Sleuth Kit Java Bindings (JNI)
4.3
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractFile.
Inherited by org.sleuthkit.datamodel.Directory, org.sleuthkit.datamodel.File, and org.sleuthkit.datamodel.SlackFile.
Public Member Functions | |
void | close () |
void | finalize () throws Throwable |
Content | getDataSource () throws TskCoreException |
FileSystem | getFileSystem () throws TskCoreException |
long | getFileSystemId () |
synchronized List< String > | getMetaDataText () throws TskCoreException |
AbstractFile | getParentDirectory () throws TskCoreException |
synchronized String | getUniquePath () throws TskCoreException |
boolean | isRoot () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
boolean | canRead () |
void | close () |
long | convertToImgOffset (long fileOffset) throws TskCoreException |
boolean | exists () |
long | getAtime () |
String | getAtimeAsDate () |
int | getAttributeId () |
short | getAttrId () |
TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
long | getCrtime () |
String | getCrtimeAsDate () |
long | getCtime () |
String | getCtimeAsDate () |
Content | getDataSource () throws TskCoreException |
String | getDirFlagAsString () |
TSK_FS_NAME_TYPE_ENUM | getDirType () |
String | getDirTypeAsString () |
int | getGid () |
TskData.FileKnown | getKnown () |
String | getLocalAbsPath () |
String | getLocalPath () |
String | getMd5Hash () |
long | getMetaAddr () |
String | getMetaFlagsAsString () |
long | getMetaSeq () |
TSK_FS_META_TYPE_ENUM | getMetaType () |
String | getMetaTypeAsString () |
String | getMIMEType () |
String | getModesAsString () |
long | getMtime () |
String | getMtimeAsDate () |
String | getNameExtension () |
String | getParentPath () |
List< TskFileRange > | getRanges () throws TskCoreException |
long | getSize () |
TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
int | getUid () |
boolean | isDir () |
boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
boolean | isFile () |
boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
abstract boolean | isRoot () |
boolean | isVirtual () |
List< AbstractFile > | listFiles () throws TskCoreException |
final int | read (byte[] buf, long offset, long len) throws TskCoreException |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
boolean | equals (Object obj) |
ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
long | getAllArtifactsCount () throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
int | getChildrenCount () throws TskCoreException |
Content | getDataSource () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Set< String > | getHashSetNames () throws TskCoreException |
long | getId () |
String | getName () |
synchronized Content | getParent () throws TskCoreException |
SleuthkitCase | getSleuthkitCase () |
synchronized String | getUniquePath () throws TskCoreException |
boolean | hasChildren () throws TskCoreException |
int | hashCode () |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
String | toString () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
public< T > T | accept (ContentVisitor< T > v) |
long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Public Member Functions inherited from org.sleuthkit.datamodel.SleuthkitVisitableItem | |
public< T > T | accept (SleuthkitItemVisitor< T > v) |
Protected Member Functions | |
int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
AbstractFile (SleuthkitCase db, long objId, TskData.TSK_FS_ATTR_TYPE_ENUM attrType, short attrId, String name, TskData.TSK_DB_FILES_TYPE_ENUM fileType, long metaAddr, int metaSeq, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, short modes, int uid, int gid, String md5Hash, FileKnown knownState, String parentPath) | |
void | finalize () throws Throwable |
int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
void | setLocalPath (String localPath, boolean isAbsolute) |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Protected Attributes | |
volatile long | fileHandle = 0 |
final long | fsObjId |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractFile | |
final int | attrId |
final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
final TSK_FS_NAME_FLAG_ENUM | dirFlag |
final TSK_FS_NAME_TYPE_ENUM | dirType |
final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
TskData.FileKnown | knownState |
String | md5Hash |
final long | metaAddr |
final Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
final int | metaSeq |
final TSK_FS_META_TYPE_ENUM | metaType |
final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
final String | parentPath |
long | size |
final int | uid |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
long | parentId |
Private Attributes | |
List< String > | metaDataText = null |
volatile FileSystem | parentFileSystem |
final SleuthkitCase | tskCase |
String | uniquePath |
Static Private Attributes | |
static final ResourceBundle | bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle") |
static final Logger | logger = Logger.getLogger(AbstractFile.class.getName()) |
Additional Inherited Members | |
Static Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
static String | createNonUniquePath (String uniquePath) |
static String | epochToTime (long epoch) |
static long | timeToEpoch (String time) |
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
static final long | UNKNOWN_ID = -1 |
An abstract base class for representations of a file system files or directories that have been added to a case.
TODO move common getters to AbstractFile class
Definition at line 39 of file FsContent.java.
void org.sleuthkit.datamodel.FsContent.close | ( | ) |
Closes the JNI file handle for this file or directory.
Implements org.sleuthkit.datamodel.Content.
Definition at line 303 of file FsContent.java.
References org.sleuthkit.datamodel.SleuthkitJNI.closeFile().
Referenced by org.sleuthkit.datamodel.FsContent.finalize().
void org.sleuthkit.datamodel.FsContent.finalize | ( | ) | throws Throwable |
Closes the JNI file handle for this file or directory when the FsContent object is garbage-collected.
Definition at line 320 of file FsContent.java.
References org.sleuthkit.datamodel.FsContent.close().
Content org.sleuthkit.datamodel.FsContent.getDataSource | ( | ) | throws TskCoreException |
Gets the data source (image) for this file or directory directory.
TskCoreException | if there is an error querying the case database. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 250 of file FsContent.java.
References org.sleuthkit.datamodel.AbstractContent.getDataSource(), and org.sleuthkit.datamodel.FsContent.getFileSystem().
FileSystem org.sleuthkit.datamodel.FsContent.getFileSystem | ( | ) | throws TskCoreException |
Gets the parent file system of this file or directory.
org.sleuthkit.datamodel.TskCoreException |
Definition at line 159 of file FsContent.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), org.sleuthkit.datamodel.FsContent.parentFileSystem, and org.sleuthkit.datamodel.AbstractContent.UNKNOWN_ID.
Referenced by org.sleuthkit.datamodel.FsContent.getDataSource(), org.sleuthkit.datamodel.FsContent.getUniquePath(), and org.sleuthkit.datamodel.FsContent.isRoot().
long org.sleuthkit.datamodel.FsContent.getFileSystemId | ( | ) |
Get the object id of the parent file system of this file or directory.
Definition at line 138 of file FsContent.java.
References org.sleuthkit.datamodel.FsContent.fsObjId.
Referenced by org.sleuthkit.datamodel.OSUtility.getOSInfoInternal().
synchronized List<String> org.sleuthkit.datamodel.FsContent.getMetaDataText | ( | ) | throws TskCoreException |
Gets a text-based description of the file's metadata. This is the same content as the TSK istat tool produces and is different information for each type of file system.
TskCoreException |
Definition at line 281 of file FsContent.java.
References org.sleuthkit.datamodel.SleuthkitJNI.getFileMetaDataText(), org.sleuthkit.datamodel.AbstractFile.metaAddr, and org.sleuthkit.datamodel.FsContent.metaDataText.
AbstractFile org.sleuthkit.datamodel.FsContent.getParentDirectory | ( | ) | throws TskCoreException |
Gets the parent directory of this file or directory.
TskCoreException | if there was an error querying the case database. |
Definition at line 238 of file FsContent.java.
References org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
synchronized String org.sleuthkit.datamodel.FsContent.getUniquePath | ( | ) | throws TskCoreException |
Get the full path to this file or directory, starting with a "/" and the image name and then all the other segments in the path.
TskCoreException | if there is an error querying the case database. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 261 of file FsContent.java.
References org.sleuthkit.datamodel.FsContent.getFileSystem(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), and org.sleuthkit.datamodel.FsContent.uniquePath.
boolean org.sleuthkit.datamodel.FsContent.isRoot | ( | ) |
Definition at line 220 of file FsContent.java.
References org.sleuthkit.datamodel.FsContent.getFileSystem(), org.sleuthkit.datamodel.AbstractFile.getMetaAddr(), and org.sleuthkit.datamodel.FileSystem.getRoot_inum().
|
protected |
Reads bytes from this file or directory.
buf | Buffer to read into. |
offset | Start position in the file. |
len | Number of bytes to read. |
TskCoreException | if there is a problem reading the file. |
Definition at line 210 of file FsContent.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readFile(), and org.sleuthkit.datamodel.AbstractFile.size.
String org.sleuthkit.datamodel.FsContent.toString | ( | boolean | preserveState | ) |
Provides a string representation of this file or directory.
preserveState | True if state should be included in the string representation of this object. |
TskCoreException | if there was an error querying the case database. |
Definition at line 339 of file FsContent.java.
|
staticprivate |
Definition at line 42 of file FsContent.java.
|
protected |
Definition at line 61 of file FsContent.java.
Referenced by org.sleuthkit.datamodel.SlackFile.readInt().
|
protected |
Definition at line 53 of file FsContent.java.
Referenced by org.sleuthkit.datamodel.Directory.Directory(), org.sleuthkit.datamodel.File.File(), and org.sleuthkit.datamodel.FsContent.getFileSystemId().
|
staticprivate |
Definition at line 41 of file FsContent.java.
|
private |
Definition at line 45 of file FsContent.java.
Referenced by org.sleuthkit.datamodel.FsContent.getMetaDataText().
|
private |
Definition at line 46 of file FsContent.java.
Referenced by org.sleuthkit.datamodel.FsContent.getFileSystem().
|
private |
Definition at line 44 of file FsContent.java.
|
private |
Definition at line 43 of file FsContent.java.
Referenced by org.sleuthkit.datamodel.FsContent.getUniquePath().
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.