Sleuth Kit Java Bindings (JNI)  4.12.1
Java bindings for using The Sleuth Kit
TskData.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.text.MessageFormat;
22 import java.util.ResourceBundle;
23 import java.util.EnumSet;
24 import java.util.Set;
25 
30 public class TskData {
31 
32  private final static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
33 
38  public enum TSK_FS_NAME_TYPE_ENUM {
39 
40  UNDEF(0, "-"),
41  FIFO(1, "p"),
42  CHR(2, "c"),
43  DIR(3, "d"),
44  BLK(4, "b"),
45  REG(5, "r"),
46  LNK(6, "l"),
47  SOCK(7, "s"),
48  SHAD(8, "h"),
49  WHT(9, "w"),
50  VIRT(10, "v"),
51  VIRT_DIR(11, "V");
52 
53  private short dirType;
54  String label;
55 
56  private TSK_FS_NAME_TYPE_ENUM(int type, String label) {
57  this.dirType = (short) type;
58  this.label = label;
59  }
60 
66  public short getValue() {
67  return dirType;
68  }
69 
75  public String getLabel() {
76  return this.label;
77  }
78 
86  static public TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type) {
87  for (TSK_FS_NAME_TYPE_ENUM v : TSK_FS_NAME_TYPE_ENUM.values()) {
88  if (v.dirType == dir_type) {
89  return v;
90  }
91  }
92  throw new IllegalArgumentException(
93  MessageFormat.format(bundle.getString("TskData.tskFsNameTypeEnum.exception.msg1.text"), dir_type));
94  }
95  }
96 
101  public enum TSK_FS_META_TYPE_ENUM {
102 
103  TSK_FS_META_TYPE_UNDEF(0, "-"),
104  TSK_FS_META_TYPE_REG(1, "r"),
105  TSK_FS_META_TYPE_DIR(2, "d"),
106  TSK_FS_META_TYPE_FIFO(3, "p"),
107  TSK_FS_META_TYPE_CHR(4, "c"),
108  TSK_FS_META_TYPE_BLK(5, "b"),
109  TSK_FS_META_TYPE_LNK(6, "l"),
110  TSK_FS_META_TYPE_SHAD(7, "s"),
111  TSK_FS_META_TYPE_SOCK(8, "h"),
112  TSK_FS_META_TYPE_WHT(9, "w"),
113  TSK_FS_META_TYPE_VIRT(10, "v"),
114  TSK_FS_META_TYPE_VIRT_DIR(11, "v");
115 
116  private short metaType;
117  private String metaTypeStr;
118 
119  private TSK_FS_META_TYPE_ENUM(int type, String metaTypeStr) {
120  this.metaType = (short) type;
121  this.metaTypeStr = metaTypeStr;
122  }
123 
129  public short getValue() {
130  return metaType;
131  }
132 
133  @Override
134  public String toString() {
135  return metaTypeStr;
136  }
137 
138  public static TSK_FS_META_TYPE_ENUM valueOf(short metaType) {
139  for (TSK_FS_META_TYPE_ENUM type : TSK_FS_META_TYPE_ENUM.values()) {
140  if (type.getValue() == metaType) {
141  return type;
142  }
143  }
144  throw new IllegalArgumentException(
145  MessageFormat.format(bundle.getString("TskData.tskFsMetaTypeEnum.exception.msg1.text"), metaType));
146  }
147  }
148 
154  public enum TSK_FS_NAME_FLAG_ENUM {
155 
156  UNKNOWN(0, bundle.getString("TskData.tskFsNameFlagEnum.unknown")),
157  ALLOC(1, bundle.getString("TskData.tskFsNameFlagEnum.allocated")),
158  UNALLOC(2, bundle.getString("TskData.tskFsNameFlagEnum.unallocated"));
159 
160  private short dirFlag;
161  private String dirFlagStr;
162 
163  private TSK_FS_NAME_FLAG_ENUM(int flag, String dirFlagStr) {
164  this.dirFlag = (short) flag;
165  this.dirFlagStr = dirFlagStr;
166  }
167 
173  public short getValue() {
174  return dirFlag;
175  }
176 
177  @Override
178  public String toString() {
179  return dirFlagStr;
180  }
181 
189  public static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag) {
190  for (TSK_FS_NAME_FLAG_ENUM flag : TSK_FS_NAME_FLAG_ENUM.values()) {
191  if (flag.dirFlag == dirFlag) {
192  return flag;
193  }
194  }
195 
196  return TSK_FS_NAME_FLAG_ENUM.UNKNOWN;
197  }
198  }
199 
205  public enum TSK_FS_META_FLAG_ENUM {
206 
207  UNKNOWN(0, bundle.getString("TskData.tskFsMetaFlagEnum.unknown")),
208  ALLOC(1, bundle.getString("TskData.tskFsMetaFlagEnum.allocated")),
209  UNALLOC(2, bundle.getString("TskData.tskFsMetaFlagEnum.unallocated")),
210  USED(4, bundle.getString("TskData.tskFsMetaFlagEnum.used")),
211  UNUSED(8, bundle.getString("TskData.tskFsMetaFlagEnum.unused")),
212  COMP(16, bundle.getString("TskData.tskFsMetaFlagEnum.compressed")),
213  ORPHAN(32, bundle.getString("TskData.tskFsMetaFlagEnum.orphan"));
214 
215  private short meta_flag;
216  private String label;
217 
218  private TSK_FS_META_FLAG_ENUM(int flag, String label) {
219  this.meta_flag = (short) flag;
220  this.label = label;
221  }
222 
228  public short getValue() {
229  return meta_flag;
230  }
231 
237  @Override
238  public String toString() {
239  return label;
240  }
241 
249  public static Set<TSK_FS_META_FLAG_ENUM> valuesOf(short metaFlags) {
250  Set<TSK_FS_META_FLAG_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_FLAG_ENUM.class);
251 
252  if (metaFlags == TSK_FS_META_FLAG_ENUM.UNKNOWN.getValue()) {
253  matchedFlags.add(TSK_FS_META_FLAG_ENUM.UNKNOWN);
254  return matchedFlags;
255  }
256 
257  for (TSK_FS_META_FLAG_ENUM v : TSK_FS_META_FLAG_ENUM.values()) {
258  long flag = v.getValue();
259 
260  if ((metaFlags & flag) == flag) {
261  matchedFlags.add(v);
262  }
263  }
264 
265  return matchedFlags;
266  }
267 
268  public static short toInt(Set<TSK_FS_META_FLAG_ENUM> metaFlags) {
269  short val = 0;
270  for (TSK_FS_META_FLAG_ENUM flag : metaFlags) {
271  val |= flag.getValue();
272  }
273  return val;
274  }
275  }
276 
281  public enum TSK_FS_ATTR_TYPE_ENUM {
282 
283  TSK_FS_ATTR_TYPE_NOT_FOUND(0x00), // 0
284  TSK_FS_ATTR_TYPE_DEFAULT(0x01), // 1
285  TSK_FS_ATTR_TYPE_NTFS_SI(0x10), // 16
286  TSK_FS_ATTR_TYPE_NTFS_ATTRLIST(0x20), // 32
287  TSK_FS_ATTR_TYPE_NTFS_FNAME(0x30), // 48
288  TSK_FS_ATTR_TYPE_NTFS_VVER(0x40), // 64 (NT)
289  TSK_FS_ATTR_TYPE_NTFS_OBJID(0x40), // 64 (2K)
290  TSK_FS_ATTR_TYPE_NTFS_SEC(0x50), // 80
291  TSK_FS_ATTR_TYPE_NTFS_VNAME(0x60), // 96
292  TSK_FS_ATTR_TYPE_NTFS_VINFO(0x70), // 112
293  TSK_FS_ATTR_TYPE_NTFS_DATA(0x80), // 128
294  TSK_FS_ATTR_TYPE_NTFS_IDXROOT(0x90), // 144
295  TSK_FS_ATTR_TYPE_NTFS_IDXALLOC(0xA0), // 160
296  TSK_FS_ATTR_TYPE_NTFS_BITMAP(0xB0), // 176
297  TSK_FS_ATTR_TYPE_NTFS_SYMLNK(0xC0), // 192 (NT)
298  TSK_FS_ATTR_TYPE_NTFS_REPARSE(0xC0), // 192 (2K)
299  TSK_FS_ATTR_TYPE_NTFS_EAINFO(0xD0), // 208
300  TSK_FS_ATTR_TYPE_NTFS_EA(0xE0), // 224
301  TSK_FS_ATTR_TYPE_NTFS_PROP(0xF0), // (NT)
302  TSK_FS_ATTR_TYPE_NTFS_LOG(0x100), // (2K)
303  TSK_FS_ATTR_TYPE_UNIX_INDIR(0x1001), // Indirect blocks for UFS and ExtX file systems
304 
305  // Types for HFS+ File Attributes
306  TSK_FS_ATTR_TYPE_HFS_DEFAULT(0x01), // 1 Data fork of fs special files and misc
307  TSK_FS_ATTR_TYPE_HFS_DATA(0x1100), // 4352 Data fork of regular files
308  TSK_FS_ATTR_TYPE_HFS_RSRC(0x1101), // 4353 Resource fork of regular files
309  TSK_FS_ATTR_TYPE_HFS_EXT_ATTR(0x1102), // 4354 Extended Attributes) except compression records
310  TSK_FS_ATTR_TYPE_HFS_COMP_REC(0x1103); // 4355 Compression records
311 
312  private int val;
313 
314  private TSK_FS_ATTR_TYPE_ENUM(int val) {
315  this.val = val;
316  }
317 
318  public int getValue() {
319  return val;
320  }
321 
322  public static TSK_FS_ATTR_TYPE_ENUM valueOf(int val) {
323  for (TSK_FS_ATTR_TYPE_ENUM type : TSK_FS_ATTR_TYPE_ENUM.values()) {
324  if (type.val == val) {
325  return type;
326  }
327  }
328  throw new IllegalArgumentException(
329  MessageFormat.format(bundle.getString("TskData.tskFsAttrTypeEnum.exception.msg1.text"), val));
330  }
331  };
332 
337  public enum TSK_VS_PART_FLAG_ENUM {
338 
339  TSK_VS_PART_FLAG_ALLOC(1),
340  TSK_VS_PART_FLAG_UNALLOC(2),
341  TSK_VS_PART_FLAG_META(4),
342  TSK_VS_PART_FLAG_ALL(7);
343 
344  private long vs_flag;
345 
346  private TSK_VS_PART_FLAG_ENUM(long flag) {
347  vs_flag = flag;
348  }
349 
355  public long getVsFlag() {
356  return vs_flag;
357  }
358 
359  }
360 
365  public enum TSK_FS_META_MODE_ENUM {
366  /*
367  * The following describe the file permissions
368  */
369 
370  TSK_FS_META_MODE_ISUID(0004000),
371  TSK_FS_META_MODE_ISGID(0002000),
372  TSK_FS_META_MODE_ISVTX(0001000),
373 
374  TSK_FS_META_MODE_IRUSR(0000400),
375  TSK_FS_META_MODE_IWUSR(0000200),
376  TSK_FS_META_MODE_IXUSR(0000100),
377 
378  TSK_FS_META_MODE_IRGRP(0000040),
379  TSK_FS_META_MODE_IWGRP(0000020),
380  TSK_FS_META_MODE_IXGRP(0000010),
381 
382  TSK_FS_META_MODE_IROTH(0000004),
383  TSK_FS_META_MODE_IWOTH(0000002),
384  TSK_FS_META_MODE_IXOTH(0000001);
385 
386  private short mode;
387 
388  private TSK_FS_META_MODE_ENUM(int mode) {
389  this.mode = (short) mode;
390  }
391 
397  public short getMode() {
398  return mode;
399  }
400 
409  public static Set<TSK_FS_META_MODE_ENUM> valuesOf(short modes) {
410  Set<TSK_FS_META_MODE_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_MODE_ENUM.class);
411 
412  for (TSK_FS_META_MODE_ENUM v : TSK_FS_META_MODE_ENUM.values()) {
413  long flag = v.getMode();
414 
415  if ((modes & flag) == flag) {
416  matchedFlags.add(v);
417  }
418  }
419 
420  return matchedFlags;
421  }
422 
428  public static short toInt(Set<TSK_FS_META_MODE_ENUM> modes) {
429  short modesInt = 0;
430  for (TSK_FS_META_MODE_ENUM mode : modes) {
431  modesInt |= mode.getMode();
432  }
433  return modesInt;
434  }
435  };
436 
441  public enum TSK_FS_TYPE_ENUM {
442  TSK_FS_TYPE_DETECT(0x00000000, bundle.getString("TskData.tskFsTypeEnum.autoDetect")),
443  TSK_FS_TYPE_NTFS(0x00000001, "NTFS"),
444  TSK_FS_TYPE_NTFS_DETECT(0x00000001, bundle.getString("TskData.tskFsTypeEnum.NTFSautoDetect")),
445  TSK_FS_TYPE_FAT12(0x00000002, "FAT12"),
446  TSK_FS_TYPE_FAT16(0x00000004, "FAT16"),
447  TSK_FS_TYPE_FAT32(0x00000008, "FAT32"),
448  TSK_FS_TYPE_EXFAT(0x0000000A, "ExFAT"),
449  TSK_FS_TYPE_FAT_DETECT(0x0000000e, bundle.getString("TskData.tskFsTypeEnum.FATautoDetect")),
450  TSK_FS_TYPE_FFS1(0x00000010, "UFS1"),
451  TSK_FS_TYPE_FFS1B(0x00000020, "UFS1b"),
452  TSK_FS_TYPE_FFS2(0x00000040, "UFS2"),
453  TSK_FS_TYPE_FFS_DETECT(0x00000070, "UFS"),
454  TSK_FS_TYPE_EXT2(0x00000080, "Ext2"),
455  TSK_FS_TYPE_EXT3(0x00000100, "Ext3"),
456  TSK_FS_TYPE_EXT_DETECT(0x00000180, bundle.getString("TskData.tskFsTypeEnum.ExtXautoDetect")),
457  TSK_FS_TYPE_SWAP(0x00000200, "SWAP"),
458  TSK_FS_TYPE_SWAP_DETECT(0x00000200, bundle.getString("TskData.tskFsTypeEnum.SWAPautoDetect")),
459  TSK_FS_TYPE_RAW(0x00000400, "RAW"),
460  TSK_FS_TYPE_RAW_DETECT(0x00000400, bundle.getString("TskData.tskFsTypeEnum.RAWautoDetect")),
461  TSK_FS_TYPE_ISO9660(0x00000800, "ISO9660"),
462  TSK_FS_TYPE_ISO9660_DETECT(0x00000800, bundle.getString("TskData.tskFsTypeEnum.ISO9660autoDetect")),
463  TSK_FS_TYPE_HFS(0x00001000, "HFS"),
464  TSK_FS_TYPE_HFS_DETECT(0x00001000, bundle.getString("TskData.tskFsTypeEnum.HFSautoDetect")),
465  TSK_FS_TYPE_EXT4(0x00002000, "Ext4"),
466  TSK_FS_TYPE_YAFFS2(0x00004000, "YAFFS2"),
467  TSK_FS_TYPE_YAFFS2_DETECT(0x00004000, bundle.getString("TskData.tskFsTypeEnum.YAFFS2autoDetect")),
468  TSK_FS_TYPE_APFS(0x00010000, "APFS"),
469  TSK_FS_TYPE_APFS_DETECT(0x00010000, bundle.getString("TskData.tskFsTypeEnum.APFSautoDetect")),
470  TSK_FS_TYPE_BTRFS(0x00040000, "BTRFS"),
471  TSK_FS_TYPE_BTRFS_DETECT(0x00040000, "BTRFSAutoDetect"),
472  TSK_FS_TYPE_LOGICAL(0x00020000, "Logical"),
473  TSK_FS_TYPE_UNSUPP(0xffffffff, bundle.getString("TskData.tskFsTypeEnum.unsupported"));
474 
475  private int value;
476  private String displayName;
477 
478  private TSK_FS_TYPE_ENUM(int value, String displayName) {
479  this.value = value;
480  this.displayName = displayName;
481  }
482 
488  public int getValue() {
489  return value;
490  }
491 
497  public String getDisplayName() {
498  return displayName;
499  }
500 
509  public static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue) {
510  for (TSK_FS_TYPE_ENUM type : TSK_FS_TYPE_ENUM.values()) {
511  if (type.value == fsTypeValue) {
512  return type;
513  }
514  }
515  throw new IllegalArgumentException(
516  MessageFormat.format(bundle.getString("TskData.tskFsTypeEnum.exception.msg1.text"), fsTypeValue));
517  }
518 
519  };
520 
525  public enum TSK_IMG_TYPE_ENUM {
526 
527  TSK_IMG_TYPE_DETECT(0, bundle.getString("TskData.tskImgTypeEnum.autoDetect")), // Auto Detection
528  TSK_IMG_TYPE_RAW_SING(1, bundle.getString("TskData.tskImgTypeEnum.rawSingle")), // Single raw file (dd)
529  TSK_IMG_TYPE_RAW_SPLIT(2, bundle.getString("TskData.tskImgTypeEnum.rawSplit")), // Split raw files
530  TSK_IMG_TYPE_AFF_AFF(4, "AFF"), // Advanced Forensic Format NON-NLS
531  TSK_IMG_TYPE_AFF_AFD(8, "AFD"), // AFF Multiple File NON-NLS
532  TSK_IMG_TYPE_AFF_AFM(16, "AFM"), // AFF with external metadata NON-NLS
533  TSK_IMG_TYPE_AFF_ANY(32, "AFF"), // All AFFLIB image formats (including beta ones) NON-NLS
534  TSK_IMG_TYPE_EWF_EWF(64, "E01"), // Expert Witness format (encase) NON-NLS
535  TSK_IMG_TYPE_VMDK_VMDK(128, "VMDK"), // VMware Virtual Disk (VMDK) NON-NLS
536  TSK_IMG_TYPE_VHD_VHD(256, "VHD"), // Virtual Hard Disk (VHD) image format NON-NLS
537  TSK_IMG_TYPE_POOL_POOL(16384, "POOL"), // Pool (internal use) NON-NLS
538  TSK_IMG_TYPE_LOGICAL(32768, "Logical"),
539  TSK_IMG_TYPE_UNSUPP(65535, bundle.getString("TskData.tskImgTypeEnum.unknown")); // Unsupported Image Type
540 
541  private long imgType;
542  private String name;
543 
544  private TSK_IMG_TYPE_ENUM(long type, String name) {
545  this.imgType = type;
546  this.name = name;
547  }
548 
549  public static TSK_IMG_TYPE_ENUM valueOf(long imgType) {
550  for (TSK_IMG_TYPE_ENUM type : TSK_IMG_TYPE_ENUM.values()) {
551  if (type.getValue() == imgType) {
552  return type;
553  }
554  }
555  throw new IllegalArgumentException(
556  MessageFormat.format(bundle.getString("TskData.tskImgTypeEnum.exception.msg1.text"), imgType));
557  }
558 
564  public long getValue() {
565  return imgType;
566  }
567 
573  public String getName() {
574  return name;
575  }
576  };
577 
582  public enum TSK_VS_TYPE_ENUM {
583 
584  TSK_VS_TYPE_DETECT(0x0000, bundle.getString("TskData.tskVSTypeEnum.autoDetect")),
585  TSK_VS_TYPE_DOS(0x0001, "DOS"),
586  TSK_VS_TYPE_BSD(0x0002, "BSD"),
587  TSK_VS_TYPE_SUN(0x0004, "SUN VTOC"),
588  TSK_VS_TYPE_MAC(0x0008, "Mac"),
589  TSK_VS_TYPE_GPT(0x0010, "GPT"),
590  TSK_VS_TYPE_APFS(0x0020, "APFS"),
591  TSK_VS_TYPE_LVM(0x0030, "LVM"),
592  TSK_VS_TYPE_DBFILLER(0x00F0, bundle.getString("TskData.tskVSTypeEnum.fake")),
593  TSK_VS_TYPE_UNSUPP(0xFFFF, bundle.getString("TskData.tskVSTypeEnum.unsupported"));
594 
595  private long vsType;
596  private String name;
597 
598  private TSK_VS_TYPE_ENUM(long type, String name) {
599  this.vsType = type;
600  this.name = name;
601  }
602 
603  public static TSK_VS_TYPE_ENUM valueOf(long vsType) {
604  for (TSK_VS_TYPE_ENUM type : TSK_VS_TYPE_ENUM.values()) {
605  if (type.getVsType() == vsType) {
606  return type;
607  }
608  }
609  throw new IllegalArgumentException(
610  MessageFormat.format(bundle.getString("TskData.tskVSTypeEnum.exception.msg1.text"), vsType));
611  }
612 
618  public long getVsType() {
619  return vsType;
620  }
621 
627  public String getName() {
628  return name;
629  }
630  };
631 
636  public enum ObjectType {
637 
638  IMG(0, bundle.getString("TskData.ObjectType.IMG.name")),
639  VS(1, bundle.getString("TskData.ObjectType.VS.name")),
640  VOL(2, bundle.getString("TskData.ObjectType.VOL.name")),
641  FS(3, bundle.getString("TskData.ObjectType.FS.name")),
642  ABSTRACTFILE(4, bundle.getString("TskData.ObjectType.AbstractFile.name")),
643  ARTIFACT(5, bundle.getString("TskData.ObjectType.Artifact.name")),
644  REPORT(6, bundle.getString("TskData.ObjectType.Report.name")),
645  POOL(7, bundle.getString("TskData.ObjectType.Pool.name")),
646  OS_ACCOUNT(8, bundle.getString("TskData.ObjectType.OsAccount.name")),
647  HOST_ADDRESS(9, bundle.getString("TskData.ObjectType.HostAddress.name")),
648  UNSUPPORTED(-1, bundle.getString("TskData.ObjectType.Unsupported.name"))
649  ;
650  private final short objectType;
651  private final String displayName;
652 
653  private ObjectType(int objectType, String displayName) {
654  this.objectType = (short) objectType;
655  this.displayName = displayName;
656  }
657 
663  public short getObjectType() {
664  return objectType;
665  }
666 
667  @Override
668  public String toString() {
669  return displayName;
670  }
671 
679  public static ObjectType valueOf(short objectType) {
680  for (ObjectType v : ObjectType.values()) {
681  if (v.objectType == objectType) {
682  return v;
683  }
684  }
685  return UNSUPPORTED;
686  }
687  }
688 
693  public enum TSK_DB_FILES_TYPE_ENUM {
694 
695  FS(0, "File System"),
696  CARVED(1, "Carved"),
697  DERIVED(2, "Derived"),
698  LOCAL(3, "Local"),
699  UNALLOC_BLOCKS(4, "Unallocated Blocks"),
700  UNUSED_BLOCKS(5, "Unused Blocks"),
701  VIRTUAL_DIR(6, "Virtual Directory"),
702  SLACK(7, "Slack"),
703  LOCAL_DIR(8, "Local Directory"),
704  LAYOUT_FILE(9, "Layout File"),
705  ;
706 
707  private final short fileType;
708  private final String name;
709 
710  private TSK_DB_FILES_TYPE_ENUM(int fileType, String name) {
711  this.fileType = (short) fileType;
712  this.name = name;
713  }
714 
722  public static TSK_DB_FILES_TYPE_ENUM valueOf(short fileType) {
723  for (TSK_DB_FILES_TYPE_ENUM type : TSK_DB_FILES_TYPE_ENUM.values()) {
724  if (type.fileType == fileType) {
725  return type;
726  }
727  }
728  throw new IllegalArgumentException(
729  MessageFormat.format(bundle.getString("TskData.tskDbFilesTypeEnum.exception.msg1.text"), fileType));
730  }
731 
737  public short getFileType() {
738  return fileType;
739  }
740 
741  public String getName() {
742  return name;
743  }
744  }
745 
750  public enum TSK_POOL_TYPE_ENUM {
751  TSK_POOL_TYPE_DETECT(0, "Auto detect"),
752  TSK_POOL_TYPE_APFS(1, "APFS Pool"),
753  TSK_POOL_TYPE_LVM(2, "LVM Pool"),
754  TSK_POOL_TYPE_UNSUPP(0xffff, "Unsupported")
755  ;
756 
757  private final short poolType;
758  private final String name;
759 
760  TSK_POOL_TYPE_ENUM(int poolType, String name) {
761  this.poolType = (short) poolType;
762  this.name = name;
763  }
764 
772  public static TSK_POOL_TYPE_ENUM valueOf(long poolType) {
773  for (TSK_POOL_TYPE_ENUM type : TSK_POOL_TYPE_ENUM.values()) {
774  if (type.poolType == poolType) {
775  return type;
776  }
777  }
778  throw new IllegalArgumentException(
779  MessageFormat.format(bundle.getString("TskData.tskDbFilesTypeEnum.exception.msg1.text"), poolType)); // TODO
780  }
781 
787  public short getValue() {
788  return poolType;
789  }
790 
791  public String getName() {
792  return name;
793  }
794  }
795 
800  public enum FileKnown {
801 
802  UNKNOWN(0, bundle.getString("TskData.fileKnown.unknown")),
803  KNOWN(1, bundle.getString("TskData.fileKnown.known")),
804  BAD(2, bundle.getString("TskData.fileKnown.knownBad"));
805 
806  private byte known;
807  private String name;
808 
809  private FileKnown(int known, String name) {
810  this.known = (byte) known;
811  this.name = name;
812  }
813 
821  public static FileKnown valueOf(byte known) {
822  for (FileKnown v : FileKnown.values()) {
823  if (v.known == known) {
824  return v;
825  }
826  }
827  throw new IllegalArgumentException(
828  MessageFormat.format(bundle.getString("TskData.fileKnown.exception.msg1.text"), known));
829  }
830 
831  public String getName() {
832  return this.name;
833  }
834 
840  public byte getFileKnownValue() {
841  return this.known;
842  }
843  }
844 
849  public enum TagType {
850 
851  UNKNOWN(0, bundle.getString("TskData.tagType.unknown")), // does not change score
852  KNOWN(1, bundle.getString("TskData.tagType.known")), // does not change score
853  BAD(2, bundle.getString("TskData.tagType.knownBad")), // changes score to "notable"
854  SUSPICIOUS(3, bundle.getString("TskData.tagType.suspicious")); // changes score to "likely notable"
855 
856  private byte type;
857  private String name;
858 
859  private TagType(int type, String name) {
860  this.type = (byte) type;
861  this.name = name;
862  }
863 
873  public static FileKnown convertTagTypeToFileKnown(TagType tagType) {
874  switch (tagType) {
875  case BAD:
876  return FileKnown.BAD;
877  case KNOWN:
878  return FileKnown.KNOWN;
879  case UNKNOWN:
880  case SUSPICIOUS:
881  return FileKnown.UNKNOWN; // supporting legacy behavior
882  }
883 
884  throw new IllegalArgumentException(
885  MessageFormat.format(bundle.getString("TskData.tagType.exception.msg1.text"), tagType));
886  }
887 
897  public static TagType convertFileKnownToTagType(FileKnown fileKnown) {
898  switch (fileKnown) {
899  case BAD:
900  return TagType.BAD;
901  case KNOWN:
902  return TagType.KNOWN;
903  case UNKNOWN:
904  // Autopsy should use TagType.SUSPICIOUS instead of TagType.UNKNOWN.
905  // Tagging something as SUSPICIOUS will cause the underlying TSK score
906  // to be chnaged to SCORE_LIKELY_NOTABLE, whereas UNKNOWN
907  // does not change the underlying TSK score.
908  return TagType.SUSPICIOUS;
909  }
910 
911  throw new IllegalArgumentException(
912  MessageFormat.format(bundle.getString("TskData.fileKnown.exception.msg1.text"), fileKnown));
913  }
914 
922  public static TagType valueOf(byte type) {
923  for (TagType v : TagType.values()) {
924  if (v.type == type) {
925  return v;
926  }
927  }
928  throw new IllegalArgumentException(
929  MessageFormat.format(bundle.getString("TskData.tagType.exception.msg1.text"), type));
930  }
931 
932  public String getName() {
933  return this.name;
934  }
935 
941  public byte getTagTypeValue() {
942  return this.type;
943  }
944  }
945 
950  public enum DbType {
951 
952  // Add any additional remote database types here, and keep it in sync
953  // with the Sleuthkit version of this enum located at:
954  // sleuthkit/tsk/auto/db_connection_info.h
955  // Be sure to add to settingsValid() if you add a type here.
956  SQLITE(0),
957  POSTGRESQL(1);
958 
959  private int value;
960 
961  DbType(int val) {
962  this.value = val;
963  }
964 
965  public int getValue() {
966  return this.value;
967  }
968  }
969 
977  public enum EncodingType{
978  // Update EncodedFileUtil.java to handle any new types
979  NONE(0),
980  XOR1(1);
981 
982  private final int type;
983 
984  private EncodingType(int type){
985  this.type = type;
986  }
987 
988  public int getType(){
989  return type;
990  }
991 
992  public static EncodingType valueOf(int type) {
993  for (EncodingType v : EncodingType.values()) {
994  if (v.type == type) {
995  return v;
996  }
997  }
998  throw new IllegalArgumentException(
999  MessageFormat.format(bundle.getString("TskData.encodingType.exception.msg1.text"), type));
1000  }
1001  }
1002 
1007  public enum CollectedStatus{
1008 
1009  UNKNOWN(0),
1010  NO_SAVE_ERROR(1),
1011  NO_EMPTY_FILE(2),
1012  NO_NOT_FOUND(3),
1013  NO_UNRESOLVED(4),
1014  NO_READ_ERROR(5),
1015  NO_READ_ERROR_PARTIAL(6),
1016  NO_NOT_ATTEMPTED(7),
1017  NO_NOT_REGULAR_FILE(8),
1018  NO_FILE_TOO_LARGE(9),
1019  NO_ONLY_HASH_COLLECTED(10),
1020  NO_UNSUPPORTED_COMPRESSION(11),
1021  YES_TSK(12),
1022  YES_REPO(13);
1023 
1024  private final int type;
1025 
1026  private CollectedStatus(int type){
1027  this.type = type;
1028  }
1029 
1030  public int getType(){
1031  return type;
1032  }
1033 
1034  public static CollectedStatus valueOf(int type) {
1035  for (CollectedStatus v : CollectedStatus.values()) {
1036  if (v.type == type) {
1037  return v;
1038  }
1039  }
1040  throw new IllegalArgumentException(
1041  MessageFormat.format(bundle.getString("TskData.collectedStatus.exception.msg1.text"), type));
1042  }
1043  }
1044 
1048  public enum KeywordSearchQueryType {
1049  LITERAL(0),
1050  SUBSTRING(1),
1051  REGEX(2);
1052 
1053  private final int type;
1054 
1055  private KeywordSearchQueryType(int type){
1056  this.type = type;
1057  }
1058 
1059  public int getType(){
1060  return type;
1061  }
1062 
1063  public static KeywordSearchQueryType valueOf(int type) {
1064  for (KeywordSearchQueryType v : KeywordSearchQueryType.values()) {
1065  if (v.type == type) {
1066  return v;
1067  }
1068  }
1069  throw new IllegalArgumentException(
1070  MessageFormat.format(bundle.getString("TskData.keywordSearchQueryType.exception.msg1.text"), type));
1071  }
1072  };
1073 
1074 
1075 }
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SING
TSK_IMG_TYPE_RAW_SING
Definition: TskData.java:528
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT
VIRT
Special (TSK added "Virtual" files) NON-NLS.
Definition: TskData.java:50
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_OBJID
TSK_FS_ATTR_TYPE_NTFS_OBJID
Definition: TskData.java:289
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS
FS
File that can be found in file system tree.
Definition: TskData.java:695
org.sleuthkit.datamodel.TskData.FileKnown.valueOf
static FileKnown valueOf(byte known)
Definition: TskData.java:821
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_ENUM
TSK_POOL_TYPE_ENUM(int poolType, String name)
Definition: TskData.java:760
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF
TSK_FS_META_TYPE_UNDEF
Definition: TskData.java:103
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL
TSK_VS_PART_FLAG_ALL
Show all sectors in the walk.
Definition: TskData.java:342
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_EAINFO
TSK_FS_ATTR_TYPE_NTFS_EAINFO
Definition: TskData.java:299
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_BSD
TSK_VS_TYPE_BSD
BSD Partition table NON-NLS.
Definition: TskData.java:586
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.getValue
int getValue()
Definition: TskData.java:488
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.getName
String getName()
Definition: TskData.java:791
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_EA
TSK_FS_ATTR_TYPE_NTFS_EA
Definition: TskData.java:300
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_WHT
TSK_FS_META_TYPE_WHT
Whiteout NON-NLS.
Definition: TskData.java:112
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT_DETECT
TSK_FS_TYPE_EXT_DETECT
ExtX auto detection.
Definition: TskData.java:456
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_MAC
TSK_VS_TYPE_MAC
Mac partition table NON-NLS.
Definition: TskData.java:588
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VNAME
TSK_FS_ATTR_TYPE_NTFS_VNAME
Definition: TskData.java:291
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.label
String label
Definition: TskData.java:54
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.valuesOf
static Set< TSK_FS_META_FLAG_ENUM > valuesOf(short metaFlags)
Definition: TskData.java:249
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DBFILLER
TSK_VS_TYPE_DBFILLER
fake partition table type for loaddb (for images that do not have a volume system) ...
Definition: TskData.java:592
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNUSED
UNUSED
Metadata structure has never been allocated.
Definition: TskData.java:211
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT3
TSK_FS_TYPE_EXT3
Ext3 file system.
Definition: TskData.java:455
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_DEFAULT
TSK_FS_ATTR_TYPE_DEFAULT
Definition: TskData.java:284
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SPLIT
TSK_IMG_TYPE_RAW_SPLIT
Definition: TskData.java:529
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC
ALLOC
Metadata structure is currently in an allocated state.
Definition: TskData.java:208
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VINFO
TSK_FS_ATTR_TYPE_NTFS_VINFO
Definition: TskData.java:292
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.getName
String getName()
Definition: TskData.java:573
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC
TSK_VS_PART_FLAG_ALLOC
Sectors are allocated to a volume in the volume system.
Definition: TskData.java:339
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNKNOWN
UNKNOWN
Unknown.
Definition: TskData.java:156
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue
short getValue()
Definition: TskData.java:129
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_NTFS_DETECT
TSK_FS_TYPE_NTFS_DETECT
NTFS auto detection.
Definition: TskData.java:444
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.valueOf
static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue)
Definition: TskData.java:509
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_NTFS
TSK_FS_TYPE_NTFS
NTFS file system.
Definition: TskData.java:443
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR
TSK_FS_META_TYPE_DIR
Directory file NON-NLS.
Definition: TskData.java:105
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_SHAD
TSK_FS_META_TYPE_SHAD
SOLARIS ONLY NON-NLS.
Definition: TskData.java:110
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR
DIR
Directory NON-NLS.
Definition: TskData.java:43
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_DETECT
TSK_IMG_TYPE_DETECT
Definition: TskData.java:527
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX
TSK_FS_META_MODE_ISVTX
sticky bit
Definition: TskData.java:372
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_SUN
TSK_VS_TYPE_SUN
Sun VTOC NON-NLS.
Definition: TskData.java:587
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM
Definition: TskData.java:38
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.getVsFlag
long getVsFlag()
Definition: TskData.java:355
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC
UNALLOC
Metadata structure is currently in an unallocated state.
Definition: TskData.java:209
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_EXT_ATTR
TSK_FS_ATTR_TYPE_HFS_EXT_ATTR
Definition: TskData.java:309
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT32
TSK_FS_TYPE_FAT32
FAT32 file system.
Definition: TskData.java:447
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM
Definition: TskData.java:365
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM
Definition: TskData.java:205
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_VMDK_VMDK
TSK_IMG_TYPE_VMDK_VMDK
Definition: TskData.java:535
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.valueOf
static TSK_FS_META_TYPE_ENUM valueOf(short metaType)
Definition: TskData.java:138
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_LOGICAL
TSK_IMG_TYPE_LOGICAL
Definition: TskData.java:538
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH
TSK_FS_META_MODE_IXOTH
X for other.
Definition: TskData.java:384
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.LNK
LNK
Symbolic link NON-NLS.
Definition: TskData.java:46
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR
TSK_FS_META_TYPE_VIRT_DIR
"Virtual Directory" created by TSK for Orphan Files NON-NLS
Definition: TskData.java:114
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_ATTRLIST
TSK_FS_ATTR_TYPE_NTFS_ATTRLIST
Definition: TskData.java:286
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.COMP
COMP
The file contents are compressed.
Definition: TskData.java:212
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_BTRFS
TSK_FS_TYPE_BTRFS
Btrfs file system.
Definition: TskData.java:470
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID
TSK_FS_META_MODE_ISUID
set user id on execution
Definition: TskData.java:370
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS
TSK_VS_TYPE_APFS
APFS pool NON-NLS.
Definition: TskData.java:590
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_HFS_DETECT
TSK_FS_TYPE_HFS_DETECT
HFS auto detection.
Definition: TskData.java:464
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP
TSK_FS_META_MODE_IXGRP
X for group.
Definition: TskData.java:380
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT12
TSK_FS_TYPE_FAT12
FAT12 file system.
Definition: TskData.java:445
org.sleuthkit.datamodel.TskData.ObjectType.HOST_ADDRESS
HOST_ADDRESS
Host Address - see tsk_host_addresses for more details.
Definition: TskData.java:647
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE
LAYOUT_FILE
Set of blocks from an image that have been designated as a file.
Definition: TskData.java:704
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_YAFFS2_DETECT
TSK_FS_TYPE_YAFFS2_DETECT
YAFFS2 auto detection.
Definition: TskData.java:467
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH
TSK_FS_META_MODE_IWOTH
W for other.
Definition: TskData.java:383
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.WHT
WHT
Whiteout (openbsd) NON-NLS.
Definition: TskData.java:49
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP
TSK_FS_META_MODE_IRGRP
R for group.
Definition: TskData.java:378
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META
TSK_VS_PART_FLAG_META
Sectors contain volume system metadata and could also be ALLOC or UNALLOC.
Definition: TskData.java:341
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_COMP_REC
TSK_FS_ATTR_TYPE_HFS_COMP_REC
Definition: TskData.java:310
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS1B
TSK_FS_TYPE_FFS1B
UFS1b (Solaris - has no type)
Definition: TskData.java:451
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.SLACK
SLACK
Slack space for a single file.
Definition: TskData.java:702
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFF
TSK_IMG_TYPE_AFF_AFF
Definition: TskData.java:530
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_REPARSE
TSK_FS_ATTR_TYPE_NTFS_REPARSE
Definition: TskData.java:298
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS1
TSK_FS_TYPE_FFS1
UFS1 (FreeBSD, OpenBSD, BSDI ...)
Definition: TskData.java:450
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SI
TSK_FS_ATTR_TYPE_NTFS_SI
Definition: TskData.java:285
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_IDXROOT
TSK_FS_ATTR_TYPE_NTFS_IDXROOT
Definition: TskData.java:294
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf
static TSK_FS_ATTR_TYPE_ENUM valueOf(int val)
Definition: TskData.java:322
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM
Definition: TskData.java:154
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL
LOCAL
Local file that was added (not from a disk image)
Definition: TskData.java:698
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR
TSK_FS_META_MODE_IWUSR
W for owner.
Definition: TskData.java:375
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_UNSUPP
TSK_VS_TYPE_UNSUPP
Unsupported.
Definition: TskData.java:593
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_SWAP_DETECT
TSK_FS_TYPE_SWAP_DETECT
SWAP auto detection.
Definition: TskData.java:458
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_CHR
TSK_FS_META_TYPE_CHR
Character device NON-NLS.
Definition: TskData.java:107
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.valueOf
static TSK_POOL_TYPE_ENUM valueOf(long poolType)
Definition: TskData.java:772
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_APFS
TSK_POOL_TYPE_APFS
APFS Pooled Volumes.
Definition: TskData.java:752
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM
Definition: TskData.java:281
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_APFS_DETECT
TSK_FS_TYPE_APFS_DETECT
APFS auto detection.
Definition: TskData.java:469
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_LOGICAL
TSK_FS_TYPE_LOGICAL
Definition: TskData.java:472
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED
CARVED
Set of blocks for a file found from carving. Could be on top of a TSK_DB_FILES_TYPE_UNALLOC_BLOCKS ra...
Definition: TskData.java:696
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.valueOf
static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag)
Definition: TskData.java:189
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.getDisplayName
String getDisplayName()
Definition: TskData.java:497
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_ISO9660_DETECT
TSK_FS_TYPE_ISO9660_DETECT
ISO9660 auto detection.
Definition: TskData.java:462
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_DATA
TSK_FS_ATTR_TYPE_HFS_DATA
Definition: TskData.java:307
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.SOCK
SOCK
Socket NON-NLS.
Definition: TskData.java:47
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.getValue
short getValue()
Definition: TskData.java:228
org.sleuthkit.datamodel.TskData.ObjectType.FS
FS
File System - see tsk_fs_info for more details.
Definition: TskData.java:641
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_SWAP
TSK_FS_TYPE_SWAP
SWAP file system.
Definition: TskData.java:457
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH
TSK_FS_META_MODE_IROTH
R for other.
Definition: TskData.java:382
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_POOL_POOL
TSK_IMG_TYPE_POOL_POOL
Definition: TskData.java:537
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_UNSUPP
TSK_FS_TYPE_UNSUPP
Unsupported file system.
Definition: TskData.java:473
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_RAW
TSK_FS_TYPE_RAW
RAW file system.
Definition: TskData.java:459
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXFAT
TSK_FS_TYPE_EXFAT
ExFAT file system.
Definition: TskData.java:448
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED
USED
Metadata structure has been allocated at least once.
Definition: TskData.java:210
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM
Definition: TskData.java:337
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.getVsType
long getVsType()
Definition: TskData.java:618
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR
VIRT_DIR
Special (TSK added "Virtual" directories) NON-NLS.
Definition: TskData.java:51
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_UNSUPP
TSK_IMG_TYPE_UNSUPP
Logical directory.
Definition: TskData.java:539
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR
LOCAL_DIR
Local directory that was added (not from a disk image)
Definition: TskData.java:703
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_VHD_VHD
TSK_IMG_TYPE_VHD_VHD
Definition: TskData.java:536
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT_DETECT
TSK_FS_TYPE_FAT_DETECT
FAT auto detection.
Definition: TskData.java:449
org.sleuthkit.datamodel.TskData.ObjectType.VOL
VOL
Volume - see tsk_vs_parts for more details.
Definition: TskData.java:640
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFD
TSK_IMG_TYPE_AFF_AFD
Definition: TskData.java:531
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_IDXALLOC
TSK_FS_ATTR_TYPE_NTFS_IDXALLOC
Definition: TskData.java:295
org.sleuthkit.datamodel.TskData.TagType.valueOf
static TagType valueOf(byte type)
Definition: TskData.java:922
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.getMode
short getMode()
Definition: TskData.java:397
org.sleuthkit.datamodel.TskData.EncodingType.valueOf
static EncodingType valueOf(int type)
Definition: TskData.java:992
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFM
TSK_IMG_TYPE_AFF_AFM
Definition: TskData.java:532
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_BITMAP
TSK_FS_ATTR_TYPE_NTFS_BITMAP
Definition: TskData.java:296
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_RAW_DETECT
TSK_FS_TYPE_RAW_DETECT
RAW auto detection.
Definition: TskData.java:460
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT
TSK_FS_META_TYPE_VIRT
"Virtual File" created by TSK for file system areas NON-NLS
Definition: TskData.java:113
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_GPT
TSK_VS_TYPE_GPT
GPT partition table NON-NLS.
Definition: TskData.java:589
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR
TSK_FS_META_MODE_IRUSR
R for owner.
Definition: TskData.java:374
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.BLK
BLK
Block device NON-NLS.
Definition: TskData.java:44
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_DETECT
TSK_FS_TYPE_DETECT
Use autodetection methods.
Definition: TskData.java:442
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_DEFAULT
TSK_FS_ATTR_TYPE_HFS_DEFAULT
Definition: TskData.java:306
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.valueOf
static TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type)
Definition: TskData.java:86
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_ANY
TSK_IMG_TYPE_AFF_ANY
Definition: TskData.java:533
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.CHR
CHR
Character device NON-NLS.
Definition: TskData.java:42
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_APFS
TSK_FS_TYPE_APFS
APFS file system.
Definition: TskData.java:468
org.sleuthkit.datamodel.TskData.ObjectType.REPORT
REPORT
Artifact - see blackboard_artifacts for more details.
Definition: TskData.java:644
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.SHAD
SHAD
Shadow inode (solaris) NON-NLS.
Definition: TskData.java:48
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.toInt
static short toInt(Set< TSK_FS_META_MODE_ENUM > modes)
Definition: TskData.java:428
org.sleuthkit.datamodel.TskData.FileKnown.BAD
BAD
File marked as bad by hash db.
Definition: TskData.java:804
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED
DERIVED
File derived from a parent file (i.e. from ZIP)
Definition: TskData.java:697
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT2
TSK_FS_TYPE_EXT2
Ext2 file system.
Definition: TskData.java:454
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_LOG
TSK_FS_ATTR_TYPE_NTFS_LOG
Definition: TskData.java:302
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM
Definition: TskData.java:582
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_UNIX_INDIR
TSK_FS_ATTR_TYPE_UNIX_INDIR
Definition: TskData.java:303
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_HFS
TSK_FS_TYPE_HFS
HFS file system.
Definition: TskData.java:463
org.sleuthkit.datamodel.TskData.ObjectType.OS_ACCOUNT
OS_ACCOUNT
OS Account - see tsk_os_accounts for more details.
Definition: TskData.java:646
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_BTRFS_DETECT
TSK_FS_TYPE_BTRFS_DETECT
Btrfs auto detection.
Definition: TskData.java:471
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.FIFO
FIFO
Named pipe NON-NLS.
Definition: TskData.java:41
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_EWF_EWF
TSK_IMG_TYPE_EWF_EWF
Definition: TskData.java:534
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.toString
String toString()
Definition: TskData.java:178
org.sleuthkit.datamodel.TskData.TagType.convertTagTypeToFileKnown
static FileKnown convertTagTypeToFileKnown(TagType tagType)
Definition: TskData.java:873
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM
Definition: TskData.java:101
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.valueOf
static TSK_DB_FILES_TYPE_ENUM valueOf(short fileType)
Definition: TskData.java:722
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_BLK
TSK_FS_META_TYPE_BLK
Block device NON-NLS.
Definition: TskData.java:108
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.getValue
short getValue()
Definition: TskData.java:787
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT4
TSK_FS_TYPE_EXT4
Ext4 file system.
Definition: TskData.java:465
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_PROP
TSK_FS_ATTR_TYPE_NTFS_PROP
Definition: TskData.java:301
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.toInt
static short toInt(Set< TSK_FS_META_FLAG_ENUM > metaFlags)
Definition: TskData.java:268
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_RSRC
TSK_FS_ATTR_TYPE_HFS_RSRC
Definition: TskData.java:308
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.toString
String toString()
Definition: TskData.java:238
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.valueOf
static TSK_IMG_TYPE_ENUM valueOf(long imgType)
Definition: TskData.java:549
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_YAFFS2
TSK_FS_TYPE_YAFFS2
YAFFS2 file system.
Definition: TskData.java:466
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS
UNALLOC_BLOCKS
Set of blocks not allocated by file system. Parent should be image, volume, or file system...
Definition: TskData.java:699
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_SOCK
TSK_FS_META_TYPE_SOCK
UNIX domain socket NON-NLS.
Definition: TskData.java:111
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNKNOWN
UNKNOWN
Unknown.
Definition: TskData.java:207
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue
short getValue()
Definition: TskData.java:173
org.sleuthkit.datamodel.TskData.ObjectType.valueOf
static ObjectType valueOf(short objectType)
Definition: TskData.java:679
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG
REG
Regular file NON-NLS.
Definition: TskData.java:45
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_DETECT
TSK_POOL_TYPE_DETECT
Use autodetection methods.
Definition: TskData.java:751
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_FIFO
TSK_FS_META_TYPE_FIFO
Named pipe (fifo) NON-NLS.
Definition: TskData.java:106
org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN
UNKNOWN
File marked as unknown by hash db.
Definition: TskData.java:802
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.valuesOf
static Set< TSK_FS_META_MODE_ENUM > valuesOf(short modes)
Definition: TskData.java:409
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString
String toString()
Definition: TskData.java:134
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_LNK
TSK_FS_META_TYPE_LNK
Symbolic link NON-NLS.
Definition: TskData.java:109
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.getValue
long getValue()
Definition: TskData.java:564
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.getName
String getName()
Definition: TskData.java:741
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DETECT
TSK_VS_TYPE_DETECT
Use autodetection methods.
Definition: TskData.java:584
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_LVM
TSK_VS_TYPE_LVM
LVM pool NON-NLS.
Definition: TskData.java:591
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SEC
TSK_FS_ATTR_TYPE_NTFS_SEC
Definition: TskData.java:290
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT16
TSK_FS_TYPE_FAT16
FAT16 file system.
Definition: TskData.java:446
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS_DETECT
TSK_FS_TYPE_FFS_DETECT
UFS auto detection.
Definition: TskData.java:453
org.sleuthkit.datamodel.TskData.KeywordSearchQueryType.valueOf
static KeywordSearchQueryType valueOf(int type)
Definition: TskData.java:1063
org.sleuthkit.datamodel.TskData.FileKnown.KNOWN
KNOWN
File marked as a type by hash db.
Definition: TskData.java:803
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_DATA
TSK_FS_ATTR_TYPE_NTFS_DATA
Definition: TskData.java:293
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM
Definition: TskData.java:441
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP
TSK_FS_META_MODE_IWGRP
W for group.
Definition: TskData.java:379
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC
ALLOC
Name is in an allocated state.
Definition: TskData.java:157
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR
VIRTUAL_DIR
Virtual directory (not on fs) with no meta-data entry that can be used to group files of types other ...
Definition: TskData.java:701
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC
TSK_VS_PART_FLAG_UNALLOC
Sectors are not allocated to a volume.
Definition: TskData.java:340
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.UNDEF
UNDEF
Unknown type.
Definition: TskData.java:40
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue
short getValue()
Definition: TskData.java:66
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_FNAME
TSK_FS_ATTR_TYPE_NTFS_FNAME
Definition: TskData.java:287
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.valueOf
static TSK_VS_TYPE_ENUM valueOf(long vsType)
Definition: TskData.java:603
org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE
ABSTRACTFILE
File - see tsk_files for more details.
Definition: TskData.java:642
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SYMLNK
TSK_FS_ATTR_TYPE_NTFS_SYMLNK
Definition: TskData.java:297
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_ISO9660
TSK_FS_TYPE_ISO9660
ISO9660 file system.
Definition: TskData.java:461
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.getFileType
short getFileType()
Definition: TskData.java:737
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.getName
String getName()
Definition: TskData.java:627
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DOS
TSK_VS_TYPE_DOS
DOS Partition table NON-NLS.
Definition: TskData.java:585
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_LVM
TSK_POOL_TYPE_LVM
LVM Pooled Volumes.
Definition: TskData.java:753
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG
TSK_FS_META_TYPE_REG
Regular file NON-NLS.
Definition: TskData.java:104
org.sleuthkit.datamodel.TskData.TagType.convertFileKnownToTagType
static TagType convertFileKnownToTagType(FileKnown fileKnown)
Definition: TskData.java:897
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getLabel
String getLabel()
Definition: TskData.java:75
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM
Definition: TskData.java:525
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NOT_FOUND
TSK_FS_ATTR_TYPE_NOT_FOUND
Definition: TskData.java:283
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID
TSK_FS_META_MODE_ISGID
set group id on execution
Definition: TskData.java:371
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ORPHAN
ORPHAN
Return only metadata structures that have no file name pointing to the (inode_walk flag only) ...
Definition: TskData.java:213
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM
Definition: TskData.java:750
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS2
TSK_FS_TYPE_FFS2
UFS2 - FreeBSD, NetBSD.
Definition: TskData.java:452
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR
TSK_FS_META_MODE_IXUSR
X for owner.
Definition: TskData.java:376
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS
UNUSED_BLOCKS
Set of blocks that are unallocated AND not used by a carved or other file type. Parent should be UNAL...
Definition: TskData.java:700
org.sleuthkit.datamodel.TskData.CollectedStatus.valueOf
static CollectedStatus valueOf(int type)
Definition: TskData.java:1034
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM
Definition: TskData.java:693
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.getValue
int getValue()
Definition: TskData.java:318
org.sleuthkit.datamodel.TskData.ObjectType.VS
VS
Volume System - see tsk_vs_info for more details.
Definition: TskData.java:639
org.sleuthkit.datamodel.TskData.ObjectType.IMG
IMG
Disk Image - see tsk_image_info for more details.
Definition: TskData.java:638
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC
UNALLOC
Name is in an unallocated state.
Definition: TskData.java:158
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VVER
TSK_FS_ATTR_TYPE_NTFS_VVER
Definition: TskData.java:288

Copyright © 2011-2024 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.