Sleuth Kit Java Bindings (JNI)
4.11.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractContent.
Public Member Functions | |
void | close () |
void | finalize () throws Throwable |
long | getAddr () |
List< Content > | getChildren () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
String | getDescription () |
List< FileSystem > | getFileSystems () throws TskCoreException |
long | getFlags () |
String | getFlagsAsString () |
long | getLength () |
long | getSize () |
long | getStart () |
String | getUniquePath () throws TskCoreException |
int | read (byte[] buf, long offset, long len) throws TskCoreException |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
boolean | equals (Object obj) |
Score | getAggregateScore () throws TskCoreException |
List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
long | getAllArtifactsCount () throws TskCoreException |
List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
int | getChildrenCount () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
Content | getDataSource () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Set< String > | getHashSetNames () throws TskCoreException |
long | getId () |
String | getName () |
Content | getParent () throws TskCoreException |
Optional< Long > | getParentId () throws TskCoreException |
SleuthkitCase | getSleuthkitCase () |
String | getUniquePath () throws TskCoreException |
boolean | hasChildren () throws TskCoreException |
int | hashCode () |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
String | toString () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Static Public Member Functions | |
static long | valueToVsFlag (String vsFlag) |
static String | vsFlagToString (long vsFlag) |
static String | vsFlagToValue (long vsFlag) |
Protected Member Functions | |
Volume (SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc) | |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Additional Inherited Members | |
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
static final long | UNKNOWN_ID = -1 |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
long | parentId |
Represents a volume in a VolumeSystem, object stored in tsk_vs_parts table. Populated based on data in database.
Definition at line 29 of file Volume.java.
|
protected |
Constructor to create the data object mapped from tsk_vs_parts entry
db | database object |
obj_id | |
addr | |
startSector | starting sector, relative to start of VS |
lengthInSectors | |
flags | |
desc |
Definition at line 51 of file Volume.java.
void org.sleuthkit.datamodel.Volume.close | ( | ) |
Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.
Implements org.sleuthkit.datamodel.Content.
Definition at line 89 of file Volume.java.
Referenced by org.sleuthkit.datamodel.Volume.finalize().
void org.sleuthkit.datamodel.Volume.finalize | ( | ) | throws Throwable |
Definition at line 97 of file Volume.java.
References org.sleuthkit.datamodel.Volume.close().
long org.sleuthkit.datamodel.Volume.getAddr | ( | ) |
get the unique partition address within this volume system (assigned by The Sleuth Kit)
Definition at line 140 of file Volume.java.
List<Content> org.sleuthkit.datamodel.Volume.getChildren | ( | ) | throws TskCoreException |
Gets the child content objects of this content.
TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 270 of file Volume.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
Referenced by org.sleuthkit.datamodel.Volume.getFileSystems().
List<Long> org.sleuthkit.datamodel.Volume.getChildrenIds | ( | ) | throws TskCoreException |
Gets the child content ids of this content.
TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 275 of file Volume.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
String org.sleuthkit.datamodel.Volume.getDescription | ( | ) |
get the description. This is set by the volume system and doesn't exist for all volumes.
Definition at line 187 of file Volume.java.
List<FileSystem> org.sleuthkit.datamodel.Volume.getFileSystems | ( | ) | throws TskCoreException |
TskCoreException |
Definition at line 284 of file Volume.java.
References org.sleuthkit.datamodel.Volume.getChildren().
long org.sleuthkit.datamodel.Volume.getFlags | ( | ) |
String org.sleuthkit.datamodel.Volume.getFlagsAsString | ( | ) |
get the flags as String
Definition at line 177 of file Volume.java.
References org.sleuthkit.datamodel.Volume.vsFlagToString().
long org.sleuthkit.datamodel.Volume.getLength | ( | ) |
long org.sleuthkit.datamodel.Volume.getSize | ( | ) |
Get the (reported) size of the content object and, in theory, how much you should be able to read from it. In some cases, data corruption may mean that you cannot read this much data.
Implements org.sleuthkit.datamodel.Content.
Definition at line 106 of file Volume.java.
long org.sleuthkit.datamodel.Volume.getStart | ( | ) |
get the starting sector address of this volume relative to start of the volume system
Definition at line 150 of file Volume.java.
String org.sleuthkit.datamodel.Volume.getUniquePath | ( | ) | throws TskCoreException |
Implements org.sleuthkit.datamodel.Content.
Definition at line 111 of file Volume.java.
References org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractContent.getParent(), and org.sleuthkit.datamodel.Content.getUniquePath().
int org.sleuthkit.datamodel.Volume.read | ( | byte[] | buf, |
long | offset, | ||
long | len | ||
) | throws TskCoreException |
Reads data that this content object is associated with (file contents, volume contents, etc.).
buf | a character array of data (in bytes) to copy read data to |
offset | byte offset in the content to start reading from |
len | number of bytes to read into buf. |
TskCoreException | if critical error occurred during read in the tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 66 of file Volume.java.
References org.sleuthkit.datamodel.AbstractContent.getParent(), org.sleuthkit.datamodel.VolumeSystem.getType(), org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle(), org.sleuthkit.datamodel.SleuthkitJNI.openVsPart(), org.sleuthkit.datamodel.SleuthkitJNI.readVsPart(), and org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS.
String org.sleuthkit.datamodel.Volume.toString | ( | boolean | preserveState | ) |
Definition at line 298 of file Volume.java.
|
static |
Convert volume flag string to long
vsFlag | string representation of the flag |
Definition at line 218 of file Volume.java.
|
static |
Convert long representation of the flag to user readable format
vsFlag | long repr. of the flag |
Definition at line 237 of file Volume.java.
References org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL, org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC, org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META, and org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC.
Referenced by org.sleuthkit.datamodel.Volume.getFlagsAsString().
|
static |
Convert volume type flag to string
vsFlag | long flag to convert |
Definition at line 199 of file Volume.java.
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.