Sleuth Kit Java Bindings (JNI) 4.14.0
Java bindings for using The Sleuth Kit
Loading...
Searching...
No Matches
Volume.java
Go to the documentation of this file.
1/*
2 * Sleuth Kit Data Model
3 *
4 * Copyright 2011-2020 Basis Technology Corp.
5 * Contact: carrier <at> sleuthkit <dot> org
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19package org.sleuthkit.datamodel;
20
21import java.util.ResourceBundle;
22import java.util.ArrayList;
23import java.util.List;
24
29public class Volume extends AbstractContent {
30
31 private long addr;
32 private long startSector; //in sectors, relative to volume system start
33 private long lengthInSectors; //in sectors
34 private long flags;
35 private String desc;
36 private volatile long volumeHandle = 0;
37 private volatile String uniquePath;
38 private static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
39
51 protected Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc) {
52 super(db, obj_id, "vol" + Long.toString(addr)); //NON-NLS
53 this.addr = addr;
54 this.startSector = startSector;
55 this.lengthInSectors = lengthInSectors;
56 this.uniquePath = null;
57 this.flags = flags;
58 if (!desc.equals("")) {
59 this.desc = desc;
60 } else {
61 this.desc = bundle.getString("Volume.desc.text");
62 }
63 }
64
65 @Override
66 public int read(byte[] buf, long offset, long len) throws TskCoreException {
67 synchronized (this) {
68 Content myParent = getParent();
69 if (!(myParent instanceof VolumeSystem)) {
70 throw new TskCoreException(bundle.getString("Volume.read.exception.msg1.text"));
71 }
72 VolumeSystem parentVs = (VolumeSystem) myParent;
73
74 // Reading from APFS volumes/volume systems is not yet supported
75 if (parentVs.getType().equals(TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS)) {
76 throw new TskCoreException("Reading APFS pool volumes not yet supported");
77 }
78
79 // read from the volume
80 if (volumeHandle == 0) {
81 volumeHandle = SleuthkitJNI.openVsPart(parentVs.getVolumeSystemHandle(), addr);
82 }
83
84 }
85 return SleuthkitJNI.readVsPart(volumeHandle, buf, offset, len);
86 }
87
88 @Override
89 public void close() {
90 // there is nothing to free. The VolumeSystem structure
91 // in C++ contains this structure and will free it.
92 volumeHandle = 0;
93 }
94
95 @SuppressWarnings("deprecation")
96 @Override
97 public void finalize() throws Throwable {
98 try {
99 close();
100 } finally {
101 super.finalize();
102 }
103 }
104
105 @Override
106 public long getSize() {
107 return lengthInSectors * 512;
108 }
109
110 @Override
111 public String getUniquePath() throws TskCoreException {
112 // It is possible that multiple threads could be doing this calculation
113 // simultaneously, but it's worth the potential extra processing to prevent deadlocks.
114 if(uniquePath == null) {
115 String tempUniquePath = "";
116 String name = getName();
117 if (!name.isEmpty()) {
118 tempUniquePath = "/vol_" + name; //NON-NLS
119 }
120
121 Content myParent = getParent();
122 if (myParent != null) {
123 tempUniquePath = myParent.getUniquePath() + tempUniquePath;
124 }
125
126 // Don't update uniquePath until it is complete.
127 uniquePath = tempUniquePath;
128 }
129 return uniquePath;
130 }
131
132 //methods get exact data from database. could be manipulated to get more
133 //meaningful data.
140 public long getAddr() {
141 return addr;
142 }
143
150 public long getStart() {
151 return startSector;
152 }
153
159 public long getLength() {
160 return lengthInSectors;
161 }
162
168 public long getFlags() {
169 return flags;
170 }
171
177 public String getFlagsAsString() {
178 return Volume.vsFlagToString(flags);
179 }
180
187 public String getDescription() {
188 return desc;
189 }
190
191 // ----- Here all the methods for vs flags conversion / mapping -----
199 public static String vsFlagToValue(long vsFlag) {
200
201 String result = "";
202
203 for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()) {
204 if (flag.getVsFlag() == vsFlag) {
205 result = flag.toString();
206 }
207 }
208 return result;
209 }
210
218 public static long valueToVsFlag(String vsFlag) {
219
220 long result = 0;
221
222 for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()) {
223 if (flag.toString().equals(vsFlag)) {
224 result = flag.getVsFlag();
225 }
226 }
227 return result;
228 }
229
237 public static String vsFlagToString(long vsFlag) {
238
239 String result = "";
240
241 long allocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC.getVsFlag();
242 long unallocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC.getVsFlag();
243
244 // some variables that might be needed in the future
245 long metaFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META.getVsFlag();
246 long allFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL.getVsFlag();
247
248 if ((vsFlag & allocFlag) == allocFlag) {
249 result = bundle.getString("Volume.vsFlagToString.allocated");
250 }
251 if ((vsFlag & unallocFlag) == unallocFlag) {
252 result = bundle.getString("Volume.vsFlagToString.unallocated");
253 }
254 // ... add more code here if needed
255
256 return result;
257 }
258
259 @Override
260 public <T> T accept(SleuthkitItemVisitor<T> v) {
261 return v.visit(this);
262 }
263
264 @Override
265 public <T> T accept(ContentVisitor<T> v) {
266 return v.visit(this);
267 }
268
269 @Override
270 public List<Content> getChildren() throws TskCoreException {
271 return getSleuthkitCase().getVolumeChildren(this);
272 }
273
274 @Override
275 public List<Long> getChildrenIds() throws TskCoreException {
276 return getSleuthkitCase().getVolumeChildrenIds(this);
277 }
278
284 public List<FileSystem> getFileSystems() throws TskCoreException {
285
286 List<Content> children = getChildren();
287 List<FileSystem> fileSystems = new ArrayList<FileSystem>();
288 for (Content child : children) {
289 if (child instanceof FileSystem) {
290 fileSystems.add((FileSystem) child);
291 }
292 }
293
294 return fileSystems;
295 }
296
297 @Override
298 public String toString(boolean preserveState) {
299 return super.toString(preserveState) + "Volume [\t" + "addr " + addr + "\t" + "desc " + desc + "\t" + "flags " + flags + "\t" + "length " + lengthInSectors + "\t" + "start " + startSector + "]\t"; //NON-NLS
300 }
301}
org.sleuthkit.datamodel.AbstractContent.getParent
Content getParent()
Definition AbstractContent.java:126
org.sleuthkit.datamodel.AbstractContent.getName
String getName()
Definition AbstractContent.java:69
org.sleuthkit.datamodel.AbstractContent.AbstractContent
AbstractContent(SleuthkitCase db, long obj_id, String name)
Definition AbstractContent.java:57
org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase
SleuthkitCase getSleuthkitCase()
Definition AbstractContent.java:305
org.sleuthkit.datamodel.SleuthkitJNI.readVsPart
static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len)
Definition SleuthkitJNI.java:1450
org.sleuthkit.datamodel.SleuthkitJNI.openVsPart
static long openVsPart(long vsHandle, long volId)
Definition SleuthkitJNI.java:1088
org.sleuthkit.datamodel.Volume.getFileSystems
List< FileSystem > getFileSystems()
Definition Volume.java:284
org.sleuthkit.datamodel.Volume.getChildrenIds
List< Long > getChildrenIds()
Definition Volume.java:275
org.sleuthkit.datamodel.Volume.vsFlagToValue
static String vsFlagToValue(long vsFlag)
Definition Volume.java:199
org.sleuthkit.datamodel.Volume.toString
String toString(boolean preserveState)
Definition Volume.java:298
org.sleuthkit.datamodel.Volume.read
int read(byte[] buf, long offset, long len)
Definition Volume.java:66
org.sleuthkit.datamodel.Volume.Volume
Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc)
Definition Volume.java:51
org.sleuthkit.datamodel.Volume.getChildren
List< Content > getChildren()
Definition Volume.java:270
org.sleuthkit.datamodel.Volume.valueToVsFlag
static long valueToVsFlag(String vsFlag)
Definition Volume.java:218
org.sleuthkit.datamodel.Volume.vsFlagToString
static String vsFlagToString(long vsFlag)
Definition Volume.java:237
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM
Definition TskData.java:337
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL
TSK_VS_PART_FLAG_ALL
Show all sectors in the walk.
Definition TskData.java:342
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META
TSK_VS_PART_FLAG_META
Sectors contain volume system metadata and could also be ALLOC or UNALLOC.
Definition TskData.java:341
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC
TSK_VS_PART_FLAG_ALLOC
Sectors are allocated to a volume in the volume system.
Definition TskData.java:339
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC
TSK_VS_PART_FLAG_UNALLOC
Sectors are not allocated to a volume.
Definition TskData.java:340
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM
Definition TskData.java:582
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS
TSK_VS_TYPE_APFS
APFS pool NON-NLS.
Definition TskData.java:590
org.sleuthkit.datamodel.Content
Definition Content.java:33
org.sleuthkit.datamodel.Content.getUniquePath
String getUniquePath()

Copyright © 2011-2024 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.