|
Sleuth Kit Java Bindings (JNI)
4.2
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.2
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractFile.
Classes | |
| class | DerivedMethod |
Public Member Functions | |
| List< Content > | getChildren () throws TskCoreException |
| List< Long > | getChildrenIds () throws TskCoreException |
| Content | getDataSource () throws TskCoreException |
| synchronized DerivedMethod | getDerivedMethod () throws TskCoreException |
| boolean | isRoot () |
| String | toString (boolean preserveState) |
 Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| boolean | canRead () |
| void | close () |
| long | convertToImgOffset (long fileOffset) throws TskCoreException |
| boolean | exists () |
| long | getAtime () |
| String | getAtimeAsDate () |
| short | getAttrId () |
| TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
| long | getCrtime () |
| String | getCrtimeAsDate () |
| long | getCtime () |
| String | getCtimeAsDate () |
| String | getDirFlagAsString () |
| TSK_FS_NAME_TYPE_ENUM | getDirType () |
| String | getDirTypeAsString () |
| int | getGid () |
| TskData.FileKnown | getKnown () |
| String | getLocalAbsPath () |
| String | getLocalPath () |
| String | getMd5Hash () |
| long | getMetaAddr () |
| String | getMetaFlagsAsString () |
| long | getMetaSeq () |
| TSK_FS_META_TYPE_ENUM | getMetaType () |
| String | getMetaTypeAsString () |
| String | getModesAsString () |
| long | getMtime () |
| String | getMtimeAsDate () |
| String | getNameExtension () |
| String | getParentPath () |
| List< TskFileRange > | getRanges () throws TskCoreException |
| long | getSize () |
| TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
| int | getUid () |
| boolean | isDir () |
| boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
| boolean | isFile () |
| boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
| MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
| boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
| abstract boolean | isRoot () |
| boolean | isVirtual () |
| List< AbstractFile > | listFiles () throws TskCoreException |
| final int | read (byte[] buf, long offset, long len) throws TskCoreException |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| boolean | equals (Object obj) |
| ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
| long | getAllArtifactsCount () throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
| long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
| long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
| int | getChildrenCount () throws TskCoreException |
| Content | getDataSource () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
| Set< String > | getHashSetNames () throws TskCoreException |
| long | getId () |
| String | getName () |
| synchronized Content | getParent () throws TskCoreException |
| SleuthkitCase | getSleuthkitCase () |
| synchronized String | getUniquePath () throws TskCoreException |
| boolean | hasChildren () throws TskCoreException |
| int | hashCode () |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| String | toString () |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
| long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Protected Member Functions | |
| DerivedFile (SleuthkitCase db, long objId, String name, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, String md5Hash, FileKnown knownState, String parentPath, String localPath, long parentId) | |
| void | finalize () throws Throwable |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| AbstractFile (SleuthkitCase db, long objId, TskData.TSK_FS_ATTR_TYPE_ENUM attrType, short attrId, String name, TskData.TSK_DB_FILES_TYPE_ENUM fileType, long metaAddr, int metaSeq, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, short modes, int uid, int gid, String md5Hash, FileKnown knownState, String parentPath) | |
| void | finalize () throws Throwable |
| int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
| final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
| void | setLocalPath (String localPath, boolean isAbsolute) |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Private Attributes | |
| volatile DerivedMethod | derivedMethod |
| boolean | hasDerivedMethod = true |
| whether it has the derived method to lazy load or not More... | |
Static Private Attributes | |
| static ResourceBundle | bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle") |
| static final Logger | logger = Logger.getLogger(DerivedFile.class.getName()) |
Additional Inherited Members | |
| Static Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| static String | createNonUniquePath (String uniquePath) |
| static String | epochToTime (long epoch) |
| static long | timeToEpoch (String time) |
| Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| static final long | UNKNOWN_ID = -1 |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractFile | |
| final short | attrId |
| final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
| final TSK_FS_NAME_FLAG_ENUM | dirFlag |
| final TSK_FS_NAME_TYPE_ENUM | dirType |
| final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
| TskData.FileKnown | knownState |
| String | md5Hash |
| final long | metaAddr |
| final Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
| final int | metaSeq |
| final TSK_FS_META_TYPE_ENUM | metaType |
| final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
| final String | parentPath |
| long | size |
| final int | uid |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| long | parentId |
Represents a file or directory that has been derived from another file and contents of which are stored locally on user's machine.
The file extends AbstractFile by adding derived method used and information needed to rederive it.
Use case example is an extracted file from an archive.
Definition at line 42 of file DerivedFile.java.
|
protected |
Create a db representation of a derived file
| db | |
| objId | object if of this file already in database |
| name | name of this derived file |
| dirType | |
| metaType | |
| dirFlag | |
| metaFlags | |
| size | size of the file |
| ctime | |
| crtime | |
| atime | |
| mtime | |
| md5Hash | |
| knownState | |
| parentPath | path of the parent of this derived file (e.g. fs zip file, or another derived file path) |
| localPath | local path of this derived file, relative to the db path |
| parentId | parent id of this derived file to set if available |
Definition at line 71 of file DerivedFile.java.
References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.AbstractFile.setLocalPath(), and org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_DEFAULT.
|
protected |
Definition at line 153 of file DerivedFile.java.
References org.sleuthkit.datamodel.AbstractFile.close().
| List<Content> org.sleuthkit.datamodel.DerivedFile.getChildren | ( | ) | throws TskCoreException |
Gets the child content objects of this content.
| TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 106 of file DerivedFile.java.
References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| List<Long> org.sleuthkit.datamodel.DerivedFile.getChildrenIds | ( | ) | throws TskCoreException |
Gets the child content ids of this content.
| TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 113 of file DerivedFile.java.
References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| Content org.sleuthkit.datamodel.DerivedFile.getDataSource | ( | ) | throws TskCoreException |
Get the root data source of this content (image, virtual directory, etc.)
| TskCoreException | if critical error occurred within tsk core |
Implements org.sleuthkit.datamodel.Content.
Definition at line 90 of file DerivedFile.java.
References org.sleuthkit.datamodel.Content.getDataSource(), org.sleuthkit.datamodel.AbstractContent.getParent(), org.sleuthkit.datamodel.Content.getParent(), and org.sleuthkit.datamodel.AbstractContent.parent.
| synchronized DerivedMethod org.sleuthkit.datamodel.DerivedFile.getDerivedMethod | ( | ) | throws TskCoreException |
Get derived method for this derived file if it exists, or null
| TskCoreException | exception thrown when critical error occurred and derived method could not be queried |
Definition at line 135 of file DerivedFile.java.
References org.sleuthkit.datamodel.DerivedFile.derivedMethod, org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| boolean org.sleuthkit.datamodel.DerivedFile.isRoot | ( | ) |
Definition at line 84 of file DerivedFile.java.
| String org.sleuthkit.datamodel.DerivedFile.toString | ( | boolean | preserveState | ) |
Definition at line 162 of file DerivedFile.java.
|
staticprivate |
Definition at line 46 of file DerivedFile.java.
|
private |
Definition at line 44 of file DerivedFile.java.
Referenced by org.sleuthkit.datamodel.DerivedFile.getDerivedMethod().
|
private |
whether it has the derived method to lazy load or not
Definition at line 47 of file DerivedFile.java.
|
staticprivate |
Definition at line 45 of file DerivedFile.java.
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
