|
Sleuth Kit Java Bindings (JNI)
4.12.1
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.12.1
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractFile.
Inherited by org.sleuthkit.datamodel.Directory, org.sleuthkit.datamodel.File, and org.sleuthkit.datamodel.SlackFile.
Public Member Functions | |
| synchronized void | close () |
| void | finalize () throws Throwable |
| Content | getDataSource () throws TskCoreException |
| long | getFileSystemId () |
| synchronized List< String > | getMetaDataText () throws TskCoreException |
| AbstractFile | getParentDirectory () throws TskCoreException |
| boolean | isRoot () |
| String | toString (boolean preserveState) |
 Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| void | addAttributes (Collection< Attribute > attributes, final SleuthkitCase.CaseDbTransaction caseDbTransaction) throws TskCoreException |
| boolean | canRead () |
| void | close () |
| long | convertToImgOffset (long fileOffset) throws TskCoreException |
| List< TskFileRange > | convertToImgRanges (long fileOffset, long length) throws TskCoreException |
| boolean | exists () |
| long | getAtime () |
| String | getAtimeAsDate () |
| int | getAttributeId () |
| List< Attribute > | getAttributes () throws TskCoreException |
| short | getAttrId () |
| TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
| TskData.CollectedStatus | getCollected () |
| long | getCrtime () |
| String | getCrtimeAsDate () |
| long | getCtime () |
| String | getCtimeAsDate () |
| Content | getDataSource () throws TskCoreException |
| long | getDataSourceObjectId () |
| String | getDirFlagAsString () |
| TSK_FS_NAME_TYPE_ENUM | getDirType () |
| String | getDirTypeAsString () |
| FileSystem | getFileSystem () throws TskCoreException |
| Optional< Long > | getFileSystemObjectId () |
| int | getGid () |
| TskData.FileKnown | getKnown () |
| String | getLocalAbsPath () |
| String | getLocalPath () |
| String | getMd5Hash () |
| long | getMetaAddr () |
| String | getMetaFlagsAsString () |
| long | getMetaSeq () |
| TSK_FS_META_TYPE_ENUM | getMetaType () |
| String | getMetaTypeAsString () |
| String | getMIMEType () |
| String | getModesAsString () |
| long | getMtime () |
| String | getMtimeAsDate () |
| String | getNameExtension () |
| Optional< Long > | getOsAccountObjectId () |
| Optional< String > | getOwnerUid () |
| String | getParentPath () |
| List< TskFileRange > | getRanges () throws TskCoreException |
| String | getSha1Hash () |
| String | getSha256Hash () |
| long | getSize () |
| TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
| int | getUid () |
| String | getUniquePath () throws TskCoreException |
| boolean | hasFileSystem () |
| boolean | isDir () |
| boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
| boolean | isFile () |
| boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
| MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
| boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
| abstract boolean | isRoot () |
| boolean | isVirtual () |
| List< AbstractFile > | listFiles () throws TskCoreException |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| final int | read (byte[] buf, long offset, long len) throws TskCoreException |
| void | save () throws TskCoreException |
| void | save (CaseDbTransaction transaction) throws TskCoreException |
| void | setCollected (TskData.CollectedStatus collected) |
| void | setKnown (TskData.FileKnown knownState) |
| void | setMd5Hash (String md5Hash) |
| void | setMIMEType (String mimeType) |
| void | setSha1Hash (String sha1Hash) |
| void | setSha256Hash (String sha256Hash) |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| boolean | equals (Object obj) |
| Score | getAggregateScore () throws TskCoreException |
| List< AnalysisResult > | getAllAnalysisResults () throws TskCoreException |
| ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
| long | getAllArtifactsCount () throws TskCoreException |
| List< DataArtifact > | getAllDataArtifacts () throws TskCoreException |
| List< AnalysisResult > | getAnalysisResults (BlackboardArtifact.Type artifactType) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
| long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
| long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
| List< Content > | getChildren () throws TskCoreException |
| int | getChildrenCount () throws TskCoreException |
| List< Long > | getChildrenIds () throws TskCoreException |
| Content | getDataSource () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
| Set< String > | getHashSetNames () throws TskCoreException |
| long | getId () |
| String | getName () |
| Content | getParent () throws TskCoreException |
| Optional< Long > | getParentId () throws TskCoreException |
| SleuthkitCase | getSleuthkitCase () |
| String | getUniquePath () throws TskCoreException |
| boolean | hasChildren () throws TskCoreException |
| int | hashCode () |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| AnalysisResultAdded | newAnalysisResult (BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId) throws TskCoreException |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId) throws TskCoreException |
| DataArtifact | newDataArtifact (BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList) throws TskCoreException |
| String | toString () |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
| public< T > T | accept (ContentVisitor< T > v) |
| long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
| Public Member Functions inherited from org.sleuthkit.datamodel.SleuthkitVisitableItem | |
| public< T > T | accept (SleuthkitItemVisitor< T > v) |
Protected Member Functions | |
| synchronized int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| void | finalize () throws Throwable |
| int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
| final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
| void | setLocalPath (String localPath, boolean isAbsolute) |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Protected Attributes | |
| volatile long | fileHandle = 0 |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractFile | |
| final int | attrId |
| final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
| TSK_FS_NAME_FLAG_ENUM | dirFlag |
| final TSK_FS_NAME_TYPE_ENUM | dirType |
| final Long | fileSystemObjectId |
| final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
| TskData.FileKnown | knownState |
| String | md5Hash |
| final long | metaAddr |
| Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
| final int | metaSeq |
| final TSK_FS_META_TYPE_ENUM | metaType |
| final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
| final String | parentPath |
| String | sha1Hash |
| String | sha256Hash |
| long | size |
| final int | uid |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| long | parentId |
Additional Inherited Members | |
| Static Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| static String | createNonUniquePath (String uniquePath) |
| static String | epochToTime (long epoch) |
| static String | epochToTime (long epoch, TimeZone tzone) |
| static long | timeToEpoch (String time) |
| Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| static final long | UNKNOWN_ID = -1 |
An abstract base class for representations of a file system files or directories that have been added to a case.
TODO move common getters to AbstractFile class
Definition at line 40 of file FsContent.java.
| synchronized void org.sleuthkit.datamodel.FsContent.close | ( | ) |
Closes the JNI file handle for this file or directory.
Implements org.sleuthkit.datamodel.Content.
Definition at line 263 of file FsContent.java.
References org.sleuthkit.datamodel.SleuthkitJNI.closeFile().
Referenced by org.sleuthkit.datamodel.FsContent.finalize().
| void org.sleuthkit.datamodel.FsContent.finalize | ( | ) | throws Throwable |
Closes the JNI file handle for this file or directory when the FsContent object is garbage-collected.
Definition at line 275 of file FsContent.java.
References org.sleuthkit.datamodel.FsContent.close().
| Content org.sleuthkit.datamodel.FsContent.getDataSource | ( | ) | throws TskCoreException |
Gets the data source (image) for this file or directory directory.
| TskCoreException | if there is an error querying the case database. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 228 of file FsContent.java.
References org.sleuthkit.datamodel.AbstractContent.getDataSource(), and org.sleuthkit.datamodel.AbstractFile.getFileSystem().
Referenced by org.sleuthkit.datamodel.FsContent.readInt().
| long org.sleuthkit.datamodel.FsContent.getFileSystemId | ( | ) |
Get the object id of the parent file system of this file or directory.
Definition at line 138 of file FsContent.java.
References org.sleuthkit.datamodel.AbstractFile.getFileSystemObjectId().
Referenced by org.sleuthkit.datamodel.FsContent.toString().
| synchronized List<String> org.sleuthkit.datamodel.FsContent.getMetaDataText | ( | ) | throws TskCoreException |
Gets a text-based description of the file's metadata. This is the same content as the TSK istat tool produces and is different information for each type of file system.
| TskCoreException |
Definition at line 241 of file FsContent.java.
References org.sleuthkit.datamodel.SleuthkitJNI.getFileMetaDataText(), and org.sleuthkit.datamodel.AbstractFile.metaAddr.
| AbstractFile org.sleuthkit.datamodel.FsContent.getParentDirectory | ( | ) | throws TskCoreException |
Gets the parent directory of this file or directory.
| TskCoreException | if there was an error querying the case database. |
Definition at line 216 of file FsContent.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| boolean org.sleuthkit.datamodel.FsContent.isRoot | ( | ) |
Definition at line 198 of file FsContent.java.
References org.sleuthkit.datamodel.AbstractFile.getFileSystem(), org.sleuthkit.datamodel.AbstractFile.getMetaAddr(), and org.sleuthkit.datamodel.FileSystem.getRoot_inum().
|
protected |
Reads bytes from this file or directory.
| buf | Buffer to read into. |
| offset | Start position in the file. |
| len | Number of bytes to read. |
| TskCoreException | if there is a problem reading the file. |
Definition at line 182 of file FsContent.java.
References org.sleuthkit.datamodel.FsContent.getDataSource(), org.sleuthkit.datamodel.SleuthkitJNI.readFile(), and org.sleuthkit.datamodel.AbstractFile.size.
| String org.sleuthkit.datamodel.FsContent.toString | ( | boolean | preserveState | ) |
Provides a string representation of this file or directory.
| preserveState | True if state should be included in the string representation of this object. |
Definition at line 290 of file FsContent.java.
References org.sleuthkit.datamodel.FsContent.getFileSystemId(), and org.sleuthkit.datamodel.AbstractFile.getUniquePath().
|
protected |
Definition at line 51 of file FsContent.java.
Referenced by org.sleuthkit.datamodel.SlackFile.readInt().
Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
