|
Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractContent.
Inherited by org.sleuthkit.datamodel.DerivedFile, org.sleuthkit.datamodel.FsContent, org.sleuthkit.datamodel.LayoutFile, org.sleuthkit.datamodel.LocalFile, and org.sleuthkit.datamodel.SpecialDirectory.
Classes | |
| enum | MimeMatchEnum |
Public Member Functions | |
| void | addAttributes (Collection< Attribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException |
| boolean | canRead () |
| void | close () |
| long | convertToImgOffset (long fileOffset) throws TskCoreException |
| List< TskFileRange > | convertToImgRanges (long fileOffset, long length) throws TskCoreException |
| boolean | exists () |
| long | getAtime () |
| String | getAtimeAsDate () |
| int | getAttributeId () |
| List< Attribute > | getAttributes () throws TskCoreException |
| short | getAttrId () |
| TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
| long | getCrtime () |
| String | getCrtimeAsDate () |
| long | getCtime () |
| String | getCtimeAsDate () |
| Content | getDataSource () throws TskCoreException |
| long | getDataSourceObjectId () |
| String | getDirFlagAsString () |
| TSK_FS_NAME_TYPE_ENUM | getDirType () |
| String | getDirTypeAsString () |
| FileSystem | getFileSystem () throws TskCoreException |
| Optional< Long > | getFileSystemObjectId () |
| int | getGid () |
| TskData.FileKnown | getKnown () |
| String | getLocalAbsPath () |
| String | getLocalPath () |
| String | getMd5Hash () |
| long | getMetaAddr () |
| String | getMetaFlagsAsString () |
| long | getMetaSeq () |
| TSK_FS_META_TYPE_ENUM | getMetaType () |
| String | getMetaTypeAsString () |
| String | getMIMEType () |
| String | getModesAsString () |
| long | getMtime () |
| String | getMtimeAsDate () |
| String | getNameExtension () |
| Optional< Long > | getOsAccountObjectId () |
| Optional< String > | getOwnerUid () |
| String | getParentPath () |
| List< TskFileRange > | getRanges () throws TskCoreException |
| String | getSha1Hash () |
| String | getSha256Hash () |
| long | getSize () |
| TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
| int | getUid () |
| String | getUniquePath () throws TskCoreException |
| boolean | hasFileSystem () |
| boolean | isDir () |
| boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
| boolean | isFile () |
| boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
| MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
| boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
| abstract boolean | isRoot () |
| boolean | isVirtual () |
| List< AbstractFile > | listFiles () throws TskCoreException |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| final int | read (byte[] buf, long offset, long len) throws TskCoreException |
| void | save () throws TskCoreException |
| void | save (CaseDbTransaction transaction) throws TskCoreException |
| void | setKnown (TskData.FileKnown knownState) |
| void | setMd5Hash (String md5Hash) |
| void | setMIMEType (String mimeType) |
| void | setSha1Hash (String sha1Hash) |
| void | setSha256Hash (String sha256Hash) |
| String | toString (boolean preserveState) |
 Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| boolean | equals (Object obj) |
| Score | getAggregateScore () throws TskCoreException |
| List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
| ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
| long | getAllArtifactsCount () throws TskCoreException |
| List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
| List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
| long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
| long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
| List< Content > | getChildren () throws TskCoreException |
| int | getChildrenCount () throws TskCoreException |
| List< Long > | getChildrenIds () throws TskCoreException |
| Content | getDataSource () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
| Set< String > | getHashSetNames () throws TskCoreException |
| long | getId () |
| String | getName () |
| Content | getParent () throws TskCoreException |
| Optional< Long > | getParentId () throws TskCoreException |
| SleuthkitCase | getSleuthkitCase () |
| String | getUniquePath () throws TskCoreException |
| boolean | hasChildren () throws TskCoreException |
| int | hashCode () |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| String | toString () |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
| public< T > T | accept (ContentVisitor< T > v) |
| long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
| Public Member Functions inherited from org.sleuthkit.datamodel.SleuthkitVisitableItem | |
| public< T > T | accept (SleuthkitItemVisitor< T > v) |
Static Public Member Functions | |
| static String | createNonUniquePath (String uniquePath) |
| static String | epochToTime (long epoch) |
| static String | epochToTime (long epoch, TimeZone tzone) |
| static long | timeToEpoch (String time) |
Protected Member Functions | |
| void | finalize () throws Throwable |
| int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
| final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
| void | setLocalPath (String localPath, boolean isAbsolute) |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Protected Attributes | |
| final int | attrId |
| final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
| TSK_FS_NAME_FLAG_ENUM | dirFlag |
| final TSK_FS_NAME_TYPE_ENUM | dirType |
| final Long | fileSystemObjectId |
| final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
| TskData.FileKnown | knownState |
| String | md5Hash |
| final long | metaAddr |
| Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
| final int | metaSeq |
| final TSK_FS_META_TYPE_ENUM | metaType |
| final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
| final String | parentPath |
| String | sha1Hash |
| String | sha256Hash |
| long | size |
| final int | uid |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| long | parentId |
Additional Inherited Members | |
| Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| static final long | UNKNOWN_ID = -1 |
An abstract base class for classes that represent files that have been added to the case.
Definition at line 50 of file AbstractFile.java.
| void org.sleuthkit.datamodel.AbstractFile.addAttributes | ( | Collection< Attribute > | attributes, |
| final SleuthkitCase.CaseDbTransaction | caseDbTransaction | ||
| ) | throws TskCoreException |
Adds a collection of attributes to this file in a single operation within a transaction supplied by the caller.
| attributes | The collection of attributes. |
| caseDbTransaction | The transaction in the scope of which the operation is to be performed, managed by the caller. if Null is passed in a local transaction will be created and used. |
| TskCoreException | If an error occurs and the attributes were not added to the artifact. |
Definition at line 607 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| boolean org.sleuthkit.datamodel.AbstractFile.canRead | ( | ) |
Check if the file exists and is readable. If non-local (e.g. within an image), always true, if local, checks if actual local path exists and is readable
Definition at line 1237 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.canRead().
Referenced by org.sleuthkit.datamodel.AbstractFile.canRead().
| void org.sleuthkit.datamodel.AbstractFile.close | ( | ) |
Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.
Implements org.sleuthkit.datamodel.Content.
Definition at line 1276 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getName(), and org.sleuthkit.datamodel.AbstractFile.getParentPath().
Referenced by org.sleuthkit.datamodel.DerivedFile.finalize(), and org.sleuthkit.datamodel.AbstractFile.finalize().
| long org.sleuthkit.datamodel.AbstractFile.convertToImgOffset | ( | long | fileOffset | ) | throws TskCoreException |
Convert an internal offset to an image offset
| fileOffset | the byte offset in this layout file to map |
| TskCoreException | exception thrown if critical error occurred within tsk core and offset could not be converted |
Definition at line 761 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.getRanges().
| List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.convertToImgRanges | ( | long | fileOffset, |
| long | length | ||
| ) | throws TskCoreException |
Converts a file offset and length into a series of TskFileRange objects whose offsets are relative to the image. This method will only work on files with layout ranges.
| fileOffset | The byte offset in this file to map. |
| length | The length of bytes starting at fileOffset requested. |
| TskCoreException |
Definition at line 794 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskFileRange.getByteLen(), org.sleuthkit.datamodel.TskFileRange.getByteStart(), and org.sleuthkit.datamodel.AbstractFile.getRanges().
|
static |
| uniquePath | the unique path to an AbstractFile (or subclass) usually obtained by a call to AbstractFile.getUniquePath. |
Definition at line 893 of file AbstractFile.java.
|
static |
Return the epoch into string in ISO 8601 dateTime format
| epoch | time in seconds |
Definition at line 1645 of file AbstractFile.java.
References org.sleuthkit.datamodel.TimeUtilities.epochToTime().
Referenced by org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate(), and org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate().
|
static |
Return the epoch into string in ISO 8601 dateTime format, in the given timezone
| epoch | time in seconds |
| tzone | time zone |
Definition at line 1661 of file AbstractFile.java.
References org.sleuthkit.datamodel.TimeUtilities.epochToTime().
| boolean org.sleuthkit.datamodel.AbstractFile.exists | ( | ) |
Check if the file exists. If non-local always true, if local, checks if actual local path exists
Definition at line 1216 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.exists().
Referenced by org.sleuthkit.datamodel.AbstractFile.exists(), and org.sleuthkit.datamodel.Image.imageFileExists().
|
protected |
Definition at line 1296 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.close().
| long org.sleuthkit.datamodel.AbstractFile.getAtime | ( | ) |
| String org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate | ( | ) |
Get the access time as Date (in local timezone)
Definition at line 307 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
| int org.sleuthkit.datamodel.AbstractFile.getAttributeId | ( | ) |
Get the attribute id
Definition at line 253 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrId.
| List<Attribute> org.sleuthkit.datamodel.AbstractFile.getAttributes | ( | ) | throws TskCoreException |
Gets the attributes of this File
| TskCoreException |
Definition at line 582 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.getBlackboard(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| short org.sleuthkit.datamodel.AbstractFile.getAttrId | ( | ) |
Get the attribute id
Definition at line 1601 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrId.
| TskData.TSK_FS_ATTR_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getAttrType | ( | ) |
Get the attribute type
Definition at line 244 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrType.
| long org.sleuthkit.datamodel.AbstractFile.getCrtime | ( | ) |
| String org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate | ( | ) |
Get the creation time as Date (in local timezone)
Definition at line 289 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
| long org.sleuthkit.datamodel.AbstractFile.getCtime | ( | ) |
| String org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate | ( | ) |
Get the change time as Date (in local timezone)
Definition at line 271 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
| Content org.sleuthkit.datamodel.AbstractFile.getDataSource | ( | ) | throws TskCoreException |
Gets the data source for this file.
| TskCoreException | if there was an error querying the case database. |
To obtain the data source as a DataSource object, use: getSleuthkitCase().getDataSource(getDataSourceObjectId());
Implements org.sleuthkit.datamodel.Content.
Definition at line 718 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.LayoutFile.readInt().
| long org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId | ( | ) |
Gets the object id of the data source for this file.
Definition at line 727 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.VirtualDirectory.getDataSource(), and org.sleuthkit.datamodel.SpecialDirectory.isDataSource().
| String org.sleuthkit.datamodel.AbstractFile.getDirFlagAsString | ( | ) |
Definition at line 979 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.toString().
| TSK_FS_NAME_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getDirType | ( | ) |
Get the directory type id
Definition at line 958 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.dirType.
| String org.sleuthkit.datamodel.AbstractFile.getDirTypeAsString | ( | ) |
Definition at line 962 of file AbstractFile.java.
| FileSystem org.sleuthkit.datamodel.AbstractFile.getFileSystem | ( | ) | throws TskCoreException |
Gets the parent file system of this file or directory. If the AbstractFile object is not FsContent, hasFileSystem() should be called before this method to ensure the file belongs to a file system.
| org.sleuthkit.datamodel.TskCoreException | If the file does not belong to a file system or another error occurs. |
Definition at line 1491 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.AbstractContent.UNKNOWN_ID.
Referenced by org.sleuthkit.datamodel.FsContent.getDataSource(), org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.FsContent.isRoot().
| Optional<Long> org.sleuthkit.datamodel.AbstractFile.getFileSystemObjectId | ( | ) |
Get the object id of the parent file system of this file or directory if it exists.
Definition at line 1467 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.FsContent.getFileSystemId(), org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().
| int org.sleuthkit.datamodel.AbstractFile.getGid | ( | ) |
| TskData.FileKnown org.sleuthkit.datamodel.AbstractFile.getKnown | ( | ) |
Get "knownState" file status - after running a HashDB ingest on it As marked by a knownState file database, such as NSRL
Definition at line 672 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.knownState.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
| String org.sleuthkit.datamodel.AbstractFile.getLocalAbsPath | ( | ) |
Get local absolute path of the file, if localPath has been set
Definition at line 1197 of file AbstractFile.java.
| String org.sleuthkit.datamodel.AbstractFile.getLocalPath | ( | ) |
Get local relative to case db path of the file
Definition at line 1188 of file AbstractFile.java.
| String org.sleuthkit.datamodel.AbstractFile.getMd5Hash | ( | ) |
Get the md5 hash value as calculated, if present
Definition at line 527 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.md5Hash.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
| long org.sleuthkit.datamodel.AbstractFile.getMetaAddr | ( | ) |
Get the file meta address
Definition at line 352 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.metaAddr.
Referenced by org.sleuthkit.datamodel.FsContent.isRoot().
| String org.sleuthkit.datamodel.AbstractFile.getMetaFlagsAsString | ( | ) |
Definition at line 995 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.
| long org.sleuthkit.datamodel.AbstractFile.getMetaSeq | ( | ) |
Get the file meta address sequence. Only useful with NTFS. Incremented each time a structure is re-allocated.
Definition at line 362 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.metaSeq.
| TSK_FS_META_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getMetaType | ( | ) |
Get the meta data type
Definition at line 945 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.metaType.
| String org.sleuthkit.datamodel.AbstractFile.getMetaTypeAsString | ( | ) |
Definition at line 949 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString().
| String org.sleuthkit.datamodel.AbstractFile.getMIMEType | ( | ) |
Gets the MIME type of this file.
Definition at line 488 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
| String org.sleuthkit.datamodel.AbstractFile.getModesAsString | ( | ) |
Get the file's mode as a user-displayable string
Definition at line 371 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.modes, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.toInt(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString(), org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH, and org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR.
| long org.sleuthkit.datamodel.AbstractFile.getMtime | ( | ) |
| String org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate | ( | ) |
Get the modified time as Date (in local timezone)
Definition at line 325 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.epochToTime().
| String org.sleuthkit.datamodel.AbstractFile.getNameExtension | ( | ) |
Get the extension part of the filename, if there is one. We assume that extensions only have ASCII alphanumeric chars
Definition at line 683 of file AbstractFile.java.
| Optional<Long> org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId | ( | ) |
Get the Object Id of the owner account.
Definition at line 1449 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.newDataArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().
| Optional<String> org.sleuthkit.datamodel.AbstractFile.getOwnerUid | ( | ) |
Get the owner uid.
Note this is a string uid, typically a Windows SID. This is different from the numeric uid commonly found on Unix based file systems.
Definition at line 1440 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().
| String org.sleuthkit.datamodel.AbstractFile.getParentPath | ( | ) |
Get path of the parent of this file
Definition at line 702 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.parentPath.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.AbstractFile.close(), and org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment.FileAttachment().
| List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.getRanges | ( | ) | throws TskCoreException |
Gets file ranges associated with the file. File ranges are objects in tsk_file_layout table Any file type (especially unallocated) may have 1 or more block ranges associated with it
| TskCoreException | exception thrown if critical error occurred within tsk core |
Definition at line 741 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.AbstractFile.convertToImgOffset(), org.sleuthkit.datamodel.AbstractFile.convertToImgRanges(), org.sleuthkit.datamodel.LayoutFile.getNumParts(), and org.sleuthkit.datamodel.LayoutFile.readInt().
| String org.sleuthkit.datamodel.AbstractFile.getSha1Hash | ( | ) |
Get the SHA-1 hash value as calculated, if present
Definition at line 571 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.sha1Hash.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
| String org.sleuthkit.datamodel.AbstractFile.getSha256Hash | ( | ) |
Get the SHA-256 hash value as calculated, if present
Definition at line 549 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.sha256Hash.
Referenced by org.sleuthkit.datamodel.AbstractFile.save().
| long org.sleuthkit.datamodel.AbstractFile.getSize | ( | ) |
Get size of the file
Implements org.sleuthkit.datamodel.Content.
Definition at line 693 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.size.
Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().
| TskData.TSK_DB_FILES_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getType | ( | ) |
Gets type of the abstract file as defined in TSK_DB_FILES_TYPE_ENUM
Definition at line 235 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.fileType.
| int org.sleuthkit.datamodel.AbstractFile.getUid | ( | ) |
Get the user id
Definition at line 334 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.uid.
| String org.sleuthkit.datamodel.AbstractFile.getUniquePath | ( | ) | throws TskCoreException |
Get the full path to this file or directory, starting with a "/" and the data source name and then all the other segments in the path.
| TskCoreException | if there is an error querying the case database. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 1514 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.equals(), org.sleuthkit.datamodel.AbstractFile.getDataSource(), org.sleuthkit.datamodel.AbstractFile.getFileSystem(), org.sleuthkit.datamodel.AbstractFile.getFileSystemObjectId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.Content.getUniquePath(), org.sleuthkit.datamodel.VirtualDirectory.NAME_CARVED, and org.sleuthkit.datamodel.VirtualDirectory.NAME_UNALLOC.
Referenced by org.sleuthkit.datamodel.FsContent.toString().
| boolean org.sleuthkit.datamodel.AbstractFile.hasFileSystem | ( | ) |
Check if this AbstractFile belongs to a file system.
Definition at line 1476 of file AbstractFile.java.
| boolean org.sleuthkit.datamodel.AbstractFile.isDir | ( | ) |
Is this object a directory. Should return true for file system folders and virtual folders.
Definition at line 873 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.
Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().
| boolean org.sleuthkit.datamodel.AbstractFile.isDirNameFlagSet | ( | TSK_FS_NAME_FLAG_ENUM | flag | ) |
| flag | the TSK_FS_NAME_FLAG_ENUM to check |
Definition at line 971 of file AbstractFile.java.
| boolean org.sleuthkit.datamodel.AbstractFile.isFile | ( | ) |
Is this object a file. Should return true for all types of files, including file system, logical, derived, layout, and slack space for files.
Definition at line 860 of file AbstractFile.java.
References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.
| boolean org.sleuthkit.datamodel.AbstractFile.isMetaFlagSet | ( | TSK_FS_META_FLAG_ENUM | metaFlag | ) |
| metaFlag | the TSK_FS_META_FLAG_ENUM to check |
Definition at line 1010 of file AbstractFile.java.
| MimeMatchEnum org.sleuthkit.datamodel.AbstractFile.isMimeType | ( | SortedSet< String > | mimeTypes | ) |
Determines if this file's type is one of the ones passed in. Uses the blackboard attribute for file type.
| mimeTypes | Set of file types to compare against |
Definition at line 1343 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.FALSE, org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.TRUE, and org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.UNDEFINED.
| boolean org.sleuthkit.datamodel.AbstractFile.isModeSet | ( | TskData.TSK_FS_META_MODE_ENUM | mode | ) |
Definition at line 505 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.modes.
|
abstract |
Is this a root of a file system
| boolean org.sleuthkit.datamodel.AbstractFile.isVirtual | ( | ) |
is this a virtual file or directory that was created by The Sleuth Kit or Autopsy for general structure and organization.
Definition at line 847 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
| List<AbstractFile> org.sleuthkit.datamodel.AbstractFile.listFiles | ( | ) | throws TskCoreException |
| org.sleuthkit.datamodel.TskCoreException |
Definition at line 925 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getChildren().
| BlackboardArtifact org.sleuthkit.datamodel.AbstractFile.newArtifact | ( | int | artifactTypeID | ) | throws TskCoreException |
Create and add an artifact associated with this content to the blackboard
| artifactTypeID | id of the artifact type (if the id doesn't already exist an exception will be thrown) |
| TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 1569 of file AbstractFile.java.
References org.sleuthkit.datamodel.BlackboardArtifact.newArtifact().
| DataArtifact org.sleuthkit.datamodel.AbstractFile.newDataArtifact | ( | BlackboardArtifact.Type | artifactType, |
| Collection< BlackboardAttribute > | attributesList | ||
| ) | throws TskCoreException |
Create and add a data artifact associated with this abstract file. This method creates the data artifact with the os account id associated with this abstract file if one exists.
| artifactType | Type of data artifact to create. |
| attributesList | Additional attributes to attach to this data artifact. |
| TskCoreException | If a critical error occurred within tsk core. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 1587 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId(), and org.sleuthkit.datamodel.BlackboardArtifact.newDataArtifact().
| final int org.sleuthkit.datamodel.AbstractFile.read | ( | byte[] | buf, |
| long | offset, | ||
| long | len | ||
| ) | throws TskCoreException |
Reads data that this content object is associated with (file contents, volume contents, etc.).
| buf | a character array of data (in bytes) to copy read data to |
| offset | byte offset in the content to start reading from |
| len | number of bytes to read into buf. |
| TskCoreException | if critical error occurred during read in the tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 1042 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.readInt(), and org.sleuthkit.datamodel.AbstractFile.readLocal().
|
protected |
Internal custom read (non-local) method that child classes can implement
| buf | buffer to read into |
| offset | start reading position in the file |
| len | number of bytes to read |
| TskCoreException | exception thrown when file could not be read |
Definition at line 1064 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.read().
|
protected |
Local file path read support
| buf | buffer to read into |
| offset | start reading position in the file |
| len | number of bytes to read |
| TskCoreException | exception thrown when file could not be read |
Definition at line 1079 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.getSize(), org.sleuthkit.datamodel.AbstractFile.isDir(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.
Referenced by org.sleuthkit.datamodel.AbstractFile.read().
| void org.sleuthkit.datamodel.AbstractFile.save | ( | ) | throws TskCoreException |
Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state.
| TskCoreException | if there is an error saving the editable file properties to the case database. |
Definition at line 1360 of file AbstractFile.java.
References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
| void org.sleuthkit.datamodel.AbstractFile.save | ( | CaseDbTransaction | transaction | ) | throws TskCoreException |
Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state, in the context of a given case database transaction.
| transaction | The transaction. |
| TskCoreException | if there is an error saving the editable file properties to the case database. |
Definition at line 1384 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractFile.getKnown(), org.sleuthkit.datamodel.AbstractFile.getMd5Hash(), org.sleuthkit.datamodel.AbstractFile.getMIMEType(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractFile.getSha1Hash(), and org.sleuthkit.datamodel.AbstractFile.getSha256Hash().
| void org.sleuthkit.datamodel.AbstractFile.setKnown | ( | TskData.FileKnown | knownState | ) |
Sets the known state for this file. Passed in value will be ignored if it is "less" than the current state. A NOTABLE file cannot be downgraded to KNOWN.
IMPORTANT: The known state is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
| knownState | The known state of the file. |
Definition at line 655 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.knownState.
|
protected |
Set local path for the file, as stored in db tsk_files_path, relative to the case db path or an absolute path. When set, subsequent invocations of read() will read the file in the local path.
| localPath | local path to be set |
| isAbsolute | true if the path is absolute, false if relative to the case db |
Definition at line 1626 of file AbstractFile.java.
| void org.sleuthkit.datamodel.AbstractFile.setMd5Hash | ( | String | md5Hash | ) |
Sets the MD5 hash for this file.
IMPORTANT: The MD5 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
| md5Hash | The MD5 hash of the file. |
Definition at line 517 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.md5Hash.
| void org.sleuthkit.datamodel.AbstractFile.setMIMEType | ( | String | mimeType | ) |
Sets the MIME type for this file.
IMPORTANT: The MIME type is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
| mimeType | The MIME type of this file. |
Definition at line 500 of file AbstractFile.java.
| void org.sleuthkit.datamodel.AbstractFile.setSha1Hash | ( | String | sha1Hash | ) |
Sets the SHA-1 hash for this file.
IMPORTANT: The SHA-1 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
| sha1Hash | The SHA-1 hash of the file. |
Definition at line 561 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.sha1Hash.
| void org.sleuthkit.datamodel.AbstractFile.setSha256Hash | ( | String | sha256Hash | ) |
Sets the SHA-256 hash for this file.
IMPORTANT: The SHA-256 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.
| sha256Hash | The SHA-256 hash of the file. |
Definition at line 539 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.sha256Hash.
|
static |
Convert from ISO 8601 formatted date time string to epoch time in seconds
| time | formatted date time string as "yyyy-MM-dd HH:mm:ss" |
Definition at line 1673 of file AbstractFile.java.
References org.sleuthkit.datamodel.TimeUtilities.timeToEpoch().
| String org.sleuthkit.datamodel.AbstractFile.toString | ( | boolean | preserveState | ) |
Definition at line 1305 of file AbstractFile.java.
References org.sleuthkit.datamodel.AbstractFile.attrType, org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.AbstractFile.knownState, and org.sleuthkit.datamodel.AbstractFile.modes.
|
protected |
Definition at line 62 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getAttributeId(), and org.sleuthkit.datamodel.AbstractFile.getAttrId().
|
protected |
Definition at line 63 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getAttrType(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
Definition at line 55 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 53 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getDirType(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 57 of file AbstractFile.java.
|
protected |
Definition at line 52 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.getType(), org.sleuthkit.datamodel.AbstractFile.isVirtual(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
knownState status in database
Definition at line 81 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getKnown(), org.sleuthkit.datamodel.LocalFile.LocalFile(), org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource(), org.sleuthkit.datamodel.AbstractFile.setKnown(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
Definition at line 86 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMd5Hash(), org.sleuthkit.datamodel.LocalFile.LocalFile(), org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource(), and org.sleuthkit.datamodel.AbstractFile.setMd5Hash().
|
protected |
Definition at line 59 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMetaAddr(), and org.sleuthkit.datamodel.FsContent.getMetaDataText().
|
protected |
Definition at line 56 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 60 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), and org.sleuthkit.datamodel.AbstractFile.getMetaSeq().
|
protected |
Definition at line 54 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMetaType(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 64 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getModesAsString(), org.sleuthkit.datamodel.AbstractFile.isModeSet(), and org.sleuthkit.datamodel.AbstractFile.toString().
|
protected |
Definition at line 77 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().
|
protected |
Definition at line 97 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.getSha1Hash(), and org.sleuthkit.datamodel.AbstractFile.setSha1Hash().
|
protected |
Definition at line 91 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.AbstractFile.getSha256Hash(), and org.sleuthkit.datamodel.AbstractFile.setSha256Hash().
|
protected |
|
protected |
Definition at line 61 of file AbstractFile.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), and org.sleuthkit.datamodel.AbstractFile.getUid().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
