Sleuth Kit Java Bindings (JNI)  4.12.1
Java bindings for using The Sleuth Kit
Classes | Public Member Functions | Static Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
org.sleuthkit.datamodel.AbstractFile Class Referenceabstract

Inherits org.sleuthkit.datamodel.AbstractContent.

Inherited by org.sleuthkit.datamodel.DerivedFile, org.sleuthkit.datamodel.FsContent, org.sleuthkit.datamodel.LayoutFile, org.sleuthkit.datamodel.LocalFile, and org.sleuthkit.datamodel.SpecialDirectory.

Classes

enum  MimeMatchEnum
 

Public Member Functions

void addAttributes (Collection< Attribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException
 
boolean canRead ()
 
void close ()
 
long convertToImgOffset (long fileOffset) throws TskCoreException
 
List< TskFileRangeconvertToImgRanges (long fileOffset, long length) throws TskCoreException
 
boolean exists ()
 
long getAtime ()
 
String getAtimeAsDate ()
 
int getAttributeId ()
 
List< AttributegetAttributes () throws TskCoreException
 
short getAttrId ()
 
TskData.TSK_FS_ATTR_TYPE_ENUM getAttrType ()
 
TskData.CollectedStatus getCollected ()
 
long getCrtime ()
 
String getCrtimeAsDate ()
 
long getCtime ()
 
String getCtimeAsDate ()
 
Content getDataSource () throws TskCoreException
 
long getDataSourceObjectId ()
 
String getDirFlagAsString ()
 
TSK_FS_NAME_TYPE_ENUM getDirType ()
 
String getDirTypeAsString ()
 
FileSystem getFileSystem () throws TskCoreException
 
Optional< Long > getFileSystemObjectId ()
 
int getGid ()
 
TskData.FileKnown getKnown ()
 
String getLocalAbsPath ()
 
String getLocalPath ()
 
String getMd5Hash ()
 
long getMetaAddr ()
 
String getMetaFlagsAsString ()
 
long getMetaSeq ()
 
TSK_FS_META_TYPE_ENUM getMetaType ()
 
String getMetaTypeAsString ()
 
String getMIMEType ()
 
String getModesAsString ()
 
long getMtime ()
 
String getMtimeAsDate ()
 
String getNameExtension ()
 
Optional< Long > getOsAccountObjectId ()
 
Optional< String > getOwnerUid ()
 
String getParentPath ()
 
List< TskFileRangegetRanges () throws TskCoreException
 
String getSha1Hash ()
 
String getSha256Hash ()
 
long getSize ()
 
TskData.TSK_DB_FILES_TYPE_ENUM getType ()
 
int getUid ()
 
String getUniquePath () throws TskCoreException
 
boolean hasFileSystem ()
 
boolean isDir ()
 
boolean isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag)
 
boolean isFile ()
 
boolean isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag)
 
MimeMatchEnum isMimeType (SortedSet< String > mimeTypes)
 
boolean isModeSet (TskData.TSK_FS_META_MODE_ENUM mode)
 
abstract boolean isRoot ()
 
boolean isVirtual ()
 
List< AbstractFilelistFiles () throws TskCoreException
 
BlackboardArtifact newArtifact (int artifactTypeID) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException
 
final int read (byte[] buf, long offset, long len) throws TskCoreException
 
void save () throws TskCoreException
 
void save (CaseDbTransaction transaction) throws TskCoreException
 
void setCollected (TskData.CollectedStatus collected)
 
void setKnown (TskData.FileKnown knownState)
 
void setMd5Hash (String md5Hash)
 
void setMIMEType (String mimeType)
 
void setSha1Hash (String sha1Hash)
 
void setSha256Hash (String sha256Hash)
 
String toString (boolean preserveState)
 
- Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent
boolean equals (Object obj)
 
Score getAggregateScore () throws TskCoreException
 
List< AnalysisResultgetAllAnalysisResults () throws TskCoreException
 
ArrayList< BlackboardArtifactgetAllArtifacts () throws TskCoreException
 
long getAllArtifactsCount () throws TskCoreException
 
List< DataArtifactgetAllDataArtifacts () throws TskCoreException
 
List< AnalysisResultgetAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException
 
ArrayList< BlackboardArtifactgetArtifacts (String artifactTypeName) throws TskCoreException
 
ArrayList< BlackboardArtifactgetArtifacts (int artifactTypeID) throws TskCoreException
 
ArrayList< BlackboardArtifactgetArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
 
long getArtifactsCount (String artifactTypeName) throws TskCoreException
 
long getArtifactsCount (int artifactTypeID) throws TskCoreException
 
long getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException
 
List< ContentgetChildren () throws TskCoreException
 
int getChildrenCount () throws TskCoreException
 
List< Long > getChildrenIds () throws TskCoreException
 
Content getDataSource () throws TskCoreException
 
BlackboardArtifact getGenInfoArtifact () throws TskCoreException
 
BlackboardArtifact getGenInfoArtifact (boolean create) throws TskCoreException
 
ArrayList< BlackboardAttributegetGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException
 
Set< String > getHashSetNames () throws TskCoreException
 
long getId ()
 
String getName ()
 
Content getParent () throws TskCoreException
 
Optional< Long > getParentId () throws TskCoreException
 
SleuthkitCase getSleuthkitCase ()
 
String getUniquePath () throws TskCoreException
 
boolean hasChildren () throws TskCoreException
 
int hashCode ()
 
AnalysisResultAdded newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException
 
AnalysisResultAdded newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException
 
BlackboardArtifact newArtifact (int artifactTypeID) throws TskCoreException
 
BlackboardArtifact newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException
 
DataArtifact newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException
 
String toString ()
 
String toString (boolean preserveState)
 
- Public Member Functions inherited from org.sleuthkit.datamodel.Content
public< T > T accept (ContentVisitor< T > v)
 
long getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException
 
ArrayList< BlackboardAttributegetGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException
 
- Public Member Functions inherited from org.sleuthkit.datamodel.SleuthkitVisitableItem
public< T > T accept (SleuthkitItemVisitor< T > v)
 

Static Public Member Functions

static String createNonUniquePath (String uniquePath)
 
static String epochToTime (long epoch)
 
static String epochToTime (long epoch, TimeZone tzone)
 
static long timeToEpoch (String time)
 

Protected Member Functions

void finalize () throws Throwable
 
int readInt (byte[] buf, long offset, long len) throws TskCoreException
 
final int readLocal (byte[] buf, long offset, long len) throws TskCoreException
 
void setLocalPath (String localPath, boolean isAbsolute)
 
- Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent
 AbstractContent (SleuthkitCase db, long obj_id, String name)
 

Protected Attributes

final int attrId
 
final TskData.TSK_FS_ATTR_TYPE_ENUM attrType
 
TSK_FS_NAME_FLAG_ENUM dirFlag
 
final TSK_FS_NAME_TYPE_ENUM dirType
 
final Long fileSystemObjectId
 
final TskData.TSK_DB_FILES_TYPE_ENUM fileType
 
TskData.FileKnown knownState
 
String md5Hash
 
final long metaAddr
 
Set< TSK_FS_META_FLAG_ENUMmetaFlags
 
final int metaSeq
 
final TSK_FS_META_TYPE_ENUM metaType
 
final Set< TskData.TSK_FS_META_MODE_ENUM > modes
 
final String parentPath
 
String sha1Hash
 
String sha256Hash
 
long size
 
final int uid
 
- Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent
long parentId
 

Additional Inherited Members

- Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent
static final long UNKNOWN_ID = -1
 

Detailed Description

An abstract base class for classes that represent files that have been added to the case.

Definition at line 52 of file AbstractFile.java.

Member Function Documentation

void org.sleuthkit.datamodel.AbstractFile.addAttributes ( Collection< Attribute attributes,
final SleuthkitCase.CaseDbTransaction  caseDbTransaction 
) throws TskCoreException

Adds a collection of attributes to this file in a single operation within a transaction supplied by the caller.

Parameters
attributesThe collection of attributes.
caseDbTransactionThe transaction in the scope of which the operation is to be performed, managed by the caller. if Null is passed in a local transaction will be created and used.
Exceptions
TskCoreExceptionIf an error occurs and the attributes were not added to the artifact.

Definition at line 622 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().

boolean org.sleuthkit.datamodel.AbstractFile.canRead ( )

Check if the file exists and is readable. If non-local (e.g. within an image) or file is marked with YES_REPO and there is a content provider, always true, if local, checks if actual local path exists and is readable

Returns
true if the file is readable

Definition at line 1308 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.canRead().

Referenced by org.sleuthkit.datamodel.AbstractFile.canRead().

void org.sleuthkit.datamodel.AbstractFile.close ( )

Free native resources after read is done on the Content object. After closing, read can be called again on the same Content object, which should result in re-opening of new native resources.

Implements org.sleuthkit.datamodel.Content.

Definition at line 1347 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.getName(), and org.sleuthkit.datamodel.AbstractFile.getParentPath().

Referenced by org.sleuthkit.datamodel.DerivedFile.finalize(), and org.sleuthkit.datamodel.AbstractFile.finalize().

long org.sleuthkit.datamodel.AbstractFile.convertToImgOffset ( long  fileOffset) throws TskCoreException

Convert an internal offset to an image offset

Parameters
fileOffsetthe byte offset in this layout file to map
Returns
the corresponding byte offset in the image where the file offset is located, or -1 if the file has no range layout information or if the fileOffset is larger than file size
Exceptions
TskCoreExceptionexception thrown if critical error occurred within tsk core and offset could not be converted

Definition at line 795 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.getRanges().

List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.convertToImgRanges ( long  fileOffset,
long  length 
) throws TskCoreException

Converts a file offset and length into a series of TskFileRange objects whose offsets are relative to the image. This method will only work on files with layout ranges.

Parameters
fileOffsetThe byte offset in this file to map.
lengthThe length of bytes starting at fileOffset requested.
Returns
The TskFileRange objects whose offsets are relative to the image. The sum total of lengths in these ranges will equal the length requested or will run until the end of this file.
Exceptions
TskCoreException

Definition at line 828 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskFileRange.getByteLen(), org.sleuthkit.datamodel.TskFileRange.getByteStart(), and org.sleuthkit.datamodel.AbstractFile.getRanges().

static String org.sleuthkit.datamodel.AbstractFile.createNonUniquePath ( String  uniquePath)
static
Parameters
uniquePaththe unique path to an AbstractFile (or subclass) usually obtained by a call to AbstractFile.getUniquePath.
Returns
the path to to an AbstractFile (or subclass) with the image and volume path segments removed.

Definition at line 927 of file AbstractFile.java.

static String org.sleuthkit.datamodel.AbstractFile.epochToTime ( long  epoch)
static

Return the epoch into string in ISO 8601 dateTime format

Parameters
epochtime in seconds
Returns
formatted date time string as "yyyy-MM-dd HH:mm:ss"
Deprecated:

Definition at line 1723 of file AbstractFile.java.

References org.sleuthkit.datamodel.TimeUtilities.epochToTime().

Referenced by org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate(), org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate(), and org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate().

static String org.sleuthkit.datamodel.AbstractFile.epochToTime ( long  epoch,
TimeZone  tzone 
)
static

Return the epoch into string in ISO 8601 dateTime format, in the given timezone

Parameters
epochtime in seconds
tzonetime zone
Returns
formatted date time string as "yyyy-MM-dd HH:mm:ss"
Deprecated:

Definition at line 1739 of file AbstractFile.java.

References org.sleuthkit.datamodel.TimeUtilities.epochToTime().

boolean org.sleuthkit.datamodel.AbstractFile.exists ( )

Check if the file exists. If non-local or file is marked with YES_REPO and there is a content provider always true, if local, checks if actual local path exists

Returns
true if the file exists, false otherwise

Definition at line 1287 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.exists().

Referenced by org.sleuthkit.datamodel.AbstractFile.exists(), and org.sleuthkit.datamodel.Image.imageFileExists().

void org.sleuthkit.datamodel.AbstractFile.finalize ( ) throws Throwable
protected

Definition at line 1367 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.close().

long org.sleuthkit.datamodel.AbstractFile.getAtime ( )

Get the access time

Returns
access time

Definition at line 313 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getAtimeAsDate ( )

Get the access time as Date (in local timezone)

Returns
access time as Date

Definition at line 322 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

int org.sleuthkit.datamodel.AbstractFile.getAttributeId ( )

Get the attribute id

Returns
attribute id

Definition at line 268 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.attrId.

List<Attribute> org.sleuthkit.datamodel.AbstractFile.getAttributes ( ) throws TskCoreException

Gets the attributes of this File

Returns
Exceptions
TskCoreException

Definition at line 597 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboard(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().

short org.sleuthkit.datamodel.AbstractFile.getAttrId ( )

Get the attribute id

Returns
attribute id
Deprecated:
Use getAttributeId() method instead as it returns integer instead of short.

Definition at line 1679 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.attrId.

TskData.TSK_FS_ATTR_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getAttrType ( )

Get the attribute type

Returns
attribute type

Definition at line 259 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.attrType.

TskData.CollectedStatus org.sleuthkit.datamodel.AbstractFile.getCollected ( )

Gets the collected status of the file data.

Returns
The collected.

Definition at line 751 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

long org.sleuthkit.datamodel.AbstractFile.getCrtime ( )

Get the creation time

Returns
creation time

Definition at line 295 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getCrtimeAsDate ( )

Get the creation time as Date (in local timezone)

Returns
creation time as Date

Definition at line 304 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

long org.sleuthkit.datamodel.AbstractFile.getCtime ( )

Get the change time

Returns
change time

Definition at line 277 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getCtimeAsDate ( )

Get the change time as Date (in local timezone)

Returns
change time as Date

Definition at line 286 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

Content org.sleuthkit.datamodel.AbstractFile.getDataSource ( ) throws TskCoreException

Gets the data source for this file.

Returns
The data source.
Exceptions
TskCoreExceptionif there was an error querying the case database.

To obtain the data source as a DataSource object, use: getSleuthkitCase().getDataSource(getDataSourceObjectId());

Implements org.sleuthkit.datamodel.Content.

Definition at line 733 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().

Referenced by org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.LayoutFile.readInt().

long org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId ( )

Gets the object id of the data source for this file.

Returns
The object id of the data source.

Definition at line 742 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.VirtualDirectory.getDataSource(), and org.sleuthkit.datamodel.SpecialDirectory.isDataSource().

String org.sleuthkit.datamodel.AbstractFile.getDirFlagAsString ( )
Returns
a string representation of the directory name flag (type TSK_FS_NAME_FLAG_ENUM)

Definition at line 1013 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.toString().

TSK_FS_NAME_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getDirType ( )

Get the directory type id

Returns
directory type id

Definition at line 992 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.dirType.

String org.sleuthkit.datamodel.AbstractFile.getDirTypeAsString ( )

Definition at line 996 of file AbstractFile.java.

FileSystem org.sleuthkit.datamodel.AbstractFile.getFileSystem ( ) throws TskCoreException

Gets the parent file system of this file or directory. If the AbstractFile object is not FsContent, hasFileSystem() should be called before this method to ensure the file belongs to a file system.

Returns
The file system object of the parent.
Exceptions
org.sleuthkit.datamodel.TskCoreExceptionIf the file does not belong to a file system or another error occurs.

Definition at line 1569 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.AbstractContent.UNKNOWN_ID.

Referenced by org.sleuthkit.datamodel.FsContent.getDataSource(), org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.FsContent.isRoot().

Optional<Long> org.sleuthkit.datamodel.AbstractFile.getFileSystemObjectId ( )

Get the object id of the parent file system of this file or directory if it exists.

Returns
The parent file system id.

Definition at line 1545 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.FsContent.getFileSystemId(), org.sleuthkit.datamodel.AbstractFile.getUniquePath(), and org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().

int org.sleuthkit.datamodel.AbstractFile.getGid ( )

Get the group id

Returns
group id

Definition at line 358 of file AbstractFile.java.

TskData.FileKnown org.sleuthkit.datamodel.AbstractFile.getKnown ( )

Get "knownState" file status - after running a HashDB ingest on it As marked by a knownState file database, such as NSRL

Returns
file knownState status enum value

Definition at line 687 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.knownState.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

String org.sleuthkit.datamodel.AbstractFile.getLocalAbsPath ( )

Get local absolute path of the file, if localPath has been set

Returns
local absolute file path if local path has been set, or null

Definition at line 1267 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getLocalPath ( )

Get local relative to case db path of the file

Returns
local file path if set

Definition at line 1258 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getMd5Hash ( )

Get the md5 hash value as calculated, if present

Returns
md5 hash string, if it is present or null if it is not

Definition at line 542 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.md5Hash.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

long org.sleuthkit.datamodel.AbstractFile.getMetaAddr ( )

Get the file meta address

Returns
Address of the meta data structure

Definition at line 367 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.metaAddr.

Referenced by org.sleuthkit.datamodel.FsContent.isRoot().

String org.sleuthkit.datamodel.AbstractFile.getMetaFlagsAsString ( )
Returns
a string representation of the meta flags

Definition at line 1029 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.

long org.sleuthkit.datamodel.AbstractFile.getMetaSeq ( )

Get the file meta address sequence. Only useful with NTFS. Incremented each time a structure is re-allocated.

Returns
Address of the meta data structure sequence.

Definition at line 377 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.metaSeq.

TSK_FS_META_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getMetaType ( )

Get the meta data type

Returns
meta data type

Definition at line 979 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.metaType.

String org.sleuthkit.datamodel.AbstractFile.getMetaTypeAsString ( )

Definition at line 983 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString().

String org.sleuthkit.datamodel.AbstractFile.getMIMEType ( )

Gets the MIME type of this file.

Returns
The MIME type name or null if the MIME type has not been set.

Definition at line 503 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

String org.sleuthkit.datamodel.AbstractFile.getModesAsString ( )

Get the file's mode as a user-displayable string

Returns
formatted user-displayable string for mode

Definition at line 386 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.toInt(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString(), org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP, org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH, and org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR.

long org.sleuthkit.datamodel.AbstractFile.getMtime ( )

Get the modified time

Returns
modified time

Definition at line 331 of file AbstractFile.java.

String org.sleuthkit.datamodel.AbstractFile.getMtimeAsDate ( )

Get the modified time as Date (in local timezone)

Returns
modified time as Date

Definition at line 340 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.epochToTime().

String org.sleuthkit.datamodel.AbstractFile.getNameExtension ( )

Get the extension part of the filename, if there is one. We assume that extensions only have ASCII alphanumeric chars

Returns
The filename extension in lowercase (not including the period) or empty string if there is no extension

Definition at line 698 of file AbstractFile.java.

Optional<Long> org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId ( )

Get the Object Id of the owner account.

Returns
Optional with Object Id of the OsAccount, or Optional.empty.

Definition at line 1527 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.newDataArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().

Optional<String> org.sleuthkit.datamodel.AbstractFile.getOwnerUid ( )

Get the owner uid.

Note this is a string uid, typically a Windows SID. This is different from the numeric uid commonly found on Unix based file systems.

Returns
Optional with owner uid.

Definition at line 1518 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile().

String org.sleuthkit.datamodel.AbstractFile.getParentPath ( )

Get path of the parent of this file

Returns
path string of the parent

Definition at line 717 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.parentPath.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.AbstractFile.close(), and org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment.FileAttachment().

List<TskFileRange> org.sleuthkit.datamodel.AbstractFile.getRanges ( ) throws TskCoreException

Gets file ranges associated with the file. File ranges are objects in tsk_file_layout table Any file type (especially unallocated) may have 1 or more block ranges associated with it

Returns
list of file layout ranges
Exceptions
TskCoreExceptionexception thrown if critical error occurred within tsk core

Definition at line 775 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().

Referenced by org.sleuthkit.datamodel.AbstractFile.convertToImgOffset(), org.sleuthkit.datamodel.AbstractFile.convertToImgRanges(), org.sleuthkit.datamodel.LayoutFile.getNumParts(), and org.sleuthkit.datamodel.LayoutFile.readInt().

String org.sleuthkit.datamodel.AbstractFile.getSha1Hash ( )

Get the SHA-1 hash value as calculated, if present

Returns
SHA-1 hash string, if it is present or null if it is not

Definition at line 586 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha1Hash.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

String org.sleuthkit.datamodel.AbstractFile.getSha256Hash ( )

Get the SHA-256 hash value as calculated, if present

Returns
SHA-256 hash string, if it is present or null if it is not

Definition at line 564 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha256Hash.

Referenced by org.sleuthkit.datamodel.AbstractFile.save().

long org.sleuthkit.datamodel.AbstractFile.getSize ( )

Get size of the file

Returns
file size in bytes

Implements org.sleuthkit.datamodel.Content.

Definition at line 708 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.size.

Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().

TskData.TSK_DB_FILES_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.getType ( )

Gets type of the abstract file as defined in TSK_DB_FILES_TYPE_ENUM

Returns
the type of the abstract file

Definition at line 250 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.fileType.

int org.sleuthkit.datamodel.AbstractFile.getUid ( )

Get the user id

Returns
user id

Definition at line 349 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.uid.

String org.sleuthkit.datamodel.AbstractFile.getUniquePath ( ) throws TskCoreException

Get the full path to this file or directory, starting with a "/" and the data source name and then all the other segments in the path.

Returns
A unique path for this object.
Exceptions
TskCoreExceptionif there is an error querying the case database.

Implements org.sleuthkit.datamodel.Content.

Definition at line 1592 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.equals(), org.sleuthkit.datamodel.AbstractFile.getDataSource(), org.sleuthkit.datamodel.AbstractFile.getFileSystem(), org.sleuthkit.datamodel.AbstractFile.getFileSystemObjectId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.Content.getUniquePath(), org.sleuthkit.datamodel.VirtualDirectory.NAME_CARVED, and org.sleuthkit.datamodel.VirtualDirectory.NAME_UNALLOC.

Referenced by org.sleuthkit.datamodel.FsContent.toString().

boolean org.sleuthkit.datamodel.AbstractFile.hasFileSystem ( )

Check if this AbstractFile belongs to a file system.

Returns
True if the file belongs to a file system, false otherwise.

Definition at line 1554 of file AbstractFile.java.

boolean org.sleuthkit.datamodel.AbstractFile.isDir ( )

Is this object a directory. Should return true for file system folders and virtual folders.

Returns
true if directory, false otherwise

Definition at line 907 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.

Referenced by org.sleuthkit.datamodel.AbstractFile.readLocal().

boolean org.sleuthkit.datamodel.AbstractFile.isDirNameFlagSet ( TSK_FS_NAME_FLAG_ENUM  flag)
Parameters
flagthe TSK_FS_NAME_FLAG_ENUM to check
Returns
true if the given flag is set in this FsContent object.

Definition at line 1005 of file AbstractFile.java.

boolean org.sleuthkit.datamodel.AbstractFile.isFile ( )

Is this object a file. Should return true for all types of files, including file system, logical, derived, layout, and slack space for files.

Returns
true if a file, false otherwise

Definition at line 894 of file AbstractFile.java.

References org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.

boolean org.sleuthkit.datamodel.AbstractFile.isMetaFlagSet ( TSK_FS_META_FLAG_ENUM  metaFlag)
Parameters
metaFlagthe TSK_FS_META_FLAG_ENUM to check
Returns
true if the given meta flag is set in this FsContent object.

Definition at line 1044 of file AbstractFile.java.

MimeMatchEnum org.sleuthkit.datamodel.AbstractFile.isMimeType ( SortedSet< String >  mimeTypes)

Determines if this file's type is one of the ones passed in. Uses the blackboard attribute for file type.

Parameters
mimeTypesSet of file types to compare against
Returns

Definition at line 1414 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.FALSE, org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.TRUE, and org.sleuthkit.datamodel.AbstractFile.MimeMatchEnum.UNDEFINED.

boolean org.sleuthkit.datamodel.AbstractFile.isModeSet ( TskData.TSK_FS_META_MODE_ENUM  mode)

Definition at line 520 of file AbstractFile.java.

abstract boolean org.sleuthkit.datamodel.AbstractFile.isRoot ( )
abstract

Is this a root of a file system

Returns
true if root of a file system, false otherwise
boolean org.sleuthkit.datamodel.AbstractFile.isVirtual ( )

is this a virtual file or directory that was created by The Sleuth Kit or Autopsy for general structure and organization.

Returns
true if it's virtual, false otherwise

Definition at line 881 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

List<AbstractFile> org.sleuthkit.datamodel.AbstractFile.listFiles ( ) throws TskCoreException
Returns
a list of AbstractFiles that are the children of this Directory. Only returns children of type TskData.TSK_DB_FILES_TYPE_ENUM.FS.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 959 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractContent.getChildren().

BlackboardArtifact org.sleuthkit.datamodel.AbstractFile.newArtifact ( int  artifactTypeID) throws TskCoreException

Create and add an artifact associated with this content to the blackboard

Parameters
artifactTypeIDid of the artifact type (if the id doesn't already exist an exception will be thrown)
Returns
the blackboard artifact created (the artifact type id can be looked up from this)
Exceptions
TskCoreExceptionif critical error occurred within tsk core
Deprecated:
Please use newDataArtifact or newAnalysisResult.

Implements org.sleuthkit.datamodel.Content.

Definition at line 1647 of file AbstractFile.java.

References org.sleuthkit.datamodel.BlackboardArtifact.newArtifact().

DataArtifact org.sleuthkit.datamodel.AbstractFile.newDataArtifact ( BlackboardArtifact.Type  artifactType,
Collection< BlackboardAttribute attributesList 
) throws TskCoreException

Create and add a data artifact associated with this abstract file. This method creates the data artifact with the os account id associated with this abstract file if one exists.

Parameters
artifactTypeType of data artifact to create.
attributesListAdditional attributes to attach to this data artifact.
Returns
DataArtifact New data artifact.
Exceptions
TskCoreExceptionIf a critical error occurred within tsk core.

Implements org.sleuthkit.datamodel.Content.

Definition at line 1665 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.getOsAccountObjectId(), and org.sleuthkit.datamodel.BlackboardArtifact.newDataArtifact().

final int org.sleuthkit.datamodel.AbstractFile.read ( byte[]  buf,
long  offset,
long  len 
) throws TskCoreException

Reads data that this content object is associated with (file contents, volume contents, etc.).

Parameters
bufa character array of data (in bytes) to copy read data to
offsetbyte offset in the content to start reading from
lennumber of bytes to read into buf.
Returns
num of bytes read, or -1 on error
Exceptions
TskCoreExceptionif critical error occurred during read in the tsk core

Implements org.sleuthkit.datamodel.Content.

Definition at line 1109 of file AbstractFile.java.

References org.sleuthkit.datamodel.ContentProviderStream.read(), org.sleuthkit.datamodel.AbstractFile.readInt(), and org.sleuthkit.datamodel.AbstractFile.readLocal().

int org.sleuthkit.datamodel.AbstractFile.readInt ( byte[]  buf,
long  offset,
long  len 
) throws TskCoreException
protected

Internal custom read (non-local) method that child classes can implement

Parameters
bufbuffer to read into
offsetstart reading position in the file
lennumber of bytes to read
Returns
number of bytes read
Exceptions
TskCoreExceptionexception thrown when file could not be read

Definition at line 1134 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.read().

final int org.sleuthkit.datamodel.AbstractFile.readLocal ( byte[]  buf,
long  offset,
long  len 
) throws TskCoreException
protected

Local file path read support

Parameters
bufbuffer to read into
offsetstart reading position in the file
lennumber of bytes to read
Returns
number of bytes read
Exceptions
TskCoreExceptionexception thrown when file could not be read

Definition at line 1149 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.getSize(), org.sleuthkit.datamodel.AbstractFile.isDir(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

Referenced by org.sleuthkit.datamodel.AbstractFile.read().

void org.sleuthkit.datamodel.AbstractFile.save ( ) throws TskCoreException

Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state.

Exceptions
TskCoreExceptionif there is an error saving the editable file properties to the case database.

Definition at line 1431 of file AbstractFile.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

void org.sleuthkit.datamodel.AbstractFile.save ( CaseDbTransaction  transaction) throws TskCoreException

Saves the editable properties of this file to the case database, e.g., the MIME type, MD5 hash, and known state, in the context of a given case database transaction.

Parameters
transactionThe transaction.
Exceptions
TskCoreExceptionif there is an error saving the editable file properties to the case database.

Definition at line 1455 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.getCollected(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractFile.getKnown(), org.sleuthkit.datamodel.AbstractFile.getMd5Hash(), org.sleuthkit.datamodel.AbstractFile.getMIMEType(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractFile.getSha1Hash(), and org.sleuthkit.datamodel.AbstractFile.getSha256Hash().

void org.sleuthkit.datamodel.AbstractFile.setCollected ( TskData.CollectedStatus  collected)

Sets the collected status of the file data.

Parameters
collectedThe file data's collected status

Definition at line 760 of file AbstractFile.java.

void org.sleuthkit.datamodel.AbstractFile.setKnown ( TskData.FileKnown  knownState)

Sets the known state for this file. Passed in value will be ignored if it is "less" than the current state. A NOTABLE file cannot be downgraded to KNOWN.

IMPORTANT: The known state is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
knownStateThe known state of the file.

Definition at line 670 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.knownState.

void org.sleuthkit.datamodel.AbstractFile.setLocalPath ( String  localPath,
boolean  isAbsolute 
)
protected

Set local path for the file, as stored in db tsk_files_path, relative to the case db path or an absolute path. When set, subsequent invocations of read() will read the file in the local path.

Parameters
localPathlocal path to be set
isAbsolutetrue if the path is absolute, false if relative to the case db
Deprecated:
Do not make subclasses outside of this package.

Definition at line 1704 of file AbstractFile.java.

void org.sleuthkit.datamodel.AbstractFile.setMd5Hash ( String  md5Hash)

Sets the MD5 hash for this file.

IMPORTANT: The MD5 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
md5HashThe MD5 hash of the file.

Definition at line 532 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.md5Hash.

void org.sleuthkit.datamodel.AbstractFile.setMIMEType ( String  mimeType)

Sets the MIME type for this file.

IMPORTANT: The MIME type is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
mimeTypeThe MIME type of this file.

Definition at line 515 of file AbstractFile.java.

void org.sleuthkit.datamodel.AbstractFile.setSha1Hash ( String  sha1Hash)

Sets the SHA-1 hash for this file.

IMPORTANT: The SHA-1 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
sha1HashThe SHA-1 hash of the file.

Definition at line 576 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha1Hash.

void org.sleuthkit.datamodel.AbstractFile.setSha256Hash ( String  sha256Hash)

Sets the SHA-256 hash for this file.

IMPORTANT: The SHA-256 hash is set for this AbstractFile object, but it is not saved to the case database until AbstractFile.save is called.

Parameters
sha256HashThe SHA-256 hash of the file.

Definition at line 554 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.sha256Hash.

static long org.sleuthkit.datamodel.AbstractFile.timeToEpoch ( String  time)
static

Convert from ISO 8601 formatted date time string to epoch time in seconds

Parameters
timeformatted date time string as "yyyy-MM-dd HH:mm:ss"
Returns
epoch time in seconds

Definition at line 1751 of file AbstractFile.java.

References org.sleuthkit.datamodel.TimeUtilities.timeToEpoch().

String org.sleuthkit.datamodel.AbstractFile.toString ( boolean  preserveState)

Definition at line 1376 of file AbstractFile.java.

References org.sleuthkit.datamodel.AbstractFile.attrType, and org.sleuthkit.datamodel.AbstractFile.fileType.

Member Data Documentation

final int org.sleuthkit.datamodel.AbstractFile.attrId
protected

Definition at line 64 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getAttributeId(), and org.sleuthkit.datamodel.AbstractFile.getAttrId().

final TskData.TSK_FS_ATTR_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.attrType
protected

Definition at line 65 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getAttrType(), and org.sleuthkit.datamodel.AbstractFile.toString().

TSK_FS_NAME_FLAG_ENUM org.sleuthkit.datamodel.AbstractFile.dirFlag
protected

Definition at line 57 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().

final TSK_FS_NAME_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.dirType
protected

Definition at line 55 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getDirType(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().

final Long org.sleuthkit.datamodel.AbstractFile.fileSystemObjectId
protected

Definition at line 59 of file AbstractFile.java.

final TskData.TSK_DB_FILES_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.fileType
protected

Definition at line 54 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.getType(), org.sleuthkit.datamodel.AbstractFile.isVirtual(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.AbstractFile.toString().

TskData.FileKnown org.sleuthkit.datamodel.AbstractFile.knownState
protected

knownState status in database

Definition at line 83 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getKnown(), org.sleuthkit.datamodel.LocalFile.LocalFile(), org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource(), and org.sleuthkit.datamodel.AbstractFile.setKnown().

String org.sleuthkit.datamodel.AbstractFile.md5Hash
protected

Definition at line 88 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMd5Hash(), org.sleuthkit.datamodel.LocalFile.LocalFile(), org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource(), and org.sleuthkit.datamodel.AbstractFile.setMd5Hash().

final long org.sleuthkit.datamodel.AbstractFile.metaAddr
protected

Definition at line 61 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMetaAddr(), and org.sleuthkit.datamodel.FsContent.getMetaDataText().

Set<TSK_FS_META_FLAG_ENUM> org.sleuthkit.datamodel.AbstractFile.metaFlags
protected

Definition at line 58 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().

final int org.sleuthkit.datamodel.AbstractFile.metaSeq
protected

Definition at line 62 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), and org.sleuthkit.datamodel.AbstractFile.getMetaSeq().

final TSK_FS_META_TYPE_ENUM org.sleuthkit.datamodel.AbstractFile.metaType
protected

Definition at line 56 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getMetaType(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().

final Set<TskData.TSK_FS_META_MODE_ENUM> org.sleuthkit.datamodel.AbstractFile.modes
protected

Definition at line 66 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), and org.sleuthkit.datamodel.File.File().

final String org.sleuthkit.datamodel.AbstractFile.parentPath
protected

Definition at line 79 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.LocalFilesDataSource.LocalFilesDataSource().

String org.sleuthkit.datamodel.AbstractFile.sha1Hash
protected

Definition at line 99 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.getSha1Hash(), and org.sleuthkit.datamodel.AbstractFile.setSha1Hash().

String org.sleuthkit.datamodel.AbstractFile.sha256Hash
protected

Definition at line 93 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.AbstractFile.getSha256Hash(), and org.sleuthkit.datamodel.AbstractFile.setSha256Hash().

long org.sleuthkit.datamodel.AbstractFile.size
protected

Definition at line 60 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), org.sleuthkit.datamodel.AbstractFile.getSize(), org.sleuthkit.datamodel.LocalFile.LocalFile(), and org.sleuthkit.datamodel.FsContent.readInt().

final int org.sleuthkit.datamodel.AbstractFile.uid
protected

Definition at line 63 of file AbstractFile.java.

Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), and org.sleuthkit.datamodel.AbstractFile.getUid().

The documentation for this class was generated from the following file:

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.