Sleuth Kit Java Bindings (JNI)
4.3
Java bindings for using The Sleuth Kit
|
These classes allow Java programs to access data extracted by The Sleuth Kit.
The Sleuth Kit is primarily a C/C++ library and set of command line tools. These classes allow programs to obtain the data that TSK can produce. The typical steps would be to use JNI to cause the TSK library to create and populate a SQLite or PostgreSQL database. The Java classes then directly open the database and perform queries on it.
NOTE: This needs to be expanded on.
Use SleuthkitCase.newCase() or SleuthkitCase.openCase() to return an instance of a SleuthkitCase object. To add data to the case, use SleuthkitCase.makeAdImageProcess() to get a AddImageProcess object that allows you to populate the database in the scope of a transaction and get feedback on its update process.
To add a local file (logical file) you can use methods such as SleuthkitCase.addLocalFile().
You can either access files directly using methods such as SleuthkitCase.findFiles() or SleuthkitCase.getAbstractFileById().
You can also access the data in its tree form by starting with SleuthkitCase.getImages() and then calling getChildren() on each of the returned objects. See the section below on basics of the datamodel structure.
Flush out here on general layout.
How to Query the Database
How to INSERT and UPDATE into the Database
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.