Sleuth Kit Java Bindings (JNI)  4.3
Java bindings for using The Sleuth Kit
SleuthkitJNI.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011-2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.io.BufferedReader;
22 import java.io.FileReader;
23 import java.io.IOException;
24 import java.text.DateFormat;
25 import java.text.SimpleDateFormat;
26 import java.util.ArrayList;
27 import java.util.GregorianCalendar;
28 import java.util.HashMap;
29 import java.util.List;
30 import java.util.Map;
31 import java.util.TimeZone;
32 import java.util.UUID;
33 import org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM;
34 
43 public class SleuthkitJNI {
44 
45  /*
46  * Loads the SleuthKit libraries.
47  */
48  static {
49  LibraryUtils.loadSleuthkitJNI();
50  }
51 
52  /*
53  * A monitor used to guard access to cached SleuthKit image and file system
54  * handles.
55  */
56  private static final Object cacheLock = new Object();
57 
62  private SleuthkitJNI() {
63  }
64 
69  public static class CaseDbHandle {
70 
71  /*
72  * A pointer to a TskCaseDb object.
73  */
74  private final long caseDbPointer;
75 
76  /*
77  * A SleuthKit image handle cache implemented as a mappng of
78  * concatenated image file paths to image handles.
79  */
80  private static final Map<String, Long> imageHandleCache = new HashMap<String, Long>();
81 
82  /*
83  * A SleuthKit file system handles cache implemented as a mapping of
84  * image handles to image offset and file system handle pairs.
85  */
86  private static final Map<Long, Map<Long, Long>> fsHandleCache = new HashMap<Long, Map<Long, Long>>();
87 
94  private CaseDbHandle(long caseDbPointer) {
95  this.caseDbPointer = caseDbPointer;
96  }
97 
104  void free() throws TskCoreException {
105  synchronized (cacheLock) {
106  /*
107  * Close any cached file system handles.
108  */
109  for (Map<Long, Long> imageToFsMap : fsHandleCache.values()) {
110  for (Long fsHandle : imageToFsMap.values()) {
111  closeFsNat(fsHandle);
112  }
113  }
114 
115  /*
116  * Close any cached image handles.
117  */
118  for (Long imageHandle : imageHandleCache.values()) {
119  closeImgNat(imageHandle);
120  }
121 
122  fsHandleCache.clear();
123  imageHandleCache.clear();
124  }
125 
126  SleuthkitJNI.closeCaseDbNat(caseDbPointer);
127  }
128 
152  long addImageInfo(long deviceObjId, List<String> imageFilePaths, String timeZone) throws TskCoreException {
153  try {
154  long tskAutoDbPointer = initializeAddImgNat(caseDbPointer, timezoneLongToShort(timeZone), false, false, false);
155  runOpenAndAddImgNat(tskAutoDbPointer, UUID.randomUUID().toString(), imageFilePaths.toArray(new String[0]), imageFilePaths.size(), timeZone);
156  return commitAddImgNat(tskAutoDbPointer);
157  } catch (TskDataException ex) {
158  throw new TskCoreException("Error adding image to case database", ex);
159  }
160  }
161 
178  AddImageProcess initAddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageWriterPath) {
179  return new AddImageProcess(timeZone, addUnallocSpace, skipFatFsOrphans, imageWriterPath);
180  }
181 
186  public class AddImageProcess {
187 
188  private final String timeZone;
189  private final boolean addUnallocSpace;
190  private final boolean skipFatFsOrphans;
191  private final String imageWriterPath;
192  private volatile long tskAutoDbPointer;
193  private boolean isCanceled;
194 
208  private AddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageWriterPath) {
209  this.timeZone = timeZone;
210  this.addUnallocSpace = addUnallocSpace;
211  this.skipFatFsOrphans = skipFatFsOrphans;
212  this.imageWriterPath = imageWriterPath;
213  tskAutoDbPointer = 0;
214  this.isCanceled = false;
215  }
216 
234  public void run(String deviceId, String[] imageFilePaths) throws TskCoreException, TskDataException {
235  long imageHandle = 0;
236  synchronized (this) {
237  if (0 != tskAutoDbPointer) {
238  throw new TskCoreException("Add image process already started");
239  }
240  if (!isCanceled) { //with isCanceled being guarded by this it will have the same value everywhere in this synchronized block
241  imageHandle = openImage(imageFilePaths, false);
242  tskAutoDbPointer = initAddImgNat(caseDbPointer, timezoneLongToShort(timeZone), addUnallocSpace, skipFatFsOrphans);
243  }
244  if (0 == tskAutoDbPointer) {
245  throw new TskCoreException("initAddImgNat returned a NULL TskAutoDb pointer");
246  }
247  }
248  if (imageHandle != 0) {
249  runAddImgNat(tskAutoDbPointer, deviceId, imageHandle, timeZone, imageWriterPath);
250  }
251  }
252 
262  public synchronized void stop() throws TskCoreException {
263  isCanceled = true;
264  if (tskAutoDbPointer != 0) {
265  stopAddImgNat(tskAutoDbPointer);
266  }
267  }
268 
276  public synchronized void revert() throws TskCoreException {
277  if (tskAutoDbPointer == 0) {
278  throw new TskCoreException("AddImgProcess::revert: AutoDB pointer is NULL");
279  }
280 
281  revertAddImgNat(tskAutoDbPointer);
282  // the native code deleted the object
283  tskAutoDbPointer = 0;
284  }
285 
295  public synchronized long commit() throws TskCoreException {
296  if (tskAutoDbPointer == 0) {
297  throw new TskCoreException("AddImgProcess::commit: AutoDB pointer is NULL");
298  }
299 
300  long id = commitAddImgNat(tskAutoDbPointer);
301  // the native code deleted the object
302  tskAutoDbPointer = 0;
303  return id;
304  }
305 
312  public synchronized String currentDirectory() {
313  return tskAutoDbPointer == 0 ? "" : getCurDirNat(tskAutoDbPointer); //NON-NLS
314  }
315 
331  @Deprecated
332  public void run(String[] imageFilePaths) throws TskCoreException, TskDataException {
333  run(null, imageFilePaths);
334  }
335  }
336 
337  }
338 
350  static CaseDbHandle newCaseDb(String path) throws TskCoreException {
351  return new CaseDbHandle(newCaseDbNat(path));
352  }
353 
366  static CaseDbHandle newCaseDb(String databaseName, CaseDbConnectionInfo info) throws TskCoreException {
367  return new CaseDbHandle(newCaseDbMultiNat(info.getHost(), info.getPort(), info.getUserName(), info.getPassword(), info.getDbType().ordinal(), databaseName));
368  }
369 
381  static CaseDbHandle openCaseDb(String path) throws TskCoreException {
382  return new CaseDbHandle(openCaseDbNat(path));
383  }
384 
397  static CaseDbHandle openCaseDb(String databaseName, CaseDbConnectionInfo info) throws TskCoreException {
398  return new CaseDbHandle(openCaseDbMultiNat(info.getHost(), info.getPort(), info.getUserName(), info.getPassword(), info.getDbType().ordinal(), databaseName));
399  }
400 
406  public static String getVersion() {
407  return getVersionNat();
408  }
409 
413  public static void startVerboseLogging(String logPath) {
414  startVerboseLoggingNat(logPath);
415  }
416 
427  public static long openImage(String[] imageFiles) throws TskCoreException {
428  return openImage(imageFiles, true);
429  }
430 
446  private static long openImage(String[] imageFiles, boolean useCache) throws TskCoreException {
447 
448  long imageHandle;
449 
450  StringBuilder keyBuilder = new StringBuilder();
451  for (int i = 0; i < imageFiles.length; ++i) {
452  keyBuilder.append(imageFiles[i]);
453  }
454  final String imageKey = keyBuilder.toString();
455 
456  synchronized (cacheLock) {
457  // If we're getting a fresh copy, remove any existing cache references
458  if (!useCache && CaseDbHandle.imageHandleCache.containsKey(imageKey)) {
459  long tempImageHandle = CaseDbHandle.imageHandleCache.get(imageKey);
460  CaseDbHandle.fsHandleCache.remove(tempImageHandle);
461  CaseDbHandle.imageHandleCache.remove(imageKey);
462  }
463 
464  if (useCache && CaseDbHandle.imageHandleCache.containsKey(imageKey)) //get from cache
465  {
466  imageHandle = CaseDbHandle.imageHandleCache.get(imageKey);
467  } else {
468  //open new handle and cache it
469  imageHandle = openImgNat(imageFiles, imageFiles.length);
470  CaseDbHandle.fsHandleCache.put(imageHandle, new HashMap<Long, Long>());
471  CaseDbHandle.imageHandleCache.put(imageKey, imageHandle);
472  }
473  }
474  return imageHandle;
475  }
476 
489  public static long openVs(long imgHandle, long vsOffset) throws TskCoreException {
490  return openVsNat(imgHandle, vsOffset);
491  }
492 
493  //get pointers
505  public static long openVsPart(long vsHandle, long volId) throws TskCoreException {
506  //returned long is ptr to vs Handle object in tsk
507  return openVolNat(vsHandle, volId);
508  }
509 
522  public static long openFs(long imgHandle, long fsOffset) throws TskCoreException {
523  long fsHandle;
524  synchronized (cacheLock) {
525  final Map<Long, Long> imgOffSetToFsHandle = CaseDbHandle.fsHandleCache.get(imgHandle);
526  if (imgOffSetToFsHandle.containsKey(fsOffset)) {
527  //return cached
528  fsHandle = imgOffSetToFsHandle.get(fsOffset);
529  } else {
530  fsHandle = openFsNat(imgHandle, fsOffset);
531  //cache it
532  imgOffSetToFsHandle.put(fsOffset, fsHandle);
533  }
534  }
535  return fsHandle;
536  }
537 
551  public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException {
552  /*
553  * NOTE: previously attrId used to be stored in AbstractFile as (signed)
554  * short even though it is stored as uint16 in TSK. In extremely rare
555  * occurrences attrId can be larger than what a signed short can hold
556  * (2^15). Changes were made to AbstractFile to store attrId as integer.
557  * However, a depricated method still exists in AbstractFile to get
558  * attrId as short. In that method we convert attribute ids that are
559  * larger than 32K to a negative number. Therefore if encountered, we
560  * need to convert negative attribute id to uint16 which is what TSK is
561  * using to store attribute id.
562  */
563  return openFileNat(fsHandle, fileId, attrType.getValue(), convertSignedToUnsigned(attrId));
564  }
565 
573  private static int convertSignedToUnsigned(int val) {
574  if (val >= 0) {
575  return val;
576  }
577 
578  return val & 0xffff; // convert negative value to positive value
579  }
580 
581  //do reads
596  public static int readImg(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
597  //returned byte[] is the data buffer
598  return readImgNat(imgHandle, readBuffer, offset, len);
599  }
600 
615  public static int readVs(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
616  return readVsNat(vsHandle, readBuffer, offset, len);
617  }
618 
633  public static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
634  //returned byte[] is the data buffer
635  return readVolNat(volHandle, readBuffer, offset, len);
636  }
637 
652  public static int readFs(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
653  //returned byte[] is the data buffer
654  return readFsNat(fsHandle, readBuffer, offset, len);
655  }
656 
661  private enum TSK_FS_FILE_READ_OFFSET_TYPE_ENUM {
662  START_OF_FILE(0),
663  START_OF_SLACK(1);
664 
665  private final int val;
666 
667  TSK_FS_FILE_READ_OFFSET_TYPE_ENUM(int val) {
668  this.val = val;
669  }
670 
671  int getValue() {
672  return val;
673  }
674  }
675 
690  public static int readFile(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
691  return readFileNat(fileHandle, readBuffer, offset, TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_FILE.getValue(), len);
692  }
693 
708  public static int readFileSlack(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
709  return readFileNat(fileHandle, readBuffer, offset, TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_SLACK.getValue(), len);
710  }
711 
722  public static List<String> getFileMetaDataText(long fileHandle) throws TskCoreException {
723  try {
724  java.io.File tmp = java.io.File.createTempFile("tsk", ".txt");
725 
726  saveFileMetaDataTextNat(fileHandle, tmp.getAbsolutePath());
727 
728  FileReader fr = new FileReader(tmp.getAbsolutePath());
729  BufferedReader textReader = new BufferedReader(fr);
730 
731  List<String> lines = new ArrayList<String>();
732  while (true) {
733  String line = textReader.readLine();
734  if (line == null) {
735  break;
736  }
737  lines.add(line);
738  }
739  textReader.close();
740  fr.close();
741  tmp.delete();
742  return lines;
743  } catch (IOException ex) {
744  throw new TskCoreException("Error reading istat output: " + ex.getLocalizedMessage());
745  }
746  }
747 
748  //free pointers
755  public static void closeImg(long imgHandle) {
756  //@@@ TODO close the image handle when Case is closed instead
757  //currently the image handle is not being freed, it's cached for duration of the application
758  //closeImgNat(imgHandle);
759  }
760 
766  public static void closeVs(long vsHandle) {
767  closeVsNat(vsHandle);
768  }
769 
776  public static void closeFs(long fsHandle) {
777  //@@@ TODO close the fs handle when Case is closed instead
778  //currently the fs handle is not being freed, it's cached for duration of the application
779  //closeFsNat(fsHandle);
780  }
781 
787  public static void closeFile(long fileHandle) {
788  closeFileNat(fileHandle);
789  }
790 
798  public static void createLookupIndexForHashDatabase(int dbHandle) throws TskCoreException {
799  hashDbCreateIndexNat(dbHandle);
800  }
801 
811  public static boolean hashDatabaseHasLookupIndex(int dbHandle) throws TskCoreException {
812  return hashDbIndexExistsNat(dbHandle);
813  }
814 
825  public static boolean hashDatabaseCanBeReindexed(int dbHandle) throws TskCoreException {
826  return hashDbIsReindexableNat(dbHandle);
827  }
828 
838  public static String getHashDatabasePath(int dbHandle) throws TskCoreException {
839  return hashDbPathNat(dbHandle);
840  }
841 
851  public static String getHashDatabaseIndexPath(int dbHandle) throws TskCoreException {
852  return hashDbIndexPathNat(dbHandle);
853  }
854 
855  public static int openHashDatabase(String path) throws TskCoreException {
856  return hashDbOpenNat(path);
857  }
858 
868  public static int createHashDatabase(String path) throws TskCoreException {
869  return hashDbNewNat(path);
870  }
871 
878  public static void closeAllHashDatabases() throws TskCoreException {
879  hashDbCloseAll();
880  }
881 
889  public static void closeHashDatabase(int dbHandle) throws TskCoreException {
890  hashDbClose(dbHandle);
891  }
892 
900  public static String getHashDatabaseDisplayName(int dbHandle) throws TskCoreException {
901  return hashDbGetDisplayName(dbHandle);
902  }
903 
914  public static boolean lookupInHashDatabase(String hash, int dbHandle) throws TskCoreException {
915  return hashDbLookup(hash, dbHandle);
916  }
917 
929  public static HashHitInfo lookupInHashDatabaseVerbose(String hash, int dbHandle) throws TskCoreException {
930  return hashDbLookupVerbose(hash, dbHandle);
931  }
932 
945  public static void addToHashDatabase(String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException {
946  hashDbAddEntryNat(filename, md5, sha1, sha256, comment, dbHandle);
947  }
948 
949  public static void addToHashDatabase(List<HashEntry> hashes, int dbHandle) throws TskCoreException {
950  hashDbBeginTransactionNat(dbHandle);
951  try {
952  for (HashEntry entry : hashes) {
953  hashDbAddEntryNat(entry.getFileName(), entry.getMd5Hash(), entry.getSha1Hash(), entry.getSha256Hash(), entry.getComment(), dbHandle);
954  }
955  hashDbCommitTransactionNat(dbHandle);
956  } catch (TskCoreException ex) {
957  try {
958  hashDbRollbackTransactionNat(dbHandle);
959  } catch (TskCoreException ex2) {
960  ex2.initCause(ex);
961  throw ex2;
962  }
963  throw ex;
964  }
965  }
966 
967  public static boolean isUpdateableHashDatabase(int dbHandle) throws TskCoreException {
968  return hashDbIsUpdateableNat(dbHandle);
969  }
970 
971  public static boolean hashDatabaseIsIndexOnly(int dbHandle) throws TskCoreException {
972  return hashDbIsIdxOnlyNat(dbHandle);
973  }
974 
984  private static String timezoneLongToShort(String timezoneLongForm) {
985  if (timezoneLongForm == null || timezoneLongForm.isEmpty()) {
986  return "";
987  }
988 
989  String timezoneShortForm;
990  TimeZone zone = TimeZone.getTimeZone(timezoneLongForm);
991  int offset = zone.getRawOffset() / 1000;
992  int hour = offset / 3600;
993  int min = (offset % 3600) / 60;
994  DateFormat dfm = new SimpleDateFormat("z");
995  dfm.setTimeZone(zone);
996  boolean hasDaylight = zone.useDaylightTime();
997  String first = dfm.format(new GregorianCalendar(2010, 1, 1).getTime()).substring(0, 3); // make it only 3 letters code
998  String second = dfm.format(new GregorianCalendar(2011, 6, 6).getTime()).substring(0, 3); // make it only 3 letters code
999  int mid = hour * -1;
1000  timezoneShortForm = first + Integer.toString(mid);
1001  if (min != 0) {
1002  timezoneShortForm = timezoneShortForm + ":" + (min < 10 ? "0" : "") + Integer.toString(min);
1003  }
1004  if (hasDaylight) {
1005  timezoneShortForm += second;
1006  }
1007  return timezoneShortForm;
1008  }
1009 
1018  public static int finishImageWriter(long imgHandle) throws TskCoreException {
1019  return finishImageWriterNat(imgHandle);
1020  }
1021 
1029  public static int getFinishImageProgress(long imgHandle) {
1030  return getFinishImageProgressNat(imgHandle);
1031  }
1032 
1038  public static void cancelFinishImage(long imgHandle) {
1039  cancelFinishImageNat(imgHandle);
1040  }
1041 
1053  public static long findDeviceSize(String devPath) throws TskCoreException {
1054  return findDeviceSizeNat(devPath);
1055  }
1056 
1057  public static boolean isImageSupported(String imagePath) {
1058  return isImageSupportedNat(imagePath);
1059  }
1060 
1061  private static native String getVersionNat();
1062 
1063  private static native void startVerboseLoggingNat(String logPath);
1064 
1065  private static native long newCaseDbNat(String dbPath) throws TskCoreException;
1066 
1067  private static native long newCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName);
1068 
1069  private static native long openCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName);
1070 
1071  private static native long openCaseDbNat(String path) throws TskCoreException;
1072 
1073  private static native void closeCaseDbNat(long db) throws TskCoreException;
1074 
1075  private static native int hashDbOpenNat(String hashDbPath) throws TskCoreException;
1076 
1077  private static native int hashDbNewNat(String hashDbPath) throws TskCoreException;
1078 
1079  private static native int hashDbBeginTransactionNat(int dbHandle) throws TskCoreException;
1080 
1081  private static native int hashDbCommitTransactionNat(int dbHandle) throws TskCoreException;
1082 
1083  private static native int hashDbRollbackTransactionNat(int dbHandle) throws TskCoreException;
1084 
1085  private static native int hashDbAddEntryNat(String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle) throws TskCoreException;
1086 
1087  private static native boolean hashDbIsUpdateableNat(int dbHandle);
1088 
1089  private static native boolean hashDbIsReindexableNat(int dbHandle);
1090 
1091  private static native String hashDbPathNat(int dbHandle);
1092 
1093  private static native String hashDbIndexPathNat(int dbHandle);
1094 
1095  private static native String hashDbGetDisplayName(int dbHandle) throws TskCoreException;
1096 
1097  private static native void hashDbCloseAll() throws TskCoreException;
1098 
1099  private static native void hashDbClose(int dbHandle) throws TskCoreException;
1100 
1101  private static native void hashDbCreateIndexNat(int dbHandle) throws TskCoreException;
1102 
1103  private static native boolean hashDbIndexExistsNat(int dbHandle) throws TskCoreException;
1104 
1105  private static native boolean hashDbIsIdxOnlyNat(int dbHandle) throws TskCoreException;
1106 
1107  private static native boolean hashDbLookup(String hash, int dbHandle) throws TskCoreException;
1108 
1109  private static native HashHitInfo hashDbLookupVerbose(String hash, int dbHandle) throws TskCoreException;
1110 
1111  private static native long initAddImgNat(long db, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;
1112 
1113  private static native long initializeAddImgNat(long db, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;
1114 
1115  private static native void runOpenAndAddImgNat(long process, String deviceId, String[] imgPath, int splits, String timezone) throws TskCoreException, TskDataException;
1116 
1117  private static native void runAddImgNat(long process, String deviceId, long a_img_info, String timeZone, String imageWriterPath) throws TskCoreException, TskDataException;
1118 
1119  private static native void stopAddImgNat(long process) throws TskCoreException;
1120 
1121  private static native void revertAddImgNat(long process) throws TskCoreException;
1122 
1123  private static native long commitAddImgNat(long process) throws TskCoreException;
1124 
1125  private static native long openImgNat(String[] imgPath, int splits) throws TskCoreException;
1126 
1127  private static native long openVsNat(long imgHandle, long vsOffset) throws TskCoreException;
1128 
1129  private static native long openVolNat(long vsHandle, long volId) throws TskCoreException;
1130 
1131  private static native long openFsNat(long imgHandle, long fsId) throws TskCoreException;
1132 
1133  private static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId) throws TskCoreException;
1134 
1135  private static native int readImgNat(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
1136 
1137  private static native int readVsNat(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
1138 
1139  private static native int readVolNat(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
1140 
1141  private static native int readFsNat(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
1142 
1143  private static native int readFileNat(long fileHandle, byte[] readBuffer, long offset, int offset_type, long len) throws TskCoreException;
1144 
1145  private static native int saveFileMetaDataTextNat(long fileHandle, String fileName) throws TskCoreException;
1146 
1147  private static native void closeImgNat(long imgHandle);
1148 
1149  private static native void closeVsNat(long vsHandle);
1150 
1151  private static native void closeFsNat(long fsHandle);
1152 
1153  private static native void closeFileNat(long fileHandle);
1154 
1155  private static native long findDeviceSizeNat(String devicePath) throws TskCoreException;
1156 
1157  private static native String getCurDirNat(long process);
1158 
1159  private static native boolean isImageSupportedNat(String imagePath);
1160 
1161  private static native int finishImageWriterNat(long a_img_info);
1162 
1163  private static native int getFinishImageProgressNat(long a_img_info);
1164 
1165  private static native void cancelFinishImageNat(long a_img_info);
1166 
1167 }
org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsUpdateableNat
static native boolean hashDbIsUpdateableNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.readImg
static int readImg(long imgHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:596
org.sleuthkit.datamodel.SleuthkitJNI.commitAddImgNat
static native long commitAddImgNat(long process)
org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabaseIndexPath
static String getHashDatabaseIndexPath(int dbHandle)
Definition: SleuthkitJNI.java:851
org.sleuthkit.datamodel.SleuthkitJNI.closeVsNat
static native void closeVsNat(long vsHandle)
org.sleuthkit.datamodel.SleuthkitJNI.readVs
static int readVs(long vsHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:615
org.sleuthkit.datamodel.SleuthkitJNI.createLookupIndexForHashDatabase
static void createLookupIndexForHashDatabase(int dbHandle)
Definition: SleuthkitJNI.java:798
org.sleuthkit.datamodel.SleuthkitJNI.startVerboseLoggingNat
static native void startVerboseLoggingNat(String logPath)
org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles, boolean useCache)
Definition: SleuthkitJNI.java:446
org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM
Definition: SleuthkitJNI.java:661
org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase
static void addToHashDatabase(String filename, String md5, String sha1, String sha256, String comment, int dbHandle)
Definition: SleuthkitJNI.java:945
org.sleuthkit.datamodel.SleuthkitJNI.readImgNat
static native int readImgNat(long imgHandle, byte[] readBuffer, long offset, long len)
org.sleuthkit.datamodel.SleuthkitJNI.createHashDatabase
static int createHashDatabase(String path)
Definition: SleuthkitJNI.java:868
org.sleuthkit.datamodel.SleuthkitJNI.getCurDirNat
static native String getCurDirNat(long process)
org.sleuthkit.datamodel.SleuthkitJNI.closeFs
static void closeFs(long fsHandle)
Definition: SleuthkitJNI.java:776
org.sleuthkit.datamodel.SleuthkitJNI.cancelFinishImage
static void cancelFinishImage(long imgHandle)
Definition: SleuthkitJNI.java:1038
org.sleuthkit.datamodel.SleuthkitJNI.hashDbRollbackTransactionNat
static native int hashDbRollbackTransactionNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.openFile
static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId)
Definition: SleuthkitJNI.java:551
org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run
void run(String deviceId, String[] imageFilePaths)
Definition: SleuthkitJNI.java:234
org.sleuthkit.datamodel.SleuthkitJNI.readFile
static int readFile(long fileHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:690
org.sleuthkit.datamodel.SleuthkitJNI.hashDbAddEntryNat
static native int hashDbAddEntryNat(String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.readVsNat
static native int readVsNat(long vsHandle, byte[] readBuffer, long offset, long len)
org.sleuthkit.datamodel.SleuthkitJNI.revertAddImgNat
static native void revertAddImgNat(long process)
org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_SLACK
START_OF_SLACK
Definition: SleuthkitJNI.java:663
org.sleuthkit.datamodel.SleuthkitJNI.finishImageWriter
static int finishImageWriter(long imgHandle)
Definition: SleuthkitJNI.java:1018
org.sleuthkit.datamodel.SleuthkitJNI.runAddImgNat
static native void runAddImgNat(long process, String deviceId, long a_img_info, String timeZone, String imageWriterPath)
org.sleuthkit.datamodel.SleuthkitJNI.cancelFinishImageNat
static native void cancelFinishImageNat(long a_img_info)
org.sleuthkit.datamodel.SleuthkitJNI.readFileNat
static native int readFileNat(long fileHandle, byte[] readBuffer, long offset, int offset_type, long len)
org.sleuthkit.datamodel.SleuthkitJNI.lookupInHashDatabaseVerbose
static HashHitInfo lookupInHashDatabaseVerbose(String hash, int dbHandle)
Definition: SleuthkitJNI.java:929
org.sleuthkit.datamodel.SleuthkitJNI.getVersionNat
static native String getVersionNat()
org.sleuthkit.datamodel.SleuthkitJNI.hashDbIndexExistsNat
static native boolean hashDbIndexExistsNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSizeNat
static native long findDeviceSizeNat(String devicePath)
org.sleuthkit.datamodel.SleuthkitJNI.openVs
static long openVs(long imgHandle, long vsOffset)
Definition: SleuthkitJNI.java:489
org.sleuthkit.datamodel.SleuthkitJNI.saveFileMetaDataTextNat
static native int saveFileMetaDataTextNat(long fileHandle, String fileName)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsIdxOnlyNat
static native boolean hashDbIsIdxOnlyNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.openVolNat
static native long openVolNat(long vsHandle, long volId)
org.sleuthkit.datamodel.SleuthkitJNI.closeFsNat
static native void closeFsNat(long fsHandle)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbClose
static native void hashDbClose(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.convertSignedToUnsigned
static int convertSignedToUnsigned(int val)
Definition: SleuthkitJNI.java:573
org.sleuthkit.datamodel.SleuthkitJNI.readFsNat
static native int readFsNat(long fsHandle, byte[] readBuffer, long offset, long len)
org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseIsIndexOnly
static boolean hashDatabaseIsIndexOnly(int dbHandle)
Definition: SleuthkitJNI.java:971
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM
Definition: TskData.java:273
org.sleuthkit.datamodel.SleuthkitJNI.isImageSupported
static boolean isImageSupported(String imagePath)
Definition: SleuthkitJNI.java:1057
org.sleuthkit.datamodel.SleuthkitJNI.readVsPart
static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:633
org.sleuthkit.datamodel.SleuthkitJNI.hashDbLookupVerbose
static native HashHitInfo hashDbLookupVerbose(String hash, int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbCommitTransactionNat
static native int hashDbCommitTransactionNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.fsHandleCache
static final Map< Long, Map< Long, Long > > fsHandleCache
Definition: SleuthkitJNI.java:86
org.sleuthkit.datamodel.SleuthkitJNI.hashDbOpenNat
static native int hashDbOpenNat(String hashDbPath)
org.sleuthkit.datamodel.SleuthkitJNI.closeVs
static void closeVs(long vsHandle)
Definition: SleuthkitJNI.java:766
org.sleuthkit.datamodel.SleuthkitJNI.newCaseDbNat
static native long newCaseDbNat(String dbPath)
org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles)
Definition: SleuthkitJNI.java:427
org.sleuthkit.datamodel.SleuthkitJNI.openImgNat
static native long openImgNat(String[] imgPath, int splits)
org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.val
final int val
Definition: SleuthkitJNI.java:665
org.sleuthkit.datamodel.HashEntry
Definition: HashEntry.java:25
org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSize
static long findDeviceSize(String devPath)
Definition: SleuthkitJNI.java:1053
org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabaseDisplayName
static String getHashDatabaseDisplayName(int dbHandle)
Definition: SleuthkitJNI.java:900
org.sleuthkit.datamodel.SleuthkitJNI.openFileNat
static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId)
org.sleuthkit.datamodel.SleuthkitJNI.closeFileNat
static native void closeFileNat(long fileHandle)
org.sleuthkit.datamodel.SleuthkitJNI.getFileMetaDataText
static List< String > getFileMetaDataText(long fileHandle)
Definition: SleuthkitJNI.java:722
org.sleuthkit.datamodel.SleuthkitJNI.closeImg
static void closeImg(long imgHandle)
Definition: SleuthkitJNI.java:755
org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM
TSK_FS_FILE_READ_OFFSET_TYPE_ENUM(int val)
Definition: SleuthkitJNI.java:667
org.sleuthkit.datamodel.SleuthkitJNI.openFs
static long openFs(long imgHandle, long fsOffset)
Definition: SleuthkitJNI.java:522
org.sleuthkit.datamodel.SleuthkitJNI.openVsNat
static native long openVsNat(long imgHandle, long vsOffset)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbLookup
static native boolean hashDbLookup(String hash, int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.imageHandleCache
static final Map< String, Long > imageHandleCache
Definition: SleuthkitJNI.java:80
org.sleuthkit.datamodel.SleuthkitJNI.readVolNat
static native int readVolNat(long volHandle, byte[] readBuffer, long offset, long len)
org.sleuthkit.datamodel.SleuthkitJNI.timezoneLongToShort
static String timezoneLongToShort(String timezoneLongForm)
Definition: SleuthkitJNI.java:984
org.sleuthkit.datamodel.SleuthkitJNI.newCaseDbMultiNat
static native long newCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbCloseAll
static native void hashDbCloseAll()
org.sleuthkit.datamodel.SleuthkitJNI.getFinishImageProgress
static int getFinishImageProgress(long imgHandle)
Definition: SleuthkitJNI.java:1029
org.sleuthkit.datamodel.SleuthkitJNI.openHashDatabase
static int openHashDatabase(String path)
Definition: SleuthkitJNI.java:855
org.sleuthkit.datamodel.SleuthkitJNI.hashDbBeginTransactionNat
static native int hashDbBeginTransactionNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.AddImageProcess
AddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageWriterPath)
Definition: SleuthkitJNI.java:208
org.sleuthkit.datamodel.SleuthkitJNI.closeFile
static void closeFile(long fileHandle)
Definition: SleuthkitJNI.java:787
org.sleuthkit.datamodel.SleuthkitJNI.lookupInHashDatabase
static boolean lookupInHashDatabase(String hash, int dbHandle)
Definition: SleuthkitJNI.java:914
org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseHasLookupIndex
static boolean hashDatabaseHasLookupIndex(int dbHandle)
Definition: SleuthkitJNI.java:811
org.sleuthkit.datamodel.SleuthkitJNI.openFsNat
static native long openFsNat(long imgHandle, long fsId)
org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_FILE
START_OF_FILE
Definition: SleuthkitJNI.java:662
org.sleuthkit.datamodel.SleuthkitJNI.closeCaseDbNat
static native void closeCaseDbNat(long db)
org.sleuthkit.datamodel.SleuthkitJNI.initAddImgNat
static native long initAddImgNat(long db, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans)
org.sleuthkit.datamodel.SleuthkitJNI.runOpenAndAddImgNat
static native void runOpenAndAddImgNat(long process, String deviceId, String[] imgPath, int splits, String timezone)
org.sleuthkit.datamodel.SleuthkitJNI.openVsPart
static long openVsPart(long vsHandle, long volId)
Definition: SleuthkitJNI.java:505
org.sleuthkit.datamodel.SleuthkitJNI.finishImageWriterNat
static native int finishImageWriterNat(long a_img_info)
org.sleuthkit.datamodel.SleuthkitJNI.isImageSupportedNat
static native boolean isImageSupportedNat(String imagePath)
org.sleuthkit.datamodel.SleuthkitJNI.getFinishImageProgressNat
static native int getFinishImageProgressNat(long a_img_info)
org.sleuthkit.datamodel.SleuthkitJNI.readFileSlack
static int readFileSlack(long fileHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:708
org.sleuthkit.datamodel.SleuthkitJNI.isUpdateableHashDatabase
static boolean isUpdateableHashDatabase(int dbHandle)
Definition: SleuthkitJNI.java:967
org.sleuthkit.datamodel.SleuthkitJNI.hashDbNewNat
static native int hashDbNewNat(String hashDbPath)
org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase
static void addToHashDatabase(List< HashEntry > hashes, int dbHandle)
Definition: SleuthkitJNI.java:949
org.sleuthkit.datamodel.SleuthkitJNI.stopAddImgNat
static native void stopAddImgNat(long process)
org.sleuthkit.datamodel.SleuthkitJNI.initializeAddImgNat
static native long initializeAddImgNat(long db, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans)
org.sleuthkit.datamodel.SleuthkitJNI.closeImgNat
static native void closeImgNat(long imgHandle)
org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseCanBeReindexed
static boolean hashDatabaseCanBeReindexed(int dbHandle)
Definition: SleuthkitJNI.java:825
org.sleuthkit.datamodel.SleuthkitJNI.hashDbGetDisplayName
static native String hashDbGetDisplayName(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbIndexPathNat
static native String hashDbIndexPathNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.getValue
int getValue()
Definition: SleuthkitJNI.java:671
org.sleuthkit.datamodel.SleuthkitJNI.openCaseDbMultiNat
static native long openCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName)
org.sleuthkit.datamodel.SleuthkitJNI.startVerboseLogging
static void startVerboseLogging(String logPath)
Definition: SleuthkitJNI.java:413
org.sleuthkit.datamodel.SleuthkitJNI.hashDbCreateIndexNat
static native void hashDbCreateIndexNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbPathNat
static native String hashDbPathNat(int dbHandle)
org.sleuthkit.datamodel.SleuthkitJNI.readFs
static int readFs(long fsHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:652
org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabasePath
static String getHashDatabasePath(int dbHandle)
Definition: SleuthkitJNI.java:838
org.sleuthkit.datamodel.SleuthkitJNI.closeHashDatabase
static void closeHashDatabase(int dbHandle)
Definition: SleuthkitJNI.java:889
org.sleuthkit.datamodel.SleuthkitJNI.openCaseDbNat
static native long openCaseDbNat(String path)
org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsReindexableNat
static native boolean hashDbIsReindexableNat(int dbHandle)

Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.