jni-docs/4.15.0-develop/_sleuthkit_j_n_i_8java_source.html

/*

 * Sleuth Kit Data Model

 *

 * Copyright 2011-2018 Basis Technology Corp.

 * Contact: carrier <at> sleuthkit <dot> org

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *       http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package org.sleuthkit.datamodel;


import com.google.common.annotations.Beta;

import java.io.BufferedReader;

import java.io.FileReader;

import java.io.IOException;

import java.text.DateFormat;

import java.text.SimpleDateFormat;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.GregorianCalendar;

import java.util.HashMap;

import java.util.HashSet;

import java.util.List;

import java.util.Map;

import java.util.Set;

import java.util.TimeZone;

import java.util.UUID;

import java.util.concurrent.locks.ReadWriteLock;

import java.util.concurrent.locks.ReentrantReadWriteLock;

import java.util.logging.Level;

import java.util.logging.Logger;

import org.apache.commons.lang3.StringUtils;

import org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM;

import org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction;


public class SleuthkitJNI {


        private static final Logger logger = Logger.getLogger(SleuthkitJNI.class.getName());


        private static final ReadWriteLock tskLock = new ReentrantReadWriteLock();


        /*

         * Loads the SleuthKit libraries.

         */

        static {

                LibraryUtils.loadSleuthkitJNI();

        }


        private SleuthkitJNI() {

        }


        private static class CaseHandles {

                /*

                 * A SleuthKit image handle cache implemented as a mappng of

                 * concatenated image file paths to image handles.

                 */

                private final Map<String, Long> imageHandleCache = new HashMap<>();


                /*

                 * A SleuthKit file system handles cache implemented as a mapping of

                 * image handles to image offset and file system handle pairs.

                 */

                private final Map<Long, Map<Long, Long>> fsHandleCache = new HashMap<>();


                /*

                 * The collection of open file handles. We will only allow requests

                 * through to the C code if the file handle exists in this collection.

                 */

                private final Set<Long> fileHandleCache = new HashSet<>();


                private final Map<Long, List<Long>> fileSystemToFileHandles = new HashMap<>();


                private final Map<Long, Map<Long, Long>> poolHandleCache = new HashMap<>();


                // The poolImgCache is only used to close the images later.

                private final List<Long> poolImgCache = new ArrayList<>();


                /*

                 * Currently, our APFS code is not thread-safe and it is the only code

                 * that uses pools. To prevent crashes, we make any reads to a file system

                 * contained in a pool single-threaded. This cache keeps track of which

                 * open file system handles are contained in a pool so we can set the locks

                 * appropriately.

                 */

                private final List<Long> poolFsList = new ArrayList<>();


                private CaseHandles() {

                        // Nothing to do here

                }

        }


        private static class HandleCache {


                /*

                 * A monitor used to guard access to cached Sleuthkit JNI handles.

                 */

                private static final Object cacheLock = new Object();


                private static final Map<String, CaseHandles> caseHandlesCache = new HashMap<>();


                private static final String INVALID_FILE_HANDLE = "Invalid file handle."; //NON-NLS


                /*

                 * Currently, our APFS code is not thread-safe and it is the only code

                 * that uses pools. To prevent crashes, we make any reads to a file system

                 * contained in a pool single-threaded. This cache keeps track of which

                 * open file handles are contained in a pool so we can set the locks

                 * appropriately.

                 *

                 * Access to this list should be guarded by cacheLock.

                 */

                private static final List<Long> poolFileHandles = new ArrayList<>();


                private static void createCaseHandleCache(String caseIdentifier) {

                        caseHandlesCache.put(caseIdentifier, new CaseHandles());

                }


                private static String getDefaultCaseIdentifier() throws TskCoreException {

                        synchronized (cacheLock) {

                                if (caseHandlesCache.keySet().size() > 1) {

                                        throw new TskCoreException("Can not get default case identifier with multiple open cases");

                                } else if (caseHandlesCache.keySet().isEmpty()) {

                                        throw new TskCoreException("Can not get default case identifier with no open case");

                                }


                                return (caseHandlesCache.keySet().iterator().next());

                        }

                }


                private static CaseHandles getCaseHandles(String caseIdentifier) throws TskCoreException {

                        synchronized (cacheLock) {

                                if (caseHandlesCache.containsKey(caseIdentifier)) {

                                        return caseHandlesCache.get(caseIdentifier);

                                }

                                // If the CaseHandles object isn't in there, it should mean the case has been closed.

                                throw new TskCoreException("No entry for case " + caseIdentifier + " in cache. Case may have been closed");

                        }

                }


                private static void removeCaseHandlesCache(String caseIdentifier) {

                        synchronized (cacheLock) {

                                if (caseHandlesCache.containsKey(caseIdentifier)) {

                                        caseHandlesCache.get(caseIdentifier).fsHandleCache.clear();

                                        caseHandlesCache.get(caseIdentifier).imageHandleCache.clear();

                                        caseHandlesCache.get(caseIdentifier).fileHandleCache.clear();

                                        caseHandlesCache.get(caseIdentifier).fileSystemToFileHandles.clear();

                                        caseHandlesCache.get(caseIdentifier).poolHandleCache.clear();

                                        caseHandlesCache.remove(caseIdentifier);

                                }

                        }

                }


                private static boolean isImageInAnyCache(long imgHandle) {

                        synchronized (cacheLock) {

                                for (String caseIdentifier:caseHandlesCache.keySet()) {

                                        if (caseHandlesCache.get(caseIdentifier).fsHandleCache.keySet().contains(imgHandle)) {

                                                return true;

                                        }

                                }

                                return false;

                        }

                }


                private static void addFileHandle(String caseIdentifier, long fileHandle, long fsHandle) {

                        try {

                                synchronized (cacheLock) {

                                        // Add to collection of open file handles.

                                        getCaseHandles(caseIdentifier).fileHandleCache.add(fileHandle);


                                        // Add to map of file system to file handles.

                                        if (getCaseHandles(caseIdentifier).fileSystemToFileHandles.containsKey(fsHandle)) {

                                                getCaseHandles(caseIdentifier).fileSystemToFileHandles.get(fsHandle).add(fileHandle);

                                        } else {

                                                getCaseHandles(caseIdentifier).fileSystemToFileHandles.put(fsHandle, new ArrayList<>(Arrays.asList(fileHandle)));

                                        }

                                }

                        } catch (TskCoreException ex) {

                                logger.log(Level.WARNING, "Error caching file handle for case {0}", caseIdentifier);

                        }

                }


                private static void removeFileHandle(long fileHandle, SleuthkitCase skCase) {

                        synchronized (cacheLock) {

                                // Remove from collection of open file handles.

                                if (skCase != null) {

                                        try {

                                                getCaseHandles(skCase.getCaseHandleIdentifier()).fileHandleCache.remove(fileHandle);

                                        } catch (TskCoreException ex) {

                                                // If the call to getCaseHandles() failed, we've already cleared the cache.

                                        }

                                } else {

                                        // If we don't know what case the handle is from, delete the first one we find

                                        for (String caseIdentifier:caseHandlesCache.keySet()) {

                                                if (caseHandlesCache.get(caseIdentifier).fileHandleCache.contains(fileHandle)) {

                                                        caseHandlesCache.get(caseIdentifier).fileHandleCache.remove(fileHandle);

                                                        return;

                                                }

                                        }

                                }

                        }

                }


                private static boolean isValidFileHandle(long fileHandle) {

                        synchronized (cacheLock) {

                                for (String caseIdentifier:caseHandlesCache.keySet()) {

                                        if (caseHandlesCache.get(caseIdentifier).fileHandleCache.contains(fileHandle)) {

                                                return true;

                                        }

                                }

                                return false;

                        }

                }


                private static void closeHandlesAndClearCache(String caseIdentifier) throws TskCoreException {

                        synchronized (cacheLock) {

                                /*

                                 * Close any cached file system handles.

                                 */

                                for (Map<Long, Long> imageToFsMap : getCaseHandles(caseIdentifier).fsHandleCache.values()) {

                                        for (Long fsHandle : imageToFsMap.values()) {

                                                // First close all open file handles for the file system.

                                                if (getCaseHandles(caseIdentifier).fileSystemToFileHandles.containsKey(fsHandle)) {

                                                        for (Long fileHandle : getCaseHandles(caseIdentifier).fileSystemToFileHandles.get(fsHandle)) {

                                                                // Update the cache of file handles contained in pools

                                                                if (poolFileHandles.contains(fileHandle)) {

                                                                        poolFileHandles.remove(fileHandle);

                                                                }

                                                                closeFile(fileHandle);

                                                        }

                                                }

                                                // Then close the file system handle.

                                                closeFsNat(fsHandle);

                                        }

                                }


                                /*

                                 * Clear out the list of pool file systems.

                                 */

                                getCaseHandles(caseIdentifier).poolFsList.clear();


                                /*

                                 * Close any cached pools

                                 */

                                for (Long imgHandle : getCaseHandles(caseIdentifier).poolHandleCache.keySet()) {

                                        for (Long poolHandle : getCaseHandles(caseIdentifier).poolHandleCache.get(imgHandle).values()) {

                                                closePoolNat(poolHandle);

                                        }

                                }


                                /*

                                 * Close any open pool images

                                 */

                                for (Long imageHandle : getCaseHandles(caseIdentifier).poolImgCache) {

                                        closeImgNat(imageHandle);

                                }


                                /*

                                 * Close any cached image handles.

                                 */

                                for (Long imageHandle : getCaseHandles(caseIdentifier).imageHandleCache.values()) {

                                        closeImgNat(imageHandle);

                                }


                                removeCaseHandlesCache(caseIdentifier);

                        }


                }

        }


        public static class CaseDbHandle {


                /*

                 * A unique indentifier for a case

                 */

                private final String caseDbIdentifier;


                private CaseDbHandle(String databaseName) {

                        this.caseDbIdentifier = "SingleUser:" + databaseName; // NON-NLS

                        HandleCache.createCaseHandleCache(caseDbIdentifier);

                }


                private CaseDbHandle(String databaseName, CaseDbConnectionInfo info) {

                        this.caseDbIdentifier = "MultiUser:" + info.getHost() + ":" + databaseName;

                        HandleCache.createCaseHandleCache(caseDbIdentifier);

                }


                String getCaseDbIdentifier() {

                        return caseDbIdentifier;

                }


                void free() throws TskCoreException {

                        tskLock.writeLock().lock();

                        try {

                                HandleCache.closeHandlesAndClearCache(caseDbIdentifier);

                                //SleuthkitJNI.closeCaseDbNat(caseDbIdentifier);

                        } finally {

                                tskLock.writeLock().unlock();

                        }

                }


                long addImageInfo(long deviceObjId, List<String> imageFilePaths, String timeZone, Host host, String password, SleuthkitCase skCase) throws TskCoreException {


                        try {

                                if (host == null) {

                                        String hostName;

                                        if (imageFilePaths.size() > 0) {

                                                String path = imageFilePaths.get(0);

                                                hostName = (new java.io.File(path)).getName() + " Host";

                                        } else {

                                                hostName = "Image_" + deviceObjId + " Host";

                                        }

                                        host = skCase.getHostManager().newHost(hostName);

                                }

                                TskCaseDbBridge dbHelper = new TskCaseDbBridge(skCase, new DefaultAddDataSourceCallbacks(), host);

                                long tskAutoDbPointer = initializeAddImgPasswordNat(dbHelper, timezoneLongToShort(timeZone), false, false, false, password);

                                runOpenAndAddImgNat(tskAutoDbPointer, UUID.randomUUID().toString(), imageFilePaths.toArray(new String[0]), imageFilePaths.size(), timeZone);

                                long id = finishAddImgNat(tskAutoDbPointer);

                                dbHelper.finish();

                                skCase.addDataSourceToHasChildrenMap();

                                return id;

                        } catch (TskDataException ex) {

                                throw new TskCoreException("Error adding image to case database", ex);

                        }

                }


                AddImageProcess initAddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageCopyPath, String password, SleuthkitCase skCase) {

                        return new AddImageProcess(timeZone, addUnallocSpace, skipFatFsOrphans, imageCopyPath, password, skCase);

                }


                public class AddImageProcess {


                        private final String timeZone;

                        private final boolean addUnallocSpace;

                        private final boolean skipFatFsOrphans;

                        private final String imageWriterPath;

                        private volatile long tskAutoDbPointer;

                        private long imageId = 0;

                        private boolean isCanceled;

                        private final SleuthkitCase skCase;

                        private TskCaseDbBridge dbHelper;

                        private final String password;


                        private AddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageWriterPath, String password, SleuthkitCase skCase) {

                                this.timeZone = timeZone;

                                this.addUnallocSpace = addUnallocSpace;

                                this.skipFatFsOrphans = skipFatFsOrphans;

                                this.imageWriterPath = imageWriterPath;

                                tskAutoDbPointer = 0;

                                this.isCanceled = false;

                                this.skCase = skCase;

                                this.password = password;


                        }


                        public void run(String deviceId, String[] imageFilePaths, int sectorSize) throws TskCoreException, TskDataException {

                                Image img = addImageToDatabase(skCase, imageFilePaths, sectorSize, "", "", "", "", deviceId, password, null);

                                run(deviceId, img, sectorSize, new DefaultAddDataSourceCallbacks());

                        }


                        public void run(String deviceId, Image image, int sectorSize,

                                        AddDataSourceCallbacks addDataSourceCallbacks) throws TskCoreException, TskDataException {


                                dbHelper = new TskCaseDbBridge(skCase, addDataSourceCallbacks, image.getHost());

                                getTSKReadLock();

                                try {

                                        long imageHandle = 0;

                                        synchronized (this) {

                                                if (0 != tskAutoDbPointer) {

                                                        throw new TskCoreException("Add image process already started");

                                                }

                                                if (!isCanceled) { //with isCanceled being guarded by this it will have the same value everywhere in this synchronized block

                                                        imageHandle = image.getImageHandle();

                                                        tskAutoDbPointer = initAddImgNatPassword(dbHelper, timezoneLongToShort(timeZone), addUnallocSpace, skipFatFsOrphans, password);

                                                }

                                                if (0 == tskAutoDbPointer) {

                                                        throw new TskCoreException("initAddImgNat returned a NULL TskAutoDb pointer");

                                                }

                                        }

                                        if (imageHandle != 0) {

                                                runAddImgNat(tskAutoDbPointer, deviceId, imageHandle, image.getId(), timeZone, imageWriterPath);

                                        }

                                } finally {

                                        finishAddImageProcess();

                                        releaseTSKReadLock();

                                }

                        }


                        public synchronized void stop() throws TskCoreException {

                                getTSKReadLock();

                                try {

                                        isCanceled = true;

                                        if (tskAutoDbPointer != 0) {

                                                stopAddImgNat(tskAutoDbPointer);

                                        }

                                } finally {

                                        releaseTSKReadLock();

                                }

                        }


                        private synchronized void finishAddImageProcess() throws TskCoreException {

                                if (tskAutoDbPointer == 0) {

                                        return;

                                }


                                // If the process wasn't cancelled, finish up processing the

                                // remaining files.

                                if (! this.isCanceled && dbHelper != null) {

                                        dbHelper.finish();

                                }


                                // Free the auto DB pointer and get the image ID

                                imageId = finishAddImgNat(tskAutoDbPointer);

                                tskAutoDbPointer = 0;


                                skCase.addDataSourceToHasChildrenMap();

                        }


                        @Deprecated


                        public synchronized void revert() throws TskCoreException {

                                // No-op

                        }


                        @Deprecated


                        public synchronized long commit() throws TskCoreException {

                                return imageId;

                        }


                        public synchronized String currentDirectory() {

                                return tskAutoDbPointer == 0 ? "" : getCurDirNat(tskAutoDbPointer); //NON-NLS

                        }


                        @Deprecated


                        public void run(String[] imageFilePaths) throws TskCoreException, TskDataException {

                                run(null, imageFilePaths, 0);

                        }


                        public void run(String deviceId, String[] imageFilePaths) throws TskCoreException, TskDataException {

                                run(deviceId, imageFilePaths, 0);

                        }


                }


        }


        static CaseDbHandle newCaseDb(String path) throws TskCoreException {

                return new CaseDbHandle(path);

        }


        static CaseDbHandle newCaseDb(String databaseName, CaseDbConnectionInfo info) throws TskCoreException {

                return new CaseDbHandle(databaseName, info);

        }


        static CaseDbHandle openCaseDb(String path) throws TskCoreException {

                return new CaseDbHandle(path);

        }


        static CaseDbHandle openCaseDb(String databaseName, CaseDbConnectionInfo info) throws TskCoreException {

                return new CaseDbHandle(databaseName, info);

        }


        public static String getVersion() {

                return getVersionNat();

        }


        public static void startVerboseLogging(String logPath) {

                startVerboseLoggingNat(logPath);

        }


        public static long openImage(String[] imageFiles, SleuthkitCase skCase) throws TskCoreException {

                if (skCase == null) {

                        throw new TskCoreException("SleuthkitCase can not be null");

                }

                return openImage(imageFiles, 0, true, skCase.getCaseHandleIdentifier());

        }


        public static long openImage(String[] imageFiles, int sSize, SleuthkitCase skCase) throws TskCoreException {

                if (skCase == null) {

                        throw new TskCoreException("SleuthkitCase can not be null");

                }

                return openImage(imageFiles, sSize, true, skCase.getCaseHandleIdentifier());

        }


        private static long openImage(String[] imageFiles, int sSize, boolean useCache, String caseIdentifer) throws TskCoreException {

                getTSKReadLock();

                try {

                        long imageHandle;


                        StringBuilder keyBuilder = new StringBuilder();

                        for (int i = 0; i < imageFiles.length; ++i) {

                                keyBuilder.append(imageFiles[i]);

                        }

                        final String imageKey = keyBuilder.toString();


                        synchronized (HandleCache.cacheLock) {

                                String nonNullCaseIdentifer = caseIdentifer;

                                if (nonNullCaseIdentifer == null) {

                                        nonNullCaseIdentifer = HandleCache.getDefaultCaseIdentifier();

                                }


                                // If we're getting a fresh copy and an image with this path is already

                                // in the cache, move the existing cache reference so it won't be used by

                                // any subsequent calls to openImage but will still be valid if any objects

                                // have it cached. This happens in the case where the user adds the same data

                                // source twice (see JIRA-5868).

                                if (!useCache && HandleCache.getCaseHandles(nonNullCaseIdentifer).imageHandleCache.containsKey(imageKey)) {

                                        long tempImageHandle = HandleCache.getCaseHandles(nonNullCaseIdentifer).imageHandleCache.get(imageKey);


                                        // Store the old image handle in a fake path. This way it will no longer be found but will

                                        // still be valid and the image and its file systems will be closed with the case.

                                        String newPath = "Image_" + UUID.randomUUID().toString();

                                        HandleCache.getCaseHandles(nonNullCaseIdentifer).imageHandleCache.put(newPath, tempImageHandle);

                                        HandleCache.getCaseHandles(nonNullCaseIdentifer).imageHandleCache.remove(imageKey);

                                }


                                if (useCache && HandleCache.getCaseHandles(nonNullCaseIdentifer).imageHandleCache.containsKey(imageKey)) //get from cache

                                {

                                        imageHandle = HandleCache.getCaseHandles(nonNullCaseIdentifer).imageHandleCache.get(imageKey);

                                } else {

                                        //open new handle and cache it

                                        imageHandle = openImgNat(imageFiles, imageFiles.length, sSize);

                                        HandleCache.getCaseHandles(nonNullCaseIdentifer).fsHandleCache.put(imageHandle, new HashMap<>());

                                        HandleCache.getCaseHandles(nonNullCaseIdentifer).imageHandleCache.put(imageKey, imageHandle);

                                }

                        }

                        return imageHandle;

                } finally {

                        releaseTSKReadLock();

                }

        }


        private static void cacheImageHandle(SleuthkitCase skCase, List<String> imagePaths, long imageHandle) throws TskCoreException {


                // Construct the hash key from the image paths

                StringBuilder keyBuilder = new StringBuilder();

                for (int i = 0; i < imagePaths.size(); ++i) {

                        keyBuilder.append(imagePaths.get(i));

                }

                final String imageKey = keyBuilder.toString();


                // Get the case identifier

                String caseIdentifier = skCase.getCaseHandleIdentifier();


                synchronized (HandleCache.cacheLock) {

                        HandleCache.getCaseHandles(caseIdentifier).fsHandleCache.put(imageHandle, new HashMap<>());

                        HandleCache.getCaseHandles(caseIdentifier).imageHandleCache.put(imageKey, imageHandle);

                }

        }


        public static Image addImageToDatabase(SleuthkitCase skCase, String[] imagePaths, int sectorSize,

                String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId) throws TskCoreException {


                return addImageToDatabase(skCase, imagePaths, sectorSize, timeZone, md5fromSettings, sha1fromSettings, sha256fromSettings, deviceId, null);

        }


        public static Image addImageToDatabase(SleuthkitCase skCase, String[] imagePaths, int sectorSize,

                String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId, Host host) throws TskCoreException {


                return addImageToDatabase(skCase, imagePaths, sectorSize, timeZone, md5fromSettings, sha1fromSettings, sha256fromSettings, deviceId, null, host);

        }


        @Beta


        public static Image addImageToDatabase(SleuthkitCase skCase, String[] imagePaths, int sectorSize,

                String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId, String password, Host host) throws TskCoreException {


                // Open the image

                long imageHandle = openImgNat(imagePaths, 1, sectorSize);


                // Get the fields stored in the native code

                List<String> computedPaths = Arrays.asList(getPathsForImageNat(imageHandle));

                long size = getSizeForImageNat(imageHandle);

                long type = getTypeForImageNat(imageHandle);

                long computedSectorSize = getSectorSizeForImageNat(imageHandle);

                String md5 = md5fromSettings;

                if (StringUtils.isEmpty(md5)) {

                        md5 = getMD5HashForImageNat(imageHandle);

                }

                String sha1 = sha1fromSettings;

                if (StringUtils.isEmpty(sha1)) {

                        sha1 = getSha1HashForImageNat(imageHandle);

                }

                // Sleuthkit does not currently generate any SHA256 hashes. Set to empty

                // string for consistency.

                String sha256 = sha256fromSettings;

                if (sha256 == null) {

                        sha256 = "";

                }

                String collectionDetails = getCollectionDetailsForImageNat(imageHandle);


                //  Now save to database

                CaseDbTransaction transaction = skCase.beginTransaction();

                try {

                        Image img = skCase.addImage(TskData.TSK_IMG_TYPE_ENUM.valueOf(type), computedSectorSize,

                                size, null, computedPaths,

                                timeZone, md5, sha1, sha256,

                                deviceId, host, password, transaction);

                        if (!StringUtils.isEmpty(collectionDetails)) {

                                skCase.setAcquisitionDetails(img, collectionDetails);

                        }

                        transaction.commit();


                    img.setImageHandle(imageHandle);

                        cacheImageHandle(skCase, computedPaths, imageHandle);

                        return img;

                } catch (TskCoreException ex) {

                        transaction.rollback();

                        throw(ex);

                }

        }


        public static long openVs(long imgHandle, long vsOffset) throws TskCoreException {

                getTSKReadLock();

                try {

                        if(! imgHandleIsValid(imgHandle)) {

                                throw new TskCoreException("Image handle " + imgHandle + " is closed");

                        }

                        return openVsNat(imgHandle, vsOffset);

                } finally {

                        releaseTSKReadLock();

                }

        }


        //get pointers


        public static long openVsPart(long vsHandle, long volId) throws TskCoreException {

                getTSKReadLock();

                try {

                        //returned long is ptr to vs Handle object in tsk

                        return openVolNat(vsHandle, volId);

                } finally {

                        releaseTSKReadLock();

                }

        }


        static long openPool(long imgHandle, long offset, SleuthkitCase skCase) throws TskCoreException {

                getTSKReadLock();

                try {

                        if(! imgHandleIsValid(imgHandle)) {

                                throw new TskCoreException("Image handle " + imgHandle + " is closed");

                        }


                        synchronized (HandleCache.cacheLock) {

                                String caseIdentifier;

                                if (skCase == null) {

                                        caseIdentifier = HandleCache.getDefaultCaseIdentifier();

                                } else {

                                        caseIdentifier = skCase.getCaseHandleIdentifier();

                                }


                                // If a pool handle cache for this image does not exist, make one

                                if (! HandleCache.getCaseHandles(caseIdentifier).poolHandleCache.containsKey(imgHandle)) {

                                        HandleCache.getCaseHandles(caseIdentifier).poolHandleCache.put(imgHandle, new HashMap<>());

                                }


                                // Get the pool handle cache for this image

                                Map<Long, Long> poolCacheForImage = HandleCache.getCaseHandles(caseIdentifier).poolHandleCache.get(imgHandle);


                                if (poolCacheForImage.containsKey(offset)) {

                                        return poolCacheForImage.get(offset);

                                } else {

                                        //returned long is ptr to pool Handle object in tsk

                                        long poolHandle = openPoolNat(imgHandle, offset);

                                        poolCacheForImage.put(offset, poolHandle);

                                        return poolHandle;

                                }

                        }

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static long openFs(long imgHandle, long fsOffset, SleuthkitCase skCase) throws TskCoreException {

                return openFs(imgHandle, fsOffset, "", skCase);

        }


        public static long openFs(long imgHandle, long fsOffset, String password, SleuthkitCase skCase) throws TskCoreException {

                getTSKReadLock();

                try {

                        long fsHandle;

                        synchronized (HandleCache.cacheLock) {

                                String caseIdentifier;

                                if (skCase == null) {

                                        caseIdentifier = HandleCache.getDefaultCaseIdentifier();

                                } else {

                                        caseIdentifier = skCase.getCaseHandleIdentifier();

                                }

                                final Map<Long, Long> imgOffSetToFsHandle = HandleCache.getCaseHandles(caseIdentifier).fsHandleCache.get(imgHandle);

                                if (imgOffSetToFsHandle == null) {

                                        throw new TskCoreException("Missing image offset to file system handle cache for image handle " + imgHandle);

                                }

                                if (imgOffSetToFsHandle.containsKey(fsOffset)) {

                                        //return cached

                                        fsHandle = imgOffSetToFsHandle.get(fsOffset);

                                } else {

                                        fsHandle = openFsDecryptNat(imgHandle, fsOffset, password);

                                        //cache it

                                        imgOffSetToFsHandle.put(fsOffset, fsHandle);

                                }

                        }

                        return fsHandle;

                } finally {

                        releaseTSKReadLock();

                }

        }


        static long openFsPool(long imgHandle, long fsOffset, long poolHandle, long poolBlock, SleuthkitCase skCase) throws TskCoreException {

                /*

                 * Currently, our APFS code is not thread-safe and it is the only code

                 * that uses pools. To prevent crashes, we make any reads to a file system

                 * contained in a pool single-threaded.

                 */

                getTSKWriteLock();

                try {

                        long fsHandle;

                        synchronized (HandleCache.cacheLock) {

                                String caseIdentifier;

                                if (skCase == null) {

                                        caseIdentifier = HandleCache.getDefaultCaseIdentifier();

                                } else {

                                        caseIdentifier = skCase.getCaseHandleIdentifier();

                                }

                                final Map<Long, Long> imgOffSetToFsHandle = HandleCache.getCaseHandles(caseIdentifier).fsHandleCache.get(imgHandle);

                                if (imgOffSetToFsHandle == null) {

                                        throw new TskCoreException("Missing image offset to file system handle cache for image handle " + imgHandle);

                                }


                                if (imgOffSetToFsHandle.containsKey(poolBlock)) {

                                        //return cached

                                        fsHandle = imgOffSetToFsHandle.get(poolBlock);

                                } else {

                                        long poolImgHandle = getImgInfoForPoolNat(poolHandle, poolBlock);

                                        HandleCache.getCaseHandles(caseIdentifier).poolImgCache.add(poolImgHandle);

                                        fsHandle = openFsNat(poolImgHandle, fsOffset);

                                        //cache it

                                        imgOffSetToFsHandle.put(poolBlock, fsHandle);

                                        HandleCache.getCaseHandles(caseIdentifier).poolFsList.add(fsHandle);

                                }

                        }

                        return fsHandle;

                } finally {

                        releaseTSKWriteLock();

                }

        }


        public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, SleuthkitCase skCase) throws TskCoreException {

                /*

                 * NOTE: previously attrId used to be stored in AbstractFile as (signed)

                 * short even though it is stored as uint16 in TSK. In extremely rare

                 * occurrences attrId can be larger than what a signed short can hold

                 * (2^15). Changes were made to AbstractFile to store attrId as integer.

                 * However, a depricated method still exists in AbstractFile to get

                 * attrId as short. In that method we convert attribute ids that are

                 * larger than 32K to a negative number. Therefore if encountered, we

                 * need to convert negative attribute id to uint16 which is what TSK is

                 * using to store attribute id.

                 */

                boolean withinPool = false;

                synchronized (HandleCache.cacheLock) {

                        String caseIdentifier;

                        if (skCase == null) {

                                caseIdentifier = HandleCache.getDefaultCaseIdentifier();

                        } else {

                                caseIdentifier = skCase.getCaseHandleIdentifier();

                        }

                        if (HandleCache.getCaseHandles(caseIdentifier).poolFsList.contains(fsHandle)) {

                                withinPool = true;

                        }

                }


                /*

                 * The current APFS code is not thread-safe. To compensate, we make any

                 * reads to the APFS pool single-threaded by obtaining a write

                 * lock instead of a read lock.

                 */

                if (withinPool) {

                        getTSKWriteLock();

                } else {

                        getTSKReadLock();

                }

                try {

                        long fileHandle = openFileNat(fsHandle, fileId, attrType.getValue(), convertSignedToUnsigned(attrId));

                        synchronized (HandleCache.cacheLock) {

                                String caseIdentifier;

                                if (skCase == null) {

                                        caseIdentifier = HandleCache.getDefaultCaseIdentifier();

                                } else {

                                        caseIdentifier = skCase.getCaseHandleIdentifier();

                                }

                                HandleCache.addFileHandle(caseIdentifier, fileHandle, fsHandle);


                                // If this file is in a pool file system, record it so the locks

                                // can be set appropriately when reading it.

                                if (withinPool) {

                                        HandleCache.poolFileHandles.add(fileHandle);

                                }

                        }

                        return fileHandle;

                } finally {

                        if (withinPool) {

                                releaseTSKWriteLock();

                        } else {

                                releaseTSKReadLock();

                        }

                }

        }


        private static int convertSignedToUnsigned(int val) {

                if (val >= 0) {

                        return val;

                }


                return val & 0xffff;    // convert negative value to positive value

        }


        private static boolean imgHandleIsValid(long imgHandle) {

                synchronized(HandleCache.cacheLock) {

                        return HandleCache.isImageInAnyCache(imgHandle);

                }

        }


        //do reads


        public static int readImg(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                getTSKReadLock();

                try {

                        if(! imgHandleIsValid(imgHandle)) {

                                throw new TskCoreException("Image handle " + imgHandle + " is closed");

                        }

                        //returned byte[] is the data buffer

                        return readImgNat(imgHandle, readBuffer, offset, len);

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static int readVs(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                getTSKReadLock();

                try {

                        return readVsNat(vsHandle, readBuffer, offset, len);

                } finally {

                        releaseTSKReadLock();

                }

        }


        static int readPool(long poolHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                getTSKReadLock();

                try {

                        return readPoolNat(poolHandle, readBuffer, offset, len);

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                getTSKReadLock();

                try {

                        //returned byte[] is the data buffer

                        return readVolNat(volHandle, readBuffer, offset, len);

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static int readFs(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                getTSKReadLock();

                try {

                        //returned byte[] is the data buffer

                        return readFsNat(fsHandle, readBuffer, offset, len);

                } finally {

                        releaseTSKReadLock();

                }

        }


        private enum TSK_FS_FILE_READ_OFFSET_TYPE_ENUM {

                START_OF_FILE(0),

                START_OF_SLACK(1);


                private final int val;


                TSK_FS_FILE_READ_OFFSET_TYPE_ENUM(int val) {

                        this.val = val;

                }


                int getValue() {

                        return val;

                }


        }


        public static int readFile(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                boolean withinPool = false;

                synchronized (HandleCache.cacheLock) {

                        if (HandleCache.poolFileHandles.contains(fileHandle)) {

                                withinPool = true;

                        }

                }


                /*

                 * The current APFS code is not thread-safe. To compensate, we make any

                 * reads to the APFS pool single-threaded by obtaining a write

                 * lock instead of a read lock.

                 */

                if (withinPool) {

                        getTSKWriteLock();

                } else {

                        getTSKReadLock();

                }

                try {

                        if (!HandleCache.isValidFileHandle(fileHandle)) {

                                throw new TskCoreException(HandleCache.INVALID_FILE_HANDLE);

                        }


                        return readFileNat(fileHandle, readBuffer, offset, TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_FILE.getValue(), len);

                } finally {

                        if (withinPool) {

                                releaseTSKWriteLock();

                        } else {

                                releaseTSKReadLock();

                        }

                }

        }


        public static int readFileSlack(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                getTSKReadLock();

                try {

                        if (!HandleCache.isValidFileHandle(fileHandle)) {

                                throw new TskCoreException(HandleCache.INVALID_FILE_HANDLE);

                        }


                        return readFileNat(fileHandle, readBuffer, offset, TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_SLACK.getValue(), len);

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static List<String> getFileMetaDataText(long fileHandle) throws TskCoreException {

                getTSKReadLock();

                try {

                        if (!HandleCache.isValidFileHandle(fileHandle)) {

                                throw new TskCoreException(HandleCache.INVALID_FILE_HANDLE);

                        }


                        try {

                                java.io.File tmp = java.io.File.createTempFile("tsk", ".txt");


                                saveFileMetaDataTextNat(fileHandle, tmp.getAbsolutePath());


                                FileReader fr = new FileReader(tmp.getAbsolutePath());

                                BufferedReader textReader = new BufferedReader(fr);


                                List<String> lines = new ArrayList<String>();

                                while (true) {

                                        String line = textReader.readLine();

                                        if (line == null) {

                                                break;

                                        }

                                        lines.add(line);

                                }

                                textReader.close();

                                fr.close();

                                tmp.delete();

                                return lines;

                        } catch (IOException ex) {

                                throw new TskCoreException("Error reading istat output: " + ex.getLocalizedMessage());

                        }

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static void closeFile(long fileHandle) {

                closeFile(fileHandle, null);

        }


        public static void closeFile(long fileHandle, SleuthkitCase skCase) {

                boolean withinPool = false;

                synchronized (HandleCache.cacheLock) {

                        if (HandleCache.poolFileHandles.contains(fileHandle)) {

                                withinPool = true;

                        }

                }


                /*

                 * The current APFS code is not thread-safe. To compensate, we make any

                 * reads to the APFS pool single-threaded by obtaining a write

                 * lock instead of a read lock.

                 */

                if (withinPool) {

                        getTSKWriteLock();

                } else {

                        getTSKReadLock();

                }

                try {

                        synchronized (HandleCache.cacheLock) {

                                if (!HandleCache.isValidFileHandle(fileHandle)) {

                                        // File handle is not open so this is a no-op.

                                        return;

                                }

                                closeFileNat(fileHandle);

                                HandleCache.removeFileHandle(fileHandle, skCase);

                                if (HandleCache.poolFileHandles.contains(fileHandle)) {

                                        HandleCache.poolFileHandles.remove(fileHandle);

                                }

                        }

                } finally {

                        if (withinPool) {

                                releaseTSKWriteLock();

                        } else {

                                releaseTSKReadLock();

                        }

                }

        }


        public static void createLookupIndexForHashDatabase(int dbHandle) throws TskCoreException {

                hashDbCreateIndexNat(dbHandle);

        }


        public static boolean hashDatabaseHasLookupIndex(int dbHandle) throws TskCoreException {

                return hashDbIndexExistsNat(dbHandle);

        }


        public static boolean hashDatabaseCanBeReindexed(int dbHandle) throws TskCoreException {

                return hashDbIsReindexableNat(dbHandle);

        }


        public static String getHashDatabasePath(int dbHandle) throws TskCoreException {

                return hashDbPathNat(dbHandle);

        }


        public static String getHashDatabaseIndexPath(int dbHandle) throws TskCoreException {

                return hashDbIndexPathNat(dbHandle);

        }


        public static int openHashDatabase(String path) throws TskCoreException {

                return hashDbOpenNat(path);

        }


        public static int createHashDatabase(String path) throws TskCoreException {

                return hashDbNewNat(path);

        }


        public static void closeAllHashDatabases() throws TskCoreException {

                hashDbCloseAll();

        }


        public static void closeHashDatabase(int dbHandle) throws TskCoreException {

                hashDbClose(dbHandle);

        }


        public static String getHashDatabaseDisplayName(int dbHandle) throws TskCoreException {

                return hashDbGetDisplayName(dbHandle);

        }


        public static boolean lookupInHashDatabase(String hash, int dbHandle) throws TskCoreException {

                return hashDbLookup(hash, dbHandle);

        }


        public static HashHitInfo lookupInHashDatabaseVerbose(String hash, int dbHandle) throws TskCoreException {

                return hashDbLookupVerbose(hash, dbHandle);

        }


        public static void addToHashDatabase(String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException {

                hashDbAddEntryNat(filename, md5, sha1, sha256, comment, dbHandle);

        }


        public static void addToHashDatabase(List<HashEntry> hashes, int dbHandle) throws TskCoreException {

                hashDbBeginTransactionNat(dbHandle);

                try {

                        for (HashEntry entry : hashes) {

                                hashDbAddEntryNat(entry.getFileName(), entry.getMd5Hash(), entry.getSha1Hash(), entry.getSha256Hash(), entry.getComment(), dbHandle);

                        }

                        hashDbCommitTransactionNat(dbHandle);

                } catch (TskCoreException ex) {

                        try {

                                hashDbRollbackTransactionNat(dbHandle);

                        } catch (TskCoreException ex2) {

                                ex2.initCause(ex);

                                throw ex2;

                        }

                        throw ex;

                }

        }


        public static boolean isUpdateableHashDatabase(int dbHandle) throws TskCoreException {

                return hashDbIsUpdateableNat(dbHandle);

        }


        public static boolean hashDatabaseIsIndexOnly(int dbHandle) throws TskCoreException {

                return hashDbIsIdxOnlyNat(dbHandle);

        }


        private static String timezoneLongToShort(String timezoneLongForm) {

                if (timezoneLongForm == null || timezoneLongForm.isEmpty()) {

                        return "";

                }


                String timezoneShortForm;

                TimeZone zone = TimeZone.getTimeZone(timezoneLongForm);

                int offset = zone.getRawOffset() / 1000;

                int hour = offset / 3600;

                int min = (offset % 3600) / 60;

                DateFormat dfm = new SimpleDateFormat("z");

                dfm.setTimeZone(zone);

                boolean hasDaylight = zone.useDaylightTime();

                String first = dfm.format(new GregorianCalendar(2010, 1, 1).getTime()).substring(0, 3); // make it only 3 letters code

                String second = dfm.format(new GregorianCalendar(2011, 6, 6).getTime()).substring(0, 3); // make it only 3 letters code

                int mid = hour * -1;

                timezoneShortForm = first + Integer.toString(mid);

                if (min != 0) {

                        timezoneShortForm = timezoneShortForm + ":" + (min < 10 ? "0" : "") + Integer.toString(min);

                }

                if (hasDaylight) {

                        timezoneShortForm += second;

                }

                return timezoneShortForm;

        }


        public static int finishImageWriter(long imgHandle) throws TskCoreException {

                getTSKReadLock();

                try {

                        if(! imgHandleIsValid(imgHandle)) {

                                throw new TskCoreException("Image handle " + imgHandle + " is closed");

                        }

                        return finishImageWriterNat(imgHandle);

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static int getFinishImageProgress(long imgHandle) {

                getTSKReadLock();

                try {

                        if (imgHandleIsValid(imgHandle)) {

                                return getFinishImageProgressNat(imgHandle);

                        } else {

                                return 0;

                        }

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static void cancelFinishImage(long imgHandle) {

                getTSKReadLock();

                try {

                        if (imgHandleIsValid(imgHandle)) {

                                cancelFinishImageNat(imgHandle);

                        }

                } finally {

                        releaseTSKReadLock();

                }

        }


        public static long findDeviceSize(String devPath) throws TskCoreException {

                return findDeviceSizeNat(devPath);

        }


        public static boolean isImageSupported(String imagePath) {

                // isImageSupportedStringNat returns a blank string if the image is supported or

                // an error message if the file systems could not be opened

                return isImageSupportedStringNat(imagePath, "").isBlank();

        }


        public static class TestOpenImageResult {

                boolean testSuccess;

                String message;


                TestOpenImageResult(boolean testSuccess, String message) {

                        this.testSuccess = testSuccess;

                        this.message = message;

                }


                // True if we were able to open at least one file system in the given image


                public boolean wasSuccessful() {

                        return testSuccess;

                }


                // Contains a user-friendly status message. On success, will contain "Image opened successfully".

                // Otherwise it will give our best effort to explain why we were unsuccessful.


                public String getMessage() {

                        return message;

                }


        }


        public static TestOpenImageResult testOpenImage(String imagePath, String password) {

                String resultStr = isImageSupportedStringNat(imagePath, password);

                if (resultStr.isBlank()) {

                        return new TestOpenImageResult(true, "Image opened successfully");

                }

                return new TestOpenImageResult(false, resultStr);

        }


        static long getSleuthkitVersion() {

                return getSleuthkitVersionNat();

        }


        private static void getTSKReadLock() {

                tskLock.readLock().lock();

        }


        private static void releaseTSKReadLock() {

                tskLock.readLock().unlock();

        }


        private static void getTSKWriteLock() {

                tskLock.writeLock().lock();

        }


        private static void releaseTSKWriteLock() {

                tskLock.writeLock().unlock();

        }


        //free pointers

        @Deprecated


        public static void closeImg(long imgHandle) {

                //closeImgNat(imgHandle);

        }


        @Deprecated


        public static void closeVs(long vsHandle) {

                //              closeVsNat(vsHandle);  TODO JIRA-3829

        }


        @Deprecated


        public static void closeFs(long fsHandle) {

                //closeFsNat(fsHandle);

        }


        @Deprecated


        public static long openImage(String[] imageFiles) throws TskCoreException {


                return openImage(imageFiles, 0, true, null);

        }


        @Deprecated


        public static long openImage(String[] imageFiles, int sSize) throws TskCoreException {

                return openImage(imageFiles, sSize, true, null);

        }


        @Deprecated


        public static long openFs(long imgHandle, long fsOffset) throws TskCoreException {

                return openFs(imgHandle, fsOffset, null);

        }


        @Deprecated


        public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException {

                return openFile(fsHandle, fileId, attrType, attrId, null);

        }


        private static native String getVersionNat();


        private static native void startVerboseLoggingNat(String logPath);


        private static native int hashDbOpenNat(String hashDbPath) throws TskCoreException;


        private static native int hashDbNewNat(String hashDbPath) throws TskCoreException;


        private static native int hashDbBeginTransactionNat(int dbHandle) throws TskCoreException;


        private static native int hashDbCommitTransactionNat(int dbHandle) throws TskCoreException;


        private static native int hashDbRollbackTransactionNat(int dbHandle) throws TskCoreException;


        private static native int hashDbAddEntryNat(String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle) throws TskCoreException;


        private static native boolean hashDbIsUpdateableNat(int dbHandle);


        private static native boolean hashDbIsReindexableNat(int dbHandle);


        private static native String hashDbPathNat(int dbHandle);


        private static native String hashDbIndexPathNat(int dbHandle);


        private static native String hashDbGetDisplayName(int dbHandle) throws TskCoreException;


        private static native void hashDbCloseAll() throws TskCoreException;


        private static native void hashDbClose(int dbHandle) throws TskCoreException;


        private static native void hashDbCreateIndexNat(int dbHandle) throws TskCoreException;


        private static native boolean hashDbIndexExistsNat(int dbHandle) throws TskCoreException;


        private static native boolean hashDbIsIdxOnlyNat(int dbHandle) throws TskCoreException;


        private static native boolean hashDbLookup(String hash, int dbHandle) throws TskCoreException;


        private static native HashHitInfo hashDbLookupVerbose(String hash, int dbHandle) throws TskCoreException;


        private static native long initAddImgNat(TskCaseDbBridge dbHelperObj, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;


        private static native long initAddImgNatPassword(TskCaseDbBridge dbHelperObj, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans, String password) throws TskCoreException;


        private static native long initializeAddImgNat(TskCaseDbBridge dbHelperObj, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;


        private static native long initializeAddImgPasswordNat(TskCaseDbBridge dbHelperObj, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans, String password) throws TskCoreException;


        private static native void runOpenAndAddImgNat(long process, String deviceId, String[] imgPath, int splits, String timezone) throws TskCoreException, TskDataException;


        private static native void runAddImgNat(long process, String deviceId, long a_img_info, long image_id, String timeZone, String imageWriterPath) throws TskCoreException, TskDataException;


        private static native void stopAddImgNat(long process) throws TskCoreException;


        private static native long finishAddImgNat(long process) throws TskCoreException;


        private static native long openImgNat(String[] imgPath, int splits, int sSize) throws TskCoreException;


        private static native long openVsNat(long imgHandle, long vsOffset) throws TskCoreException;


        private static native long openVolNat(long vsHandle, long volId) throws TskCoreException;


        private static native long openPoolNat(long imgHandle, long offset) throws TskCoreException;


        private static native long getImgInfoForPoolNat(long poolHandle, long poolOffset) throws TskCoreException;


        private static native long openFsNat(long imgHandle, long fsId) throws TskCoreException;


        private static native long openFsDecryptNat(long imgHandle, long fsId, String password) throws TskCoreException;


        private static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId) throws TskCoreException;


        private static native int readImgNat(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


        private static native int readVsNat(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


        private static native int readPoolNat(long poolHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


        private static native int readVolNat(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


        private static native int readFsNat(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


        private static native int readFileNat(long fileHandle, byte[] readBuffer, long offset, int offset_type, long len) throws TskCoreException;


        private static native int saveFileMetaDataTextNat(long fileHandle, String fileName) throws TskCoreException;


        private static native String[] getPathsForImageNat(long imgHandle);


        private static native long getSizeForImageNat(long imgHandle);


        private static native long getTypeForImageNat(long imgHandle);


        private static native long getSectorSizeForImageNat(long imgHandle);


        private static native String getMD5HashForImageNat(long imgHandle);


        private static native String getSha1HashForImageNat(long imgHandle);


        private static native String getCollectionDetailsForImageNat(long imgHandle);


        private static native void closeImgNat(long imgHandle);


        private static native void closePoolNat(long poolHandle);


        private static native void closeVsNat(long vsHandle);


        private static native void closeFsNat(long fsHandle);


        private static native void closeFileNat(long fileHandle);


        private static native long findDeviceSizeNat(String devicePath) throws TskCoreException;


        private static native String getCurDirNat(long process);


        private static native String isImageSupportedStringNat(String imagePath, String password);


        private static native long getSleuthkitVersionNat();


        private static native int finishImageWriterNat(long a_img_info);


        private static native int getFinishImageProgressNat(long a_img_info);


        private static native void cancelFinishImageNat(long a_img_info);


}


org.sleuthkit.datamodel.CaseDbConnectionInfo
Definition CaseDbConnectionInfo.java:30

org.sleuthkit.datamodel.CaseDbConnectionInfo.getHost
String getHost()
Definition CaseDbConnectionInfo.java:116

org.sleuthkit.datamodel.DefaultAddDataSourceCallbacks
Definition DefaultAddDataSourceCallbacks.java:26

org.sleuthkit.datamodel.HashEntry
Definition HashEntry.java:25

org.sleuthkit.datamodel.HashHitInfo
Definition HashHitInfo.java:28

org.sleuthkit.datamodel.Host
Definition Host.java:26

org.sleuthkit.datamodel.HostManager.newHost
Host newHost(String name)
Definition HostManager.java:65

org.sleuthkit.datamodel.Image
Definition Image.java:39

org.sleuthkit.datamodel.LibraryUtils
Definition LibraryUtils.java:34

org.sleuthkit.datamodel.LibraryUtils.loadSleuthkitJNI
static boolean loadSleuthkitJNI()
Definition LibraryUtils.java:75

org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction
Definition SleuthkitCase.java:14482

org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback
void rollback()
Definition SleuthkitCase.java:14704

org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit
void commit()
Definition SleuthkitCase.java:14657

org.sleuthkit.datamodel.SleuthkitCase
Definition SleuthkitCase.java:110

org.sleuthkit.datamodel.SleuthkitCase.beginTransaction
CaseDbTransaction beginTransaction()
Definition SleuthkitCase.java:3082

org.sleuthkit.datamodel.SleuthkitCase.getHostManager
HostManager getHostManager()
Definition SleuthkitCase.java:670

org.sleuthkit.datamodel.SleuthkitCase.addImage
Image addImage(TskData.TSK_IMG_TYPE_ENUM type, long sectorSize, long size, String displayName, List< String > imagePaths, String timezone, String md5, String sha1, String sha256, String deviceId, CaseDbTransaction transaction)
Definition SleuthkitCase.java:7150

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess
Definition SleuthkitJNI.java:488

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run
void run(String deviceId, String[] imageFilePaths, int sectorSize)
Definition SleuthkitJNI.java:544

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run
void run(String[] imageFilePaths)
Definition SleuthkitJNI.java:698

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.stop
synchronized void stop()
Definition SleuthkitJNI.java:603

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run
void run(String deviceId, String[] imageFilePaths)
Definition SleuthkitJNI.java:717

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.revert
synchronized void revert()
Definition SleuthkitJNI.java:652

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.currentDirectory
synchronized String currentDirectory()
Definition SleuthkitJNI.java:678

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.commit
synchronized long commit()
Definition SleuthkitJNI.java:668

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run
void run(String deviceId, Image image, int sectorSize, AddDataSourceCallbacks addDataSourceCallbacks)
Definition SleuthkitJNI.java:566

org.sleuthkit.datamodel.SleuthkitJNI.TestOpenImageResult
Definition SleuthkitJNI.java:1987

org.sleuthkit.datamodel.SleuthkitJNI.TestOpenImageResult.wasSuccessful
boolean wasSuccessful()
Definition SleuthkitJNI.java:1997

org.sleuthkit.datamodel.SleuthkitJNI.TestOpenImageResult.getMessage
String getMessage()
Definition SleuthkitJNI.java:2003

org.sleuthkit.datamodel.SleuthkitJNI.testOpenImage
static TestOpenImageResult testOpenImage(String imagePath, String password)
Definition SleuthkitJNI.java:2016

org.sleuthkit.datamodel.SleuthkitJNI.openFile
static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId)
Definition SleuthkitJNI.java:2176

org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabaseIndexPath
static String getHashDatabaseIndexPath(int dbHandle)
Definition SleuthkitJNI.java:1736

org.sleuthkit.datamodel.SleuthkitJNI.openFile
static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, SleuthkitCase skCase)
Definition SleuthkitJNI.java:1276

org.sleuthkit.datamodel.SleuthkitJNI.isUpdateableHashDatabase
static boolean isUpdateableHashDatabase(int dbHandle)
Definition SleuthkitJNI.java:1862

org.sleuthkit.datamodel.SleuthkitJNI.isImageSupported
static boolean isImageSupported(String imagePath)
Definition SleuthkitJNI.java:1978

org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabasePath
static String getHashDatabasePath(int dbHandle)
Definition SleuthkitJNI.java:1723

org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles, int sSize)
Definition SleuthkitJNI.java:2138

org.sleuthkit.datamodel.SleuthkitJNI.readFs
static int readFs(long fsHandle, byte[] readBuffer, long offset, long len)
Definition SleuthkitJNI.java:1474

org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase
static void addToHashDatabase(String filename, String md5, String sha1, String sha256, String comment, int dbHandle)
Definition SleuthkitJNI.java:1840

org.sleuthkit.datamodel.SleuthkitJNI.openFs
static long openFs(long imgHandle, long fsOffset)
Definition SleuthkitJNI.java:2157

org.sleuthkit.datamodel.SleuthkitJNI.openHashDatabase
static int openHashDatabase(String path)
Definition SleuthkitJNI.java:1746

org.sleuthkit.datamodel.SleuthkitJNI.addImageToDatabase
static Image addImageToDatabase(SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId)
Definition SleuthkitJNI.java:954

org.sleuthkit.datamodel.SleuthkitJNI.closeAllHashDatabases
static void closeAllHashDatabases()
Definition SleuthkitJNI.java:1769

org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase
static void addToHashDatabase(List< HashEntry > hashes, int dbHandle)
Definition SleuthkitJNI.java:1844

org.sleuthkit.datamodel.SleuthkitJNI.addImageToDatabase
static Image addImageToDatabase(SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId, Host host)
Definition SleuthkitJNI.java:977

org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseIsIndexOnly
static boolean hashDatabaseIsIndexOnly(int dbHandle)
Definition SleuthkitJNI.java:1866

org.sleuthkit.datamodel.SleuthkitJNI.lookupInHashDatabase
static boolean lookupInHashDatabase(String hash, int dbHandle)
Definition SleuthkitJNI.java:1809

org.sleuthkit.datamodel.SleuthkitJNI.createHashDatabase
static int createHashDatabase(String path)
Definition SleuthkitJNI.java:1759

org.sleuthkit.datamodel.SleuthkitJNI.readFileSlack
static int readFileSlack(long fileHandle, byte[] readBuffer, long offset, long len)
Definition SleuthkitJNI.java:1564

org.sleuthkit.datamodel.SleuthkitJNI.openFs
static long openFs(long imgHandle, long fsOffset, SleuthkitCase skCase)
Definition SleuthkitJNI.java:1159

org.sleuthkit.datamodel.SleuthkitJNI.finishImageWriter
static int finishImageWriter(long imgHandle)
Definition SleuthkitJNI.java:1915

org.sleuthkit.datamodel.SleuthkitJNI.readImg
static int readImg(long imgHandle, byte[] readBuffer, long offset, long len)
Definition SleuthkitJNI.java:1379

org.sleuthkit.datamodel.SleuthkitJNI.createLookupIndexForHashDatabase
static void createLookupIndexForHashDatabase(int dbHandle)
Definition SleuthkitJNI.java:1683

org.sleuthkit.datamodel.SleuthkitJNI.readFile
static int readFile(long fileHandle, byte[] readBuffer, long offset, long len)
Definition SleuthkitJNI.java:1517

org.sleuthkit.datamodel.SleuthkitJNI.startVerboseLogging
static void startVerboseLogging(String logPath)
Definition SleuthkitJNI.java:800

org.sleuthkit.datamodel.SleuthkitJNI.readVsPart
static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len)
Definition SleuthkitJNI.java:1450

org.sleuthkit.datamodel.SleuthkitJNI.closeImg
static void closeImg(long imgHandle)
Definition SleuthkitJNI.java:2082

org.sleuthkit.datamodel.SleuthkitJNI.closeFile
static void closeFile(long fileHandle, SleuthkitCase skCase)
Definition SleuthkitJNI.java:1637

org.sleuthkit.datamodel.SleuthkitJNI.closeHashDatabase
static void closeHashDatabase(int dbHandle)
Definition SleuthkitJNI.java:1782

org.sleuthkit.datamodel.SleuthkitJNI.addImageToDatabase
static Image addImageToDatabase(SleuthkitCase skCase, String[] imagePaths, int sectorSize, String timeZone, String md5fromSettings, String sha1fromSettings, String sha256fromSettings, String deviceId, String password, Host host)
Definition SleuthkitJNI.java:1002

org.sleuthkit.datamodel.SleuthkitJNI.openVs
static long openVs(long imgHandle, long vsOffset)
Definition SleuthkitJNI.java:1064

org.sleuthkit.datamodel.SleuthkitJNI.closeVs
static void closeVs(long vsHandle)
Definition SleuthkitJNI.java:2092

org.sleuthkit.datamodel.SleuthkitJNI.readVs
static int readVs(long vsHandle, byte[] readBuffer, long offset, long len)
Definition SleuthkitJNI.java:1406

org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles)
Definition SleuthkitJNI.java:2119

org.sleuthkit.datamodel.SleuthkitJNI.closeFile
static void closeFile(long fileHandle)
Definition SleuthkitJNI.java:1627

org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseHasLookupIndex
static boolean hashDatabaseHasLookupIndex(int dbHandle)
Definition SleuthkitJNI.java:1696

org.sleuthkit.datamodel.SleuthkitJNI.cancelFinishImage
static void cancelFinishImage(long imgHandle)
Definition SleuthkitJNI.java:1952

org.sleuthkit.datamodel.SleuthkitJNI.getFinishImageProgress
static int getFinishImageProgress(long imgHandle)
Definition SleuthkitJNI.java:1934

org.sleuthkit.datamodel.SleuthkitJNI.lookupInHashDatabaseVerbose
static HashHitInfo lookupInHashDatabaseVerbose(String hash, int dbHandle)
Definition SleuthkitJNI.java:1824

org.sleuthkit.datamodel.SleuthkitJNI.openVsPart
static long openVsPart(long vsHandle, long volId)
Definition SleuthkitJNI.java:1088

org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles, int sSize, SleuthkitCase skCase)
Definition SleuthkitJNI.java:835

org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles, SleuthkitCase skCase)
Definition SleuthkitJNI.java:815

org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabaseDisplayName
static String getHashDatabaseDisplayName(int dbHandle)
Definition SleuthkitJNI.java:1795

org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseCanBeReindexed
static boolean hashDatabaseCanBeReindexed(int dbHandle)
Definition SleuthkitJNI.java:1710

org.sleuthkit.datamodel.SleuthkitJNI.getVersion
static String getVersion()
Definition SleuthkitJNI.java:791

org.sleuthkit.datamodel.SleuthkitJNI.closeFs
static void closeFs(long fsHandle)
Definition SleuthkitJNI.java:2103

org.sleuthkit.datamodel.SleuthkitJNI.openFs
static long openFs(long imgHandle, long fsOffset, String password, SleuthkitCase skCase)
Definition SleuthkitJNI.java:1177

org.sleuthkit.datamodel.SleuthkitJNI.getFileMetaDataText
static List< String > getFileMetaDataText(long fileHandle)
Definition SleuthkitJNI.java:1587

org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSize
static long findDeviceSize(String devPath)
Definition SleuthkitJNI.java:1974

org.sleuthkit.datamodel.TskCoreException
Definition TskCoreException.java:25

org.sleuthkit.datamodel.TskDataException
Definition TskDataException.java:24

org.sleuthkit.datamodel.TskData
Definition TskData.java:30

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM
Definition SleuthkitJNI.java:1488

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM
TSK_FS_FILE_READ_OFFSET_TYPE_ENUM(int val)
Definition SleuthkitJNI.java:1494

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_SLACK
START_OF_SLACK
Definition SleuthkitJNI.java:1490

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.getValue
int getValue()
Definition SleuthkitJNI.java:1498

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_FILE
START_OF_FILE
Definition SleuthkitJNI.java:1489

org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM
Definition TskData.java:281

org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM
Definition TskData.java:525

org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.valueOf
static TSK_IMG_TYPE_ENUM valueOf(long imgType)
Definition TskData.java:549

org.sleuthkit.datamodel.AddDataSourceCallbacks
Definition AddDataSourceCallbacks.java:26