Sleuth Kit Java Bindings (JNI)  4.11.1
Java bindings for using The Sleuth Kit
Volume.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.util.ResourceBundle;
22 import java.util.ArrayList;
23 import java.util.List;
24 
29 public class Volume extends AbstractContent {
30 
31  private long addr;
32  private long startSector; //in sectors, relative to volume system start
33  private long lengthInSectors; //in sectors
34  private long flags;
35  private String desc;
36  private volatile long volumeHandle = 0;
37  private volatile String uniquePath;
38  private static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
39 
51  protected Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc) {
52  super(db, obj_id, "vol" + Long.toString(addr)); //NON-NLS
53  this.addr = addr;
54  this.startSector = startSector;
55  this.lengthInSectors = lengthInSectors;
56  this.uniquePath = null;
57  this.flags = flags;
58  if (!desc.equals("")) {
59  this.desc = desc;
60  } else {
61  this.desc = bundle.getString("Volume.desc.text");
62  }
63  }
64 
65  @Override
66  public int read(byte[] buf, long offset, long len) throws TskCoreException {
67  synchronized (this) {
68  Content myParent = getParent();
69  if (!(myParent instanceof VolumeSystem)) {
70  throw new TskCoreException(bundle.getString("Volume.read.exception.msg1.text"));
71  }
72  VolumeSystem parentVs = (VolumeSystem) myParent;
73 
74  // Reading from APFS volumes/volume systems is not yet supported
75  if (parentVs.getType().equals(TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS)) {
76  throw new TskCoreException("Reading APFS pool volumes not yet supported");
77  }
78 
79  // read from the volume
80  if (volumeHandle == 0) {
81  volumeHandle = SleuthkitJNI.openVsPart(parentVs.getVolumeSystemHandle(), addr);
82  }
83 
84  }
85  return SleuthkitJNI.readVsPart(volumeHandle, buf, offset, len);
86  }
87 
88  @Override
89  public void close() {
90  // there is nothing to free. The VolumeSystem structure
91  // in C++ contains this structure and will free it.
92  volumeHandle = 0;
93  }
94 
95  @SuppressWarnings("deprecation")
96  @Override
97  public void finalize() throws Throwable {
98  try {
99  close();
100  } finally {
101  super.finalize();
102  }
103  }
104 
105  @Override
106  public long getSize() {
107  return lengthInSectors * 512;
108  }
109 
110  @Override
111  public String getUniquePath() throws TskCoreException {
112  // It is possible that multiple threads could be doing this calculation
113  // simultaneously, but it's worth the potential extra processing to prevent deadlocks.
114  if(uniquePath == null) {
115  String tempUniquePath = "";
116  String name = getName();
117  if (!name.isEmpty()) {
118  tempUniquePath = "/vol_" + name; //NON-NLS
119  }
120 
121  Content myParent = getParent();
122  if (myParent != null) {
123  tempUniquePath = myParent.getUniquePath() + tempUniquePath;
124  }
125 
126  // Don't update uniquePath until it is complete.
127  uniquePath = tempUniquePath;
128  }
129  return uniquePath;
130  }
131 
132  //methods get exact data from database. could be manipulated to get more
133  //meaningful data.
140  public long getAddr() {
141  return addr;
142  }
143 
150  public long getStart() {
151  return startSector;
152  }
153 
159  public long getLength() {
160  return lengthInSectors;
161  }
162 
168  public long getFlags() {
169  return flags;
170  }
171 
177  public String getFlagsAsString() {
178  return Volume.vsFlagToString(flags);
179  }
180 
187  public String getDescription() {
188  return desc;
189  }
190 
191  // ----- Here all the methods for vs flags conversion / mapping -----
199  public static String vsFlagToValue(long vsFlag) {
200 
201  String result = "";
202 
204  if (flag.getVsFlag() == vsFlag) {
205  result = flag.toString();
206  }
207  }
208  return result;
209  }
210 
218  public static long valueToVsFlag(String vsFlag) {
219 
220  long result = 0;
221 
223  if (flag.toString().equals(vsFlag)) {
224  result = flag.getVsFlag();
225  }
226  }
227  return result;
228  }
229 
237  public static String vsFlagToString(long vsFlag) {
238 
239  String result = "";
240 
241  long allocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC.getVsFlag();
242  long unallocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC.getVsFlag();
243 
244  // some variables that might be needed in the future
245  long metaFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META.getVsFlag();
246  long allFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL.getVsFlag();
247 
248  if ((vsFlag & allocFlag) == allocFlag) {
249  result = bundle.getString("Volume.vsFlagToString.allocated");
250  }
251  if ((vsFlag & unallocFlag) == unallocFlag) {
252  result = bundle.getString("Volume.vsFlagToString.unallocated");
253  }
254  // ... add more code here if needed
255 
256  return result;
257  }
258 
259  @Override
260  public <T> T accept(SleuthkitItemVisitor<T> v) {
261  return v.visit(this);
262  }
263 
264  @Override
265  public <T> T accept(ContentVisitor<T> v) {
266  return v.visit(this);
267  }
268 
269  @Override
270  public List<Content> getChildren() throws TskCoreException {
271  return getSleuthkitCase().getVolumeChildren(this);
272  }
273 
274  @Override
275  public List<Long> getChildrenIds() throws TskCoreException {
276  return getSleuthkitCase().getVolumeChildrenIds(this);
277  }
278 
284  public List<FileSystem> getFileSystems() throws TskCoreException {
285 
286  List<Content> children = getChildren();
287  List<FileSystem> fileSystems = new ArrayList<FileSystem>();
288  for (Content child : children) {
289  if (child instanceof FileSystem) {
290  fileSystems.add((FileSystem) child);
291  }
292  }
293 
294  return fileSystems;
295  }
296 
297  @Override
298  public String toString(boolean preserveState) {
299  return super.toString(preserveState) + "Volume [\t" + "addr " + addr + "\t" + "desc " + desc + "\t" + "flags " + flags + "\t" + "length " + lengthInSectors + "\t" + "start " + startSector + "]\t"; //NON-NLS
300  }
301 }
TSK_VS_PART_FLAG_ALL
Show all sectors in the walk.
Definition: TskData.java:336
static long valueToVsFlag(String vsFlag)
Definition: Volume.java:218
TSK_VS_PART_FLAG_ALLOC
Sectors are allocated to a volume in the volume system.
Definition: TskData.java:333
int read(byte[] buf, long offset, long len)
Definition: Volume.java:66
List< FileSystem > getFileSystems()
Definition: Volume.java:284
synchronized long getVolumeSystemHandle()
String toString(boolean preserveState)
Definition: Volume.java:298
TSK_VS_PART_FLAG_META
Sectors contain volume system metadata and could also be ALLOC or UNALLOC.
Definition: TskData.java:335
Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc)
Definition: Volume.java:51
static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len)
List< Long > getChildrenIds()
Definition: Volume.java:275
static String vsFlagToValue(long vsFlag)
Definition: Volume.java:199
List< Content > getChildren()
Definition: Volume.java:270
static long openVsPart(long vsHandle, long volId)
TSK_VS_PART_FLAG_UNALLOC
Sectors are not allocated to a volume.
Definition: TskData.java:334
static String vsFlagToString(long vsFlag)
Definition: Volume.java:237

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.