Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractContent, and org.sleuthkit.datamodel.DataSource.
Public Member Functions | |
void | close () |
void | finalize () throws Throwable |
String | getAcquisitionDetails () throws TskCoreException |
String | getAcquisitionToolName () throws TskCoreException |
String | getAcquisitionToolSettings () throws TskCoreException |
String | getAcquisitionToolVersion () throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
long | getContentSize (SleuthkitCase sleuthkitCase) throws TskCoreException |
Content | getDataSource () |
Long | getDateAdded () throws TskCoreException |
String | getDeviceId () |
List< FileSystem > | getFileSystems () throws TskCoreException |
Host | getHost () throws TskCoreException |
synchronized long | getImageHandle () throws TskCoreException |
String | getMd5 () throws TskCoreException |
String[] | getPaths () |
String | getSha1 () throws TskCoreException |
String | getSha256 () throws TskCoreException |
long | getSize () |
long | getSsize () |
String | getTimeZone () |
TskData.TSK_IMG_TYPE_ENUM | getType () |
String | getUniquePath () throws TskCoreException |
List< Volume > | getVolumes () throws TskCoreException |
List< VolumeSystem > | getVolumeSystems () throws TskCoreException |
Boolean | imageFileExists () |
int | read (byte[] buf, long offset, long len) throws TskCoreException |
void | setAcquisitionDetails (String details) throws TskCoreException |
void | setAcquisitionToolDetails (String name, String version, String settings) throws TskCoreException |
void | setDisplayName (String newName) throws TskCoreException |
void | setMD5 (String md5) throws TskCoreException, TskDataException |
void | setSha1 (String sha1) throws TskCoreException, TskDataException |
void | setSha256 (String sha256) throws TskCoreException, TskDataException |
void | setSizes (long totalSize, long sectorSize) throws TskCoreException |
String | toString (boolean preserveState) |
String | verifyImageSize () |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
boolean | equals (Object obj) |
Score | getAggregateScore () throws TskCoreException |
List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
long | getAllArtifactsCount () throws TskCoreException |
List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
int | getChildrenCount () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
Content | getDataSource () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Set< String > | getHashSetNames () throws TskCoreException |
long | getId () |
String | getName () |
Content | getParent () throws TskCoreException |
Optional< Long > | getParentId () throws TskCoreException |
SleuthkitCase | getSleuthkitCase () |
String | getUniquePath () throws TskCoreException |
boolean | hasChildren () throws TskCoreException |
int | hashCode () |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
String | toString () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Protected Member Functions | |
Image (SleuthkitCase db, long obj_id, long type, long ssize, String name, String[] paths, String timezone, String md5) throws TskCoreException | |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Additional Inherited Members | |
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
static final long | UNKNOWN_ID = -1 |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
long | parentId |
Represents a disk image file, stored in tsk_image_info. Populated based on data in database.
Caches internal tsk image handle and reuses it for reads
Definition at line 39 of file Image.java.
|
protected |
Create a disk image.
Note: Most inputs originate from the database.
db | Case database. |
obj_id | Object ID. |
type | Image type. |
ssize | Sector size. |
name | Display name. |
paths | Image paths. |
timezone | Timezone. |
md5 | MD5 hash. |
TskCoreException |
Definition at line 72 of file Image.java.
void org.sleuthkit.datamodel.Image.close | ( | ) |
Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.
Implements org.sleuthkit.datamodel.Content.
Definition at line 144 of file Image.java.
void org.sleuthkit.datamodel.Image.finalize | ( | ) | throws Throwable |
Definition at line 150 of file Image.java.
String org.sleuthkit.datamodel.Image.getAcquisitionDetails | ( | ) | throws TskCoreException |
Gets the acquisition details field from the case database.
TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 599 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
String org.sleuthkit.datamodel.Image.getAcquisitionToolName | ( | ) | throws TskCoreException |
Gets the acquisition tool name field from the case database.
TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 565 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
String org.sleuthkit.datamodel.Image.getAcquisitionToolSettings | ( | ) | throws TskCoreException |
Gets the acquisition tool settings field from the case database.
TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 554 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
String org.sleuthkit.datamodel.Image.getAcquisitionToolVersion | ( | ) | throws TskCoreException |
Gets the acquisition tool version field from the case database.
TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 576 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
List<Content> org.sleuthkit.datamodel.Image.getChildren | ( | ) | throws TskCoreException |
Gets the child content objects of this content.
TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 290 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.Image.getVolumes(), and org.sleuthkit.datamodel.Image.getVolumeSystems().
List<Long> org.sleuthkit.datamodel.Image.getChildrenIds | ( | ) | throws TskCoreException |
Gets the child content ids of this content.
TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 295 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
long org.sleuthkit.datamodel.Image.getContentSize | ( | SleuthkitCase | sleuthkitCase | ) | throws TskCoreException |
Gets the size of the contents of the data source in bytes. This size can change as archive files within the data source are expanded, files are carved, etc., and is different from the size of the data source as returned by Content.getSize, which is the size of the data source as a file.
sleuthkitCase | The sleuthkit case instance from which to make calls to the database. |
TskCoreException | Thrown when there is an issue trying to retrieve data from the database. |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 495 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getId().
Content org.sleuthkit.datamodel.Image.getDataSource | ( | ) |
Gets the root data source (image, virtual directory, etc.) of this content.
TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 139 of file Image.java.
Long org.sleuthkit.datamodel.Image.getDateAdded | ( | ) | throws TskCoreException |
Gets the added date field from the case database.
TskCoreException | Thrown if the data can not be read |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 587 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
String org.sleuthkit.datamodel.Image.getDeviceId | ( | ) |
Gets the ASCII-printable identifier for the device associated with the data source. This identifier is intended to be unique across multiple cases (e.g., a UUID).
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 463 of file Image.java.
List<FileSystem> org.sleuthkit.datamodel.Image.getFileSystems | ( | ) | throws TskCoreException |
TskCoreException |
Definition at line 263 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.Image.verifyImageSize().
Host org.sleuthkit.datamodel.Image.getHost | ( | ) | throws TskCoreException |
Gets the host for this data source.
TskCoreException |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 611 of file Image.java.
References org.sleuthkit.datamodel.HostManager.getHostByDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getHostManager(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
synchronized long org.sleuthkit.datamodel.Image.getImageHandle | ( | ) | throws TskCoreException |
Get the handle to the sleuthkit image info object
TskCoreException |
Definition at line 122 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitJNI.openImage().
Referenced by org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle(), org.sleuthkit.datamodel.Image.read(), and org.sleuthkit.datamodel.LayoutFile.readInt().
String org.sleuthkit.datamodel.Image.getMd5 | ( | ) | throws TskCoreException |
Gets the md5 hash value
TskCoreException |
Definition at line 378 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.Image.setMD5().
String [] org.sleuthkit.datamodel.Image.getPaths | ( | ) |
String org.sleuthkit.datamodel.Image.getSha1 | ( | ) | throws TskCoreException |
gets the SHA1 hash value
TskCoreException | on DB error. |
Definition at line 392 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.Image.setSha1().
String org.sleuthkit.datamodel.Image.getSha256 | ( | ) | throws TskCoreException |
gets the SHA256 hash value
TskCoreException |
Definition at line 406 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.Image.setSha256().
long org.sleuthkit.datamodel.Image.getSize | ( | ) |
Get the (reported) size of the content object and, in theory, how much you should be able to read from it. In some cases, data corruption may mean that you cannot read this much data.
Implements org.sleuthkit.datamodel.Content.
Definition at line 173 of file Image.java.
References org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSize(), and org.sleuthkit.datamodel.AbstractContent.getName().
long org.sleuthkit.datamodel.Image.getSsize | ( | ) |
String org.sleuthkit.datamodel.Image.getTimeZone | ( | ) |
Get the timezone set for the image
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 275 of file Image.java.
Referenced by org.sleuthkit.datamodel.BlackboardAttribute.getDisplayString().
TskData.TSK_IMG_TYPE_ENUM org.sleuthkit.datamodel.Image.getType | ( | ) |
Get the image type
Definition at line 193 of file Image.java.
References org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.valueOf().
String org.sleuthkit.datamodel.Image.getUniquePath | ( | ) | throws TskCoreException |
Implements org.sleuthkit.datamodel.Content.
Definition at line 207 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getName().
List<Volume> org.sleuthkit.datamodel.Image.getVolumes | ( | ) | throws TskCoreException |
TskCoreException |
Definition at line 243 of file Image.java.
References org.sleuthkit.datamodel.Image.getChildren().
List<VolumeSystem> org.sleuthkit.datamodel.Image.getVolumeSystems | ( | ) | throws TskCoreException |
TskCoreException |
Definition at line 225 of file Image.java.
References org.sleuthkit.datamodel.Image.getChildren().
Referenced by org.sleuthkit.datamodel.Image.verifyImageSize().
Boolean org.sleuthkit.datamodel.Image.imageFileExists | ( | ) |
Test if the file that created this image exists on disk. Does not work on local disks - will always return false
Definition at line 310 of file Image.java.
References org.sleuthkit.datamodel.AbstractFile.exists().
int org.sleuthkit.datamodel.Image.read | ( | byte[] | buf, |
long | offset, | ||
long | len | ||
) | throws TskCoreException |
Reads data that this content object is associated with (file contents, volume contents, etc.).
buf | a character array of data (in bytes) to copy read data to |
offset | byte offset in the content to start reading from |
len | number of bytes to read into buf. |
TskCoreException | if critical error occurred during read in the tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 162 of file Image.java.
References org.sleuthkit.datamodel.Image.getImageHandle(), and org.sleuthkit.datamodel.SleuthkitJNI.readImg().
Referenced by org.sleuthkit.datamodel.Image.verifyImageSize().
void org.sleuthkit.datamodel.Image.setAcquisitionDetails | ( | String | details | ) | throws TskCoreException |
Sets the acquisition details field in the case database.
details | The acquisition details |
TskCoreException | Thrown if the data can not be written |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 528 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
void org.sleuthkit.datamodel.Image.setAcquisitionToolDetails | ( | String | name, |
String | version, | ||
String | settings | ||
) | throws TskCoreException |
Sets the acquisition tool details such as its name, version number and any settings used during the acquisition to acquire data.
name | The name of the acquisition tool. May be NULL. |
version | The acquisition tool version number. May be NULL. |
settings | The settings used by the acquisition tool. May be NULL. |
TskCoreException | Thrown if the data can not be written |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 543 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
void org.sleuthkit.datamodel.Image.setDisplayName | ( | String | newName | ) | throws TskCoreException |
Set the name for this data source.
newName | The new name for the data source |
TskCoreException | Thrown if an error occurs while updating the database |
Implements org.sleuthkit.datamodel.DataSource.
Definition at line 475 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
void org.sleuthkit.datamodel.Image.setMD5 | ( | String | md5 | ) | throws TskCoreException, TskDataException |
md5 |
TskCoreException | On DB errors |
TskDataException | If hash has already been set |
Definition at line 419 of file Image.java.
References org.sleuthkit.datamodel.Image.getMd5(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
void org.sleuthkit.datamodel.Image.setSha1 | ( | String | sha1 | ) | throws TskCoreException, TskDataException |
sha1 |
TskCoreException | On DB errors |
TskDataException | If hash has already been set |
Definition at line 433 of file Image.java.
References org.sleuthkit.datamodel.Image.getSha1(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
void org.sleuthkit.datamodel.Image.setSha256 | ( | String | sha256 | ) | throws TskCoreException, TskDataException |
sha256 |
TskCoreException | On DB errors |
TskDataException | If hash has already been set |
Definition at line 447 of file Image.java.
References org.sleuthkit.datamodel.Image.getSha256(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
void org.sleuthkit.datamodel.Image.setSizes | ( | long | totalSize, |
long | sectorSize | ||
) | throws TskCoreException |
Updates the image's total size and sector size.This function may be used to update the sizes after the image was created.
Can only update the sizes if they were not set before. Will throw TskCoreException if the values in the db are not 0 prior to this call.
totalSize | The total size |
sectorSize | The sector size |
TskCoreException | If there is an error updating the case database. |
Definition at line 633 of file Image.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
String org.sleuthkit.datamodel.Image.toString | ( | boolean | preserveState | ) |
Definition at line 300 of file Image.java.
String org.sleuthkit.datamodel.Image.verifyImageSize | ( | ) |
Perform some sanity checks on the bounds of the image contents to determine if we could be missing some pieces of the image.
Definition at line 326 of file Image.java.
References org.sleuthkit.datamodel.Image.getFileSystems(), org.sleuthkit.datamodel.Image.getVolumeSystems(), and org.sleuthkit.datamodel.Image.read().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.