Sleuth Kit Java Bindings (JNI)  4.3
Java bindings for using The Sleuth Kit
org.sleuthkit.datamodel.SleuthkitCase Class Reference

Classes

class  CaseDbConnection
 
class  CaseDbQuery
 
class  CaseDbTransaction
 
class  ConnectionPool
 
interface  DbCommand
 
interface  ErrorObserver
 
class  ObjectInfo
 
class  PostgreSQLConnection
 
class  PostgreSQLConnections
 
enum  PREPARED_STATEMENT
 
class  SQLiteConnection
 
class  SQLiteConnections
 

Public Member Functions

void acquireExclusiveLock ()
 
void acquireSharedLock ()
 
BlackboardAttribute.Type addArtifactAttributeType (String attrTypeString, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName) throws TskCoreException, TskDataException
 
int addArtifactType (String artifactTypeName, String displayName) throws TskCoreException
 
int addAttrType (String attrTypeString, String displayName) throws TskCoreException
 
BlackboardArtifactTag addBlackboardArtifactTag (BlackboardArtifact artifact, TagName tagName, String comment) throws TskCoreException
 
BlackboardArtifact.Type addBlackboardArtifactType (String artifactTypeName, String displayName) throws TskCoreException, TskDataException
 
void addBlackboardAttribute (BlackboardAttribute attr, int artifactTypeId) throws TskCoreException
 
void addBlackboardAttributes (Collection< BlackboardAttribute > attributes, int artifactTypeId) throws TskCoreException
 
LayoutFile addCarvedFile (String carvedFileName, long carvedFileSize, long containerId, List< TskFileRange > data) throws TskCoreException
 
final List< LayoutFileaddCarvedFiles (CarvingResult carvingResult) throws TskCoreException
 
List< LayoutFileaddCarvedFiles (List< CarvedFileContainer > filesToAdd) throws TskCoreException
 
ContentTag addContentTag (Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset) throws TskCoreException
 
DerivedFile addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException
 
DerivedFile addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException
 
void addErrorObserver (ErrorObserver observer)
 
Image addImageInfo (long deviceObjId, List< String > imageFilePaths, String timeZone) throws TskCoreException
 
final IngestJobInfo addIngestJob (Content dataSource, String hostName, List< IngestModuleInfo > ingestModules, Date jobStart, Date jobEnd, IngestJobStatusType status, String settingsDir) throws TskCoreException
 
final IngestModuleInfo addIngestModule (String displayName, String factoryClassName, IngestModuleType type, String version) throws TskCoreException
 
final List< LayoutFileaddLayoutFiles (Content parent, List< TskFileRange > fileRanges) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent, CaseDbTransaction transaction) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent, CaseDbTransaction transaction) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent) throws TskCoreException
 
LocalFilesDataSource addLocalFilesDataSource (String deviceId, String rootDirectoryName, String timeZone, CaseDbTransaction transaction) throws TskCoreException
 
Report addReport (String localPath, String sourceModuleName, String reportName) throws TskCoreException
 
TagName addTagName (String displayName, String description, TagName.HTML_COLOR color) throws TskCoreException
 
VirtualDirectory addVirtualDirectory (long parentId, String directoryName) throws TskCoreException
 
VirtualDirectory addVirtualDirectory (long parentId, String directoryName, CaseDbTransaction transaction) throws TskCoreException
 
boolean allFilesMd5Hashed ()
 
CaseDbTransaction beginTransaction () throws TskCoreException
 
void close ()
 
void closeRunQuery (ResultSet resultSet) throws SQLException
 
void copyCaseDB (String newDBPath) throws IOException
 
int countFilesMd5Hashed ()
 
long countFilesWhere (String sqlWhereClause) throws TskCoreException
 
int countFsContentType (TskData.TSK_FS_META_TYPE_ENUM contentType) throws TskCoreException
 
void deleteBlackboardArtifactTag (BlackboardArtifactTag tag) throws TskCoreException
 
void deleteContentTag (ContentTag tag) throws TskCoreException
 
void deleteReport (Report report) throws TskCoreException
 
CaseDbQuery executeQuery (String query) throws TskCoreException
 
List< Long > findAllFileIdsWhere (String sqlWhereClause) throws TskCoreException
 
List< AbstractFilefindAllFilesWhere (String sqlWhereClause) throws TskCoreException
 
List< AbstractFilefindFiles (Content dataSource, String fileName) throws TskCoreException
 
List< AbstractFilefindFiles (Content dataSource, String fileName, String dirName) throws TskCoreException
 
List< AbstractFilefindFiles (Content dataSource, String fileName, AbstractFile parentFile) throws TskCoreException
 
List< AbstractFilefindFilesByMd5 (String md5Hash)
 
List< FsContentfindFilesWhere (String sqlWhereClause) throws TskCoreException
 
AbstractFile getAbstractFileById (long id) throws TskCoreException
 
List< BlackboardArtifactTaggetAllBlackboardArtifactTags () throws TskCoreException
 
List< ContentTaggetAllContentTags () throws TskCoreException
 
List< ReportgetAllReports () throws TskCoreException
 
List< TagNamegetAllTagNames () throws TskCoreException
 
BlackboardArtifact.Type getArtifactType (String artTypeName) throws TskCoreException
 
int getArtifactTypeID (String artifactTypeName) throws TskCoreException
 
Iterable< BlackboardArtifact.Type > getArtifactTypes () throws TskCoreException
 
List< BlackboardArtifact.Type > getArtifactTypesInUse () throws TskCoreException
 
BlackboardAttribute.Type getAttributeType (String attrTypeName) throws TskCoreException
 
List< BlackboardAttribute.Type > getAttributeTypes () throws TskCoreException
 
String getAttrTypeDisplayName (int attrTypeID) throws TskCoreException
 
int getAttrTypeID (String attrTypeName) throws TskCoreException
 
String getAttrTypeString (int attrTypeID) throws TskCoreException
 
String getBackupDatabasePath ()
 
BlackboardArtifact getBlackboardArtifact (long artifactID) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (int artifactTypeID) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String subString, boolean startsWith) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, int value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, long value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, double value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, byte value) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (String artifactTypeName, long obj_id) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (int artifactTypeID, long obj_id) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (String artifactTypeName) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (ARTIFACT_TYPE artifactType) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException
 
long getBlackboardArtifactsCount (long objId) throws TskCoreException
 
long getBlackboardArtifactsCount (String artifactTypeName, long obj_id) throws TskCoreException
 
long getBlackboardArtifactsCount (int artifactTypeID, long obj_id) throws TskCoreException
 
long getBlackboardArtifactsCount (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException
 
long getBlackboardArtifactsTypeCount (int artifactTypeID) throws TskCoreException
 
BlackboardArtifactTag getBlackboardArtifactTagByID (long artifactTagID) throws TskCoreException
 
List< BlackboardArtifactTaggetBlackboardArtifactTagsByArtifact (BlackboardArtifact artifact) throws TskCoreException
 
List< BlackboardArtifactTaggetBlackboardArtifactTagsByTagName (TagName tagName) throws TskCoreException
 
long getBlackboardArtifactTagsCountByTagName (TagName tagName) throws TskCoreException
 
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypes () throws TskCoreException
 
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypesInUse () throws TskCoreException
 
ArrayList< BlackboardAttributegetBlackboardAttributes (final BlackboardArtifact artifact) throws TskCoreException
 
ArrayList< BlackboardAttribute.ATTRIBUTE_TYPE > getBlackboardAttributeTypes () throws TskCoreException
 
int getBlackboardAttributeTypesCount () throws TskCoreException
 
Content getContentById (long id) throws TskCoreException
 
ContentTag getContentTagByID (long contentTagID) throws TskCoreException
 
List< ContentTaggetContentTagsByContent (Content content) throws TskCoreException
 
List< ContentTaggetContentTagsByTagName (TagName tagName) throws TskCoreException
 
long getContentTagsCountByTagName (TagName tagName) throws TskCoreException
 
String getDatabaseName ()
 
DbType getDatabaseType ()
 
DataSource getDataSource (long objectId) throws TskDataException, TskCoreException
 
List< DataSourcegetDataSources () throws TskCoreException
 
String getDbDirPath ()
 
List< TskFileRangegetFileRanges (long id) throws TskCoreException
 
Collection< FileSystemgetFileSystems (Image image)
 
Image getImageById (long id) throws TskCoreException
 
Map< Long, List< String > > getImagePaths () throws TskCoreException
 
List< ImagegetImages () throws TskCoreException
 
final List< IngestJobInfogetIngestJobs () throws TskCoreException
 
long getLastObjectId () throws TskCoreException
 
ArrayList< BlackboardArtifactgetMatchingArtifacts (String whereClause) throws TskCoreException
 
ArrayList< BlackboardAttributegetMatchingAttributes (String whereClause) throws TskCoreException
 
List< ContentgetRootObjects () throws TskCoreException
 
int getSchemaVersion ()
 
List< TagNamegetTagNamesInUse () throws TskCoreException
 
List< VirtualDirectorygetVirtualDirectoryRoots () throws TskCoreException
 
boolean isFileFromSource (Content dataSource, long fileId) throws TskCoreException
 
AddImageProcess makeAddImageProcess (String timezone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageWriterPath)
 
AddImageProcess makeAddImageProcess (String timezone, boolean addUnallocSpace, boolean noFatFsOrphans)
 
BlackboardArtifact newBlackboardArtifact (int artifactTypeID, long obj_id) throws TskCoreException
 
BlackboardArtifact newBlackboardArtifact (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException
 
List< AbstractFileopenFiles (Content dataSource, String filePath) throws TskCoreException
 
void releaseExclusiveLock ()
 
void releaseSharedLock ()
 
void removeErrorObserver (ErrorObserver observer)
 
ResultSet runQuery (String query) throws SQLException
 
void setFileMIMEType (AbstractFile file, String mimeType) throws TskCoreException
 
void setImagePaths (long obj_id, List< String > paths) throws TskCoreException
 
boolean setKnown (AbstractFile file, FileKnown fileKnown) throws TskCoreException
 
void setReviewStatus (BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus) throws TskCoreException
 
void submitError (String context, String errorMessage)
 
void updateImagePath (String newPath, long objectId) throws TskCoreException
 

Static Public Member Functions

static String escapeSingleQuotes (String text)
 
static SleuthkitCase newCase (String dbPath) throws TskCoreException
 
static SleuthkitCase newCase (String caseName, CaseDbConnectionInfo info, String caseDirPath) throws TskCoreException
 
static SleuthkitCase openCase (String dbPath) throws TskCoreException
 
static SleuthkitCase openCase (String databaseName, CaseDbConnectionInfo info, String caseDir) throws TskCoreException
 
static void tryConnect (CaseDbConnectionInfo info) throws TskCoreException
 

Protected Member Functions

void finalize () throws Throwable
 

Private Member Functions

 SleuthkitCase (String dbPath, SleuthkitJNI.CaseDbHandle caseHandle, DbType dbType) throws Exception
 
 SleuthkitCase (String host, int port, String dbName, String userName, String password, SleuthkitJNI.CaseDbHandle caseHandle, String caseDirPath, DbType dbType) throws Exception
 
void addBlackBoardAttribute (BlackboardAttribute attr, int artifactTypeId, CaseDbConnection connection) throws SQLException, TskCoreException
 
void addFilePath (CaseDbConnection connection, long objId, String path, TskData.EncodingType type) throws SQLException
 
long getArtifactsCountHelper (int artifactTypeID, long obj_id) throws TskCoreException
 
ArrayList< BlackboardArtifactgetArtifactsHelper (String whereClause) throws TskCoreException
 
BlackboardAttribute.Type getAttributeType (int typeID) throws TskCoreException
 
long getDataSourceObjectId (CaseDbConnection connection, long objectId) throws TskCoreException
 
FileSystem getFileSystemByIdHelper (long id, Content parent) throws TskCoreException
 
long getFileSystemId (long fileId, CaseDbConnection connection)
 
List< IngestModuleInfogetIngestModules (int ingestJobId, CaseDbConnection connection) throws SQLException
 
void init () throws Exception
 
void initBlackboardArtifactTypes () throws SQLException, TskCoreException
 
void initBlackboardAttributeTypes () throws SQLException, TskCoreException
 
void initEncodingTypes (CaseDbConnection connection) throws SQLException, TskCoreException
 
void initIngestModuleTypes (CaseDbConnection connection) throws SQLException, TskCoreException
 
void initIngestStatusTypes (CaseDbConnection connection) throws SQLException, TskCoreException
 
void initNextArtifactId () throws SQLException, TskCoreException
 
void initReviewStatuses (CaseDbConnection connection) throws SQLException, TskCoreException
 
void initStandardTagNames () throws SQLException, TskCoreException
 
void logSQLiteJDBCDriverInfo ()
 
BlackboardArtifact newBlackboardArtifact (int artifact_type_id, long obj_id, String artifactTypeName, String artifactDisplayName) throws TskCoreException
 
List< AbstractFileresultSetToAbstractFiles (ResultSet rs, CaseDbConnection connection) throws SQLException
 
void updateDatabaseSchema (String dbPath) throws Exception
 
int updateFromSchema2toSchema3 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException
 
int updateFromSchema3toSchema4 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException
 
int updateFromSchema4toSchema5 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException
 
int updateFromSchema5toSchema6 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException
 

Static Private Member Functions

static void closeResultSet (ResultSet resultSet)
 
static void closeStatement (Statement statement)
 
static String createCaseDataBaseName (String candidateDbName)
 

Private Attributes

final String caseDirPath
 
SleuthkitJNI.CaseDbHandle caseHandle
 
final ConnectionPool connections
 
final String databaseName
 
String dbBackupPath
 
final String dbPath
 
final DbType dbType
 
final Map< Long, FileSystemfileSystemIdMap = new HashMap<Long, FileSystem>()
 
long nextArtifactId
 
final Map< Long, VirtualDirectoryrootIdsToCarvedFileDirs = new HashMap<Long, VirtualDirectory>()
 
final ReentrantReadWriteLock rwLock = new ReentrantReadWriteLock(true)
 
final ArrayList< ErrorObserversleuthkitCaseErrorObservers = new ArrayList<ErrorObserver>()
 
Map< Integer, BlackboardArtifact.Type > typeIdToArtifactTypeMap
 
Map< Integer, BlackboardAttribute.Type > typeIdToAttributeTypeMap
 
Map< String, BlackboardArtifact.Type > typeNameToArtifactTypeMap
 
Map< String, BlackboardAttribute.Type > typeNameToAttributeTypeMap
 
int versionNumber
 

Static Private Attributes

static final long BASE_ARTIFACT_ID = Long.MIN_VALUE
 
static final ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle")
 
static final int IS_REACHABLE_TIMEOUT_MS = 1000
 
static final Logger logger = Logger.getLogger(SleuthkitCase.class.getName())
 
static final int MAX_DB_NAME_LEN_BEFORE_TIMESTAMP = 47
 
static final int MIN_USER_DEFINED_TYPE_ID = 10000
 
static final int SCHEMA_VERSION_NUMBER = 6
 
static final String SQL_ERROR_AUTHENTICATION_GROUP = "28"
 
static final String SQL_ERROR_CONNECTION_GROUP = "08"
 
static final String SQL_ERROR_INTERNAL_GROUP = "xx"
 
static final String SQL_ERROR_LIMIT_GROUP = "54"
 
static final String SQL_ERROR_PRIVILEGE_GROUP = "42"
 
static final String SQL_ERROR_RESOURCE_GROUP = "53"
 

Detailed Description

Represents the case database with methods that provide abstractions for database operations.

Definition at line 88 of file SleuthkitCase.java.

Constructor & Destructor Documentation

org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase ( String  dbPath,
SleuthkitJNI.CaseDbHandle  caseHandle,
DbType  dbType 
) throws Exception
private

Private constructor, clients must use newCase() or openCase() method to create an instance of this class.

Parameters
dbPathThe full path to a SQLite case database file.
caseHandleA handle to a case database object in the native code SleuthKit layer.
dbTypeThe type of database we're dealing with
Exceptions
Exception

Definition at line 205 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.dbPath, org.sleuthkit.datamodel.SleuthkitCase.dbType, org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.logSQLiteJDBCDriverInfo().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.openCase().

org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase ( String  host,
int  port,
String  dbName,
String  userName,
String  password,
SleuthkitJNI.CaseDbHandle  caseHandle,
String  caseDirPath,
DbType  dbType 
) throws Exception
private

Private constructor, clients must use newCase() or openCase() method to create an instance of this class.

Parameters
hostThe PostgreSQL database server.
portThe port to use connect to the PostgreSQL database server.
dbNameThe name of the case database.
userNameThe user name to use to connect to the case database.
passwordThe password to use to connect to the case database.
caseHandleA handle to a case database object in the native code
dbTypeThe type of database we're dealing with SleuthKit layer.
caseDirPathThe path to the root case directory.
Exceptions
Exception

Definition at line 235 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseDirPath, org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.dbType, and org.sleuthkit.datamodel.SleuthkitCase.init().

Member Function Documentation

void org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock ( )

Acquire the lock that provides exclusive access to the case database if it is a SQLite database. Call this method in a try block with a call to the lock release method in an associated finally block.

Definition at line 1090 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), and org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus().

void org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock ( )

Acquire the lock that provides shared access to the case database if it is a SQLite database. Call this method in a try block with a call to the lock release method in an associated finally block.

Definition at line 1112 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addIngestJob(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.CaseDbQuery(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.runQuery(), and org.sleuthkit.datamodel.SleuthkitCase.updateImagePath().

BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType ( String  attrTypeString,
TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE  valueType,
String  displayName 
) throws TskCoreException, TskDataException

Add an attribute type with the given name

Parameters
attrTypeStringName of the new attribute
valueTypeThe value type of this new attribute type
displayNameThe (non-unique) display name of the attribute type
Returns
the id of the new attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core
TskDataExceptionexception thrown if attribute type was already in the system

Definition at line 2542 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.MIN_USER_DEFINED_TYPE_ID, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.typeIdToAttributeTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToAttributeTypeMap.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addAttrType().

int org.sleuthkit.datamodel.SleuthkitCase.addArtifactType ( String  artifactTypeName,
String  displayName 
) throws TskCoreException

Adds a custom artifact type. The artifact type name must be unique, but the display name need not be unique.

Parameters
artifactTypeNameThe artifact type name.
displayNameThe artifact type display name.
Returns
The artifact type id assigned to the artifact type.
Exceptions
TskCoreExceptionIf there is an error adding the type to the case database.
Deprecated:
Use SleuthkitCase.addBlackboardArtifactType instead.

Definition at line 8289 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType().

int org.sleuthkit.datamodel.SleuthkitCase.addAttrType ( String  attrTypeString,
String  displayName 
) throws TskCoreException

Adds a custom attribute type with a string value type. The attribute type name must be unique, but the display name need not be unique.

Parameters
attrTypeStringThe attribute type name.
displayNameThe attribute type display name.
Returns
The attribute type id.
Exceptions
TskCoreExceptionIf there is an error adding the type to the case database.
Deprecated:
Use SleuthkitCase.addArtifactAttributeType instead.

Definition at line 8311 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), and org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING.

BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag ( BlackboardArtifact  artifact,
TagName  tagName,
String  comment 
) throws TskCoreException

Inserts a row into the blackboard_artifact_tags table in the case database.

Parameters
artifactThe blackboard artifact to tag.
tagNameThe name to use for the tag.
commentA comment to store with the tag.
Returns
A BlackboardArtifactTag data transfer object (DTO) for the new row.
Exceptions
TskCoreException

Definition at line 6671 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_ARTIFACT_TAG, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

BlackboardArtifact.Type org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType ( String  artifactTypeName,
String  displayName 
) throws TskCoreException, TskDataException

Add an artifact type with the given name. Will return an artifact Type.

Parameters
artifactTypeNameSystem (unique) name of artifact
displayNameDisplay (non-unique) name of artifact
Returns
Type of the artifact added
Exceptions
TskCoreExceptionexception thrown if a critical error occurs
TskDataExceptionexception thrown if given data is already in db within tsk core

Definition at line 2752 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.MIN_USER_DEFINED_TYPE_ID, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.typeIdToArtifactTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToArtifactTypeMap.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType().

void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute ( BlackboardAttribute  attr,
int  artifactTypeId 
) throws TskCoreException

Add a blackboard attribute.

Parameters
attrA blackboard attribute.
artifactTypeIdThe type of artifact associated with the attribute.
Exceptions
TskCoreExceptionthrown if a critical error occurs.

Definition at line 2325 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttribute().

void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes ( Collection< BlackboardAttribute attributes,
int  artifactTypeId 
) throws TskCoreException

Add a set blackboard attributes.

Parameters
attributesA set of blackboard attribute.
artifactTypeIdThe type of artifact associated with the attributes.
Exceptions
TskCoreExceptionthrown if a critical error occurs.

Definition at line 2347 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttributes().

LayoutFile org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile ( String  carvedFileName,
long  carvedFileSize,
long  containerId,
List< TskFileRange data 
) throws TskCoreException

Adds a carved file to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.

Parameters
carvedFileNamethe name of the carved file to add
carvedFileSizethe size of the carved file to add
containerIdthe ID of the parent volume, file system, or image
datathe layout information - a list of offsets that make up this carved file.
Returns
A LayoutFile object representing the carved file.
Exceptions
org.sleuthkit.datamodel.TskCoreException
Deprecated:
Use addCarvedFile(CarvingResult) instead

Definition at line 8508 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), and org.sleuthkit.datamodel.SleuthkitCase.getContentById().

final List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles ( CarvingResult  carvingResult) throws TskCoreException

Adds a carving result to the case database.

Parameters
carvingResultThe carving result (a set of carved files and their parent) to be added.
Returns
A list of LayoutFile representations of the carved files.
Exceptions
TskCoreExceptionIf there is a problem completing a case database operation.

Definition at line 4168 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.Content.getChildren(), org.sleuthkit.datamodel.VirtualDirectory.getChildren(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.getConnection(), org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.Content.getParent(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_LAYOUT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_OBJECT, org.sleuthkit.datamodel.VirtualDirectory.NAME_CARVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().

List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles ( List< CarvedFileContainer filesToAdd) throws TskCoreException

Adds a collection of carved files to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.

Parameters
filesToAddA list of CarvedFileContainer files to add as carved files.
Returns
A list of the files added to the database.
Exceptions
org.sleuthkit.datamodel.TskCoreException
Deprecated:
Use addCarvedFile(CarvingResult) instead

Definition at line 8538 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.Content.getId().

ContentTag org.sleuthkit.datamodel.SleuthkitCase.addContentTag ( Content  content,
TagName  tagName,
String  comment,
long  beginByteOffset,
long  endByteOffset 
) throws TskCoreException

Inserts a row into the content_tags table in the case database.

Parameters
contentThe content to tag.
tagNameThe name to use for the tag.
commentA comment to store with the tag.
beginByteOffsetDesignates the beginning of a tagged section.
endByteOffsetDesignates the end of a tagged section.
Returns
A ContentTag data transfer object (DTO) for the new row.
Exceptions
TskCoreException

Definition at line 6419 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_CONTENT_TAG, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
AbstractFile  parentFile,
String  rederiveDetails,
String  toolName,
String  toolVersion,
String  otherDetails,
TskData.EncodingType  encodingType 
) throws TskCoreException

Creates a new derived file object, adds it to database and returns it.

TODO add support for adding derived method

Parameters
fileNamefile name the derived file
localPathlocal path of the derived file, including the file name. The path is relative to the database path.
sizesize of the derived file in bytes
ctime
crtime
atime
mtime
isFilewhether a file or directory, true if a file
parentFileparent file object (derived or local file)
rederiveDetailsdetails needed to re-derive file (will be specific to the derivation method), currently unused
toolNamename of derivation method/tool, currently unused
toolVersionversion of derivation method/tool, currently unused
otherDetailsdetails of derivation method/tool, currently unused
encodingTypeType of encoding used on the file (or NONE if no encoding)
Returns
newly created derived file object
Exceptions
TskCoreExceptionexception thrown if the object creation failed due to a critical system error

Definition at line 4389 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addFilePath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_OBJECT, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile().

DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
AbstractFile  parentFile,
String  rederiveDetails,
String  toolName,
String  toolVersion,
String  otherDetails 
) throws TskCoreException

Creates a new derived file object, adds it to database and returns it.

TODO add support for adding derived method

Parameters
fileNamefile name the derived file
localPathlocal path of the derived file, including the file name. The path is relative to the database path.
sizesize of the derived file in bytes
ctime
crtime
atime
mtime
isFilewhether a file or directory, true if a file
parentFileparent file object (derived or local file)
rederiveDetailsdetails needed to re-derive file (will be specific to the derivation method), currently unused
toolNamename of derivation method/tool, currently unused
toolVersionversion of derivation method/tool, currently unused
otherDetailsdetails of derivation method/tool, currently unused
Returns
newly created derived file object
Exceptions
TskCoreExceptionexception thrown if the object creation failed due to a critical system error Use the newer version with explicit encoding type parameter

Definition at line 8586 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

void org.sleuthkit.datamodel.SleuthkitCase.addErrorObserver ( ErrorObserver  observer)

Add an observer for SleuthkitCase errors.

Parameters
observerThe observer to add.

Definition at line 6274 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.addFilePath ( CaseDbConnection  connection,
long  objId,
String  path,
TskData.EncodingType  type 
) throws SQLException
private

Add a path (such as a local path) for a content object to tsk_file_paths

Parameters
connectionA case database connection.
objIdobject id of the file to add the path for
paththe path to add
Exceptions
SQLExceptionexception thrown when database error occurred and path was not added

Definition at line 4685 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_LOCAL_PATH.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().

Image org.sleuthkit.datamodel.SleuthkitCase.addImageInfo ( long  deviceObjId,
List< String >  imageFilePaths,
String  timeZone 
) throws TskCoreException

Adds an image to the case database.

Parameters
deviceObjIdThe object id of the device associated with the image.
imageFilePathsThe image file paths.
timeZoneThe time zone for the image.
Returns
An Image object.
Exceptions
TskCoreExceptionif there is an error adding the image to case database.

Definition at line 5463 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, and org.sleuthkit.datamodel.SleuthkitCase.getImageById().

final IngestJobInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestJob ( Content  dataSource,
String  hostName,
List< IngestModuleInfo ingestModules,
Date  jobStart,
Date  jobEnd,
IngestJobStatusType  status,
String  settingsDir 
) throws TskCoreException
Parameters
dataSourceThe datasource the ingest job is being run on
hostNameThe name of the host
ingestModulesThe ingest modules being run during the ingest job. Should be in pipeline order.
jobStartThe time the job started
jobEndThe time the job ended
statusThe ingest job status
settingsDirThe directory of the job's settings
Returns
An information object representing the ingest job added to the database.
Exceptions
TskCoreExceptionIf adding the job to the database fails.

Definition at line 7144 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.IngestModuleInfo.getIngestModuleId(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_INGEST_JOB, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

final IngestModuleInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestModule ( String  displayName,
String  factoryClassName,
IngestModuleType  type,
String  version 
) throws TskCoreException

Adds the given ingest module to the database.

Parameters
displayNameThe display name of the module
factoryClassNameThe factory class name of the module.
typeThe type of the module.
versionThe version of the module.
Returns
An ingest module info object representing the module added to the db.
Exceptions
TskCoreExceptionWhen the ingest module cannot be added.

Definition at line 7195 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.IngestModuleInfo.IngestModuleType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_INGEST_MODULE.

final List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles ( Content  parent,
List< TskFileRange fileRanges 
) throws TskCoreException

Adds one or more layout files for a parent Content object to the case database.

Parameters
parentThe parent Content.
fileRangesFile range objects for the file(s).
Returns
A list of LayoutFile objects.
Exceptions
TskCoreExceptionIf there is a problem completing a case database operation.

Definition at line 4032 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.getConnection(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_LAYOUT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_OBJECT, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
TskData.EncodingType  encodingType,
AbstractFile  parent 
) throws TskCoreException
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
TskData.EncodingType  encodingType,
AbstractFile  parent,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.

Parameters
fileNameThe name of the file.
localPathThe absolute path (including the file name) of the local/logical in secondary storage.
sizeThe size of the file in bytes.
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFileTrue, unless the file is a directory.
encodingTypeType of encoding used on the file
parentThe parent of the file (e.g., a virtual directory)
transactionA caller-managed transaction within which the add file operations are performed.
Returns
An object representing the local/logical file.
Exceptions
TskCoreExceptionif there is an error completing a case database operation.

Definition at line 4552 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addFilePath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_OBJECT, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
AbstractFile  parent,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.

Parameters
fileNameThe name of the file.
localPathThe absolute path (including the file name) of the local/logical in secondary storage.
sizeThe size of the file in bytes.
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFileTrue, unless the file is a directory.
parentThe parent of the file (e.g., a virtual directory)
transactionA caller-managed transaction within which the add file operations are performed.
Returns
An object representing the local/logical file.
Exceptions
TskCoreExceptionif there is an error completing a case database operation. Use the newer version with explicit encoding type parameter

Definition at line 8620 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
AbstractFile  parent 
) throws TskCoreException

Wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.

Parameters
fileName
localPath
size
ctime
crtime
atime
mtime
isFile
parent
Returns
Exceptions
TskCoreExceptionUse the newer version with explicit encoding type parameter

Definition at line 8648 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

LocalFilesDataSource org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource ( String  deviceId,
String  rootDirectoryName,
String  timeZone,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a local/logical files and/or directories data source.

Parameters
deviceIdAn ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID).
rootDirectoryNameThe name for the root virtual directory for the data source.
timeZoneThe time zone used to process the data source, may be the empty string.
transactionA transaction in the scope of which the operation is to be performed, managed by the caller.
Returns
The new local files data source.
Exceptions
TskCoreExceptionif there is an error adding the data source.

Definition at line 3912 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_OBJECT, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

Report org.sleuthkit.datamodel.SleuthkitCase.addReport ( String  localPath,
String  sourceModuleName,
String  reportName 
) throws TskCoreException

Inserts a row into the reports table in the case database.

Parameters
localPathThe path of the report file, must be in the database directory (case directory in Autopsy) or one of its subdirectories.
sourceModuleNameThe name of the module that created the report.
reportNameThe report name, may be empty.
Returns
A Report data transfer object (DTO) for the new row.
Exceptions
TskCoreException

Definition at line 6958 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_REPORT, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

TagName org.sleuthkit.datamodel.SleuthkitCase.addTagName ( String  displayName,
String  description,
TagName.HTML_COLOR  color 
) throws TskCoreException

Inserts row into the tags_names table in the case database.

Parameters
displayNameThe display name for the new tag name.
descriptionThe description for the new tag name.
colorThe HTML color to associate with the new tag name.
Returns
A TagName data transfer object (DTO) for the new row.
Exceptions
TskCoreException

Definition at line 6381 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_TAG_NAME, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory ( long  parentId,
String  directoryName 
) throws TskCoreException

Adds a virtual directory to the database and returns a VirtualDirectory object representing it.

Parameters
parentIdthe ID of the parent, or 0 if NULL
directoryNamethe name of the virtual directory to create
Returns
Exceptions
TskCoreException

Definition at line 3749 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().

VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory ( long  parentId,
String  directoryName,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a virtual directory to the database and returns a VirtualDirectory object representing it.

Make sure the connection in transaction is used for all database interactions called by this method

Parameters
parentIdthe ID of the parent, or 0 if NULL
directoryNamethe name of the virtual directory to create
transactionthe transaction in the scope of which the operation is to be performed, managed by the caller
Returns
a VirtualDirectory object representing the one added to the database.
Exceptions
TskCoreException

Definition at line 3785 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_FILE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_OBJECT, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

boolean org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed ( )
CaseDbTransaction org.sleuthkit.datamodel.SleuthkitCase.beginTransaction ( ) throws TskCoreException

Create a new transaction on the case database. The transaction object that is returned can be passed to methods that take a CaseDbTransaction. The caller is responsible for calling either commit() or rollback() on the transaction object.

Returns
A CaseDbTransaction object.
Exceptions
TskCoreException

Definition at line 1062 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory().

void org.sleuthkit.datamodel.SleuthkitCase.close ( )
static void org.sleuthkit.datamodel.SleuthkitCase.closeResultSet ( ResultSet  resultSet)
staticprivate

Definition at line 7071 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addIngestJob(), org.sleuthkit.datamodel.SleuthkitCase.addIngestModule(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs(), org.sleuthkit.datamodel.SleuthkitCase.getIngestModules(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.initEncodingTypes(), org.sleuthkit.datamodel.SleuthkitCase.initIngestModuleTypes(), org.sleuthkit.datamodel.SleuthkitCase.initIngestStatusTypes(), org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.initReviewStatuses(), org.sleuthkit.datamodel.SleuthkitCase.initStandardTagNames(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema(), org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3(), org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema5toSchema6().

void org.sleuthkit.datamodel.SleuthkitCase.closeRunQuery ( ResultSet  resultSet) throws SQLException

Closes ResultSet and its Statement previously retrieved from runQuery()

Parameters
resultSetwith its Statement to close
Exceptions
SQLExceptionof closing the query files failed
Deprecated:
Do not use runQuery() and closeRunQuery(), use executeQuery() instead. Query the Database

Definition at line 8483 of file SleuthkitCase.java.

static void org.sleuthkit.datamodel.SleuthkitCase.closeStatement ( Statement  statement)
staticprivate

Definition at line 7081 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addIngestModule(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs(), org.sleuthkit.datamodel.SleuthkitCase.getIngestModules(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.initEncodingTypes(), org.sleuthkit.datamodel.SleuthkitCase.initIngestModuleTypes(), org.sleuthkit.datamodel.SleuthkitCase.initIngestStatusTypes(), org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.initReviewStatuses(), org.sleuthkit.datamodel.SleuthkitCase.initStandardTagNames(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus(), org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema(), org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3(), org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4(), org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema4toSchema5(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema5toSchema6().

void org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB ( String  newDBPath) throws IOException

Make a duplicate / backup copy of the current case database. Makes a new copy only, and continues to use the current connection.

Parameters
newDBPathPath to the copy to be created. File will be overwritten if it exists.
Exceptions
IOExceptionif copying fails.

Definition at line 605 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed ( )
long org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere ( String  sqlWhereClause) throws TskCoreException

Count files matching the specific Where clause

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
count of files each of which satisfy the given WHERE clause
Exceptions
TskCoreExceptionQuery the Database

Definition at line 4724 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

int org.sleuthkit.datamodel.SleuthkitCase.countFsContentType ( TskData.TSK_FS_META_TYPE_ENUM  contentType) throws TskCoreException

Return the number of objects in the database of a given file type.

Parameters
contentTypeType of file to count
Returns
Number of objects with that type.
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 6116 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

static String org.sleuthkit.datamodel.SleuthkitCase.createCaseDataBaseName ( String  candidateDbName)
staticprivate

Transforms a candidate PostgreSQL case database name into one that can be safely used in SQL commands and will not be subject to name collisions on the case database server.

Parameters
candidateDbNameA candidate case database name.
Returns
A case database name.

Definition at line 1252 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.MAX_DB_NAME_LEN_BEFORE_TIMESTAMP.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase().

void org.sleuthkit.datamodel.SleuthkitCase.deleteReport ( Report  report) throws TskCoreException

Deletes a row from the reports table in the case database.

Parameters
reportA Report data transfer object (DTO) for the row to delete.
Exceptions
TskCoreException

Definition at line 7056 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.DELETE_REPORT, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

static String org.sleuthkit.datamodel.SleuthkitCase.escapeSingleQuotes ( String  text)
static

Escape the single quotes in the given string so they can be added to the SQL caseDbConnection

Parameters
text
Returns
text the escaped version

Definition at line 6148 of file SleuthkitCase.java.

CaseDbQuery org.sleuthkit.datamodel.SleuthkitCase.executeQuery ( String  query) throws TskCoreException

This method allows developers to run arbitrary SQL "SELECT" queries. The CaseDbQuery object will take care of acquiring the necessary database lock and when used in a try-with-resources block will automatically take care of releasing the lock. If you do not use a try-with-resources block you must call CaseDbQuery.close() once you are done processing the files of the query.

Also note that if you use it within a transaction to insert something into the database, and then within that same transaction query the inserted item from the database, you will likely not see your inserted item, as the method uses new connections for each execution. With this method, you must close your transaction before successfully querying for newly-inserted items.

Parameters
queryThe query string to execute.
Returns
A CaseDbQuery instance.
Exceptions
TskCoreException

Definition at line 5942 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.finalize ( ) throws Throwable
protected
List<Long> org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere ( String  sqlWhereClause) throws TskCoreException

Find and return list of all (abstract) ids of files matching the specific Where clause

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
a list of file ids each of which satisfy the given WHERE clause
Exceptions
TskCoreExceptionQuery the Database

Definition at line 4792 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere ( String  sqlWhereClause) throws TskCoreException

Find and return list of all (abstract) files matching the specific Where clause. You need to know the database schema to use this, which is outlined on the wiki. You should use enums from org.sleuthkit.datamodel.TskData to make the queries easier to maintain and understand.

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
a list of AbstractFile each of which satisfy the given WHERE clause
Exceptions
TskCoreExceptionQuery the Database

Definition at line 4761 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles ( Content  dataSource,
String  fileName 
) throws TskCoreException
Parameters
dataSourcethe dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileNamePattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
Returns
a list of AbstractFile for files/directories whose name matches the given fileName
Exceptions
TskCoreExceptionthrown if check failed

Definition at line 3680 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_NAME.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.findFiles(), and org.sleuthkit.datamodel.SleuthkitCase.openFiles().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles ( Content  dataSource,
String  fileName,
String  dirName 
) throws TskCoreException
Parameters
dataSourcethe dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileNamePattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
dirNamePattern of the name of a parent directory of fileName (case insensitive, used in LIKE SQL statement)
Returns
a list of AbstractFile for files/directories whose name matches fileName and whose parent directory contains dirName.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 3715 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_PARENT_PATH_AND_NAME.

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles ( Content  dataSource,
String  fileName,
AbstractFile  parentFile 
) throws TskCoreException

Find all files in the data source, by name and parent

Parameters
dataSourcethe dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileNamePattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
parentFileObject for parent file/directory to find children in
Returns
a list of AbstractFile for files/directories whose name matches fileName and that were inside a directory described by parentFile.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 4709 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.findFiles().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5 ( String  md5Hash)
List<FsContent> org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere ( String  sqlWhereClause) throws TskCoreException

Find and return list of files matching the specific Where clause. Use findAllFilesWhere instead. It returns a more generic data type

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
a list of FsContent each of which satisfy the given WHERE clause
Exceptions
TskCoreException
Deprecated:
use SleuthkitCase.findAllFilesWhere() instead

Definition at line 8199 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().

AbstractFile org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById ( long  id) throws TskCoreException

Get abstract file object from tsk_files table by its id

Parameters
idid of the file object in tsk_files table
Returns
AbstractFile object populated, or null if not found.
Exceptions
TskCoreExceptionthrown if critical error occurred within tsk core and file could not be queried

Definition at line 3577 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILE_BY_ID.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags ( ) throws TskCoreException
List<Report> org.sleuthkit.datamodel.SleuthkitCase.getAllReports ( ) throws TskCoreException
List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames ( ) throws TskCoreException
long org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper ( int  artifactTypeID,
long  obj_id 
) throws TskCoreException
private

Helper method to get count of all artifacts matching the type id and object id. Does not included rejected artifacts.

Parameters
artifactTypeIDartifact type id
obj_idassociated object id
Returns
count of matching blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2069 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_SOURCE_AND_TYPE, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper ( String  whereClause) throws TskCoreException
private

Gets unrejected blackboard artifacts that match a given WHERE clause. Uses a SELECT * statement that does a join of the blackboard_artifacts and blackboard_artifact_types tables to get all of the required data.

Parameters
whereClauseThe WHERE clause to append to the SELECT statement.
Returns
A list of BlackboardArtifact objects.
Exceptions
TskCoreExceptionIf there is a problem querying the case database.

Definition at line 2024 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts().

BlackboardArtifact.Type org.sleuthkit.datamodel.SleuthkitCase.getArtifactType ( String  artTypeName) throws TskCoreException
int org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID ( String  artifactTypeName) throws TskCoreException

Get the artifact type id associated with an artifact type name.

Parameters
artifactTypeNameAn artifact type name.
Returns
An artifact id or -1 if the attribute type does not exist.
Exceptions
TskCoreExceptionIf an error occurs accessing the case database.
Deprecated:
Use getArtifactType instead

Definition at line 8238 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Iterable<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes ( ) throws TskCoreException

Gets a list of all the artifact types for this case

Returns
a list of artifact types
Exceptions
TskCoreExceptionwhen there is an error getting the types

Definition at line 1844 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

List<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse ( ) throws TskCoreException

Gets the list of all unique artifact IDs in use.

Gets both static and dynamic IDs.

Returns
The list of unique IDs
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core

Definition at line 1918 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.getAttributeType ( String  attrTypeName) throws TskCoreException
BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.getAttributeType ( int  typeID) throws TskCoreException
private
List<BlackboardAttribute.Type> org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes ( ) throws TskCoreException
String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName ( int  attrTypeID) throws TskCoreException

Get the display name for the attribute with the given id. Will throw an error if that id does not exist

Parameters
attrTypeIDattribute id
Returns
string associated with the given id
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core
Deprecated:
Use getAttributeType instead

Definition at line 8402 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

int org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID ( String  attrTypeName) throws TskCoreException

Gets the attribute type id associated with an attribute type name.

Parameters
attrTypeNameAn attribute type name.
Returns
An attribute id or -1 if the attribute type does not exist.
Exceptions
TskCoreExceptionIf an error occurs accessing the case database.
Deprecated:
Use SleuthkitCase.getAttributeType instead.

Definition at line 8330 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString ( int  attrTypeID) throws TskCoreException

Get the string associated with the given id. Will throw an error if that id does not exist

Parameters
attrTypeIDattribute id
Returns
string associated with the given id
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core
Deprecated:
Use getAttributeType instead

Definition at line 8366 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getBackupDatabasePath ( )

Returns the path of a backup copy of the database made when a schema version upgrade has occurred.

Returns
The path of the backup file or null if no backup was made.

Definition at line 1048 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.dbBackupPath.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( int  artifactTypeID) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters
artifactTypeIDartifact type id (must exist in database)
Returns
list of blackboard artifacts.
Exceptions
TskCoreException

Definition at line 1470 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

Referenced by org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
String  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1556 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
String  subString,
boolean  startsWith 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
subStringvalue substring of the string attribute of the attrType type to look for
startsWithif true, the artifact attribute string should start with the substring, if false, it should just contain it
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1607 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
int  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and integer value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1659 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
long  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and long value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1707 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
double  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and double value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1755 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
byte  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and byte value. Does not include rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1803 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( String  artifactTypeName,
long  obj_id 
) throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters
artifactTypeNameartifact type name
obj_idobject id
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2106 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( int  artifactTypeID,
long  obj_id 
) throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters
artifactTypeIDartifact type id (must exist in database)
obj_idobject id
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2122 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( ARTIFACT_TYPE  artifactType,
long  obj_id 
) throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters
artifactTypeartifact type enum
obj_idobject id
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2138 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( String  artifactTypeName) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters
artifactTypeNameartifact type name
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2205 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( ARTIFACT_TYPE  artifactType) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters
artifactTypeartifact type enum
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2220 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( ARTIFACT_TYPE  artifactType,
BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
String  value 
) throws TskCoreException

Get all blackboard artifacts of a given type with an attribute of a given type and String value. Does not included rejected artifacts.

Parameters
artifactTypeartifact type enum
attrTypeattribute type enum
valueString value of attribute
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2237 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( long  objId) throws TskCoreException
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( String  artifactTypeName,
long  obj_id 
) throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters
artifactTypeNameartifact type name
obj_idobject id
Returns
count of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2154 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), and org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( int  artifactTypeID,
long  obj_id 
) throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters
artifactTypeIDartifact type id (must exist in database)
obj_idobject id
Returns
count of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2174 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( ARTIFACT_TYPE  artifactType,
long  obj_id 
) throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters
artifactTypeartifact type enum
obj_idobject id
Returns
count of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 2190 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount ( int  artifactTypeID) throws TskCoreException

Get a count of artifacts of a given type. Does not include rejected artifacts.

Parameters
artifactTypeIDId of the artifact type.
Returns
The artifacts count for the type.
Exceptions
TskCoreException

Definition at line 1518 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_ARTIFACTS_OF_TYPE, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID ( long  artifactTagID) throws TskCoreException
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact ( BlackboardArtifact  artifact) throws TskCoreException

Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the blackboard_artifacts table.

Parameters
artifactA data transfer object (DTO) for the artifact to match.
Returns
A list, possibly empty, of BlackboardArtifactTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 6890 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_ARTIFACT.

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName ( TagName  tagName) throws TskCoreException

Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
A list, possibly empty, of BlackboardArtifactTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 6803 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_TAG_NAME.

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName ( TagName  tagName) throws TskCoreException

Gets a count of the rows in the blackboard_artifact_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
The count, possibly zero.
Exceptions
TskCoreException

Definition at line 6765 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_TAG_NAME, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes ( ) throws TskCoreException

Gets a list of the standard blackboard artifact type enum objects.

Returns
The members of the BlackboardArtifact.ARTIFACT_TYPE enum.
Exceptions
TskCoreExceptionSpecified, but not thrown.
Deprecated:
For a list of standard blackboard artifacts type enum objects, use BlackboardArtifact.ARTIFACT_TYPE.values.

Definition at line 8271 of file SleuthkitCase.java.

ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse ( ) throws TskCoreException
ArrayList<BlackboardAttribute.ATTRIBUTE_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes ( ) throws TskCoreException

Gets a list of the standard blackboard attribute type enum objects.

Returns
The members of the BlackboardAttribute.ATTRIBUTE_TYPE enum.
Exceptions
TskCoreExceptionSpecified, but not thrown.
Deprecated:
For a list of standard blackboard attribute types enum objects, use BlackboardAttribute.ATTRIBUTE_TYP.values.

Definition at line 8435 of file SleuthkitCase.java.

int org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount ( ) throws TskCoreException

Get count of blackboard attribute types

Counts both static (in enum) and dynamic attributes types (created by modules at runtime)

Returns
count of attribute types
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 1989 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Content org.sleuthkit.datamodel.SleuthkitCase.getContentById ( long  id) throws TskCoreException

Get content object by content id

Parameters
idto get content object for
Returns
instance of a Content object (one of its subclasses), or null if not found.
Exceptions
TskCoreExceptionthrown if critical error occurred within tsk core

Definition at line 3346 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.AbstractFile.getDataSource(), org.sleuthkit.datamodel.AbstractContent.getParent(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

ContentTag org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID ( long  contentTagID) throws TskCoreException
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent ( Content  content) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified foreign key into the tsk_objects table.

Parameters
contentA data transfer object (DTO) for the content to match.
Returns
A list, possibly empty, of ContentTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 6630 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_CONTENT.

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName ( TagName  tagName) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
A list, possibly empty, of ContentTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 6589 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_TAG_NAME.

long org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName ( TagName  tagName) throws TskCoreException

Gets a count of the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
The count, possibly zero.
Exceptions
TskCoreException

Definition at line 6512 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_CONTENT_TAGS_BY_TAG_NAME, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getDatabaseName ( )

Gets the case database name.

Returns
The case database name.

Definition at line 1071 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.databaseName.

DbType org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType ( )

Returns the type of database in use.

Returns
database type

Definition at line 1038 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.dbType.

DataSource org.sleuthkit.datamodel.SleuthkitCase.getDataSource ( long  objectId) throws TskDataException, TskCoreException

Gets a specific data source for the case (e.g., an image, local disk, virtual directory of local/logical files and/or directories, etc.).

NOTE: The AbstractDataSource class is an emerging feature and at present is only useful for obtaining the object id and the data source identifier, an ASCII-printable identifier for the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.

Parameters
objectIdThe object id of the data source.
Returns
The data source.
Exceptions
TskDataExceptionif there is no data source for the given object id.
TskCoreExceptionif there is a problem getting the data source.

Definition at line 1437 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

long org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId ( CaseDbConnection  connection,
long  objectId 
) throws TskCoreException
private

Given an object id, works up the tree of ancestors to the data source for the object and gets the object id of the data source. The trivial case where the input object id is for a source is handled.

Parameters
connectionA case database connection.
objectIdAn object id.
Returns
A data source object id.
Exceptions
TskCoreExceptionif there is an error querying the case database.

Definition at line 4645 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4().

List<DataSource> org.sleuthkit.datamodel.SleuthkitCase.getDataSources ( ) throws TskCoreException

Gets the data sources for the case (e.g., images, local disks, virtual directories of local/logical files and/or directories, etc.)

NOTE: The DataSource interface is an emerging feature and at present is only useful for obtaining the object id and the device id, an ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.

Returns
A list of the data sources for the case.
Exceptions
TskCoreExceptionif there is a problem getting the data sources.

Definition at line 1396 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath ( )

Get the full path to the case directory. For a SQLite case database, this is the same as the database directory path.

Returns
Case directory path.

Definition at line 1081 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseDirPath.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addReport(), and org.sleuthkit.datamodel.SleuthkitCase.getAllReports().

List<TskFileRange> org.sleuthkit.datamodel.SleuthkitCase.getFileRanges ( long  id) throws TskCoreException

Get file layout ranges from tsk_file_layout, for a file with specified id

Parameters
idof the file to get file layout ranges for
Returns
list of populated file ranges
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 4857 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.AbstractFile.getRanges().

FileSystem org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper ( long  id,
Content  parent 
) throws TskCoreException
private
long org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId ( long  fileId,
CaseDbConnection  connection 
)
private

Get the object ID of the file system that a file is located in.

Note: for FsContent files, this is the real fs for other non-fs AbstractFile files, this field is used internally for data source id (the root content obj)

Parameters
fileIdobject id of the file to get fs column id for
connectionthe database connection to use
Returns
fs_id or -1 if not present

Definition at line 3613 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILE_SYSTEM_BY_OBJECT.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory().

Map<Long, List<String> > org.sleuthkit.datamodel.SleuthkitCase.getImagePaths ( ) throws TskCoreException

Returns a map of image object IDs to a list of fully qualified file paths for that image

Returns
map of image object IDs to file paths
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 5477 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

final List<IngestJobInfo> org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs ( ) throws TskCoreException

Gets all of the ingest jobs that have been run.

Returns
The information about the ingest jobs that have been run
Exceptions
TskCoreExceptionIf there is a problem getting the ingest jobs

Definition at line 7250 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.IngestJobInfo.IngestJobStatusType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.getIngestModules().

List<IngestModuleInfo> org.sleuthkit.datamodel.SleuthkitCase.getIngestModules ( int  ingestJobId,
CaseDbConnection  connection 
) throws SQLException
private

Gets the ingest modules associated with the ingest job

Parameters
ingestJobIdThe id of the ingest job to get ingest modules for
connectionThe database connection
Returns
The ingest modules of the job
Exceptions
SQLExceptionIf it fails to get the modules from the db.

Definition at line 7284 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.IngestModuleInfo.IngestModuleType.fromID().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs().

long org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId ( ) throws TskCoreException

Get last (max) object id of content object in tsk_objects.

Returns
currently max id
Exceptions
TskCoreExceptionexception thrown when database error occurs and last object id could not be queried
Deprecated:
Do not use, assumes a single-threaded, single-user case.

Definition at line 8163 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_MAX_OBJECT_ID.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts ( String  whereClause) throws TskCoreException

Get all artifacts that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables

Parameters
whereClausea sqlite where clause
Returns
a list of matching artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core Query the Database

Definition at line 2899 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

Referenced by org.sleuthkit.datamodel.AbstractContent.getAllArtifacts().

ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes ( String  whereClause) throws TskCoreException

Get all attributes that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables

Parameters
whereClausea sqlite where clause
Returns
a list of matching attributes
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core Query the Database

Definition at line 2845 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

List<Content> org.sleuthkit.datamodel.SleuthkitCase.getRootObjects ( ) throws TskCoreException
int org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion ( )

Returns case database schema version number.

Returns
The schema version number as an integer.

Definition at line 1029 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.versionNumber.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getImageById().

List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse ( ) throws TskCoreException

Selects all of the rows from the tag_names table in the case database for which there is at least one matching row in the content_tags or blackboard_artifact_tags tables.

Returns
A list, possibly empty, of TagName data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 6348 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_TAG_NAMES_IN_USE.

List<VirtualDirectory> org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots ( ) throws TskCoreException
void org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes ( ) throws SQLException, TskCoreException
private
void org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes ( ) throws SQLException, TskCoreException
private
void org.sleuthkit.datamodel.SleuthkitCase.initEncodingTypes ( CaseDbConnection  connection) throws SQLException, TskCoreException
private

Put the file encoding types into the table. This must be called after the database upgrades or the encoding_types table will not exist.

Exceptions
SQLException
TskCoreException

Definition at line 509 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema4toSchema5().

void org.sleuthkit.datamodel.SleuthkitCase.initIngestModuleTypes ( CaseDbConnection  connection) throws SQLException, TskCoreException
private

Initialize ingest module types by adding them into the ingest_module_types database.

Exceptions
SQLException
TskCoreException

Definition at line 416 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4().

void org.sleuthkit.datamodel.SleuthkitCase.initIngestStatusTypes ( CaseDbConnection  connection) throws SQLException, TskCoreException
private

Initialize ingest status types by adding them into the ingest_job_status_types database.

Exceptions
SQLException
TskCoreException

Definition at line 447 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4().

void org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId ( ) throws SQLException, TskCoreException
private

Initialize the next artifact id. If there are entries in the blackboard_artifacts table we will use max(artifact_id) + 1 otherwise we will initialize the value to 0x8000000000000000 (the maximum negative signed long).

Exceptions
SQLException
TskCoreException

Definition at line 357 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.BASE_ARTIFACT_ID, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init().

void org.sleuthkit.datamodel.SleuthkitCase.initReviewStatuses ( CaseDbConnection  connection) throws SQLException, TskCoreException
private

Initialize the review statuses lookup table from the ReviewStatus enum.

Exceptions
SQLException
TskCoreExceptionif there is an error initializing the table.

Definition at line 477 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema4toSchema5().

void org.sleuthkit.datamodel.SleuthkitCase.initStandardTagNames ( ) throws SQLException, TskCoreException
private

Initialize standard tag names by adding them into the tag_names database.

Exceptions
SQLExceptionif there is an error executing an SQL statement.
TskCoreExceptionif there is a problem getting a database connection.

Definition at line 383 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.TagName.HTML_COLOR.NONE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init().

boolean org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource ( Content  dataSource,
long  fileId 
) throws TskCoreException

Checks if the file is a (sub)child of the data source (parentless Content object such as Image or VirtualDirectory representing filesets)

Parameters
dataSourcedataSource to check
fileIdid of file to check
Returns
true if the file is in the dataSource hierarchy
Exceptions
TskCoreExceptionthrown if check failed

Definition at line 3648 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

void org.sleuthkit.datamodel.SleuthkitCase.logSQLiteJDBCDriverInfo ( )
private

Write some SQLite JDBC driver details to the log file.

Definition at line 641 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.logger.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().

AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess ( String  timezone,
boolean  addUnallocSpace,
boolean  noFatFsOrphans,
String  imageWriterPath 
)

Start process of adding a image to the case. Adding an image is a multi-step process and this returns an object that allows it to happen.

Parameters
timezoneTZ time zone string to use for ingest of image.
addUnallocSpaceSet to true to create virtual files for unallocated space in the image.
noFatFsOrphansSet to true to skip processing orphan files of FAT file systems.
imageWriterPathPath for image writer from the local disk panel. Use an empty string to disable image writing
Returns
Object that encapsulates control of adding an image via the SleuthKit native code layer.

Definition at line 1322 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle.

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess ( String  timezone,
boolean  addUnallocSpace,
boolean  noFatFsOrphans 
)

Start process of adding a image to the case. Adding an image is a multi-step process and this returns an object that allows it to happen.

Parameters
timezoneTZ time zone string to use for ingest of image.
addUnallocSpaceSet to true to create virtual files for unallocated space in the image.
noFatFsOrphansSet to true to skip processing orphan files of FAT file systems.
Returns
Object that encapsulates control of adding an image via the SleuthKit native code layer

Use the newer version with explicit image writer path parameter

Definition at line 8673 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle.

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact ( int  artifactTypeID,
long  obj_id 
) throws TskCoreException

Add a new blackboard artifact with the given type. If that artifact type does not exist an error will be thrown. The artifact type name can be looked up in the returned blackboard artifact.

Parameters
artifactTypeIDthe type the given artifact should have
obj_idthe content object id associated with this artifact
Returns
a new blackboard artifact
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core

Definition at line 2944 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().

Referenced by org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact(), org.sleuthkit.datamodel.AbstractContent.newArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact ( ARTIFACT_TYPE  artifactType,
long  obj_id 
) throws TskCoreException

Add a new blackboard artifact with the given type.

Parameters
artifactTypethe type the given artifact should have
obj_idthe content object id associated with this artifact
Returns
a new blackboard artifact
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core

Definition at line 2960 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.newCase ( String  dbPath) throws TskCoreException
static

Creates a new SQLite case database.

Parameters
dbPathPath to where SQlite case database should be created.
Returns
A case database object.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 1192 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.newCase ( String  caseName,
CaseDbConnectionInfo  info,
String  caseDirPath 
) throws TskCoreException
static

Creates a new PostgreSQL case database.

Parameters
caseNameThe name of the case. It will be used to create a case database name that can be safely used in SQL commands and will not be subject to name collisions on the case database server. Use getDatabaseName to get the created name.
infoThe information to connect to the database.
caseDirPathThe case directory path.
Returns
A case database object.
Exceptions
org.sleuthkit.datamodel.TskCoreException

The flow of this method involves trying to create a new case and if successful, return that case. If unsuccessful, an exception is thrown. We catch any exceptions, and use tryConnect() to attempt to obtain further information about the error. If tryConnect() is unable to successfully connect, tryConnect() will throw a TskCoreException with a message containing user-level error reporting. If tryConnect() is able to connect, flow continues and we rethrow the original exception obtained from trying to create the case. In this way, we obtain more detailed information if we are able, but do not lose any information if unable.

Definition at line 1216 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseDirPath, org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.createCaseDataBaseName(), org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.tryConnect().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.openCase ( String  dbPath) throws TskCoreException
static

Open an existing case database.

Parameters
dbPathPath to SQLite case database.
Returns
Case database object.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 1138 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.TskData.DbType.SQLITE.

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.openCase ( String  databaseName,
CaseDbConnectionInfo  info,
String  caseDir 
) throws TskCoreException
static

Open an existing multi-user case database.

Parameters
databaseNameThe name of the database.
infoConnection information for the the database.
caseDirThe folder where the case metadata fils is stored.
Returns
A case database object.
Exceptions
TskCoreExceptionIf there is a problem opening the database.

Definition at line 1158 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.tryConnect().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.openFiles ( Content  dataSource,
String  filePath 
) throws TskCoreException
Parameters
dataSourcethe data source (Image, VirtualDirectory for file-sets, etc) to search for the given file name
filePathThe full path to the file(statement) of interest. This can optionally include the image and volume names. Treated in a case- insensitive manner.
Returns
a list of AbstractFile that have the given file path.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 4826 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.AbstractFile.createNonUniquePath(), and org.sleuthkit.datamodel.SleuthkitCase.findFiles().

void org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock ( )

Release the lock that provides exclusive access to the database if it is a SQLite database. This method should always be called in the finally block of a try block in which the lock was acquired.

Definition at line 1101 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), and org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus().

void org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock ( )

Release the lock that provides shared access to the database if it is a SQLite database. This method should always be called in the finally block of a try block in which the lock was acquired.

Definition at line 1123 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addIngestJob(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.CaseDbQuery(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.close(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.runQuery(), and org.sleuthkit.datamodel.SleuthkitCase.updateImagePath().

void org.sleuthkit.datamodel.SleuthkitCase.removeErrorObserver ( ErrorObserver  observer)

Remove an observer for SleuthkitCase errors.

Parameters
observerThe observer to remove.

Definition at line 6283 of file SleuthkitCase.java.

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles ( ResultSet  rs,
CaseDbConnection  connection 
) throws SQLException
private

Creates file object from a SQL query result set of rows from the tsk_files table. Assumes that the query was of the form "SELECT * FROM tsk_files WHERE XYZ".

Parameters
rsResultSet to get content from. Caller is responsible for closing it.
Returns
list of file objects from tsk_files table containing the files
Exceptions
SQLExceptionif the query fails

Definition at line 5590 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.SLACK, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS, org.sleuthkit.datamodel.AbstractContent.UNKNOWN_ID, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.FileKnown.valueOf(), and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), and org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById().

ResultSet org.sleuthkit.datamodel.SleuthkitCase.runQuery ( String  query) throws SQLException

Process a read-only query on the tsk database, any table Can be used to e.g. to find files of a given criteria. resultSetToFsContents() will convert the files to useful objects. MUST CALL closeRunQuery() when done

Parameters
querythe given string query to run
Returns
the resultSet from running the query. Caller MUST CALL closeRunQuery(resultSet) as soon as possible, when done with retrieving data from the resultSet
Exceptions
SQLExceptionif error occurred during the query
Deprecated:
Do not use runQuery(), use executeQuery() instead. Query the Database

Definition at line 8455 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

void org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType ( AbstractFile  file,
String  mimeType 
) throws TskCoreException

Stores the MIME type of a file in the case database and updates the MIME type of the given file object.

Parameters
fileA file.
mimeTypeThe MIME type.
Exceptions
TskCoreExceptionIf there is an error updating the case database.

Definition at line 6025 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.setImagePaths ( long  obj_id,
List< String >  paths 
) throws TskCoreException

Set the file paths for the image given by obj_id

Parameters
obj_idthe ID of the image to update
pathsthe fully qualified path to the files that make up the image
Exceptions
TskCoreExceptionexception thrown when critical error occurs within tsk core and the update fails

Definition at line 5556 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

boolean org.sleuthkit.datamodel.SleuthkitCase.setKnown ( AbstractFile  file,
FileKnown  fileKnown 
) throws TskCoreException

Store the known status for the FsContent in the database Note: will not update status if content is already 'Known Bad'

Parameters
fileThe AbstractFile object
fileKnownThe object'statement known status
Returns
true if the known status was updated, false otherwise
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 5991 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus ( BlackboardArtifact  artifact,
BlackboardArtifact.ReviewStatus  newStatus 
) throws TskCoreException

Set the review status of the given artifact to newStatus

Parameters
artifactThe artifact whose review status is being set.
newStatusThe new review status for the given artifact. Must not be null.
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 6085 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.getArtifactID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.submitError ( String  context,
String  errorMessage 
)

Submit an error to all clients that are listening.

Parameters
contextThe context in which the error occurred.
errorMessageA description of the error that occurred.

Definition at line 6296 of file SleuthkitCase.java.

static void org.sleuthkit.datamodel.SleuthkitCase.tryConnect ( CaseDbConnectionInfo  info) throws TskCoreException
static

Attempts to connect to the database with the passed in settings, throws if the settings are not sufficient to connect to the database type indicated. Only attempts to connect to remote databases.

When issues occur, it attempts to diagnose them by looking at the exception messages, returning the appropriate user-facing text for the exception received. This method expects the Exceptions messages to be in English and compares against English text.

Parameters
infoThe connection information
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 139 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.openCase().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3 ( int  schemaVersionNumber,
CaseDbConnection  connection 
) throws SQLException, TskCoreException
private

Updates a schema version 2 database to a schema version 3 database.

Parameters
schemaVersionNumberThe current schema version number of the database.
connectionA connection to the case database.
Returns
The new database schema version.
Exceptions
SQLExceptionIf there is an error completing a database operation.
TskCoreExceptionIf there is an error completing a database operation via another SleuthkitCase method.

Definition at line 666 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.Content.getSize(), org.sleuthkit.datamodel.TagName.HTML_COLOR.NONE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT, org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_FILE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TAG_NAME, and org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4 ( int  schemaVersionNumber,
CaseDbConnection  connection 
) throws SQLException, TskCoreException
private

Updates a schema version 3 database to a schema version 4 database.

Parameters
schemaVersionNumberThe current schema version number of the database.
connectionA connection to the case database.
Returns
The new database schema version.
Exceptions
SQLExceptionIf there is an error completing a database operation.
TskCoreExceptionIf there is an error completing a database operation via another SleuthkitCase method.

Definition at line 807 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.fromLabel(), org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.getType(), org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.getValueType(), org.sleuthkit.datamodel.SleuthkitCase.initIngestModuleTypes(), org.sleuthkit.datamodel.SleuthkitCase.initIngestStatusTypes(), and org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema4toSchema5 ( int  schemaVersionNumber,
CaseDbConnection  connection 
) throws SQLException, TskCoreException
private

Updates a schema version 4 database to a schema version 5 database.

Parameters
schemaVersionNumberThe current schema version number of the database.
connectionA connection to the case database.
Returns
The new database schema version.
Exceptions
SQLExceptionIf there is an error completing a database operation.
TskCoreExceptionIf there is an error completing a database operation via another SleuthkitCase method.

Definition at line 926 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.initEncodingTypes(), org.sleuthkit.datamodel.SleuthkitCase.initReviewStatuses(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.UNDECIDED.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema5toSchema6 ( int  schemaVersionNumber,
CaseDbConnection  connection 
) throws SQLException, TskCoreException
private

Updates a schema version 4 database to a schema version 5 database.

Parameters
schemaVersionNumberThe current schema version number of the database.
connectionA connection to the case database.
Returns
The new database schema version.
Exceptions
SQLExceptionIf there is an error completing a database operation.
TskCoreExceptionIf there is an error completing a database operation via another SleuthkitCase method.

Definition at line 984 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.UNDECIDED.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

void org.sleuthkit.datamodel.SleuthkitCase.updateImagePath ( String  newPath,
long  objectId 
) throws TskCoreException

Change the path for an image in the database.

Parameters
newPathNew path to the image
objectIdData source ID of the image
Exceptions
TskCoreException

Definition at line 6927 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.UPDATE_IMAGE_PATH.

Member Data Documentation

final long org.sleuthkit.datamodel.SleuthkitCase.BASE_ARTIFACT_ID = Long.MIN_VALUE
staticprivate
final ResourceBundle org.sleuthkit.datamodel.SleuthkitCase.bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle")
staticprivate

Definition at line 94 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.caseDirPath
private
final ConnectionPool org.sleuthkit.datamodel.SleuthkitCase.connections
private

Definition at line 103 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.databaseName
private
String org.sleuthkit.datamodel.SleuthkitCase.dbBackupPath
private
final String org.sleuthkit.datamodel.SleuthkitCase.dbPath
private
final DbType org.sleuthkit.datamodel.SleuthkitCase.dbType
private
final Map<Long, FileSystem> org.sleuthkit.datamodel.SleuthkitCase.fileSystemIdMap = new HashMap<Long, FileSystem>()
private
final int org.sleuthkit.datamodel.SleuthkitCase.IS_REACHABLE_TIMEOUT_MS = 1000
staticprivate

Definition at line 95 of file SleuthkitCase.java.

final Logger org.sleuthkit.datamodel.SleuthkitCase.logger = Logger.getLogger(SleuthkitCase.class.getName())
staticprivate
final int org.sleuthkit.datamodel.SleuthkitCase.MAX_DB_NAME_LEN_BEFORE_TIMESTAMP = 47
staticprivate
final int org.sleuthkit.datamodel.SleuthkitCase.MIN_USER_DEFINED_TYPE_ID = 10000
staticprivate
long org.sleuthkit.datamodel.SleuthkitCase.nextArtifactId
private

Definition at line 118 of file SleuthkitCase.java.

final Map<Long, VirtualDirectory> org.sleuthkit.datamodel.SleuthkitCase.rootIdsToCarvedFileDirs = new HashMap<Long, VirtualDirectory>()
private

Definition at line 104 of file SleuthkitCase.java.

final ReentrantReadWriteLock org.sleuthkit.datamodel.SleuthkitCase.rwLock = new ReentrantReadWriteLock(true)
private

Definition at line 123 of file SleuthkitCase.java.

final int org.sleuthkit.datamodel.SleuthkitCase.SCHEMA_VERSION_NUMBER = 6
staticprivate
final ArrayList<ErrorObserver> org.sleuthkit.datamodel.SleuthkitCase.sleuthkitCaseErrorObservers = new ArrayList<ErrorObserver>()
private

Definition at line 106 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_AUTHENTICATION_GROUP = "28"
staticprivate

Definition at line 97 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_CONNECTION_GROUP = "08"
staticprivate

Definition at line 96 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_INTERNAL_GROUP = "xx"
staticprivate

Definition at line 101 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_LIMIT_GROUP = "54"
staticprivate

Definition at line 100 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_PRIVILEGE_GROUP = "42"
staticprivate

Definition at line 98 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_RESOURCE_GROUP = "53"
staticprivate

Definition at line 99 of file SleuthkitCase.java.

int org.sleuthkit.datamodel.SleuthkitCase.versionNumber
private

The documentation for this class was generated from the following file:

Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.