Sleuth Kit Java Bindings (JNI)  4.11.1
Java bindings for using The Sleuth Kit
The Sleuth Kit Java Bindings Developer's Guide and API Reference

Overview

These classes allow Java programs to access data extracted by The Sleuth Kit.

The Sleuth Kit is primarily a C/C++ library and set of command line tools. These classes allow programs to obtain the data that TSK can produce. The typical steps would be to use JNI to cause the TSK library to create and populate a SQLite or PostgreSQL database. The Java classes then directly open the database and perform queries on it.

Types of Classes

There are three broad types of classes in this package:

Basic Workflow

Adding Data to Case

To get data into the database (which is needed before you get it into a Java object), you need to call some org.sleuthkit.datamodel.SleuthkitCase methods.

To open or create a case, call org.sleuthkit.datamodel.SleuthkitCase.newCase() or org.sleuthkit.datamodel.SleuthkitCase.openCase().

To add a disk image to the case, use org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess() to get a org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess object that allows you to populate the database in the scope of a transaction and get feedback on its update process.

To add a local file (logical file) you can use methods such as org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().

Analyzing Data in Case

You can either access files directly using methods such as org.sleuthkit.datamodel.SleuthkitCase.findFiles() or org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById().

You can also access the data in its tree form by starting with org.sleuthkit.datamodel.SleuthkitCase.getImages() and then calling getChildren() on each of the returned objects. See the section below on basics of the datamodel structure.

Other Topics

Database Topics

The Sleuth Kit has its own database schema that is shared with Autopsy and other tools. The primary way it gets populated is via the Java code.


Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.