Sleuth Kit Java Bindings (JNI)  4.10.2
Java bindings for using The Sleuth Kit
OSInfo.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2013 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
22 
23 import java.util.Map;
24 import java.util.HashMap;
25 import java.util.ArrayList;
26 import java.util.List;
27 
31 public class OSInfo {
32 
33  private final List<BlackboardArtifact> artifacts;
34  private final Map<Integer, String> attributeMap;
35  private final boolean isBackup;
36  private final boolean haveFsContent;
37  private final long fileSystemId;
38  private final boolean haveParentId;
39  private final long parentObjId;
40 
41  public OSInfo() {
42  artifacts = new ArrayList<BlackboardArtifact>();
43  attributeMap = new HashMap<Integer, String>();
44  isBackup = false;
45  fileSystemId = 0;
46  haveFsContent = false;
47  parentObjId = 0;
48  haveParentId = false;
49  }
50 
64  public OSInfo(BlackboardArtifact a_art, boolean a_isBackup, long a_fileSystemId, Content a_parent) throws TskCoreException {
65  artifacts = new ArrayList<BlackboardArtifact>();
66  artifacts.add(a_art);
67  isBackup = a_isBackup;
68  fileSystemId = a_fileSystemId;
69  haveFsContent = true;
70  attributeMap = new HashMap<Integer, String>();
71  for (BlackboardAttribute attr : a_art.getAttributes()) {
72  attributeMap.put(attr.getAttributeType().getTypeID(), attr.getValueString());
73  }
74 
75  if (a_parent != null) {
76  parentObjId = a_parent.getId();
77  haveParentId = true;
78  } else {
79  parentObjId = 0;
80  haveParentId = false;
81  }
82  }
83 
95  public OSInfo(BlackboardArtifact a_art, boolean a_isBackup, Content a_parent) throws TskCoreException {
96  artifacts = new ArrayList<BlackboardArtifact>();
97  artifacts.add(a_art);
98  isBackup = a_isBackup;
99  fileSystemId = 0;
100  haveFsContent = false;
101  if (a_parent != null) {
102  parentObjId = a_parent.getId();
103  haveParentId = true;
104  } else {
105  parentObjId = 0;
106  haveParentId = false;
107  }
108  attributeMap = new HashMap<Integer, String>();
109  for (BlackboardAttribute attr : a_art.getAttributes()) {
110  attributeMap.put(attr.getAttributeType().getTypeID(), attr.getValueString());
111  }
112  }
113 
121  public boolean matches(OSInfo a_osInfo) {
122 
123  // Check if the two are in the same directory.
124  // OSInfo is only dependant on SYSTEM and SOFTWARE, which should always be in the same directory
125  // on the file system.
126  if (haveParentId && a_osInfo.haveParentId) {
127 
128  return (parentObjId == a_osInfo.parentObjId);
129  }
130 
131  // If we don't have a parent directory, just see if they're on the same file system,
132  // and both have the same backup status.
133  if (haveFsContent && a_osInfo.haveFsContent) {
134  return ((a_osInfo.isBackup == isBackup) && (a_osInfo.fileSystemId == fileSystemId));
135  }
136 
137  return false;
138  }
139 
145  public void combine(OSInfo a_osInfo) {
146  artifacts.addAll(a_osInfo.artifacts);
147  attributeMap.putAll(a_osInfo.attributeMap);
148  }
149 
150  public List<BlackboardArtifact> getArtifacts() {
151  return artifacts;
152  }
153 
154  public boolean haveFileSystem() {
155  return haveFsContent;
156  }
157 
158  public long getFileSystemId() {
159  return fileSystemId;
160  }
161 
162  public boolean getIsBackup() {
163  return isBackup;
164  }
165 
173  public String getAttributeValue(ATTRIBUTE_TYPE attrType) {
174  if (attributeMap.containsKey(attrType.getTypeID())) {
175  return attributeMap.get(attrType.getTypeID());
176  }
177  return "";
178  }
179 
180  /*
181  * Dedicated getters for the most common attributes.
182  */
183  public String getCompName() {
185  }
186 
187  public String getProcessorArchitecture() {
189  }
190 
191  public String getDomain() {
193  }
194 
195  public String getOSName() {
197  }
198 
199 }
OSInfo(BlackboardArtifact a_art, boolean a_isBackup, Content a_parent)
Definition: OSInfo.java:95
OSInfo(BlackboardArtifact a_art, boolean a_isBackup, long a_fileSystemId, Content a_parent)
Definition: OSInfo.java:64
boolean matches(OSInfo a_osInfo)
Definition: OSInfo.java:121
List< BlackboardArtifact > getArtifacts()
Definition: OSInfo.java:150
void combine(OSInfo a_osInfo)
Definition: OSInfo.java:145
String getAttributeValue(ATTRIBUTE_TYPE attrType)
Definition: OSInfo.java:173

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.