Sleuth Kit Java Bindings (JNI)
4.11.0
Java bindings for using The Sleuth Kit
|
Classes | |
class | CaseDbHandle |
Static Public Member Functions | |
static Image | addImageToDatabase (SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId) throws TskCoreException |
static Image | addImageToDatabase (SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId, Host host) throws TskCoreException |
static void | addToHashDatabase (String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException |
static void | addToHashDatabase (List< HashEntry > hashes, int dbHandle) throws TskCoreException |
static void | cancelFinishImage (long imgHandle) |
static void | closeAllHashDatabases () throws TskCoreException |
static void | closeFile (long fileHandle) |
static void | closeFile (long fileHandle, SleuthkitCase skCase) |
static void | closeFs (long fsHandle) |
static void | closeHashDatabase (int dbHandle) throws TskCoreException |
static void | closeImg (long imgHandle) |
static void | closeVs (long vsHandle) |
static int | createHashDatabase (String path) throws TskCoreException |
static void | createLookupIndexForHashDatabase (int dbHandle) throws TskCoreException |
static long | findDeviceSize (String devPath) throws TskCoreException |
static int | finishImageWriter (long imgHandle) throws TskCoreException |
static List< String > | getFileMetaDataText (long fileHandle) throws TskCoreException |
static int | getFinishImageProgress (long imgHandle) |
static String | getHashDatabaseDisplayName (int dbHandle) throws TskCoreException |
static String | getHashDatabaseIndexPath (int dbHandle) throws TskCoreException |
static String | getHashDatabasePath (int dbHandle) throws TskCoreException |
static String | getVersion () |
static boolean | hashDatabaseCanBeReindexed (int dbHandle) throws TskCoreException |
static boolean | hashDatabaseHasLookupIndex (int dbHandle) throws TskCoreException |
static boolean | hashDatabaseIsIndexOnly (int dbHandle) throws TskCoreException |
static boolean | isImageSupported (String imagePath) |
static boolean | isUpdateableHashDatabase (int dbHandle) throws TskCoreException |
static boolean | lookupInHashDatabase (String hash, int dbHandle) throws TskCoreException |
static HashHitInfo | lookupInHashDatabaseVerbose (String hash, int dbHandle) throws TskCoreException |
static long | openFile (long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, SleuthkitCase skCase) throws TskCoreException |
static long | openFile (long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException |
static long | openFs (long imgHandle, long fsOffset, SleuthkitCase skCase) throws TskCoreException |
static long | openFs (long imgHandle, long fsOffset) throws TskCoreException |
static int | openHashDatabase (String path) throws TskCoreException |
static long | openImage (String[] imageFiles, SleuthkitCase skCase) throws TskCoreException |
static long | openImage (String[] imageFiles, int sSize, SleuthkitCase skCase) throws TskCoreException |
static long | openImage (String[] imageFiles) throws TskCoreException |
static long | openImage (String[] imageFiles, int sSize) throws TskCoreException |
static long | openVs (long imgHandle, long vsOffset) throws TskCoreException |
static long | openVsPart (long vsHandle, long volId) throws TskCoreException |
static int | readFile (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
static int | readFileSlack (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
static int | readFs (long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
static int | readImg (long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
static int | readVs (long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
static int | readVsPart (long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
static void | startVerboseLogging (String logPath) |
A utility class that provides a interface to the SleuthKit via JNI. Supports case management, add image process, reading data off content objects Setting up Hash database parameters and updating / reading values
Caches image and filesystem handles and reuses them for the duration of the application
Definition at line 52 of file SleuthkitJNI.java.
|
static |
Add an image to the database and return the open image.
skCase | The current case. |
imagePaths | The path(s) to the image (will just be the first for .e01, .001, etc). |
sectorSize | The sector size (0 for auto-detect). |
timeZone | The time zone. |
md5fromSettings | MD5 hash (if known). |
sha1fromSettings | SHA1 hash (if known). |
sha256fromSettings | SHA256 hash (if known). |
deviceId | Device ID. |
TskCoreException |
Definition at line 952 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run().
|
static |
Add an image to the database and return the open image.
skCase | The current case. |
imagePaths | The path(s) to the image (will just be the first for .e01, .001, etc). |
sectorSize | The sector size (0 for auto-detect). |
timeZone | The time zone. |
md5fromSettings | MD5 hash (if known). |
sha1fromSettings | SHA1 hash (if known). |
sha256fromSettings | SHA256 hash (if known). |
deviceId | Device ID. |
host | Host. |
TskCoreException |
Definition at line 975 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitCase.addImage(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), and org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.valueOf().
|
static |
Adds a hash value to a hash database.
filename | Name of file (can be null) |
md5 | Text of MD5 hash (can be null) |
sha1 | Text of SHA1 hash (can be null) |
sha256 | Text of SHA256 hash (can be null) |
comment | A comment (can be null) |
dbHandle | Handle to DB |
TskCoreException |
Definition at line 1795 of file SleuthkitJNI.java.
|
static |
Definition at line 1799 of file SleuthkitJNI.java.
|
static |
Cancel the finish image process
imgHandle |
Definition at line 1907 of file SleuthkitJNI.java.
|
static |
Close the currently open lookup databases. Resets the handle counting.
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1724 of file SleuthkitJNI.java.
|
static |
frees the fileHandle pointer
fileHandle | pointer to file structure in sleuthkit |
Definition at line 1582 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.close().
|
static |
frees the fileHandle pointer
fileHandle | pointer to file structure in sleuthkit |
skCase | the case containing the file |
Definition at line 1592 of file SleuthkitJNI.java.
|
static |
frees the fsHandle pointer Currently does not do anything - fsHandle should only be freed as part of CaseDbHandle.free().
fsHandle | pointer to file system structure in sleuthkit |
Definition at line 2016 of file SleuthkitJNI.java.
|
static |
Close a particular open lookup database. Existing handles are not affected.
dbHandle | Handle of database to close. |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1737 of file SleuthkitJNI.java.
|
static |
frees the imgHandle pointer currently does not close the image - imgHandle should only be freed as part of CaseDbHandle.free().
imgHandle | to close the image |
Definition at line 1995 of file SleuthkitJNI.java.
|
static |
frees the vsHandle pointer - currently does nothing
vsHandle | pointer to volume system structure in sleuthkit |
Definition at line 2005 of file SleuthkitJNI.java.
|
static |
Creates a hash database. Will be of the default TSK hash database type.
path | The path to the database |
TskCoreException | if a critical error occurs within TSK core |
Definition at line 1714 of file SleuthkitJNI.java.
|
static |
Create an index for a hash database.
dbHandle | A hash database handle. |
TskCoreException | if a critical error occurs within TSK core |
Definition at line 1638 of file SleuthkitJNI.java.
|
static |
Get size of a device (physical, logical device, image) pointed to by devPath
devPath | device path pointing to the device |
TskCoreException | exception thrown if the device size could not be queried |
Definition at line 1929 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.getSize().
|
static |
Fills in any gaps in the image created by image writer.
imgHandle | The image handle. |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1870 of file SleuthkitJNI.java.
|
static |
Get human readable (some what) details about a file. This is the same as the 'istat' TSK tool
fileHandle | pointer to file structure in the sleuthkit |
TskCoreException | if errors occurred |
Definition at line 1542 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.getMetaDataText().
|
static |
Get the current progress of the finish image process (0-100)
imgHandle |
Definition at line 1889 of file SleuthkitJNI.java.
|
static |
Get the name of the database
dbHandle | Previously opened hash db handle. |
TskCoreException | if a critical error occurs within TSK core |
Definition at line 1750 of file SleuthkitJNI.java.
|
static |
getHashDatabaseIndexPath
dbHandle | previously opened hash db handle |
TskCoreException | if a critical error occurs within TSK core |
Definition at line 1691 of file SleuthkitJNI.java.
|
static |
getHashDatabasePath
dbHandle | previously opened hash db handle |
TskCoreException | if a critical error occurs within TSK core |
Definition at line 1678 of file SleuthkitJNI.java.
|
static |
get the Sleuth Kit version string
Definition at line 789 of file SleuthkitJNI.java.
|
static |
hashDatabaseCanBeReindexed
dbHandle | previously opened hash db handle |
TskCoreException | if a critical error occurs within TSK core |
Definition at line 1665 of file SleuthkitJNI.java.
|
static |
Check if an index exists for a hash database.
dbHandle | A hash database handle. |
TskCoreException | if a critical error occurs within TSK core |
Definition at line 1651 of file SleuthkitJNI.java.
|
static |
Definition at line 1821 of file SleuthkitJNI.java.
|
static |
Definition at line 1933 of file SleuthkitJNI.java.
|
static |
Definition at line 1817 of file SleuthkitJNI.java.
|
static |
Lookup the given hash value and get basic answer
hash | Hash value to search for. |
dbHandle | Handle of database to lookup in. |
TskCoreException |
Definition at line 1764 of file SleuthkitJNI.java.
|
static |
Lookup hash value in DB and return details on results (more time consuming than basic lookup)
hash | Hash value to search for |
dbHandle | Handle of database to lookup in. |
TskCoreException |
Definition at line 1779 of file SleuthkitJNI.java.
|
static |
Get file Handle
fsHandle | fsHandle pointer in the sleuthkit |
fileId | id of the file |
attrType | file attribute type to open |
attrId | file attribute id to open |
skCase | the case associated with this file |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1231 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Get file Handle
fsHandle | fsHandle pointer in the sleuthkit |
fileId | id of the file |
attrType | file attribute type to open |
attrId | file attribute id to open |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2089 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
imgHandle | pointer to imgHandle in sleuthkit |
fsOffset | byte offset to the file system |
skCase | the case containing the file system |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1132 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFs().
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
imgHandle | pointer to imgHandle in sleuthkit |
fsOffset | byte offset to the file system |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2070 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openFs().
|
static |
Open a hash database for lookups
path | Path to Hash DB or index file |
TskCoreException | if there is an error opening the DB |
Definition at line 1701 of file SleuthkitJNI.java.
|
static |
Open the image and return the image info pointer.
imageFiles | the paths to the images |
skCase | the case this image belongs to |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 813 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.getImageHandle(), and org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image with a specified sector size and return the image info pointer.
imageFiles | the paths to the images |
sSize | the sector size (use '0' for autodetect) |
skCase | the case this image belongs to |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 833 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image and return the image info pointer.
imageFiles | the paths to the images |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2032 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image with a specified sector size and return the image info pointer.
imageFiles | the paths to the images |
sSize | the sector size (use '0' for autodetect) |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2051 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Get volume system Handle
imgHandle | a handle to previously opened image |
vsOffset | byte offset in the image to the volume system (usually 0) |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1037 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle().
|
static |
Get volume Handle
vsHandle | pointer to the volume system structure in the sleuthkit |
volId | id of the volume |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1061 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Volume.read().
|
static |
reads data from an file
fileHandle | pointer to a file structure in the sleuthkit |
readBuffer | pre-allocated buffer to read to |
offset | byte offset in the image to start at |
len | amount of data to read |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1472 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.readInt().
|
static |
reads data from the slack space of a file
fileHandle | pointer to a file structure in the sleuthkit |
readBuffer | pre-allocated buffer to read to |
offset | byte offset in the slack to start at |
len | amount of data to read |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1519 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SlackFile.readInt().
|
static |
reads data from an file system
fsHandle | pointer to a file system structure in the sleuthkit |
readBuffer | buffer to read to |
offset | byte offset in the image to start at |
len | amount of data to read |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1429 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FileSystem.read().
|
static |
reads data from an image
imgHandle | |
readBuffer | buffer to read to |
offset | byte offset in the image to start at |
len | amount of data to read |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1334 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.read().
|
static |
reads data from an volume system
vsHandle | pointer to a volume system structure in the sleuthkit |
readBuffer | buffer to read to |
offset | sector offset in the image to start at |
len | amount of data to read |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1361 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.VolumeSystem.read().
|
static |
reads data from an volume
volHandle | pointer to a volume structure in the sleuthkit |
readBuffer | buffer to read to |
offset | byte offset in the image to start at |
len | amount of data to read |
TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1405 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Volume.read().
|
static |
Enable verbose logging and redirect stderr to the given log file.
logPath | the log file path |
Definition at line 798 of file SleuthkitJNI.java.
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.