Sleuth Kit Java Bindings (JNI)  4.11.1
Java bindings for using The Sleuth Kit
org.sleuthkit.datamodel.AbstractFile Class Referenceabstract

Inherits org.sleuthkit.datamodel.AbstractContent.

Inherited by org.sleuthkit.datamodel.DerivedFile, org.sleuthkit.datamodel.FsContent, org.sleuthkit.datamodel.LayoutFile, org.sleuthkit.datamodel.LocalFile, and org.sleuthkit.datamodel.SpecialDirectory.

Classes

enum  MimeMatchEnum
 

Public Member Functions

void addAttributes (Collection< Attribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException
 
boolean canRead ()
 
void close ()
 
long convertToImgOffset (long fileOffset) throws TskCoreException
 
List< TskFileRangeconvertToImgRanges (long fileOffset, long length) throws TskCoreException
 
boolean exists ()
 
long getAtime ()
 
String getAtimeAsDate ()
 
int getAttributeId ()
 
List< AttributegetAttributes () throws TskCoreException
 
short getAttrId ()
 
TskData.TSK_FS_ATTR_TYPE_ENUM getAttrType ()
 
long getCrtime ()
 
String getCrtimeAsDate ()
 
long getCtime ()
 
String getCtimeAsDate ()
 
Content getDataSource () throws TskCoreException
 
long getDataSourceObjectId ()
 
String getDirFlagAsString ()
 
TSK_FS_NAME_TYPE_ENUM getDirType ()
 
String getDirTypeAsString ()
 
FileSystem getFileSystem () throws TskCoreException
 
Optional< Long > getFileSystemObjectId ()
 
int getGid ()
 
TskData.FileKnown getKnown ()
 
String getLocalAbsPath ()
 
String getLocalPath ()
 
String getMd5Hash ()
 
long getMetaAddr ()
 
String getMetaFlagsAsString ()
 
long getMetaSeq ()
 
TSK_FS_META_TYPE_ENUM getMetaType ()
 
String getMetaTypeAsString ()
 
String getMIMEType ()
 
String getModesAsString ()
 
long getMtime ()
 
String getMtimeAsDate ()
 
String getNameExtension ()
 
Optional< Long > getOsAccountObjectId ()
 
Optional< String > getOwnerUid ()
 
String getParentPath ()
 
List< TskFileRangegetRanges () throws TskCoreException
 
String getSha1Hash ()
 
String getSha256Hash ()
 
long getSize ()
 
TskData.TSK_DB_FILES_TYPE_ENUM getType ()
 
int getUid ()
 
String getUniquePath () throws TskCoreException
 
boolean hasFileSystem ()
 
boolean isDir ()
 
boolean isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag)
 
boolean isFile ()
 
boolean isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag)
 
MimeMatchEnum isMimeType (SortedSet< String > mimeTypes)
 
boolean isModeSet (TskData.TSK_FS_META_MODE_ENUM mode)
 
abstract boolean isRoot ()
 
boolean isVirtual ()
 
List< AbstractFilelistFiles () throws TskCoreException
 
BlackboardArtifact newArtifact (int artifactTypeID) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException
 
final int read (byte[] buf, long offset, long len) throws TskCoreException
 
void save () throws TskCoreException
 
void save (CaseDbTransaction transaction) throws TskCoreException
 
void setKnown (TskData.FileKnown knownState)
 
void setMd5Hash (String md5Hash)
 
void setMIMEType (String mimeType)
 
void setSha1Hash (String sha1Hash)
 
void setSha256Hash (String sha256Hash)
 
String toString (boolean preserveState)
 
- Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent
boolean equals (Object obj)
 
Score getAggregateScore () throws TskCoreException
 
List< AnalysisResultgetAllAnalysisResults () throws TskCoreException
 
ArrayList< BlackboardArtifactgetAllArtifacts () throws TskCoreException
 
long getAllArtifactsCount () throws TskCoreException
 
List< DataArtifactgetAllDataArtifacts () throws TskCoreException
 
List< AnalysisResultgetAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException
 
ArrayList< BlackboardArtifactgetArtifacts (String artifactTypeName) throws TskCoreException
 
ArrayList< BlackboardArtifactgetArtifacts (int artifactTypeID) throws TskCoreException
 
ArrayList< BlackboardArtifactgetArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
 
long getArtifactsCount (String artifactTypeName) throws TskCoreException
 
long getArtifactsCount (int artifactTypeID) throws TskCoreException
 
long getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException
 
List< ContentgetChildren () throws TskCoreException
 
int getChildrenCount () throws TskCoreException
 
List< Long > getChildrenIds () throws TskCoreException
 
Content getDataSource () throws TskCoreException
 
BlackboardArtifact getGenInfoArtifact () throws TskCoreException
 
BlackboardArtifact getGenInfoArtifact (boolean create) throws TskCoreException
 
ArrayList< BlackboardAttributegetGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException
 
Set< String > getHashSetNames () throws TskCoreException
 
long getId ()
 
String getName ()
 
Content getParent () throws TskCoreException
 
Optional< Long > getParentId () throws TskCoreException
 
SleuthkitCase getSleuthkitCase ()
 
String getUniquePath () throws TskCoreException
 
boolean hasChildren () throws TskCoreException
 
int hashCode ()
 
AnalysisResultAdded newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException
 
AnalysisResultAdded newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException
 
BlackboardArtifact newArtifact (int artifactTypeID) throws TskCoreException
 
BlackboardArtifact newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException
 
String toString ()
 
String toString (boolean preserveState)
 
- Public Member Functions inherited from org.sleuthkit.datamodel.Content
public< T > T accept (ContentVisitor< T > v)
 
long getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
 
ArrayList< BlackboardAttributegetGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException
 
- Public Member Functions inherited from org.sleuthkit.datamodel.SleuthkitVisitableItem
public< T > T accept (SleuthkitItemVisitor< T > v)
 

Static Public Member Functions

static String createNonUniquePath (String uniquePath)
 
static String epochToTime (long epoch)
 
static String epochToTime (long epoch, TimeZone tzone)
 
static long timeToEpoch (String time)
 

Protected Member Functions

void finalize () throws Throwable
 
int readInt (byte[] buf, long offset, long len) throws TskCoreException
 
final int readLocal (byte[] buf, long offset, long len) throws TskCoreException
 
void setLocalPath (String localPath, boolean isAbsolute)
 
- Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent
 AbstractContent (SleuthkitCase db, long obj_id, String name)
 

Protected Attributes

final int attrId
 
final TskData.TSK_FS_ATTR_TYPE_ENUM attrType
 
TSK_FS_NAME_FLAG_ENUM dirFlag
 
final TSK_FS_NAME_TYPE_ENUM dirType
 
final Long fileSystemObjectId
 
final TskData.TSK_DB_FILES_TYPE_ENUM fileType
 
TskData.FileKnown knownState
 
String md5Hash
 
final long metaAddr
 
Set< TSK_FS_META_FLAG_ENUMmetaFlags
 
final int metaSeq
 
final TSK_FS_META_TYPE_ENUM metaType
 
final Set< TskData.TSK_FS_META_MODE_ENUM > modes
 
final String parentPath
 
String sha1Hash
 
String sha256Hash
 
long size
 
final int uid
 
- Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent
long parentId
 

Additional Inherited Members

- Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent
static final long UNKNOWN_ID = -1
 

Detailed Description

An abstract base class for classes that represent files that have been added to the case.

Definition at line 50 of file AbstractFile.java.

Member Function Documentation

void org.sleuthkit.datamodel.AbstractFile.addAttributes ( Collection< Attribute attributes,
final SleuthkitCase.CaseDbTransaction  caseDbTransaction 
) throws TskCoreException

Adds a collection of attributes to this file in a single operation within a transaction supplied by the caller.

Parameters
attributesThe collection of attributes.
caseDbTransactionThe transaction in the scope of which the operation is to be performed, managed by the caller. if Null is passed in a local transaction will be created and used.
Exceptions
TskCoreExceptionIf an error occurs and the attributes were not added to the artifact.

Definition at line 607 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().

boolean org.sleuthkit.datamodel.AbstractFile.canRead ( )

Check if the file exists and is readable. If non-local (e.g. within an image), always true, if local, checks if actual local path exists and is readable

Returns
true if the file is readable

Definition at line 1237 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.canRead().

Referenced by org.sleuthkit.datamodel.AbstractFile.canRead().

void org.sleuthkit.datamodel.AbstractFile.close ( )

Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.

Implements org.sleuthkit.datamodel.Content.

Definition at line 1276 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.getName(), and org.sleuthkit.datamodel.AbstractFile.getParentPath().

Referenced by org.sleuthkit.datamodel.DerivedFile.finalize(), and org.sleuthkit.datamodel.AbstractFile.finalize().

long org.sleuthkit.datamodel.AbstractFile.convertToImgOffset ( long  fileOffset) throws TskCoreException

Convert an internal offset to an image offset

Parameters
fileOffsetthe byte offset in this layout file to map
Returns
the corresponding byte offset in the image where the file offset is located, or -1 if the file has no range layout information or if the fileOffset is larger than file size
Exceptions
TskCoreExceptionexception thrown if critical error occurred within tsk core and offset could not be converted

Definition at line 761 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.getRanges().

List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.convertToImgRanges ( long  fileOffset,
long  length 
) throws TskCoreException

Converts a file offset and length into a series of TskFileRange objects whose offsets are relative to the image. This method will only work on files with layout ranges.

Parameters
fileOffsetThe byte offset in this file to map.
lengthThe length of bytes starting at fileOffset requested.
Returns
The TskFileRange objects whose offsets are relative to the image. The sum total of lengths in these ranges will equal the length requested or will run until the end of this file.
Exceptions
TskCoreException

Definition at line 794 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskFileRange.getByteLen(), org.sleuthkit.datamodel.TskFileRange.getByteStart(), and org.sleuthkit.datamodel.AbstractFile.getRanges().

static String org.sleuthkit.datamodel.AbstractFile.createNonUniquePath ( String  uniquePath)
static
Parameters
uniquePaththe unique path to an AbstractFile (or subclass) usually obtained by a call to AbstractFile.getUniquePath.
Returns
the path to to an AbstractFile (or subclass) with the image and volume path segments removed.

Definition at line 893 of file AbstractFile.java.

static String org.sleuthkit.datamodel.AbstractFile.epochToTime ( long  epoch)
static

Return the epoch into string in ISO 8601 dateTime format

Parameters
epochtime in seconds
Returns
formatted date time string as "yyyy-MM-dd HH:mm:ss"
Deprecated:

Definition at line 1645 of file AbstractFile.java.

References org.sleuthkit.datamodel.TimeUtilities.epochToTime().

Referenced by org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate(), and org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate().

static String org.sleuthkit.datamodel.AbstractFile.epochToTime ( long  epoch,
TimeZone  tzone 
)
static

Return the epoch into string in ISO 8601 dateTime format, in the given timezone

Parameters
epochtime in seconds
tzonetime zone
Returns
formatted date time string as "yyyy-MM-dd HH:mm:ss"
Deprecated:

Definition at line 1661 of file AbstractFile.java.

References org.sleuthkit.datamodel.TimeUtilities.epochToTime().

boolean org.sleuthkit.datamodel.AbstractFile.exists ( )

Check if the file exists. If non-local always true, if local, checks if actual local path exists

Returns
true if the file exists, false otherwise

Definition at line 1216 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.exists().

Referenced by org.sleuthkit.datamodel.AbstractFile.exists(), and org.sleuthkit.datamodel.Image.imageFileExists().

void org.sleuthkit.datamodel.AbstractFile.finalize ( ) throws Throwable
protected

Definition at line 1296 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.close().

long org.sleuthkit.datamodel.AbstractFile.getAtime ( )

Get the access time

Returns
access time

Definition at line 298 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate ( )

Get the access time as Date (in local timezone)

Returns
access time as Date

Definition at line 307 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

int org.sleuthkit.datamodel.AbstractFile.getAttributeId ( )

Get the attribute id

Returns
attribute id

Definition at line 253 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.attrId.

List<Attribute> org.sleuthkit.datamodel.AbstractFile.getAttributes ( ) throws TskCoreException
short org.sleuthkit.datamodel.AbstractFile.getAttrId ( )

Get the attribute id

Returns
attribute id
Deprecated:
Use getAttributeId() method instead as it returns integer instead of short.

Definition at line 1601 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.attrId.

TskData.TSK_FS_ATTR_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getAttrType ( )

Get the attribute type

Returns
attribute type

Definition at line 244 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.attrType.

long org.sleuthkit.datamodel.AbstractFile.getCrtime ( )

Get the creation time

Returns
creation time

Definition at line 280 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate ( )

Get the creation time as Date (in local timezone)

Returns
creation time as Date

Definition at line 289 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

long org.sleuthkit.datamodel.AbstractFile.getCtime ( )

Get the change time

Returns
change time

Definition at line 262 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate ( )

Get the change time as Date (in local timezone)

Returns
change time as Date

Definition at line 271 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

Content org.sleuthkit.datamodel.AbstractFile.getDataSource ( ) throws TskCoreException

Gets the data source for this file.

Returns
The data source.
Exceptions
TskCoreExceptionif there was an error querying the case database.

To obtain the data source as a DataSource object, use: getSleuthkitCase().getDataSource(getDataSourceObjectId());

Implements org.sleuthkit.datamodel.Content.

Definition at line 718 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().

Referenced by org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.LayoutFile.readInt().

long org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId ( )
String org.sleuthkit.datamodel.AbstractFile.getDirFlagAsString ( )
Returns
a string representation of the directory name flag (type TSK_FS_NAME_FLAG_ENUM)

Definition at line 979 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.toString().

TSK_FS_NAME_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getDirType ( )

Get the directory type id

Returns
directory type id

Definition at line 958 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.dirType.

String org.sleuthkit.datamodel.AbstractFile.getDirTypeAsString ( )

Definition at line 962 of file AbstractFile.java.

FileSystem org.sleuthkit.datamodel.AbstractFile.getFileSystem ( ) throws TskCoreException

Gets the parent file system of this file or directory. If the AbstractFile object is not FsContent, hasFileSystem() should be called before this method to ensure the file belongs to a file system.

Returns
The file system object of the parent.
Exceptions
org.sleuthkit.datamodel.TskCoreExceptionIf the file does not belong to a file system or another error occurs.

Definition at line 1491 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.AbstractContent.UNKNOWN_ID.

Referenced by org.sleuthkit.datamodel.FsContent.getDataSource(), org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.FsContent.isRoot().

Optional<Long> org.sleuthkit.datamodel.AbstractFile.getFileSystemObjectId ( )

Get the object id of the parent file system of this file or directory if it exists.

Returns
The parent file system id.

Definition at line 1467 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.FsContent.getFileSystemId(), org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().

int org.sleuthkit.datamodel.AbstractFile.getGid ( )

Get the group id

Returns
group id

Definition at line 343 of file AbstractFile.java.

TskData.FileKnown org.sleuthkit.datamodel.AbstractFile.getKnown ( )

Get "knownState" file status - after running a HashDB ingest on it As marked by a knownState file database, such as NSRL

Returns
file knownState status enum value

Definition at line 672 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.knownState.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

String org.sleuthkit.datamodel.AbstractFile.getLocalAbsPath ( )

Get local absolute path of the file, if localPath has been set

Returns
local absolute file path if local path has been set, or null

Definition at line 1197 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getLocalPath ( )

Get local relative to case db path of the file

Returns
local file path if set

Definition at line 1188 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getMd5Hash ( )

Get the md5 hash value as calculated, if present

Returns
md5 hash string, if it is present or null if it is not

Definition at line 527 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.md5Hash.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

long org.sleuthkit.datamodel.AbstractFile.getMetaAddr ( )

Get the file meta address

Returns
Address of the meta data structure

Definition at line 352 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.metaAddr.

Referenced by org.sleuthkit.datamodel.FsContent.isRoot().

String org.sleuthkit.datamodel.AbstractFile.getMetaFlagsAsString ( )
Returns
a string representation of the meta flags

Definition at line 995 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.

long org.sleuthkit.datamodel.AbstractFile.getMetaSeq ( )

Get the file meta address sequence. Only useful with NTFS. Incremented each time a structure is re-allocated.

Returns
Address of the meta data structure sequence.

Definition at line 362 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.metaSeq.

TSK_FS_META_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getMetaType ( )

Get the meta data type

Returns
meta data type

Definition at line 945 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.metaType.

String org.sleuthkit.datamodel.AbstractFile.getMetaTypeAsString ( )
String org.sleuthkit.datamodel.AbstractFile.getMIMEType ( )

Gets the MIME type of this file.

Returns
The MIME type name or null if the MIME type has not been set.

Definition at line 488 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

long org.sleuthkit.datamodel.AbstractFile.getMtime ( )

Get the modified time

Returns
modified time

Definition at line 316 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate ( )

Get the modified time as Date (in local timezone)

Returns
modified time as Date

Definition at line 325 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

String org.sleuthkit.datamodel.AbstractFile.getNameExtension ( )

Get the extension part of the filename, if there is one. We assume that extensions only have ASCII alphanumeric chars

Returns
The filename extension in lowercase (not including the period) or empty string if there is no extension

Definition at line 683 of file AbstractFile.java.

Optional<Long> org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId ( )

Get the Object Id of the owner account.

Returns
Optional with Object Id of the OsAccount, or Optional.empty.

Definition at line 1449 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.newDataArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().

Optional<String> org.sleuthkit.datamodel.AbstractFile.getOwnerUid ( )

Get the owner uid.

Note this is a string uid, typically a Windows SID. This is different from the numeric uid commonly found on Unix based file systems.

Returns
Optional with owner uid.

Definition at line 1440 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().

List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.getRanges ( ) throws TskCoreException

Gets file ranges associated with the file. File ranges are objects in tsk_file_layout table Any file type (especially unallocated) may have 1 or more block ranges associated with it

Returns
list of file layout ranges
Exceptions
TskCoreExceptionexception thrown if critical error occurred within tsk core

Definition at line 741 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().

Referenced by org.sleuthkit.datamodel.AbstractFile.convertToImgOffset(), org.sleuthkit.datamodel.AbstractFile.convertToImgRanges(), org.sleuthkit.datamodel.LayoutFile.getNumParts(), and org.sleuthkit.datamodel.LayoutFile.readInt().

String org.sleuthkit.datamodel.AbstractFile.getSha1Hash ( )

Get the SHA-1 hash value as calculated, if present

Returns
SHA-1 hash string, if it is present or null if it is not

Definition at line 571 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha1Hash.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

String org.sleuthkit.datamodel.AbstractFile.getSha256Hash ( )

Get the SHA-256 hash value as calculated, if present

Returns
SHA-256 hash string, if it is present or null if it is not

Definition at line 549 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha256Hash.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

long org.sleuthkit.datamodel.AbstractFile.getSize ( )

Get size of the file

Returns
file size in bytes

Implements org.sleuthkit.datamodel.Content.

Definition at line 693 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.size.

Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().

TskData.TSK_DB_FILES_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getType ( )

Gets type of the abstract file as defined in TSK_DB_FILES_TYPE_ENUM

Returns
the type of the abstract file

Definition at line 235 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.fileType.

int org.sleuthkit.datamodel.AbstractFile.getUid ( )

Get the user id

Returns
user id

Definition at line 334 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.uid.

String org.sleuthkit.datamodel.AbstractFile.getUniquePath ( ) throws TskCoreException
boolean org.sleuthkit.datamodel.AbstractFile.hasFileSystem ( )

Check if this AbstractFile belongs to a file system.

Returns
True if the file belongs to a file system, false otherwise.

Definition at line 1476 of file AbstractFile.java.

boolean org.sleuthkit.datamodel.AbstractFile.isDir ( )

Is this object a directory. Should return true for file system folders and virtual folders.

Returns
true if directory, false otherwise

Definition at line 873 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.

Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().

boolean org.sleuthkit.datamodel.AbstractFile.isDirNameFlagSet ( TSK_FS_NAME_FLAG_ENUM  flag)
Parameters
flagthe TSK_FS_NAME_FLAG_ENUM to check
Returns
true if the given flag is set in this FsContent object.

Definition at line 971 of file AbstractFile.java.

boolean org.sleuthkit.datamodel.AbstractFile.isFile ( )

Is this object a file. Should return true for all types of files, including file system, logical, derived, layout, and slack space for files.

Returns
true if a file, false otherwise

Definition at line 860 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.

boolean org.sleuthkit.datamodel.AbstractFile.isMetaFlagSet ( TSK_FS_META_FLAG_ENUM  metaFlag)
Parameters
metaFlagthe TSK_FS_META_FLAG_ENUM to check
Returns
true if the given meta flag is set in this FsContent object.

Definition at line 1010 of file AbstractFile.java.

MimeMatchEnum org.sleuthkit.datamodel.AbstractFile.isMimeType ( SortedSet< String >  mimeTypes)

Determines if this file's type is one of the ones passed in. Uses the blackboard attribute for file type.

Parameters
mimeTypesSet of file types to compare against
Returns

Definition at line 1343 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.FALSE, org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.TRUE, and org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.UNDEFINED.

boolean org.sleuthkit.datamodel.AbstractFile.isModeSet ( TskData.TSK_FS_META_MODE_ENUM  mode)

Definition at line 505 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.modes.

abstract boolean org.sleuthkit.datamodel.AbstractFile.isRoot ( )
abstract

Is this a root of a file system

Returns
true if root of a file system, false otherwise
boolean org.sleuthkit.datamodel.AbstractFile.isVirtual ( )

is this a virtual file or directory that was created by The Sleuth Kit or Autopsy for general structure and organization.

Returns
true if it's virtual, false otherwise

Definition at line 847 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

List<AbstractFile> org.sleuthkit.datamodel.AbstractFile.listFiles ( ) throws TskCoreException
Returns
a list of AbstractFiles that are the children of this Directory. Only returns children of type TskData.TSK_DB_FILES_TYPE_ENUM.FS.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 925 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.getChildren().

BlackboardArtifact org.sleuthkit.datamodel.AbstractFile.newArtifact ( int  artifactTypeID) throws TskCoreException

Create and add an artifact associated with this content to the blackboard

Parameters
artifactTypeIDid of the artifact type (if the id doesn't already exist an exception will be thrown)
Returns
the blackboard artifact created (the artifact type id can be looked up from this)
Exceptions
TskCoreExceptionif critical error occurred within tsk core
Deprecated:
Please use newDataArtifact or newAnalysisResult.

Implements org.sleuthkit.datamodel.Content.

Definition at line 1569 of file AbstractFile.java.

References org.sleuthkit.datamodel.BlackboardArtifact.newArtifact().

DataArtifact org.sleuthkit.datamodel.AbstractFile.newDataArtifact ( BlackboardArtifact.Type  artifactType,
Collection< BlackboardAttribute attributesList 
) throws TskCoreException

Create and add a data artifact associated with this abstract file. This method creates the data artifact with the os account id associated with this abstract file if one exists.

Parameters
artifactTypeType of data artifact to create.
attributesListAdditional attributes to attach to this data artifact.
Returns
DataArtifact New data artifact.
Exceptions
TskCoreExceptionIf a critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 1587 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId(), and org.sleuthkit.datamodel.BlackboardArtifact.newDataArtifact().

final int org.sleuthkit.datamodel.AbstractFile.read ( byte[]  buf,
long  offset,
long  len 
) throws TskCoreException

Reads data that this content object is associated with (file contents, volume contents, etc.).

Parameters
bufa character array of data (in bytes) to copy read data to
offsetbyte offset in the content to start reading from
lennumber of bytes to read into buf.
Returns
num of bytes read, or -1 on error
Exceptions
TskCoreExceptionif critical error occurred during read in the tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 1042 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.readInt(), and org.sleuthkit.datamodel.AbstractFile.readLocal().

int org.sleuthkit.datamodel.AbstractFile.readInt ( byte[]  buf,
long  offset,
long  len 
) throws TskCoreException
protected

Internal custom read (non-local) method that child classes can implement

Parameters
bufbuffer to read into
offsetstart reading position in the file
lennumber of bytes to read
Returns
number of bytes read
Exceptions
TskCoreExceptionexception thrown when file could not be read

Definition at line 1064 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.read().

final int org.sleuthkit.datamodel.AbstractFile.readLocal ( byte[]  buf,
long  offset,
long  len 
) throws TskCoreException
protected

Local file path read support

Parameters
bufbuffer to read into
offsetstart reading position in the file
lennumber of bytes to read
Returns
number of bytes read
Exceptions
TskCoreExceptionexception thrown when file could not be read

Definition at line 1079 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.getSize(), org.sleuthkit.datamodel.AbstractFile.isDir(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

Referenced by org.sleuthkit.datamodel.AbstractFile.read().

void org.sleuthkit.datamodel.AbstractFile.save ( ) throws TskCoreException

Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state.

Exceptions
TskCoreExceptionif there is an error saving the editable file properties to the case database.

Definition at line 1360 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

void org.sleuthkit.datamodel.AbstractFile.save ( CaseDbTransaction  transaction) throws TskCoreException

Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state, in the context of a given case database transaction.

Parameters
transactionThe transaction.
Exceptions
TskCoreExceptionif there is an error saving the editable file properties to the case database.

Definition at line 1384 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractFile.getKnown(), org.sleuthkit.datamodel.AbstractFile.getMd5Hash(), org.sleuthkit.datamodel.AbstractFile.getMIMEType(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractFile.getSha1Hash(), and org.sleuthkit.datamodel.AbstractFile.getSha256Hash().

void org.sleuthkit.datamodel.AbstractFile.setKnown ( TskData.FileKnown  knownState)

Sets the known state for this file. Passed in value will be ignored if it is "less" than the current state. A NOTABLE file cannot be downgraded to KNOWN.

IMPORTANT: The known state is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
knownStateThe known state of the file.

Definition at line 655 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.knownState.

void org.sleuthkit.datamodel.AbstractFile.setLocalPath ( String  localPath,
boolean  isAbsolute 
)
protected

Set local path for the file, as stored in db tsk_files_path, relative to the case db path or an absolute path. When set, subsequent invocations of read() will read the file in the local path.

Parameters
localPathlocal path to be set
isAbsolutetrue if the path is absolute, false if relative to the case db
Deprecated:
Do not make subclasses outside of this package.

Definition at line 1626 of file AbstractFile.java.

void org.sleuthkit.datamodel.AbstractFile.setMd5Hash ( String  md5Hash)

Sets the MD5 hash for this file.

IMPORTANT: The MD5 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
md5HashThe MD5 hash of the file.

Definition at line 517 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.md5Hash.

void org.sleuthkit.datamodel.AbstractFile.setMIMEType ( String  mimeType)

Sets the MIME type for this file.

IMPORTANT: The MIME type is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
mimeTypeThe MIME type of this file.

Definition at line 500 of file AbstractFile.java.

void org.sleuthkit.datamodel.AbstractFile.setSha1Hash ( String  sha1Hash)

Sets the SHA-1 hash for this file.

IMPORTANT: The SHA-1 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
sha1HashThe SHA-1 hash of the file.

Definition at line 561 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha1Hash.

void org.sleuthkit.datamodel.AbstractFile.setSha256Hash ( String  sha256Hash)

Sets the SHA-256 hash for this file.

IMPORTANT: The SHA-256 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
sha256HashThe SHA-256 hash of the file.

Definition at line 539 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha256Hash.

static long org.sleuthkit.datamodel.AbstractFile.timeToEpoch ( String  time)
static

Convert from ISO 8601 formatted date time string to epoch time in seconds

Parameters
timeformatted date time string as "yyyy-MM-dd HH:mm:ss"
Returns
epoch time in seconds

Definition at line 1673 of file AbstractFile.java.

References org.sleuthkit.datamodel.TimeUtilities.timeToEpoch().

String org.sleuthkit.datamodel.AbstractFile.toString ( boolean  preserveState)

Member Data Documentation

final TskData.TSK_FS_ATTR_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.attrType
protected
final Long org.sleuthkit.datamodel.AbstractFile.fileSystemObjectId
protected

Definition at line 57 of file AbstractFile.java.

final TskData.TSK_DB_FILES_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.fileType
protected
final int org.sleuthkit.datamodel.AbstractFile.metaSeq
protected
String org.sleuthkit.datamodel.AbstractFile.sha1Hash
protected
String org.sleuthkit.datamodel.AbstractFile.sha256Hash
protected
final int org.sleuthkit.datamodel.AbstractFile.uid
protected

The documentation for this class was generated from the following file:

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.