Sleuth Kit Java Bindings (JNI) 4.14.0
Java bindings for using The Sleuth Kit
Loading...
Searching...
No Matches
TskData.java
Go to the documentation of this file.
1/*
2 * Sleuth Kit Data Model
3 *
4 * Copyright 2011 Basis Technology Corp.
5 * Contact: carrier <at> sleuthkit <dot> org
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19package org.sleuthkit.datamodel;
20
21import java.text.MessageFormat;
22import java.util.ResourceBundle;
23import java.util.EnumSet;
24import java.util.Set;
25
30public class TskData {
31
32 private final static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
33
38 public enum TSK_FS_NAME_TYPE_ENUM {
39
40 UNDEF(0, "-"),
41 FIFO(1, "p"),
42 CHR(2, "c"),
43 DIR(3, "d"),
44 BLK(4, "b"),
45 REG(5, "r"),
46 LNK(6, "l"),
47 SOCK(7, "s"),
48 SHAD(8, "h"),
49 WHT(9, "w"),
50 VIRT(10, "v"),
51 VIRT_DIR(11, "V");
52
53 private short dirType;
54 String label;
55
56 private TSK_FS_NAME_TYPE_ENUM(int type, String label) {
57 this.dirType = (short) type;
58 this.label = label;
59 }
60
66 public short getValue() {
67 return dirType;
68 }
69
75 public String getLabel() {
76 return this.label;
77 }
78
86 static public TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type) {
87 for (TSK_FS_NAME_TYPE_ENUM v : TSK_FS_NAME_TYPE_ENUM.values()) {
88 if (v.dirType == dir_type) {
89 return v;
90 }
91 }
92 throw new IllegalArgumentException(
93 MessageFormat.format(bundle.getString("TskData.tskFsNameTypeEnum.exception.msg1.text"), dir_type));
94 }
95 }
96
101 public enum TSK_FS_META_TYPE_ENUM {
102
103 TSK_FS_META_TYPE_UNDEF(0, "-"),
104 TSK_FS_META_TYPE_REG(1, "r"),
105 TSK_FS_META_TYPE_DIR(2, "d"),
106 TSK_FS_META_TYPE_FIFO(3, "p"),
107 TSK_FS_META_TYPE_CHR(4, "c"),
108 TSK_FS_META_TYPE_BLK(5, "b"),
109 TSK_FS_META_TYPE_LNK(6, "l"),
110 TSK_FS_META_TYPE_SHAD(7, "s"),
111 TSK_FS_META_TYPE_SOCK(8, "h"),
112 TSK_FS_META_TYPE_WHT(9, "w"),
113 TSK_FS_META_TYPE_VIRT(10, "v"),
114 TSK_FS_META_TYPE_VIRT_DIR(11, "v");
115
116 private short metaType;
117 private String metaTypeStr;
118
119 private TSK_FS_META_TYPE_ENUM(int type, String metaTypeStr) {
120 this.metaType = (short) type;
121 this.metaTypeStr = metaTypeStr;
122 }
123
129 public short getValue() {
130 return metaType;
131 }
132
133 @Override
134 public String toString() {
135 return metaTypeStr;
136 }
137
138 public static TSK_FS_META_TYPE_ENUM valueOf(short metaType) {
139 for (TSK_FS_META_TYPE_ENUM type : TSK_FS_META_TYPE_ENUM.values()) {
140 if (type.getValue() == metaType) {
141 return type;
142 }
143 }
144 throw new IllegalArgumentException(
145 MessageFormat.format(bundle.getString("TskData.tskFsMetaTypeEnum.exception.msg1.text"), metaType));
146 }
147 }
148
154 public enum TSK_FS_NAME_FLAG_ENUM {
155
156 UNKNOWN(0, bundle.getString("TskData.tskFsNameFlagEnum.unknown")),
157 ALLOC(1, bundle.getString("TskData.tskFsNameFlagEnum.allocated")),
158 UNALLOC(2, bundle.getString("TskData.tskFsNameFlagEnum.unallocated"));
159
160 private short dirFlag;
161 private String dirFlagStr;
162
163 private TSK_FS_NAME_FLAG_ENUM(int flag, String dirFlagStr) {
164 this.dirFlag = (short) flag;
165 this.dirFlagStr = dirFlagStr;
166 }
167
173 public short getValue() {
174 return dirFlag;
175 }
176
177 @Override
178 public String toString() {
179 return dirFlagStr;
180 }
181
189 public static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag) {
190 for (TSK_FS_NAME_FLAG_ENUM flag : TSK_FS_NAME_FLAG_ENUM.values()) {
191 if (flag.dirFlag == dirFlag) {
192 return flag;
193 }
194 }
195
196 return TSK_FS_NAME_FLAG_ENUM.UNKNOWN;
197 }
198 }
199
205 public enum TSK_FS_META_FLAG_ENUM {
206
207 UNKNOWN(0, bundle.getString("TskData.tskFsMetaFlagEnum.unknown")),
208 ALLOC(1, bundle.getString("TskData.tskFsMetaFlagEnum.allocated")),
209 UNALLOC(2, bundle.getString("TskData.tskFsMetaFlagEnum.unallocated")),
210 USED(4, bundle.getString("TskData.tskFsMetaFlagEnum.used")),
211 UNUSED(8, bundle.getString("TskData.tskFsMetaFlagEnum.unused")),
212 COMP(16, bundle.getString("TskData.tskFsMetaFlagEnum.compressed")),
213 ORPHAN(32, bundle.getString("TskData.tskFsMetaFlagEnum.orphan"));
214
215 private short meta_flag;
216 private String label;
217
218 private TSK_FS_META_FLAG_ENUM(int flag, String label) {
219 this.meta_flag = (short) flag;
220 this.label = label;
221 }
222
228 public short getValue() {
229 return meta_flag;
230 }
231
237 @Override
238 public String toString() {
239 return label;
240 }
241
249 public static Set<TSK_FS_META_FLAG_ENUM> valuesOf(short metaFlags) {
250 Set<TSK_FS_META_FLAG_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_FLAG_ENUM.class);
251
252 if (metaFlags == TSK_FS_META_FLAG_ENUM.UNKNOWN.getValue()) {
253 matchedFlags.add(TSK_FS_META_FLAG_ENUM.UNKNOWN);
254 return matchedFlags;
255 }
256
257 for (TSK_FS_META_FLAG_ENUM v : TSK_FS_META_FLAG_ENUM.values()) {
258 long flag = v.getValue();
259
260 if ((metaFlags & flag) == flag) {
261 matchedFlags.add(v);
262 }
263 }
264
265 return matchedFlags;
266 }
267
268 public static short toInt(Set<TSK_FS_META_FLAG_ENUM> metaFlags) {
269 short val = 0;
270 for (TSK_FS_META_FLAG_ENUM flag : metaFlags) {
271 val |= flag.getValue();
272 }
273 return val;
274 }
275 }
276
281 public enum TSK_FS_ATTR_TYPE_ENUM {
282
283 TSK_FS_ATTR_TYPE_NOT_FOUND(0x00), // 0
284 TSK_FS_ATTR_TYPE_DEFAULT(0x01), // 1
285 TSK_FS_ATTR_TYPE_NTFS_SI(0x10), // 16
286 TSK_FS_ATTR_TYPE_NTFS_ATTRLIST(0x20), // 32
287 TSK_FS_ATTR_TYPE_NTFS_FNAME(0x30), // 48
288 TSK_FS_ATTR_TYPE_NTFS_VVER(0x40), // 64 (NT)
289 TSK_FS_ATTR_TYPE_NTFS_OBJID(0x40), // 64 (2K)
290 TSK_FS_ATTR_TYPE_NTFS_SEC(0x50), // 80
291 TSK_FS_ATTR_TYPE_NTFS_VNAME(0x60), // 96
292 TSK_FS_ATTR_TYPE_NTFS_VINFO(0x70), // 112
293 TSK_FS_ATTR_TYPE_NTFS_DATA(0x80), // 128
294 TSK_FS_ATTR_TYPE_NTFS_IDXROOT(0x90), // 144
295 TSK_FS_ATTR_TYPE_NTFS_IDXALLOC(0xA0), // 160
296 TSK_FS_ATTR_TYPE_NTFS_BITMAP(0xB0), // 176
297 TSK_FS_ATTR_TYPE_NTFS_SYMLNK(0xC0), // 192 (NT)
298 TSK_FS_ATTR_TYPE_NTFS_REPARSE(0xC0), // 192 (2K)
299 TSK_FS_ATTR_TYPE_NTFS_EAINFO(0xD0), // 208
300 TSK_FS_ATTR_TYPE_NTFS_EA(0xE0), // 224
301 TSK_FS_ATTR_TYPE_NTFS_PROP(0xF0), // (NT)
302 TSK_FS_ATTR_TYPE_NTFS_LOG(0x100), // (2K)
303 TSK_FS_ATTR_TYPE_UNIX_INDIR(0x1001), // Indirect blocks for UFS and ExtX file systems
304
305 // Types for HFS+ File Attributes
306 TSK_FS_ATTR_TYPE_HFS_DEFAULT(0x01), // 1 Data fork of fs special files and misc
307 TSK_FS_ATTR_TYPE_HFS_DATA(0x1100), // 4352 Data fork of regular files
308 TSK_FS_ATTR_TYPE_HFS_RSRC(0x1101), // 4353 Resource fork of regular files
309 TSK_FS_ATTR_TYPE_HFS_EXT_ATTR(0x1102), // 4354 Extended Attributes) except compression records
310 TSK_FS_ATTR_TYPE_HFS_COMP_REC(0x1103); // 4355 Compression records
311
312 private int val;
313
314 private TSK_FS_ATTR_TYPE_ENUM(int val) {
315 this.val = val;
316 }
317
318 public int getValue() {
319 return val;
320 }
321
322 public static TSK_FS_ATTR_TYPE_ENUM valueOf(int val) {
323 for (TSK_FS_ATTR_TYPE_ENUM type : TSK_FS_ATTR_TYPE_ENUM.values()) {
324 if (type.val == val) {
325 return type;
326 }
327 }
328 throw new IllegalArgumentException(
329 MessageFormat.format(bundle.getString("TskData.tskFsAttrTypeEnum.exception.msg1.text"), val));
330 }
331 };
332
337 public enum TSK_VS_PART_FLAG_ENUM {
338
339 TSK_VS_PART_FLAG_ALLOC(1),
340 TSK_VS_PART_FLAG_UNALLOC(2),
341 TSK_VS_PART_FLAG_META(4),
342 TSK_VS_PART_FLAG_ALL(7);
343
344 private long vs_flag;
345
346 private TSK_VS_PART_FLAG_ENUM(long flag) {
347 vs_flag = flag;
348 }
349
355 public long getVsFlag() {
356 return vs_flag;
357 }
358
359 }
360
365 public enum TSK_FS_META_MODE_ENUM {
366 /*
367 * The following describe the file permissions
368 */
369
370 TSK_FS_META_MODE_ISUID(0004000),
371 TSK_FS_META_MODE_ISGID(0002000),
372 TSK_FS_META_MODE_ISVTX(0001000),
373
374 TSK_FS_META_MODE_IRUSR(0000400),
375 TSK_FS_META_MODE_IWUSR(0000200),
376 TSK_FS_META_MODE_IXUSR(0000100),
377
378 TSK_FS_META_MODE_IRGRP(0000040),
379 TSK_FS_META_MODE_IWGRP(0000020),
380 TSK_FS_META_MODE_IXGRP(0000010),
381
382 TSK_FS_META_MODE_IROTH(0000004),
383 TSK_FS_META_MODE_IWOTH(0000002),
384 TSK_FS_META_MODE_IXOTH(0000001);
385
386 private short mode;
387
388 private TSK_FS_META_MODE_ENUM(int mode) {
389 this.mode = (short) mode;
390 }
391
397 public short getMode() {
398 return mode;
399 }
400
409 public static Set<TSK_FS_META_MODE_ENUM> valuesOf(short modes) {
410 Set<TSK_FS_META_MODE_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_MODE_ENUM.class);
411
412 for (TSK_FS_META_MODE_ENUM v : TSK_FS_META_MODE_ENUM.values()) {
413 long flag = v.getMode();
414
415 if ((modes & flag) == flag) {
416 matchedFlags.add(v);
417 }
418 }
419
420 return matchedFlags;
421 }
422
428 public static short toInt(Set<TSK_FS_META_MODE_ENUM> modes) {
429 short modesInt = 0;
430 for (TSK_FS_META_MODE_ENUM mode : modes) {
431 modesInt |= mode.getMode();
432 }
433 return modesInt;
434 }
435 };
436
441 public enum TSK_FS_TYPE_ENUM {
442 TSK_FS_TYPE_DETECT(0x00000000, bundle.getString("TskData.tskFsTypeEnum.autoDetect")),
443 TSK_FS_TYPE_NTFS(0x00000001, "NTFS"),
444 TSK_FS_TYPE_NTFS_DETECT(0x00000001, bundle.getString("TskData.tskFsTypeEnum.NTFSautoDetect")),
445 TSK_FS_TYPE_FAT12(0x00000002, "FAT12"),
446 TSK_FS_TYPE_FAT16(0x00000004, "FAT16"),
447 TSK_FS_TYPE_FAT32(0x00000008, "FAT32"),
448 TSK_FS_TYPE_EXFAT(0x0000000A, "ExFAT"),
449 TSK_FS_TYPE_FAT_DETECT(0x0000000e, bundle.getString("TskData.tskFsTypeEnum.FATautoDetect")),
450 TSK_FS_TYPE_FFS1(0x00000010, "UFS1"),
451 TSK_FS_TYPE_FFS1B(0x00000020, "UFS1b"),
452 TSK_FS_TYPE_FFS2(0x00000040, "UFS2"),
453 TSK_FS_TYPE_FFS_DETECT(0x00000070, "UFS"),
454 TSK_FS_TYPE_EXT2(0x00000080, "Ext2"),
455 TSK_FS_TYPE_EXT3(0x00000100, "Ext3"),
456 TSK_FS_TYPE_EXT_DETECT(0x00000180, bundle.getString("TskData.tskFsTypeEnum.ExtXautoDetect")),
457 TSK_FS_TYPE_SWAP(0x00000200, "SWAP"),
458 TSK_FS_TYPE_SWAP_DETECT(0x00000200, bundle.getString("TskData.tskFsTypeEnum.SWAPautoDetect")),
459 TSK_FS_TYPE_RAW(0x00000400, "RAW"),
460 TSK_FS_TYPE_RAW_DETECT(0x00000400, bundle.getString("TskData.tskFsTypeEnum.RAWautoDetect")),
461 TSK_FS_TYPE_ISO9660(0x00000800, "ISO9660"),
462 TSK_FS_TYPE_ISO9660_DETECT(0x00000800, bundle.getString("TskData.tskFsTypeEnum.ISO9660autoDetect")),
463 TSK_FS_TYPE_HFS(0x00001000, "HFS"),
464 TSK_FS_TYPE_HFS_DETECT(0x00001000, bundle.getString("TskData.tskFsTypeEnum.HFSautoDetect")),
465 TSK_FS_TYPE_EXT4(0x00002000, "Ext4"),
466 TSK_FS_TYPE_YAFFS2(0x00004000, "YAFFS2"),
467 TSK_FS_TYPE_YAFFS2_DETECT(0x00004000, bundle.getString("TskData.tskFsTypeEnum.YAFFS2autoDetect")),
468 TSK_FS_TYPE_APFS(0x00010000, "APFS"),
469 TSK_FS_TYPE_APFS_DETECT(0x00010000, bundle.getString("TskData.tskFsTypeEnum.APFSautoDetect")),
470 TSK_FS_TYPE_BTRFS(0x00040000, "BTRFS"),
471 TSK_FS_TYPE_BTRFS_DETECT(0x00040000, "BTRFSAutoDetect"),
472 TSK_FS_TYPE_LOGICAL(0x00020000, "Logical"),
473 TSK_FS_TYPE_UNSUPP(0xffffffff, bundle.getString("TskData.tskFsTypeEnum.unsupported"));
474
475 private int value;
476 private String displayName;
477
478 private TSK_FS_TYPE_ENUM(int value, String displayName) {
479 this.value = value;
480 this.displayName = displayName;
481 }
482
488 public int getValue() {
489 return value;
490 }
491
497 public String getDisplayName() {
498 return displayName;
499 }
500
509 public static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue) {
510 for (TSK_FS_TYPE_ENUM type : TSK_FS_TYPE_ENUM.values()) {
511 if (type.value == fsTypeValue) {
512 return type;
513 }
514 }
515 throw new IllegalArgumentException(
516 MessageFormat.format(bundle.getString("TskData.tskFsTypeEnum.exception.msg1.text"), fsTypeValue));
517 }
518
519 };
520
525 public enum TSK_IMG_TYPE_ENUM {
526
527 TSK_IMG_TYPE_DETECT(0, bundle.getString("TskData.tskImgTypeEnum.autoDetect")), // Auto Detection
528 TSK_IMG_TYPE_RAW_SING(1, bundle.getString("TskData.tskImgTypeEnum.rawSingle")), // Single raw file (dd)
529 TSK_IMG_TYPE_RAW_SPLIT(2, bundle.getString("TskData.tskImgTypeEnum.rawSplit")), // Split raw files
530 TSK_IMG_TYPE_AFF_AFF(4, "AFF"), // Advanced Forensic Format NON-NLS
531 TSK_IMG_TYPE_AFF_AFD(8, "AFD"), // AFF Multiple File NON-NLS
532 TSK_IMG_TYPE_AFF_AFM(16, "AFM"), // AFF with external metadata NON-NLS
533 TSK_IMG_TYPE_AFF_ANY(32, "AFF"), // All AFFLIB image formats (including beta ones) NON-NLS
534 TSK_IMG_TYPE_EWF_EWF(64, "E01"), // Expert Witness format (encase) NON-NLS
535 TSK_IMG_TYPE_VMDK_VMDK(128, "VMDK"), // VMware Virtual Disk (VMDK) NON-NLS
536 TSK_IMG_TYPE_VHD_VHD(256, "VHD"), // Virtual Hard Disk (VHD) image format NON-NLS
537 TSK_IMG_TYPE_POOL_POOL(16384, "POOL"), // Pool (internal use) NON-NLS
538 TSK_IMG_TYPE_LOGICAL(32768, "Logical"),
539 TSK_IMG_TYPE_UNSUPP(65535, bundle.getString("TskData.tskImgTypeEnum.unknown")); // Unsupported Image Type
540
541 private long imgType;
542 private String name;
543
544 private TSK_IMG_TYPE_ENUM(long type, String name) {
545 this.imgType = type;
546 this.name = name;
547 }
548
549 public static TSK_IMG_TYPE_ENUM valueOf(long imgType) {
550 for (TSK_IMG_TYPE_ENUM type : TSK_IMG_TYPE_ENUM.values()) {
551 if (type.getValue() == imgType) {
552 return type;
553 }
554 }
555 throw new IllegalArgumentException(
556 MessageFormat.format(bundle.getString("TskData.tskImgTypeEnum.exception.msg1.text"), imgType));
557 }
558
564 public long getValue() {
565 return imgType;
566 }
567
573 public String getName() {
574 return name;
575 }
576 };
577
582 public enum TSK_VS_TYPE_ENUM {
583
584 TSK_VS_TYPE_DETECT(0x0000, bundle.getString("TskData.tskVSTypeEnum.autoDetect")),
585 TSK_VS_TYPE_DOS(0x0001, "DOS"),
586 TSK_VS_TYPE_BSD(0x0002, "BSD"),
587 TSK_VS_TYPE_SUN(0x0004, "SUN VTOC"),
588 TSK_VS_TYPE_MAC(0x0008, "Mac"),
589 TSK_VS_TYPE_GPT(0x0010, "GPT"),
590 TSK_VS_TYPE_APFS(0x0020, "APFS"),
591 TSK_VS_TYPE_LVM(0x0030, "LVM"),
592 TSK_VS_TYPE_DBFILLER(0x00F0, bundle.getString("TskData.tskVSTypeEnum.fake")),
593 TSK_VS_TYPE_UNSUPP(0xFFFF, bundle.getString("TskData.tskVSTypeEnum.unsupported"));
594
595 private long vsType;
596 private String name;
597
598 private TSK_VS_TYPE_ENUM(long type, String name) {
599 this.vsType = type;
600 this.name = name;
601 }
602
603 public static TSK_VS_TYPE_ENUM valueOf(long vsType) {
604 for (TSK_VS_TYPE_ENUM type : TSK_VS_TYPE_ENUM.values()) {
605 if (type.getVsType() == vsType) {
606 return type;
607 }
608 }
609 throw new IllegalArgumentException(
610 MessageFormat.format(bundle.getString("TskData.tskVSTypeEnum.exception.msg1.text"), vsType));
611 }
612
618 public long getVsType() {
619 return vsType;
620 }
621
627 public String getName() {
628 return name;
629 }
630 };
631
636 public enum ObjectType {
637
638 IMG(0, bundle.getString("TskData.ObjectType.IMG.name")),
639 VS(1, bundle.getString("TskData.ObjectType.VS.name")),
640 VOL(2, bundle.getString("TskData.ObjectType.VOL.name")),
641 FS(3, bundle.getString("TskData.ObjectType.FS.name")),
642 ABSTRACTFILE(4, bundle.getString("TskData.ObjectType.AbstractFile.name")),
643 ARTIFACT(5, bundle.getString("TskData.ObjectType.Artifact.name")),
644 REPORT(6, bundle.getString("TskData.ObjectType.Report.name")),
645 POOL(7, bundle.getString("TskData.ObjectType.Pool.name")),
646 OS_ACCOUNT(8, bundle.getString("TskData.ObjectType.OsAccount.name")),
647 HOST_ADDRESS(9, bundle.getString("TskData.ObjectType.HostAddress.name")),
648 UNSUPPORTED(-1, bundle.getString("TskData.ObjectType.Unsupported.name"))
649 ;
650 private final short objectType;
651 private final String displayName;
652
653 private ObjectType(int objectType, String displayName) {
654 this.objectType = (short) objectType;
655 this.displayName = displayName;
656 }
657
663 public short getObjectType() {
664 return objectType;
665 }
666
667 @Override
668 public String toString() {
669 return displayName;
670 }
671
679 public static ObjectType valueOf(short objectType) {
680 for (ObjectType v : ObjectType.values()) {
681 if (v.objectType == objectType) {
682 return v;
683 }
684 }
685 return UNSUPPORTED;
686 }
687 }
688
693 public enum TSK_DB_FILES_TYPE_ENUM {
694
695 FS(0, "File System"),
696 CARVED(1, "Carved"),
697 DERIVED(2, "Derived"),
698 LOCAL(3, "Local"),
699 UNALLOC_BLOCKS(4, "Unallocated Blocks"),
700 UNUSED_BLOCKS(5, "Unused Blocks"),
701 VIRTUAL_DIR(6, "Virtual Directory"),
702 SLACK(7, "Slack"),
703 LOCAL_DIR(8, "Local Directory"),
704 LAYOUT_FILE(9, "Layout File"),
705 ;
706
707 private final short fileType;
708 private final String name;
709
710 private TSK_DB_FILES_TYPE_ENUM(int fileType, String name) {
711 this.fileType = (short) fileType;
712 this.name = name;
713 }
714
722 public static TSK_DB_FILES_TYPE_ENUM valueOf(short fileType) {
723 for (TSK_DB_FILES_TYPE_ENUM type : TSK_DB_FILES_TYPE_ENUM.values()) {
724 if (type.fileType == fileType) {
725 return type;
726 }
727 }
728 throw new IllegalArgumentException(
729 MessageFormat.format(bundle.getString("TskData.tskDbFilesTypeEnum.exception.msg1.text"), fileType));
730 }
731
737 public short getFileType() {
738 return fileType;
739 }
740
741 public String getName() {
742 return name;
743 }
744 }
745
750 public enum TSK_POOL_TYPE_ENUM {
751 TSK_POOL_TYPE_DETECT(0, "Auto detect"),
752 TSK_POOL_TYPE_APFS(1, "APFS Pool"),
753 TSK_POOL_TYPE_LVM(2, "LVM Pool"),
754 TSK_POOL_TYPE_UNSUPP(0xffff, "Unsupported")
755 ;
756
757 private final short poolType;
758 private final String name;
759
760 TSK_POOL_TYPE_ENUM(int poolType, String name) {
761 this.poolType = (short) poolType;
762 this.name = name;
763 }
764
772 public static TSK_POOL_TYPE_ENUM valueOf(long poolType) {
773 for (TSK_POOL_TYPE_ENUM type : TSK_POOL_TYPE_ENUM.values()) {
774 if (type.poolType == poolType) {
775 return type;
776 }
777 }
778 throw new IllegalArgumentException(
779 MessageFormat.format(bundle.getString("TskData.tskDbFilesTypeEnum.exception.msg1.text"), poolType)); // TODO
780 }
781
787 public short getValue() {
788 return poolType;
789 }
790
791 public String getName() {
792 return name;
793 }
794 }
795
800 public enum FileKnown {
801
802 UNKNOWN(0, bundle.getString("TskData.fileKnown.unknown")),
803 KNOWN(1, bundle.getString("TskData.fileKnown.known")),
804 BAD(2, bundle.getString("TskData.fileKnown.knownBad"));
805
806 private byte known;
807 private String name;
808
809 private FileKnown(int known, String name) {
810 this.known = (byte) known;
811 this.name = name;
812 }
813
821 public static FileKnown valueOf(byte known) {
822 for (FileKnown v : FileKnown.values()) {
823 if (v.known == known) {
824 return v;
825 }
826 }
827 throw new IllegalArgumentException(
828 MessageFormat.format(bundle.getString("TskData.fileKnown.exception.msg1.text"), known));
829 }
830
831 public String getName() {
832 return this.name;
833 }
834
840 public byte getFileKnownValue() {
841 return this.known;
842 }
843 }
844
849 public enum TagType {
850
851 UNKNOWN(0, bundle.getString("TskData.tagType.unknown")), // does not change score
852 KNOWN(1, bundle.getString("TskData.tagType.known")), // does not change score
853 BAD(2, bundle.getString("TskData.tagType.knownBad")), // changes score to "notable"
854 SUSPICIOUS(3, bundle.getString("TskData.tagType.suspicious")); // changes score to "likely notable"
855
856 private byte type;
857 private String name;
858
859 private TagType(int type, String name) {
860 this.type = (byte) type;
861 this.name = name;
862 }
863
873 public static FileKnown convertTagTypeToFileKnown(TagType tagType) {
874 switch (tagType) {
875 case BAD:
876 return FileKnown.BAD;
877 case KNOWN:
878 return FileKnown.KNOWN;
879 case UNKNOWN:
880 case SUSPICIOUS:
881 return FileKnown.UNKNOWN; // supporting legacy behavior
882 }
883
884 throw new IllegalArgumentException(
885 MessageFormat.format(bundle.getString("TskData.tagType.exception.msg1.text"), tagType));
886 }
887
897 public static TagType convertFileKnownToTagType(FileKnown fileKnown) {
898 switch (fileKnown) {
899 case BAD:
900 return TagType.BAD;
901 case KNOWN:
902 return TagType.KNOWN;
903 case UNKNOWN:
904 // Autopsy should use TagType.SUSPICIOUS instead of TagType.UNKNOWN.
905 // Tagging something as SUSPICIOUS will cause the underlying TSK score
906 // to be chnaged to SCORE_LIKELY_NOTABLE, whereas UNKNOWN
907 // does not change the underlying TSK score.
908 return TagType.SUSPICIOUS;
909 }
910
911 throw new IllegalArgumentException(
912 MessageFormat.format(bundle.getString("TskData.fileKnown.exception.msg1.text"), fileKnown));
913 }
914
922 public static TagType valueOf(byte type) {
923 for (TagType v : TagType.values()) {
924 if (v.type == type) {
925 return v;
926 }
927 }
928 throw new IllegalArgumentException(
929 MessageFormat.format(bundle.getString("TskData.tagType.exception.msg1.text"), type));
930 }
931
932 public String getName() {
933 return this.name;
934 }
935
941 public byte getTagTypeValue() {
942 return this.type;
943 }
944 }
945
950 public enum DbType {
951
952 // Add any additional remote database types here, and keep it in sync
953 // with the Sleuthkit version of this enum located at:
954 // sleuthkit/tsk/auto/db_connection_info.h
955 // Be sure to add to settingsValid() if you add a type here.
956 SQLITE(0),
957 POSTGRESQL(1);
958
959 private int value;
960
961 DbType(int val) {
962 this.value = val;
963 }
964
965 public int getValue() {
966 return this.value;
967 }
968 }
969
977 public enum EncodingType{
978 // Update EncodedFileUtil.java to handle any new types
979 NONE(0),
980 XOR1(1);
981
982 private final int type;
983
984 private EncodingType(int type){
985 this.type = type;
986 }
987
988 public int getType(){
989 return type;
990 }
991
992 public static EncodingType valueOf(int type) {
993 for (EncodingType v : EncodingType.values()) {
994 if (v.type == type) {
995 return v;
996 }
997 }
998 throw new IllegalArgumentException(
999 MessageFormat.format(bundle.getString("TskData.encodingType.exception.msg1.text"), type));
1000 }
1001 }
1002
1007 public enum CollectedStatus{
1008
1009 UNKNOWN(0),
1010 NO_SAVE_ERROR(1),
1011 NO_EMPTY_FILE(2),
1012 NO_NOT_FOUND(3),
1013 NO_UNRESOLVED(4),
1014 NO_READ_ERROR(5),
1015 NO_READ_ERROR_PARTIAL(6),
1016 NO_NOT_ATTEMPTED(7),
1017 NO_NOT_REGULAR_FILE(8),
1018 NO_FILE_TOO_LARGE(9),
1019 NO_ONLY_HASH_COLLECTED(10),
1020 NO_UNSUPPORTED_COMPRESSION(11),
1021 YES_TSK(12),
1022 YES_REPO(13);
1023
1024 private final int type;
1025
1026 private CollectedStatus(int type){
1027 this.type = type;
1028 }
1029
1030 public int getType(){
1031 return type;
1032 }
1033
1034 public static CollectedStatus valueOf(int type) {
1035 for (CollectedStatus v : CollectedStatus.values()) {
1036 if (v.type == type) {
1037 return v;
1038 }
1039 }
1040 throw new IllegalArgumentException(
1041 MessageFormat.format(bundle.getString("TskData.collectedStatus.exception.msg1.text"), type));
1042 }
1043 }
1044
1048 public enum KeywordSearchQueryType {
1049 LITERAL(0),
1050 SUBSTRING(1),
1051 REGEX(2);
1052
1053 private final int type;
1054
1055 private KeywordSearchQueryType(int type){
1056 this.type = type;
1057 }
1058
1059 public int getType(){
1060 return type;
1061 }
1062
1063 public static KeywordSearchQueryType valueOf(int type) {
1064 for (KeywordSearchQueryType v : KeywordSearchQueryType.values()) {
1065 if (v.type == type) {
1066 return v;
1067 }
1068 }
1069 throw new IllegalArgumentException(
1070 MessageFormat.format(bundle.getString("TskData.keywordSearchQueryType.exception.msg1.text"), type));
1071 }
1072 };
1073
1074
1075}
org.sleuthkit.datamodel.TskData.CollectedStatus.valueOf
static CollectedStatus valueOf(int type)
Definition TskData.java:1034
org.sleuthkit.datamodel.TskData.EncodingType.valueOf
static EncodingType valueOf(int type)
Definition TskData.java:992
org.sleuthkit.datamodel.TskData.FileKnown.valueOf
static FileKnown valueOf(byte known)
Definition TskData.java:821
org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN
UNKNOWN
File marked as unknown by hash db.
Definition TskData.java:802
org.sleuthkit.datamodel.TskData.FileKnown.KNOWN
KNOWN
File marked as a type by hash db.
Definition TskData.java:803
org.sleuthkit.datamodel.TskData.FileKnown.BAD
BAD
File marked as bad by hash db.
Definition TskData.java:804
org.sleuthkit.datamodel.TskData.KeywordSearchQueryType.valueOf
static KeywordSearchQueryType valueOf(int type)
Definition TskData.java:1063
org.sleuthkit.datamodel.TskData.ObjectType.valueOf
static ObjectType valueOf(short objectType)
Definition TskData.java:679
org.sleuthkit.datamodel.TskData.ObjectType.REPORT
REPORT
Artifact - see blackboard_artifacts for more details.
Definition TskData.java:644
org.sleuthkit.datamodel.TskData.ObjectType.VOL
VOL
Volume - see tsk_vs_parts for more details.
Definition TskData.java:640
org.sleuthkit.datamodel.TskData.ObjectType.IMG
IMG
Disk Image - see tsk_image_info for more details.
Definition TskData.java:638
org.sleuthkit.datamodel.TskData.ObjectType.OS_ACCOUNT
OS_ACCOUNT
OS Account - see tsk_os_accounts for more details.
Definition TskData.java:646
org.sleuthkit.datamodel.TskData.ObjectType.VS
VS
Volume System - see tsk_vs_info for more details.
Definition TskData.java:639
org.sleuthkit.datamodel.TskData.ObjectType.FS
FS
File System - see tsk_fs_info for more details.
Definition TskData.java:641
org.sleuthkit.datamodel.TskData.ObjectType.HOST_ADDRESS
HOST_ADDRESS
Host Address - see tsk_host_addresses for more details.
Definition TskData.java:647
org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE
ABSTRACTFILE
File - see tsk_files for more details.
Definition TskData.java:642
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE
LAYOUT_FILE
Set of blocks from an image that have been designated as a file.
Definition TskData.java:704
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.getFileType
short getFileType()
Definition TskData.java:737
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS
FS
File that can be found in file system tree.
Definition TskData.java:695
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED
CARVED
Set of blocks for a file found from carving. Could be on top of a TSK_DB_FILES_TYPE_UNALLOC_BLOCKS ra...
Definition TskData.java:696
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.SLACK
SLACK
Slack space for a single file.
Definition TskData.java:702
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR
LOCAL_DIR
Local directory that was added (not from a disk image).
Definition TskData.java:703
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL
LOCAL
Local file that was added (not from a disk image).
Definition TskData.java:698
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.getName
String getName()
Definition TskData.java:741
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR
VIRTUAL_DIR
Virtual directory (not on fs) with no meta-data entry that can be used to group files of types other ...
Definition TskData.java:701
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED
DERIVED
File derived from a parent file (i.e. from ZIP).
Definition TskData.java:697
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS
UNUSED_BLOCKS
Set of blocks that are unallocated AND not used by a carved or other file type. Parent should be UNAL...
Definition TskData.java:700
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.valueOf
static TSK_DB_FILES_TYPE_ENUM valueOf(short fileType)
Definition TskData.java:722
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS
UNALLOC_BLOCKS
Set of blocks not allocated by file system. Parent should be image, volume, or file system....
Definition TskData.java:699
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NOT_FOUND
TSK_FS_ATTR_TYPE_NOT_FOUND
Definition TskData.java:283
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VINFO
TSK_FS_ATTR_TYPE_NTFS_VINFO
Definition TskData.java:292
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SI
TSK_FS_ATTR_TYPE_NTFS_SI
Definition TskData.java:285
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_BITMAP
TSK_FS_ATTR_TYPE_NTFS_BITMAP
Definition TskData.java:296
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_EA
TSK_FS_ATTR_TYPE_NTFS_EA
Definition TskData.java:300
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_ATTRLIST
TSK_FS_ATTR_TYPE_NTFS_ATTRLIST
Definition TskData.java:286
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_DEFAULT
TSK_FS_ATTR_TYPE_DEFAULT
Definition TskData.java:284
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_OBJID
TSK_FS_ATTR_TYPE_NTFS_OBJID
Definition TskData.java:289
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_LOG
TSK_FS_ATTR_TYPE_NTFS_LOG
Definition TskData.java:302
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_FNAME
TSK_FS_ATTR_TYPE_NTFS_FNAME
Definition TskData.java:287
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_EAINFO
TSK_FS_ATTR_TYPE_NTFS_EAINFO
Definition TskData.java:299
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VNAME
TSK_FS_ATTR_TYPE_NTFS_VNAME
Definition TskData.java:291
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_REPARSE
TSK_FS_ATTR_TYPE_NTFS_REPARSE
Definition TskData.java:298
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_UNIX_INDIR
TSK_FS_ATTR_TYPE_UNIX_INDIR
Definition TskData.java:303
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf
static TSK_FS_ATTR_TYPE_ENUM valueOf(int val)
Definition TskData.java:322
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SYMLNK
TSK_FS_ATTR_TYPE_NTFS_SYMLNK
Definition TskData.java:297
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_IDXROOT
TSK_FS_ATTR_TYPE_NTFS_IDXROOT
Definition TskData.java:294
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_SEC
TSK_FS_ATTR_TYPE_NTFS_SEC
Definition TskData.java:290
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_RSRC
TSK_FS_ATTR_TYPE_HFS_RSRC
Definition TskData.java:308
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.getValue
int getValue()
Definition TskData.java:318
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_COMP_REC
TSK_FS_ATTR_TYPE_HFS_COMP_REC
Definition TskData.java:310
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_DATA
TSK_FS_ATTR_TYPE_NTFS_DATA
Definition TskData.java:293
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_VVER
TSK_FS_ATTR_TYPE_NTFS_VVER
Definition TskData.java:288
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_PROP
TSK_FS_ATTR_TYPE_NTFS_PROP
Definition TskData.java:301
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_NTFS_IDXALLOC
TSK_FS_ATTR_TYPE_NTFS_IDXALLOC
Definition TskData.java:295
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_DEFAULT
TSK_FS_ATTR_TYPE_HFS_DEFAULT
Definition TskData.java:306
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_DATA
TSK_FS_ATTR_TYPE_HFS_DATA
Definition TskData.java:307
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_HFS_EXT_ATTR
TSK_FS_ATTR_TYPE_HFS_EXT_ATTR
Definition TskData.java:309
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ORPHAN
ORPHAN
Return only metadata structures that have no file name pointing to the (inode_walk flag only).
Definition TskData.java:213
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.toInt
static short toInt(Set< TSK_FS_META_FLAG_ENUM > metaFlags)
Definition TskData.java:268
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC
UNALLOC
Metadata structure is currently in an unallocated state.
Definition TskData.java:209
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.COMP
COMP
The file contents are compressed.
Definition TskData.java:212
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.valuesOf
static Set< TSK_FS_META_FLAG_ENUM > valuesOf(short metaFlags)
Definition TskData.java:249
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNKNOWN
UNKNOWN
Unknown.
Definition TskData.java:207
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC
ALLOC
Metadata structure is currently in an allocated state.
Definition TskData.java:208
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED
USED
Metadata structure has been allocated at least once.
Definition TskData.java:210
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNUSED
UNUSED
Metadata structure has never been allocated.
Definition TskData.java:211
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.getValue
short getValue()
Definition TskData.java:228
org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.toString
String toString()
Definition TskData.java:238
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID
TSK_FS_META_MODE_ISUID
set user id on execution
Definition TskData.java:370
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.valuesOf
static Set< TSK_FS_META_MODE_ENUM > valuesOf(short modes)
Definition TskData.java:409
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP
TSK_FS_META_MODE_IXGRP
X for group.
Definition TskData.java:380
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID
TSK_FS_META_MODE_ISGID
set group id on execution
Definition TskData.java:371
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR
TSK_FS_META_MODE_IXUSR
X for owner.
Definition TskData.java:376
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.getMode
short getMode()
Definition TskData.java:397
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.toInt
static short toInt(Set< TSK_FS_META_MODE_ENUM > modes)
Definition TskData.java:428
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX
TSK_FS_META_MODE_ISVTX
sticky bit
Definition TskData.java:372
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH
TSK_FS_META_MODE_IROTH
R for other.
Definition TskData.java:382
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH
TSK_FS_META_MODE_IXOTH
X for other.
Definition TskData.java:384
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH
TSK_FS_META_MODE_IWOTH
W for other.
Definition TskData.java:383
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP
TSK_FS_META_MODE_IRGRP
R for group.
Definition TskData.java:378
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR
TSK_FS_META_MODE_IRUSR
R for owner.
Definition TskData.java:374
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR
TSK_FS_META_MODE_IWUSR
W for owner.
Definition TskData.java:375
org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP
TSK_FS_META_MODE_IWGRP
W for group.
Definition TskData.java:379
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT
TSK_FS_META_TYPE_VIRT
"Virtual File" created by TSK for file system areas NON-NLS
Definition TskData.java:113
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_FIFO
TSK_FS_META_TYPE_FIFO
Named pipe (fifo) NON-NLS.
Definition TskData.java:106
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.valueOf
static TSK_FS_META_TYPE_ENUM valueOf(short metaType)
Definition TskData.java:138
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_LNK
TSK_FS_META_TYPE_LNK
Symbolic link NON-NLS.
Definition TskData.java:109
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_WHT
TSK_FS_META_TYPE_WHT
Whiteout NON-NLS.
Definition TskData.java:112
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.toString
String toString()
Definition TskData.java:134
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR
TSK_FS_META_TYPE_VIRT_DIR
"Virtual Directory" created by TSK for Orphan Files NON-NLS
Definition TskData.java:114
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_SHAD
TSK_FS_META_TYPE_SHAD
SOLARIS ONLY NON-NLS.
Definition TskData.java:110
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF
TSK_FS_META_TYPE_UNDEF
Definition TskData.java:103
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue
short getValue()
Definition TskData.java:129
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_BLK
TSK_FS_META_TYPE_BLK
Block device NON-NLS.
Definition TskData.java:108
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG
TSK_FS_META_TYPE_REG
Regular file NON-NLS.
Definition TskData.java:104
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_SOCK
TSK_FS_META_TYPE_SOCK
UNIX domain socket NON-NLS.
Definition TskData.java:111
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR
TSK_FS_META_TYPE_DIR
Directory file NON-NLS.
Definition TskData.java:105
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_CHR
TSK_FS_META_TYPE_CHR
Character device NON-NLS.
Definition TskData.java:107
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue
short getValue()
Definition TskData.java:173
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.valueOf
static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag)
Definition TskData.java:189
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.toString
String toString()
Definition TskData.java:178
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC
UNALLOC
Name is in an unallocated state.
Definition TskData.java:158
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC
ALLOC
Name is in an allocated state.
Definition TskData.java:157
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNKNOWN
UNKNOWN
Unknown.
Definition TskData.java:156
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.FIFO
FIFO
Named pipe NON-NLS.
Definition TskData.java:41
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getLabel
String getLabel()
Definition TskData.java:75
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR
DIR
Directory NON-NLS.
Definition TskData.java:43
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.CHR
CHR
Character device NON-NLS.
Definition TskData.java:42
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue
short getValue()
Definition TskData.java:66
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.BLK
BLK
Block device NON-NLS.
Definition TskData.java:44
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT
VIRT
Special (TSK added "Virtual" files) NON-NLS.
Definition TskData.java:50
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.SHAD
SHAD
Shadow inode (solaris) NON-NLS.
Definition TskData.java:48
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG
REG
Regular file NON-NLS.
Definition TskData.java:45
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.label
String label
Definition TskData.java:54
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.LNK
LNK
Symbolic link NON-NLS.
Definition TskData.java:46
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.SOCK
SOCK
Socket NON-NLS.
Definition TskData.java:47
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.VIRT_DIR
VIRT_DIR
Special (TSK added "Virtual" directories) NON-NLS.
Definition TskData.java:51
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.valueOf
static TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type)
Definition TskData.java:86
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.UNDEF
UNDEF
Unknown type.
Definition TskData.java:40
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.WHT
WHT
Whiteout (openbsd) NON-NLS.
Definition TskData.java:49
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_RAW_DETECT
TSK_FS_TYPE_RAW_DETECT
RAW auto detection.
Definition TskData.java:460
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT12
TSK_FS_TYPE_FAT12
FAT12 file system.
Definition TskData.java:445
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_DETECT
TSK_FS_TYPE_DETECT
Use autodetection methods.
Definition TskData.java:442
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_NTFS_DETECT
TSK_FS_TYPE_NTFS_DETECT
NTFS auto detection.
Definition TskData.java:444
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_ISO9660
TSK_FS_TYPE_ISO9660
ISO9660 file system.
Definition TskData.java:461
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS1
TSK_FS_TYPE_FFS1
UFS1 (FreeBSD, OpenBSD, BSDI ...).
Definition TskData.java:450
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT2
TSK_FS_TYPE_EXT2
Ext2 file system.
Definition TskData.java:454
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT4
TSK_FS_TYPE_EXT4
Ext4 file system.
Definition TskData.java:465
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_SWAP_DETECT
TSK_FS_TYPE_SWAP_DETECT
SWAP auto detection.
Definition TskData.java:458
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_RAW
TSK_FS_TYPE_RAW
RAW file system.
Definition TskData.java:459
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT_DETECT
TSK_FS_TYPE_FAT_DETECT
FAT auto detection.
Definition TskData.java:449
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_HFS_DETECT
TSK_FS_TYPE_HFS_DETECT
HFS auto detection.
Definition TskData.java:464
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT3
TSK_FS_TYPE_EXT3
Ext3 file system.
Definition TskData.java:455
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_UNSUPP
TSK_FS_TYPE_UNSUPP
Unsupported file system.
Definition TskData.java:473
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.valueOf
static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue)
Definition TskData.java:509
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_HFS
TSK_FS_TYPE_HFS
HFS file system.
Definition TskData.java:463
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS_DETECT
TSK_FS_TYPE_FFS_DETECT
UFS auto detection.
Definition TskData.java:453
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXFAT
TSK_FS_TYPE_EXFAT
ExFAT file system.
Definition TskData.java:448
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_ISO9660_DETECT
TSK_FS_TYPE_ISO9660_DETECT
ISO9660 auto detection.
Definition TskData.java:462
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_APFS
TSK_FS_TYPE_APFS
APFS file system.
Definition TskData.java:468
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS2
TSK_FS_TYPE_FFS2
UFS2 - FreeBSD, NetBSD.
Definition TskData.java:452
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_YAFFS2_DETECT
TSK_FS_TYPE_YAFFS2_DETECT
YAFFS2 auto detection.
Definition TskData.java:467
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.getValue
int getValue()
Definition TskData.java:488
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_BTRFS_DETECT
TSK_FS_TYPE_BTRFS_DETECT
Btrfs auto detection.
Definition TskData.java:471
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FFS1B
TSK_FS_TYPE_FFS1B
UFS1b (Solaris - has no type).
Definition TskData.java:451
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT_DETECT
TSK_FS_TYPE_EXT_DETECT
ExtX auto detection.
Definition TskData.java:456
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT16
TSK_FS_TYPE_FAT16
FAT16 file system.
Definition TskData.java:446
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_APFS_DETECT
TSK_FS_TYPE_APFS_DETECT
APFS auto detection.
Definition TskData.java:469
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_YAFFS2
TSK_FS_TYPE_YAFFS2
YAFFS2 file system.
Definition TskData.java:466
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_BTRFS
TSK_FS_TYPE_BTRFS
Btrfs file system.
Definition TskData.java:470
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_SWAP
TSK_FS_TYPE_SWAP
SWAP file system.
Definition TskData.java:457
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_NTFS
TSK_FS_TYPE_NTFS
NTFS file system.
Definition TskData.java:443
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_FAT32
TSK_FS_TYPE_FAT32
FAT32 file system.
Definition TskData.java:447
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.getDisplayName
String getDisplayName()
Definition TskData.java:497
org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_LOGICAL
TSK_FS_TYPE_LOGICAL
Definition TskData.java:472
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SING
TSK_IMG_TYPE_RAW_SING
Definition TskData.java:528
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_VHD_VHD
TSK_IMG_TYPE_VHD_VHD
Definition TskData.java:536
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_LOGICAL
TSK_IMG_TYPE_LOGICAL
Definition TskData.java:538
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.getName
String getName()
Definition TskData.java:573
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_DETECT
TSK_IMG_TYPE_DETECT
Definition TskData.java:527
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.valueOf
static TSK_IMG_TYPE_ENUM valueOf(long imgType)
Definition TskData.java:549
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.getValue
long getValue()
Definition TskData.java:564
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_ANY
TSK_IMG_TYPE_AFF_ANY
Definition TskData.java:533
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFF
TSK_IMG_TYPE_AFF_AFF
Definition TskData.java:530
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SPLIT
TSK_IMG_TYPE_RAW_SPLIT
Definition TskData.java:529
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFD
TSK_IMG_TYPE_AFF_AFD
Definition TskData.java:531
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_UNSUPP
TSK_IMG_TYPE_UNSUPP
Logical directory.
Definition TskData.java:539
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_POOL_POOL
TSK_IMG_TYPE_POOL_POOL
Definition TskData.java:537
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_EWF_EWF
TSK_IMG_TYPE_EWF_EWF
Definition TskData.java:534
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_VMDK_VMDK
TSK_IMG_TYPE_VMDK_VMDK
Definition TskData.java:535
org.sleuthkit.datamodel.TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFM
TSK_IMG_TYPE_AFF_AFM
Definition TskData.java:532
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_DETECT
TSK_POOL_TYPE_DETECT
Use autodetection methods.
Definition TskData.java:751
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_APFS
TSK_POOL_TYPE_APFS
APFS Pooled Volumes.
Definition TskData.java:752
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_LVM
TSK_POOL_TYPE_LVM
LVM Pooled Volumes.
Definition TskData.java:753
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_UNSUPP
TSK_POOL_TYPE_UNSUPP
Unsupported pool container type.
Definition TskData.java:754
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.TSK_POOL_TYPE_ENUM
TSK_POOL_TYPE_ENUM(int poolType, String name)
Definition TskData.java:760
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.getValue
short getValue()
Definition TskData.java:787
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.getName
String getName()
Definition TskData.java:791
org.sleuthkit.datamodel.TskData.TSK_POOL_TYPE_ENUM.valueOf
static TSK_POOL_TYPE_ENUM valueOf(long poolType)
Definition TskData.java:772
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.getVsFlag
long getVsFlag()
Definition TskData.java:355
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL
TSK_VS_PART_FLAG_ALL
Show all sectors in the walk.
Definition TskData.java:342
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META
TSK_VS_PART_FLAG_META
Sectors contain volume system metadata and could also be ALLOC or UNALLOC.
Definition TskData.java:341
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC
TSK_VS_PART_FLAG_ALLOC
Sectors are allocated to a volume in the volume system.
Definition TskData.java:339
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC
TSK_VS_PART_FLAG_UNALLOC
Sectors are not allocated to a volume.
Definition TskData.java:340
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_UNSUPP
TSK_VS_TYPE_UNSUPP
Unsupported.
Definition TskData.java:593
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.valueOf
static TSK_VS_TYPE_ENUM valueOf(long vsType)
Definition TskData.java:603
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DBFILLER
TSK_VS_TYPE_DBFILLER
fake partition table type for loaddb (for images that do not have a volume system)
Definition TskData.java:592
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DETECT
TSK_VS_TYPE_DETECT
Use autodetection methods.
Definition TskData.java:584
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS
TSK_VS_TYPE_APFS
APFS pool NON-NLS.
Definition TskData.java:590
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.getName
String getName()
Definition TskData.java:627
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.getVsType
long getVsType()
Definition TskData.java:618
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_BSD
TSK_VS_TYPE_BSD
BSD Partition table NON-NLS.
Definition TskData.java:586
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_GPT
TSK_VS_TYPE_GPT
GPT partition table NON-NLS.
Definition TskData.java:589
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_LVM
TSK_VS_TYPE_LVM
LVM pool NON-NLS.
Definition TskData.java:591
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_MAC
TSK_VS_TYPE_MAC
Mac partition table NON-NLS.
Definition TskData.java:588
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_DOS
TSK_VS_TYPE_DOS
DOS Partition table NON-NLS.
Definition TskData.java:585
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_SUN
TSK_VS_TYPE_SUN
Sun VTOC NON-NLS.
Definition TskData.java:587
org.sleuthkit.datamodel.TskData.TagType.valueOf
static TagType valueOf(byte type)
Definition TskData.java:922
org.sleuthkit.datamodel.TskData.TagType.convertFileKnownToTagType
static TagType convertFileKnownToTagType(FileKnown fileKnown)
Definition TskData.java:897
org.sleuthkit.datamodel.TskData.TagType.convertTagTypeToFileKnown
static FileKnown convertTagTypeToFileKnown(TagType tagType)
Definition TskData.java:873

Copyright © 2011-2024 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.