, ingest_modules "
11058 +
"WHERE ingest_job_modules.ingest_job_id = " + ingestJobId +
" "
11059 +
"AND ingest_modules.ingest_module_id = ingest_job_modules.ingest_module_id "
11060 +
"ORDER BY (ingest_job_modules.pipeline_position);");
11061 while (resultSet.next()) {
11062 ingestModules.add(
new IngestModuleInfo(resultSet.getInt(
"ingest_module_id"), resultSet.getString(
"display_name"),
11063 resultSet.getString(
"unique_name"),
IngestModuleType.
fromID(resultSet.getInt(
"type_id")), resultSet.getString(
"version")));
11065 return ingestModules;
11067 closeResultSet(resultSet);
11068 closeStatement(statement);
11077 static class ObjectInfo {
11080 private TskData.ObjectType type;
11082 ObjectInfo(
long id, ObjectType type) {
11091 TskData.ObjectType getType() {
11096 private interface DbCommand {
11098 void execute() throws SQLException;
11101 private enum PREPARED_STATEMENT {
11103 SELECT_ARTIFACTS_BY_TYPE(
"SELECT artifact_id, obj_id FROM blackboard_artifacts "
11104 +
"WHERE artifact_type_id = ?"),
11105 COUNT_ARTIFACTS_OF_TYPE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE artifact_type_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11106 COUNT_ARTIFACTS_OF_TYPE_BY_DATA_SOURCE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE data_source_obj_id = ? AND artifact_type_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11107 COUNT_ARTIFACTS_FROM_SOURCE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE obj_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11108 COUNT_ARTIFACTS_BY_SOURCE_AND_TYPE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE obj_id = ? AND artifact_type_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11109 SELECT_FILES_BY_PARENT(
"SELECT tsk_files.* "
11110 +
"FROM tsk_objects INNER JOIN tsk_files "
11111 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11112 +
"WHERE (tsk_objects.par_obj_id = ? ) "
11113 +
"ORDER BY tsk_files.meta_type DESC, LOWER(tsk_files.name)"),
11114 SELECT_FILES_BY_PARENT_AND_TYPE(
"SELECT tsk_files.* "
11115 +
"FROM tsk_objects INNER JOIN tsk_files "
11116 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11117 +
"WHERE (tsk_objects.par_obj_id = ? AND tsk_files.type = ? ) "
11118 +
"ORDER BY tsk_files.dir_type, LOWER(tsk_files.name)"),
11119 SELECT_FILE_IDS_BY_PARENT(
"SELECT tsk_files.obj_id AS obj_id "
11120 +
"FROM tsk_objects INNER JOIN tsk_files "
11121 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11122 +
"WHERE (tsk_objects.par_obj_id = ?)"),
11123 SELECT_FILE_IDS_BY_PARENT_AND_TYPE(
"SELECT tsk_files.obj_id AS obj_id "
11124 +
"FROM tsk_objects INNER JOIN tsk_files "
11125 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11126 +
"WHERE (tsk_objects.par_obj_id = ? "
11127 +
"AND tsk_files.type = ? )"),
11128 SELECT_FILE_BY_ID(
"SELECT * FROM tsk_files WHERE obj_id = ? LIMIT 1"),
11129 SELECT_ARTIFACT_BY_ARTIFACT_OBJ_ID(
"SELECT * FROM blackboard_artifacts WHERE artifact_obj_id = ? LIMIT 1"),
11130 SELECT_ARTIFACT_BY_ARTIFACT_ID(
"SELECT * FROM blackboard_artifacts WHERE artifact_id = ? LIMIT 1"),
11131 INSERT_ARTIFACT(
"INSERT INTO blackboard_artifacts (artifact_id, obj_id, artifact_obj_id, data_source_obj_id, artifact_type_id, review_status_id) "
11132 +
"VALUES (?, ?, ?, ?, ?," + BlackboardArtifact.ReviewStatus.UNDECIDED.getID() +
")"),
11133 POSTGRESQL_INSERT_ARTIFACT(
"INSERT INTO blackboard_artifacts (artifact_id, obj_id, artifact_obj_id, data_source_obj_id, artifact_type_id, review_status_id) "
11134 +
"VALUES (DEFAULT, ?, ?, ?, ?," + BlackboardArtifact.ReviewStatus.UNDECIDED.getID() +
")"),
11135 INSERT_STRING_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_text) "
11136 +
"VALUES (?,?,?,?,?,?,?)"),
11137 INSERT_BYTE_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_byte) "
11138 +
"VALUES (?,?,?,?,?,?,?)"),
11139 INSERT_INT_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_int32) "
11140 +
"VALUES (?,?,?,?,?,?,?)"),
11141 INSERT_LONG_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_int64) "
11142 +
"VALUES (?,?,?,?,?,?,?)"),
11143 INSERT_DOUBLE_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_double) "
11144 +
"VALUES (?,?,?,?,?,?,?)"),
11145 SELECT_FILES_BY_DATA_SOURCE_AND_NAME(
"SELECT * FROM tsk_files WHERE LOWER(name) LIKE LOWER(?) AND LOWER(name) NOT LIKE LOWER('%journal%') AND data_source_obj_id = ?"),
11146 SELECT_FILES_BY_DATA_SOURCE_AND_PARENT_PATH_AND_NAME(
"SELECT * FROM tsk_files WHERE LOWER(name) LIKE LOWER(?) AND LOWER(name) NOT LIKE LOWER('%journal%') AND LOWER(parent_path) LIKE LOWER(?) AND data_source_obj_id = ?"),
11147 UPDATE_FILE_MD5(
"UPDATE tsk_files SET md5 = ? WHERE obj_id = ?"),
11148 UPDATE_IMAGE_MD5(
"UPDATE tsk_image_info SET md5 = ? WHERE obj_id = ?"),
11149 UPDATE_IMAGE_SHA1(
"UPDATE tsk_image_info SET sha1 = ? WHERE obj_id = ?"),
11150 UPDATE_IMAGE_SHA256(
"UPDATE tsk_image_info SET sha256 = ? WHERE obj_id = ?"),
11151 SELECT_IMAGE_MD5(
"SELECT md5 FROM tsk_image_info WHERE obj_id = ?"),
11152 SELECT_IMAGE_SHA1(
"SELECT sha1 FROM tsk_image_info WHERE obj_id = ?"),
11153 SELECT_IMAGE_SHA256(
"SELECT sha256 FROM tsk_image_info WHERE obj_id = ?"),
11154 UPDATE_ACQUISITION_DETAILS(
"UPDATE data_source_info SET acquisition_details = ? WHERE obj_id = ?"),
11155 SELECT_ACQUISITION_DETAILS(
"SELECT acquisition_details FROM data_source_info WHERE obj_id = ?"),
11156 SELECT_LOCAL_PATH_FOR_FILE(
"SELECT path FROM tsk_files_path WHERE obj_id = ?"),
11157 SELECT_ENCODING_FOR_FILE(
"SELECT encoding_type FROM tsk_files_path WHERE obj_id = ?"),
11158 SELECT_LOCAL_PATH_AND_ENCODING_FOR_FILE(
"SELECT path, encoding_type FROM tsk_files_path WHERE obj_id = ?"),
11159 SELECT_PATH_FOR_FILE(
"SELECT parent_path FROM tsk_files WHERE obj_id = ?"),
11160 SELECT_FILE_NAME(
"SELECT name FROM tsk_files WHERE obj_id = ?"),
11161 SELECT_DERIVED_FILE(
"SELECT derived_id, rederive FROM tsk_files_derived WHERE obj_id = ?"),
11162 SELECT_FILE_DERIVATION_METHOD(
"SELECT tool_name, tool_version, other FROM tsk_files_derived_method WHERE derived_id = ?"),
11163 SELECT_MAX_OBJECT_ID(
"SELECT MAX(obj_id) AS max_obj_id FROM tsk_objects"),
11164 INSERT_OBJECT(
"INSERT INTO tsk_objects (par_obj_id, type) VALUES (?, ?)"),
11165 INSERT_FILE(
"INSERT INTO tsk_files (obj_id, fs_obj_id, name, type, has_path, dir_type, meta_type, dir_flags, meta_flags, size, ctime, crtime, atime, mtime, md5, known, mime_type, parent_path, data_source_obj_id,extension) "
11166 +
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11167 INSERT_FILE_SYSTEM_FILE(
"INSERT INTO tsk_files(obj_id, fs_obj_id, data_source_obj_id, attr_type, attr_id, name, meta_addr, meta_seq, type, has_path, dir_type, meta_type, dir_flags, meta_flags, size, ctime, crtime, atime, mtime, parent_path, extension)"
11168 +
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11169 UPDATE_DERIVED_FILE(
"UPDATE tsk_files SET type = ?, dir_type = ?, meta_type = ?, dir_flags = ?, meta_flags = ?, size= ?, ctime= ?, crtime= ?, atime= ?, mtime= ?, mime_type = ? "
11170 +
"WHERE obj_id = ?"),
11171 INSERT_LAYOUT_FILE(
"INSERT INTO tsk_file_layout (obj_id, byte_start, byte_len, sequence) "
11172 +
"VALUES (?, ?, ?, ?)"),
11173 INSERT_LOCAL_PATH(
"INSERT INTO tsk_files_path (obj_id, path, encoding_type) VALUES (?, ?, ?)"),
11174 UPDATE_LOCAL_PATH(
"UPDATE tsk_files_path SET path = ?, encoding_type = ? WHERE obj_id = ?"),
11175 COUNT_CHILD_OBJECTS_BY_PARENT(
"SELECT COUNT(obj_id) AS count FROM tsk_objects WHERE par_obj_id = ?"),
11176 SELECT_FILE_SYSTEM_BY_OBJECT(
"SELECT fs_obj_id from tsk_files WHERE obj_id=?"),
11177 SELECT_TAG_NAMES(
"SELECT * FROM tag_names"),
11178 SELECT_TAG_NAMES_IN_USE(
"SELECT * FROM tag_names "
11179 +
"WHERE tag_name_id IN "
11180 +
"(SELECT tag_name_id from content_tags UNION SELECT tag_name_id FROM blackboard_artifact_tags)"),
11181 SELECT_TAG_NAMES_IN_USE_BY_DATASOURCE(
"SELECT * FROM tag_names "
11182 +
"WHERE tag_name_id IN "
11183 +
"( SELECT content_tags.tag_name_id as tag_name_id "
11184 +
"FROM content_tags as content_tags, tsk_files as tsk_files"
11185 +
" WHERE content_tags.obj_id = tsk_files.obj_id"
11186 +
" AND tsk_files.data_source_obj_id = ?"
11188 +
"SELECT artifact_tags.tag_name_id as tag_name_id "
11189 +
" FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts "
11190 +
" WHERE artifact_tags.artifact_id = arts.artifact_id"
11191 +
" AND arts.data_source_obj_id = ?"
11193 INSERT_TAG_NAME(
"INSERT INTO tag_names (display_name, description, color, knownStatus) VALUES (?, ?, ?, ?)"),
11194 INSERT_CONTENT_TAG(
"INSERT INTO content_tags (obj_id, tag_name_id, comment, begin_byte_offset, end_byte_offset, examiner_id) VALUES (?, ?, ?, ?, ?, ?)"),
11195 DELETE_CONTENT_TAG(
"DELETE FROM content_tags WHERE tag_id = ?"),
11196 COUNT_CONTENT_TAGS_BY_TAG_NAME(
"SELECT COUNT(*) AS count FROM content_tags WHERE tag_name_id = ?"),
11197 COUNT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE(
11198 "SELECT COUNT(*) AS count FROM content_tags as content_tags, tsk_files as tsk_files WHERE content_tags.obj_id = tsk_files.obj_id"
11199 +
" AND content_tags.tag_name_id = ? "
11200 +
" AND tsk_files.data_source_obj_id = ? "
11202 SELECT_CONTENT_TAGS(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11203 +
"FROM content_tags "
11204 +
"INNER JOIN tag_names ON content_tags.tag_name_id = tag_names.tag_name_id "
11205 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id"),
11206 SELECT_CONTENT_TAGS_BY_TAG_NAME(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tsk_examiners.login_name "
11207 +
"FROM content_tags "
11208 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id "
11209 +
"WHERE tag_name_id = ?"),
11210 SELECT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id "
11211 +
"FROM content_tags as content_tags, tsk_files as tsk_files, tag_names as tag_names, tsk_examiners as tsk_examiners "
11212 +
"WHERE content_tags.examiner_id = tsk_examiners.examiner_id"
11213 +
" AND content_tags.obj_id = tsk_files.obj_id"
11214 +
" AND content_tags.tag_name_id = tag_names.tag_name_id"
11215 +
" AND content_tags.tag_name_id = ?"
11216 +
" AND tsk_files.data_source_obj_id = ? "),
11217 SELECT_CONTENT_TAG_BY_ID(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11218 +
"FROM content_tags "
11219 +
"INNER JOIN tag_names ON content_tags.tag_name_id = tag_names.tag_name_id "
11220 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id "
11221 +
"WHERE tag_id = ?"),
11222 SELECT_CONTENT_TAGS_BY_CONTENT(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11223 +
"FROM content_tags "
11224 +
"INNER JOIN tag_names ON content_tags.tag_name_id = tag_names.tag_name_id "
11225 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id "
11226 +
"WHERE content_tags.obj_id = ?"),
11227 INSERT_ARTIFACT_TAG(
"INSERT INTO blackboard_artifact_tags (artifact_id, tag_name_id, comment, examiner_id) "
11228 +
"VALUES (?, ?, ?, ?)"),
11229 DELETE_ARTIFACT_TAG(
"DELETE FROM blackboard_artifact_tags WHERE tag_id = ?"),
11230 SELECT_ARTIFACT_TAGS(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tag_names.tag_set_id, tsk_examiners.login_name, tag_names.rank "
11231 +
"FROM blackboard_artifact_tags "
11232 +
"INNER JOIN tag_names ON blackboard_artifact_tags.tag_name_id = tag_names.tag_name_id "
11233 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id"),
11234 COUNT_ARTIFACTS_BY_TAG_NAME(
"SELECT COUNT(*) AS count FROM blackboard_artifact_tags WHERE tag_name_id = ?"),
11235 COUNT_ARTIFACTS_BY_TAG_NAME_BY_DATASOURCE(
"SELECT COUNT(*) AS count FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts WHERE artifact_tags.artifact_id = arts.artifact_id"
11236 +
" AND artifact_tags.tag_name_id = ?"
11237 +
" AND arts.data_source_obj_id = ? "),
11238 SELECT_ARTIFACT_TAGS_BY_TAG_NAME(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tsk_examiners.login_name "
11239 +
"FROM blackboard_artifact_tags "
11240 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id "
11241 +
"WHERE tag_name_id = ?"),
11242 SELECT_ARTIFACT_TAGS_BY_TAG_NAME_BY_DATASOURCE(
"SELECT artifact_tags.tag_id, artifact_tags.artifact_id, artifact_tags.tag_name_id, artifact_tags.comment, arts.obj_id, arts.artifact_obj_id, arts.data_source_obj_id, arts.artifact_type_id, arts.review_status_id, tsk_examiners.login_name "
11243 +
"FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts, tsk_examiners AS tsk_examiners "
11244 +
"WHERE artifact_tags.examiner_id = tsk_examiners.examiner_id"
11245 +
" AND artifact_tags.artifact_id = arts.artifact_id"
11246 +
" AND artifact_tags.tag_name_id = ? "
11247 +
" AND arts.data_source_obj_id = ? "),
11248 SELECT_ARTIFACT_TAG_BY_ID(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11249 +
"FROM blackboard_artifact_tags "
11250 +
"INNER JOIN tag_names ON blackboard_artifact_tags.tag_name_id = tag_names.tag_name_id "
11251 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id "
11252 +
"WHERE blackboard_artifact_tags.tag_id = ?"),
11253 SELECT_ARTIFACT_TAGS_BY_ARTIFACT(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11254 +
"FROM blackboard_artifact_tags "
11255 +
"INNER JOIN tag_names ON blackboard_artifact_tags.tag_name_id = tag_names.tag_name_id "
11256 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id "
11257 +
"WHERE blackboard_artifact_tags.artifact_id = ?"),
11258 SELECT_REPORTS(
"SELECT * FROM reports"),
11259 SELECT_REPORT_BY_ID(
"SELECT * FROM reports WHERE obj_id = ?"),
11260 INSERT_REPORT(
"INSERT INTO reports (obj_id, path, crtime, src_module_name, report_name) VALUES (?, ?, ?, ?, ?)"),
11261 DELETE_REPORT(
"DELETE FROM reports WHERE reports.obj_id = ?"),
11262 INSERT_INGEST_JOB(
"INSERT INTO ingest_jobs (obj_id, host_name, start_date_time, end_date_time, status_id, settings_dir) VALUES (?, ?, ?, ?, ?, ?)"),
11263 INSERT_INGEST_MODULE(
"INSERT INTO ingest_modules (display_name, unique_name, type_id, version) VALUES(?, ?, ?, ?)"),
11264 SELECT_ATTR_BY_VALUE_BYTE(
"SELECT source FROM blackboard_attributes WHERE artifact_id = ? AND attribute_type_id = ? AND value_type = 4 AND value_byte = ?"),
11265 UPDATE_ATTR_BY_VALUE_BYTE(
"UPDATE blackboard_attributes SET source = ? WHERE artifact_id = ? AND attribute_type_id = ? AND value_type = 4 AND value_byte = ?"),
11266 UPDATE_IMAGE_PATH(
"UPDATE tsk_image_names SET name = ? WHERE obj_id = ?"),
11267 SELECT_ARTIFACT_OBJECTIDS_BY_PARENT(
"SELECT blackboard_artifacts.artifact_obj_id AS artifact_obj_id "
11268 +
"FROM tsk_objects INNER JOIN blackboard_artifacts "
11269 +
"ON tsk_objects.obj_id=blackboard_artifacts.obj_id "
11270 +
"WHERE (tsk_objects.par_obj_id = ?)"),
11271 INSERT_OR_UPDATE_TAG_NAME(
"INSERT INTO tag_names (display_name, description, color, knownStatus) VALUES (?, ?, ?, ?) ON CONFLICT (display_name) DO UPDATE SET description = ?, color = ?, knownStatus = ?"),
11272 SELECT_EXAMINER_BY_ID(
"SELECT * FROM tsk_examiners WHERE examiner_id = ?"),
11273 SELECT_EXAMINER_BY_LOGIN_NAME(
"SELECT * FROM tsk_examiners WHERE login_name = ?"),
11274 INSERT_EXAMINER_POSTGRESQL(
"INSERT INTO tsk_examiners (login_name) VALUES (?) ON CONFLICT DO NOTHING"),
11275 INSERT_EXAMINER_SQLITE(
"INSERT OR IGNORE INTO tsk_examiners (login_name) VALUES (?)"),
11276 UPDATE_FILE_NAME(
"UPDATE tsk_files SET name = ? WHERE obj_id = ?"),
11277 UPDATE_IMAGE_NAME(
"UPDATE tsk_image_info SET display_name = ? WHERE obj_id = ?"),
11278 DELETE_IMAGE_NAME(
"DELETE FROM tsk_image_names WHERE obj_id = ?"),
11279 INSERT_IMAGE_NAME(
"INSERT INTO tsk_image_names (obj_id, name, sequence) VALUES (?, ?, ?)"),
11280 INSERT_IMAGE_INFO(
"INSERT INTO tsk_image_info (obj_id, type, ssize, tzone, size, md5, sha1, sha256, display_name)"
11281 +
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11282 INSERT_DATA_SOURCE_INFO(
"INSERT INTO data_source_info (obj_id, device_id, time_zone) VALUES (?, ?, ?)"),
11283 INSERT_VS_INFO(
"INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (?, ?, ?, ?)"),
11284 INSERT_VS_PART_SQLITE(
"INSERT INTO tsk_vs_parts (obj_id, addr, start, length, desc, flags) VALUES (?, ?, ?, ?, ?, ?)"),
11285 INSERT_VS_PART_POSTGRESQL(
"INSERT INTO tsk_vs_parts (obj_id, addr, start, length, descr, flags) VALUES (?, ?, ?, ?, ?, ?)"),
11286 INSERT_POOL_INFO(
"INSERT INTO tsk_pool_info (obj_id, pool_type) VALUES (?, ?)"),
11287 INSERT_FS_INFO(
"INSERT INTO tsk_fs_info (obj_id, data_source_obj_id, img_offset, fs_type, block_size, block_count, root_inum, first_inum, last_inum, display_name)"
11288 +
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11289 SELECT_TAG_NAME_BY_ID(
"SELECT * FROM tag_names where tag_name_id = ?"),
11290 SELECT_TAG_NAME_BY_NAME(
"SELECT * FROM tag_names where display_name = ?");
11292 private final String sql;
11294 private PREPARED_STATEMENT(String sql) {
11308 abstract private class ConnectionPool {
11310 private PooledDataSource pooledDataSource;
11312 public ConnectionPool() {
11313 pooledDataSource = null;
11316 CaseDbConnection getConnection() throws TskCoreException {
11317 if (pooledDataSource == null) {
11318 throw new TskCoreException(
"Error getting case database connection - case is closed");
11321 return getPooledConnection();
11322 }
catch (SQLException exp) {
11323 throw new TskCoreException(exp.getMessage());
11327 void close() throws TskCoreException {
11328 if (pooledDataSource != null) {
11330 pooledDataSource.close();
11331 }
catch (SQLException exp) {
11332 throw new TskCoreException(exp.getMessage());
11334 pooledDataSource = null;
11339 abstract CaseDbConnection getPooledConnection() throws SQLException;
11341 public PooledDataSource getPooledDataSource() {
11342 return pooledDataSource;
11345 public void setPooledDataSource(PooledDataSource pooledDataSource) {
11346 this.pooledDataSource = pooledDataSource;
11354 private final class SQLiteConnections
extends ConnectionPool {
11356 private final Map<String, String> configurationOverrides =
new HashMap<String, String>();
11358 SQLiteConnections(String dbPath)
throws SQLException {
11359 configurationOverrides.put(
"acquireIncrement",
"2");
11360 configurationOverrides.put(
"initialPoolSize",
"5");
11361 configurationOverrides.put(
"minPoolSize",
"5");
11366 configurationOverrides.put(
"maxPoolSize",
"20");
11367 configurationOverrides.put(
"maxStatements",
"200");
11368 configurationOverrides.put(
"maxStatementsPerConnection",
"20");
11370 SQLiteConfig config =
new SQLiteConfig();
11371 config.setSynchronous(SQLiteConfig.SynchronousMode.OFF);
11372 config.setReadUncommited(
true);
11373 config.enforceForeignKeys(
true);
11374 SQLiteDataSource unpooled =
new SQLiteDataSource(config);
11375 unpooled.setUrl(
"jdbc:sqlite:" + dbPath);
11376 setPooledDataSource((PooledDataSource) DataSources.pooledDataSource(unpooled, configurationOverrides));
11380 public CaseDbConnection getPooledConnection() throws SQLException {
11381 return new SQLiteConnection(getPooledDataSource().getConnection());
11389 private final class PostgreSQLConnections
extends ConnectionPool {
11391 PostgreSQLConnections(String host,
int port, String dbName, String userName, String password)
throws PropertyVetoException, UnsupportedEncodingException {
11392 ComboPooledDataSource comboPooledDataSource =
new ComboPooledDataSource();
11393 comboPooledDataSource.setDriverClass(
"org.postgresql.Driver");
11394 comboPooledDataSource.setJdbcUrl(
"jdbc:postgresql://" + host +
":" + port +
"/"
11395 + URLEncoder.encode(dbName, StandardCharsets.UTF_8.toString()));
11396 comboPooledDataSource.setUser(userName);
11397 comboPooledDataSource.setPassword(password);
11398 comboPooledDataSource.setAcquireIncrement(2);
11399 comboPooledDataSource.setInitialPoolSize(5);
11400 comboPooledDataSource.setMinPoolSize(5);
11405 comboPooledDataSource.setMaxPoolSize(20);
11406 comboPooledDataSource.setMaxStatements(200);
11407 comboPooledDataSource.setMaxStatementsPerConnection(20);
11408 setPooledDataSource(comboPooledDataSource);
11412 public CaseDbConnection getPooledConnection() throws SQLException {
11413 return new PostgreSQLConnection(getPooledDataSource().getConnection());
11420 abstract class CaseDbConnection
implements AutoCloseable {
11422 static final int SLEEP_LENGTH_IN_MILLISECONDS = 5000;
11423 static final int MAX_RETRIES = 20;
11425 private class CreateStatement
implements DbCommand {
11427 private final Connection connection;
11428 private Statement statement = null;
11430 CreateStatement(Connection connection) {
11431 this.connection = connection;
11434 Statement getStatement() {
11439 public void execute() throws SQLException {
11440 statement = connection.createStatement();
11444 private class SetAutoCommit
implements DbCommand {
11446 private final Connection connection;
11447 private final boolean mode;
11449 SetAutoCommit(Connection connection,
boolean mode) {
11450 this.connection = connection;
11455 public void execute() throws SQLException {
11456 connection.setAutoCommit(mode);
11460 private class Commit
implements DbCommand {
11462 private final Connection connection;
11464 Commit(Connection connection) {
11465 this.connection = connection;
11469 public void execute() throws SQLException {
11470 connection.commit();
11474 private class ExecuteQuery
implements DbCommand {
11476 private final Statement statement;
11477 private final String query;
11478 private ResultSet resultSet;
11480 ExecuteQuery(Statement statement, String query) {
11481 this.statement = statement;
11482 this.query = query;
11485 ResultSet getResultSet() {
11490 public void execute() throws SQLException {
11491 resultSet = statement.executeQuery(query);
11495 private class ExecutePreparedStatementQuery
implements DbCommand {
11497 private final PreparedStatement preparedStatement;
11498 private ResultSet resultSet;
11500 ExecutePreparedStatementQuery(PreparedStatement preparedStatement) {
11501 this.preparedStatement = preparedStatement;
11504 ResultSet getResultSet() {
11509 public void execute() throws SQLException {
11510 resultSet = preparedStatement.executeQuery();
11514 private class ExecutePreparedStatementUpdate
implements DbCommand {
11516 private final PreparedStatement preparedStatement;
11518 ExecutePreparedStatementUpdate(PreparedStatement preparedStatement) {
11519 this.preparedStatement = preparedStatement;
11523 public void execute() throws SQLException {
11524 preparedStatement.executeUpdate();
11528 private class ExecuteStatementUpdate
implements DbCommand {
11530 private final Statement statement;
11531 private final String updateCommand;
11533 ExecuteStatementUpdate(Statement statement, String updateCommand) {
11534 this.statement = statement;
11535 this.updateCommand = updateCommand;
11539 public void execute() throws SQLException {
11540 statement.executeUpdate(updateCommand);
11544 private class ExecuteStatementUpdateGenerateKeys
implements DbCommand {
11546 private final Statement statement;
11547 private final int generateKeys;
11548 private final String updateCommand;
11550 ExecuteStatementUpdateGenerateKeys(Statement statement, String updateCommand,
int generateKeys) {
11551 this.statement = statement;
11552 this.generateKeys = generateKeys;
11553 this.updateCommand = updateCommand;
11557 public void execute() throws SQLException {
11558 statement.executeUpdate(updateCommand, generateKeys);
11562 private class PrepareStatement
implements DbCommand {
11564 private final Connection connection;
11565 private final String input;
11566 private PreparedStatement preparedStatement = null;
11568 PrepareStatement(Connection connection, String input) {
11569 this.connection = connection;
11570 this.input = input;
11573 PreparedStatement getPreparedStatement() {
11574 return preparedStatement;
11578 public void execute() throws SQLException {
11579 preparedStatement = connection.prepareStatement(input);
11583 private class PrepareStatementGenerateKeys
implements DbCommand {
11585 private final Connection connection;
11586 private final String input;
11587 private final int generateKeys;
11588 private PreparedStatement preparedStatement = null;
11590 PrepareStatementGenerateKeys(Connection connection, String input,
int generateKeysInput) {
11591 this.connection = connection;
11592 this.input = input;
11593 this.generateKeys = generateKeysInput;
11596 PreparedStatement getPreparedStatement() {
11597 return preparedStatement;
11601 public void execute() throws SQLException {
11602 preparedStatement = connection.prepareStatement(input, generateKeys);
11606 abstract void executeCommand(DbCommand command)
throws SQLException;
11608 private final Connection connection;
11609 private final Map<PREPARED_STATEMENT, PreparedStatement> preparedStatements;
11610 private final Map<String, PreparedStatement> adHocPreparedStatements;
11612 CaseDbConnection(Connection connection) {
11613 this.connection = connection;
11614 preparedStatements =
new EnumMap<PREPARED_STATEMENT, PreparedStatement>(PREPARED_STATEMENT.class);
11615 adHocPreparedStatements =
new HashMap<>();
11619 return this.connection != null;
11622 PreparedStatement getPreparedStatement(PREPARED_STATEMENT statementKey)
throws SQLException {
11623 return getPreparedStatement(statementKey, Statement.NO_GENERATED_KEYS);
11626 PreparedStatement getPreparedStatement(PREPARED_STATEMENT statementKey,
int generateKeys)
throws SQLException {
11628 PreparedStatement statement;
11629 if (this.preparedStatements.containsKey(statementKey)) {
11630 statement = this.preparedStatements.get(statementKey);
11632 statement = prepareStatement(statementKey.getSQL(), generateKeys);
11633 this.preparedStatements.put(statementKey, statement);
11649 PreparedStatement getPreparedStatement(String sqlStatement,
int generateKeys)
throws SQLException {
11650 PreparedStatement statement;
11651 String statementKey =
"SQL:" + sqlStatement +
" Key:" + generateKeys;
11652 if (adHocPreparedStatements.containsKey(statementKey)) {
11653 statement = this.adHocPreparedStatements.get(statementKey);
11655 statement = prepareStatement(sqlStatement, generateKeys);
11656 this.adHocPreparedStatements.put(statementKey, statement);
11661 PreparedStatement prepareStatement(String sqlStatement,
int generateKeys)
throws SQLException {
11662 PrepareStatement prepareStatement =
new PrepareStatement(this.getConnection(), sqlStatement);
11663 executeCommand(prepareStatement);
11664 return prepareStatement.getPreparedStatement();
11667 Statement createStatement() throws SQLException {
11668 CreateStatement createStatement =
new CreateStatement(this.connection);
11669 executeCommand(createStatement);
11670 return createStatement.getStatement();
11674 SetAutoCommit setAutoCommit =
new SetAutoCommit(connection,
false);
11675 executeCommand(setAutoCommit);
11678 void commitTransaction() throws SQLException {
11679 Commit commit =
new Commit(connection);
11680 executeCommand(commit);
11682 SetAutoCommit setAutoCommit =
new SetAutoCommit(connection,
true);
11683 executeCommand(setAutoCommit);
11691 void rollbackTransaction() {
11693 connection.rollback();
11694 }
catch (SQLException e) {
11695 logger.log(Level.SEVERE,
"Error rolling back transaction", e);
11698 connection.setAutoCommit(
true);
11699 }
catch (SQLException e) {
11700 logger.log(Level.SEVERE,
"Error restoring auto-commit", e);
11711 void rollbackTransactionWithThrow() throws SQLException {
11713 connection.rollback();
11715 connection.setAutoCommit(
true);
11719 ResultSet
executeQuery(Statement statement, String query)
throws SQLException {
11720 ExecuteQuery queryCommand =
new ExecuteQuery(statement, query);
11721 executeCommand(queryCommand);
11722 return queryCommand.getResultSet();
11734 ResultSet
executeQuery(PreparedStatement statement)
throws SQLException {
11735 ExecutePreparedStatementQuery executePreparedStatementQuery =
new ExecutePreparedStatementQuery(statement);
11736 executeCommand(executePreparedStatementQuery);
11737 return executePreparedStatementQuery.getResultSet();
11740 void executeUpdate(Statement statement, String update)
throws SQLException {
11741 executeUpdate(statement, update, Statement.NO_GENERATED_KEYS);
11744 void executeUpdate(Statement statement, String update,
int generateKeys)
throws SQLException {
11745 ExecuteStatementUpdate executeStatementUpdate =
new ExecuteStatementUpdate(statement, update);
11746 executeCommand(executeStatementUpdate);
11749 void executeUpdate(PreparedStatement statement)
throws SQLException {
11750 ExecutePreparedStatementUpdate executePreparedStatementUpdate =
new ExecutePreparedStatementUpdate(statement);
11751 executeCommand(executePreparedStatementUpdate);
11758 public void close() {
11760 for (PreparedStatement stmt:preparedStatements.values()) {
11761 closeStatement(stmt);
11763 for (PreparedStatement stmt:adHocPreparedStatements.values()) {
11764 closeStatement(stmt);
11766 connection.close();
11767 }
catch (SQLException ex) {
11768 logger.log(Level.SEVERE,
"Unable to close connection to case database", ex);
11772 Connection getConnection() {
11773 return this.connection;
11780 private final class SQLiteConnection
extends CaseDbConnection {
11782 private static final int DATABASE_LOCKED_ERROR = 0;
11783 private static final int SQLITE_BUSY_ERROR = 5;
11785 SQLiteConnection(Connection conn) {
11790 void executeCommand(DbCommand command)
throws SQLException {
11791 int retryCounter = 0;
11796 }
catch (SQLException ex) {
11797 if ((ex.getErrorCode() == SQLITE_BUSY_ERROR || ex.getErrorCode() == DATABASE_LOCKED_ERROR) && retryCounter < MAX_RETRIES) {
11804 Thread.sleep(SLEEP_LENGTH_IN_MILLISECONDS);
11805 }
catch (InterruptedException exp) {
11806 Logger.getLogger(SleuthkitCase.class.getName()).log(Level.WARNING,
"Unexpectedly unable to wait for database.", exp);
11819 private final class PostgreSQLConnection
extends CaseDbConnection {
11821 private final String COMMUNICATION_ERROR = PSQLState.COMMUNICATION_ERROR.getState();
11822 private final String SYSTEM_ERROR = PSQLState.SYSTEM_ERROR.getState();
11823 private final String UNKNOWN_STATE = PSQLState.UNKNOWN_STATE.getState();
11824 private static final int MAX_RETRIES = 3;
11826 PostgreSQLConnection(Connection conn) {
11831 void executeUpdate(Statement statement, String update,
int generateKeys)
throws SQLException {
11832 CaseDbConnection.ExecuteStatementUpdateGenerateKeys executeStatementUpdateGenerateKeys =
new CaseDbConnection.ExecuteStatementUpdateGenerateKeys(statement, update, generateKeys);
11833 executeCommand(executeStatementUpdateGenerateKeys);
11837 PreparedStatement prepareStatement(String sqlStatement,
int generateKeys)
throws SQLException {
11838 CaseDbConnection.PrepareStatementGenerateKeys prepareStatementGenerateKeys =
new CaseDbConnection.PrepareStatementGenerateKeys(this.getConnection(), sqlStatement, generateKeys);
11839 executeCommand(prepareStatementGenerateKeys);
11840 return prepareStatementGenerateKeys.getPreparedStatement();
11844 void executeCommand(DbCommand command)
throws SQLException {
11845 SQLException lastException = null;
11846 for (
int retries = 0; retries < MAX_RETRIES; retries++) {
11849 lastException = null;
11851 }
catch (SQLException ex) {
11852 lastException = ex;
11853 String sqlState = ex.getSQLState();
11854 if (sqlState == null || sqlState.equals(COMMUNICATION_ERROR) || sqlState.equals(SYSTEM_ERROR) || sqlState.equals(UNKNOWN_STATE)) {
11856 Thread.sleep(SLEEP_LENGTH_IN_MILLISECONDS);
11857 }
catch (InterruptedException exp) {
11858 Logger.getLogger(SleuthkitCase.class.getName()).log(Level.WARNING,
"Unexpectedly unable to wait for database.", exp);
11867 if (lastException != null) {
11868 throw lastException;
11889 private final CaseDbConnection connection;
11893 this.connection = connection;
11894 this.sleuthkitCase = sleuthkitCase;
11896 this.connection.beginTransaction();
11897 }
catch (SQLException ex) {
11898 throw new TskCoreException(
"Failed to create transaction on case database", ex);
11910 CaseDbConnection getConnection() {
11911 return this.connection;
11922 this.connection.commitTransaction();
11923 }
catch (SQLException ex) {
11924 throw new TskCoreException(
"Failed to commit transaction on case database", ex);
11938 this.connection.rollbackTransactionWithThrow();
11939 }
catch (SQLException ex) {
11940 throw new TskCoreException(
"Case database transaction rollback failed", ex);
11951 this.connection.close();
11967 private ResultSet resultSet;
11968 private CaseDbConnection connection;
11970 private CaseDbQuery(String query)
throws TskCoreException {
11971 this(query,
false);
11974 private CaseDbQuery(String query,
boolean allowWriteQuery)
throws TskCoreException {
11975 if (!allowWriteQuery) {
11976 if (!query.regionMatches(
true, 0,
"SELECT", 0,
"SELECT".length())) {
11977 throw new TskCoreException(
"Unsupported query: Only SELECT queries are supported.");
11981 connection = connections.getConnection();
11982 }
catch (TskCoreException ex) {
11983 throw new TskCoreException(
"Error getting connection for query: ", ex);
11988 resultSet = connection.executeQuery(connection.createStatement(), query);
11989 }
catch (SQLException ex) {
11991 throw new TskCoreException(
"Error executing query: ", ex);
12005 public void close() throws TskCoreException {
12007 if (resultSet != null) {
12008 final Statement statement = resultSet.getStatement();
12009 if (statement != null) {
12014 connection.close();
12015 }
catch (SQLException ex) {
12016 throw new TskCoreException(
"Error closing query: ", ex);
12032 sleuthkitCaseErrorObservers.add(observer);
12044 int i = sleuthkitCaseErrorObservers.indexOf(observer);
12046 sleuthkitCaseErrorObservers.remove(i);
12060 for (
ErrorObserver observer : sleuthkitCaseErrorObservers) {
12061 if (observer != null) {
12063 observer.receiveError(context, errorMessage);
12064 }
catch (Exception ex) {
12065 logger.log(Level.SEVERE,
"Observer client unable to receive message: {0}, {1}",
new Object[]{context, errorMessage, ex});
12097 private final String contextString;
12099 private Context(String context) {
12100 this.contextString = context;
12104 return contextString;
12108 void receiveError(String context, String errorMessage);
12122 long getDataSourceObjectId(
long objectId) {
12124 CaseDbConnection connection = connections.getConnection();
12126 return getDataSourceObjectId(connection, objectId);
12128 connection.close();
12130 }
catch (TskCoreException ex) {
12131 logger.log(Level.SEVERE,
"Error getting data source object id for a file", ex);
12147 CaseDbConnection connection = connections.getConnection();
12149 ResultSet rs = null;
12152 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_MAX_OBJECT_ID);
12153 rs = connection.executeQuery(statement);
12156 id = rs.getLong(
"max_obj_id");
12159 }
catch (SQLException e) {
12160 throw new TskCoreException(
"Error getting last object id", e);
12162 closeResultSet(rs);
12163 connection.close();
12183 CaseDbConnection connection = connections.getConnection();
12185 Statement s = null;
12186 ResultSet rs = null;
12188 s = connection.createStatement();
12189 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE " + sqlWhereClause);
12190 List<FsContent> results =
new ArrayList<FsContent>();
12191 List<AbstractFile> temp = resultSetToAbstractFiles(rs, connection);
12199 }
catch (SQLException e) {
12200 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findFilesWhere().", e);
12202 closeResultSet(rs);
12204 connection.close();
12222 CaseDbConnection connection = connections.getConnection();
12224 Statement s = null;
12225 ResultSet rs = null;
12227 s = connection.createStatement();
12228 rs = connection.executeQuery(s,
"SELECT artifact_type_id FROM blackboard_artifact_types WHERE type_name = '" + artifactTypeName +
"'");
12231 typeId = rs.getInt(
"artifact_type_id");
12234 }
catch (SQLException ex) {
12235 throw new TskCoreException(
"Error getting artifact type id", ex);
12237 closeResultSet(rs);
12239 connection.close();
12272 public int addArtifactType(String artifactTypeName, String displayName)
throws TskCoreException {
12275 }
catch (TskDataException ex) {
12276 throw new TskCoreException(
"Failed to add artifact type.", ex);
12294 public int addAttrType(String attrTypeString, String displayName)
throws TskCoreException {
12297 }
catch (TskDataException ex) {
12298 throw new TskCoreException(
"Couldn't add new attribute type");
12314 CaseDbConnection connection = connections.getConnection();
12316 Statement s = null;
12317 ResultSet rs = null;
12319 s = connection.createStatement();
12320 rs = connection.executeQuery(s,
"SELECT attribute_type_id FROM blackboard_attribute_types WHERE type_name = '" + attrTypeName +
"'");
12323 typeId = rs.getInt(
"attribute_type_id");
12326 }
catch (SQLException ex) {
12327 throw new TskCoreException(
"Error getting attribute type id", ex);
12329 closeResultSet(rs);
12331 connection.close();
12350 CaseDbConnection connection = connections.getConnection();
12352 Statement s = null;
12353 ResultSet rs = null;
12355 s = connection.createStatement();
12356 rs = connection.executeQuery(s,
"SELECT type_name FROM blackboard_attribute_types WHERE attribute_type_id = " + attrTypeID);
12358 return rs.getString(
"type_name");
12360 throw new TskCoreException(
"No type with that id");
12362 }
catch (SQLException ex) {
12363 throw new TskCoreException(
"Error getting or creating a attribute type name", ex);
12365 closeResultSet(rs);
12367 connection.close();
12386 CaseDbConnection connection = connections.getConnection();
12388 Statement s = null;
12389 ResultSet rs = null;
12391 s = connection.createStatement();
12392 rs = connection.executeQuery(s,
"SELECT display_name FROM blackboard_attribute_types WHERE attribute_type_id = " + attrTypeID);
12394 return rs.getString(
"display_name");
12396 throw new TskCoreException(
"No type with that id");
12398 }
catch (SQLException ex) {
12399 throw new TskCoreException(
"Error getting or creating a attribute type name", ex);
12401 closeResultSet(rs);
12403 connection.close();
12438 public ResultSet
runQuery(String query)
throws SQLException {
12439 CaseDbConnection connection;
12441 connection = connections.getConnection();
12442 }
catch (TskCoreException ex) {
12443 throw new SQLException(
"Error getting connection for ad hoc query", ex);
12447 return connection.executeQuery(connection.createStatement(), query);
12451 connection.close();
12467 final Statement statement = resultSet.getStatement();
12469 if (statement != null) {
12491 public LayoutFile addCarvedFile(String carvedFileName,
long carvedFileSize,
long containerId, List<TskFileRange> data)
throws TskCoreException {
12494 files.add(carvedFile);
12498 || parent instanceof
Volume
12499 || parent instanceof
Image) {
12502 throw new TskCoreException(String.format(
"Parent (id =%d) is not an file system, volume or image", containerId));
12521 public List<LayoutFile>
addCarvedFiles(List<CarvedFileContainer> filesToAdd)
throws TskCoreException {
12525 carvedFiles.add(carvedFile);
12530 || parent instanceof
Volume
12531 || parent instanceof
Image) {
12534 throw new TskCoreException(String.format(
"Parent (id =%d) is not an file system, volume or image", parent.
getId()));
12570 long size,
long ctime,
long crtime,
long atime,
long mtime,
12572 String rederiveDetails, String toolName, String toolVersion, String otherDetails)
throws TskCoreException {
12573 return addDerivedFile(fileName, localPath, size, ctime, crtime, atime, mtime,
12574 isFile, parentFile, rederiveDetails, toolName, toolVersion,
12604 long size,
long ctime,
long crtime,
long atime,
long mtime,
12607 return addLocalFile(fileName, localPath, size, ctime, crtime, atime, mtime, isFile,
12632 long size,
long ctime,
long crtime,
long atime,
long mtime,
12635 return addLocalFile(fileName, localPath, size, ctime, crtime, atime, mtime,
12657 return this.caseHandle.initAddImageProcess(timezone, addUnallocSpace, noFatFsOrphans,
"",
this);
12674 }
catch (TskCoreException ex) {
12675 logger.log(Level.SEVERE,
"Error loading all file systems for image with ID {0}", image.
getId());
12676 return new ArrayList<>();
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, long value)
final IngestJobInfo addIngestJob(Content dataSource, String hostName, List< IngestModuleInfo > ingestModules, Date jobStart, Date jobEnd, IngestJobStatusType status, String settingsDir)
static ARTIFACT_TYPE fromID(int id)
FS
File that can be found in file system tree.
static FileKnown valueOf(byte known)
BlackboardArtifact getArtifactByArtifactId(long id)
AddImageProcess makeAddImageProcess(String timezone, boolean addUnallocSpace, boolean noFatFsOrphans)
BlackboardArtifact getArtifactById(long id)
List< Report > getAllReports()
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
long getBlackboardArtifactsCount(long objId)
int getArtifactTypeID(String artifactTypeName)
synchronized Content getParent()
long getBlackboardArtifactTagsCountByTagName(TagName tagName)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(ARTIFACT_TYPE artifactType)
LocalDirectory addLocalDirectory(long parentId, String directoryName, CaseDbTransaction transaction)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(String artifactTypeName)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, int value)
void addBlackboardAttributes(Collection< BlackboardAttribute > attributes, int artifactTypeId)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(int artifactTypeID, long obj_id)
CommunicationsManager getCommunicationsManager()
DerivedFile addDerivedFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails)
CaseDbTransaction beginTransaction()
boolean isCompatible(CaseDbSchemaVersionNumber dbSchemaVersion)
List< Content > getChildren()
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent)
ALLOC
Metadata structure is currently in an allocated state.
int countFilesMd5Hashed()
static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue)
CaseDbSchemaVersionNumber getDBSchemaCreationVersion()
ArrayList< BlackboardArtifact > getBlackboardArtifacts(int artifactTypeID)
void addErrorObserver(ErrorObserver observer)
DerivedFile updateDerivedFile(DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType)
Blackboard getBlackboard()
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, String md5, FileKnown known, String mimeType, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction)
TSK_FS_META_TYPE_DIR
Directory file NON-NLS.
List< AbstractFile > findFiles(Content dataSource, String fileName, AbstractFile parentFile)
synchronized void close()
TagName addOrUpdateTagName(String displayName, String description, TagName.HTML_COLOR color, TskData.FileKnown knownStatus)
void setFileMIMEType(AbstractFile file, String mimeType)
UNALLOC
Metadata structure is currently in an unallocated state.
void addBlackboardAttribute(BlackboardAttribute attr, int artifactTypeId)
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent, CaseDbTransaction transaction)
final List< LayoutFile > addLayoutFiles(Content parent, List< TskFileRange > fileRanges)
int addArtifactType(String artifactTypeName, String displayName)
List< DataSource > getDataSources()
BlackboardArtifactTagChange addArtifactTag(BlackboardArtifact artifact, TagName tagName, String comment)
synchronized CaseDbAccessManager getCaseDbAccessManager()
BlackboardArtifactTag getBlackboardArtifactTagByID(long artifactTagID)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, double value)
List< AbstractFile > openFiles(Content dataSource, String filePath)
List< BlackboardArtifactTag > getBlackboardArtifactTagsByArtifact(BlackboardArtifact artifact)
final IngestModuleInfo addIngestModule(String displayName, String factoryClassName, IngestModuleType type, String version)
long getBlackboardArtifactsCount(String artifactTypeName, long obj_id)
Content getContentById(long id)
BlackboardArtifactTag getAddedTag()
VersionNumber getDBSchemaVersion()
static IngestJobStatusType fromID(int typeId)
List< TagName > getTagNamesInUse()
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, byte value)
LAYOUT_FILE
Set of blocks from an image that have been designated as a file.
List< AbstractFile > findAllFilesInFolderWhere(long parentId, String sqlWhereClause)
static final String NAME_CARVED
static SleuthkitCase openCase(String databaseName, CaseDbConnectionInfo info, String caseDir)
static IngestModuleType fromID(int typeId)
List< ContentTag > getAllContentTags()
long getDataSourceObjectId()
List< VirtualDirectory > getVirtualDirectoryRoots()
LayoutFile addLayoutFile(String fileName, long size, TSK_FS_NAME_FLAG_ENUM dirFlag, TSK_FS_META_FLAG_ENUM metaFlag, long ctime, long crtime, long atime, long mtime, List< TskFileRange > fileRanges, Content parent)
long getBlackboardArtifactTagsCountByTagName(TagName tagName, long dsObjId)
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypes()
ContentTag getContentTagByID(long contentTagID)
LOCAL
Local file that was added (not from a disk image)
Map< Long, List< String > > getImagePaths()
List< Long > findAllFileIdsWhere(String sqlWhereClause)
synchronized TaggingManager getTaggingManager()
BlackboardArtifact getBlackboardArtifact(long artifactID)
List< BlackboardArtifact.Type > getArtifactTypesInUse()
BlackboardAttribute.Type addArtifactAttributeType(String attrTypeString, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName)
AbstractFile getAbstractFileById(long id)
CARVED
Set of blocks for a file found from carving. Could be on top of a TSK_DB_FILES_TYPE_UNALLOC_BLOCKS ra...
BlackboardArtifactTag addBlackboardArtifactTag(BlackboardArtifact artifact, TagName tagName, String comment)
long countFilesWhere(String sqlWhereClause)
long getBlackboardArtifactsCount(ARTIFACT_TYPE artifactType, long obj_id)
FS
File System - see tsk_fs_info for more details.
Pool addPool(long parentObjId, TskData.TSK_POOL_TYPE_ENUM type, CaseDbTransaction transaction)
boolean isFileFromSource(Content dataSource, long fileId)
ArrayList< BlackboardArtifact > getMatchingArtifacts(String whereClause)
VirtualDirectory addVirtualDirectory(long parentId, String directoryName, CaseDbTransaction transaction)
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypesInUse()
void deleteReport(Report report)
List< Image > getImages()
int getAttrTypeID(String attrTypeName)
Image getImageById(long id)
Report addReport(String localPath, String sourceModuleName, String reportName, Content parent)
List< Content > getChildren()
USED
Metadata structure has been allocated at least once.
void unregisterForEvents(Object listener)
LOCAL_DIR
Local directory that was added (not from a disk image)
TimelineManager getTimelineManager()
final List< LayoutFile > addCarvedFiles(CarvingResult carvingResult)
void releaseSingleUserCaseReadLock()
VOL
Volume - see tsk_vs_parts for more details.
void closeRunQuery(ResultSet resultSet)
DerivedFile addDerivedFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType)
int addAttrType(String attrTypeString, String displayName)
void deleteBlackboardArtifactTag(BlackboardArtifactTag tag)
long getContentTagsCountByTagName(TagName tagName, long dsObjId)
List< ContentTag > getContentTagsByTagName(TagName tagName)
BlackboardArtifact newBlackboardArtifact(int artifactTypeID, long obj_id)
static String escapeSingleQuotes(String text)
String getAttrTypeDisplayName(int attrTypeID)
List< BlackboardArtifact > getBlackboardArtifacts(ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value)
List< AbstractFile > findFiles(Content dataSource, String fileName)
List< TagName > getAllTagNames()
Report getReportById(long id)
BlackboardAttribute.Type getAttributeType(String attrTypeName)
Image addImageInfo(long deviceObjId, List< String > imageFilePaths, String timeZone)
static HTML_COLOR getColorByName(String colorName)
void acquireSingleUserCaseWriteLock()
REPORT
Artifact - see blackboard_artifacts for more details.
List< AbstractFile > findFilesByMd5(String md5Hash)
long getBlackboardArtifactsTypeCount(int artifactTypeID, long dataSourceID)
BlackboardArtifact.Type getArtifactType(String artTypeName)
BlackboardArtifact newBlackboardArtifact(ARTIFACT_TYPE artifactType, long obj_id)
void releaseSingleUserCaseWriteLock()
DERIVED
File derived from a parent file (i.e. from ZIP)
List< LayoutFile > addCarvedFiles(List< CarvedFileContainer > filesToAdd)
List< BlackboardArtifactTag > getBlackboardArtifactTagsByTagName(TagName tagName)
static TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE fromType(long typeId)
static SleuthkitCase newCase(String caseName, CaseDbConnectionInfo info, String caseDirPath)
Report addReport(String localPath, String sourceModuleName, String reportName)
void releaseExclusiveLock()
List< BlackboardArtifactTag > getAllBlackboardArtifactTags()
ArrayList< BlackboardArtifact > getBlackboardArtifacts(String artifactTypeName, long obj_id)
Image addImage(TskData.TSK_IMG_TYPE_ENUM type, long sectorSize, long size, String displayName, List< String > imagePaths, String timezone, String md5, String sha1, String sha256, String deviceId, CaseDbTransaction transaction)
void removeErrorObserver(ErrorObserver observer)
String getContextString()
List< Content > getRootObjects()
List< AbstractFile > findFiles(Content dataSource, String fileName, String dirSubString)
ContentTagChange addContentTag(Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset)
FileSystem addFileSystem(long parentObjId, long imgOffset, TskData.TSK_FS_TYPE_ENUM type, long blockSize, long blockCount, long rootInum, long firstInum, long lastInum, String displayName, CaseDbTransaction transaction)
void acquireExclusiveLock()
boolean allFilesMd5Hashed()
String getAttrTypeString(int attrTypeID)
int getBlackboardAttributeTypesCount()
LayoutFile addCarvedFile(String carvedFileName, long carvedFileSize, long containerId, List< TskFileRange > data)
ArrayList< BlackboardAttribute.ATTRIBUTE_TYPE > getBlackboardAttributeTypes()
UNALLOC_BLOCKS
Set of blocks not allocated by file system. Parent should be image, volume, or file system...
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent)
ArrayList< BlackboardAttribute > getMatchingAttributes(String whereClause)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value)
long getBlackboardArtifactsTypeCount(int artifactTypeID)
List< ContentTag > getContentTagsByTagName(TagName tagName, long dsObjId)
void deleteContentTag(ContentTag tag)
static ObjectType valueOf(short objectType)
long getContentTagsCountByTagName(TagName tagName)
FsContent addFileSystemFile(long dataSourceObjId, long fsObjId, String fileName, long metaAddr, int metaSeq, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parent)
Collection< FileSystem > getImageFileSystems(Image image)
void updateImagePath(String newPath, long objectId)
VolumeSystem addVolumeSystem(long parentObjId, TskData.TSK_VS_TYPE_ENUM type, long imgOffset, long blockSize, CaseDbTransaction transaction)
Examiner getCurrentExaminer()
UNKNOWN
File marked as unknown by hash db.
List< TagName > getTagNamesInUse(long dsObjId)
List< AbstractFile > findAllFilesWhere(String sqlWhereClause)
boolean setKnown(AbstractFile file, FileKnown fileKnown)
static void tryConnect(CaseDbConnectionInfo info)
static SleuthkitCase openCase(String dbPath)
CaseDbQuery executeInsertOrUpdate(String query)
static String createNonUniquePath(String uniquePath)
List< BlackboardArtifactTag > getBlackboardArtifactTagsByTagName(TagName tagName, long dsObjId)
Volume addVolume(long parentObjId, long addr, long start, long length, String desc, long flags, CaseDbTransaction transaction)
long getBlackboardArtifactsCount(int artifactTypeID, long obj_id)
void submitError(String context, String errorMessage)
final List< IngestJobInfo > getIngestJobs()
ALLOC
Name is in an allocated state.
VIRTUAL_DIR
Virtual directory (not on fs) with no meta-data entry that can be used to group files of types other ...
static SleuthkitCase newCase(String dbPath)
String getBackupDatabasePath()
void acquireSingleUserCaseReadLock()
VirtualDirectory addVirtualDirectory(long parentId, String directoryName)
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction)
List< ContentTag > getContentTagsByContent(Content content)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(ARTIFACT_TYPE artifactType, long obj_id)
int countFsContentType(TskData.TSK_FS_META_TYPE_ENUM contentType)
TagName addTagName(String displayName, String description, TagName.HTML_COLOR color)
ABSTRACTFILE
File - see tsk_files for more details.
ContentTag addContentTag(Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset)
DataSource getDataSource(long objectId)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, String subString, boolean startsWith)
TSK_FS_META_TYPE_REG
Regular file NON-NLS.
Iterable< BlackboardArtifact.Type > getArtifactTypes()
List< BlackboardAttribute.Type > getAttributeTypes()
LocalFilesDataSource addLocalFilesDataSource(String deviceId, String rootDirectoryName, String timeZone, CaseDbTransaction transaction)
AddImageProcess makeAddImageProcess(String timeZone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageCopyPath)
List< FsContent > findFilesWhere(String sqlWhereClause)
static ReviewStatus withID(int id)
void copyCaseDB(String newDBPath)
ResultSet runQuery(String query)
List< TskFileRange > getFileRanges(long id)
BlackboardArtifact.Type addBlackboardArtifactType(String artifactTypeName, String displayName)
void registerForEvents(Object listener)
CaseDbQuery executeQuery(String query)
void setReviewStatus(BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus)
void setImagePaths(long obj_id, List< String > paths)
VS
Volume System - see tsk_vs_info for more details.
IMG
Disk Image - see tsk_image_info for more details.
UNALLOC
Name is in an unallocated state.
Collection< FileSystem > getFileSystems(Image image)
LocalDirectory addLocalDirectory(long parentId, String directoryName)