Sleuth Kit Java Bindings (JNI)
4.10.2
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractContent.
Inherited by org.sleuthkit.datamodel.DerivedFile, org.sleuthkit.datamodel.FsContent, org.sleuthkit.datamodel.LayoutFile, org.sleuthkit.datamodel.LocalFile, and org.sleuthkit.datamodel.SpecialDirectory.
Classes | |
enum | MimeMatchEnum |
Public Member Functions | |
void | addAttributes (Collection< Attribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException |
boolean | canRead () |
void | close () |
long | convertToImgOffset (long fileOffset) throws TskCoreException |
List< TskFileRange > | convertToImgRanges (long fileOffset, long length) throws TskCoreException |
boolean | exists () |
long | getAtime () |
String | getAtimeAsDate () |
int | getAttributeId () |
List< Attribute > | getAttributes () throws TskCoreException |
short | getAttrId () |
TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
long | getCrtime () |
String | getCrtimeAsDate () |
long | getCtime () |
String | getCtimeAsDate () |
Content | getDataSource () throws TskCoreException |
long | getDataSourceObjectId () |
String | getDirFlagAsString () |
TSK_FS_NAME_TYPE_ENUM | getDirType () |
String | getDirTypeAsString () |
int | getGid () |
TskData.FileKnown | getKnown () |
String | getLocalAbsPath () |
String | getLocalPath () |
String | getMd5Hash () |
long | getMetaAddr () |
String | getMetaFlagsAsString () |
long | getMetaSeq () |
TSK_FS_META_TYPE_ENUM | getMetaType () |
String | getMetaTypeAsString () |
String | getMIMEType () |
String | getModesAsString () |
long | getMtime () |
String | getMtimeAsDate () |
String | getNameExtension () |
Optional< Long > | getOsAccountObjectId () |
Optional< String > | getOwnerUid () |
String | getParentPath () |
List< TskFileRange > | getRanges () throws TskCoreException |
String | getSha256Hash () |
long | getSize () |
TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
int | getUid () |
String | getUniquePath () throws TskCoreException |
boolean | isDir () |
boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
boolean | isFile () |
boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
abstract boolean | isRoot () |
boolean | isVirtual () |
List< AbstractFile > | listFiles () throws TskCoreException |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
final int | read (byte[] buf, long offset, long len) throws TskCoreException |
void | save () throws TskCoreException |
void | save (CaseDbTransaction transaction) throws TskCoreException |
void | setKnown (TskData.FileKnown knownState) |
void | setMd5Hash (String md5Hash) |
void | setMIMEType (String mimeType) |
void | setSha256Hash (String sha256Hash) |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
boolean | equals (Object obj) |
Score | getAggregateScore () throws TskCoreException |
List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
long | getAllArtifactsCount () throws TskCoreException |
List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
int | getChildrenCount () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
Content | getDataSource () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Set< String > | getHashSetNames () throws TskCoreException |
long | getId () |
String | getName () |
Content | getParent () throws TskCoreException |
SleuthkitCase | getSleuthkitCase () |
String | getUniquePath () throws TskCoreException |
boolean | hasChildren () throws TskCoreException |
int | hashCode () |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
String | toString () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
public< T > T | accept (ContentVisitor< T > v) |
long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Public Member Functions inherited from org.sleuthkit.datamodel.SleuthkitVisitableItem | |
public< T > T | accept (SleuthkitItemVisitor< T > v) |
Static Public Member Functions | |
static String | createNonUniquePath (String uniquePath) |
static String | epochToTime (long epoch) |
static String | epochToTime (long epoch, TimeZone tzone) |
static long | timeToEpoch (String time) |
Protected Member Functions | |
AbstractFile (SleuthkitCase db, long objId, TskData.TSK_FS_ATTR_TYPE_ENUM attrType, short attrId, String name, TskData.TSK_DB_FILES_TYPE_ENUM fileType, long metaAddr, int metaSeq, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, short modes, int uid, int gid, String md5Hash, FileKnown knownState, String parentPath) | |
void | finalize () throws Throwable |
int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
void | setLocalPath (String localPath, boolean isAbsolute) |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Protected Attributes | |
final int | attrId |
final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
TSK_FS_NAME_FLAG_ENUM | dirFlag |
final TSK_FS_NAME_TYPE_ENUM | dirType |
final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
TskData.FileKnown | knownState |
String | md5Hash |
final long | metaAddr |
Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
final int | metaSeq |
final TSK_FS_META_TYPE_ENUM | metaType |
final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
final String | parentPath |
String | sha256Hash |
long | size |
final int | uid |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
long | parentId |
Additional Inherited Members | |
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
static final long | UNKNOWN_ID = -1 |
An abstract base class for classes that represent files that have been added to the case.
Definition at line 50 of file AbstractFile.java.
|
protected |
Initializes common fields used by AbstactFile implementations (objects in tsk_files table)
db | case / db handle where this file belongs to |
objId | object id in tsk_objects table |
attrType | |
attrId | |
name | name field of the file |
fileType | type of the file |
metaAddr | |
metaSeq | |
dirType | |
metaType | |
dirFlag | |
metaFlags | |
size | |
ctime | |
crtime | |
atime | |
mtime | |
modes | |
uid | |
gid | |
md5Hash | md5sum of the file, or null or "NULL" if not present |
knownState | knownState status of the file, or null if unknown (default) |
parentPath |
Definition at line 1477 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrType.
void org.sleuthkit.datamodel.AbstractFile.addAttributes | ( | Collection< Attribute > | attributes, |
final SleuthkitCase.CaseDbTransaction | caseDbTransaction | ||
) | throws TskCoreException |
Adds a collection of attributes to this file in a single operation within a transaction supplied by the caller.
attributes | The collection of attributes. |
caseDbTransaction | The transaction in the scope of which the operation is to be performed, managed by the caller. if Null is passed in a local transaction will be created and used. |
TskCoreException | If an error occurs and the attributes were not added to the artifact. |
Definition at line 562 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
boolean org.sleuthkit.datamodel.AbstractFile.canRead | ( | ) |
Check if the file exists and is readable. If non-local (e.g. within an image), always true, if local, checks if actual local path exists and is readable
Definition at line 1192 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.canRead().
Referenced by org.sleuthkit.datamodel.AbstractFile.canRead().
void org.sleuthkit.datamodel.AbstractFile.close | ( | ) |
Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.
Implements org.sleuthkit.datamodel.Content.
Definition at line 1231 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getName(), and org.sleuthkit.datamodel.AbstractFile.getParentPath().
Referenced by org.sleuthkit.datamodel.DerivedFile.finalize(), and org.sleuthkit.datamodel.AbstractFile.finalize().
long org.sleuthkit.datamodel.AbstractFile.convertToImgOffset | ( | long | fileOffset | ) | throws TskCoreException |
Convert an internal offset to an image offset
fileOffset | the byte offset in this layout file to map |
TskCoreException | exception thrown if critical error occurred within tsk core and offset could not be converted |
Definition at line 716 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.getRanges().
List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.convertToImgRanges | ( | long | fileOffset, |
long | length | ||
) | throws TskCoreException |
Converts a file offset and length into a series of TskFileRange objects whose offsets are relative to the image. This method will only work on files with layout ranges.
fileOffset | The byte offset in this file to map. |
length | The length of bytes starting at fileOffset requested. |
TskCoreException |
Definition at line 749 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskFileRange.getByteLen(), org.sleuthkit.datamodel.TskFileRange.getByteStart(), and org.sleuthkit.datamodel.AbstractFile.getRanges().
|
static |
uniquePath | the unique path to an AbstractFile (or subclass) usually obtained by a call to AbstractFile.getUniquePath. |
Definition at line 848 of file AbstractFile.java.
|
static |
Return the epoch into string in ISO 8601 dateTime format
epoch | time in seconds |
Definition at line 1584 of file AbstractFile.java.
References org.sleuthkit.datamodel.TimeUtilities.epochToTime().
Referenced by org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate(), and org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate().
|
static |
Return the epoch into string in ISO 8601 dateTime format, in the given timezone
epoch | time in seconds |
tzone | time zone |
Definition at line 1600 of file AbstractFile.java.
References org.sleuthkit.datamodel.TimeUtilities.epochToTime().
boolean org.sleuthkit.datamodel.AbstractFile.exists | ( | ) |
Check if the file exists. If non-local always true, if local, checks if actual local path exists
Definition at line 1171 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.exists().
Referenced by org.sleuthkit.datamodel.AbstractFile.exists(), and org.sleuthkit.datamodel.Image.imageFileExists().
|
protected |
Definition at line 1250 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.close().
long org.sleuthkit.datamodel.AbstractFile.getAtime | ( | ) |
String org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate | ( | ) |
Get the access time as Date (in local timezone)
Definition at line 284 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
int org.sleuthkit.datamodel.AbstractFile.getAttributeId | ( | ) |
Get the attribute id
Definition at line 230 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrId.
List<Attribute> org.sleuthkit.datamodel.AbstractFile.getAttributes | ( | ) | throws TskCoreException |
Gets the attributes of this File
TskCoreException |
Definition at line 537 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
short org.sleuthkit.datamodel.AbstractFile.getAttrId | ( | ) |
Get the attribute id
Definition at line 1540 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrId.
TskData.TSK_FS_ATTR_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getAttrType | ( | ) |
Get the attribute type
Definition at line 221 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrType.
long org.sleuthkit.datamodel.AbstractFile.getCrtime | ( | ) |
String org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate | ( | ) |
Get the creation time as Date (in local timezone)
Definition at line 266 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
long org.sleuthkit.datamodel.AbstractFile.getCtime | ( | ) |
String org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate | ( | ) |
Get the change time as Date (in local timezone)
Definition at line 248 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
Content org.sleuthkit.datamodel.AbstractFile.getDataSource | ( | ) | throws TskCoreException |
Gets the data source for this file.
TskCoreException | if there was an error querying the case database. |
To obtain the data source as a DataSource object, use: getSleuthkitCase().getDataSource(getDataSourceObjectId());
Implements org.sleuthkit.datamodel.Content.
Definition at line 673 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.LayoutFile.readInt().
long org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId | ( | ) |
Gets the object id of the data source for this file.
Definition at line 682 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.VirtualDirectory.getDataSource(), and org.sleuthkit.datamodel.SpecialDirectory.isDataSource().
String org.sleuthkit.datamodel.AbstractFile.getDirFlagAsString | ( | ) |
Definition at line 934 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.toString().
TSK_FS_NAME_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getDirType | ( | ) |
Get the directory type id
Definition at line 913 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.dirType.
String org.sleuthkit.datamodel.AbstractFile.getDirTypeAsString | ( | ) |
Definition at line 917 of file AbstractFile.java.
int org.sleuthkit.datamodel.AbstractFile.getGid | ( | ) |
TskData.FileKnown org.sleuthkit.datamodel.AbstractFile.getKnown | ( | ) |
Get "knownState" file status - after running a HashDB ingest on it As marked by a knownState file database, such as NSRL
Definition at line 627 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.knownState.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
String org.sleuthkit.datamodel.AbstractFile.getLocalAbsPath | ( | ) |
Get local absolute path of the file, if localPath has been set
Definition at line 1152 of file AbstractFile.java.
String org.sleuthkit.datamodel.AbstractFile.getLocalPath | ( | ) |
Get local relative to case db path of the file
Definition at line 1143 of file AbstractFile.java.
String org.sleuthkit.datamodel.AbstractFile.getMd5Hash | ( | ) |
Get the md5 hash value as calculated, if present
Definition at line 504 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.md5Hash.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
long org.sleuthkit.datamodel.AbstractFile.getMetaAddr | ( | ) |
Get the file meta address
Definition at line 329 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.metaAddr.
Referenced by org.sleuthkit.datamodel.FsContent.isRoot().
String org.sleuthkit.datamodel.AbstractFile.getMetaFlagsAsString | ( | ) |
Definition at line 950 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.
long org.sleuthkit.datamodel.AbstractFile.getMetaSeq | ( | ) |
Get the file meta address sequence. Only useful with NTFS. Incremented each time a structure is re-allocated.
Definition at line 339 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.metaSeq.
TSK_FS_META_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getMetaType | ( | ) |
Get the meta data type
Definition at line 900 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.metaType.
String org.sleuthkit.datamodel.AbstractFile.getMetaTypeAsString | ( | ) |
Definition at line 904 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString().
String org.sleuthkit.datamodel.AbstractFile.getMIMEType | ( | ) |
Gets the MIME type of this file.
Definition at line 465 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
String org.sleuthkit.datamodel.AbstractFile.getModesAsString | ( | ) |
Get the file's mode as a user-displayable string
Definition at line 348 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.modes, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.toInt(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString(), org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH, and org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR.
long org.sleuthkit.datamodel.AbstractFile.getMtime | ( | ) |
String org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate | ( | ) |
Get the modified time as Date (in local timezone)
Definition at line 302 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
String org.sleuthkit.datamodel.AbstractFile.getNameExtension | ( | ) |
Get the extension part of the filename, if there is one. We assume that extensions only have ASCII alphanumeric chars
Definition at line 638 of file AbstractFile.java.
Optional<Long> org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId | ( | ) |
Get the Object Id of the owner account.
Definition at line 1396 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.newDataArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().
Optional<String> org.sleuthkit.datamodel.AbstractFile.getOwnerUid | ( | ) |
Get the owner uid.
Note this is a string uid, typically a Windows SID. This is different from the numeric uid commonly found on Unix based file systems.
Definition at line 1387 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().
String org.sleuthkit.datamodel.AbstractFile.getParentPath | ( | ) |
Get path of the parent of this file
Definition at line 657 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.parentPath.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.AbstractFile.close(), org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment.FileAttachment(), and org.sleuthkit.datamodel.FsContent.getUniquePath().
List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.getRanges | ( | ) | throws TskCoreException |
Gets file ranges associated with the file. File ranges are objects in tsk_file_layout table Any file type (especially unallocated) may have 1 or more block ranges associated with it
TskCoreException | exception thrown if critical error occurred within tsk core |
Definition at line 696 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.AbstractFile.convertToImgOffset(), org.sleuthkit.datamodel.AbstractFile.convertToImgRanges(), org.sleuthkit.datamodel.LayoutFile.getNumParts(), and org.sleuthkit.datamodel.LayoutFile.readInt().
String org.sleuthkit.datamodel.AbstractFile.getSha256Hash | ( | ) |
Get the SHA-256 hash value as calculated, if present
Definition at line 526 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.sha256Hash.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
long org.sleuthkit.datamodel.AbstractFile.getSize | ( | ) |
Get size of the file
Implements org.sleuthkit.datamodel.Content.
Definition at line 648 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.size.
Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().
TskData.TSK_DB_FILES_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getType | ( | ) |
Gets type of the abstract file as defined in TSK_DB_FILES_TYPE_ENUM
Definition at line 212 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.fileType.
int org.sleuthkit.datamodel.AbstractFile.getUid | ( | ) |
Get the user id
Definition at line 311 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.uid.
String org.sleuthkit.datamodel.AbstractFile.getUniquePath | ( | ) | throws TskCoreException |
Implements org.sleuthkit.datamodel.Content.
Definition at line 1401 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.getDataSource(), org.sleuthkit.datamodel.AbstractContent.getName(), and org.sleuthkit.datamodel.Content.getUniquePath().
boolean org.sleuthkit.datamodel.AbstractFile.isDir | ( | ) |
Is this object a directory. Should return true for file system folders and virtual folders.
Definition at line 828 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.
Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().
boolean org.sleuthkit.datamodel.AbstractFile.isDirNameFlagSet | ( | TSK_FS_NAME_FLAG_ENUM | flag | ) |
flag | the TSK_FS_NAME_FLAG_ENUM to check |
Definition at line 926 of file AbstractFile.java.
boolean org.sleuthkit.datamodel.AbstractFile.isFile | ( | ) |
Is this object a file. Should return true for all types of files, including file system, logical, derived, layout, and slack space for files.
Definition at line 815 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.
boolean org.sleuthkit.datamodel.AbstractFile.isMetaFlagSet | ( | TSK_FS_META_FLAG_ENUM | metaFlag | ) |
metaFlag | the TSK_FS_META_FLAG_ENUM to check |
Definition at line 965 of file AbstractFile.java.
MimeMatchEnum org.sleuthkit.datamodel.AbstractFile.isMimeType | ( | SortedSet< String > | mimeTypes | ) |
Determines if this file's type is one of the ones passed in. Uses the blackboard attribute for file type.
mimeTypes | Set of file types to compare against |
Definition at line 1297 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.FALSE, org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.TRUE, and org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.UNDEFINED.
boolean org.sleuthkit.datamodel.AbstractFile.isModeSet | ( | TskData.TSK_FS_META_MODE_ENUM | mode | ) |
Definition at line 482 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.modes.
|
abstract |
Is this a root of a file system
boolean org.sleuthkit.datamodel.AbstractFile.isVirtual | ( | ) |
is this a virtual file or directory that was created by The Sleuth Kit or Autopsy for general structure and organization.
Definition at line 802 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
List<AbstractFile> org.sleuthkit.datamodel.AbstractFile.listFiles | ( | ) | throws TskCoreException |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 880 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getChildren().
BlackboardArtifact org.sleuthkit.datamodel.AbstractFile.newArtifact | ( | int | artifactTypeID | ) | throws TskCoreException |
Create and add an artifact associated with this content to the blackboard
artifactTypeID | id of the artifact type (if the id doesn't already exist an exception will be thrown) |
TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 1422 of file AbstractFile.java.
References org.sleuthkit.datamodel.BlackboardArtifact.newArtifact().
DataArtifact org.sleuthkit.datamodel.AbstractFile.newDataArtifact | ( | BlackboardArtifact.Type | artifactType, |
Collection< BlackboardAttribute > | attributesList | ||
) | throws TskCoreException |
Create and add a data artifact associated with this abstract file. This method creates the data artifact with the os account id associated with this abstract file if one exists.
artifactType | Type of data artifact to create. |
attributesList | Additional attributes to attach to this data artifact. |
TskCoreException | If a critical error occurred within tsk core. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 1440 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId(), and org.sleuthkit.datamodel.BlackboardArtifact.newDataArtifact().
final int org.sleuthkit.datamodel.AbstractFile.read | ( | byte[] | buf, |
long | offset, | ||
long | len | ||
) | throws TskCoreException |
Reads data that this content object is associated with (file contents, volume contents, etc.).
buf | a character array of data (in bytes) to copy read data to |
offset | byte offset in the content to start reading from |
len | number of bytes to read into buf. |
TskCoreException | if critical error occurred during read in the tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 997 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.readInt(), and org.sleuthkit.datamodel.AbstractFile.readLocal().
|
protected |
Internal custom read (non-local) method that child classes can implement
buf | buffer to read into |
offset | start reading position in the file |
len | number of bytes to read |
TskCoreException | exception thrown when file could not be read |
Definition at line 1019 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.read().
|
protected |
Local file path read support
buf | buffer to read into |
offset | start reading position in the file |
len | number of bytes to read |
TskCoreException | exception thrown when file could not be read |
Definition at line 1034 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.getSize(), org.sleuthkit.datamodel.AbstractFile.isDir(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.
Referenced by org.sleuthkit.datamodel.AbstractFile.read().
void org.sleuthkit.datamodel.AbstractFile.save | ( | ) | throws TskCoreException |
Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state.
TskCoreException | if there is an error saving the editable file properties to the case database. |
Definition at line 1314 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
void org.sleuthkit.datamodel.AbstractFile.save | ( | CaseDbTransaction | transaction | ) | throws TskCoreException |
Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state, in the context of a given case database transaction.
transaction | The transaction. |
TskCoreException | if there is an error saving the editable file properties to the case database. |
Definition at line 1338 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractFile.getKnown(), org.sleuthkit.datamodel.AbstractFile.getMd5Hash(), org.sleuthkit.datamodel.AbstractFile.getMIMEType(), org.sleuthkit.datamodel.AbstractContent.getName(), and org.sleuthkit.datamodel.AbstractFile.getSha256Hash().
void org.sleuthkit.datamodel.AbstractFile.setKnown | ( | TskData.FileKnown | knownState | ) |
Sets the known state for this file. Passed in value will be ignored if it is "less" than the current state. A NOTABLE file cannot be downgraded to KNOWN.
IMPORTANT: The known state is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
knownState | The known state of the file. |
Definition at line 610 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.knownState.
|
protected |
Set local path for the file, as stored in db tsk_files_path, relative to the case db path or an absolute path. When set, subsequent invocations of read() will read the file in the local path.
localPath | local path to be set |
isAbsolute | true if the path is absolute, false if relative to the case db |
Definition at line 1565 of file AbstractFile.java.
void org.sleuthkit.datamodel.AbstractFile.setMd5Hash | ( | String | md5Hash | ) |
Sets the MD5 hash for this file.
IMPORTANT: The MD5 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
md5Hash | The MD5 hash of the file. |
Definition at line 494 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.md5Hash.
void org.sleuthkit.datamodel.AbstractFile.setMIMEType | ( | String | mimeType | ) |
Sets the MIME type for this file.
IMPORTANT: The MIME type is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
mimeType | The MIME type of this file. |
Definition at line 477 of file AbstractFile.java.
void org.sleuthkit.datamodel.AbstractFile.setSha256Hash | ( | String | sha256Hash | ) |
Sets the SHA-256 hash for this file.
IMPORTANT: The SHA-256 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
sha256Hash | The SHA-256 hash of the file. |
Definition at line 516 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.sha256Hash.
|
static |
Convert from ISO 8601 formatted date time string to epoch time in seconds
time | formatted date time string as "yyyy-MM-dd HH:mm:ss" |
Definition at line 1612 of file AbstractFile.java.
References org.sleuthkit.datamodel.TimeUtilities.timeToEpoch().
String org.sleuthkit.datamodel.AbstractFile.toString | ( | boolean | preserveState | ) |
Definition at line 1259 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrType, org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.AbstractFile.knownState, and org.sleuthkit.datamodel.AbstractFile.modes.
|
protected |
Definition at line 61 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getAttributeId(), and org.sleuthkit.datamodel.AbstractFile.getAttrId().
|
protected |
Definition at line 62 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.AbstractFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getAttrType(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
Definition at line 55 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 53 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getDirType(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 52 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.getType(), org.sleuthkit.datamodel.AbstractFile.isVirtual(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
knownState status in database
Definition at line 80 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getKnown(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource(), org.sleuthkit.datamodel.AbstractFile.setKnown(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
Definition at line 85 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMd5Hash(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource(), and org.sleuthkit.datamodel.AbstractFile.setMd5Hash().
|
protected |
Definition at line 58 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMetaAddr(), and org.sleuthkit.datamodel.FsContent.getMetaDataText().
|
protected |
Definition at line 56 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 59 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), and org.sleuthkit.datamodel.AbstractFile.getMetaSeq().
|
protected |
Definition at line 54 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMetaType(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 63 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getModesAsString(), org.sleuthkit.datamodel.AbstractFile.isModeSet(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
Definition at line 76 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 90 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.getSha256Hash(), and org.sleuthkit.datamodel.AbstractFile.setSha256Hash().
|
protected |
Definition at line 57 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.DerivedFile(), org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getSize(), org.sleuthkit.datamodel.LayoutFile.LayoutFile(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.FsContent.readInt().
|
protected |
Definition at line 60 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), and org.sleuthkit.datamodel.AbstractFile.getUid().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.