|
Sleuth Kit Java Bindings (JNI)
4.3
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.3
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractFile.
Public Member Functions | |
| void | close () |
| List< Content > | getChildren () throws TskCoreException |
| List< Long > | getChildrenIds () throws TskCoreException |
| int | getNumParts () |
| boolean | isRoot () |
| String | toString (boolean preserveState) |
 Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| boolean | canRead () |
| void | close () |
| long | convertToImgOffset (long fileOffset) throws TskCoreException |
| boolean | exists () |
| long | getAtime () |
| String | getAtimeAsDate () |
| int | getAttributeId () |
| short | getAttrId () |
| TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
| long | getCrtime () |
| String | getCrtimeAsDate () |
| long | getCtime () |
| String | getCtimeAsDate () |
| Content | getDataSource () throws TskCoreException |
| String | getDirFlagAsString () |
| TSK_FS_NAME_TYPE_ENUM | getDirType () |
| String | getDirTypeAsString () |
| int | getGid () |
| TskData.FileKnown | getKnown () |
| String | getLocalAbsPath () |
| String | getLocalPath () |
| String | getMd5Hash () |
| long | getMetaAddr () |
| String | getMetaFlagsAsString () |
| long | getMetaSeq () |
| TSK_FS_META_TYPE_ENUM | getMetaType () |
| String | getMetaTypeAsString () |
| String | getMIMEType () |
| String | getModesAsString () |
| long | getMtime () |
| String | getMtimeAsDate () |
| String | getNameExtension () |
| String | getParentPath () |
| List< TskFileRange > | getRanges () throws TskCoreException |
| long | getSize () |
| TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
| int | getUid () |
| boolean | isDir () |
| boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
| boolean | isFile () |
| boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
| MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
| boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
| abstract boolean | isRoot () |
| boolean | isVirtual () |
| List< AbstractFile > | listFiles () throws TskCoreException |
| final int | read (byte[] buf, long offset, long len) throws TskCoreException |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| boolean | equals (Object obj) |
| ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
| long | getAllArtifactsCount () throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
| ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
| long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
| long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
| int | getChildrenCount () throws TskCoreException |
| Content | getDataSource () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
| BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
| Set< String > | getHashSetNames () throws TskCoreException |
| long | getId () |
| String | getName () |
| synchronized Content | getParent () throws TskCoreException |
| SleuthkitCase | getSleuthkitCase () |
| synchronized String | getUniquePath () throws TskCoreException |
| boolean | hasChildren () throws TskCoreException |
| int | hashCode () |
| BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
| BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| String | toString () |
| String | toString (boolean preserveState) |
| Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
| long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
| ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Protected Member Functions | |
| LayoutFile (SleuthkitCase db, long objId, String name, TSK_DB_FILES_TYPE_ENUM fileType, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, String md5Hash, FileKnown knownState, String parentPath) | |
| int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| AbstractFile (SleuthkitCase db, long objId, TskData.TSK_FS_ATTR_TYPE_ENUM attrType, short attrId, String name, TskData.TSK_DB_FILES_TYPE_ENUM fileType, long metaAddr, int metaSeq, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, short modes, int uid, int gid, String md5Hash, FileKnown knownState, String parentPath) | |
| void | finalize () throws Throwable |
| int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
| final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
| void | setLocalPath (String localPath, boolean isAbsolute) |
| Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
| AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Private Member Functions | |
| int | readImgToOffset (long imgHandle, byte[] buf, int offsetInBuf, long offsetInImage, int lenToRead) throws TskCoreException |
Private Attributes | |
| long | imageHandle = -1 |
Additional Inherited Members | |
| Static Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
| static String | createNonUniquePath (String uniquePath) |
| static String | epochToTime (long epoch) |
| static long | timeToEpoch (String time) |
| Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| static final long | UNKNOWN_ID = -1 |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractFile | |
| final int | attrId |
| final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
| final TSK_FS_NAME_FLAG_ENUM | dirFlag |
| final TSK_FS_NAME_TYPE_ENUM | dirType |
| final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
| TskData.FileKnown | knownState |
| String | md5Hash |
| final long | metaAddr |
| final Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
| final int | metaSeq |
| final TSK_FS_META_TYPE_ENUM | metaType |
| final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
| final String | parentPath |
| long | size |
| final int | uid |
| Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
| long | parentId |
A representation of a layout file that has been added to a case. Layout files are not file system files, but "virtual" files created from blocks of data (e.g. unallocated) that are treated as files for convenience and uniformity.
Because layout files are not real file system files, they only utilize a subset of meta-data attributes. A layout file normally contains one or more entry in tsk_file_layout table that define ordered byte block ranges, with respect to the image.
The class also supports reads of layout files, reading blocks across ranges in a sequence.
Definition at line 44 of file LayoutFile.java.
|
protected |
Constructs a representation of a layout file that has been added to a case. Layout files are not file system files, but "virtual" files created from blocks of data (e.g. unallocated) that are treated as files for convenience and uniformity.
| db | The case database to which the file has been added. |
| objId | The object id of the file in the case database. |
| name | The name of the file. |
| fileType | The type of the file. |
| dirType | The type of the file, usually as reported in the name structure of the file system. May be set to TSK_FS_NAME_TYPE_ENUM.UNDEF. |
| metaType | The type of the file, usually as reported in the metadata structure of the file system. May be set to TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF. |
| dirFlag | The allocated status of the file, usually as reported in the name structure of the file system. |
| metaFlags | The allocated status of the file, usually as reported in the metadata structure of the file system. |
| size | The size of the file. |
| md5Hash | The MD5 hash of the file, null if not yet calculated. |
| knownState | The known state of the file from a hash database lookup, null if not yet looked up. |
| parentPath | The path of the parent of the file. |
Definition at line 292 of file LayoutFile.java.
References org.sleuthkit.datamodel.AbstractContent.db, org.sleuthkit.datamodel.AbstractFile.dirFlag, org.sleuthkit.datamodel.AbstractFile.dirType, org.sleuthkit.datamodel.AbstractFile.fileType, org.sleuthkit.datamodel.AbstractFile.knownState, org.sleuthkit.datamodel.AbstractFile.md5Hash, org.sleuthkit.datamodel.AbstractFile.metaFlags, org.sleuthkit.datamodel.AbstractFile.metaType, org.sleuthkit.datamodel.AbstractContent.name, org.sleuthkit.datamodel.AbstractContent.objId, org.sleuthkit.datamodel.AbstractFile.parentPath, and org.sleuthkit.datamodel.AbstractFile.size.
| void org.sleuthkit.datamodel.LayoutFile.close | ( | ) |
Does nothing, a layout file cannot be directly opened, read, or closed. Use the readInt method to get layout file content.
Implements org.sleuthkit.datamodel.Content.
Definition at line 153 of file LayoutFile.java.
| List<Content> org.sleuthkit.datamodel.LayoutFile.getChildren | ( | ) | throws TskCoreException |
Gets the derived files, if any, that are children of this file.
| TskCoreException | if there was an error querying the case database. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 130 of file LayoutFile.java.
References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| List<Long> org.sleuthkit.datamodel.LayoutFile.getChildrenIds | ( | ) | throws TskCoreException |
Gets the object ids of the derived files, if any, that are children of this file.
| TskCoreException | if there was an error querying the case database. |
Implements org.sleuthkit.datamodel.Content.
Definition at line 144 of file LayoutFile.java.
References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
| int org.sleuthkit.datamodel.LayoutFile.getNumParts | ( | ) |
Gets the number of file layout ranges associated with this layout file.
Definition at line 100 of file LayoutFile.java.
References org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getName(), and org.sleuthkit.datamodel.AbstractFile.getRanges().
| boolean org.sleuthkit.datamodel.LayoutFile.isRoot | ( | ) |
Indicates whether or not this layout file is the root of a file system, always returns false.
Definition at line 117 of file LayoutFile.java.
|
private |
Reads bytes from an image into a buffer, starting at given position in buffer.
| imgHandle | The image to read from. |
| buf | The array to read into. |
| offsetInBuf | Where to start in the array. |
| offsetInImage | Where to start in the image. |
| lenToRead | How far to read in the image. |
Definition at line 215 of file LayoutFile.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readImg().
Referenced by org.sleuthkit.datamodel.LayoutFile.readInt().
|
protected |
Reads bytes from the layout ranges associated with this file.
| buf | Buffer to read into. |
| offset | Start position in the file. |
| len | Number of bytes to read. |
| TskCoreException | if there is a problem reading the file. |
Definition at line 168 of file LayoutFile.java.
References org.sleuthkit.datamodel.AbstractFile.getDataSource(), org.sleuthkit.datamodel.Image.getImageHandle(), org.sleuthkit.datamodel.AbstractFile.getRanges(), and org.sleuthkit.datamodel.LayoutFile.readImgToOffset().
| String org.sleuthkit.datamodel.LayoutFile.toString | ( | boolean | preserveState | ) |
Provides a string representation of this file.
| preserveState | True if state should be included in the string representation of this object. |
| TskCoreException | if there was an error querying the case database. |
Definition at line 258 of file LayoutFile.java.
|
private |
Definition at line 46 of file LayoutFile.java.
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
