Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractContent.
Classes | |
class | OsAccountAttribute |
enum | OsAccountDbStatus |
enum | OsAccountStatus |
enum | OsAccountType |
Public Member Functions | |
void | close () |
Optional< String > | getAddr () |
Optional< Long > | getCreationTime () |
synchronized List< OsAccountAttribute > | getExtendedOsAccountAttributes () throws TskCoreException |
Optional< String > | getFullName () |
long | getId () |
Optional< String > | getLoginName () |
OsAccountDbStatus | getOsAccountDbStatus () |
synchronized List< OsAccountInstance > | getOsAccountInstances () throws TskCoreException |
Optional< OsAccountStatus > | getOsAccountStatus () |
Optional< OsAccountType > | getOsAccountType () |
long | getRealmId () |
long | getSize () |
SleuthkitCase | getSleuthkitCase () |
int | read (byte[] buf, long offset, long len) throws TskCoreException |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
boolean | equals (Object obj) |
Score | getAggregateScore () throws TskCoreException |
List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
long | getAllArtifactsCount () throws TskCoreException |
List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
int | getChildrenCount () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
Content | getDataSource () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Set< String > | getHashSetNames () throws TskCoreException |
long | getId () |
String | getName () |
Content | getParent () throws TskCoreException |
Optional< Long > | getParentId () throws TskCoreException |
SleuthkitCase | getSleuthkitCase () |
String | getUniquePath () throws TskCoreException |
boolean | hasChildren () throws TskCoreException |
int | hashCode () |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
String | toString () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Additional Inherited Members | |
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
static final long | UNKNOWN_ID = -1 |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
long | parentId |
Abstracts an OS user account. OS Accounts have a scope, which is defined by their parent OsAccountRealm.
An OS user account may own files and (some) artifacts.
OsAcounts can be created with minimal data and updated as more is learned. Caller must call update() to save any new data.
Definition at line 35 of file OsAccount.java.
void org.sleuthkit.datamodel.OsAccount.close | ( | ) |
Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.
Implements org.sleuthkit.datamodel.Content.
Definition at line 386 of file OsAccount.java.
Optional<String> org.sleuthkit.datamodel.OsAccount.getAddr | ( | ) |
Get the unique identifier for the account, such as UID or SID. The id is unique within the account realm.
Definition at line 266 of file OsAccount.java.
Optional<Long> org.sleuthkit.datamodel.OsAccount.getCreationTime | ( | ) |
Get account creation time.
Definition at line 313 of file OsAccount.java.
synchronized List<OsAccountAttribute> org.sleuthkit.datamodel.OsAccount.getExtendedOsAccountAttributes | ( | ) | throws TskCoreException |
Get additional account attributes.
TskCoreException |
Definition at line 351 of file OsAccount.java.
References org.sleuthkit.datamodel.SleuthkitCase.getOsAccountManager().
Optional<String> org.sleuthkit.datamodel.OsAccount.getFullName | ( | ) |
Get account user full name, such as "John Doe"
Definition at line 304 of file OsAccount.java.
long org.sleuthkit.datamodel.OsAccount.getId | ( | ) |
Get the account Object Id that is unique within the scope of the case.
Implements org.sleuthkit.datamodel.Content.
Definition at line 256 of file OsAccount.java.
Referenced by org.sleuthkit.datamodel.OsAccountManager.newOsAccountInstance(), and org.sleuthkit.datamodel.OsAccount.OsAccountAttribute.OsAccountAttribute().
Optional<String> org.sleuthkit.datamodel.OsAccount.getLoginName | ( | ) |
Get account login name, such as "jdoe"
Definition at line 286 of file OsAccount.java.
OsAccountDbStatus org.sleuthkit.datamodel.OsAccount.getOsAccountDbStatus | ( | ) |
Get account status in the database.
Definition at line 340 of file OsAccount.java.
synchronized List<OsAccountInstance> org.sleuthkit.datamodel.OsAccount.getOsAccountInstances | ( | ) | throws TskCoreException |
Return the os account instances.
TskCoreException |
Definition at line 365 of file OsAccount.java.
References org.sleuthkit.datamodel.OsAccountManager.getOsAccountInstances(), and org.sleuthkit.datamodel.SleuthkitCase.getOsAccountManager().
Optional<OsAccountStatus> org.sleuthkit.datamodel.OsAccount.getOsAccountStatus | ( | ) |
Get account status.
Definition at line 331 of file OsAccount.java.
Optional<OsAccountType> org.sleuthkit.datamodel.OsAccount.getOsAccountType | ( | ) |
long org.sleuthkit.datamodel.OsAccount.getRealmId | ( | ) |
Get the ID for the account realm. Get the Realm via OsAccountRealmManager.getRealmByRealmId() NOTE: The realm may get updated as more data is parsed, so listen for events to update as needed.
Definition at line 277 of file OsAccount.java.
long org.sleuthkit.datamodel.OsAccount.getSize | ( | ) |
Get the (reported) size of the content object and, in theory, how much you should be able to read from it. In some cases, data corruption may mean that you cannot read this much data.
Implements org.sleuthkit.datamodel.Content.
Definition at line 391 of file OsAccount.java.
SleuthkitCase org.sleuthkit.datamodel.OsAccount.getSleuthkitCase | ( | ) |
Gets the SleuthKit case database for this account.
Definition at line 375 of file OsAccount.java.
int org.sleuthkit.datamodel.OsAccount.read | ( | byte[] | buf, |
long | offset, | ||
long | len | ||
) | throws TskCoreException |
Reads data that this content object is associated with (file contents, volume contents, etc.).
buf | a character array of data (in bytes) to copy read data to |
offset | byte offset in the content to start reading from |
len | number of bytes to read into buf. |
TskCoreException | if critical error occurred during read in the tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 380 of file OsAccount.java.
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.