Sleuth Kit Java Bindings (JNI)  4.11.1
Java bindings for using The Sleuth Kit
TskData.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.text.MessageFormat;
22 import java.util.ResourceBundle;
23 import java.util.EnumSet;
24 import java.util.Set;
25 
30 public class TskData {
31 
32  private final static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
33 
38  public enum TSK_FS_NAME_TYPE_ENUM {
39 
40  UNDEF(0, "-"),
41  FIFO(1, "p"),
42  CHR(2, "c"),
43  DIR(3, "d"),
44  BLK(4, "b"),
45  REG(5, "r"),
46  LNK(6, "l"),
47  SOCK(7, "s"),
48  SHAD(8, "h"),
49  WHT(9, "w"),
50  VIRT(10, "v"),
51  VIRT_DIR(11, "V");
52 
53  private short dirType;
54  String label;
55 
56  private TSK_FS_NAME_TYPE_ENUM(int type, String label) {
57  this.dirType = (short) type;
58  this.label = label;
59  }
60 
66  public short getValue() {
67  return dirType;
68  }
69 
75  public String getLabel() {
76  return this.label;
77  }
78 
86  static public TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type) {
87  for (TSK_FS_NAME_TYPE_ENUM v : TSK_FS_NAME_TYPE_ENUM.values()) {
88  if (v.dirType == dir_type) {
89  return v;
90  }
91  }
92  throw new IllegalArgumentException(
93  MessageFormat.format(bundle.getString("TskData.tskFsNameTypeEnum.exception.msg1.text"), dir_type));
94  }
95  }
96 
101  public enum TSK_FS_META_TYPE_ENUM {
102 
103  TSK_FS_META_TYPE_UNDEF(0, "-"),
104  TSK_FS_META_TYPE_REG(1, "r"),
105  TSK_FS_META_TYPE_DIR(2, "d"),
106  TSK_FS_META_TYPE_FIFO(3, "p"),
107  TSK_FS_META_TYPE_CHR(4, "c"),
108  TSK_FS_META_TYPE_BLK(5, "b"),
109  TSK_FS_META_TYPE_LNK(6, "l"),
110  TSK_FS_META_TYPE_SHAD(7, "s"),
111  TSK_FS_META_TYPE_SOCK(8, "h"),
112  TSK_FS_META_TYPE_WHT(9, "w"),
113  TSK_FS_META_TYPE_VIRT(10, "v"),
114  TSK_FS_META_TYPE_VIRT_DIR(11, "v");
115 
116  private short metaType;
117  private String metaTypeStr;
118 
119  private TSK_FS_META_TYPE_ENUM(int type, String metaTypeStr) {
120  this.metaType = (short) type;
121  this.metaTypeStr = metaTypeStr;
122  }
123 
129  public short getValue() {
130  return metaType;
131  }
132 
133  @Override
134  public String toString() {
135  return metaTypeStr;
136  }
137 
138  public static TSK_FS_META_TYPE_ENUM valueOf(short metaType) {
139  for (TSK_FS_META_TYPE_ENUM type : TSK_FS_META_TYPE_ENUM.values()) {
140  if (type.getValue() == metaType) {
141  return type;
142  }
143  }
144  throw new IllegalArgumentException(
145  MessageFormat.format(bundle.getString("TskData.tskFsMetaTypeEnum.exception.msg1.text"), metaType));
146  }
147  }
148 
154  public enum TSK_FS_NAME_FLAG_ENUM {
155 
156  ALLOC(1, bundle.getString("TskData.tskFsNameFlagEnum.allocated")),
157  UNALLOC(2, bundle.getString("TskData.tskFsNameFlagEnum.unallocated"));
158 
159  private short dirFlag;
160  private String dirFlagStr;
161 
162  private TSK_FS_NAME_FLAG_ENUM(int flag, String dirFlagStr) {
163  this.dirFlag = (short) flag;
164  this.dirFlagStr = dirFlagStr;
165  }
166 
172  public short getValue() {
173  return dirFlag;
174  }
175 
176  @Override
177  public String toString() {
178  return dirFlagStr;
179  }
180 
188  public static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag) {
189  for (TSK_FS_NAME_FLAG_ENUM flag : TSK_FS_NAME_FLAG_ENUM.values()) {
190  if (flag.dirFlag == dirFlag) {
191  return flag;
192  }
193  }
194  throw new IllegalArgumentException(
195  MessageFormat.format(bundle.getString("TskData.tskFsNameFlagEnum.exception.msg1.text"), dirFlag));
196  }
197  }
198 
204  public enum TSK_FS_META_FLAG_ENUM {
205 
206  ALLOC(1, bundle.getString("TskData.tskFsMetaFlagEnum.allocated")),
207  UNALLOC(2, bundle.getString("TskData.tskFsMetaFlagEnum.unallocated")),
208  USED(4, bundle.getString("TskData.tskFsMetaFlagEnum.used")),
209  UNUSED(8, bundle.getString("TskData.tskFsMetaFlagEnum.unused")),
210  COMP(16, bundle.getString("TskData.tskFsMetaFlagEnum.compressed")),
211  ORPHAN(32, bundle.getString("TskData.tskFsMetaFlagEnum.orphan"));
212 
213  private short meta_flag;
214  private String label;
215 
216  private TSK_FS_META_FLAG_ENUM(int flag, String label) {
217  this.meta_flag = (short) flag;
218  this.label = label;
219  }
220 
226  public short getValue() {
227  return meta_flag;
228  }
229 
235  @Override
236  public String toString() {
237  return label;
238  }
239 
247  public static Set<TSK_FS_META_FLAG_ENUM> valuesOf(short metaFlags) {
248  Set<TSK_FS_META_FLAG_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_FLAG_ENUM.class);
249 
250  for (TSK_FS_META_FLAG_ENUM v : TSK_FS_META_FLAG_ENUM.values()) {
251  long flag = v.getValue();
252 
253  if ((metaFlags & flag) == flag) {
254  matchedFlags.add(v);
255  }
256  }
257 
258  return matchedFlags;
259  }
260 
261  public static short toInt(Set<TSK_FS_META_FLAG_ENUM> metaFlags) {
262  short val = 0;
263  for (TSK_FS_META_FLAG_ENUM flag : metaFlags) {
264  val |= flag.getValue();
265  }
266  return val;
267  }
268 
269  }
270 
275  public enum TSK_FS_ATTR_TYPE_ENUM {
276 
277  TSK_FS_ATTR_TYPE_NOT_FOUND(0x00), // 0
278  TSK_FS_ATTR_TYPE_DEFAULT(0x01), // 1
279  TSK_FS_ATTR_TYPE_NTFS_SI(0x10), // 16
280  TSK_FS_ATTR_TYPE_NTFS_ATTRLIST(0x20), // 32
281  TSK_FS_ATTR_TYPE_NTFS_FNAME(0x30), // 48
282  TSK_FS_ATTR_TYPE_NTFS_VVER(0x40), // 64 (NT)
283  TSK_FS_ATTR_TYPE_NTFS_OBJID(0x40), // 64 (2K)
284  TSK_FS_ATTR_TYPE_NTFS_SEC(0x50), // 80
285  TSK_FS_ATTR_TYPE_NTFS_VNAME(0x60), // 96
286  TSK_FS_ATTR_TYPE_NTFS_VINFO(0x70), // 112
287  TSK_FS_ATTR_TYPE_NTFS_DATA(0x80), // 128
288  TSK_FS_ATTR_TYPE_NTFS_IDXROOT(0x90), // 144
289  TSK_FS_ATTR_TYPE_NTFS_IDXALLOC(0xA0), // 160
290  TSK_FS_ATTR_TYPE_NTFS_BITMAP(0xB0), // 176
291  TSK_FS_ATTR_TYPE_NTFS_SYMLNK(0xC0), // 192 (NT)
292  TSK_FS_ATTR_TYPE_NTFS_REPARSE(0xC0), // 192 (2K)
293  TSK_FS_ATTR_TYPE_NTFS_EAINFO(0xD0), // 208
294  TSK_FS_ATTR_TYPE_NTFS_EA(0xE0), // 224
295  TSK_FS_ATTR_TYPE_NTFS_PROP(0xF0), // (NT)
296  TSK_FS_ATTR_TYPE_NTFS_LOG(0x100), // (2K)
297  TSK_FS_ATTR_TYPE_UNIX_INDIR(0x1001), // Indirect blocks for UFS and ExtX file systems
298 
299  // Types for HFS+ File Attributes
300  TSK_FS_ATTR_TYPE_HFS_DEFAULT(0x01), // 1 Data fork of fs special files and misc
301  TSK_FS_ATTR_TYPE_HFS_DATA(0x1100), // 4352 Data fork of regular files
302  TSK_FS_ATTR_TYPE_HFS_RSRC(0x1101), // 4353 Resource fork of regular files
303  TSK_FS_ATTR_TYPE_HFS_EXT_ATTR(0x1102), // 4354 Extended Attributes) except compression records
304  TSK_FS_ATTR_TYPE_HFS_COMP_REC(0x1103); // 4355 Compression records
305 
306  private int val;
307 
308  private TSK_FS_ATTR_TYPE_ENUM(int val) {
309  this.val = val;
310  }
311 
312  public int getValue() {
313  return val;
314  }
315 
316  public static TSK_FS_ATTR_TYPE_ENUM valueOf(int val) {
317  for (TSK_FS_ATTR_TYPE_ENUM type : TSK_FS_ATTR_TYPE_ENUM.values()) {
318  if (type.val == val) {
319  return type;
320  }
321  }
322  throw new IllegalArgumentException(
323  MessageFormat.format(bundle.getString("TskData.tskFsAttrTypeEnum.exception.msg1.text"), val));
324  }
325  };
326 
331  public enum TSK_VS_PART_FLAG_ENUM {
332 
333  TSK_VS_PART_FLAG_ALLOC(1),
334  TSK_VS_PART_FLAG_UNALLOC(2),
335  TSK_VS_PART_FLAG_META(4),
336  TSK_VS_PART_FLAG_ALL(7);
337 
338  private long vs_flag;
339 
340  private TSK_VS_PART_FLAG_ENUM(long flag) {
341  vs_flag = flag;
342  }
343 
349  public long getVsFlag() {
350  return vs_flag;
351  }
352 
353  }
354 
359  public enum TSK_FS_META_MODE_ENUM {
360  /*
361  * The following describe the file permissions
362  */
363 
364  TSK_FS_META_MODE_ISUID(0004000),
365  TSK_FS_META_MODE_ISGID(0002000),
366  TSK_FS_META_MODE_ISVTX(0001000),
367 
368  TSK_FS_META_MODE_IRUSR(0000400),
369  TSK_FS_META_MODE_IWUSR(0000200),
370  TSK_FS_META_MODE_IXUSR(0000100),
371 
372  TSK_FS_META_MODE_IRGRP(0000040),
373  TSK_FS_META_MODE_IWGRP(0000020),
374  TSK_FS_META_MODE_IXGRP(0000010),
375 
376  TSK_FS_META_MODE_IROTH(0000004),
377  TSK_FS_META_MODE_IWOTH(0000002),
378  TSK_FS_META_MODE_IXOTH(0000001);
379 
380  private short mode;
381 
382  private TSK_FS_META_MODE_ENUM(int mode) {
383  this.mode = (short) mode;
384  }
385 
391  public short getMode() {
392  return mode;
393  }
394 
403  public static Set<TSK_FS_META_MODE_ENUM> valuesOf(short modes) {
404  Set<TSK_FS_META_MODE_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_MODE_ENUM.class);
405 
406  for (TSK_FS_META_MODE_ENUM v : TSK_FS_META_MODE_ENUM.values()) {
407  long flag = v.getMode();
408 
409  if ((modes & flag) == flag) {
410  matchedFlags.add(v);
411  }
412  }
413 
414  return matchedFlags;
415  }
416 
422  public static short toInt(Set<TSK_FS_META_MODE_ENUM> modes) {
423  short modesInt = 0;
424  for (TSK_FS_META_MODE_ENUM mode : modes) {
425  modesInt |= mode.getMode();
426  }
427  return modesInt;
428  }
429  };
430 
435  public enum TSK_FS_TYPE_ENUM {
436 
437  TSK_FS_TYPE_DETECT(0x00000000, bundle.getString("TskData.tskFsTypeEnum.autoDetect")),
438  TSK_FS_TYPE_NTFS(0x00000001, "NTFS"),
439  TSK_FS_TYPE_NTFS_DETECT(0x00000001, bundle.getString("TskData.tskFsTypeEnum.NTFSautoDetect")),
440  TSK_FS_TYPE_FAT12(0x00000002, "FAT12"),
441  TSK_FS_TYPE_FAT16(0x00000004, "FAT16"),
442  TSK_FS_TYPE_FAT32(0x00000008, "FAT32"),
443  TSK_FS_TYPE_EXFAT(0x0000000A, "ExFAT"),
444  TSK_FS_TYPE_FAT_DETECT(0x0000000e, bundle.getString("TskData.tskFsTypeEnum.FATautoDetect")),
445  TSK_FS_TYPE_FFS1(0x00000010, "UFS1"),
446  TSK_FS_TYPE_FFS1B(0x00000020, "UFS1b"),
447  TSK_FS_TYPE_FFS2(0x00000040, "UFS2"),
448  TSK_FS_TYPE_FFS_DETECT(0x00000070, "UFS"),
449  TSK_FS_TYPE_EXT2(0x00000080, "Ext2"),
450  TSK_FS_TYPE_EXT3(0x00000100, "Ext3"),
451  TSK_FS_TYPE_EXT_DETECT(0x00000180, bundle.getString("TskData.tskFsTypeEnum.ExtXautoDetect")),
452  TSK_FS_TYPE_SWAP(0x00000200, "SWAP"),
453  TSK_FS_TYPE_SWAP_DETECT(0x00000200, bundle.getString("TskData.tskFsTypeEnum.SWAPautoDetect")),
454  TSK_FS_TYPE_RAW(0x00000400, "RAW"),
455  TSK_FS_TYPE_RAW_DETECT(0x00000400, bundle.getString("TskData.tskFsTypeEnum.RAWautoDetect")),
456  TSK_FS_TYPE_ISO9660(0x00000800, "ISO9660"),
457  TSK_FS_TYPE_ISO9660_DETECT(0x00000800, bundle.getString("TskData.tskFsTypeEnum.ISO9660autoDetect")),
458  TSK_FS_TYPE_HFS(0x00001000, "HFS"),
459  TSK_FS_TYPE_HFS_DETECT(0x00001000, bundle.getString("TskData.tskFsTypeEnum.HFSautoDetect")),
460  TSK_FS_TYPE_EXT4(0x00002000, "Ext4"),
461  TSK_FS_TYPE_YAFFS2(0x00004000, "YAFFS2"),
462  TSK_FS_TYPE_YAFFS2_DETECT(0x00004000, bundle.getString("TskData.tskFsTypeEnum.YAFFS2autoDetect")),
463  TSK_FS_TYPE_APFS(0x00010000, "APFS"),
464  TSK_FS_TYPE_APFS_DETECT(0x00010000, bundle.getString("TskData.tskFsTypeEnum.APFSautoDetect")),
465  TSK_FS_TYPE_LOGICAL(0x00020000, "Logical"),
466  TSK_FS_TYPE_UNSUPP(0xffffffff, bundle.getString("TskData.tskFsTypeEnum.unsupported"));
467 
468  private int value;
469  private String displayName;
470 
471  private TSK_FS_TYPE_ENUM(int value, String displayName) {
472  this.value = value;
473  this.displayName = displayName;
474  }
475 
481  public int getValue() {
482  return value;
483  }
484 
490  public String getDisplayName() {
491  return displayName;
492  }
493 
502  public static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue) {
503  for (TSK_FS_TYPE_ENUM type : TSK_FS_TYPE_ENUM.values()) {
504  if (type.value == fsTypeValue) {
505  return type;
506  }
507  }
508  throw new IllegalArgumentException(
509  MessageFormat.format(bundle.getString("TskData.tskFsTypeEnum.exception.msg1.text"), fsTypeValue));
510  }
511 
512  };
513 
518  public enum TSK_IMG_TYPE_ENUM {
519 
520  TSK_IMG_TYPE_DETECT(0, bundle.getString("TskData.tskImgTypeEnum.autoDetect")), // Auto Detection
521  TSK_IMG_TYPE_RAW_SING(1, bundle.getString("TskData.tskImgTypeEnum.rawSingle")), // Single raw file (dd)
522  TSK_IMG_TYPE_RAW_SPLIT(2, bundle.getString("TskData.tskImgTypeEnum.rawSplit")), // Split raw files
523  TSK_IMG_TYPE_AFF_AFF(4, "AFF"), // Advanced Forensic Format NON-NLS
524  TSK_IMG_TYPE_AFF_AFD(8, "AFD"), // AFF Multiple File NON-NLS
525  TSK_IMG_TYPE_AFF_AFM(16, "AFM"), // AFF with external metadata NON-NLS
526  TSK_IMG_TYPE_AFF_ANY(32, "AFF"), // All AFFLIB image formats (including beta ones) NON-NLS
527  TSK_IMG_TYPE_EWF_EWF(64, "E01"), // Expert Witness format (encase) NON-NLS
528  TSK_IMG_TYPE_VMDK_VMDK(128, "VMDK"), // VMware Virtual Disk (VMDK) NON-NLS
529  TSK_IMG_TYPE_VHD_VHD(256, "VHD"), // Virtual Hard Disk (VHD) image format NON-NLS
530  TSK_IMG_TYPE_POOL_POOL(16384, "POOL"), // Pool (internal use) NON-NLS
531  TSK_IMG_TYPE_LOGICAL(32768, "Logical"),
532  TSK_IMG_TYPE_UNSUPP(65535, bundle.getString("TskData.tskImgTypeEnum.unknown")); // Unsupported Image Type
533 
534  private long imgType;
535  private String name;
536 
537  private TSK_IMG_TYPE_ENUM(long type, String name) {
538  this.imgType = type;
539  this.name = name;
540  }
541 
542  public static TSK_IMG_TYPE_ENUM valueOf(long imgType) {
543  for (TSK_IMG_TYPE_ENUM type : TSK_IMG_TYPE_ENUM.values()) {
544  if (type.getValue() == imgType) {
545  return type;
546  }
547  }
548  throw new IllegalArgumentException(
549  MessageFormat.format(bundle.getString("TskData.tskImgTypeEnum.exception.msg1.text"), imgType));
550  }
551 
557  public long getValue() {
558  return imgType;
559  }
560 
566  public String getName() {
567  return name;
568  }
569  };
570 
575  public enum TSK_VS_TYPE_ENUM {
576 
577  TSK_VS_TYPE_DETECT(0x0000, bundle.getString("TskData.tskVSTypeEnum.autoDetect")),
578  TSK_VS_TYPE_DOS(0x0001, "DOS"),
579  TSK_VS_TYPE_BSD(0x0002, "BSD"),
580  TSK_VS_TYPE_SUN(0x0004, "SUN VTOC"),
581  TSK_VS_TYPE_MAC(0x0008, "Mac"),
582  TSK_VS_TYPE_GPT(0x0010, "GPT"),
583  TSK_VS_TYPE_APFS(0x0020, "APFS"),
584  TSK_VS_TYPE_DBFILLER(0x00F0, bundle.getString("TskData.tskVSTypeEnum.fake")),
585  TSK_VS_TYPE_UNSUPP(0xFFFF, bundle.getString("TskData.tskVSTypeEnum.unsupported"));
586 
587  private long vsType;
588  private String name;
589 
590  private TSK_VS_TYPE_ENUM(long type, String name) {
591  this.vsType = type;
592  this.name = name;
593  }
594 
595  public static TSK_VS_TYPE_ENUM valueOf(long vsType) {
596  for (TSK_VS_TYPE_ENUM type : TSK_VS_TYPE_ENUM.values()) {
597  if (type.getVsType() == vsType) {
598  return type;
599  }
600  }
601  throw new IllegalArgumentException(
602  MessageFormat.format(bundle.getString("TskData.tskVSTypeEnum.exception.msg1.text"), vsType));
603  }
604 
610  public long getVsType() {
611  return vsType;
612  }
613 
619  public String getName() {
620  return name;
621  }
622  };
623 
628  public enum ObjectType {
629 
630  IMG(0, bundle.getString("TskData.ObjectType.IMG.name")),
631  VS(1, bundle.getString("TskData.ObjectType.VS.name")),
632  VOL(2, bundle.getString("TskData.ObjectType.VOL.name")),
633  FS(3, bundle.getString("TskData.ObjectType.FS.name")),
634  ABSTRACTFILE(4, bundle.getString("TskData.ObjectType.AbstractFile.name")),
635  ARTIFACT(5, bundle.getString("TskData.ObjectType.Artifact.name")),
636  REPORT(6, bundle.getString("TskData.ObjectType.Report.name")),
637  POOL(7, bundle.getString("TskData.ObjectType.Pool.name")),
638  OS_ACCOUNT(8, bundle.getString("TskData.ObjectType.OsAccount.name")),
639  HOST_ADDRESS(9, bundle.getString("TskData.ObjectType.HostAddress.name")),
640  UNSUPPORTED(-1, bundle.getString("TskData.ObjectType.Unsupported.name"))
641  ;
642  private final short objectType;
643  private final String displayName;
644 
645  private ObjectType(int objectType, String displayName) {
646  this.objectType = (short) objectType;
647  this.displayName = displayName;
648  }
649 
655  public short getObjectType() {
656  return objectType;
657  }
658 
659  @Override
660  public String toString() {
661  return displayName;
662  }
663 
671  public static ObjectType valueOf(short objectType) {
672  for (ObjectType v : ObjectType.values()) {
673  if (v.objectType == objectType) {
674  return v;
675  }
676  }
677  return UNSUPPORTED;
678  }
679  }
680 
685  public enum TSK_DB_FILES_TYPE_ENUM {
686 
687  FS(0, "File System"),
688  CARVED(1, "Carved"),
689  DERIVED(2, "Derived"),
690  LOCAL(3, "Local"),
691  UNALLOC_BLOCKS(4, "Unallocated Blocks"),
692  UNUSED_BLOCKS(5, "Unused Blocks"),
693  VIRTUAL_DIR(6, "Virtual Directory"),
694  SLACK(7, "Slack"),
695  LOCAL_DIR(8, "Local Directory"),
696  LAYOUT_FILE(9, "Layout File"),
697  ;
698 
699  private final short fileType;
700  private final String name;
701 
702  private TSK_DB_FILES_TYPE_ENUM(int fileType, String name) {
703  this.fileType = (short) fileType;
704  this.name = name;
705  }
706 
714  public static TSK_DB_FILES_TYPE_ENUM valueOf(short fileType) {
715  for (TSK_DB_FILES_TYPE_ENUM type : TSK_DB_FILES_TYPE_ENUM.values()) {
716  if (type.fileType == fileType) {
717  return type;
718  }
719  }
720  throw new IllegalArgumentException(
721  MessageFormat.format(bundle.getString("TskData.tskDbFilesTypeEnum.exception.msg1.text"), fileType));
722  }
723 
729  public short getFileType() {
730  return fileType;
731  }
732 
733  public String getName() {
734  return name;
735  }
736  }
737 
742  public enum TSK_POOL_TYPE_ENUM {
743  TSK_POOL_TYPE_DETECT(0, "Auto detect"),
744  TSK_POOL_TYPE_APFS(1, "APFS Pool"),
745  TSK_POOL_TYPE_UNSUPP(0xffff, "Unsupported")
746  ;
747 
748  private final short poolType;
749  private final String name;
750 
751  TSK_POOL_TYPE_ENUM(int poolType, String name) {
752  this.poolType = (short) poolType;
753  this.name = name;
754  }
755 
763  public static TSK_POOL_TYPE_ENUM valueOf(long poolType) {
764  for (TSK_POOL_TYPE_ENUM type : TSK_POOL_TYPE_ENUM.values()) {
765  if (type.poolType == poolType) {
766  return type;
767  }
768  }
769  throw new IllegalArgumentException(
770  MessageFormat.format(bundle.getString("TskData.tskDbFilesTypeEnum.exception.msg1.text"), poolType)); // TODO
771  }
772 
778  public short getValue() {
779  return poolType;
780  }
781 
782  public String getName() {
783  return name;
784  }
785  }
786 
791  public enum FileKnown {
792 
793  UNKNOWN(0, bundle.getString("TskData.fileKnown.unknown")),
794  KNOWN(1, bundle.getString("TskData.fileKnown.known")),
795  BAD(2, bundle.getString("TskData.fileKnown.knownBad"));
796 
797  private byte known;
798  private String name;
799 
800  private FileKnown(int known, String name) {
801  this.known = (byte) known;
802  this.name = name;
803  }
804 
812  public static FileKnown valueOf(byte known) {
813  for (FileKnown v : FileKnown.values()) {
814  if (v.known == known) {
815  return v;
816  }
817  }
818  throw new IllegalArgumentException(
819  MessageFormat.format(bundle.getString("TskData.fileKnown.exception.msg1.text"), known));
820  }
821 
822  public String getName() {
823  return this.name;
824  }
825 
831  public byte getFileKnownValue() {
832  return this.known;
833  }
834  }
835 
840  public enum DbType {
841 
842  // Add any additional remote database types here, and keep it in sync
843  // with the Sleuthkit version of this enum located at:
844  // sleuthkit/tsk/auto/db_connection_info.h
845  // Be sure to add to settingsValid() if you add a type here.
846  SQLITE(0),
847  POSTGRESQL(1);
848 
849  private int value;
850 
851  DbType(int val) {
852  this.value = val;
853  }
854 
855  public int getValue() {
856  return this.value;
857  }
858  }
859 
867  public enum EncodingType{
868  // Update EncodedFileUtil.java to handle any new types
869  NONE(0),
870  XOR1(1);
871 
872  private final int type;
873 
874  private EncodingType(int type){
875  this.type = type;
876  }
877 
878  public int getType(){
879  return type;
880  }
881 
882  public static EncodingType valueOf(int type) {
883  for (EncodingType v : EncodingType.values()) {
884  if (v.type == type) {
885  return v;
886  }
887  }
888  throw new IllegalArgumentException(
889  MessageFormat.format(bundle.getString("TskData.encodingType.exception.msg1.text"), type));
890  }
891  }
892 
896  public enum KeywordSearchQueryType {
897  LITERAL(0),
898  SUBSTRING(1),
899  REGEX(2);
900 
901  private final int type;
902 
903  private KeywordSearchQueryType(int type){
904  this.type = type;
905  }
906 
907  public int getType(){
908  return type;
909  }
910 
911  public static KeywordSearchQueryType valueOf(int type) {
912  for (KeywordSearchQueryType v : KeywordSearchQueryType.values()) {
913  if (v.type == type) {
914  return v;
915  }
916  }
917  throw new IllegalArgumentException(
918  MessageFormat.format(bundle.getString("TskData.keywordSearchQueryType.exception.msg1.text"), type));
919  }
920  };
921 
922 
923 }
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SING
TSK_IMG_TYPE_RAW_SING
Definition: TskData.java:521
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT
VIRT
Special (TSK added "Virtual" files) NON-NLS.
Definition: TskData.java:50
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_OBJID
TSK_FS_ATTR_TYPE_NTFS_OBJID
Definition: TskData.java:283
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS
FS
File that can be found in file system tree.
Definition: TskData.java:687
org.sleuthkit.datamodel.TskData.FileKnown.valueOf
static FileKnown valueOf(byte known)
Definition: TskData.java:812
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_ENUM
TSK_POOL_TYPE_ENUM(int poolType, String name)
Definition: TskData.java:751
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF
TSK_FS_META_TYPE_UNDEF
Definition: TskData.java:103
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL
TSK_VS_PART_FLAG_ALL
Show all sectors in the walk.
Definition: TskData.java:336
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_EAINFO
TSK_FS_ATTR_TYPE_NTFS_EAINFO
Definition: TskData.java:293
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_BSD
TSK_VS_TYPE_BSD
BSD Partition table NON-NLS.
Definition: TskData.java:579
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.getValue
int getValue()
Definition: TskData.java:481
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.getName
String getName()
Definition: TskData.java:782
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_EA
TSK_FS_ATTR_TYPE_NTFS_EA
Definition: TskData.java:294
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_WHT
TSK_FS_META_TYPE_WHT
Whiteout NON-NLS.
Definition: TskData.java:112
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT_DETECT
TSK_FS_TYPE_EXT_DETECT
ExtX auto detection.
Definition: TskData.java:451
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_MAC
TSK_VS_TYPE_MAC
Mac partition table NON-NLS.
Definition: TskData.java:581
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VNAME
TSK_FS_ATTR_TYPE_NTFS_VNAME
Definition: TskData.java:285
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.label
String label
Definition: TskData.java:54
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.valuesOf
static Set< TSK_FS_META_FLAG_ENUM > valuesOf(short metaFlags)
Definition: TskData.java:247
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DBFILLER
TSK_VS_TYPE_DBFILLER
fake partition table type for loaddb (for images that do not have a volume system) ...
Definition: TskData.java:584
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNUSED
UNUSED
Metadata structure has never been allocated.
Definition: TskData.java:209
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT3
TSK_FS_TYPE_EXT3
Ext3 file system.
Definition: TskData.java:450
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_DEFAULT
TSK_FS_ATTR_TYPE_DEFAULT
Definition: TskData.java:278
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SPLIT
TSK_IMG_TYPE_RAW_SPLIT
Definition: TskData.java:522
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC
ALLOC
Metadata structure is currently in an allocated state.
Definition: TskData.java:206
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VINFO
TSK_FS_ATTR_TYPE_NTFS_VINFO
Definition: TskData.java:286
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.getName
String getName()
Definition: TskData.java:566
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC
TSK_VS_PART_FLAG_ALLOC
Sectors are allocated to a volume in the volume system.
Definition: TskData.java:333
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue
short getValue()
Definition: TskData.java:129
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_NTFS_DETECT
TSK_FS_TYPE_NTFS_DETECT
NTFS auto detection.
Definition: TskData.java:439
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.valueOf
static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue)
Definition: TskData.java:502
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_NTFS
TSK_FS_TYPE_NTFS
NTFS file system.
Definition: TskData.java:438
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR
TSK_FS_META_TYPE_DIR
Directory file NON-NLS.
Definition: TskData.java:105
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_SHAD
TSK_FS_META_TYPE_SHAD
SOLARIS ONLY NON-NLS.
Definition: TskData.java:110
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR
DIR
Directory NON-NLS.
Definition: TskData.java:43
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_DETECT
TSK_IMG_TYPE_DETECT
Definition: TskData.java:520
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX
TSK_FS_META_MODE_ISVTX
sticky bit
Definition: TskData.java:366
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_SUN
TSK_VS_TYPE_SUN
Sun VTOC NON-NLS.
Definition: TskData.java:580
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM
Definition: TskData.java:38
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.getVsFlag
long getVsFlag()
Definition: TskData.java:349
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC
UNALLOC
Metadata structure is currently in an unallocated state.
Definition: TskData.java:207
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_EXT_ATTR
TSK_FS_ATTR_TYPE_HFS_EXT_ATTR
Definition: TskData.java:303
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT32
TSK_FS_TYPE_FAT32
FAT32 file system.
Definition: TskData.java:442
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM
Definition: TskData.java:359
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM
Definition: TskData.java:204
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_VMDK_VMDK
TSK_IMG_TYPE_VMDK_VMDK
Definition: TskData.java:528
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.valueOf
static TSK_FS_META_TYPE_ENUM valueOf(short metaType)
Definition: TskData.java:138
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_LOGICAL
TSK_IMG_TYPE_LOGICAL
Definition: TskData.java:531
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH
TSK_FS_META_MODE_IXOTH
X for other.
Definition: TskData.java:378
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.LNK
LNK
Symbolic link NON-NLS.
Definition: TskData.java:46
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR
TSK_FS_META_TYPE_VIRT_DIR
"Virtual Directory" created by TSK for Orphan Files NON-NLS
Definition: TskData.java:114
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_ATTRLIST
TSK_FS_ATTR_TYPE_NTFS_ATTRLIST
Definition: TskData.java:280
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.COMP
COMP
The file contents are compressed.
Definition: TskData.java:210
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID
TSK_FS_META_MODE_ISUID
set user id on execution
Definition: TskData.java:364
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS
TSK_VS_TYPE_APFS
APFS pool NON-NLS.
Definition: TskData.java:583
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_HFS_DETECT
TSK_FS_TYPE_HFS_DETECT
HFS auto detection.
Definition: TskData.java:459
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP
TSK_FS_META_MODE_IXGRP
X for group.
Definition: TskData.java:374
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT12
TSK_FS_TYPE_FAT12
FAT12 file system.
Definition: TskData.java:440
org.sleuthkit.datamodel.TskData.ObjectType.HOST_ADDRESS
HOST_ADDRESS
Host Address - see tsk_host_addresses for more details.
Definition: TskData.java:639
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE
LAYOUT_FILE
Set of blocks from an image that have been designated as a file.
Definition: TskData.java:696
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_YAFFS2_DETECT
TSK_FS_TYPE_YAFFS2_DETECT
YAFFS2 auto detection.
Definition: TskData.java:462
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH
TSK_FS_META_MODE_IWOTH
W for other.
Definition: TskData.java:377
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.WHT
WHT
Whiteout (openbsd) NON-NLS.
Definition: TskData.java:49
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP
TSK_FS_META_MODE_IRGRP
R for group.
Definition: TskData.java:372
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META
TSK_VS_PART_FLAG_META
Sectors contain volume system metadata and could also be ALLOC or UNALLOC.
Definition: TskData.java:335
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_COMP_REC
TSK_FS_ATTR_TYPE_HFS_COMP_REC
Definition: TskData.java:304
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS1B
TSK_FS_TYPE_FFS1B
UFS1b (Solaris - has no type)
Definition: TskData.java:446
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.SLACK
SLACK
Slack space for a single file.
Definition: TskData.java:694
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFF
TSK_IMG_TYPE_AFF_AFF
Definition: TskData.java:523
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_REPARSE
TSK_FS_ATTR_TYPE_NTFS_REPARSE
Definition: TskData.java:292
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS1
TSK_FS_TYPE_FFS1
UFS1 (FreeBSD, OpenBSD, BSDI ...)
Definition: TskData.java:445
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SI
TSK_FS_ATTR_TYPE_NTFS_SI
Definition: TskData.java:279
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_IDXROOT
TSK_FS_ATTR_TYPE_NTFS_IDXROOT
Definition: TskData.java:288
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf
static TSK_FS_ATTR_TYPE_ENUM valueOf(int val)
Definition: TskData.java:316
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM
Definition: TskData.java:154
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL
LOCAL
Local file that was added (not from a disk image)
Definition: TskData.java:690
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR
TSK_FS_META_MODE_IWUSR
W for owner.
Definition: TskData.java:369
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_UNSUPP
TSK_VS_TYPE_UNSUPP
Unsupported.
Definition: TskData.java:585
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_SWAP_DETECT
TSK_FS_TYPE_SWAP_DETECT
SWAP auto detection.
Definition: TskData.java:453
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_CHR
TSK_FS_META_TYPE_CHR
Character device NON-NLS.
Definition: TskData.java:107
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.valueOf
static TSK_POOL_TYPE_ENUM valueOf(long poolType)
Definition: TskData.java:763
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_APFS
TSK_POOL_TYPE_APFS
APFS Pooled Volumes.
Definition: TskData.java:744
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM
Definition: TskData.java:275
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_APFS_DETECT
TSK_FS_TYPE_APFS_DETECT
APFS auto detection.
Definition: TskData.java:464
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_LOGICAL
TSK_FS_TYPE_LOGICAL
Definition: TskData.java:465
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED
CARVED
Set of blocks for a file found from carving. Could be on top of a TSK_DB_FILES_TYPE_UNALLOC_BLOCKS ra...
Definition: TskData.java:688
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.valueOf
static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag)
Definition: TskData.java:188
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.getDisplayName
String getDisplayName()
Definition: TskData.java:490
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_ISO9660_DETECT
TSK_FS_TYPE_ISO9660_DETECT
ISO9660 auto detection.
Definition: TskData.java:457
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_DATA
TSK_FS_ATTR_TYPE_HFS_DATA
Definition: TskData.java:301
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.SOCK
SOCK
Socket NON-NLS.
Definition: TskData.java:47
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.getValue
short getValue()
Definition: TskData.java:226
org.sleuthkit.datamodel.TskData.ObjectType.FS
FS
File System - see tsk_fs_info for more details.
Definition: TskData.java:633
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_SWAP
TSK_FS_TYPE_SWAP
SWAP file system.
Definition: TskData.java:452
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH
TSK_FS_META_MODE_IROTH
R for other.
Definition: TskData.java:376
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_POOL_POOL
TSK_IMG_TYPE_POOL_POOL
Definition: TskData.java:530
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_UNSUPP
TSK_FS_TYPE_UNSUPP
Unsupported file system.
Definition: TskData.java:466
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_RAW
TSK_FS_TYPE_RAW
RAW file system.
Definition: TskData.java:454
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXFAT
TSK_FS_TYPE_EXFAT
ExFAT file system.
Definition: TskData.java:443
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED
USED
Metadata structure has been allocated at least once.
Definition: TskData.java:208
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM
Definition: TskData.java:331
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.getVsType
long getVsType()
Definition: TskData.java:610
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR
VIRT_DIR
Special (TSK added "Virtual" directories) NON-NLS.
Definition: TskData.java:51
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_UNSUPP
TSK_IMG_TYPE_UNSUPP
Logical directory.
Definition: TskData.java:532
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR
LOCAL_DIR
Local directory that was added (not from a disk image)
Definition: TskData.java:695
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_VHD_VHD
TSK_IMG_TYPE_VHD_VHD
Definition: TskData.java:529
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT_DETECT
TSK_FS_TYPE_FAT_DETECT
FAT auto detection.
Definition: TskData.java:444
org.sleuthkit.datamodel.TskData.ObjectType.VOL
VOL
Volume - see tsk_vs_parts for more details.
Definition: TskData.java:632
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFD
TSK_IMG_TYPE_AFF_AFD
Definition: TskData.java:524
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_IDXALLOC
TSK_FS_ATTR_TYPE_NTFS_IDXALLOC
Definition: TskData.java:289
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.getMode
short getMode()
Definition: TskData.java:391
org.sleuthkit.datamodel.TskData.EncodingType.valueOf
static EncodingType valueOf(int type)
Definition: TskData.java:882
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFM
TSK_IMG_TYPE_AFF_AFM
Definition: TskData.java:525
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_BITMAP
TSK_FS_ATTR_TYPE_NTFS_BITMAP
Definition: TskData.java:290
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_RAW_DETECT
TSK_FS_TYPE_RAW_DETECT
RAW auto detection.
Definition: TskData.java:455
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT
TSK_FS_META_TYPE_VIRT
"Virtual File" created by TSK for file system areas NON-NLS
Definition: TskData.java:113
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_GPT
TSK_VS_TYPE_GPT
GPT partition table NON-NLS.
Definition: TskData.java:582
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR
TSK_FS_META_MODE_IRUSR
R for owner.
Definition: TskData.java:368
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.BLK
BLK
Block device NON-NLS.
Definition: TskData.java:44
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_DETECT
TSK_FS_TYPE_DETECT
Use autodetection methods.
Definition: TskData.java:437
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_DEFAULT
TSK_FS_ATTR_TYPE_HFS_DEFAULT
Definition: TskData.java:300
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.valueOf
static TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type)
Definition: TskData.java:86
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_ANY
TSK_IMG_TYPE_AFF_ANY
Definition: TskData.java:526
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.CHR
CHR
Character device NON-NLS.
Definition: TskData.java:42
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_APFS
TSK_FS_TYPE_APFS
APFS file system.
Definition: TskData.java:463
org.sleuthkit.datamodel.TskData.ObjectType.REPORT
REPORT
Artifact - see blackboard_artifacts for more details.
Definition: TskData.java:636
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.SHAD
SHAD
Shadow inode (solaris) NON-NLS.
Definition: TskData.java:48
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.toInt
static short toInt(Set< TSK_FS_META_MODE_ENUM > modes)
Definition: TskData.java:422
org.sleuthkit.datamodel.TskData.FileKnown.BAD
BAD
File marked as known and bad/notable/interesting by hash db.
Definition: TskData.java:795
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED
DERIVED
File derived from a parent file (i.e. from ZIP)
Definition: TskData.java:689
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT2
TSK_FS_TYPE_EXT2
Ext2 file system.
Definition: TskData.java:449
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_LOG
TSK_FS_ATTR_TYPE_NTFS_LOG
Definition: TskData.java:296
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM
Definition: TskData.java:575
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_UNIX_INDIR
TSK_FS_ATTR_TYPE_UNIX_INDIR
Definition: TskData.java:297
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_HFS
TSK_FS_TYPE_HFS
HFS file system.
Definition: TskData.java:458
org.sleuthkit.datamodel.TskData.ObjectType.OS_ACCOUNT
OS_ACCOUNT
OS Account - see tsk_os_accounts for more details.
Definition: TskData.java:638
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.FIFO
FIFO
Named pipe NON-NLS.
Definition: TskData.java:41
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_EWF_EWF
TSK_IMG_TYPE_EWF_EWF
Definition: TskData.java:527
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.toString
String toString()
Definition: TskData.java:177
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM
Definition: TskData.java:101
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.valueOf
static TSK_DB_FILES_TYPE_ENUM valueOf(short fileType)
Definition: TskData.java:714
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_BLK
TSK_FS_META_TYPE_BLK
Block device NON-NLS.
Definition: TskData.java:108
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.getValue
short getValue()
Definition: TskData.java:778
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT4
TSK_FS_TYPE_EXT4
Ext4 file system.
Definition: TskData.java:460
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_PROP
TSK_FS_ATTR_TYPE_NTFS_PROP
Definition: TskData.java:295
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.toInt
static short toInt(Set< TSK_FS_META_FLAG_ENUM > metaFlags)
Definition: TskData.java:261
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_RSRC
TSK_FS_ATTR_TYPE_HFS_RSRC
Definition: TskData.java:302
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.toString
String toString()
Definition: TskData.java:236
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.valueOf
static TSK_IMG_TYPE_ENUM valueOf(long imgType)
Definition: TskData.java:542
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_YAFFS2
TSK_FS_TYPE_YAFFS2
YAFFS2 file system.
Definition: TskData.java:461
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS
UNALLOC_BLOCKS
Set of blocks not allocated by file system. Parent should be image, volume, or file system...
Definition: TskData.java:691
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_SOCK
TSK_FS_META_TYPE_SOCK
UNIX domain socket NON-NLS.
Definition: TskData.java:111
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue
short getValue()
Definition: TskData.java:172
org.sleuthkit.datamodel.TskData.ObjectType.valueOf
static ObjectType valueOf(short objectType)
Definition: TskData.java:671
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG
REG
Regular file NON-NLS.
Definition: TskData.java:45
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_DETECT
TSK_POOL_TYPE_DETECT
Use autodetection methods.
Definition: TskData.java:743
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_FIFO
TSK_FS_META_TYPE_FIFO
Named pipe (fifo) NON-NLS.
Definition: TskData.java:106
org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN
UNKNOWN
File marked as unknown by hash db.
Definition: TskData.java:793
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.valuesOf
static Set< TSK_FS_META_MODE_ENUM > valuesOf(short modes)
Definition: TskData.java:403
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString
String toString()
Definition: TskData.java:134
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_LNK
TSK_FS_META_TYPE_LNK
Symbolic link NON-NLS.
Definition: TskData.java:109
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.getValue
long getValue()
Definition: TskData.java:557
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.getName
String getName()
Definition: TskData.java:733
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DETECT
TSK_VS_TYPE_DETECT
Use autodetection methods.
Definition: TskData.java:577
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SEC
TSK_FS_ATTR_TYPE_NTFS_SEC
Definition: TskData.java:284
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT16
TSK_FS_TYPE_FAT16
FAT16 file system.
Definition: TskData.java:441
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS_DETECT
TSK_FS_TYPE_FFS_DETECT
UFS auto detection.
Definition: TskData.java:448
org.sleuthkit.datamodel.TskData.KeywordSearchQueryType.valueOf
static KeywordSearchQueryType valueOf(int type)
Definition: TskData.java:911
org.sleuthkit.datamodel.TskData.FileKnown.KNOWN
KNOWN
File marked as a known by hash db.
Definition: TskData.java:794
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_DATA
TSK_FS_ATTR_TYPE_NTFS_DATA
Definition: TskData.java:287
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM
Definition: TskData.java:435
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP
TSK_FS_META_MODE_IWGRP
W for group.
Definition: TskData.java:373
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC
ALLOC
Name is in an allocated state.
Definition: TskData.java:156
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR
VIRTUAL_DIR
Virtual directory (not on fs) with no meta-data entry that can be used to group files of types other ...
Definition: TskData.java:693
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC
TSK_VS_PART_FLAG_UNALLOC
Sectors are not allocated to a volume.
Definition: TskData.java:334
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.UNDEF
UNDEF
Unknown type.
Definition: TskData.java:40
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue
short getValue()
Definition: TskData.java:66
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_FNAME
TSK_FS_ATTR_TYPE_NTFS_FNAME
Definition: TskData.java:281
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.valueOf
static TSK_VS_TYPE_ENUM valueOf(long vsType)
Definition: TskData.java:595
org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE
ABSTRACTFILE
File - see tsk_files for more details.
Definition: TskData.java:634
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SYMLNK
TSK_FS_ATTR_TYPE_NTFS_SYMLNK
Definition: TskData.java:291
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_ISO9660
TSK_FS_TYPE_ISO9660
ISO9660 file system.
Definition: TskData.java:456
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.getFileType
short getFileType()
Definition: TskData.java:729
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.getName
String getName()
Definition: TskData.java:619
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DOS
TSK_VS_TYPE_DOS
DOS Partition table NON-NLS.
Definition: TskData.java:578
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG
TSK_FS_META_TYPE_REG
Regular file NON-NLS.
Definition: TskData.java:104
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getLabel
String getLabel()
Definition: TskData.java:75
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM
Definition: TskData.java:518
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NOT_FOUND
TSK_FS_ATTR_TYPE_NOT_FOUND
Definition: TskData.java:277
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID
TSK_FS_META_MODE_ISGID
set group id on execution
Definition: TskData.java:365
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ORPHAN
ORPHAN
Return only metadata structures that have no file name pointing to the (inode_walk flag only) ...
Definition: TskData.java:211
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM
Definition: TskData.java:742
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS2
TSK_FS_TYPE_FFS2
UFS2 - FreeBSD, NetBSD.
Definition: TskData.java:447
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR
TSK_FS_META_MODE_IXUSR
X for owner.
Definition: TskData.java:370
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS
UNUSED_BLOCKS
Set of blocks that are unallocated AND not used by a carved or other file type. Parent should be UNAL...
Definition: TskData.java:692
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM
Definition: TskData.java:685
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.getValue
int getValue()
Definition: TskData.java:312
org.sleuthkit.datamodel.TskData.ObjectType.VS
VS
Volume System - see tsk_vs_info for more details.
Definition: TskData.java:631
org.sleuthkit.datamodel.TskData.ObjectType.IMG
IMG
Disk Image - see tsk_image_info for more details.
Definition: TskData.java:630
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC
UNALLOC
Name is in an unallocated state.
Definition: TskData.java:157
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VVER
TSK_FS_ATTR_TYPE_NTFS_VVER
Definition: TskData.java:282

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.