Sleuth Kit Java Bindings (JNI)  4.2
Java bindings for using The Sleuth Kit
The Sleuth Kit Java Bindings Developer's Guide and API Reference

Overview

These classes allow Java programs to access data extracted by The Sleuth Kit.

The Sleuth Kit is primarily a C/C++ library and set of command line tools. These classes allow programs to obtain the data that TSK can produce. The typical steps would be to use JNI to cause the TSK library to create and populate a SQLite database. The Java classes then directly open the SQLite database and perform queries on it.

Basic

NOTE: This needs to be expanded on.

Adding Data to Case

Use SleuthkitCase.newCase() or SleuthkitCase.openCase() to return an instance of a SleuthkitCase object. To add data to the case, use SleuthkitCase.makeAdImageProcess() to get a AddImageProcess object that allows you to populate the database in the scope of a transaction and get feedback on its update process.

To add a local file (logical file) you can use methods such as SleuthkitCase.addLocalFile().

Analyzing Data in Case

You can either access files directly using methods such as SleuthkitCase.findFiles() or SleuthkitCase.getAbstractFileById().

You can also access the data in its tree form by starting with SleuthkitCase.getImages() and then calling getChildren() on each of the returned objects. See the section below on basics of the datamodel structure.

Class Hierarchy

Flush out here on general layout.

The Blackboard

The Blackboard


Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.