Sleuth Kit Java Bindings (JNI)
4.10.2
Java bindings for using The Sleuth Kit
|
Classes | |
class | CaseDbConnection |
class | CaseDbQuery |
class | CaseDbTransaction |
interface | ErrorObserver |
class | ObjectInfo |
Public Member Functions | |
void | acquireExclusiveLock () |
void | acquireSharedLock () |
void | acquireSingleUserCaseReadLock () |
void | acquireSingleUserCaseWriteLock () |
BlackboardAttribute.Type | addArtifactAttributeType (String attrTypeString, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName) throws TskCoreException, TskDataException |
int | addArtifactType (String artifactTypeName, String displayName) throws TskCoreException |
int | addAttrType (String attrTypeString, String displayName) throws TskCoreException |
BlackboardArtifactTag | addBlackboardArtifactTag (BlackboardArtifact artifact, TagName tagName, String comment) throws TskCoreException |
BlackboardArtifact.Type | addBlackboardArtifactType (String artifactTypeName, String displayName) throws TskCoreException, TskDataException |
void | addBlackboardAttribute (BlackboardAttribute attr, int artifactTypeId) throws TskCoreException |
void | addBlackboardAttributes (Collection< BlackboardAttribute > attributes, int artifactTypeId) throws TskCoreException |
LayoutFile | addCarvedFile (String carvedFileName, long carvedFileSize, long containerId, List< TskFileRange > data) throws TskCoreException |
final List< LayoutFile > | addCarvedFiles (CarvingResult carvingResult) throws TskCoreException |
List< LayoutFile > | addCarvedFiles (List< CarvedFileContainer > filesToAdd) throws TskCoreException |
ContentTag | addContentTag (Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset) throws TskCoreException |
DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException |
DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType, CaseDbTransaction transaction) throws TskCoreException |
DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException |
void | addErrorObserver (ErrorObserver observer) |
FileSystem | addFileSystem (long parentObjId, long imgOffset, TskData.TSK_FS_TYPE_ENUM type, long blockSize, long blockCount, long rootInum, long firstInum, long lastInum, String displayName, CaseDbTransaction transaction) throws TskCoreException |
FsContent | addFileSystemFile (long dataSourceObjId, long fsObjId, String fileName, long metaAddr, int metaSeq, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parent) throws TskCoreException |
FsContent | addFileSystemFile (long dataSourceObjId, long fsObjId, String fileName, long metaAddr, int metaSeq, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, String md5Hash, String sha256Hash, String mimeType, boolean isFile, Content parent, String ownerUid, OsAccount osAccount, List< Attribute > fileAttributes, CaseDbTransaction transaction) throws TskCoreException |
Image | addImage (TskData.TSK_IMG_TYPE_ENUM type, long sectorSize, long size, String displayName, List< String > imagePaths, String timezone, String md5, String sha1, String sha256, String deviceId, CaseDbTransaction transaction) throws TskCoreException |
Image | addImage (TskData.TSK_IMG_TYPE_ENUM type, long sectorSize, long size, String displayName, List< String > imagePaths, String timezone, String md5, String sha1, String sha256, String deviceId, Host host, CaseDbTransaction transaction) throws TskCoreException |
Image | addImageInfo (long deviceObjId, List< String > imageFilePaths, String timeZone) throws TskCoreException |
Image | addImageInfo (long deviceObjId, List< String > imageFilePaths, String timeZone, Host host) throws TskCoreException |
final IngestJobInfo | addIngestJob (Content dataSource, String hostName, List< IngestModuleInfo > ingestModules, Date jobStart, Date jobEnd, IngestJobStatusType status, String settingsDir) throws TskCoreException |
final IngestModuleInfo | addIngestModule (String displayName, String factoryClassName, IngestModuleType type, String version) throws TskCoreException |
LayoutFile | addLayoutFile (String fileName, long size, TSK_FS_NAME_FLAG_ENUM dirFlag, TSK_FS_META_FLAG_ENUM metaFlag, long ctime, long crtime, long atime, long mtime, List< TskFileRange > fileRanges, Content parent) throws TskCoreException |
final List< LayoutFile > | addLayoutFiles (Content parent, List< TskFileRange > fileRanges) throws TskCoreException |
LocalDirectory | addLocalDirectory (long parentId, String directoryName) throws TskCoreException |
LocalDirectory | addLocalDirectory (long parentId, String directoryName, CaseDbTransaction transaction) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, String md5, String sha256, FileKnown known, String mimeType, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, String md5, String sha256, FileKnown known, String mimeType, boolean isFile, TskData.EncodingType encodingType, Long osAccountId, String ownerAccount, Content parent, CaseDbTransaction transaction) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, String md5, FileKnown known, String mimeType, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent, CaseDbTransaction transaction) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent) throws TskCoreException |
LocalFilesDataSource | addLocalFilesDataSource (String deviceId, String rootDirectoryName, String timeZone, CaseDbTransaction transaction) throws TskCoreException |
LocalFilesDataSource | addLocalFilesDataSource (String deviceId, String rootDirectoryName, String timeZone, Host host, CaseDbTransaction transaction) throws TskCoreException |
TagName | addOrUpdateTagName (String displayName, String description, TagName.HTML_COLOR color, TskData.FileKnown knownStatus) throws TskCoreException |
Pool | addPool (long parentObjId, TskData.TSK_POOL_TYPE_ENUM type, CaseDbTransaction transaction) throws TskCoreException |
Report | addReport (String localPath, String sourceModuleName, String reportName) throws TskCoreException |
Report | addReport (String localPath, String sourceModuleName, String reportName, Content parent) throws TskCoreException |
TagName | addTagName (String displayName, String description, TagName.HTML_COLOR color) throws TskCoreException |
VirtualDirectory | addVirtualDirectory (long parentId, String directoryName) throws TskCoreException |
VirtualDirectory | addVirtualDirectory (long parentId, String directoryName, CaseDbTransaction transaction) throws TskCoreException |
Volume | addVolume (long parentObjId, long addr, long start, long length, String desc, long flags, CaseDbTransaction transaction) throws TskCoreException |
VolumeSystem | addVolumeSystem (long parentObjId, TskData.TSK_VS_TYPE_ENUM type, long imgOffset, long blockSize, CaseDbTransaction transaction) throws TskCoreException |
boolean | allFilesMd5Hashed () |
CaseDbTransaction | beginTransaction () throws TskCoreException |
synchronized void | close () |
void | closeRunQuery (ResultSet resultSet) throws SQLException |
void | copyCaseDB (String newDBPath) throws IOException |
int | countFilesMd5Hashed () |
long | countFilesWhere (String sqlWhereClause) throws TskCoreException |
int | countFsContentType (TskData.TSK_FS_META_TYPE_ENUM contentType) throws TskCoreException |
void | deleteBlackboardArtifactTag (BlackboardArtifactTag tag) throws TskCoreException |
void | deleteContentTag (ContentTag tag) throws TskCoreException |
void | deleteReport (Report report) throws TskCoreException |
CaseDbQuery | executeInsertOrUpdate (String query) throws TskCoreException |
CaseDbQuery | executeQuery (String query) throws TskCoreException |
List< Long > | findAllFileIdsWhere (String sqlWhereClause) throws TskCoreException |
List< AbstractFile > | findAllFilesInFolderWhere (long parentId, String sqlWhereClause) throws TskCoreException |
List< AbstractFile > | findAllFilesWhere (String sqlWhereClause) throws TskCoreException |
List< AbstractFile > | findFiles (Content dataSource, String fileName) throws TskCoreException |
List< AbstractFile > | findFiles (Content dataSource, String fileName, String dirSubString) throws TskCoreException |
List< AbstractFile > | findFiles (Content dataSource, String fileName, AbstractFile parentFile) throws TskCoreException |
List< AbstractFile > | findFilesByMd5 (String md5Hash) |
List< AbstractFile > | findFilesInFolder (String fileName, AbstractFile parentFile) throws TskCoreException |
List< FsContent > | findFilesWhere (String sqlWhereClause) throws TskCoreException |
AbstractFile | getAbstractFileById (long id) throws TskCoreException |
List< BlackboardArtifactTag > | getAllBlackboardArtifactTags () throws TskCoreException |
List< ContentTag > | getAllContentTags () throws TskCoreException |
List< Report > | getAllReports () throws TskCoreException |
List< TagName > | getAllTagNames () throws TskCoreException |
BlackboardArtifact | getArtifactByArtifactId (long id) throws TskCoreException |
BlackboardArtifact | getArtifactById (long id) throws TskCoreException |
BlackboardArtifact.Type | getArtifactType (String artTypeName) throws TskCoreException |
int | getArtifactTypeID (String artifactTypeName) throws TskCoreException |
Iterable< BlackboardArtifact.Type > | getArtifactTypes () throws TskCoreException |
List< BlackboardArtifact.Type > | getArtifactTypesInUse () throws TskCoreException |
BlackboardAttribute.Type | getAttributeType (String attrTypeName) throws TskCoreException |
List< BlackboardAttribute.Type > | getAttributeTypes () throws TskCoreException |
String | getAttrTypeDisplayName (int attrTypeID) throws TskCoreException |
int | getAttrTypeID (String attrTypeName) throws TskCoreException |
String | getAttrTypeString (int attrTypeID) throws TskCoreException |
String | getBackupDatabasePath () |
Blackboard | getBlackboard () |
BlackboardArtifact | getBlackboardArtifact (long artifactID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (int artifactTypeID) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String subString, boolean startsWith) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, int value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, long value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, double value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, byte value) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (String artifactTypeName, long obj_id) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (int artifactTypeID, long obj_id) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (ARTIFACT_TYPE artifactType) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException |
long | getBlackboardArtifactsCount (long objId) throws TskCoreException |
long | getBlackboardArtifactsCount (String artifactTypeName, long obj_id) throws TskCoreException |
long | getBlackboardArtifactsCount (int artifactTypeID, long obj_id) throws TskCoreException |
long | getBlackboardArtifactsCount (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException |
long | getBlackboardArtifactsTypeCount (int artifactTypeID) throws TskCoreException |
long | getBlackboardArtifactsTypeCount (int artifactTypeID, long dataSourceID) throws TskCoreException |
BlackboardArtifactTag | getBlackboardArtifactTagByID (long artifactTagID) throws TskCoreException |
List< BlackboardArtifactTag > | getBlackboardArtifactTagsByArtifact (BlackboardArtifact artifact) throws TskCoreException |
List< BlackboardArtifactTag > | getBlackboardArtifactTagsByTagName (TagName tagName) throws TskCoreException |
List< BlackboardArtifactTag > | getBlackboardArtifactTagsByTagName (TagName tagName, long dsObjId) throws TskCoreException |
long | getBlackboardArtifactTagsCountByTagName (TagName tagName) throws TskCoreException |
long | getBlackboardArtifactTagsCountByTagName (TagName tagName, long dsObjId) throws TskCoreException |
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > | getBlackboardArtifactTypes () throws TskCoreException |
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > | getBlackboardArtifactTypesInUse () throws TskCoreException |
ArrayList< BlackboardAttribute > | getBlackboardAttributes (final BlackboardArtifact artifact) throws TskCoreException |
ArrayList< BlackboardAttribute.ATTRIBUTE_TYPE > | getBlackboardAttributeTypes () throws TskCoreException |
int | getBlackboardAttributeTypesCount () throws TskCoreException |
synchronized CaseDbAccessManager | getCaseDbAccessManager () throws TskCoreException |
CommunicationsManager | getCommunicationsManager () throws TskCoreException |
Content | getContentById (long id) throws TskCoreException |
ContentTag | getContentTagByID (long contentTagID) throws TskCoreException |
List< ContentTag > | getContentTagsByContent (Content content) throws TskCoreException |
List< ContentTag > | getContentTagsByTagName (TagName tagName) throws TskCoreException |
List< ContentTag > | getContentTagsByTagName (TagName tagName, long dsObjId) throws TskCoreException |
long | getContentTagsCountByTagName (TagName tagName) throws TskCoreException |
long | getContentTagsCountByTagName (TagName tagName, long dsObjId) throws TskCoreException |
Examiner | getCurrentExaminer () throws TskCoreException |
String | getDatabaseName () |
DbType | getDatabaseType () |
DataSource | getDataSource (long objectId) throws TskDataException, TskCoreException |
List< DataSource > | getDataSources () throws TskCoreException |
String | getDbDirPath () |
CaseDbSchemaVersionNumber | getDBSchemaCreationVersion () |
VersionNumber | getDBSchemaVersion () |
FileManager | getFileManager () |
List< TskFileRange > | getFileRanges (long id) throws TskCoreException |
Collection< FileSystem > | getFileSystems (Image image) |
HostAddressManager | getHostAddressManager () throws TskCoreException |
HostManager | getHostManager () throws TskCoreException |
Image | getImageById (long id) throws TskCoreException |
Collection< FileSystem > | getImageFileSystems (Image image) throws TskCoreException |
Map< Long, List< String > > | getImagePaths () throws TskCoreException |
List< Image > | getImages () throws TskCoreException |
final List< IngestJobInfo > | getIngestJobs () throws TskCoreException |
long | getLastObjectId () throws TskCoreException |
ArrayList< BlackboardArtifact > | getMatchingArtifacts (String whereClause) throws TskCoreException |
ArrayList< BlackboardAttribute > | getMatchingAttributes (String whereClause) throws TskCoreException |
OsAccountManager | getOsAccountManager () throws TskCoreException |
OsAccountRealmManager | getOsAccountRealmManager () throws TskCoreException |
PersonManager | getPersonManager () throws TskCoreException |
Report | getReportById (long id) throws TskCoreException |
List< Content > | getRootObjects () throws TskCoreException |
int | getSchemaVersion () |
ScoringManager | getScoringManager () throws TskCoreException |
synchronized TaggingManager | getTaggingManager () |
List< TagName > | getTagNamesInUse () throws TskCoreException |
List< TagName > | getTagNamesInUse (long dsObjId) throws TskCoreException |
TimelineManager | getTimelineManager () throws TskCoreException |
List< VirtualDirectory > | getVirtualDirectoryRoots () throws TskCoreException |
boolean | isFileFromSource (Content dataSource, long fileId) throws TskCoreException |
AddImageProcess | makeAddImageProcess (String timeZone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageCopyPath) |
AddImageProcess | makeAddImageProcess (String timezone, boolean addUnallocSpace, boolean noFatFsOrphans) |
BlackboardArtifact | newBlackboardArtifact (int artifactTypeID, long obj_id) throws TskCoreException |
BlackboardArtifact | newBlackboardArtifact (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException |
List< AbstractFile > | openFiles (Content dataSource, String filePath) throws TskCoreException |
void | registerForEvents (Object listener) |
void | releaseExclusiveLock () |
void | releaseSharedLock () |
void | releaseSingleUserCaseReadLock () |
void | releaseSingleUserCaseWriteLock () |
void | removeErrorObserver (ErrorObserver observer) |
ResultSet | runQuery (String query) throws SQLException |
void | setFileMIMEType (AbstractFile file, String mimeType) throws TskCoreException |
void | setFileUnalloc (AbstractFile file) throws TskCoreException |
void | setImagePaths (long obj_id, List< String > paths) throws TskCoreException |
boolean | setKnown (AbstractFile file, FileKnown fileKnown) throws TskCoreException |
void | setReviewStatus (BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus) throws TskCoreException |
void | submitError (String context, String errorMessage) |
void | unregisterForEvents (Object listener) |
DerivedFile | updateDerivedFile (DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException |
DerivedFile | updateDerivedFile (DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType, Content parentObj, CaseDbTransaction trans) throws TskCoreException |
void | updateImagePath (String newPath, long objectId) throws TskCoreException |
Static Public Member Functions | |
static String | escapeSingleQuotes (String text) |
static SleuthkitCase | newCase (String dbPath) throws TskCoreException |
static SleuthkitCase | newCase (String caseName, CaseDbConnectionInfo info, String caseDirPath) throws TskCoreException |
static SleuthkitCase | openCase (String dbPath) throws TskCoreException |
static SleuthkitCase | openCase (String databaseName, CaseDbConnectionInfo info, String caseDir) throws TskCoreException |
static void | tryConnect (CaseDbConnectionInfo info) throws TskCoreException |
Protected Member Functions | |
void | finalize () throws Throwable |
Represents the case database with methods that provide abstractions for database operations.
Definition at line 99 of file SleuthkitCase.java.
void org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock | ( | ) |
Acquires a write lock, but only if this is a single-user case. Always call this method in a try block with a call to the lock release method in an associated finally block.
Definition at line 14482 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock().
void org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock | ( | ) |
Acquires a read lock, but only if this is a single-user case. Call this method in a try block with a call to the lock release method in an associated finally block.
Definition at line 14506 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock().
void org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock | ( | ) |
Acquires a read lock, but only if this is a single-user case. Call this method in a try block with a call to the lock release method in an associated finally block.
Definition at line 2786 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.DbType.SQLITE.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.TimelineManager.countEventsByType(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesInFolderWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.FileManager.findFilesExactName(), org.sleuthkit.datamodel.FileManager.findFilesExactNameExactPath(), org.sleuthkit.datamodel.SleuthkitCase.findFilesInFolder(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getAccountsRelatedToArtifact(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountTypesInUse(), org.sleuthkit.datamodel.ScoringManager.getAggregateScore(), org.sleuthkit.datamodel.ScoringManager.getAggregateScores(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.HostManager.getAllHosts(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.Blackboard.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.ScoringManager.getContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.ScoringManager.getContentCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getCurrentExaminer(), org.sleuthkit.datamodel.Blackboard.getDataArtifactById(), org.sleuthkit.datamodel.Blackboard.getDataArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.HostManager.getDataSourcesForHost(), org.sleuthkit.datamodel.TimelineManager.getEventById(), org.sleuthkit.datamodel.TimelineManager.getEventIDs(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForArtifact(), org.sleuthkit.datamodel.TimelineManager.getEvents(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.HostAddressManager.getHostAddress(), org.sleuthkit.datamodel.HostManager.getHostByDataSource(), org.sleuthkit.datamodel.OsAccountManager.getHosts(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs(), org.sleuthkit.datamodel.HostAddressManager.getIpAddress(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.TimelineManager.getMaxEventTime(), org.sleuthkit.datamodel.TimelineManager.getMinEventTime(), org.sleuthkit.datamodel.OsAccountManager.getOsAccounts(), org.sleuthkit.datamodel.PersonManager.getPerson(), org.sleuthkit.datamodel.PersonManager.getPersons(), org.sleuthkit.datamodel.CommunicationsManager.getRelatedAccountDeviceInstances(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipCountsPairwise(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount(), org.sleuthkit.datamodel.SleuthkitCase.getReportById(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.TimelineManager.getSpanningInterval(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.TaggingManager.getTagSet(), org.sleuthkit.datamodel.TaggingManager.getTagSets(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.HostAddressManager.hostAddressExists(), org.sleuthkit.datamodel.HostAddressManager.hostNameAndIpMappingExists(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.runQuery(), and org.sleuthkit.datamodel.CaseDbAccessManager.select().
void org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock | ( | ) |
Acquires a write lock, but only if this is a single-user case. Always call this method in a try block with a call to the lock release method in an associated finally block.
Definition at line 2764 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.DbType.SQLITE.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.OsAccountManager.addExtendedOsAccountAttributes(), org.sleuthkit.datamodel.HostAddressManager.addHostNameAndIpMapping(), org.sleuthkit.datamodel.SleuthkitCase.addIngestJob(), org.sleuthkit.datamodel.SleuthkitCase.addIngestModule(), org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.HostAddressManager.addUsage(), org.sleuthkit.datamodel.HostAddressManager.assignHostToAddress(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.CaseDbAccessManager.createIndex(), org.sleuthkit.datamodel.CaseDbAccessManager.createTable(), org.sleuthkit.datamodel.CaseDbAccessManager.delete(), org.sleuthkit.datamodel.PersonManager.deletePerson(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForContent(), org.sleuthkit.datamodel.HostAddressManager.newHostAddress(), org.sleuthkit.datamodel.PersonManager.newPerson(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.setFileUnalloc(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForHashSetHit(), org.sleuthkit.datamodel.HostManager.updateHostName(), org.sleuthkit.datamodel.SleuthkitCase.updateImagePath(), and org.sleuthkit.datamodel.PersonManager.updatePerson().
BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType | ( | String | attrTypeString, |
TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE | valueType, | ||
String | displayName | ||
) | throws TskCoreException, TskDataException |
Add an attribute type with the given name
attrTypeString | Name of the new attribute |
valueType | The value type of this new attribute type |
displayName | The (non-unique) display name of the attribute type |
TskCoreException | exception thrown if a critical error occurs within tsk core |
TskDataException | exception thrown if attribute type was already in the system |
Definition at line 4618 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addAttrType(), and org.sleuthkit.datamodel.Blackboard.getOrAddAttributeType().
int org.sleuthkit.datamodel.SleuthkitCase.addArtifactType | ( | String | artifactTypeName, |
String | displayName | ||
) | throws TskCoreException |
Adds a custom artifact type. The artifact type name must be unique, but the display name need not be unique.
artifactTypeName | The artifact type name. |
displayName | The artifact type display name. |
TskCoreException | If there is an error adding the type to the case database. |
Definition at line 14002 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType().
int org.sleuthkit.datamodel.SleuthkitCase.addAttrType | ( | String | attrTypeString, |
String | displayName | ||
) | throws TskCoreException |
Adds a custom attribute type with a string value type. The attribute type name must be unique, but the display name need not be unique.
attrTypeString | The attribute type name. |
displayName | The attribute type display name. |
TskCoreException | If there is an error adding the type to the case database. |
Definition at line 14024 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), and org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING.
BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag | ( | BlackboardArtifact | artifact, |
TagName | tagName, | ||
String | comment | ||
) | throws TskCoreException |
Inserts a row into the blackboard_artifact_tags table in the case database.
artifact | The blackboard artifact to tag. |
tagName | The name to use for the tag. |
comment | A comment to store with the tag. |
TskCoreException |
Definition at line 11688 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), and org.sleuthkit.datamodel.TaggingManager.BlackboardArtifactTagChange.getAddedTag().
BlackboardArtifact.Type org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType | ( | String | artifactTypeName, |
String | displayName | ||
) | throws TskCoreException, TskDataException |
Add an artifact type with the given name. Will return an artifact Type.
This assumes that the artifact type being added has the category DATA_ARTIFACT.
artifactTypeName | System (unique) name of artifact |
displayName | Display (non-unique) name of artifact |
TskCoreException | exception thrown if a critical error occurs |
TskDataException | exception thrown if given data is already in db within tsk core |
Definition at line 4841 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.BlackboardArtifact.Category.DATA_ARTIFACT.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType(), and org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType().
void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute | ( | BlackboardAttribute | attr, |
int | artifactTypeId | ||
) | throws TskCoreException |
Add a blackboard attribute.
attr | A blackboard attribute. |
artifactTypeId | The type of artifact associated with the attribute. |
TskCoreException | thrown if a critical error occurs. |
Definition at line 4348 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttribute().
void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes | ( | Collection< BlackboardAttribute > | attributes, |
int | artifactTypeId | ||
) | throws TskCoreException |
Add a set blackboard attributes.
attributes | A set of blackboard attribute. |
artifactTypeId | The type of artifact associated with the attributes. |
TskCoreException | thrown if a critical error occurs. |
Definition at line 4368 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttributes().
LayoutFile org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile | ( | String | carvedFileName, |
long | carvedFileSize, | ||
long | containerId, | ||
List< TskFileRange > | data | ||
) | throws TskCoreException |
Adds a carved file to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.
carvedFileName | the name of the carved file to add |
carvedFileSize | the size of the carved file to add |
containerId | the ID of the parent volume, file system, or image |
data | the layout information - a list of offsets that make up this carved file. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 14222 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), and org.sleuthkit.datamodel.SleuthkitCase.getContentById().
final List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles | ( | CarvingResult | carvingResult | ) | throws TskCoreException |
Adds a carving result to the case database.
carvingResult | The carving result (a set of carved files and their parent) to be added. |
TskCoreException | If there is a problem completing a case database operation. |
Definition at line 7439 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.Content.getChildren(), org.sleuthkit.datamodel.AbstractContent.getChildren(), org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId(), org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.Content.getParent(), org.sleuthkit.datamodel.VirtualDirectory.NAME_CARVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().
List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles | ( | List< CarvedFileContainer > | filesToAdd | ) | throws TskCoreException |
Adds a collection of carved files to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.
filesToAdd | A list of CarvedFileContainer files to add as carved files. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 14252 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.Content.getId().
ContentTag org.sleuthkit.datamodel.SleuthkitCase.addContentTag | ( | Content | content, |
TagName | tagName, | ||
String | comment, | ||
long | beginByteOffset, | ||
long | endByteOffset | ||
) | throws TskCoreException |
Inserts a row into the content_tags table in the case database.
content | The content to tag. |
tagName | The name to use for the tag. |
comment | A comment to store with the tag. |
beginByteOffset | Designates the beginning of a tagged section. |
endByteOffset | Designates the end of a tagged section. |
TskCoreException |
Definition at line 11319 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TaggingManager.addContentTag(), and org.sleuthkit.datamodel.TaggingManager.ContentTagChange.getAddedTag().
DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
Content | parentObj, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails, | ||
TskData.EncodingType | encodingType | ||
) | throws TskCoreException |
Creates a new derived file object, adds it to database and returns it.
TODO add support for adding derived method
fileName | file name the derived file |
localPath | local path of the derived file, including the file name. The path is relative to the database path. |
size | size of the derived file in bytes |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
isFile | whether a file or directory, true if a file |
parentObj | parent content object |
rederiveDetails | details needed to re-derive file (will be specific to the derivation method), currently unused |
toolName | name of derivation method/tool, currently unused |
toolVersion | version of derivation method/tool, currently unused |
otherDetails | details of derivation method/tool, currently unused |
encodingType | Type of encoding used on the file (or NONE if no encoding) |
TskCoreException | exception thrown if the object creation failed due to a critical system error |
Definition at line 7651 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile().
DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
Content | parentObj, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails, | ||
TskData.EncodingType | encodingType, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Definition at line 7671 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parentFile, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails | ||
) | throws TskCoreException |
Creates a new derived file object, adds it to database and returns it.
TODO add support for adding derived method
fileName | file name the derived file |
localPath | local path of the derived file, including the file name. The path is relative to the database path. |
size | size of the derived file in bytes |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
isFile | whether a file or directory, true if a file |
parentFile | parent file object (derived or local file) |
rederiveDetails | details needed to re-derive file (will be specific to the derivation method), currently unused |
toolName | name of derivation method/tool, currently unused |
toolVersion | version of derivation method/tool, currently unused |
otherDetails | details of derivation method/tool, currently unused |
TskCoreException | exception thrown if the object creation failed due to a critical system error |
Definition at line 14300 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.
void org.sleuthkit.datamodel.SleuthkitCase.addErrorObserver | ( | ErrorObserver | observer | ) |
Add an observer for SleuthkitCase errors.
observer | The observer to add. |
Definition at line 13757 of file SleuthkitCase.java.
FileSystem org.sleuthkit.datamodel.SleuthkitCase.addFileSystem | ( | long | parentObjId, |
long | imgOffset, | ||
TskData.TSK_FS_TYPE_ENUM | type, | ||
long | blockSize, | ||
long | blockCount, | ||
long | rootInum, | ||
long | firstInum, | ||
long | lastInum, | ||
String | displayName, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add a FileSystem to the database.
parentObjId | Object ID of the file system's parent |
imgOffset | Offset in the image |
type | Type of file system |
blockSize | Block size |
blockCount | Block count |
rootInum | root inum |
firstInum | first inum |
lastInum | last inum |
displayName | display name |
transaction | Case DB transaction |
TskCoreException |
Definition at line 7028 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.FS.
FsContent org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile | ( | long | dataSourceObjId, |
long | fsObjId, | ||
String | fileName, | ||
long | metaAddr, | ||
int | metaSeq, | ||
TSK_FS_ATTR_TYPE_ENUM | attrType, | ||
int | attrId, | ||
TSK_FS_NAME_FLAG_ENUM | dirFlag, | ||
short | metaFlags, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
Content | parent | ||
) | throws TskCoreException |
Add a file system file.
dataSourceObjId | The object id of the root data source of this file. |
fsObjId | The file system object id. |
fileName | The name of the file. |
metaAddr | The meta address of the file. |
metaSeq | The meta address sequence of the file. |
attrType | The attributed type of the file. |
attrId | The attribute id |
dirFlag | The allocated status from the name structure |
metaFlags | |
size | The size of the file in bytes. |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
isFile | True, unless the file is a directory. |
parent | The parent of the file (e.g., a virtual directory) |
TskCoreException |
Definition at line 7089 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
FsContent org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile | ( | long | dataSourceObjId, |
long | fsObjId, | ||
String | fileName, | ||
long | metaAddr, | ||
int | metaSeq, | ||
TSK_FS_ATTR_TYPE_ENUM | attrType, | ||
int | attrId, | ||
TSK_FS_NAME_FLAG_ENUM | dirFlag, | ||
short | metaFlags, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
String | md5Hash, | ||
String | sha256Hash, | ||
String | mimeType, | ||
boolean | isFile, | ||
Content | parent, | ||
String | ownerUid, | ||
OsAccount | osAccount, | ||
List< Attribute > | fileAttributes, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add a file system file.
dataSourceObjId | The object id of the root data source of this file. |
fsObjId | The file system object id. |
fileName | The name of the file. |
metaAddr | The meta address of the file. |
metaSeq | The meta address sequence of the file. |
attrType | The attributed type of the file. |
attrId | The attribute id. |
dirFlag | The allocated status from the name structure |
metaFlags | The allocated status of the file, usually as reported in the metadata structure of the file system. |
size | The size of the file in bytes. |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
md5Hash | The MD5 hash of the file |
sha256Hash | The SHA256 hash of the file |
mimeType | The MIME type of the file |
isFile | True, unless the file is a directory. |
parent | The parent of the file (e.g., a virtual directory). |
ownerUid | UID of the file owner as found in the file system, can be null. |
osAccount | OS account of owner, may be null. |
fileAttributes | A list of file attributes. May be empty. |
transaction | A caller-managed transaction within which the add file operations are performed. |
TskCoreException |
Definition at line 7157 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.OsAccountInstance.OsAccountInstanceType.LAUNCHED, org.sleuthkit.datamodel.OsAccountManager.newOsAccountInstance(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.
Image org.sleuthkit.datamodel.SleuthkitCase.addImage | ( | TskData.TSK_IMG_TYPE_ENUM | type, |
long | sectorSize, | ||
long | size, | ||
String | displayName, | ||
List< String > | imagePaths, | ||
String | timezone, | ||
String | md5, | ||
String | sha1, | ||
String | sha256, | ||
String | deviceId, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add an image to the database.
type | Type of image |
sectorSize | Sector size |
size | Image size |
displayName | Display name for the image |
imagePaths | Image path(s) |
timezone | Time zone |
md5 | MD5 hash |
sha1 | SHA1 hash |
sha256 | SHA256 hash |
deviceId | Device ID |
transaction | Case DB transaction |
TskCoreException |
Definition at line 6786 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.addImageToDatabase().
Image org.sleuthkit.datamodel.SleuthkitCase.addImage | ( | TskData.TSK_IMG_TYPE_ENUM | type, |
long | sectorSize, | ||
long | size, | ||
String | displayName, | ||
List< String > | imagePaths, | ||
String | timezone, | ||
String | md5, | ||
String | sha1, | ||
String | sha256, | ||
String | deviceId, | ||
Host | host, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add an image to the database.
type | Type of image |
sectorSize | Sector size |
size | Image size |
displayName | Display name for the image |
imagePaths | Image path(s) |
timezone | Time zone |
md5 | MD5 hash |
sha1 | SHA1 hash |
sha256 | SHA256 hash |
deviceId | Device ID |
host | Host |
transaction | Case DB transaction |
TskCoreException |
Definition at line 6813 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getHostManager(), org.sleuthkit.datamodel.TskData.ObjectType.IMG, and org.sleuthkit.datamodel.HostManager.newHost().
Image org.sleuthkit.datamodel.SleuthkitCase.addImageInfo | ( | long | deviceObjId, |
List< String > | imageFilePaths, | ||
String | timeZone | ||
) | throws TskCoreException |
Adds an image to the case database.
deviceObjId | The object id of the device associated with the image. |
imageFilePaths | The image file paths. |
timeZone | The time zone for the image. |
TskCoreException | if there is an error adding the image to case database. |
Definition at line 9524 of file SleuthkitCase.java.
Image org.sleuthkit.datamodel.SleuthkitCase.addImageInfo | ( | long | deviceObjId, |
List< String > | imageFilePaths, | ||
String | timeZone, | ||
Host | host | ||
) | throws TskCoreException |
Adds an image to the case database.
deviceObjId | The object id of the device associated with the image. |
imageFilePaths | The image file paths. |
timeZone | The time zone for the image. |
host | The host for this image. |
TskCoreException | if there is an error adding the image to case database. |
Definition at line 9542 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getImageById().
final IngestJobInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestJob | ( | Content | dataSource, |
String | hostName, | ||
List< IngestModuleInfo > | ingestModules, | ||
Date | jobStart, | ||
Date | jobEnd, | ||
IngestJobStatusType | status, | ||
String | settingsDir | ||
) | throws TskCoreException |
dataSource | The datasource the ingest job is being run on |
hostName | The name of the host |
ingestModules | The ingest modules being run during the ingest job. Should be in pipeline order. |
jobStart | The time the job started |
jobEnd | The time the job ended |
status | The ingest job status |
settingsDir | The directory of the job's settings |
TskCoreException | If adding the job to the database fails. |
Definition at line 12407 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.IngestModuleInfo.getIngestModuleId(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
final IngestModuleInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestModule | ( | String | displayName, |
String | factoryClassName, | ||
IngestModuleType | type, | ||
String | version | ||
) | throws TskCoreException |
Adds the given ingest module to the database.
displayName | The display name of the module |
factoryClassName | The factory class name of the module. |
type | The type of the module. |
version | The version of the module. |
TskCoreException | When the ingest module cannot be added. |
Definition at line 12459 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.IngestModuleInfo.IngestModuleType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
LayoutFile org.sleuthkit.datamodel.SleuthkitCase.addLayoutFile | ( | String | fileName, |
long | size, | ||
TSK_FS_NAME_FLAG_ENUM | dirFlag, | ||
TSK_FS_META_FLAG_ENUM | metaFlag, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
List< TskFileRange > | fileRanges, | ||
Content | parent | ||
) | throws TskCoreException |
Add a new layout file to the database.
fileName | The name of the file. |
size | The size of the file in bytes. |
dirFlag | The allocated status from the name structure |
metaFlag | The allocated status from the metadata structure |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
fileRanges | The byte ranges that belong to this file (relative to start of image) |
parent | The parent of the file |
TskCoreException |
Definition at line 8305 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.
final List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles | ( | Content | parent, |
List< TskFileRange > | fileRanges | ||
) | throws TskCoreException |
Adds one or more layout files for a parent Content object to the case database.
TskCoreException | If there is a problem completing a case database operation. |
Definition at line 7305 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.
LocalDirectory org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory | ( | long | parentId, |
String | directoryName | ||
) | throws TskCoreException |
Adds a local directory to the database and returns a LocalDirectory object representing it.
parentId | the ID of the parent, or 0 if NULL |
directoryName | the name of the local directory to create |
TskCoreException |
Definition at line 6531 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
LocalDirectory org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory | ( | long | parentId, |
String | directoryName, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local directory to the database and returns a LocalDirectory object representing it.
Make sure the connection in transaction is used for all database interactions called by this method
parentId | the ID of the parent, or 0 if NULL |
directoryName | the name of the local directory to create |
transaction | the transaction in the scope of which the operation is to be performed, managed by the caller |
TskCoreException |
Definition at line 6564 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
TskData.EncodingType | encodingType, | ||
AbstractFile | parent | ||
) | throws TskCoreException |
Wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.
fileName | |
localPath | |
size | |
ctime | |
crtime | |
atime | |
mtime | |
isFile | |
encodingType | |
parent |
TskCoreException |
Definition at line 7921 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
TskData.EncodingType | encodingType, | ||
Content | parent, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.
fileName | The name of the file. |
localPath | The absolute path (including the file name) of the local/logical in secondary storage. |
size | The size of the file in bytes. |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
isFile | True, unless the file is a directory. |
encodingType | Type of encoding used on the file |
parent | The parent of the file (e.g., a virtual directory) |
transaction | A caller-managed transaction within which the add file operations are performed. |
TskCoreException | if there is an error completing a case database operation. |
Definition at line 7967 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
String | md5, | ||
String | sha256, | ||
FileKnown | known, | ||
String | mimeType, | ||
boolean | isFile, | ||
TskData.EncodingType | encodingType, | ||
Content | parent, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.
fileName | The name of the file. |
localPath | The absolute path (including the file name) of the local/logical in secondary storage. |
size | The size of the file in bytes. |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
md5 | The MD5 hash of the file |
sha256 | the SHA-256 hash of the file. |
known | The known status of the file (can be null) |
mimeType | The MIME type of the file |
isFile | True, unless the file is a directory. |
encodingType | Type of encoding used on the file |
parent | The parent of the file (e.g., a virtual directory) |
transaction | A caller-managed transaction within which the add file operations are performed. |
TskCoreException | if there is an error completing a case database operation. |
Definition at line 8006 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
String | md5, | ||
String | sha256, | ||
FileKnown | known, | ||
String | mimeType, | ||
boolean | isFile, | ||
TskData.EncodingType | encodingType, | ||
Long | osAccountId, | ||
String | ownerAccount, | ||
Content | parent, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.
fileName | The name of the file. |
localPath | The absolute path (including the file name) of the local/logical in secondary storage. |
size | The size of the file in bytes. |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
md5 | The MD5 hash of the file |
sha256 | the SHA-256 hash of the file. |
known | The known status of the file (can be null) |
mimeType | The MIME type of the file |
isFile | True, unless the file is a directory. |
encodingType | Type of encoding used on the file |
osAccountId | OS account id (can be null) |
ownerAccount | Owner account (can be null) |
parent | The parent of the file (e.g., a virtual directory) |
transaction | A caller-managed transaction within which the add file operations are performed. |
TskCoreException | if there is an error completing a case database operation. |
Definition at line 8047 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
String | md5, | ||
FileKnown | known, | ||
String | mimeType, | ||
boolean | isFile, | ||
TskData.EncodingType | encodingType, | ||
Content | parent, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.
fileName | The name of the file. |
localPath | The absolute path (including the file name) of the local/logical in secondary storage. |
size | The size of the file in bytes. |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
md5 | The MD5 hash of the file |
known | The known status of the file (can be null) |
mimeType | The MIME type of the file |
isFile | True, unless the file is a directory. |
encodingType | Type of encoding used on the file |
parent | The parent of the file (e.g., a virtual directory) |
transaction | A caller-managed transaction within which the add file operations are performed. |
TskCoreException | if there is an error completing a case database operation. |
Definition at line 14339 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parent, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.
fileName | The name of the file. |
localPath | The absolute path (including the file name) of the local/logical in secondary storage. |
size | The size of the file in bytes. |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
isFile | True, unless the file is a directory. |
parent | The parent of the file (e.g., a virtual directory) |
transaction | A caller-managed transaction within which the add file operations are performed. |
TskCoreException | if there is an error completing a case database operation. |
Definition at line 14375 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parent | ||
) | throws TskCoreException |
Wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.
fileName | |
localPath | |
size | |
ctime | |
crtime | |
atime | |
mtime | |
isFile | |
parent |
TskCoreException |
Definition at line 14403 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.
LocalFilesDataSource org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource | ( | String | deviceId, |
String | rootDirectoryName, | ||
String | timeZone, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local/logical files and/or directories data source.
deviceId | An ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). |
rootDirectoryName | The name for the root virtual directory for the data source. |
timeZone | The time zone used to process the data source, may be the empty string. |
transaction | A transaction in the scope of which the operation is to be performed, managed by the caller. |
TskCoreException | if there is an error adding the data source. |
Definition at line 6673 of file SleuthkitCase.java.
LocalFilesDataSource org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource | ( | String | deviceId, |
String | rootDirectoryName, | ||
String | timeZone, | ||
Host | host, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a local/logical files and/or directories data source.
deviceId | An ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). |
rootDirectoryName | The name for the root virtual directory for the data source. |
timeZone | The time zone used to process the data source, may be the empty string. |
host | The host for the data source (may be null) |
transaction | A transaction in the scope of which the operation is to be performed, managed by the caller. |
TskCoreException | if there is an error adding the data source. |
Definition at line 6697 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getHostManager(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.HostManager.newHost(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
TagName org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName | ( | String | displayName, |
String | description, | ||
TagName.HTML_COLOR | color, | ||
TskData.FileKnown | knownStatus | ||
) | throws TskCoreException |
Inserts row into the tags_names table, or updates the existing row if the displayName already exists in the tag_names table in the case database.
displayName | The display name for the new tag name. |
description | The description for the new tag name. |
color | The HTML color to associate with the new tag name. |
knownStatus | The TskData.FileKnown value to associate with the new tag name. |
TskCoreException |
Definition at line 11274 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addTagName().
Pool org.sleuthkit.datamodel.SleuthkitCase.addPool | ( | long | parentObjId, |
TskData.TSK_POOL_TYPE_ENUM | type, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add a pool to the database.
parentObjId | Object ID of the pool's parent |
type | Type of pool |
transaction | Case DB transaction |
TskCoreException |
Definition at line 6989 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.POOL.
Report org.sleuthkit.datamodel.SleuthkitCase.addReport | ( | String | localPath, |
String | sourceModuleName, | ||
String | reportName | ||
) | throws TskCoreException |
Inserts a row into the reports table in the case database.
localPath | The path of the report file, must be in the database directory (case directory in Autopsy) or one of its subdirectories. |
sourceModuleName | The name of the module that created the report. |
reportName | The report name. |
TskCoreException |
Definition at line 12094 of file SleuthkitCase.java.
Report org.sleuthkit.datamodel.SleuthkitCase.addReport | ( | String | localPath, |
String | sourceModuleName, | ||
String | reportName, | ||
Content | parent | ||
) | throws TskCoreException |
Inserts a row into the reports table in the case database.
localPath | The path of the report file, must be in the database directory (case directory in Autopsy) or one of its subdirectories. |
sourceModuleName | The name of the module that created the report. |
reportName | The report name. |
parent | The Content from which the report was created, if available. |
TskCoreException |
Definition at line 12113 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.TskData.ObjectType.REPORT.
TagName org.sleuthkit.datamodel.SleuthkitCase.addTagName | ( | String | displayName, |
String | description, | ||
TagName.HTML_COLOR | color | ||
) | throws TskCoreException |
Inserts row into the tags_names table in the case database.
displayName | The display name for the new tag name. |
description | The description for the new tag name. |
color | The HTML color to associate with the new tag name. |
TskCoreException |
Definition at line 11256 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName(), and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.
VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory | ( | long | parentId, |
String | directoryName | ||
) | throws TskCoreException |
Adds a virtual directory to the database and returns a VirtualDirectory object representing it.
parentId | the ID of the parent, or 0 if NULL |
directoryName | the name of the virtual directory to create |
TskCoreException |
Definition at line 6332 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().
VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory | ( | long | parentId, |
String | directoryName, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Adds a virtual directory to the database and returns a VirtualDirectory object representing it.
Make sure the connection in transaction is used for all database interactions called by this method
parentId | the ID of the parent, or 0 if NULL |
directoryName | the name of the virtual directory to create |
transaction | the transaction in the scope of which the operation is to be performed, managed by the caller |
TskCoreException |
Definition at line 6409 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
Volume org.sleuthkit.datamodel.SleuthkitCase.addVolume | ( | long | parentObjId, |
long | addr, | ||
long | start, | ||
long | length, | ||
String | desc, | ||
long | flags, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add a volume to the database
parentObjId | Object ID of the volume's parent |
addr | Address of the volume |
start | Start of the volume |
length | Length of the volume |
desc | Description of the volume |
flags | Flags |
transaction | Case DB transaction |
TskCoreException |
Definition at line 6947 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.DbType.POSTGRESQL, and org.sleuthkit.datamodel.TskData.ObjectType.VOL.
VolumeSystem org.sleuthkit.datamodel.SleuthkitCase.addVolumeSystem | ( | long | parentObjId, |
TskData.TSK_VS_TYPE_ENUM | type, | ||
long | imgOffset, | ||
long | blockSize, | ||
CaseDbTransaction | transaction | ||
) | throws TskCoreException |
Add a volume system to the database.
parentObjId | Object ID of the volume system's parent |
type | Type of volume system |
imgOffset | Image offset |
blockSize | Block size |
transaction | Case DB transaction |
TskCoreException |
Definition at line 6907 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.VS.
boolean org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed | ( | ) |
Query all the files to verify if they have an MD5 hash associated with them.
Definition at line 11066 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
CaseDbTransaction org.sleuthkit.datamodel.SleuthkitCase.beginTransaction | ( | ) | throws TskCoreException |
Create a new transaction on the case database. The transaction object that is returned can be passed to methods that take a CaseDbTransaction. The caller is responsible for calling either commit() or rollback() on the transaction object.
Note that this beginning the transaction also acquires the single user case write lock, which will be automatically released when the transaction is closed.
TskCoreException |
Definition at line 2736 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.addAccountType(), org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), org.sleuthkit.datamodel.AbstractFile.addAttributes(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.TaggingManager.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile(), org.sleuthkit.datamodel.SleuthkitJNI.addImageToDatabase(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFile(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.CommunicationsManager.addRelationships(), org.sleuthkit.datamodel.TaggingManager.addTagSet(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.CaseDbAccessManager.alterTable(), org.sleuthkit.datamodel.CaseDbAccessManager.columnExists(), org.sleuthkit.datamodel.Blackboard.deleteAnalysisResult(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.HostManager.deleteHost(), org.sleuthkit.datamodel.TaggingManager.deleteTagSet(), org.sleuthkit.datamodel.CaseDbAccessManager.insert(), org.sleuthkit.datamodel.CaseDbAccessManager.insertOrUpdate(), org.sleuthkit.datamodel.HostManager.mergeHosts(), org.sleuthkit.datamodel.Blackboard.newAnalysisResult(), org.sleuthkit.datamodel.Report.newAnalysisResult(), org.sleuthkit.datamodel.AbstractContent.newAnalysisResult(), org.sleuthkit.datamodel.BlackboardArtifact.newAnalysisResult(), org.sleuthkit.datamodel.Blackboard.newDataArtifact(), org.sleuthkit.datamodel.HostManager.newHost(), org.sleuthkit.datamodel.OsAccountManager.newWindowsOsAccount(), org.sleuthkit.datamodel.AbstractFile.save(), org.sleuthkit.datamodel.CaseDbAccessManager.tableExists(), org.sleuthkit.datamodel.CaseDbAccessManager.update(), org.sleuthkit.datamodel.OsAccountManager.updateCoreWindowsOsAccountAttributes(), org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile(), and org.sleuthkit.datamodel.OsAccountManager.updateStandardOsAccountAttributes().
synchronized void org.sleuthkit.datamodel.SleuthkitCase.close | ( | ) |
Call to free resources when done with instance.
Definition at line 10349 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.finalize(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
void org.sleuthkit.datamodel.SleuthkitCase.closeRunQuery | ( | ResultSet | resultSet | ) | throws SQLException |
Closes ResultSet and its Statement previously retrieved from runQuery()
resultSet | with its Statement to close |
SQLException | of closing the query files failed |
Definition at line 14197 of file SleuthkitCase.java.
void org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB | ( | String | newDBPath | ) | throws IOException |
Make a duplicate / backup copy of the current case database. Makes a new copy only, and continues to use the current connection.
newDBPath | Path to the copy to be created. File will be overwritten if it exists. |
IOException | if copying fails. |
Definition at line 1074 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
int org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed | ( | ) |
Query all the files and counts how many have an MD5 hash.
Definition at line 11099 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Count files matching the specific Where clause
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException | Query the Database |
Definition at line 8608 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
int org.sleuthkit.datamodel.SleuthkitCase.countFsContentType | ( | TskData.TSK_FS_META_TYPE_ENUM | contentType | ) | throws TskCoreException |
Return the number of objects in the database of a given file type.
contentType | Type of file to count |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 10985 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
void org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag | ( | BlackboardArtifactTag | tag | ) | throws TskCoreException |
Definition at line 11697 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.getScoringManager(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
void org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag | ( | ContentTag | tag | ) | throws TskCoreException |
Definition at line 11328 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.getScoringManager(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
void org.sleuthkit.datamodel.SleuthkitCase.deleteReport | ( | Report | report | ) | throws TskCoreException |
Deletes a row from the reports table in the case database.
report | A Report data transfer object (DTO) for the row to delete. |
TskCoreException |
Definition at line 12307 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.TskData.ObjectType.REPORT.
|
static |
Escape the single quotes in the given string so they can be added to the SQL caseDbConnection
text |
Definition at line 11018 of file SleuthkitCase.java.
CaseDbQuery org.sleuthkit.datamodel.SleuthkitCase.executeInsertOrUpdate | ( | String | query | ) | throws TskCoreException |
This method allows developers to run arbitrary SQL queries, including INSERT and UPDATE. The CaseDbQuery object will take care of acquiring the necessary database lock and when used in a try-with-resources block will automatically take care of releasing the lock. If you do not use a try-with-resources block you must call CaseDbQuery.close() once you are done processing the files of the query.
Also note that if you use it within a transaction to insert something into the database, and then within that same transaction query the inserted item from the database, you will likely not see your inserted item, as the method uses new connections for each execution. With this method, you must close your transaction before successfully querying for newly-inserted items.
query | The query string to execute. |
TskCoreException |
Definition at line 10311 of file SleuthkitCase.java.
CaseDbQuery org.sleuthkit.datamodel.SleuthkitCase.executeQuery | ( | String | query | ) | throws TskCoreException |
This method allows developers to run arbitrary SQL "SELECT" queries. The CaseDbQuery object will take care of acquiring the necessary database lock and when used in a try-with-resources block will automatically take care of releasing the lock. If you do not use a try-with-resources block you must call CaseDbQuery.close() once you are done processing the files of the query.
Also note that if you use it within a transaction to insert something into the database, and then within that same transaction query the inserted item from the database, you will likely not see your inserted item, as the method uses new connections for each execution. With this method, you must close your transaction before successfully querying for newly-inserted items.
query | The query string to execute. |
TskCoreException |
Definition at line 10286 of file SleuthkitCase.java.
|
protected |
Definition at line 10338 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.close().
List<Long> org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Find and return list of all (abstract) ids of files matching the specific Where clause
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException | Query the Database |
Definition at line 8711 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findAllFilesInFolderWhere | ( | long | parentId, |
String | sqlWhereClause | ||
) | throws TskCoreException |
Find and return list of all (abstract) files matching the specific Where clause with the give parentId. You need to know the database schema to use this, which is outlined on the wiki. You should use enums from org.sleuthkit.datamodel.TskData to make the queries easier to maintain and understand.
parentId | The parentId |
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException | Query the Database |
Definition at line 8684 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Find and return list of all (abstract) files matching the specific Where clause. You need to know the database schema to use this, which is outlined on the wiki. You should use enums from org.sleuthkit.datamodel.TskData to make the queries easier to maintain and understand.
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException | Query the Database |
Definition at line 8646 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles | ( | Content | dataSource, |
String | fileName | ||
) | throws TskCoreException |
dataSource | the dataSource (Image, parent-less VirtualDirectory) to search for the given file name |
fileName | Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement). |
TskCoreException | thrown if check failed |
Definition at line 6229 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.openFiles().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles | ( | Content | dataSource, |
String | fileName, | ||
String | dirSubString | ||
) | throws TskCoreException |
dataSource | the dataSource (Image, parent-less VirtualDirectory) to search for the given file name |
fileName | Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement). |
dirSubString | Substring that must exist in parent path. Will be surrounded by % in LIKE query |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 6281 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles | ( | Content | dataSource, |
String | fileName, | ||
AbstractFile | parentFile | ||
) | throws TskCoreException |
Find all files in the data source, by name and parent
dataSource | the dataSource (Image, parent-less VirtualDirectory) to search for the given file name |
fileName | Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement). |
parentFile | Object for parent file/directory to find children in |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 14470 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.findFilesInFolder().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5 | ( | String | md5Hash | ) |
Find all the files with the given MD5 hash.
md5Hash | hash value to match files with |
Definition at line 11033 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFilesInFolder | ( | String | fileName, |
AbstractFile | parentFile | ||
) | throws TskCoreException |
Find all files by name and parent
fileName | Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement). |
parentFile | Object for parent file/directory to find children in |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 8558 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.findFiles().
List<FsContent> org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Find and return list of files matching the specific Where clause. Use findAllFilesWhere instead. It returns a more generic data type
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException |
Definition at line 13910 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
AbstractFile org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById | ( | long | id | ) | throws TskCoreException |
Get abstract file object from tsk_files table by its id
id | id of the file object in tsk_files table |
TskCoreException | thrown if critical error occurred within tsk core and file could not be queried |
Definition at line 6005 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addAttachments(), org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags | ( | ) | throws TskCoreException |
Selects all of the rows from the blackboard_artifacts_tags table in the case database.
TskCoreException |
Definition at line 11734 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags | ( | ) | throws TskCoreException |
Selects all of the rows from the content_tags table in the case database.
TskCoreException |
Definition at line 11364 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
List<Report> org.sleuthkit.datamodel.SleuthkitCase.getAllReports | ( | ) | throws TskCoreException |
Selects all of the rows from the reports table in the case database.
TskCoreException |
Definition at line 12185 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames | ( | ) | throws TskCoreException |
Selects all of the rows from the tag_names table in the case database.
TskCoreException |
Definition at line 11135 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId | ( | long | id | ) | throws TskCoreException |
Get artifact from blackboard_artifacts table by its artifact_id
id | Artifact ID of the artifact in blackboard_artifacts table |
TskCoreException | thrown if critical error occurred within tsk core and file could not be queried |
Definition at line 6107 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.getArtifactById | ( | long | id | ) | throws TskCoreException |
Get artifact from blackboard_artifacts table by its artifact_obj_id
id | id of the artifact in blackboard_artifacts table (artifact_obj_id column) |
TskCoreException | thrown if critical error occurred within tsk core and file could not be queried |
Definition at line 6059 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.Blackboard.getAnalysisResultById(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.Blackboard.getDataArtifactById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById().
BlackboardArtifact.Type org.sleuthkit.datamodel.SleuthkitCase.getArtifactType | ( | String | artTypeName | ) | throws TskCoreException |
Get the artifact type associated with an artifact type name.
artTypeName | An artifact type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 4751 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Blackboard.getAnalysisResults(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.Report.getArtifacts(), org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.Report.getArtifactsCount(), org.sleuthkit.datamodel.Blackboard.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.Blackboard.getDataArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources(), org.sleuthkit.datamodel.BlackboardArtifact.getType(), org.sleuthkit.datamodel.AbstractContent.newArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().
int org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID | ( | String | artifactTypeName | ) | throws TskCoreException |
Get the artifact type id associated with an artifact type name.
artifactTypeName | An artifact type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 13950 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Iterable<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes | ( | ) | throws TskCoreException |
Gets a list of all the artifact types for this case
TskCoreException | when there is an error getting the types |
Definition at line 3845 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse | ( | ) | throws TskCoreException |
Gets the list of all unique artifact IDs in use.
Gets both static and dynamic IDs.
TskCoreException | exception thrown if a critical error occurred within tsk core |
Definition at line 3922 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.Category.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.getAttributeType | ( | String | attrTypeName | ) | throws TskCoreException |
Get the attribute type associated with an attribute type name.
attrTypeName | An attribute type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 4671 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), and org.sleuthkit.datamodel.Blackboard.getOrAddAttributeType().
List<BlackboardAttribute.Type> org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes | ( | ) | throws TskCoreException |
Gets a list of all the attribute types for this case
TskCoreException | when there is an error getting the types |
Definition at line 3962 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName | ( | int | attrTypeID | ) | throws TskCoreException |
Get the display name for the attribute with the given id. Will throw an error if that id does not exist
attrTypeID | attribute id |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 14117 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
int org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID | ( | String | attrTypeName | ) | throws TskCoreException |
Gets the attribute type id associated with an attribute type name.
attrTypeName | An attribute type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 14043 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString | ( | int | attrTypeID | ) | throws TskCoreException |
Get the string associated with the given id. Will throw an error if that id does not exist
attrTypeID | attribute id |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 14080 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
String org.sleuthkit.datamodel.SleuthkitCase.getBackupDatabasePath | ( | ) |
Returns the path of a backup copy of the database made when a schema version upgrade has occurred.
Definition at line 2718 of file SleuthkitCase.java.
Blackboard org.sleuthkit.datamodel.SleuthkitCase.getBlackboard | ( | ) |
Gets the artifacts blackboard for this case.
Definition at line 496 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.Report.getAllAnalysisResults(), org.sleuthkit.datamodel.AbstractContent.getAllAnalysisResults(), org.sleuthkit.datamodel.BlackboardArtifact.getAllAnalysisResults(), org.sleuthkit.datamodel.Report.getAllDataArtifacts(), org.sleuthkit.datamodel.AbstractContent.getAllDataArtifacts(), org.sleuthkit.datamodel.BlackboardArtifact.getAllDataArtifacts(), org.sleuthkit.datamodel.Report.getAnalysisResults(), org.sleuthkit.datamodel.AbstractContent.getAnalysisResults(), org.sleuthkit.datamodel.BlackboardArtifact.getAnalysisResults(), org.sleuthkit.datamodel.Report.newAnalysisResult(), org.sleuthkit.datamodel.AbstractContent.newAnalysisResult(), org.sleuthkit.datamodel.BlackboardArtifact.newAnalysisResult(), org.sleuthkit.datamodel.Report.newArtifact(), org.sleuthkit.datamodel.Report.newDataArtifact(), and org.sleuthkit.datamodel.AbstractContent.newDataArtifact().
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact | ( | long | artifactID | ) | throws TskCoreException |
Get the blackboard artifact with the given artifact id (artifact_id in blackboard_artifacts)
artifactID | artifact ID (artifact_id column) |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4303 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), and org.sleuthkit.datamodel.BlackboardAttribute.getParentArtifact().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | int | artifactTypeID | ) | throws TskCoreException |
Get all blackboard artifacts of a given type. Does not included rejected artifacts.
artifactTypeID | artifact type id (must exist in database) |
TskCoreException |
Definition at line 3417 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.CommunicationsManager.getAccountFileInstances(), org.sleuthkit.datamodel.Report.getArtifacts(), org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), and org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
String | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 3545 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
String | subString, | ||
boolean | startsWith | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.
attrType | attribute of this attribute type to look for in the artifacts |
subString | value substring of the string attribute of the attrType type to look for |
startsWith | if true, the artifact attribute string should start with the substring, if false, it should just contain it |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 3598 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
int | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and integer value. Does not included rejected artifacts.
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 3652 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
long | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and long value. Does not included rejected artifacts.
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 3702 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
double | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and double value. Does not included rejected artifacts.
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 3752 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
byte | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and byte value. Does not include rejected artifacts.
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 3802 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | String | artifactTypeName, |
long | obj_id | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.
artifactTypeName | artifact type name |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4124 of file SleuthkitCase.java.
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | int | artifactTypeID, |
long | obj_id | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.
artifactTypeID | artifact type id (must exist in database) |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4140 of file SleuthkitCase.java.
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | ARTIFACT_TYPE | artifactType, |
long | obj_id | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.
artifactType | artifact type enum |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4156 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | String | artifactTypeName | ) | throws TskCoreException |
Get all blackboard artifacts of a given type. Does not included rejected artifacts.
artifactTypeName | artifact type name |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4223 of file SleuthkitCase.java.
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | ARTIFACT_TYPE | artifactType | ) | throws TskCoreException |
Get all blackboard artifacts of a given type. Does not included rejected artifacts.
artifactType | artifact type enum |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4238 of file SleuthkitCase.java.
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | ARTIFACT_TYPE | artifactType, |
BlackboardAttribute.ATTRIBUTE_TYPE | attrType, | ||
String | value | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type with an attribute of a given type and String value. Does not included rejected artifacts.
artifactType | artifact type enum |
attrType | attribute type enum |
value | String value of attribute |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4255 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | long | objId | ) | throws TskCoreException |
Get a count of blackboard artifacts for a given content. Does not include rejected artifacts.
objId | Id of the content. |
TskCoreException |
Definition at line 3431 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Report.getAllArtifactsCount(), org.sleuthkit.datamodel.AbstractContent.getAllArtifactsCount(), org.sleuthkit.datamodel.Report.getArtifactsCount(), and org.sleuthkit.datamodel.AbstractContent.getArtifactsCount().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | String | artifactTypeName, |
long | obj_id | ||
) | throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.
artifactTypeName | artifact type name |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4172 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | int | artifactTypeID, |
long | obj_id | ||
) | throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.
artifactTypeID | artifact type id (must exist in database) |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4192 of file SleuthkitCase.java.
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | ARTIFACT_TYPE | artifactType, |
long | obj_id | ||
) | throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.
artifactType | artifact type enum |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 4208 of file SleuthkitCase.java.
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount | ( | int | artifactTypeID | ) | throws TskCoreException |
Get a count of artifacts of a given type. Does not include rejected artifacts.
artifactTypeID | Id of the artifact type. |
TskCoreException |
Definition at line 3467 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount | ( | int | artifactTypeID, |
long | dataSourceID | ||
) | throws TskCoreException |
Get a count of artifacts of a given type for the given data source. Does not include rejected artifacts.
artifactTypeID | Id of the artifact type. |
dataSourceID |
TskCoreException |
Definition at line 3504 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID | ( | long | artifactTagID | ) | throws TskCoreException |
Selects the row in the blackboard artifact tags table in the case database with a specified tag id.
artifactTagID | the tag id of the BlackboardArtifactTag to retrieve. |
TskCoreException |
Definition at line 11969 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the blackboard_artifacts table.
artifact | A data transfer object (DTO) for the artifact to match. |
TskCoreException |
Definition at line 12021 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
Referenced by org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted().
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 11866 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName | ( | TagName | tagName, |
long | dsObjId | ||
) | throws TskCoreException |
Gets artifact tags by tag name, for specified data source.
tagName | The representation of the desired tag type in the case database, which can be obtained by calling getTagNames and/or addTagName. |
dsObjId | data source object id |
TskCoreException | If there is an error getting the tags from the case database. |
Definition at line 11916 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Gets a count of the rows in the blackboard_artifact_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 11778 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName | ( | TagName | tagName, |
long | dsObjId | ||
) | throws TskCoreException |
Gets an artifact tags count by tag name, for the given data source.
tagName | The representation of the desired tag type in the case database, which can be obtained by calling getTagNames and/or addTagName. |
dsObjId | data source object id |
TskCoreException | If there is an error getting the tags count from the case database. |
Definition at line 11821 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes | ( | ) | throws TskCoreException |
Gets a list of the standard blackboard artifact type enum objects.
TskCoreException | Specified, but not thrown. |
Definition at line 13984 of file SleuthkitCase.java.
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse | ( | ) | throws TskCoreException |
Get all of the standard blackboard artifact types that are in use in the blackboard.
TskCoreException |
Definition at line 3879 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromID(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getTypeID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes | ( | final BlackboardArtifact | artifact | ) | throws TskCoreException |
Definition at line 4903 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.getAttributes().
ArrayList<BlackboardAttribute.ATTRIBUTE_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes | ( | ) | throws TskCoreException |
Gets a list of the standard blackboard attribute type enum objects.
TskCoreException | Specified, but not thrown. |
Definition at line 14151 of file SleuthkitCase.java.
int org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount | ( | ) | throws TskCoreException |
Get count of blackboard attribute types
Counts both static (in enum) and dynamic attributes types (created by modules at runtime)
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 3998 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
synchronized CaseDbAccessManager org.sleuthkit.datamodel.SleuthkitCase.getCaseDbAccessManager | ( | ) | throws TskCoreException |
Definition at line 527 of file SleuthkitCase.java.
CommunicationsManager org.sleuthkit.datamodel.SleuthkitCase.getCommunicationsManager | ( | ) | throws TskCoreException |
Gets the communications manager for this case.
org.sleuthkit.datamodel.TskCoreException |
Definition at line 487 of file SleuthkitCase.java.
Content org.sleuthkit.datamodel.SleuthkitCase.getContentById | ( | long | id | ) | throws TskCoreException |
Get content object by content id
id | to get content object for |
TskCoreException | thrown if critical error occurred within tsk core |
Definition at line 5740 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.HostAddressManager.getHostAddress(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.OsAccountManager.getOsAccountByObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getReportById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().
Referenced by org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.AbstractFile.getDataSource(), org.sleuthkit.datamodel.BlackboardArtifact.getDataSource(), org.sleuthkit.datamodel.BlackboardAttribute.getDisplayString(), org.sleuthkit.datamodel.AccountFileInstance.getFile(), org.sleuthkit.datamodel.AbstractContent.getParent(), org.sleuthkit.datamodel.Report.getParent(), org.sleuthkit.datamodel.BlackboardArtifact.getParent(), org.sleuthkit.datamodel.SleuthkitCase.getReportById(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().
ContentTag org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID | ( | long | contentTagID | ) | throws TskCoreException |
Selects the rows in the content_tags table in the case database with a specified tag id.
contentTagID | the tag id of the ContentTag to retrieve. |
TskCoreException |
Definition at line 11495 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent | ( | Content | content | ) | throws TskCoreException |
Selects the rows in the content_tags table in the case database with a specified foreign key into the tsk_objects table.
content | A data transfer object (DTO) for the content to match. |
TskCoreException |
Definition at line 11638 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
Referenced by org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted().
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Selects the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 11544 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName | ( | TagName | tagName, |
long | dsObjId | ||
) | throws TskCoreException |
Gets content tags by tag name, for the given data source.
tagName | The tag name of interest. |
dsObjId | data source object id |
TskCoreException | If there is an error getting the tags from the case database. |
Definition at line 11591 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Gets a count of the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 11406 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName | ( | TagName | tagName, |
long | dsObjId | ||
) | throws TskCoreException |
Gets content tags count by tag name, for the given data source
tagName | The representation of the desired tag type in the case database, which can be obtained by calling getTagNames and/or addTagName. |
dsObjId | data source object id |
TskCoreException | If there is an error getting the tags count from the case database. |
Definition at line 11450 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Examiner org.sleuthkit.datamodel.SleuthkitCase.getCurrentExaminer | ( | ) | throws TskCoreException |
Returns the Examiner object for currently logged in user
org.sleuthkit.datamodel.TskCoreException |
Definition at line 3000 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), and org.sleuthkit.datamodel.TaggingManager.addContentTag().
String org.sleuthkit.datamodel.SleuthkitCase.getDatabaseName | ( | ) |
Gets the case database name.
Definition at line 2745 of file SleuthkitCase.java.
DbType org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType | ( | ) |
Returns the type of database in use.
Definition at line 2708 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), org.sleuthkit.datamodel.TaggingManager.addContentTag(), org.sleuthkit.datamodel.CommunicationsManager.addRelationships(), org.sleuthkit.datamodel.TaggingManager.addTagSet(), org.sleuthkit.datamodel.CaseDbAccessManager.alterTable(), org.sleuthkit.datamodel.CaseDbAccessManager.columnExists(), org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getRelatedAccountDeviceInstances(), org.sleuthkit.datamodel.CaseDbAccessManager.insert(), org.sleuthkit.datamodel.CaseDbAccessManager.insertOrUpdate(), and org.sleuthkit.datamodel.CaseDbAccessManager.tableExists().
DataSource org.sleuthkit.datamodel.SleuthkitCase.getDataSource | ( | long | objectId | ) | throws TskDataException, TskCoreException |
Gets a specific data source for the case. If it is an image, an Image will be instantiated. Otherwise, a LocalFilesDataSource will be instantiated.
NOTE: The DataSource class is an emerging feature and at present is only useful for obtaining the object id and the data source identifier, an ASCII-printable identifier for the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.
objectId | The object id of the data source. |
TskDataException | If there is no data source for the given object id. |
TskCoreException | If there is a problem getting the data source. |
Definition at line 3327 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
Referenced by org.sleuthkit.datamodel.OsAccountInstance.getDataSource(), and org.sleuthkit.datamodel.HostManager.getDataSourcesForHost().
List<DataSource> org.sleuthkit.datamodel.SleuthkitCase.getDataSources | ( | ) | throws TskCoreException |
Gets the data sources for the case. For each data source, if it is an image, an Image will be instantiated. Otherwise, a LocalFilesDataSource will be instantiated.
NOTE: The DataSource interface is an emerging feature and at present is only useful for obtaining the object id and the device id, an ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.
TskCoreException | if there is a problem getting the data sources. |
Definition at line 3222 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.Content.close(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
String org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath | ( | ) |
Get the full path to the case directory. For a SQLite case database, this is the same as the database directory path.
Definition at line 2755 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), and org.sleuthkit.datamodel.SleuthkitCase.getReportById().
CaseDbSchemaVersionNumber org.sleuthkit.datamodel.SleuthkitCase.getDBSchemaCreationVersion | ( | ) |
Gets the creation version of the database schema.
Definition at line 2699 of file SleuthkitCase.java.
VersionNumber org.sleuthkit.datamodel.SleuthkitCase.getDBSchemaVersion | ( | ) |
Gets the database schema version in use.
Definition at line 2689 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion().
FileManager org.sleuthkit.datamodel.SleuthkitCase.getFileManager | ( | ) |
Gets the file manager for this case.
Definition at line 505 of file SleuthkitCase.java.
List<TskFileRange> org.sleuthkit.datamodel.SleuthkitCase.getFileRanges | ( | long | id | ) | throws TskCoreException |
Get file layout ranges from tsk_file_layout, for a file with specified id
id | of the file to get file layout ranges for |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 8777 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.AbstractFile.getRanges().
Collection<FileSystem> org.sleuthkit.datamodel.SleuthkitCase.getFileSystems | ( | Image | image | ) |
Helper to return FileSystems in an Image
image | Image to lookup FileSystem for |
Definition at line 14443 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems().
HostAddressManager org.sleuthkit.datamodel.SleuthkitCase.getHostAddressManager | ( | ) | throws TskCoreException |
Gets the HostAddress manager for this case.
TskCoreException |
Definition at line 602 of file SleuthkitCase.java.
HostManager org.sleuthkit.datamodel.SleuthkitCase.getHostManager | ( | ) | throws TskCoreException |
Gets the Hosts manager for this case.
TskCoreException |
Definition at line 580 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addImage(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource(), org.sleuthkit.datamodel.LocalFilesDataSource.getHost(), and org.sleuthkit.datamodel.Image.getHost().
Image org.sleuthkit.datamodel.SleuthkitCase.getImageById | ( | long | id | ) | throws TskCoreException |
Get am image by the image object id
id | of the image object |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 8813 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addImageInfo(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().
Collection<FileSystem> org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems | ( | Image | image | ) | throws TskCoreException |
Helper to return FileSystems in an Image
image | Image to lookup FileSystem for |
TskCoreException |
Definition at line 9214 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.valueOf().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getFileSystems().
Map<Long, List<String> > org.sleuthkit.datamodel.SleuthkitCase.getImagePaths | ( | ) | throws TskCoreException |
Returns a map of image object IDs to a list of fully qualified file paths for that image
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 9556 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getDataSources().
List<Image> org.sleuthkit.datamodel.SleuthkitCase.getImages | ( | ) | throws TskCoreException |
TskCoreException |
Definition at line 9633 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
final List<IngestJobInfo> org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs | ( | ) | throws TskCoreException |
Gets all of the ingest jobs that have been run.
TskCoreException | If there is a problem getting the ingest jobs |
Definition at line 12518 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.IngestJobInfo.IngestJobStatusType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
long org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId | ( | ) | throws TskCoreException |
Get last (max) object id of content object in tsk_objects.
TskCoreException | exception thrown when database error occurs and last object id could not be queried |
Definition at line 13872 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts | ( | String | whereClause | ) | throws TskCoreException |
Get all artifacts that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables
whereClause | a sqlite where clause |
TskCoreException | exception thrown if a critical error occurs within tsk core Query the Database |
Definition at line 5092 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().
Referenced by org.sleuthkit.datamodel.Report.getAllArtifacts(), and org.sleuthkit.datamodel.AbstractContent.getAllArtifacts().
ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes | ( | String | whereClause | ) | throws TskCoreException |
Get all attributes that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables
whereClause | a sqlite where clause |
TskCoreException | exception thrown if a critical error occurs within tsk core Query the Database |
Definition at line 5037 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
OsAccountManager org.sleuthkit.datamodel.SleuthkitCase.getOsAccountManager | ( | ) | throws TskCoreException |
Gets the OS account manager for this case.
TskCoreException |
Definition at line 569 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.OsAccount.getExtendedOsAccountAttributes(), org.sleuthkit.datamodel.OsAccountInstance.getOsAccount(), org.sleuthkit.datamodel.OsAccount.getOsAccountInstances(), and org.sleuthkit.datamodel.AbstractContent.newDataArtifact().
OsAccountRealmManager org.sleuthkit.datamodel.SleuthkitCase.getOsAccountRealmManager | ( | ) | throws TskCoreException |
Gets the OS account realm manager for this case.
TskCoreException |
Definition at line 558 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.OsAccountManager.getWindowsOsAccount(), org.sleuthkit.datamodel.HostManager.mergeHosts(), and org.sleuthkit.datamodel.OsAccountManager.newWindowsOsAccount().
PersonManager org.sleuthkit.datamodel.SleuthkitCase.getPersonManager | ( | ) | throws TskCoreException |
Gets the Person manager for this case.
TskCoreException |
Definition at line 591 of file SleuthkitCase.java.
Report org.sleuthkit.datamodel.SleuthkitCase.getReportById | ( | long | id | ) | throws TskCoreException |
Get a Report object for the given id.
id |
TskCoreException |
Definition at line 12249 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById().
List<Content> org.sleuthkit.datamodel.SleuthkitCase.getRootObjects | ( | ) | throws TskCoreException |
Get the list of root objects (data sources) from the case database, e.g., image files, logical (local) files, virtual directories.
TskCoreException |
Definition at line 3100 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().
int org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion | ( | ) |
Returns case database schema version number. As of TSK 4.5.0 db schema versions are two part Major.minor. This method only returns the major part. Use getDBSchemaVersion() for the complete version.
Definition at line 2680 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getDBSchemaVersion(), and org.sleuthkit.datamodel.VersionNumber.getMajor().
ScoringManager org.sleuthkit.datamodel.SleuthkitCase.getScoringManager | ( | ) | throws TskCoreException |
Gets the scoring manager for this case.
org.sleuthkit.datamodel.TskCoreException |
Definition at line 547 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), org.sleuthkit.datamodel.TaggingManager.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.Report.getAggregateScore(), org.sleuthkit.datamodel.AbstractContent.getAggregateScore(), org.sleuthkit.datamodel.BlackboardArtifact.getAggregateScore(), and org.sleuthkit.datamodel.Blackboard.newAnalysisResult().
synchronized TaggingManager org.sleuthkit.datamodel.SleuthkitCase.getTaggingManager | ( | ) |
Get the case database TaggingManager object.
Definition at line 536 of file SleuthkitCase.java.
List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse | ( | ) | throws TskCoreException |
Selects all of the rows from the tag_names table in the case database for which there is at least one matching row in the content_tags or blackboard_artifact_tags tables.
TskCoreException |
Definition at line 11171 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse | ( | long | dsObjId | ) | throws TskCoreException |
Selects all of the rows from the tag_names table in the case database for which there is at least one matching row in the content_tags or blackboard_artifact_tags tables, for the given data source object id.
dsObjId | data source object id |
TskCoreException |
Definition at line 11209 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().
TimelineManager org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager | ( | ) | throws TskCoreException |
Gets the communications manager for this case.
org.sleuthkit.datamodel.TskCoreException |
Definition at line 516 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.Blackboard.postArtifacts().
List<VirtualDirectory> org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots | ( | ) | throws TskCoreException |
Get IDs of the virtual folder roots (at the same level as image), used for containers such as for local files.
org.sleuthkit.datamodel.TskCoreException |
Definition at line 7266 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
boolean org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource | ( | Content | dataSource, |
long | fileId | ||
) | throws TskCoreException |
Checks if the file is a (sub)child of the data source (parentless Content object such as Image or VirtualDirectory representing filesets)
dataSource | dataSource to check |
fileId | id of file to check |
TskCoreException | thrown if check failed |
Definition at line 6180 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess | ( | String | timeZone, |
boolean | addUnallocSpace, | ||
boolean | noFatFsOrphans, | ||
String | imageCopyPath | ||
) |
Starts the multi-step process of adding an image data source to the case by creating an object that can be used to control the process and get progress messages from it.
timeZone | The time zone of the image. |
addUnallocSpace | Set to true to create virtual files for unallocated space in the image. |
noFatFsOrphans | Set to true to skip processing orphan files of FAT file systems. |
imageCopyPath | Path to which a copy of the image should be written. Use the empty string to disable image writing. |
Definition at line 3088 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess | ( | String | timezone, |
boolean | addUnallocSpace, | ||
boolean | noFatFsOrphans | ||
) |
Start process of adding a image to the case. Adding an image is a multi-step process and this returns an object that allows it to happen.
timezone | TZ time zone string to use for ingest of image. |
addUnallocSpace | Set to true to create virtual files for unallocated space in the image. |
noFatFsOrphans | Set to true to skip processing orphan files of FAT file systems. |
Definition at line 14428 of file SleuthkitCase.java.
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact | ( | int | artifactTypeID, |
long | obj_id | ||
) | throws TskCoreException |
Add a new blackboard artifact with the given type. If that artifact type does not exist an error will be thrown. The artifact type name can be looked up in the returned blackboard artifact.
artifactTypeID | the type the given artifact should have |
obj_id | the content object id associated with this artifact |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 5141 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.Category.getName(), org.sleuthkit.datamodel.Content.newAnalysisResult(), org.sleuthkit.datamodel.Content.newDataArtifact(), and org.sleuthkit.datamodel.Score.SCORE_UNKNOWN.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact | ( | ARTIFACT_TYPE | artifactType, |
long | obj_id | ||
) | throws TskCoreException |
Add a new blackboard artifact with the given type.
artifactType | the type the given artifact should have |
obj_id | the content object id associated with this artifact |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 5184 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().
|
static |
Creates a new SQLite case database.
dbPath | Path to where SQlite case database should be created. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 2872 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.DbType.SQLITE.
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
|
static |
Creates a new PostgreSQL case database.
caseName | The name of the case. It will be used to create a case database name that can be safely used in SQL commands and will not be subject to name collisions on the case database server. Use getDatabaseName to get the created name. |
info | The information to connect to the database. |
caseDirPath | The case directory path. |
org.sleuthkit.datamodel.TskCoreException |
The flow of this method involves trying to create a new case and if successful, return that case. If unsuccessful, an exception is thrown. We catch any exceptions, and use tryConnect() to attempt to obtain further information about the error. If tryConnect() is unable to successfully connect, tryConnect() will throw a TskCoreException with a message containing user-level error reporting. If tryConnect() is able to connect, flow continues and we rethrow the original exception obtained from trying to create the case. In this way, we obtain more detailed information if we are able, but do not lose any information if unable.
Definition at line 2899 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.tryConnect().
|
static |
Open an existing case database.
dbPath | Path to SQLite case database. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 2812 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.DbType.SQLITE.
|
static |
Open an existing multi-user case database.
databaseName | The name of the database. |
info | Connection information for the the database. |
caseDir | The folder where the case metadata fils is stored. |
TskCoreException | If there is a problem opening the database. |
Definition at line 2835 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.tryConnect().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.openFiles | ( | Content | dataSource, |
String | filePath | ||
) | throws TskCoreException |
dataSource | the data source (Image, VirtualDirectory for file-sets, etc) to search for the given file name |
filePath | The full path to the file(s) of interest. This can optionally include the image and volume names. Treated in a case- insensitive manner. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 8746 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.findFiles().
void org.sleuthkit.datamodel.SleuthkitCase.registerForEvents | ( | Object | listener | ) |
Definition at line 239 of file SleuthkitCase.java.
void org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock | ( | ) |
Releases a write lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.
Definition at line 14494 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
void org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock | ( | ) |
Releases a read lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.
Definition at line 14518 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
void org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock | ( | ) |
Releases a read lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.
Definition at line 2797 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.DbType.SQLITE.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.close(), org.sleuthkit.datamodel.TimelineManager.countEventsByType(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesInFolderWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.FileManager.findFilesExactName(), org.sleuthkit.datamodel.FileManager.findFilesExactNameExactPath(), org.sleuthkit.datamodel.SleuthkitCase.findFilesInFolder(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getAccountsRelatedToArtifact(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountTypesInUse(), org.sleuthkit.datamodel.ScoringManager.getAggregateScore(), org.sleuthkit.datamodel.ScoringManager.getAggregateScores(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.HostManager.getAllHosts(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.Blackboard.getAnalysisResultsWhere(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.Blackboard.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.ScoringManager.getContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.ScoringManager.getContentCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getCurrentExaminer(), org.sleuthkit.datamodel.Blackboard.getDataArtifactById(), org.sleuthkit.datamodel.Blackboard.getDataArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.HostManager.getDataSourcesForHost(), org.sleuthkit.datamodel.TimelineManager.getEventById(), org.sleuthkit.datamodel.TimelineManager.getEventIDs(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForArtifact(), org.sleuthkit.datamodel.TimelineManager.getEvents(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.HostAddressManager.getHostAddress(), org.sleuthkit.datamodel.HostManager.getHostByDataSource(), org.sleuthkit.datamodel.OsAccountManager.getHosts(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs(), org.sleuthkit.datamodel.HostAddressManager.getIpAddress(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.TimelineManager.getMaxEventTime(), org.sleuthkit.datamodel.TimelineManager.getMinEventTime(), org.sleuthkit.datamodel.OsAccountManager.getOsAccounts(), org.sleuthkit.datamodel.PersonManager.getPerson(), org.sleuthkit.datamodel.PersonManager.getPersons(), org.sleuthkit.datamodel.CommunicationsManager.getRelatedAccountDeviceInstances(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipCountsPairwise(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount(), org.sleuthkit.datamodel.SleuthkitCase.getReportById(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.TimelineManager.getSpanningInterval(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.TaggingManager.getTagSet(), org.sleuthkit.datamodel.TaggingManager.getTagSets(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.HostAddressManager.hostAddressExists(), org.sleuthkit.datamodel.HostAddressManager.hostNameAndIpMappingExists(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.runQuery(), and org.sleuthkit.datamodel.CaseDbAccessManager.select().
void org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock | ( | ) |
Releases a write lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.
Definition at line 2775 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.DbType.SQLITE.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.OsAccountManager.addExtendedOsAccountAttributes(), org.sleuthkit.datamodel.HostAddressManager.addHostNameAndIpMapping(), org.sleuthkit.datamodel.SleuthkitCase.addIngestJob(), org.sleuthkit.datamodel.SleuthkitCase.addIngestModule(), org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.HostAddressManager.addUsage(), org.sleuthkit.datamodel.HostAddressManager.assignHostToAddress(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.CaseDbAccessManager.createIndex(), org.sleuthkit.datamodel.CaseDbAccessManager.createTable(), org.sleuthkit.datamodel.CaseDbAccessManager.delete(), org.sleuthkit.datamodel.PersonManager.deletePerson(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForContent(), org.sleuthkit.datamodel.HostAddressManager.newHostAddress(), org.sleuthkit.datamodel.PersonManager.newPerson(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.setFileUnalloc(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForHashSetHit(), org.sleuthkit.datamodel.HostManager.updateHostName(), org.sleuthkit.datamodel.SleuthkitCase.updateImagePath(), and org.sleuthkit.datamodel.PersonManager.updatePerson().
void org.sleuthkit.datamodel.SleuthkitCase.removeErrorObserver | ( | ErrorObserver | observer | ) |
Remove an observer for SleuthkitCase errors.
observer | The observer to remove. |
Definition at line 13769 of file SleuthkitCase.java.
ResultSet org.sleuthkit.datamodel.SleuthkitCase.runQuery | ( | String | query | ) | throws SQLException |
Process a read-only query on the tsk database, any table Can be used to e.g. to find files of a given criteria. resultSetToFsContents() will convert the files to useful objects. MUST CALL closeRunQuery() when done
query | the given string query to run |
SQLException | if error occurred during the query |
Definition at line 14171 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().
void org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType | ( | AbstractFile | file, |
String | mimeType | ||
) | throws TskCoreException |
Stores the MIME type of a file in the case database and updates the MIME type of the given file object.
file | A file. |
mimeType | The MIME type. |
TskCoreException | If there is an error updating the case database. |
Definition at line 10492 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
void org.sleuthkit.datamodel.SleuthkitCase.setFileUnalloc | ( | AbstractFile | file | ) | throws TskCoreException |
Sets the unalloc meta flags for the file in the case database, and updates the meta flags in given file object. Also updates the dir flag to unalloc.
file | A file. |
TskCoreException | If there is an error updating the case database. |
Definition at line 10515 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.toInt(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.valuesOf().
void org.sleuthkit.datamodel.SleuthkitCase.setImagePaths | ( | long | obj_id, |
List< String > | paths | ||
) | throws TskCoreException |
Set the file paths for the image given by obj_id
obj_id | the ID of the image to update |
paths | the fully qualified path to the files that make up the image |
TskCoreException | exception thrown when critical error occurs within tsk core and the update fails |
Definition at line 9671 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
boolean org.sleuthkit.datamodel.SleuthkitCase.setKnown | ( | AbstractFile | file, |
FileKnown | fileKnown | ||
) | throws TskCoreException |
Store the known status for the FsContent in the database Note: will not update status if content is already 'Known Bad'
file | The AbstractFile object |
fileKnown | The object's known status |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 10384 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
void org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus | ( | BlackboardArtifact | artifact, |
BlackboardArtifact.ReviewStatus | newStatus | ||
) | throws TskCoreException |
Set the review status of the given artifact to newStatus
artifact | The artifact whose review status is being set. |
newStatus | The new review status for the given artifact. Must not be null. |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 10958 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.BlackboardArtifact.getArtifactID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.setReviewStatus().
void org.sleuthkit.datamodel.SleuthkitCase.submitError | ( | String | context, |
String | errorMessage | ||
) |
Submit an error to all clients that are listening.
context | The context in which the error occurred. |
errorMessage | A description of the error that occurred. |
Definition at line 13785 of file SleuthkitCase.java.
|
static |
Attempts to connect to the database with the passed in settings, throws if the settings are not sufficient to connect to the database type indicated. Only attempts to connect to remote databases.
When issues occur, it attempts to diagnose them by looking at the exception messages, returning the appropriate user-facing text for the exception received. This method expects the Exceptions messages to be in English and compares against English text.
info | The connection information |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 277 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.openCase().
void org.sleuthkit.datamodel.SleuthkitCase.unregisterForEvents | ( | Object | listener | ) |
Definition at line 243 of file SleuthkitCase.java.
DerivedFile org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile | ( | DerivedFile | derivedFile, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
String | mimeType, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails, | ||
TskData.EncodingType | encodingType | ||
) | throws TskCoreException |
Updates an existing derived file in the database and returns a new derived file object with the updated contents
derivedFile | The derived file you wish to update |
localPath | local path of the derived file, including the file name. The path is relative to the database path. |
size | size of the derived file in bytes |
ctime | The changed time of the file. |
crtime | The creation time of the file. |
atime | The accessed time of the file |
mtime | The modified time of the file. |
isFile | whether a file or directory, true if a file |
mimeType | The MIME type the updated file should have, null to unset it |
rederiveDetails | details needed to re-derive file (will be specific to the derivation method), currently unused |
toolName | name of derivation method/tool, currently unused |
toolVersion | version of derivation method/tool, currently unused |
otherDetails | details of derivation method/tool, currently unused |
encodingType | Type of encoding used on the file (or NONE if no encoding) |
TskCoreException | exception thrown if the object creation failed due to a critical system error |
Definition at line 7807 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.AbstractContent.getParent(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
DerivedFile org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile | ( | DerivedFile | derivedFile, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
String | mimeType, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails, | ||
TskData.EncodingType | encodingType, | ||
Content | parentObj, | ||
CaseDbTransaction | trans | ||
) | throws TskCoreException |
Definition at line 7833 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId(), org.sleuthkit.datamodel.AbstractFile.getOwnerUid(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
void org.sleuthkit.datamodel.SleuthkitCase.updateImagePath | ( | String | newPath, |
long | objectId | ||
) | throws TskCoreException |
Change the path for an image in the database.
newPath | New path to the image |
objectId | Data source ID of the image |
TskCoreException |
Definition at line 12065 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.