Sleuth Kit Java Bindings (JNI)  4.11.1
Java bindings for using The Sleuth Kit
Classes | Public Member Functions | List of all members
org.sleuthkit.datamodel.OsAccountManager Class Reference

Classes

class  NotUserSIDException
 
class  OsAccountUpdateResult
 
enum  OsAccountUpdateStatus
 

Public Member Functions

void addExtendedOsAccountAttributes (OsAccount account, List< OsAccountAttribute > accountAttributes) throws TskCoreException
 
List< HostgetHosts (OsAccount account) throws TskCoreException
 
OsAccount getOsAccountByObjectId (long osAccountObjId) throws TskCoreException
 
List< OsAccountInstancegetOsAccountInstances (OsAccount account) throws TskCoreException
 
List< OsAccountInstancegetOsAccountInstances (List< Long > instanceIDs) throws TskCoreException
 
List< OsAccountgetOsAccounts (Host host) throws TskCoreException
 
List< OsAccountgetOsAccounts () throws TskCoreException
 
List< OsAccountgetOsAccountsByDataSourceObjId (long dataSourceId) throws TskCoreException
 
Optional< OsAccountgetWindowsOsAccount (String sid, String loginName, String realmName, Host referringHost) throws TskCoreException, NotUserSIDException
 
OsAccountInstance newOsAccountInstance (OsAccount osAccount, DataSource dataSource, OsAccountInstance.OsAccountInstanceType instanceType) throws TskCoreException
 
OsAccount newWindowsOsAccount (String sid, String loginName, String realmName, Host referringHost, OsAccountRealm.RealmScope realmScope) throws TskCoreException, NotUserSIDException
 
OsAccount newWindowsOsAccount (String sid, String loginName, OsAccountRealm realm) throws TskCoreException, NotUserSIDException
 
OsAccountUpdateResult updateCoreWindowsOsAccountAttributes (OsAccount osAccount, String accountSid, String loginName, String realmName, Host referringHost) throws TskCoreException, NotUserSIDException
 
OsAccountUpdateResult updateStandardOsAccountAttributes (OsAccount osAccount, String fullName, OsAccountType accountType, OsAccountStatus accountStatus, Long creationTime) throws TskCoreException
 

Detailed Description

Responsible for creating/updating/retrieving the OS accounts for files and artifacts.

Definition at line 53 of file OsAccountManager.java.

Member Function Documentation

void org.sleuthkit.datamodel.OsAccountManager.addExtendedOsAccountAttributes ( OsAccount  account,
List< OsAccountAttribute accountAttributes 
) throws TskCoreException

Adds a rows to the tsk_os_account_attributes table for the given set of attribute.

Parameters
accountAccount for which the attributes is being added.
accountAttributesList of attributes to add.
Exceptions
TskCoreException

Definition at line 1163 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DOUBLE, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.INTEGER, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON, org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING.

List<Host> org.sleuthkit.datamodel.OsAccountManager.getHosts ( OsAccount  account) throws TskCoreException

Returns a list of hosts where the OsAccount has appeared.

Parameters
accountOsAccount
Returns
List of Hosts that reference the given OsAccount.
Exceptions
TskCoreException

Definition at line 1746 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

OsAccount org.sleuthkit.datamodel.OsAccountManager.getOsAccountByObjectId ( long  osAccountObjId) throws TskCoreException

Get the OS Account with the given object id.

Parameters
osAccountObjIdObject id for the account.
Returns
OsAccount.
Exceptions
TskCoreExceptionIf there is an error getting the account.

Definition at line 533 of file OsAccountManager.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.OsAccountInstance.getOsAccount().

List<OsAccountInstance> org.sleuthkit.datamodel.OsAccountManager.getOsAccountInstances ( OsAccount  account) throws TskCoreException

Gets the OS account instances for a given OS account.

Parameters
accountThe OS account.
Returns
The OS account instances, may be an empty list.
Exceptions
TskCoreException

Definition at line 1300 of file OsAccountManager.java.

Referenced by org.sleuthkit.datamodel.OsAccount.getOsAccountInstances().

List<OsAccountInstance> org.sleuthkit.datamodel.OsAccountManager.getOsAccountInstances ( List< Long >  instanceIDs) throws TskCoreException

Gets the OS account instances with the given instance IDs.

Parameters
instanceIDsThe instance IDs.
Returns
The OS account instances.
Exceptions
TskCoreExceptionThrown if there is an error querying the case database.

Definition at line 1315 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<OsAccount> org.sleuthkit.datamodel.OsAccountManager.getOsAccounts ( Host  host) throws TskCoreException

Get all accounts that had an instance on the specified host.

Parameters
hostHost for which to look accounts for.
Returns
Set of OsAccounts, may be empty.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 747 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<OsAccount> org.sleuthkit.datamodel.OsAccountManager.getOsAccounts ( ) throws TskCoreException

Get all active accounts.

Returns
Set of OsAccounts, may be empty.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 1072 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<OsAccount> org.sleuthkit.datamodel.OsAccountManager.getOsAccountsByDataSourceObjId ( long  dataSourceId) throws TskCoreException

Get all accounts that had an instance on the specified data source.

Parameters
dataSourceIdData source id for which to look accounts for.
Returns
Set of OsAccounts, may be empty.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 782 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Optional<OsAccount> org.sleuthkit.datamodel.OsAccountManager.getWindowsOsAccount ( String  sid,
String  loginName,
String  realmName,
Host  referringHost 
) throws TskCoreException, NotUserSIDException

Gets an OS account using Windows-specific data.

Parameters
sidAccount SID, maybe null if loginName is supplied.
loginNameLogin name, maybe null if sid is supplied.
realmNameRealm within which the accountId or login name is unique. Can be null if sid is supplied.
referringHostHost referring the account.
Returns
Optional with OsAccount, Optional.empty if no matching OsAccount is found.
Exceptions
TskCoreExceptionIf there is an error getting the account.
NotUserSIDExceptionIf the given SID is not a user SID.

Definition at line 1108 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.getOsAccountRealmManager(), and org.sleuthkit.datamodel.OsAccountRealmManager.getWindowsRealm().

OsAccountInstance org.sleuthkit.datamodel.OsAccountManager.newOsAccountInstance ( OsAccount  osAccount,
DataSource  dataSource,
OsAccountInstance.OsAccountInstanceType  instanceType 
) throws TskCoreException

Records that an OsAccount was used or referenced on a given data source. This data is automatically recorded when a file or DataArtifact is created.

Use this method to explicitly record the association when: - Parsing account information (such as in the registry) because the account may already exist in the database, but the account did not create any files. Therefore, no instance for it would be automatically created, even though you found data about it. - You want to associate more than one OsAccount with a DataArtifact. Call this for each OsAccount not specified in 'newDataArtifact()'.

This method does nothing if the instance is already recorded.

Parameters
osAccountAccount for which an instance needs to be added.
dataSourceData source where the instance is found.
instanceTypeInstance type.
Returns
OsAccountInstance Existing or newly created account instance.
Exceptions
TskCoreExceptionIf there is an error creating the account instance.

Definition at line 595 of file OsAccountManager.java.

References org.sleuthkit.datamodel.Content.getId(), and org.sleuthkit.datamodel.OsAccount.getId().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile(), and org.sleuthkit.datamodel.Blackboard.newDataArtifact().

OsAccount org.sleuthkit.datamodel.OsAccountManager.newWindowsOsAccount ( String  sid,
String  loginName,
String  realmName,
Host  referringHost,
OsAccountRealm.RealmScope  realmScope 
) throws TskCoreException, NotUserSIDException

Creates an OS account with Windows-specific data. If an account already exists with the given id or realm/login, then the existing OS account is returned.

If the account realm already exists, but is missing the address or the realm name, the realm is updated.

Parameters
sidAccount sid/uid, can be null if loginName is supplied.
loginNameLogin name, can be null if sid is supplied.
realmNameRealm within which the accountId or login name is unique. Can be null if sid is supplied.
referringHostHost referring the account.
realmScopeRealm scope.
Returns
OsAccount.
Exceptions
TskCoreExceptionIf there is an error in creating the OSAccount.
OsAccountManager.NotUserSIDExceptionIf the given SID is not a user SID.

Definition at line 149 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.getOsAccountRealmManager(), org.sleuthkit.datamodel.OsAccountRealmManager.OsRealmUpdateResult.getUpdatedRealm(), org.sleuthkit.datamodel.OsAccountRealmManager.OsRealmUpdateResult.getUpdateStatus(), org.sleuthkit.datamodel.OsAccountRealmManager.newWindowsRealm(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), and org.sleuthkit.datamodel.OsAccountRealmManager.OsRealmUpdateStatus.UPDATED.

OsAccount org.sleuthkit.datamodel.OsAccountManager.newWindowsOsAccount ( String  sid,
String  loginName,
OsAccountRealm  realm 
) throws TskCoreException, NotUserSIDException

Creates an OS account with Windows-specific data. If an account already exists with the given id or realm/login, then the existing OS account is returned.

Parameters
sidAccount sid/uid, can be null if loginName is supplied.
loginNameLogin name, can be null if sid is supplied.
realmThe associated realm.
Returns
OsAccount.
Exceptions
TskCoreExceptionIf there is an error in creating the OSAccount.
OsAccountManager.NotUserSIDExceptionIf the given SID is not a user SID.

Definition at line 253 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.OsAccountRealm.getRealmNames(), org.sleuthkit.datamodel.OsAccountRealm.getScopeHost(), org.sleuthkit.datamodel.OsAccountManager.OsAccountUpdateResult.getUpdatedAccount(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.OsAccount.OsAccountStatus.UNKNOWN, and org.sleuthkit.datamodel.OsAccountManager.updateStandardOsAccountAttributes().

OsAccountUpdateResult org.sleuthkit.datamodel.OsAccountManager.updateCoreWindowsOsAccountAttributes ( OsAccount  osAccount,
String  accountSid,
String  loginName,
String  realmName,
Host  referringHost 
) throws TskCoreException, NotUserSIDException

Update the address and/or login name for the specified account in the database. Also update the realm addr/name if needed.

A column is updated only if its current value is null and a non-null value has been specified.

Parameters
osAccountOsAccount that needs to be updated in the database.
accountSidAccount SID, may be null.
loginNameLogin name, may be null.
realmNameRealm name for the account.
referringHostHost.
Returns
OsAccountUpdateResult Account update status, and the updated account.
Exceptions
TskCoreExceptionIf there is a database error or if the updated information conflicts with an existing account.

Definition at line 1589 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

OsAccountUpdateResult org.sleuthkit.datamodel.OsAccountManager.updateStandardOsAccountAttributes ( OsAccount  osAccount,
String  fullName,
OsAccountType  accountType,
OsAccountStatus  accountStatus,
Long  creationTime 
) throws TskCoreException

Updates the properties of the specified account in the database.

A column is updated only if a non-null value has been specified.

Parameters
osAccountOsAccount that needs to be updated in the database.
fullNameFull name, may be null.
accountTypeAccount type, may be null
accountStatusAccount status, may be null.
creationTimeCreation time, may be null.
Returns
OsAccountUpdateResult Account update status, and updated account.
Exceptions
TskCoreExceptionIf there is a database error or if the updated information conflicts with an existing account.

Definition at line 1418 of file OsAccountManager.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

Referenced by org.sleuthkit.datamodel.OsAccountManager.newWindowsOsAccount().

The documentation for this class was generated from the following file:

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.