Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractFile.
Public Member Functions | |
List< TskFileRange > | getRanges () throws TskCoreException |
boolean | isRoot () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
void | addAttributes (Collection< Attribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException |
boolean | canRead () |
void | close () |
long | convertToImgOffset (long fileOffset) throws TskCoreException |
List< TskFileRange > | convertToImgRanges (long fileOffset, long length) throws TskCoreException |
boolean | exists () |
long | getAtime () |
String | getAtimeAsDate () |
int | getAttributeId () |
List< Attribute > | getAttributes () throws TskCoreException |
short | getAttrId () |
TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
long | getCrtime () |
String | getCrtimeAsDate () |
long | getCtime () |
String | getCtimeAsDate () |
Content | getDataSource () throws TskCoreException |
long | getDataSourceObjectId () |
String | getDirFlagAsString () |
TSK_FS_NAME_TYPE_ENUM | getDirType () |
String | getDirTypeAsString () |
FileSystem | getFileSystem () throws TskCoreException |
Optional< Long > | getFileSystemObjectId () |
int | getGid () |
TskData.FileKnown | getKnown () |
String | getLocalAbsPath () |
String | getLocalPath () |
String | getMd5Hash () |
long | getMetaAddr () |
String | getMetaFlagsAsString () |
long | getMetaSeq () |
TSK_FS_META_TYPE_ENUM | getMetaType () |
String | getMetaTypeAsString () |
String | getMIMEType () |
String | getModesAsString () |
long | getMtime () |
String | getMtimeAsDate () |
String | getNameExtension () |
Optional< Long > | getOsAccountObjectId () |
Optional< String > | getOwnerUid () |
String | getParentPath () |
List< TskFileRange > | getRanges () throws TskCoreException |
String | getSha1Hash () |
String | getSha256Hash () |
long | getSize () |
TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
int | getUid () |
String | getUniquePath () throws TskCoreException |
boolean | hasFileSystem () |
boolean | isDir () |
boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
boolean | isFile () |
boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
abstract boolean | isRoot () |
boolean | isVirtual () |
List< AbstractFile > | listFiles () throws TskCoreException |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
final int | read (byte[] buf, long offset, long len) throws TskCoreException |
void | save () throws TskCoreException |
void | save (CaseDbTransaction transaction) throws TskCoreException |
void | setKnown (TskData.FileKnown knownState) |
void | setMd5Hash (String md5Hash) |
void | setMIMEType (String mimeType) |
void | setSha1Hash (String sha1Hash) |
void | setSha256Hash (String sha256Hash) |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
boolean | equals (Object obj) |
Score | getAggregateScore () throws TskCoreException |
List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
long | getAllArtifactsCount () throws TskCoreException |
List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
int | getChildrenCount () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
Content | getDataSource () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Set< String > | getHashSetNames () throws TskCoreException |
long | getId () |
String | getName () |
Content | getParent () throws TskCoreException |
Optional< Long > | getParentId () throws TskCoreException |
SleuthkitCase | getSleuthkitCase () |
String | getUniquePath () throws TskCoreException |
boolean | hasChildren () throws TskCoreException |
int | hashCode () |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
String | toString () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Protected Member Functions | |
LocalFile (SleuthkitCase db, long objId, String name, TSK_DB_FILES_TYPE_ENUM fileType, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, String md5Hash, FileKnown knownState, String parentPath, String localPath) | |
LocalFile (SleuthkitCase db, long objId, String name, TSK_DB_FILES_TYPE_ENUM fileType, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, String md5Hash, FileKnown knownState, String parentPath, String localPath, long parentId) | |
LocalFile (SleuthkitCase db, long objId, String name, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, String md5Hash, FileKnown knownState, String parentPath, String localPath, long parentId) | |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
void | finalize () throws Throwable |
int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
void | setLocalPath (String localPath, boolean isAbsolute) |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Additional Inherited Members | |
Static Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
static String | createNonUniquePath (String uniquePath) |
static String | epochToTime (long epoch) |
static String | epochToTime (long epoch, TimeZone tzone) |
static long | timeToEpoch (String time) |
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
static final long | UNKNOWN_ID = -1 |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractFile | |
final int | attrId |
final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
TSK_FS_NAME_FLAG_ENUM | dirFlag |
final TSK_FS_NAME_TYPE_ENUM | dirType |
final Long | fileSystemObjectId |
final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
TskData.FileKnown | knownState |
String | md5Hash |
final long | metaAddr |
Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
final int | metaSeq |
final TSK_FS_META_TYPE_ENUM | metaType |
final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
final String | parentPath |
String | sha1Hash |
String | sha256Hash |
long | size |
final int | uid |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
long | parentId |
A representation of a local/logical file (e.g., on a user's machine) that has been added to a case.
Definition at line 34 of file LocalFile.java.
|
protected |
Constructs a representation of a local/logical file (e.g., on a user's machine) that has been added to the case database.
db | The case database to which the file has been added. |
objId | The object id of the file in the case database. |
name | The name of the file. |
fileType | The type of the file. |
dirType | The type of the file, usually as reported in the name structure of the file system. May be set to TSK_FS_NAME_TYPE_ENUM.UNDEF. |
metaType | The type of the file, usually as reported in the metadata structure of the file system. May be set to TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF. |
dirFlag | The allocated status of the file, usually as reported in the name structure of the file system. |
metaFlags | The allocated status of the file, usually as reported in the metadata structure of the file system. |
size | The size of the file. |
ctime | The changed time of the file. |
crtime | The created time of the file. |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
md5Hash | The MD5 hash of the file, null if not yet calculated. |
knownState | The known state of the file from a hash database lookup, null if not yet looked up. |
parentPath | The path of the parent of the file. |
localPath | The absolute path of the file in secondary storage. |
Definition at line 210 of file LocalFile.java.
References org.sleuthkit.datamodel.AbstractFile.dirFlag, org.sleuthkit.datamodel.AbstractFile.dirType, org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.AbstractFile.knownState, org.sleuthkit.datamodel.AbstractFile.md5Hash, org.sleuthkit.datamodel.AbstractFile.metaFlags, org.sleuthkit.datamodel.AbstractFile.metaType, org.sleuthkit.datamodel.TskData.EncodingType.NONE, org.sleuthkit.datamodel.AbstractFile.parentPath, org.sleuthkit.datamodel.AbstractFile.size, and org.sleuthkit.datamodel.AbstractContent.UNKNOWN_ID.
|
protected |
Constructs a representation of a local/logical file (e.g., on a user's machine) that has been added to the case database.
db | The case database to which the file has been added. |
objId | The object id of the file in the case database. |
name | The name of the file. |
fileType | The type of the file. |
dirType | The type of the file, usually as reported in the name structure of the file system. May be set to TSK_FS_NAME_TYPE_ENUM.UNDEF. |
metaType | The type of the file, usually as reported in the metadata structure of the file system. May be set to TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF. |
dirFlag | The allocated status of the file, usually as reported in the name structure of the file system. |
metaFlags | The allocated status of the file, usually as reported in the metadata structure of the file system. |
size | The size of the file. |
ctime | The changed time of the file. |
crtime | The created time of the file. |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
md5Hash | The MD5 hash of the file, null if not yet calculated. |
knownState | The known state of the file from a hash database lookup, null if not yet looked up. |
parentPath | The path of the parent of the file. |
localPath | The absolute path of the file in secondary storage. |
parentId | The object id of parent of the file. |
Definition at line 269 of file LocalFile.java.
References org.sleuthkit.datamodel.AbstractFile.dirFlag, org.sleuthkit.datamodel.AbstractFile.dirType, org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.AbstractFile.knownState, org.sleuthkit.datamodel.AbstractFile.md5Hash, org.sleuthkit.datamodel.AbstractFile.metaFlags, org.sleuthkit.datamodel.AbstractFile.metaType, org.sleuthkit.datamodel.AbstractFile.parentPath, and org.sleuthkit.datamodel.AbstractFile.size.
|
protected |
Constructs a representation of a local/logical file (e.g., on a user's machine) that has been added to the case.
db | The case database to which the file has been added. |
objId | The object id of the file in the case database. |
name | The name of the file. |
dirType | The type of the file, usually as reported in the name structure of the file system. May be set to TSK_FS_NAME_TYPE_ENUM.UNDEF. |
metaType | The type of the file, usually as reported in the metadata structure of the file system. May be set to TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF. |
dirFlag | The allocated status of the file, usually as reported in the name structure of the file system. |
metaFlags | The allocated status of the file, usually as reported in the metadata structure of the file system. |
size | The size of the file. |
ctime | The changed time of the file. |
crtime | The created time of the file. |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
md5Hash | The MD5 hash of the file, null if not yet calculated. |
knownState | The known state of the file from a hash database lookup, null if not yet looked up. |
parentPath | The path of the parent of the file. |
localPath | The absolute path of the file in secondary storage. |
parentId | The object id of parent of the file. |
Definition at line 314 of file LocalFile.java.
References org.sleuthkit.datamodel.AbstractFile.dirFlag, org.sleuthkit.datamodel.AbstractFile.dirType, org.sleuthkit.datamodel.AbstractFile.knownState, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.AbstractFile.md5Hash, org.sleuthkit.datamodel.AbstractFile.metaFlags, org.sleuthkit.datamodel.AbstractFile.metaType, org.sleuthkit.datamodel.AbstractFile.parentPath, and org.sleuthkit.datamodel.AbstractFile.size.
List<TskFileRange> org.sleuthkit.datamodel.LocalFile.getRanges | ( | ) | throws TskCoreException |
Gets the extents in terms of byte addresses of this local file within its data source, an empty list.
TskCoreException | if there was an error querying the case database. |
Definition at line 123 of file LocalFile.java.
boolean org.sleuthkit.datamodel.LocalFile.isRoot | ( | ) |
Indicates whether or not this local file is the root of a file system, always returns false.
Definition at line 134 of file LocalFile.java.
String org.sleuthkit.datamodel.LocalFile.toString | ( | boolean | preserveState | ) |
Provides a string representation of this local file.
preserveState | True if state should be included in the string representation of this object. |
Definition at line 173 of file LocalFile.java.
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.