Classes
class	CaseDbConnection

class	CaseDbQuery

class	CaseDbTransaction

class	ConnectionPool

interface	DbCommand

interface	ErrorObserver

class	ObjectInfo

class	PostgreSQLConnection

class	PostgreSQLConnections

enum	PREPARED_STATEMENT

class	SQLiteConnection

class	SQLiteConnections

Public Member Functions
void	acquireExclusiveLock ()

void	acquireSharedLock ()

BlackboardAttribute.Type	addArtifactAttributeType (String attrTypeString, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName) throws TskCoreException, TskDataException

int	addArtifactType (String artifactTypeName, String displayName) throws TskCoreException

int	addAttrType (String attrTypeString, String displayName) throws TskCoreException

BlackboardArtifactTag	addBlackboardArtifactTag (BlackboardArtifact artifact, TagName tagName, String comment) throws TskCoreException

BlackboardArtifact.Type	addBlackboardArtifactType (String artifactTypeName, String displayName) throws TskCoreException, TskDataException

void	addBlackboardAttribute (BlackboardAttribute attr, int artifactTypeId) throws TskCoreException

void	addBlackboardAttributes (Collection< BlackboardAttribute > attributes, int artifactTypeId) throws TskCoreException

LayoutFile	addCarvedFile (String carvedFileName, long carvedFileSize, long containerId, List< TskFileRange > data) throws TskCoreException

final List< LayoutFile >	addCarvedFiles (CarvingResult carvingResult) throws TskCoreException

List< LayoutFile >	addCarvedFiles (List< CarvedFileContainer > filesToAdd) throws TskCoreException

ContentTag	addContentTag (Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset) throws TskCoreException

DerivedFile	addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException

DerivedFile	addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException

void	addErrorObserver (ErrorObserver observer)

Image	addImageInfo (long deviceObjId, List< String > imageFilePaths, String timeZone) throws TskCoreException

final IngestJobInfo	addIngestJob (Content dataSource, String hostName, List< IngestModuleInfo > ingestModules, Date jobStart, Date jobEnd, IngestJobStatusType status, String settingsDir) throws TskCoreException

final IngestModuleInfo	addIngestModule (String displayName, String factoryClassName, IngestModuleType type, String version) throws TskCoreException

final List< LayoutFile >	addLayoutFiles (Content parent, List< TskFileRange > fileRanges) throws TskCoreException

LocalFile	addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent) throws TskCoreException

LocalFile	addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent, CaseDbTransaction transaction) throws TskCoreException

LocalFile	addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent, CaseDbTransaction transaction) throws TskCoreException

LocalFile	addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent) throws TskCoreException

LocalFilesDataSource	addLocalFilesDataSource (String deviceId, String rootDirectoryName, String timeZone, CaseDbTransaction transaction) throws TskCoreException

Report	addReport (String localPath, String sourceModuleName, String reportName) throws TskCoreException

TagName	addTagName (String displayName, String description, TagName.HTML_COLOR color) throws TskCoreException

VirtualDirectory	addVirtualDirectory (long parentId, String directoryName) throws TskCoreException

VirtualDirectory	addVirtualDirectory (long parentId, String directoryName, CaseDbTransaction transaction) throws TskCoreException

boolean	allFilesMd5Hashed ()

CaseDbTransaction	beginTransaction () throws TskCoreException

void	close ()

void	closeRunQuery (ResultSet resultSet) throws SQLException

void	copyCaseDB (String newDBPath) throws IOException

int	countFilesMd5Hashed ()

long	countFilesWhere (String sqlWhereClause) throws TskCoreException

int	countFsContentType (TskData.TSK_FS_META_TYPE_ENUM contentType) throws TskCoreException

void	deleteBlackboardArtifactTag (BlackboardArtifactTag tag) throws TskCoreException

void	deleteContentTag (ContentTag tag) throws TskCoreException

void	deleteReport (Report report) throws TskCoreException

CaseDbQuery	executeQuery (String query) throws TskCoreException

List< Long >	findAllFileIdsWhere (String sqlWhereClause) throws TskCoreException

List< AbstractFile >	findAllFilesWhere (String sqlWhereClause) throws TskCoreException

List< AbstractFile >	findFiles (Content dataSource, String fileName) throws TskCoreException

List< AbstractFile >	findFiles (Content dataSource, String fileName, String dirName) throws TskCoreException

List< AbstractFile >	findFiles (Content dataSource, String fileName, AbstractFile parentFile) throws TskCoreException

List< AbstractFile >	findFilesByMd5 (String md5Hash)

List< FsContent >	findFilesWhere (String sqlWhereClause) throws TskCoreException

AbstractFile	getAbstractFileById (long id) throws TskCoreException

List< BlackboardArtifactTag >	getAllBlackboardArtifactTags () throws TskCoreException

List< ContentTag >	getAllContentTags () throws TskCoreException

List< Report >	getAllReports () throws TskCoreException

List< TagName >	getAllTagNames () throws TskCoreException

BlackboardArtifact.Type	getArtifactType (String artTypeName) throws TskCoreException

int	getArtifactTypeID (String artifactTypeName) throws TskCoreException

Iterable< BlackboardArtifact.Type >	getArtifactTypes () throws TskCoreException

List< BlackboardArtifact.Type >	getArtifactTypesInUse () throws TskCoreException

BlackboardAttribute.Type	getAttributeType (String attrTypeName) throws TskCoreException

List< BlackboardAttribute.Type >	getAttributeTypes () throws TskCoreException

String	getAttrTypeDisplayName (int attrTypeID) throws TskCoreException

int	getAttrTypeID (String attrTypeName) throws TskCoreException

String	getAttrTypeString (int attrTypeID) throws TskCoreException

String	getBackupDatabasePath ()

BlackboardArtifact	getBlackboardArtifact (long artifactID) throws TskCoreException

ArrayList< BlackboardArtifact >	getBlackboardArtifacts (int artifactTypeID) throws TskCoreException

List< BlackboardArtifact >	getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException

List< BlackboardArtifact >	getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String subString, boolean startsWith) throws TskCoreException

List< BlackboardArtifact >	getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, int value) throws TskCoreException

List< BlackboardArtifact >	getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, long value) throws TskCoreException

List< BlackboardArtifact >	getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, double value) throws TskCoreException

List< BlackboardArtifact >	getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, byte value) throws TskCoreException

ArrayList< BlackboardArtifact >	getBlackboardArtifacts (String artifactTypeName, long obj_id) throws TskCoreException

ArrayList< BlackboardArtifact >	getBlackboardArtifacts (int artifactTypeID, long obj_id) throws TskCoreException

ArrayList< BlackboardArtifact >	getBlackboardArtifacts (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException

ArrayList< BlackboardArtifact >	getBlackboardArtifacts (String artifactTypeName) throws TskCoreException

ArrayList< BlackboardArtifact >	getBlackboardArtifacts (ARTIFACT_TYPE artifactType) throws TskCoreException

List< BlackboardArtifact >	getBlackboardArtifacts (ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException

long	getBlackboardArtifactsCount (long objId) throws TskCoreException

long	getBlackboardArtifactsCount (String artifactTypeName, long obj_id) throws TskCoreException

long	getBlackboardArtifactsCount (int artifactTypeID, long obj_id) throws TskCoreException

long	getBlackboardArtifactsCount (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException

long	getBlackboardArtifactsTypeCount (int artifactTypeID) throws TskCoreException

BlackboardArtifactTag	getBlackboardArtifactTagByID (long artifactTagID) throws TskCoreException

List< BlackboardArtifactTag >	getBlackboardArtifactTagsByArtifact (BlackboardArtifact artifact) throws TskCoreException

List< BlackboardArtifactTag >	getBlackboardArtifactTagsByTagName (TagName tagName) throws TskCoreException

long	getBlackboardArtifactTagsCountByTagName (TagName tagName) throws TskCoreException

ArrayList< BlackboardArtifact.ARTIFACT_TYPE >	getBlackboardArtifactTypes () throws TskCoreException

ArrayList< BlackboardArtifact.ARTIFACT_TYPE >	getBlackboardArtifactTypesInUse () throws TskCoreException

ArrayList< BlackboardAttribute >	getBlackboardAttributes (final BlackboardArtifact artifact) throws TskCoreException

ArrayList< BlackboardAttribute.ATTRIBUTE_TYPE >	getBlackboardAttributeTypes () throws TskCoreException

int	getBlackboardAttributeTypesCount () throws TskCoreException

Content	getContentById (long id) throws TskCoreException

ContentTag	getContentTagByID (long contentTagID) throws TskCoreException

List< ContentTag >	getContentTagsByContent (Content content) throws TskCoreException

List< ContentTag >	getContentTagsByTagName (TagName tagName) throws TskCoreException

long	getContentTagsCountByTagName (TagName tagName) throws TskCoreException

String	getDatabaseName ()

DbType	getDatabaseType ()

DataSource	getDataSource (long objectId) throws TskDataException, TskCoreException

List< DataSource >	getDataSources () throws TskCoreException

String	getDbDirPath ()

List< TskFileRange >	getFileRanges (long id) throws TskCoreException

Collection< FileSystem >	getFileSystems (Image image)

Image	getImageById (long id) throws TskCoreException

Map< Long, List< String > >	getImagePaths () throws TskCoreException

List< Image >	getImages () throws TskCoreException

final List< IngestJobInfo >	getIngestJobs () throws TskCoreException

long	getLastObjectId () throws TskCoreException

ArrayList< BlackboardArtifact >	getMatchingArtifacts (String whereClause) throws TskCoreException

ArrayList< BlackboardAttribute >	getMatchingAttributes (String whereClause) throws TskCoreException

List< Content >	getRootObjects () throws TskCoreException

int	getSchemaVersion ()

List< TagName >	getTagNamesInUse () throws TskCoreException

List< VirtualDirectory >	getVirtualDirectoryRoots () throws TskCoreException

boolean	isFileFromSource (Content dataSource, long fileId) throws TskCoreException

AddImageProcess	makeAddImageProcess (String timezone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageWriterPath)

AddImageProcess	makeAddImageProcess (String timezone, boolean addUnallocSpace, boolean noFatFsOrphans)

BlackboardArtifact	newBlackboardArtifact (int artifactTypeID, long obj_id) throws TskCoreException

BlackboardArtifact	newBlackboardArtifact (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException

List< AbstractFile >	openFiles (Content dataSource, String filePath) throws TskCoreException

void	releaseExclusiveLock ()

void	releaseSharedLock ()

void	removeErrorObserver (ErrorObserver observer)

ResultSet	runQuery (String query) throws SQLException

void	setFileMIMEType (AbstractFile file, String mimeType) throws TskCoreException

void	setImagePaths (long obj_id, List< String > paths) throws TskCoreException

boolean	setKnown (AbstractFile file, FileKnown fileKnown) throws TskCoreException

void	setReviewStatus (BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus) throws TskCoreException

void	submitError (String context, String errorMessage)

void	updateImagePath (String newPath, long objectId) throws TskCoreException

Static Public Member Functions
static String	escapeSingleQuotes (String text)

static SleuthkitCase	newCase (String dbPath) throws TskCoreException

static SleuthkitCase	newCase (String caseName, CaseDbConnectionInfo info, String caseDirPath) throws TskCoreException

static SleuthkitCase	openCase (String dbPath) throws TskCoreException

static SleuthkitCase	openCase (String databaseName, CaseDbConnectionInfo info, String caseDir) throws TskCoreException

static void	tryConnect (CaseDbConnectionInfo info) throws TskCoreException

Protected Member Functions
void	finalize () throws Throwable

Private Member Functions
	SleuthkitCase (String dbPath, SleuthkitJNI.CaseDbHandle caseHandle, DbType dbType) throws Exception

	SleuthkitCase (String host, int port, String dbName, String userName, String password, SleuthkitJNI.CaseDbHandle caseHandle, String caseDirPath, DbType dbType) throws Exception

void	addBlackBoardAttribute (BlackboardAttribute attr, int artifactTypeId, CaseDbConnection connection) throws SQLException, TskCoreException

void	addFilePath (CaseDbConnection connection, long objId, String path, TskData.EncodingType type) throws SQLException

long	getArtifactsCountHelper (int artifactTypeID, long obj_id) throws TskCoreException

ArrayList< BlackboardArtifact >	getArtifactsHelper (String whereClause) throws TskCoreException

BlackboardAttribute.Type	getAttributeType (int typeID) throws TskCoreException

long	getDataSourceObjectId (CaseDbConnection connection, long objectId) throws TskCoreException

FileSystem	getFileSystemByIdHelper (long id, Content parent) throws TskCoreException

long	getFileSystemId (long fileId, CaseDbConnection connection)

List< IngestModuleInfo >	getIngestModules (int ingestJobId, CaseDbConnection connection) throws SQLException

void	init () throws Exception

void	initBlackboardArtifactTypes () throws SQLException, TskCoreException

void	initBlackboardAttributeTypes () throws SQLException, TskCoreException

void	initEncodingTypes (CaseDbConnection connection) throws SQLException, TskCoreException

void	initIngestModuleTypes (CaseDbConnection connection) throws SQLException, TskCoreException

void	initIngestStatusTypes (CaseDbConnection connection) throws SQLException, TskCoreException

void	initNextArtifactId () throws SQLException, TskCoreException

void	initReviewStatuses (CaseDbConnection connection) throws SQLException, TskCoreException

void	initStandardTagNames () throws SQLException, TskCoreException

void	logSQLiteJDBCDriverInfo ()

BlackboardArtifact	newBlackboardArtifact (int artifact_type_id, long obj_id, String artifactTypeName, String artifactDisplayName) throws TskCoreException

List< AbstractFile >	resultSetToAbstractFiles (ResultSet rs, CaseDbConnection connection) throws SQLException

void	updateDatabaseSchema (String dbPath) throws Exception

int	updateFromSchema2toSchema3 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException

int	updateFromSchema3toSchema4 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException

int	updateFromSchema4toSchema5 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException

int	updateFromSchema5toSchema6 (int schemaVersionNumber, CaseDbConnection connection) throws SQLException, TskCoreException

Static Private Member Functions
static void	closeResultSet (ResultSet resultSet)

static void	closeStatement (Statement statement)

static String	createCaseDataBaseName (String candidateDbName)

Private Attributes
final String	caseDirPath

SleuthkitJNI.CaseDbHandle	caseHandle

final ConnectionPool	connections

final String	databaseName

String	dbBackupPath

final String	dbPath

final DbType	dbType

final Map< Long, FileSystem >	fileSystemIdMap = new HashMap<Long, FileSystem>()

long	nextArtifactId

final Map< Long, VirtualDirectory >	rootIdsToCarvedFileDirs = new HashMap<Long, VirtualDirectory>()

final ReentrantReadWriteLock	rwLock = new ReentrantReadWriteLock(true)

final ArrayList< ErrorObserver >	sleuthkitCaseErrorObservers = new ArrayList<ErrorObserver>()

Map< Integer, BlackboardArtifact.Type >	typeIdToArtifactTypeMap

Map< Integer, BlackboardAttribute.Type >	typeIdToAttributeTypeMap

Map< String, BlackboardArtifact.Type >	typeNameToArtifactTypeMap

Map< String, BlackboardAttribute.Type >	typeNameToAttributeTypeMap

int	versionNumber

Static Private Attributes
static final long	BASE_ARTIFACT_ID = Long.MIN_VALUE

static final ResourceBundle	bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle")

static final int	IS_REACHABLE_TIMEOUT_MS = 1000

static final Logger	logger = Logger.getLogger(SleuthkitCase.class.getName())

static final int	MAX_DB_NAME_LEN_BEFORE_TIMESTAMP = 47

static final int	MIN_USER_DEFINED_TYPE_ID = 10000

static final int	SCHEMA_VERSION_NUMBER = 6

static final String	SQL_ERROR_AUTHENTICATION_GROUP = "28"

static final String	SQL_ERROR_CONNECTION_GROUP = "08"

static final String	SQL_ERROR_INTERNAL_GROUP = "xx"

static final String	SQL_ERROR_LIMIT_GROUP = "54"

static final String	SQL_ERROR_PRIVILEGE_GROUP = "42"

static final String	SQL_ERROR_RESOURCE_GROUP = "53"

Detailed Description

Represents the case database with methods that provide abstractions for database operations.

Definition at line 88 of file SleuthkitCase.java.

Constructor & Destructor Documentation

org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase	(	String	dbPath,
		SleuthkitJNI.CaseDbHandle	caseHandle,
		DbType	dbType
	)		throws Exception

private

Private constructor, clients must use newCase() or openCase() method to create an instance of this class.

Parameters

dbPath	The full path to a SQLite case database file.
caseHandle	A handle to a case database object in the native code SleuthKit layer.
dbType	The type of database we're dealing with

Exceptions

Exception

Definition at line 205 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.dbPath, org.sleuthkit.datamodel.SleuthkitCase.dbType, org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.logSQLiteJDBCDriverInfo().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.openCase().

org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase	(	String	host,
		int	port,
		String	dbName,
		String	userName,
		String	password,
		SleuthkitJNI.CaseDbHandle	caseHandle,
		String	caseDirPath,
		DbType	dbType
	)		throws Exception

private

Private constructor, clients must use newCase() or openCase() method to create an instance of this class.

Parameters

host	The PostgreSQL database server.
port	The port to use connect to the PostgreSQL database server.
dbName	The name of the case database.
userName	The user name to use to connect to the case database.
password	The password to use to connect to the case database.
caseHandle	A handle to a case database object in the native code
dbType	The type of database we're dealing with SleuthKit layer.
caseDirPath	The path to the root case directory.

Exceptions

Exception

Definition at line 235 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseDirPath, org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.dbType, and org.sleuthkit.datamodel.SleuthkitCase.init().

Member Function Documentation

void org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock ( )

Acquire the lock that provides exclusive access to the case database if it is a SQLite database. Call this method in a try block with a call to the lock release method in an associated finally block.

Definition at line 1090 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

void org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock ( )

Acquire the lock that provides shared access to the case database if it is a SQLite database. Call this method in a try block with a call to the lock release method in an associated finally block.

Definition at line 1112 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType	(	String	attrTypeString,
		TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE	valueType,
		String	displayName
	)		throws TskCoreException, TskDataException

Add an attribute type with the given name

Parameters

attrTypeString	Name of the new attribute
valueType	The value type of this new attribute type
displayName	The (non-unique) display name of the attribute type

Returns: the id of the new attribute

Exceptions

TskCoreException	exception thrown if a critical error occurs within tsk core
TskDataException	exception thrown if attribute type was already in the system

Definition at line 2542 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.MIN_USER_DEFINED_TYPE_ID, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.typeIdToAttributeTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToAttributeTypeMap.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addAttrType().

int org.sleuthkit.datamodel.SleuthkitCase.addArtifactType	(	String	artifactTypeName,
		String	displayName
	)		throws TskCoreException

Adds a custom artifact type. The artifact type name must be unique, but the display name need not be unique.

Parameters

artifactTypeName	The artifact type name.
displayName	The artifact type display name.

Returns: The artifact type id assigned to the artifact type.

Exceptions

TskCoreException If there is an error adding the type to the case database.

Deprecated:: Use SleuthkitCase.addBlackboardArtifactType instead.

Definition at line 8289 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType().

int org.sleuthkit.datamodel.SleuthkitCase.addAttrType	(	String	attrTypeString,
		String	displayName
	)		throws TskCoreException

Adds a custom attribute type with a string value type. The attribute type name must be unique, but the display name need not be unique.

Parameters

attrTypeString	The attribute type name.
displayName	The attribute type display name.

Returns: The attribute type id.

Exceptions

TskCoreException If there is an error adding the type to the case database.

Deprecated:: Use SleuthkitCase.addArtifactAttributeType instead.

Definition at line 8311 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), and org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING.

BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag	(	BlackboardArtifact	artifact,
		TagName	tagName,
		String	comment
	)		throws TskCoreException

Inserts a row into the blackboard_artifact_tags table in the case database.

Parameters

artifact	The blackboard artifact to tag.
tagName	The name to use for the tag.
comment	A comment to store with the tag.

Returns: A BlackboardArtifactTag data transfer object (DTO) for the new row.

Exceptions

TskCoreException

Definition at line 6671 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_ARTIFACT_TAG, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

BlackboardArtifact.Type org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType	(	String	artifactTypeName,
		String	displayName
	)		throws TskCoreException, TskDataException

Add an artifact type with the given name. Will return an artifact Type.

Parameters

artifactTypeName	System (unique) name of artifact
displayName	Display (non-unique) name of artifact

Returns: Type of the artifact added

Exceptions

TskCoreException	exception thrown if a critical error occurs
TskDataException	exception thrown if given data is already in db within tsk core

Definition at line 2752 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.MIN_USER_DEFINED_TYPE_ID, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.typeIdToArtifactTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToArtifactTypeMap.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType().

void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute	(	BlackboardAttribute	attr,
		int	artifactTypeId
	)		throws TskCoreException

Add a blackboard attribute.

Parameters

attr	A blackboard attribute.
artifactTypeId	The type of artifact associated with the attribute.

Exceptions

TskCoreException thrown if a critical error occurs.

Definition at line 2325 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttribute().

void org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute	(	BlackboardAttribute	attr,
		int	artifactTypeId,
		CaseDbConnection	connection
	)		throws SQLException, TskCoreException

private

Definition at line 2365 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_BYTE_ATTRIBUTE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_DOUBLE_ATTRIBUTE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_INT_ATTRIBUTE, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_LONG_ATTRIBUTE, and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_STRING_ATTRIBUTE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes().

void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes	(	Collection< BlackboardAttribute >	attributes,
		int	artifactTypeId
	)		throws TskCoreException

Add a set blackboard attributes.

Parameters

attributes	A set of blackboard attribute.
artifactTypeId	The type of artifact associated with the attributes.

Exceptions

TskCoreException thrown if a critical error occurs.

Definition at line 2347 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttributes().

LayoutFile org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile	(	String	carvedFileName,
		long	carvedFileSize,
		long	containerId,
		List< TskFileRange >	data
	)		throws TskCoreException

Adds a carved file to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.

Parameters

carvedFileName	the name of the carved file to add
carvedFileSize	the size of the carved file to add
containerId	the ID of the parent volume, file system, or image
data	the layout information - a list of offsets that make up this carved file.

Returns: A LayoutFile object representing the carved file.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Deprecated:: Use addCarvedFile(CarvingResult) instead

Definition at line 8508 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), and org.sleuthkit.datamodel.SleuthkitCase.getContentById().

final List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles ( CarvingResult carvingResult ) throws TskCoreException

Adds a carving result to the case database.

Parameters

carvingResult The carving result (a set of carved files and their parent) to be added.

Returns: A list of LayoutFile representations of the carved files.

Exceptions

TskCoreException If there is a problem completing a case database operation.

Definition at line 4168 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().

List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles ( List< CarvedFileContainer > filesToAdd ) throws TskCoreException

Adds a collection of carved files to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.

Parameters

filesToAdd A list of CarvedFileContainer files to add as carved files.

Returns: A list of the files added to the database.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Deprecated:: Use addCarvedFile(CarvingResult) instead

Definition at line 8538 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.Content.getId().

ContentTag org.sleuthkit.datamodel.SleuthkitCase.addContentTag	(	Content	content,
		TagName	tagName,
		String	comment,
		long	beginByteOffset,
		long	endByteOffset
	)		throws TskCoreException

Inserts a row into the content_tags table in the case database.

Parameters

content	The content to tag.
tagName	The name to use for the tag.
comment	A comment to store with the tag.
beginByteOffset	Designates the beginning of a tagged section.
endByteOffset	Designates the end of a tagged section.

Returns: A ContentTag data transfer object (DTO) for the new row.

Exceptions

TskCoreException

Definition at line 6419 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_CONTENT_TAG, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile	(	String	fileName,
		String	localPath,
		long	size,
		long	ctime,
		long	crtime,
		long	atime,
		long	mtime,
		boolean	isFile,
		AbstractFile	parentFile,
		String	rederiveDetails,
		String	toolName,
		String	toolVersion,
		String	otherDetails,
		TskData.EncodingType	encodingType
	)		throws TskCoreException

Creates a new derived file object, adds it to database and returns it.

TODO add support for adding derived method

Parameters

fileName	file name the derived file
localPath	local path of the derived file, including the file name. The path is relative to the database path.
size	size of the derived file in bytes
ctime
crtime
atime
mtime
isFile	whether a file or directory, true if a file
parentFile	parent file object (derived or local file)
rederiveDetails	details needed to re-derive file (will be specific to the derivation method), currently unused
toolName	name of derivation method/tool, currently unused
toolVersion	version of derivation method/tool, currently unused
otherDetails	details of derivation method/tool, currently unused
encodingType	Type of encoding used on the file (or NONE if no encoding)

Returns: newly created derived file object

Exceptions

TskCoreException exception thrown if the object creation failed due to a critical system error

Definition at line 4389 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile().

DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile	(	String	fileName,
		String	localPath,
		long	size,
		long	ctime,
		long	crtime,
		long	atime,
		long	mtime,
		boolean	isFile,
		AbstractFile	parentFile,
		String	rederiveDetails,
		String	toolName,
		String	toolVersion,
		String	otherDetails
	)		throws TskCoreException

Creates a new derived file object, adds it to database and returns it.

TODO add support for adding derived method

Parameters

fileName	file name the derived file
localPath	local path of the derived file, including the file name. The path is relative to the database path.
size	size of the derived file in bytes
ctime
crtime
atime
mtime
isFile	whether a file or directory, true if a file
parentFile	parent file object (derived or local file)
rederiveDetails	details needed to re-derive file (will be specific to the derivation method), currently unused
toolName	name of derivation method/tool, currently unused
toolVersion	version of derivation method/tool, currently unused
otherDetails	details of derivation method/tool, currently unused

Returns: newly created derived file object

Exceptions

TskCoreException exception thrown if the object creation failed due to a critical system error Use the newer version with explicit encoding type parameter

Definition at line 8586 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

void org.sleuthkit.datamodel.SleuthkitCase.addErrorObserver ( ErrorObserver observer )

Add an observer for SleuthkitCase errors.

Parameters

observer The observer to add.

Definition at line 6274 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.addFilePath	(	CaseDbConnection	connection,
		long	objId,
		String	path,
		TskData.EncodingType	type
	)		throws SQLException

private

Add a path (such as a local path) for a content object to tsk_file_paths

Parameters

connection	A case database connection.
objId	object id of the file to add the path for
path	the path to add

Exceptions

SQLException exception thrown when database error occurred and path was not added

Definition at line 4685 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_LOCAL_PATH.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().

Image org.sleuthkit.datamodel.SleuthkitCase.addImageInfo	(	long	deviceObjId,
		List< String >	imageFilePaths,
		String	timeZone
	)		throws TskCoreException

Adds an image to the case database.

Parameters

deviceObjId	The object id of the device associated with the image.
imageFilePaths	The image file paths.
timeZone	The time zone for the image.

Returns: An Image object.

Exceptions

TskCoreException if there is an error adding the image to case database.

Definition at line 5463 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, and org.sleuthkit.datamodel.SleuthkitCase.getImageById().

final IngestJobInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestJob	(	Content	dataSource,
		String	hostName,
		List< IngestModuleInfo >	ingestModules,
		Date	jobStart,
		Date	jobEnd,
		IngestJobStatusType	status,
		String	settingsDir
	)		throws TskCoreException

Parameters

dataSource	The datasource the ingest job is being run on
hostName	The name of the host
ingestModules	The ingest modules being run during the ingest job. Should be in pipeline order.
jobStart	The time the job started
jobEnd	The time the job ended
status	The ingest job status
settingsDir	The directory of the job's settings

Returns: An information object representing the ingest job added to the database.

Exceptions

TskCoreException If adding the job to the database fails.

Definition at line 7144 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.IngestModuleInfo.getIngestModuleId(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_INGEST_JOB, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

final IngestModuleInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestModule	(	String	displayName,
		String	factoryClassName,
		IngestModuleType	type,
		String	version
	)		throws TskCoreException

Adds the given ingest module to the database.

Parameters

displayName	The display name of the module
factoryClassName	The factory class name of the module.
type	The type of the module.
version	The version of the module.

Returns: An ingest module info object representing the module added to the db.

Exceptions

TskCoreException When the ingest module cannot be added.

Definition at line 7195 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.IngestModuleInfo.IngestModuleType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_INGEST_MODULE.

final List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles	(	Content	parent,
		List< TskFileRange >	fileRanges
	)		throws TskCoreException

Adds one or more layout files for a parent Content object to the case database.

Parameters

parent	The parent Content.
fileRanges	File range objects for the file(s).

Returns: A list of LayoutFile objects.

Exceptions

TskCoreException If there is a problem completing a case database operation.

Definition at line 4032 of file SleuthkitCase.java.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile	(	String	fileName,
		String	localPath,
		long	size,
		long	ctime,
		long	crtime,
		long	atime,
		long	mtime,
		boolean	isFile,
		TskData.EncodingType	encodingType,
		AbstractFile	parent
	)		throws TskCoreException

Wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.

Parameters

fileName
localPath
size
ctime
crtime
atime
mtime
isFile
encodingType
parent

Returns

Exceptions

TskCoreException

Definition at line 4506 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile	(	String	fileName,
		String	localPath,
		long	size,
		long	ctime,
		long	crtime,
		long	atime,
		long	mtime,
		boolean	isFile,
		TskData.EncodingType	encodingType,
		AbstractFile	parent,
		CaseDbTransaction	transaction
	)		throws TskCoreException

Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.

Parameters

fileName	The name of the file.
localPath	The absolute path (including the file name) of the local/logical in secondary storage.
size	The size of the file in bytes.
ctime	The changed time of the file.
crtime	The creation time of the file.
atime	The accessed time of the file
mtime	The modified time of the file.
isFile	True, unless the file is a directory.
encodingType	Type of encoding used on the file
parent	The parent of the file (e.g., a virtual directory)
transaction	A caller-managed transaction within which the add file operations are performed.

Returns: An object representing the local/logical file.

Exceptions

TskCoreException if there is an error completing a case database operation.

Definition at line 4552 of file SleuthkitCase.java.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile	(	String	fileName,
		String	localPath,
		long	size,
		long	ctime,
		long	crtime,
		long	atime,
		long	mtime,
		boolean	isFile,
		AbstractFile	parent,
		CaseDbTransaction	transaction
	)		throws TskCoreException

Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.

Parameters

fileName	The name of the file.
localPath	The absolute path (including the file name) of the local/logical in secondary storage.
size	The size of the file in bytes.
ctime	The changed time of the file.
crtime	The creation time of the file.
atime	The accessed time of the file
mtime	The modified time of the file.
isFile	True, unless the file is a directory.
parent	The parent of the file (e.g., a virtual directory)
transaction	A caller-managed transaction within which the add file operations are performed.

Returns: An object representing the local/logical file.

Exceptions

TskCoreException if there is an error completing a case database operation. Use the newer version with explicit encoding type parameter

Definition at line 8620 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile	(	String	fileName,
		String	localPath,
		long	size,
		long	ctime,
		long	crtime,
		long	atime,
		long	mtime,
		boolean	isFile,
		AbstractFile	parent
	)		throws TskCoreException

Wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.

Parameters

fileName
localPath
size
ctime
crtime
atime
mtime
isFile
parent

Returns

Exceptions

TskCoreException Use the newer version with explicit encoding type parameter

Definition at line 8648 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

LocalFilesDataSource org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource	(	String	deviceId,
		String	rootDirectoryName,
		String	timeZone,
		CaseDbTransaction	transaction
	)		throws TskCoreException

Adds a local/logical files and/or directories data source.

Parameters

deviceId	An ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID).
rootDirectoryName	The name for the root virtual directory for the data source.
timeZone	The time zone used to process the data source, may be the empty string.
transaction	A transaction in the scope of which the operation is to be performed, managed by the caller.

Returns: The new local files data source.

Exceptions

TskCoreException if there is an error adding the data source.

Definition at line 3912 of file SleuthkitCase.java.

Report org.sleuthkit.datamodel.SleuthkitCase.addReport	(	String	localPath,
		String	sourceModuleName,
		String	reportName
	)		throws TskCoreException

Inserts a row into the reports table in the case database.

Parameters

localPath	The path of the report file, must be in the database directory (case directory in Autopsy) or one of its subdirectories.
sourceModuleName	The name of the module that created the report.
reportName	The report name, may be empty.

Returns: A Report data transfer object (DTO) for the new row.

Exceptions

TskCoreException

Definition at line 6958 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_REPORT, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

TagName org.sleuthkit.datamodel.SleuthkitCase.addTagName	(	String	displayName,
		String	description,
		TagName.HTML_COLOR	color
	)		throws TskCoreException

Inserts row into the tags_names table in the case database.

Parameters

displayName	The display name for the new tag name.
description	The description for the new tag name.
color	The HTML color to associate with the new tag name.

Returns: A TagName data transfer object (DTO) for the new row.

Exceptions

TskCoreException

Definition at line 6381 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_TAG_NAME, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory	(	long	parentId,
		String	directoryName
	)		throws TskCoreException

Adds a virtual directory to the database and returns a VirtualDirectory object representing it.

Parameters

parentId	the ID of the parent, or 0 if NULL
directoryName	the name of the virtual directory to create

Returns

Exceptions

TskCoreException

Definition at line 3749 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().

VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory	(	long	parentId,
		String	directoryName,
		CaseDbTransaction	transaction
	)		throws TskCoreException

Adds a virtual directory to the database and returns a VirtualDirectory object representing it.

Make sure the connection in transaction is used for all database interactions called by this method

Parameters

parentId	the ID of the parent, or 0 if NULL
directoryName	the name of the virtual directory to create
transaction	the transaction in the scope of which the operation is to be performed, managed by the caller

Returns: a VirtualDirectory object representing the one added to the database.

Exceptions

TskCoreException

Definition at line 3785 of file SleuthkitCase.java.

boolean org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed ( )

Query all the files to verify if they have an MD5 hash associated with them.

Returns: true if all files have an MD5 hash

Definition at line 6200 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

CaseDbTransaction org.sleuthkit.datamodel.SleuthkitCase.beginTransaction ( ) throws TskCoreException

Create a new transaction on the case database. The transaction object that is returned can be passed to methods that take a CaseDbTransaction. The caller is responsible for calling either commit() or rollback() on the transaction object.

Returns: A CaseDbTransaction object.

Exceptions

TskCoreException

Definition at line 1062 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLayoutFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory().

void org.sleuthkit.datamodel.SleuthkitCase.close ( )

Call to free resources when done with instance.

Definition at line 5958 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.caseHandle, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.finalize().

static void org.sleuthkit.datamodel.SleuthkitCase.closeResultSet ( ResultSet resultSet )

staticprivate

Definition at line 7071 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.closeRunQuery ( ResultSet resultSet ) throws SQLException

Closes ResultSet and its Statement previously retrieved from runQuery()

Parameters

resultSet with its Statement to close

Exceptions

SQLException of closing the query files failed

Deprecated:: Do not use runQuery() and closeRunQuery(), use executeQuery() instead. Query the Database

Definition at line 8483 of file SleuthkitCase.java.

static void org.sleuthkit.datamodel.SleuthkitCase.closeStatement ( Statement statement )

staticprivate

Definition at line 7081 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB ( String newDBPath ) throws IOException

Make a duplicate / backup copy of the current case database. Makes a new copy only, and continues to use the current connection.

Parameters

newDBPath Path to the copy to be created. File will be overwritten if it exists.

Exceptions

IOException if copying fails.

Definition at line 605 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed ( )

Query all the files and counts how many have an MD5 hash.

Returns: the number of files with an MD5 hash

Definition at line 6237 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

long org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere ( String sqlWhereClause ) throws TskCoreException

Count files matching the specific Where clause

Parameters

sqlWhereClause a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)

Returns: count of files each of which satisfy the given WHERE clause

Exceptions

TskCoreException

Query the Database

Definition at line 4724 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

int org.sleuthkit.datamodel.SleuthkitCase.countFsContentType ( TskData.TSK_FS_META_TYPE_ENUM contentType ) throws TskCoreException

Return the number of objects in the database of a given file type.

Parameters

contentType Type of file to count

Returns: Number of objects with that type.

Exceptions

TskCoreException thrown if a critical error occurred within tsk core

Definition at line 6116 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

static String org.sleuthkit.datamodel.SleuthkitCase.createCaseDataBaseName ( String candidateDbName )

staticprivate

Transforms a candidate PostgreSQL case database name into one that can be safely used in SQL commands and will not be subject to name collisions on the case database server.

Parameters

candidateDbName A candidate case database name.

Returns: A case database name.

Definition at line 1252 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.MAX_DB_NAME_LEN_BEFORE_TIMESTAMP.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase().

void org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag ( BlackboardArtifactTag tag ) throws TskCoreException

Definition at line 6701 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.DELETE_ARTIFACT_TAG, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag ( ContentTag tag ) throws TskCoreException

Definition at line 6451 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.DELETE_CONTENT_TAG, and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.deleteReport ( Report report ) throws TskCoreException

Deletes a row from the reports table in the case database.

Parameters

report A Report data transfer object (DTO) for the row to delete.

Exceptions

TskCoreException

Definition at line 7056 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.DELETE_REPORT, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

static String org.sleuthkit.datamodel.SleuthkitCase.escapeSingleQuotes ( String text )

static

Escape the single quotes in the given string so they can be added to the SQL caseDbConnection

Parameters

text

Returns: text the escaped version

Definition at line 6148 of file SleuthkitCase.java.

CaseDbQuery org.sleuthkit.datamodel.SleuthkitCase.executeQuery ( String query ) throws TskCoreException

This method allows developers to run arbitrary SQL "SELECT" queries. The CaseDbQuery object will take care of acquiring the necessary database lock and when used in a try-with-resources block will automatically take care of releasing the lock. If you do not use a try-with-resources block you must call CaseDbQuery.close() once you are done processing the files of the query.

Also note that if you use it within a transaction to insert something into the database, and then within that same transaction query the inserted item from the database, you will likely not see your inserted item, as the method uses new connections for each execution. With this method, you must close your transaction before successfully querying for newly-inserted items.

Parameters

query The query string to execute.

Returns: A CaseDbQuery instance.

Exceptions

TskCoreException

Definition at line 5942 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.finalize ( ) throws Throwable

protected

Definition at line 5947 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.close().

List<Long> org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere ( String sqlWhereClause ) throws TskCoreException

Find and return list of all (abstract) ids of files matching the specific Where clause

Parameters

sqlWhereClause a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)

Returns: a list of file ids each of which satisfy the given WHERE clause

Exceptions

TskCoreException

Query the Database

Definition at line 4792 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere ( String sqlWhereClause ) throws TskCoreException

Find and return list of all (abstract) files matching the specific Where clause. You need to know the database schema to use this, which is outlined on the wiki. You should use enums from org.sleuthkit.datamodel.TskData to make the queries easier to maintain and understand.

Parameters

sqlWhereClause a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)

Returns: a list of AbstractFile each of which satisfy the given WHERE clause

Exceptions

TskCoreException

Query the Database

Definition at line 4761 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles	(	Content	dataSource,
		String	fileName
	)		throws TskCoreException

Parameters

dataSource	the dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileName	Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).

Returns: a list of AbstractFile for files/directories whose name matches the given fileName

Exceptions

TskCoreException thrown if check failed

Definition at line 3680 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_NAME.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.findFiles(), and org.sleuthkit.datamodel.SleuthkitCase.openFiles().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles	(	Content	dataSource,
		String	fileName,
		String	dirName
	)		throws TskCoreException

Parameters

dataSource	the dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileName	Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
dirName	Pattern of the name of a parent directory of fileName (case insensitive, used in LIKE SQL statement)

Returns: a list of AbstractFile for files/directories whose name matches fileName and whose parent directory contains dirName.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 3715 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_PARENT_PATH_AND_NAME.

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles	(	Content	dataSource,
		String	fileName,
		AbstractFile	parentFile
	)		throws TskCoreException

Find all files in the data source, by name and parent

Parameters

dataSource	the dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileName	Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
parentFile	Object for parent file/directory to find children in

Returns: a list of AbstractFile for files/directories whose name matches fileName and that were inside a directory described by parentFile.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 4709 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.findFiles().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5 ( String md5Hash )

Find all the files with the given MD5 hash.

Parameters

md5Hash hash value to match files with

Returns: List of AbstractFile with the given hash

Definition at line 6163 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().

List<FsContent> org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere ( String sqlWhereClause ) throws TskCoreException

Find and return list of files matching the specific Where clause. Use findAllFilesWhere instead. It returns a more generic data type

Parameters

sqlWhereClause a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)

Returns: a list of FsContent each of which satisfy the given WHERE clause

Exceptions

TskCoreException

Deprecated:: use SleuthkitCase.findAllFilesWhere() instead

Definition at line 8199 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().

AbstractFile org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById ( long id ) throws TskCoreException

Get abstract file object from tsk_files table by its id

Parameters

id	id of the file object in tsk_files table

Returns: AbstractFile object populated, or null if not found.

Exceptions

TskCoreException thrown if critical error occurred within tsk core and file could not be queried

Definition at line 3577 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILE_BY_ID.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags ( ) throws TskCoreException

Selects all of the rows from the blackboard_artifacts_tags table in the case database.

Returns: A list, possibly empty, of BlackboardArtifactTag data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6727 of file SleuthkitCase.java.

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags ( ) throws TskCoreException

Selects all of the rows from the content_tags table in the case database.

Returns: A list, possibly empty, of ContentTag data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6476 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_CONTENT_TAGS.

List<Report> org.sleuthkit.datamodel.SleuthkitCase.getAllReports ( ) throws TskCoreException

Selects all of the rows from the reports table in the case database.

Returns: A list, possibly empty, of Report data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 7023 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_REPORTS.

List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames ( ) throws TskCoreException

Selects all of the rows from the tag_names table in the case database.

Returns: A list, possibly empty, of TagName data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6316 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_TAG_NAMES.

long org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper	(	int	artifactTypeID,
		long	obj_id
	)		throws TskCoreException

private

Helper method to get count of all artifacts matching the type id and object id. Does not included rejected artifacts.

Parameters

artifactTypeID	artifact type id
obj_id	associated object id

Returns: count of matching blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2069 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_SOURCE_AND_TYPE, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper ( String whereClause ) throws TskCoreException

private

Gets unrejected blackboard artifacts that match a given WHERE clause. Uses a SELECT * statement that does a join of the blackboard_artifacts and blackboard_artifact_types tables to get all of the required data.

Parameters

whereClause The WHERE clause to append to the SELECT statement.

Returns: A list of BlackboardArtifact objects.

Exceptions

TskCoreException If there is a problem querying the case database.

Definition at line 2024 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts().

BlackboardArtifact.Type org.sleuthkit.datamodel.SleuthkitCase.getArtifactType ( String artTypeName ) throws TskCoreException

Get the artifact type associated with an artifact type name.

Parameters

artTypeName An artifact type name.

Returns: An artifact type or null if the artifact type does not exist.

Exceptions

TskCoreException If an error occurs accessing the case database.

Definition at line 2672 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.typeIdToArtifactTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToArtifactTypeMap.

Referenced by org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().

int org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID ( String artifactTypeName ) throws TskCoreException

Get the artifact type id associated with an artifact type name.

Parameters

artifactTypeName An artifact type name.

Returns: An artifact id or -1 if the attribute type does not exist.

Exceptions

TskCoreException If an error occurs accessing the case database.

Deprecated:: Use getArtifactType instead

Definition at line 8238 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Iterable<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes ( ) throws TskCoreException

Gets a list of all the artifact types for this case

Returns: a list of artifact types

Exceptions

TskCoreException when there is an error getting the types

Definition at line 1844 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

List<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse ( ) throws TskCoreException

Gets the list of all unique artifact IDs in use.

Gets both static and dynamic IDs.

Returns: The list of unique IDs

Exceptions

TskCoreException exception thrown if a critical error occurred within tsk core

Definition at line 1918 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.getAttributeType ( String attrTypeName ) throws TskCoreException

Get the attribute type associated with an attribute type name.

Parameters

attrTypeName An attribute type name.

Returns: An attribute type or null if the attribute type does not exist.

Exceptions

TskCoreException If an error occurs accessing the case database.

Definition at line 2594 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.typeIdToAttributeTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToAttributeTypeMap.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes().

BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.getAttributeType ( int typeID ) throws TskCoreException

private

Get the attribute type associated with an attribute type ID.

Parameters

typeID An attribute type ID.

Returns: An attribute type or null if the attribute type does not exist.

Exceptions

TskCoreException If an error occurs accessing the case database.

Definition at line 2633 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.typeIdToAttributeTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToAttributeTypeMap.

List<BlackboardAttribute.Type> org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes ( ) throws TskCoreException

Gets a list of all the attribute types for this case

Returns: a list of attribute types

Exceptions

TskCoreException when there is an error getting the types

Definition at line 1954 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName ( int attrTypeID ) throws TskCoreException

Get the display name for the attribute with the given id. Will throw an error if that id does not exist

Parameters

attrTypeID attribute id

Returns: string associated with the given id

Exceptions

TskCoreException exception thrown if a critical error occurs within tsk core

Deprecated:: Use getAttributeType instead

Definition at line 8402 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

int org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID ( String attrTypeName ) throws TskCoreException

Gets the attribute type id associated with an attribute type name.

Parameters

attrTypeName An attribute type name.

Returns: An attribute id or -1 if the attribute type does not exist.

Exceptions

TskCoreException If an error occurs accessing the case database.

Deprecated:: Use SleuthkitCase.getAttributeType instead.

Definition at line 8330 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString ( int attrTypeID ) throws TskCoreException

Get the string associated with the given id. Will throw an error if that id does not exist

Parameters

attrTypeID attribute id

Returns: string associated with the given id

Exceptions

TskCoreException exception thrown if a critical error occurs within tsk core

Deprecated:: Use getAttributeType instead

Definition at line 8366 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getBackupDatabasePath ( )

Returns the path of a backup copy of the database made when a schema version upgrade has occurred.

Returns: The path of the backup file or null if no backup was made.

Definition at line 1048 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.dbBackupPath.

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact ( long artifactID ) throws TskCoreException

Get the blackboard artifact with the given artifact id

Parameters

artifactID artifact ID

Returns: blackboard artifact

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2282 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.BlackboardAttribute.getParentArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( int artifactTypeID ) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters

artifactTypeID artifact type id (must exist in database)

Returns: list of blackboard artifacts.

Exceptions

TskCoreException

Definition at line 1470 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

Referenced by org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	BlackboardAttribute.ATTRIBUTE_TYPE	attrType,
		String	value
	)		throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.

Parameters

attrType	attribute of this attribute type to look for in the artifacts
value	value of the attribute of the attrType type to look for

Returns: a list of blackboard artifacts with such an attribute

Exceptions

TskCoreException exception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1556 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	BlackboardAttribute.ATTRIBUTE_TYPE	attrType,
		String	subString,
		boolean	startsWith
	)		throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.

Parameters

attrType	attribute of this attribute type to look for in the artifacts
subString	value substring of the string attribute of the attrType type to look for
startsWith	if true, the artifact attribute string should start with the substring, if false, it should just contain it

Returns: a list of blackboard artifacts with such an attribute

Exceptions

TskCoreException exception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1607 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	BlackboardAttribute.ATTRIBUTE_TYPE	attrType,
		int	value
	)		throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and integer value. Does not included rejected artifacts.

Parameters

attrType	attribute of this attribute type to look for in the artifacts
value	value of the attribute of the attrType type to look for

Returns: a list of blackboard artifacts with such an attribute

Exceptions

TskCoreException exception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1659 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	BlackboardAttribute.ATTRIBUTE_TYPE	attrType,
		long	value
	)		throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and long value. Does not included rejected artifacts.

Parameters

attrType	attribute of this attribute type to look for in the artifacts
value	value of the attribute of the attrType type to look for

Returns: a list of blackboard artifacts with such an attribute

Exceptions

TskCoreException exception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1707 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	BlackboardAttribute.ATTRIBUTE_TYPE	attrType,
		double	value
	)		throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and double value. Does not included rejected artifacts.

Parameters

attrType	attribute of this attribute type to look for in the artifacts
value	value of the attribute of the attrType type to look for

Returns: a list of blackboard artifacts with such an attribute

Exceptions

TskCoreException exception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1755 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	BlackboardAttribute.ATTRIBUTE_TYPE	attrType,
		byte	value
	)		throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and byte value. Does not include rejected artifacts.

Parameters

attrType	attribute of this attribute type to look for in the artifacts
value	value of the attribute of the attrType type to look for

Returns: a list of blackboard artifacts with such an attribute

Exceptions

TskCoreException exception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 1803 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	String	artifactTypeName,
		long	obj_id
	)		throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters

artifactTypeName	artifact type name
obj_id	object id

Returns: list of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2106 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	int	artifactTypeID,
		long	obj_id
	)		throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters

artifactTypeID	artifact type id (must exist in database)
obj_id	object id

Returns: list of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2122 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	ARTIFACT_TYPE	artifactType,
		long	obj_id
	)		throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters

artifactType	artifact type enum
obj_id	object id

Returns: list of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2138 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( String artifactTypeName ) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters

artifactTypeName artifact type name

Returns: list of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2205 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( ARTIFACT_TYPE artifactType ) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters

artifactType artifact type enum

Returns: list of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2220 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts	(	ARTIFACT_TYPE	artifactType,
		BlackboardAttribute.ATTRIBUTE_TYPE	attrType,
		String	value
	)		throws TskCoreException

Get all blackboard artifacts of a given type with an attribute of a given type and String value. Does not included rejected artifacts.

Parameters

artifactType	artifact type enum
attrType	attribute type enum
value	String value of attribute

Returns: list of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2237 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( long objId ) throws TskCoreException

Get a count of blackboard artifacts for a given content. Does not include rejected artifacts.

Parameters

objId Id of the content.

Returns: The artifacts count for the content.

Exceptions

TskCoreException

Definition at line 1484 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_ARTIFACTS_FROM_SOURCE, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.AbstractContent.getAllArtifactsCount(), and org.sleuthkit.datamodel.AbstractContent.getArtifactsCount().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount	(	String	artifactTypeName,
		long	obj_id
	)		throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters

artifactTypeName	artifact type name
obj_id	object id

Returns: count of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2154 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), and org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount	(	int	artifactTypeID,
		long	obj_id
	)		throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters

artifactTypeID	artifact type id (must exist in database)
obj_id	object id

Returns: count of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2174 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount	(	ARTIFACT_TYPE	artifactType,
		long	obj_id
	)		throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters

artifactType	artifact type enum
obj_id	object id

Returns: count of blackboard artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 2190 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount ( int artifactTypeID ) throws TskCoreException

Get a count of artifacts of a given type. Does not include rejected artifacts.

Parameters

artifactTypeID Id of the artifact type.

Returns: The artifacts count for the type.

Exceptions

TskCoreException

Definition at line 1518 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_ARTIFACTS_OF_TYPE, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID ( long artifactTagID ) throws TskCoreException

Selects the row in the blackboard artifact tags table in the case database with a specified tag id.

Parameters

artifactTagID the tag id of the BlackboardArtifactTag to retrieve.

Returns: the BlackBoardArtifact Tag with the given tag id, or null if no such tag could be found

Exceptions

TskCoreException

Definition at line 6845 of file SleuthkitCase.java.

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact ( BlackboardArtifact artifact ) throws TskCoreException

Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the blackboard_artifacts table.

Parameters

artifact A data transfer object (DTO) for the artifact to match.

Returns: A list, possibly empty, of BlackboardArtifactTag data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6890 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_ARTIFACT.

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName ( TagName tagName ) throws TskCoreException

Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the tag_names table.

Parameters

tagName A data transfer object (DTO) for the tag name to match.

Returns: A list, possibly empty, of BlackboardArtifactTag data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6803 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_TAG_NAME.

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName ( TagName tagName ) throws TskCoreException

Gets a count of the rows in the blackboard_artifact_tags table in the case database with a specified foreign key into the tag_names table.

Parameters

tagName A data transfer object (DTO) for the tag name to match.

Returns: The count, possibly zero.

Exceptions

TskCoreException

Definition at line 6765 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_TAG_NAME, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes ( ) throws TskCoreException

Gets a list of the standard blackboard artifact type enum objects.

Returns: The members of the BlackboardArtifact.ARTIFACT_TYPE enum.

Exceptions

TskCoreException Specified, but not thrown.

Deprecated:: For a list of standard blackboard artifacts type enum objects, use BlackboardArtifact.ARTIFACT_TYPE.values.

Definition at line 8271 of file SleuthkitCase.java.

ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse ( ) throws TskCoreException

Get all of the standard blackboard artifact types that are in use in the blackboard.

Returns: List of standard blackboard artifact types

Exceptions

TskCoreException

Definition at line 1876 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromID(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getTypeID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes ( final BlackboardArtifact artifact ) throws TskCoreException

Definition at line 2793 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.getAttributes(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().

ArrayList<BlackboardAttribute.ATTRIBUTE_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes ( ) throws TskCoreException

Gets a list of the standard blackboard attribute type enum objects.

Returns: The members of the BlackboardAttribute.ATTRIBUTE_TYPE enum.

Exceptions

TskCoreException Specified, but not thrown.

Deprecated:: For a list of standard blackboard attribute types enum objects, use BlackboardAttribute.ATTRIBUTE_TYP.values.

Definition at line 8435 of file SleuthkitCase.java.

int org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount ( ) throws TskCoreException

Get count of blackboard attribute types

Counts both static (in enum) and dynamic attributes types (created by modules at runtime)

Returns: count of attribute types

Exceptions

TskCoreException exception thrown if a critical error occurs within TSK core

Definition at line 1989 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Content org.sleuthkit.datamodel.SleuthkitCase.getContentById ( long id ) throws TskCoreException

Get content object by content id

Parameters

id	to get content object for

Returns: instance of a Content object (one of its subclasses), or null if not found.

Exceptions

TskCoreException thrown if critical error occurred within tsk core

Definition at line 3346 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().

ContentTag org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID ( long contentTagID ) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified tag id.

Parameters

contentTagID the tag id of the ContentTag to retrieve.

Exceptions

TskCoreException

Definition at line 6547 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_CONTENT_TAG_BY_ID.

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent ( Content content ) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified foreign key into the tsk_objects table.

Parameters

content A data transfer object (DTO) for the content to match.

Returns: A list, possibly empty, of ContentTag data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6630 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_CONTENT.

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName ( TagName tagName ) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.

Parameters

tagName A data transfer object (DTO) for the tag name to match.

Returns: A list, possibly empty, of ContentTag data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6589 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_TAG_NAME.

long org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName ( TagName tagName ) throws TskCoreException

Gets a count of the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.

Parameters

tagName A data transfer object (DTO) for the tag name to match.

Returns: The count, possibly zero.

Exceptions

TskCoreException

Definition at line 6512 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.COUNT_CONTENT_TAGS_BY_TAG_NAME, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getDatabaseName ( )

Gets the case database name.

Returns: The case database name.

Definition at line 1071 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.databaseName.

DbType org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType ( )

Returns the type of database in use.

Returns: database type

Definition at line 1038 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.dbType.

DataSource org.sleuthkit.datamodel.SleuthkitCase.getDataSource ( long objectId ) throws TskDataException, TskCoreException

Gets a specific data source for the case (e.g., an image, local disk, virtual directory of local/logical files and/or directories, etc.).

NOTE: The AbstractDataSource class is an emerging feature and at present is only useful for obtaining the object id and the data source identifier, an ASCII-printable identifier for the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.

Parameters

objectId The object id of the data source.

Returns: The data source.

Exceptions

TskDataException	if there is no data source for the given object id.
TskCoreException	if there is a problem getting the data source.

Definition at line 1437 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

long org.sleuthkit.datamodel.SleuthkitCase.getDataSourceObjectId	(	CaseDbConnection	connection,
		long	objectId
	)		throws TskCoreException

private

Given an object id, works up the tree of ancestors to the data source for the object and gets the object id of the data source. The trivial case where the input object id is for a source is handled.

Parameters

connection	A case database connection.
objectId	An object id.

Returns: A data source object id.

Exceptions

TskCoreException if there is an error querying the case database.

Definition at line 4645 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4().

List<DataSource> org.sleuthkit.datamodel.SleuthkitCase.getDataSources ( ) throws TskCoreException

Gets the data sources for the case (e.g., images, local disks, virtual directories of local/logical files and/or directories, etc.)

NOTE: The DataSource interface is an emerging feature and at present is only useful for obtaining the object id and the device id, an ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.

Returns: A list of the data sources for the case.

Exceptions

TskCoreException if there is a problem getting the data sources.

Definition at line 1396 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

String org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath ( )

Get the full path to the case directory. For a SQLite case database, this is the same as the database directory path.

Returns: Case directory path.

Definition at line 1081 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseDirPath.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addReport(), and org.sleuthkit.datamodel.SleuthkitCase.getAllReports().

List<TskFileRange> org.sleuthkit.datamodel.SleuthkitCase.getFileRanges ( long id ) throws TskCoreException

Get file layout ranges from tsk_file_layout, for a file with specified id

Parameters

id	of the file to get file layout ranges for

Returns: list of populated file ranges

Exceptions

TskCoreException thrown if a critical error occurred within tsk core

Definition at line 4857 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.AbstractFile.getRanges().

FileSystem org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper	(	long	id,
		Content	parent
	)		throws TskCoreException

private

Get file system by id and Content parent

Parameters

id	of the filesystem to get
parent	a direct parent Content object

Returns: populated FileSystem object

Exceptions

TskCoreException thrown if a critical error occurred within tsk core

Definition at line 5053 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.fileSystemIdMap, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.valueOf().

long org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId	(	long	fileId,
		CaseDbConnection	connection
	)

private

Get the object ID of the file system that a file is located in.

Note: for FsContent files, this is the real fs for other non-fs AbstractFile files, this field is used internally for data source id (the root content obj)

Parameters

fileId	object id of the file to get fs column id for
connection	the database connection to use

Returns: fs_id or -1 if not present

Definition at line 3613 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_FILE_SYSTEM_BY_OBJECT.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory().

Collection<FileSystem> org.sleuthkit.datamodel.SleuthkitCase.getFileSystems ( Image image )

Helper to return FileSystems in an Image

Parameters

image Image to lookup FileSystem for

Returns: Collection of FileSystems in the image

Definition at line 5211 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.TskData.ObjectType.IMG, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.TSK_FS_TYPE_ENUM.valueOf().

Image org.sleuthkit.datamodel.SleuthkitCase.getImageById ( long id ) throws TskCoreException

Get am image by the image object id

Parameters

id	of the image object

Returns: Image object populated

Exceptions

TskCoreException thrown if a critical error occurred within tsk core

Definition at line 4892 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addImageInfo(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().

Map<Long, List<String> > org.sleuthkit.datamodel.SleuthkitCase.getImagePaths ( ) throws TskCoreException

Returns a map of image object IDs to a list of fully qualified file paths for that image

Returns: map of image object IDs to file paths

Exceptions

TskCoreException thrown if a critical error occurred within tsk core

Definition at line 5477 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

List<Image> org.sleuthkit.datamodel.SleuthkitCase.getImages ( ) throws TskCoreException

Returns: a collection of Images associated with this instance of SleuthkitCase

Exceptions

TskCoreException

Definition at line 5519 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

final List<IngestJobInfo> org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs ( ) throws TskCoreException

Gets all of the ingest jobs that have been run.

Returns: The information about the ingest jobs that have been run

Exceptions

TskCoreException If there is a problem getting the ingest jobs

Definition at line 7250 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.IngestJobInfo.IngestJobStatusType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.getIngestModules().

List<IngestModuleInfo> org.sleuthkit.datamodel.SleuthkitCase.getIngestModules	(	int	ingestJobId,
		CaseDbConnection	connection
	)		throws SQLException

private

Gets the ingest modules associated with the ingest job

Parameters

ingestJobId	The id of the ingest job to get ingest modules for
connection	The database connection

Returns: The ingest modules of the job

Exceptions

SQLException If it fails to get the modules from the db.

Definition at line 7284 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.IngestModuleInfo.IngestModuleType.fromID().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs().

long org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId ( ) throws TskCoreException

Get last (max) object id of content object in tsk_objects.

Returns: currently max id

Exceptions

TskCoreException exception thrown when database error occurs and last object id could not be queried

Deprecated:: Do not use, assumes a single-threaded, single-user case.

Definition at line 8163 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_MAX_OBJECT_ID.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts ( String whereClause ) throws TskCoreException

Get all artifacts that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables

Parameters

whereClause a sqlite where clause

Returns: a list of matching artifacts

Exceptions

TskCoreException exception thrown if a critical error occurs within tsk core Query the Database

Definition at line 2899 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

Referenced by org.sleuthkit.datamodel.AbstractContent.getAllArtifacts().

ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes ( String whereClause ) throws TskCoreException

Get all attributes that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables

Parameters

whereClause a sqlite where clause

Returns: a list of matching attributes

Exceptions

TskCoreException exception thrown if a critical error occurs within tsk core Query the Database

Definition at line 2845 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

List<Content> org.sleuthkit.datamodel.SleuthkitCase.getRootObjects ( ) throws TskCoreException

Get the list of root objects (data sources) from the case database, e.g., image files, logical (local) files, virtual directories.

Returns: List of content objects representing root objects.

Exceptions

TskCoreException

Definition at line 1335 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().

int org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion ( )

Returns case database schema version number.

Returns: The schema version number as an integer.

Definition at line 1029 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.versionNumber.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getImageById().

List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse ( ) throws TskCoreException

Selects all of the rows from the tag_names table in the case database for which there is at least one matching row in the content_tags or blackboard_artifact_tags tables.

Returns: A list, possibly empty, of TagName data transfer objects (DTOs) for the rows.

Exceptions

TskCoreException

Definition at line 6348 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.SELECT_TAG_NAMES_IN_USE.

List<VirtualDirectory> org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots ( ) throws TskCoreException

Get IDs of the virtual folder roots (at the same level as image), used for containers such as for local files.

Returns: IDs of virtual directory root objects.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 3994 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

void org.sleuthkit.datamodel.SleuthkitCase.init ( ) throws Exception

private

Definition at line 245 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().

void org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes ( ) throws SQLException, TskCoreException

private

Make sure the predefined artifact types are in the artifact types table.

Exceptions

SQLException
TskCoreException

Definition at line 277 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.TskData.DbType.POSTGRESQL, org.sleuthkit.datamodel.SleuthkitCase.typeIdToArtifactTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToArtifactTypeMap.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init().

void org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes ( ) throws SQLException, TskCoreException

private

Make sure the predefined artifact attribute types are in the artifact attribute types table.

Exceptions

SQLException
TskCoreException

Definition at line 316 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.TskData.DbType.POSTGRESQL, org.sleuthkit.datamodel.SleuthkitCase.typeIdToAttributeTypeMap, and org.sleuthkit.datamodel.SleuthkitCase.typeNameToAttributeTypeMap.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init().

void org.sleuthkit.datamodel.SleuthkitCase.initEncodingTypes ( CaseDbConnection connection ) throws SQLException, TskCoreException

private

Put the file encoding types into the table. This must be called after the database upgrades or the encoding_types table will not exist.

Exceptions

SQLException
TskCoreException

Definition at line 509 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema4toSchema5().

void org.sleuthkit.datamodel.SleuthkitCase.initIngestModuleTypes ( CaseDbConnection connection ) throws SQLException, TskCoreException

private

Initialize ingest module types by adding them into the ingest_module_types database.

Exceptions

SQLException
TskCoreException

Definition at line 416 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4().

void org.sleuthkit.datamodel.SleuthkitCase.initIngestStatusTypes ( CaseDbConnection connection ) throws SQLException, TskCoreException

private

Initialize ingest status types by adding them into the ingest_job_status_types database.

Exceptions

SQLException
TskCoreException

Definition at line 447 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4().

void org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId ( ) throws SQLException, TskCoreException

private

Initialize the next artifact id. If there are entries in the blackboard_artifacts table we will use max(artifact_id) + 1 otherwise we will initialize the value to 0x8000000000000000 (the maximum negative signed long).

Exceptions

SQLException
TskCoreException

Definition at line 357 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.BASE_ARTIFACT_ID, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init().

void org.sleuthkit.datamodel.SleuthkitCase.initReviewStatuses ( CaseDbConnection connection ) throws SQLException, TskCoreException

private

Initialize the review statuses lookup table from the ReviewStatus enum.

Exceptions

SQLException
TskCoreException	if there is an error initializing the table.

Definition at line 477 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.closeStatement().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema4toSchema5().

void org.sleuthkit.datamodel.SleuthkitCase.initStandardTagNames ( ) throws SQLException, TskCoreException

private

Initialize standard tag names by adding them into the tag_names database.

Exceptions

SQLException	if there is an error executing an SQL statement.
TskCoreException	if there is a problem getting a database connection.

Definition at line 383 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.TagName.HTML_COLOR.NONE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init().

boolean org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource	(	Content	dataSource,
		long	fileId
	)		throws TskCoreException

Checks if the file is a (sub)child of the data source (parentless Content object such as Image or VirtualDirectory representing filesets)

Parameters

dataSource	dataSource to check
fileId	id of file to check

Returns: true if the file is in the dataSource hierarchy

Exceptions

TskCoreException thrown if check failed

Definition at line 3648 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

void org.sleuthkit.datamodel.SleuthkitCase.logSQLiteJDBCDriverInfo ( )

private

Write some SQLite JDBC driver details to the log file.

Definition at line 641 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.logger.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().

AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess	(	String	timezone,
		boolean	addUnallocSpace,
		boolean	noFatFsOrphans,
		String	imageWriterPath
	)

Start process of adding a image to the case. Adding an image is a multi-step process and this returns an object that allows it to happen.

Parameters

timezone	TZ time zone string to use for ingest of image.
addUnallocSpace	Set to true to create virtual files for unallocated space in the image.
noFatFsOrphans	Set to true to skip processing orphan files of FAT file systems.
imageWriterPath	Path for image writer from the local disk panel. Use an empty string to disable image writing

Returns: Object that encapsulates control of adding an image via the SleuthKit native code layer.

Definition at line 1322 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle.

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess	(	String	timezone,
		boolean	addUnallocSpace,
		boolean	noFatFsOrphans
	)

Start process of adding a image to the case. Adding an image is a multi-step process and this returns an object that allows it to happen.

Parameters

timezone	TZ time zone string to use for ingest of image.
addUnallocSpace	Set to true to create virtual files for unallocated space in the image.
noFatFsOrphans	Set to true to skip processing orphan files of FAT file systems.

Returns: Object that encapsulates control of adding an image via the SleuthKit native code layer

Use the newer version with explicit image writer path parameter

Definition at line 8673 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle.

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact	(	int	artifactTypeID,
		long	obj_id
	)		throws TskCoreException

Add a new blackboard artifact with the given type. If that artifact type does not exist an error will be thrown. The artifact type name can be looked up in the returned blackboard artifact.

Parameters

artifactTypeID	the type the given artifact should have
obj_id	the content object id associated with this artifact

Returns: a new blackboard artifact

Exceptions

TskCoreException exception thrown if a critical error occurs within tsk core

Definition at line 2944 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().

Referenced by org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact(), org.sleuthkit.datamodel.AbstractContent.newArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact	(	ARTIFACT_TYPE	artifactType,
		long	obj_id
	)		throws TskCoreException

Add a new blackboard artifact with the given type.

Parameters

artifactType	the type the given artifact should have
obj_id	the content object id associated with this artifact

Returns: a new blackboard artifact

Exceptions

TskCoreException exception thrown if a critical error occurs within tsk core

Definition at line 2960 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact	(	int	artifact_type_id,
		long	obj_id,
		String	artifactTypeName,
		String	artifactDisplayName
	)		throws TskCoreException

private

Definition at line 2964 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.INSERT_ARTIFACT, org.sleuthkit.datamodel.TskData.DbType.POSTGRESQL, org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.POSTGRESQL_INSERT_ARTIFACT, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.UNDECIDED.

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.newCase ( String dbPath ) throws TskCoreException

static

Creates a new SQLite case database.

Parameters

dbPath Path to where SQlite case database should be created.

Returns: A case database object.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 1192 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.newCase	(	String	caseName,
		CaseDbConnectionInfo	info,
		String	caseDirPath
	)		throws TskCoreException

static

Creates a new PostgreSQL case database.

Parameters

caseName	The name of the case. It will be used to create a case database name that can be safely used in SQL commands and will not be subject to name collisions on the case database server. Use getDatabaseName to get the created name.
info	The information to connect to the database.
caseDirPath	The case directory path.

Returns: A case database object.

Exceptions

org.sleuthkit.datamodel.TskCoreException

The flow of this method involves trying to create a new case and if successful, return that case. If unsuccessful, an exception is thrown. We catch any exceptions, and use tryConnect() to attempt to obtain further information about the error. If tryConnect() is unable to successfully connect, tryConnect() will throw a TskCoreException with a message containing user-level error reporting. If tryConnect() is able to connect, flow continues and we rethrow the original exception obtained from trying to create the case. In this way, we obtain more detailed information if we are able, but do not lose any information if unable.

Definition at line 1216 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseDirPath, org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.createCaseDataBaseName(), org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.tryConnect().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.openCase ( String dbPath ) throws TskCoreException

static

Open an existing case database.

Parameters

dbPath Path to SQLite case database.

Returns: Case database object.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 1138 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.TskData.DbType.SQLITE.

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.openCase	(	String	databaseName,
		CaseDbConnectionInfo	info,
		String	caseDir
	)		throws TskCoreException

static

Open an existing multi-user case database.

Parameters

databaseName	The name of the database.
info	Connection information for the the database.
caseDir	The folder where the case metadata fils is stored.

Returns: A case database object.

Exceptions

TskCoreException If there is a problem opening the database.

Definition at line 1158 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase(), and org.sleuthkit.datamodel.SleuthkitCase.tryConnect().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.openFiles	(	Content	dataSource,
		String	filePath
	)		throws TskCoreException

Parameters

dataSource	the data source (Image, VirtualDirectory for file-sets, etc) to search for the given file name
filePath	The full path to the file(statement) of interest. This can optionally include the image and volume names. Treated in a case- insensitive manner.

Returns: a list of AbstractFile that have the given file path.

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 4826 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.AbstractFile.createNonUniquePath(), and org.sleuthkit.datamodel.SleuthkitCase.findFiles().

void org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock ( )

Release the lock that provides exclusive access to the database if it is a SQLite database. This method should always be called in the finally block of a try block in which the lock was acquired.

Definition at line 1101 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

void org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock ( )

Release the lock that provides shared access to the database if it is a SQLite database. This method should always be called in the finally block of a try block in which the lock was acquired.

Definition at line 1123 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

void org.sleuthkit.datamodel.SleuthkitCase.removeErrorObserver ( ErrorObserver observer )

Remove an observer for SleuthkitCase errors.

Parameters

observer The observer to remove.

Definition at line 6283 of file SleuthkitCase.java.

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles	(	ResultSet	rs,
		CaseDbConnection	connection
	)		throws SQLException

private

Creates file object from a SQL query result set of rows from the tsk_files table. Assumes that the query was of the form "SELECT * FROM tsk_files WHERE XYZ".

Parameters

rs	ResultSet to get content from. Caller is responsible for closing it.

Returns: list of file objects from tsk_files table containing the files

Exceptions

SQLException if the query fails

Definition at line 5590 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), and org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById().

ResultSet org.sleuthkit.datamodel.SleuthkitCase.runQuery ( String query ) throws SQLException

Process a read-only query on the tsk database, any table Can be used to e.g. to find files of a given criteria. resultSetToFsContents() will convert the files to useful objects. MUST CALL closeRunQuery() when done

Parameters

query the given string query to run

Returns: the resultSet from running the query. Caller MUST CALL closeRunQuery(resultSet) as soon as possible, when done with retrieving data from the resultSet

Exceptions

SQLException if error occurred during the query

Deprecated:: Do not use runQuery(), use executeQuery() instead. Query the Database

Definition at line 8455 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().

void org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType	(	AbstractFile	file,
		String	mimeType
	)		throws TskCoreException

Stores the MIME type of a file in the case database and updates the MIME type of the given file object.

Parameters

file	A file.
mimeType	The MIME type.

Exceptions

TskCoreException If there is an error updating the case database.

Definition at line 6025 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.setImagePaths	(	long	obj_id,
		List< String >	paths
	)		throws TskCoreException

Set the file paths for the image given by obj_id

Parameters

obj_id	the ID of the image to update
paths	the fully qualified path to the files that make up the image

Exceptions

TskCoreException exception thrown when critical error occurs within tsk core and the update fails

Definition at line 5556 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

boolean org.sleuthkit.datamodel.SleuthkitCase.setKnown	(	AbstractFile	file,
		FileKnown	fileKnown
	)		throws TskCoreException

Store the known status for the FsContent in the database Note: will not update status if content is already 'Known Bad'

Parameters

file	The AbstractFile object
fileKnown	The object'statement known status

Returns: true if the known status was updated, false otherwise

Exceptions

TskCoreException thrown if a critical error occurred within tsk core

Definition at line 5991 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus	(	BlackboardArtifact	artifact,
		BlackboardArtifact.ReviewStatus	newStatus
	)		throws TskCoreException

Set the review status of the given artifact to newStatus

Parameters

artifact	The artifact whose review status is being set.
newStatus	The new review status for the given artifact. Must not be null.

Exceptions

TskCoreException thrown if a critical error occurred within tsk core

Definition at line 6085 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.BlackboardArtifact.getArtifactID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().

void org.sleuthkit.datamodel.SleuthkitCase.submitError	(	String	context,
		String	errorMessage
	)

Submit an error to all clients that are listening.

Parameters

context	The context in which the error occurred.
errorMessage	A description of the error that occurred.

Definition at line 6296 of file SleuthkitCase.java.

static void org.sleuthkit.datamodel.SleuthkitCase.tryConnect ( CaseDbConnectionInfo info ) throws TskCoreException

static

Attempts to connect to the database with the passed in settings, throws if the settings are not sufficient to connect to the database type indicated. Only attempts to connect to remote databases.

When issues occur, it attempts to diagnose them by looking at the exception messages, returning the appropriate user-facing text for the exception received. This method expects the Exceptions messages to be in English and compares against English text.

Parameters

info	The connection information

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 139 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.openCase().

void org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema ( String dbPath ) throws Exception

private

Modify the case database to bring it up-to-date with the current version of the database schema.

Exceptions

Exception

Definition at line 539 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.init().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3	(	int	schemaVersionNumber,
		CaseDbConnection	connection
	)		throws SQLException, TskCoreException

private

Updates a schema version 2 database to a schema version 3 database.

Parameters

schemaVersionNumber	The current schema version number of the database.
connection	A connection to the case database.

Returns: The new database schema version.

Exceptions

SQLException	If there is an error completing a database operation.
TskCoreException	If there is an error completing a database operation via another SleuthkitCase method.

Definition at line 666 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema3toSchema4	(	int	schemaVersionNumber,
		CaseDbConnection	connection
	)		throws SQLException, TskCoreException

private

Updates a schema version 3 database to a schema version 4 database.

Parameters

schemaVersionNumber	The current schema version number of the database.
connection	A connection to the case database.

Returns: The new database schema version.

Exceptions

SQLException	If there is an error completing a database operation.
TskCoreException	If there is an error completing a database operation via another SleuthkitCase method.

Definition at line 807 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema4toSchema5	(	int	schemaVersionNumber,
		CaseDbConnection	connection
	)		throws SQLException, TskCoreException

private

Updates a schema version 4 database to a schema version 5 database.

Parameters

schemaVersionNumber	The current schema version number of the database.
connection	A connection to the case database.

Returns: The new database schema version.

Exceptions

SQLException	If there is an error completing a database operation.
TskCoreException	If there is an error completing a database operation via another SleuthkitCase method.

Definition at line 926 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.initEncodingTypes(), org.sleuthkit.datamodel.SleuthkitCase.initReviewStatuses(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.UNDECIDED.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

int org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema5toSchema6	(	int	schemaVersionNumber,
		CaseDbConnection	connection
	)		throws SQLException, TskCoreException

private

Updates a schema version 4 database to a schema version 5 database.

Parameters

schemaVersionNumber	The current schema version number of the database.
connection	A connection to the case database.

Returns: The new database schema version.

Exceptions

SQLException	If there is an error completing a database operation.
TskCoreException	If there is an error completing a database operation via another SleuthkitCase method.

Definition at line 984 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.UNDECIDED.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

void org.sleuthkit.datamodel.SleuthkitCase.updateImagePath	(	String	newPath,
		long	objectId
	)		throws TskCoreException

Change the path for an image in the database.

Parameters

newPath	New path to the image
objectId	Data source ID of the image

Exceptions

TskCoreException

Definition at line 6927 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.PREPARED_STATEMENT.UPDATE_IMAGE_PATH.

Member Data Documentation

final long org.sleuthkit.datamodel.SleuthkitCase.BASE_ARTIFACT_ID = Long.MIN_VALUE

staticprivate

Definition at line 92 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId().

final ResourceBundle org.sleuthkit.datamodel.SleuthkitCase.bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle")

staticprivate

Definition at line 94 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.caseDirPath

private

Definition at line 110 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().

SleuthkitJNI.CaseDbHandle org.sleuthkit.datamodel.SleuthkitCase.caseHandle

private

Definition at line 111 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addImageInfo(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess(), org.sleuthkit.datamodel.SleuthkitCase.newCase(), org.sleuthkit.datamodel.SleuthkitCase.openCase(), and org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().

final ConnectionPool org.sleuthkit.datamodel.SleuthkitCase.connections

private

Definition at line 103 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.databaseName

private

Definition at line 107 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getDatabaseName().

String org.sleuthkit.datamodel.SleuthkitCase.dbBackupPath

private

Definition at line 113 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBackupDatabasePath().

final String org.sleuthkit.datamodel.SleuthkitCase.dbPath

private

Definition at line 108 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().

final DbType org.sleuthkit.datamodel.SleuthkitCase.dbType

private

Definition at line 109 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getDatabaseType(), and org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().

final Map<Long, FileSystem> org.sleuthkit.datamodel.SleuthkitCase.fileSystemIdMap = new HashMap<Long, FileSystem>()

private

Definition at line 105 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper().

final int org.sleuthkit.datamodel.SleuthkitCase.IS_REACHABLE_TIMEOUT_MS = 1000

staticprivate

Definition at line 95 of file SleuthkitCase.java.

final Logger org.sleuthkit.datamodel.SleuthkitCase.logger = Logger.getLogger(SleuthkitCase.class.getName())

staticprivate

Definition at line 93 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.logSQLiteJDBCDriverInfo().

final int org.sleuthkit.datamodel.SleuthkitCase.MAX_DB_NAME_LEN_BEFORE_TIMESTAMP = 47

staticprivate

Definition at line 90 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.createCaseDataBaseName().

final int org.sleuthkit.datamodel.SleuthkitCase.MIN_USER_DEFINED_TYPE_ID = 10000

staticprivate

Definition at line 102 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), and org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType().

long org.sleuthkit.datamodel.SleuthkitCase.nextArtifactId

private

Definition at line 118 of file SleuthkitCase.java.

final Map<Long, VirtualDirectory> org.sleuthkit.datamodel.SleuthkitCase.rootIdsToCarvedFileDirs = new HashMap<Long, VirtualDirectory>()

private

Definition at line 104 of file SleuthkitCase.java.

final ReentrantReadWriteLock org.sleuthkit.datamodel.SleuthkitCase.rwLock = new ReentrantReadWriteLock(true)

private

Definition at line 123 of file SleuthkitCase.java.

final int org.sleuthkit.datamodel.SleuthkitCase.SCHEMA_VERSION_NUMBER = 6

staticprivate

Definition at line 91 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().

final ArrayList<ErrorObserver> org.sleuthkit.datamodel.SleuthkitCase.sleuthkitCaseErrorObservers = new ArrayList<ErrorObserver>()

private

Definition at line 106 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_AUTHENTICATION_GROUP = "28"

staticprivate

Definition at line 97 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_CONNECTION_GROUP = "08"

staticprivate

Definition at line 96 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_INTERNAL_GROUP = "xx"

staticprivate

Definition at line 101 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_LIMIT_GROUP = "54"

staticprivate

Definition at line 100 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_PRIVILEGE_GROUP = "42"

staticprivate

Definition at line 98 of file SleuthkitCase.java.

final String org.sleuthkit.datamodel.SleuthkitCase.SQL_ERROR_RESOURCE_GROUP = "53"

staticprivate

Definition at line 99 of file SleuthkitCase.java.

Map<Integer, BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.typeIdToArtifactTypeMap

private

Definition at line 114 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes().

Map<Integer, BlackboardAttribute.Type> org.sleuthkit.datamodel.SleuthkitCase.typeIdToAttributeTypeMap

private

Definition at line 115 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes().

Map<String, BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.typeNameToArtifactTypeMap

private

Definition at line 116 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes().

Map<String, BlackboardAttribute.Type> org.sleuthkit.datamodel.SleuthkitCase.typeNameToAttributeTypeMap

private

Definition at line 117 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.init(), and org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes().

int org.sleuthkit.datamodel.SleuthkitCase.versionNumber

private

Definition at line 112 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion().

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/sleuthkit/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java

Classes

Public Member Functions

Static Public Member Functions

Protected Member Functions

Private Member Functions

Static Private Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation