Sleuth Kit Java Bindings (JNI)  4.10.2
Java bindings for using The Sleuth Kit
Volume.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.util.ResourceBundle;
22 import java.util.ArrayList;
23 import java.util.List;
24 
29 public class Volume extends AbstractContent {
30 
31  private long addr;
32  private long startSector; //in sectors, relative to volume system start
33  private long lengthInSectors; //in sectors
34  private long flags;
35  private String desc;
36  private volatile long volumeHandle = 0;
37  private volatile String uniquePath;
38  private static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
39 
51  protected Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc) {
52  super(db, obj_id, "vol" + Long.toString(addr)); //NON-NLS
53  this.addr = addr;
54  this.startSector = startSector;
55  this.lengthInSectors = lengthInSectors;
56  this.uniquePath = null;
57  this.flags = flags;
58  if (!desc.equals("")) {
59  this.desc = desc;
60  } else {
61  this.desc = bundle.getString("Volume.desc.text");
62  }
63  }
64 
65  @Override
66  public int read(byte[] buf, long offset, long len) throws TskCoreException {
67  synchronized (this) {
68  Content myParent = getParent();
69  if (!(myParent instanceof VolumeSystem)) {
70  throw new TskCoreException(bundle.getString("Volume.read.exception.msg1.text"));
71  }
72  VolumeSystem parentVs = (VolumeSystem) myParent;
73 
74  // Reading from APFS volumes/volume systems is not yet supported
75  if (parentVs.getType().equals(TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS)) {
76  throw new TskCoreException("Reading APFS pool volumes not yet supported");
77  }
78 
79  // read from the volume
80  if (volumeHandle == 0) {
81  volumeHandle = SleuthkitJNI.openVsPart(parentVs.getVolumeSystemHandle(), addr);
82  }
83 
84  }
85  return SleuthkitJNI.readVsPart(volumeHandle, buf, offset, len);
86  }
87 
88  @Override
89  public void close() {
90  // there is nothing to free. The VolumeSystem structure
91  // in C++ contains this structure and will free it.
92  volumeHandle = 0;
93  }
94 
95  @Override
96  public void finalize() throws Throwable {
97  try {
98  close();
99  } finally {
100  super.finalize();
101  }
102  }
103 
104  @Override
105  public long getSize() {
106  return lengthInSectors * 512;
107  }
108 
109  @Override
110  public String getUniquePath() throws TskCoreException {
111  // It is possible that multiple threads could be doing this calculation
112  // simultaneously, but it's worth the potential extra processing to prevent deadlocks.
113  if(uniquePath == null) {
114  String tempUniquePath = "";
115  String name = getName();
116  if (!name.isEmpty()) {
117  tempUniquePath = "/vol_" + name; //NON-NLS
118  }
119 
120  Content myParent = getParent();
121  if (myParent != null) {
122  tempUniquePath = myParent.getUniquePath() + tempUniquePath;
123  }
124 
125  // Don't update uniquePath until it is complete.
126  uniquePath = tempUniquePath;
127  }
128  return uniquePath;
129  }
130 
131  //methods get exact data from database. could be manipulated to get more
132  //meaningful data.
139  public long getAddr() {
140  return addr;
141  }
142 
149  public long getStart() {
150  return startSector;
151  }
152 
158  public long getLength() {
159  return lengthInSectors;
160  }
161 
167  public long getFlags() {
168  return flags;
169  }
170 
176  public String getFlagsAsString() {
177  return Volume.vsFlagToString(flags);
178  }
179 
186  public String getDescription() {
187  return desc;
188  }
189 
190  // ----- Here all the methods for vs flags conversion / mapping -----
198  public static String vsFlagToValue(long vsFlag) {
199 
200  String result = "";
201 
202  for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()) {
203  if (flag.getVsFlag() == vsFlag) {
204  result = flag.toString();
205  }
206  }
207  return result;
208  }
209 
217  public static long valueToVsFlag(String vsFlag) {
218 
219  long result = 0;
220 
221  for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()) {
222  if (flag.toString().equals(vsFlag)) {
223  result = flag.getVsFlag();
224  }
225  }
226  return result;
227  }
228 
236  public static String vsFlagToString(long vsFlag) {
237 
238  String result = "";
239 
240  long allocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC.getVsFlag();
241  long unallocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC.getVsFlag();
242 
243  // some variables that might be needed in the future
244  long metaFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META.getVsFlag();
245  long allFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL.getVsFlag();
246 
247  if ((vsFlag & allocFlag) == allocFlag) {
248  result = bundle.getString("Volume.vsFlagToString.allocated");
249  }
250  if ((vsFlag & unallocFlag) == unallocFlag) {
251  result = bundle.getString("Volume.vsFlagToString.unallocated");
252  }
253  // ... add more code here if needed
254 
255  return result;
256  }
257 
258  @Override
259  public <T> T accept(SleuthkitItemVisitor<T> v) {
260  return v.visit(this);
261  }
262 
263  @Override
264  public <T> T accept(ContentVisitor<T> v) {
265  return v.visit(this);
266  }
267 
268  @Override
269  public List<Content> getChildren() throws TskCoreException {
270  return getSleuthkitCase().getVolumeChildren(this);
271  }
272 
273  @Override
274  public List<Long> getChildrenIds() throws TskCoreException {
275  return getSleuthkitCase().getVolumeChildrenIds(this);
276  }
277 
283  public List<FileSystem> getFileSystems() throws TskCoreException {
284 
285  List<Content> children = getChildren();
286  List<FileSystem> fileSystems = new ArrayList<FileSystem>();
287  for (Content child : children) {
288  if (child instanceof FileSystem) {
289  fileSystems.add((FileSystem) child);
290  }
291  }
292 
293  return fileSystems;
294  }
295 
296  @Override
297  public String toString(boolean preserveState) {
298  return super.toString(preserveState) + "Volume [\t" + "addr " + addr + "\t" + "desc " + desc + "\t" + "flags " + flags + "\t" + "length " + lengthInSectors + "\t" + "start " + startSector + "]\t"; //NON-NLS
299  }
300 }
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL
TSK_VS_PART_FLAG_ALL
Show all sectors in the walk.
Definition: TskData.java:336
org.sleuthkit.datamodel.Volume.valueToVsFlag
static long valueToVsFlag(String vsFlag)
Definition: Volume.java:217
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC
TSK_VS_PART_FLAG_ALLOC
Sectors are allocated to a volume in the volume system.
Definition: TskData.java:333
org.sleuthkit.datamodel.AbstractContent.getName
String getName()
Definition: AbstractContent.java:67
org.sleuthkit.datamodel.Volume.read
int read(byte[] buf, long offset, long len)
Definition: Volume.java:66
org.sleuthkit.datamodel.Volume.getFileSystems
List< FileSystem > getFileSystems()
Definition: Volume.java:283
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS
TSK_VS_TYPE_APFS
APFS pool NON-NLS.
Definition: TskData.java:581
org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle
synchronized long getVolumeSystemHandle()
Definition: VolumeSystem.java:100
org.sleuthkit.datamodel.Volume.toString
String toString(boolean preserveState)
Definition: Volume.java:297
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META
TSK_VS_PART_FLAG_META
Sectors contain volume system metadata and could also be ALLOC or UNALLOC.
Definition: TskData.java:335
org.sleuthkit.datamodel.AbstractContent
Definition: AbstractContent.java:40
org.sleuthkit.datamodel.Volume.Volume
Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc)
Definition: Volume.java:51
org.sleuthkit.datamodel.SleuthkitJNI.readVsPart
static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:1405
org.sleuthkit.datamodel.Volume.getChildrenIds
List< Long > getChildrenIds()
Definition: Volume.java:274
org.sleuthkit.datamodel.Volume.vsFlagToValue
static String vsFlagToValue(long vsFlag)
Definition: Volume.java:198
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM
Definition: TskData.java:331
org.sleuthkit.datamodel.Volume.getChildren
List< Content > getChildren()
Definition: Volume.java:269
org.sleuthkit.datamodel.AbstractContent.getParent
Content getParent()
Definition: AbstractContent.java:124
org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase
SleuthkitCase getSleuthkitCase()
Definition: AbstractContent.java:282
org.sleuthkit.datamodel.Content
Definition: Content.java:33
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM
Definition: TskData.java:573
org.sleuthkit.datamodel.SleuthkitJNI.openVsPart
static long openVsPart(long vsHandle, long volId)
Definition: SleuthkitJNI.java:1061
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC
TSK_VS_PART_FLAG_UNALLOC
Sectors are not allocated to a volume.
Definition: TskData.java:334
org.sleuthkit.datamodel.Volume.vsFlagToString
static String vsFlagToString(long vsFlag)
Definition: Volume.java:236
org.sleuthkit.datamodel.Content.getUniquePath
String getUniquePath()

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.