|
Sleuth Kit Java Bindings (JNI)
4.13.0
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.13.0
Java bindings for using The Sleuth Kit
|
Classes | |
| class | CaseDbHandle |
| class | TestOpenImageResult |
Static Public Member Functions | |
| static Image | addImageToDatabase (SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId) throws TskCoreException |
| static Image | addImageToDatabase (SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId, Host host) throws TskCoreException |
| static Image | addImageToDatabase (SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId, String password, Host host) throws TskCoreException |
| static void | addToHashDatabase (String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException |
| static void | addToHashDatabase (List< HashEntry > hashes, int dbHandle) throws TskCoreException |
| static void | cancelFinishImage (long imgHandle) |
| static void | closeAllHashDatabases () throws TskCoreException |
| static void | closeFile (long fileHandle) |
| static void | closeFile (long fileHandle, SleuthkitCase skCase) |
| static void | closeFs (long fsHandle) |
| static void | closeHashDatabase (int dbHandle) throws TskCoreException |
| static void | closeImg (long imgHandle) |
| static void | closeVs (long vsHandle) |
| static int | createHashDatabase (String path) throws TskCoreException |
| static void | createLookupIndexForHashDatabase (int dbHandle) throws TskCoreException |
| static long | findDeviceSize (String devPath) throws TskCoreException |
| static int | finishImageWriter (long imgHandle) throws TskCoreException |
| static List< String > | getFileMetaDataText (long fileHandle) throws TskCoreException |
| static int | getFinishImageProgress (long imgHandle) |
| static String | getHashDatabaseDisplayName (int dbHandle) throws TskCoreException |
| static String | getHashDatabaseIndexPath (int dbHandle) throws TskCoreException |
| static String | getHashDatabasePath (int dbHandle) throws TskCoreException |
| static String | getVersion () |
| static boolean | hashDatabaseCanBeReindexed (int dbHandle) throws TskCoreException |
| static boolean | hashDatabaseHasLookupIndex (int dbHandle) throws TskCoreException |
| static boolean | hashDatabaseIsIndexOnly (int dbHandle) throws TskCoreException |
| static boolean | isImageSupported (String imagePath) |
| static boolean | isUpdateableHashDatabase (int dbHandle) throws TskCoreException |
| static boolean | lookupInHashDatabase (String hash, int dbHandle) throws TskCoreException |
| static HashHitInfo | lookupInHashDatabaseVerbose (String hash, int dbHandle) throws TskCoreException |
| static long | openFile (long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, SleuthkitCase skCase) throws TskCoreException |
| static long | openFile (long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException |
| static long | openFs (long imgHandle, long fsOffset, SleuthkitCase skCase) throws TskCoreException |
| static long | openFs (long imgHandle, long fsOffset, String password, SleuthkitCase skCase) throws TskCoreException |
| static long | openFs (long imgHandle, long fsOffset) throws TskCoreException |
| static int | openHashDatabase (String path) throws TskCoreException |
| static long | openImage (String[] imageFiles, SleuthkitCase skCase) throws TskCoreException |
| static long | openImage (String[] imageFiles, int sSize, SleuthkitCase skCase) throws TskCoreException |
| static long | openImage (String[] imageFiles) throws TskCoreException |
| static long | openImage (String[] imageFiles, int sSize) throws TskCoreException |
| static long | openVs (long imgHandle, long vsOffset) throws TskCoreException |
| static long | openVsPart (long vsHandle, long volId) throws TskCoreException |
| static int | readFile (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readFileSlack (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readFs (long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readImg (long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readVs (long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readVsPart (long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static void | startVerboseLogging (String logPath) |
| static TestOpenImageResult | testOpenImage (String imagePath, String password) |
A utility class that provides a interface to the SleuthKit via JNI. Supports case management, add image process, reading data off content objects Setting up Hash database parameters and updating / reading values
Caches image and filesystem handles and reuses them for the duration of the application
Definition at line 53 of file SleuthkitJNI.java.
|
static |
Add an image to the database and return the open image.
| skCase | The current case. |
| imagePaths | The path(s) to the image (will just be the first for .e01, .001, etc). |
| sectorSize | The sector size (0 for auto-detect). |
| timeZone | The time zone. |
| md5fromSettings | MD5 hash (if known). |
| sha1fromSettings | SHA1 hash (if known). |
| sha256fromSettings | SHA256 hash (if known). |
| deviceId | Device ID. |
| TskCoreException |
Definition at line 954 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.addImageToDatabase(), and org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run().
|
static |
Add an image to the database and return the open image.
| skCase | The current case. |
| imagePaths | The path(s) to the image (will just be the first for .e01, .001, etc). |
| sectorSize | The sector size (0 for auto-detect). |
| timeZone | The time zone. |
| md5fromSettings | MD5 hash (if known). |
| sha1fromSettings | SHA1 hash (if known). |
| sha256fromSettings | SHA256 hash (if known). |
| deviceId | Device ID. |
| host | Host. |
| TskCoreException |
Definition at line 977 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.addImageToDatabase().
|
static |
Add an image to the database and return the open image.
| skCase | The current case. |
| imagePaths | The path(s) to the image (will just be the first for .e01, .001, etc). |
| sectorSize | The sector size (0 for auto-detect). |
| timeZone | The time zone. |
| md5fromSettings | MD5 hash (if known). |
| sha1fromSettings | SHA1 hash (if known). |
| sha256fromSettings | SHA256 hash (if known). |
| deviceId | Device ID. |
| password | The password to decrypt the image. |
| host | Host. |
| TskCoreException |
Definition at line 1002 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitCase.addImage(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), and org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.valueOf().
|
static |
Adds a hash value to a hash database.
| filename | Name of file (can be null) |
| md5 | Text of MD5 hash (can be null) |
| sha1 | Text of SHA1 hash (can be null) |
| sha256 | Text of SHA256 hash (can be null) |
| comment | A comment (can be null) |
| dbHandle | Handle to DB |
| TskCoreException |
Definition at line 1840 of file SleuthkitJNI.java.
|
static |
Definition at line 1844 of file SleuthkitJNI.java.
|
static |
Cancel the finish image process
| imgHandle |
Definition at line 1952 of file SleuthkitJNI.java.
|
static |
Close the currently open lookup databases. Resets the handle counting.
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1769 of file SleuthkitJNI.java.
|
static |
frees the fileHandle pointer
| fileHandle | pointer to file structure in sleuthkit |
Definition at line 1627 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.close().
|
static |
frees the fileHandle pointer
| fileHandle | pointer to file structure in sleuthkit |
| skCase | the case containing the file |
Definition at line 1637 of file SleuthkitJNI.java.
|
static |
frees the fsHandle pointer Currently does not do anything - fsHandle should only be freed as part of CaseDbHandle.free().
| fsHandle | pointer to file system structure in sleuthkit |
Definition at line 2103 of file SleuthkitJNI.java.
|
static |
Close a particular open lookup database. Existing handles are not affected.
| dbHandle | Handle of database to close. |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1782 of file SleuthkitJNI.java.
|
static |
frees the imgHandle pointer currently does not close the image - imgHandle should only be freed as part of CaseDbHandle.free().
| imgHandle | to close the image |
Definition at line 2082 of file SleuthkitJNI.java.
|
static |
frees the vsHandle pointer - currently does nothing
| vsHandle | pointer to volume system structure in sleuthkit |
Definition at line 2092 of file SleuthkitJNI.java.
|
static |
Creates a hash database. Will be of the default TSK hash database type.
| path | The path to the database |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1759 of file SleuthkitJNI.java.
|
static |
Create an index for a hash database.
| dbHandle | A hash database handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1683 of file SleuthkitJNI.java.
|
static |
Get size of a device (physical, logical device, image) pointed to by devPath
| devPath | device path pointing to the device |
| TskCoreException | exception thrown if the device size could not be queried |
Definition at line 1974 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.getSize().
|
static |
Fills in any gaps in the image created by image writer.
| imgHandle | The image handle. |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1915 of file SleuthkitJNI.java.
|
static |
Get human readable (some what) details about a file. This is the same as the 'istat' TSK tool
| fileHandle | pointer to file structure in the sleuthkit |
| TskCoreException | if errors occurred |
Definition at line 1587 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.getMetaDataText().
|
static |
Get the current progress of the finish image process (0-100)
| imgHandle |
Definition at line 1934 of file SleuthkitJNI.java.
|
static |
Get the name of the database
| dbHandle | Previously opened hash db handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1795 of file SleuthkitJNI.java.
|
static |
getHashDatabaseIndexPath
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1736 of file SleuthkitJNI.java.
|
static |
getHashDatabasePath
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1723 of file SleuthkitJNI.java.
|
static |
get the Sleuth Kit version string
Definition at line 791 of file SleuthkitJNI.java.
|
static |
hashDatabaseCanBeReindexed
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1710 of file SleuthkitJNI.java.
|
static |
Check if an index exists for a hash database.
| dbHandle | A hash database handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1696 of file SleuthkitJNI.java.
|
static |
Definition at line 1866 of file SleuthkitJNI.java.
|
static |
Definition at line 1978 of file SleuthkitJNI.java.
|
static |
Definition at line 1862 of file SleuthkitJNI.java.
|
static |
Lookup the given hash value and get basic answer
| hash | Hash value to search for. |
| dbHandle | Handle of database to lookup in. |
| TskCoreException |
Definition at line 1809 of file SleuthkitJNI.java.
|
static |
Lookup hash value in DB and return details on results (more time consuming than basic lookup)
| hash | Hash value to search for |
| dbHandle | Handle of database to lookup in. |
| TskCoreException |
Definition at line 1824 of file SleuthkitJNI.java.
|
static |
Get file Handle
| fsHandle | fsHandle pointer in the sleuthkit |
| fileId | id of the file |
| attrType | file attribute type to open |
| attrId | file attribute id to open |
| skCase | the case associated with this file |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1276 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Get file Handle
| fsHandle | fsHandle pointer in the sleuthkit |
| fileId | id of the file |
| attrType | file attribute type to open |
| attrId | file attribute id to open |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2176 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
| imgHandle | pointer to imgHandle in sleuthkit |
| fsOffset | byte offset to the file system |
| skCase | the case containing the file system |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1159 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFs().
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
| imgHandle | pointer to imgHandle in sleuthkit |
| fsOffset | byte offset to the file system |
| password | image password |
| skCase | the case containing the file system |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1177 of file SleuthkitJNI.java.
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
| imgHandle | pointer to imgHandle in sleuthkit |
| fsOffset | byte offset to the file system |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2157 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openFs().
|
static |
Open a hash database for lookups
| path | Path to Hash DB or index file |
| TskCoreException | if there is an error opening the DB |
Definition at line 1746 of file SleuthkitJNI.java.
|
static |
Open the image and return the image info pointer.
| imageFiles | the paths to the images |
| skCase | the case this image belongs to |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 815 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.getImageHandle(), and org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image with a specified sector size and return the image info pointer.
| imageFiles | the paths to the images |
| sSize | the sector size (use '0' for autodetect) |
| skCase | the case this image belongs to |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 835 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image and return the image info pointer.
| imageFiles | the paths to the images |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2119 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image with a specified sector size and return the image info pointer.
| imageFiles | the paths to the images |
| sSize | the sector size (use '0' for autodetect) |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 2138 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Get volume system Handle
| imgHandle | a handle to previously opened image |
| vsOffset | byte offset in the image to the volume system (usually 0) |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1064 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle().
|
static |
Get volume Handle
| vsHandle | pointer to the volume system structure in the sleuthkit |
| volId | id of the volume |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1088 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Volume.read().
|
static |
reads data from an file
| fileHandle | pointer to a file structure in the sleuthkit |
| readBuffer | pre-allocated buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1517 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.readInt().
|
static |
reads data from the slack space of a file
| fileHandle | pointer to a file structure in the sleuthkit |
| readBuffer | pre-allocated buffer to read to |
| offset | byte offset in the slack to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1564 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SlackFile.readInt().
|
static |
reads data from an file system
| fsHandle | pointer to a file system structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1474 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FileSystem.read().
|
static |
reads data from an image
| imgHandle | |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1379 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.read().
|
static |
reads data from an volume system
| vsHandle | pointer to a volume system structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | sector offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1406 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.VolumeSystem.read().
|
static |
reads data from an volume
| volHandle | pointer to a volume structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1450 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Volume.read().
|
static |
Enable verbose logging and redirect stderr to the given log file.
| logPath | the log file path |
Definition at line 800 of file SleuthkitJNI.java.
|
static |
Tries opening the image with the optional password.
| imagePath | Path to the image (will just be the first for .e01, .001, etc). |
| password | Password to use when trying to decrypt the volumes. Leave blank for no password. |
Definition at line 2016 of file SleuthkitJNI.java.
Copyright © 2011-2024 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
