jni-docs/4.5.0/_sleuthkit_j_n_i_8java_source.html

 /*

  * Sleuth Kit Data Model

  *

  * Copyright 2011-2017 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *       http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.datamodel;


 import java.io.BufferedReader;

 import java.io.FileReader;

 import java.io.IOException;

 import java.text.DateFormat;

 import java.text.SimpleDateFormat;

 import java.util.ArrayList;

 import java.util.Arrays;

 import java.util.GregorianCalendar;

 import java.util.HashMap;

 import java.util.HashSet;

 import java.util.List;

 import java.util.Map;

 import java.util.Set;

 import java.util.TimeZone;

 import java.util.UUID;

 import org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM;


 public class SleuthkitJNI {


         /*

          * Loads the SleuthKit libraries.

          */

         static {

                 LibraryUtils.loadSleuthkitJNI();

         }


         private SleuthkitJNI() {

         }


         private static class HandleCache {


                 /*

                  * A monitor used to guard access to cached Sleuthkit JNI handles.

                  */

                 private static final Object cacheLock = new Object();


                 /*

                  * A SleuthKit image handle cache implemented as a mappng of

                  * concatenated image file paths to image handles.

                  */

                 private static final Map<String, Long> imageHandleCache = new HashMap<String, Long>();


                 /*

                  * A SleuthKit file system handles cache implemented as a mapping of

                  * image handles to image offset and file system handle pairs.

                  */

                 private static final Map<Long, Map<Long, Long>> fsHandleCache = new HashMap<Long, Map<Long, Long>>();


                 /*

                  * The collection of open file handles. We will only allow requests

                  * through to the C code if the file handle exists in this collection.

                  */

                 private static final Set<Long> fileHandleCache = new HashSet<Long>();


                 private static final Map<Long, List<Long>> fileSystemToFileHandles = new HashMap<Long, List<Long>>();


                 private static final String INVALID_FILE_HANDLE = "Invalid file handle."; //NON-NLS


                 private static void addFileHandle(long fileHandle, long fsHandle) {

                         synchronized (cacheLock) {

                                 // Add to collection of open file handles.

                                 fileHandleCache.add(fileHandle);


                                 // Add to map of file system to file handles.

                                 if (fileSystemToFileHandles.containsKey(fsHandle)) {

                                         fileSystemToFileHandles.get(fsHandle).add(fileHandle);

                                 } else {

                                         fileSystemToFileHandles.put(fsHandle, new ArrayList<Long>(Arrays.asList(fileHandle)));

                                 }

                         }

                 }


                 private static void removeFileHandle(long fileHandle) {

                         synchronized (cacheLock) {

                                 // Remove from collection of open file handles.

                                 fileHandleCache.remove(fileHandle);

                         }

                 }


                 private static boolean isValidFileHandle(long fileHandle) {

                         synchronized (cacheLock) {

                                 return fileHandleCache.contains(fileHandle);

                         }

                 }


                 private static void closeHandlesAndClearCache() throws TskCoreException {

                         synchronized (cacheLock) {

                                 /*

                                  * Close any cached file system handles.

                                  */

                                 for (Map<Long, Long> imageToFsMap : fsHandleCache.values()) {

                                         for (Long fsHandle : imageToFsMap.values()) {

                                                 // First close all open file handles for the file system.

                                                 for (Long fileHandle : fileSystemToFileHandles.get(fsHandle)) {

                                                         closeFile(fileHandle);

                                                 }

                                                 // Then close the file system handle.

                                                 closeFsNat(fsHandle);

                                         }

                                 }


                                 /*

                                  * Close any cached image handles.

                                  */

                                 for (Long imageHandle : imageHandleCache.values()) {

                                         closeImgNat(imageHandle);

                                 }


                                 fsHandleCache.clear();

                                 imageHandleCache.clear();

                                 fileHandleCache.clear();

                                 fileSystemToFileHandles.clear();

                         }


                 }

         }


         public static class CaseDbHandle {


                 /*

                  * A pointer to a TskCaseDb object.

                  */

                 private final long caseDbPointer;


                 private CaseDbHandle(long caseDbPointer) {

                         this.caseDbPointer = caseDbPointer;

                 }


                 void free() throws TskCoreException {

                         HandleCache.closeHandlesAndClearCache();

                         SleuthkitJNI.closeCaseDbNat(caseDbPointer);

                 }


                 long addImageInfo(long deviceObjId, List<String> imageFilePaths, String timeZone) throws TskCoreException {

                         try {

                                 long tskAutoDbPointer = initializeAddImgNat(caseDbPointer, timezoneLongToShort(timeZone), false, false, false);

                                 runOpenAndAddImgNat(tskAutoDbPointer, UUID.randomUUID().toString(), imageFilePaths.toArray(new String[0]), imageFilePaths.size(), timeZone);

                                 return commitAddImgNat(tskAutoDbPointer);

                         } catch (TskDataException ex) {

                                 throw new TskCoreException("Error adding image to case database", ex);

                         }

                 }


                 AddImageProcess initAddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageCopyPath) {

                         return new AddImageProcess(timeZone, addUnallocSpace, skipFatFsOrphans, imageCopyPath);

                 }


                 public class AddImageProcess {


                         private final String timeZone;

                         private final boolean addUnallocSpace;

                         private final boolean skipFatFsOrphans;

                         private final String imageWriterPath;

                         private volatile long tskAutoDbPointer;

                         private boolean isCanceled;


                         private AddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageWriterPath) {

                                 this.timeZone = timeZone;

                                 this.addUnallocSpace = addUnallocSpace;

                                 this.skipFatFsOrphans = skipFatFsOrphans;

                                 this.imageWriterPath = imageWriterPath;

                                 tskAutoDbPointer = 0;

                                 this.isCanceled = false;

                         }


                         public void run(String deviceId, String[] imageFilePaths) throws TskCoreException, TskDataException {

                                 long imageHandle = 0;

                                 synchronized (this) {

                                         if (0 != tskAutoDbPointer) {

                                                 throw new TskCoreException("Add image process already started");

                                         }

                                         if (!isCanceled) { //with isCanceled being guarded by this it will have the same value everywhere in this synchronized block

                                                 imageHandle = openImage(imageFilePaths, false);

                                                 tskAutoDbPointer = initAddImgNat(caseDbPointer, timezoneLongToShort(timeZone), addUnallocSpace, skipFatFsOrphans);

                                         }

                                         if (0 == tskAutoDbPointer) {

                                                 throw new TskCoreException("initAddImgNat returned a NULL TskAutoDb pointer");

                                         }

                                 }

                                 if (imageHandle != 0) {

                                         runAddImgNat(tskAutoDbPointer, deviceId, imageHandle, timeZone, imageWriterPath);

                                 }

                         }


                         public synchronized void stop() throws TskCoreException {

                                 isCanceled = true;

                                 if (tskAutoDbPointer != 0) {

                                         stopAddImgNat(tskAutoDbPointer);

                                 }

                         }


                         public synchronized void revert() throws TskCoreException {

                                 if (tskAutoDbPointer == 0) {

                                         throw new TskCoreException("AddImgProcess::revert: AutoDB pointer is NULL");

                                 }


                                 revertAddImgNat(tskAutoDbPointer);

                                 // the native code deleted the object

                                 tskAutoDbPointer = 0;

                         }


                         public synchronized long commit() throws TskCoreException {

                                 if (tskAutoDbPointer == 0) {

                                         throw new TskCoreException("AddImgProcess::commit: AutoDB pointer is NULL");

                                 }


                                 long id = commitAddImgNat(tskAutoDbPointer);

                                 // the native code deleted the object

                                 tskAutoDbPointer = 0;

                                 return id;

                         }


                         public synchronized String currentDirectory() {

                                 return tskAutoDbPointer == 0 ? "" : getCurDirNat(tskAutoDbPointer); //NON-NLS

                         }


                         @Deprecated

                         public void run(String[] imageFilePaths) throws TskCoreException, TskDataException {

                                 run(null, imageFilePaths);

                         }

                 }


         }


         static CaseDbHandle newCaseDb(String path) throws TskCoreException {

                 return new CaseDbHandle(newCaseDbNat(path));

         }


         static CaseDbHandle newCaseDb(String databaseName, CaseDbConnectionInfo info) throws TskCoreException {

                 return new CaseDbHandle(newCaseDbMultiNat(info.getHost(), info.getPort(), info.getUserName(), info.getPassword(), info.getDbType().ordinal(), databaseName));

         }


         static CaseDbHandle openCaseDb(String path) throws TskCoreException {

                 return new CaseDbHandle(openCaseDbNat(path));

         }


         static CaseDbHandle openCaseDb(String databaseName, CaseDbConnectionInfo info) throws TskCoreException {

                 return new CaseDbHandle(openCaseDbMultiNat(info.getHost(), info.getPort(), info.getUserName(), info.getPassword(), info.getDbType().ordinal(), databaseName));

         }


         public static String getVersion() {

                 return getVersionNat();

         }


         public static void startVerboseLogging(String logPath) {

                 startVerboseLoggingNat(logPath);

         }


         public static long openImage(String[] imageFiles) throws TskCoreException {

                 return openImage(imageFiles, true);

         }


         private static long openImage(String[] imageFiles, boolean useCache) throws TskCoreException {


                 long imageHandle;


                 StringBuilder keyBuilder = new StringBuilder();

                 for (int i = 0; i < imageFiles.length; ++i) {

                         keyBuilder.append(imageFiles[i]);

                 }

                 final String imageKey = keyBuilder.toString();


                 synchronized (HandleCache.cacheLock) {

                         // If we're getting a fresh copy, remove any existing cache references

                         if (!useCache && HandleCache.imageHandleCache.containsKey(imageKey)) {

                                 long tempImageHandle = HandleCache.imageHandleCache.get(imageKey);

                                 HandleCache.fsHandleCache.remove(tempImageHandle);

                                 HandleCache.imageHandleCache.remove(imageKey);

                         }


                         if (useCache && HandleCache.imageHandleCache.containsKey(imageKey)) //get from cache

                         {

                                 imageHandle = HandleCache.imageHandleCache.get(imageKey);

                         } else {

                                 //open new handle and cache it

                                 imageHandle = openImgNat(imageFiles, imageFiles.length);

                                 HandleCache.fsHandleCache.put(imageHandle, new HashMap<Long, Long>());

                                 HandleCache.imageHandleCache.put(imageKey, imageHandle);

                         }

                 }

                 return imageHandle;

         }


         public static long openVs(long imgHandle, long vsOffset) throws TskCoreException {

                 return openVsNat(imgHandle, vsOffset);

         }


         //get pointers

         public static long openVsPart(long vsHandle, long volId) throws TskCoreException {

                 //returned long is ptr to vs Handle object in tsk

                 return openVolNat(vsHandle, volId);

         }


         public static long openFs(long imgHandle, long fsOffset) throws TskCoreException {

                 long fsHandle;

                 synchronized (HandleCache.cacheLock) {

                         final Map<Long, Long> imgOffSetToFsHandle = HandleCache.fsHandleCache.get(imgHandle);

                         if (imgOffSetToFsHandle.containsKey(fsOffset)) {

                                 //return cached

                                 fsHandle = imgOffSetToFsHandle.get(fsOffset);

                         } else {

                                 fsHandle = openFsNat(imgHandle, fsOffset);

                                 //cache it

                                 imgOffSetToFsHandle.put(fsOffset, fsHandle);

                         }

                 }

                 return fsHandle;

         }


         public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException {

                 /*

                  * NOTE: previously attrId used to be stored in AbstractFile as (signed)

                  * short even though it is stored as uint16 in TSK. In extremely rare

                  * occurrences attrId can be larger than what a signed short can hold

                  * (2^15). Changes were made to AbstractFile to store attrId as integer.

                  * However, a depricated method still exists in AbstractFile to get

                  * attrId as short. In that method we convert attribute ids that are

                  * larger than 32K to a negative number. Therefore if encountered, we

                  * need to convert negative attribute id to uint16 which is what TSK is

                  * using to store attribute id.

                  */

                 long fileHandle = openFileNat(fsHandle, fileId, attrType.getValue(), convertSignedToUnsigned(attrId));

                 HandleCache.addFileHandle(fileHandle, fsHandle);

                 return fileHandle;

         }


         private static int convertSignedToUnsigned(int val) {

                 if (val >= 0) {

                         return val;

                 }


                 return val & 0xffff;    // convert negative value to positive value

         }


         //do reads

         public static int readImg(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                 //returned byte[] is the data buffer

                 return readImgNat(imgHandle, readBuffer, offset, len);

         }


         public static int readVs(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                 return readVsNat(vsHandle, readBuffer, offset, len);

         }


         public static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                 //returned byte[] is the data buffer

                 return readVolNat(volHandle, readBuffer, offset, len);

         }


         public static int readFs(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                 //returned byte[] is the data buffer

                 return readFsNat(fsHandle, readBuffer, offset, len);

         }


         private enum TSK_FS_FILE_READ_OFFSET_TYPE_ENUM {

                 START_OF_FILE(0),

                 START_OF_SLACK(1);


                 private final int val;


                 TSK_FS_FILE_READ_OFFSET_TYPE_ENUM(int val) {

                         this.val = val;

                 }


                 int getValue() {

                         return val;

                 }

         }


         public static int readFile(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                 if (!HandleCache.isValidFileHandle(fileHandle)) {

                         throw new TskCoreException(HandleCache.INVALID_FILE_HANDLE);

                 }


                 return readFileNat(fileHandle, readBuffer, offset, TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_FILE.getValue(), len);

         }


         public static int readFileSlack(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {

                 if (!HandleCache.isValidFileHandle(fileHandle)) {

                         throw new TskCoreException(HandleCache.INVALID_FILE_HANDLE);

                 }


                 return readFileNat(fileHandle, readBuffer, offset, TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_SLACK.getValue(), len);

         }


         public static List<String> getFileMetaDataText(long fileHandle) throws TskCoreException {

                 if (!HandleCache.isValidFileHandle(fileHandle)) {

                         throw new TskCoreException(HandleCache.INVALID_FILE_HANDLE);

                 }


                 try {

                         java.io.File tmp = java.io.File.createTempFile("tsk", ".txt");


                         saveFileMetaDataTextNat(fileHandle, tmp.getAbsolutePath());


                         FileReader fr = new FileReader(tmp.getAbsolutePath());

                         BufferedReader textReader = new BufferedReader(fr);


                         List<String> lines = new ArrayList<String>();

                         while (true) {

                                 String line = textReader.readLine();

                                 if (line == null) {

                                         break;

                                 }

                                 lines.add(line);

                         }

                         textReader.close();

                         fr.close();

                         tmp.delete();

                         return lines;

                 } catch (IOException ex) {

                         throw new TskCoreException("Error reading istat output: " + ex.getLocalizedMessage());

                 }

         }


         //free pointers

         public static void closeImg(long imgHandle) {

                 //@@@ TODO close the image handle when Case is closed instead

                 //currently the image handle is not being freed, it's cached for duration of the application

                 //closeImgNat(imgHandle);

         }


         public static void closeVs(long vsHandle) {

                 closeVsNat(vsHandle);

         }


         public static void closeFs(long fsHandle) {

                 //@@@ TODO close the fs handle when Case is closed instead

                 //currently the fs handle is not being freed, it's cached for duration of the application

                 //closeFsNat(fsHandle);

         }


         public static void closeFile(long fileHandle) {

                 if (!HandleCache.isValidFileHandle(fileHandle)) {

                         // File handle is not open so this is a no-op.

                         return;

                 }

                 closeFileNat(fileHandle);

                 HandleCache.removeFileHandle(fileHandle);

         }


         public static void createLookupIndexForHashDatabase(int dbHandle) throws TskCoreException {

                 hashDbCreateIndexNat(dbHandle);

         }


         public static boolean hashDatabaseHasLookupIndex(int dbHandle) throws TskCoreException {

                 return hashDbIndexExistsNat(dbHandle);

         }


         public static boolean hashDatabaseCanBeReindexed(int dbHandle) throws TskCoreException {

                 return hashDbIsReindexableNat(dbHandle);

         }


         public static String getHashDatabasePath(int dbHandle) throws TskCoreException {

                 return hashDbPathNat(dbHandle);

         }


         public static String getHashDatabaseIndexPath(int dbHandle) throws TskCoreException {

                 return hashDbIndexPathNat(dbHandle);

         }


         public static int openHashDatabase(String path) throws TskCoreException {

                 return hashDbOpenNat(path);

         }


         public static int createHashDatabase(String path) throws TskCoreException {

                 return hashDbNewNat(path);

         }


         public static void closeAllHashDatabases() throws TskCoreException {

                 hashDbCloseAll();

         }


         public static void closeHashDatabase(int dbHandle) throws TskCoreException {

                 hashDbClose(dbHandle);

         }


         public static String getHashDatabaseDisplayName(int dbHandle) throws TskCoreException {

                 return hashDbGetDisplayName(dbHandle);

         }


         public static boolean lookupInHashDatabase(String hash, int dbHandle) throws TskCoreException {

                 return hashDbLookup(hash, dbHandle);

         }


         public static HashHitInfo lookupInHashDatabaseVerbose(String hash, int dbHandle) throws TskCoreException {

                 return hashDbLookupVerbose(hash, dbHandle);

         }


         public static void addToHashDatabase(String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException {

                 hashDbAddEntryNat(filename, md5, sha1, sha256, comment, dbHandle);

         }


         public static void addToHashDatabase(List<HashEntry> hashes, int dbHandle) throws TskCoreException {

                 hashDbBeginTransactionNat(dbHandle);

                 try {

                         for (HashEntry entry : hashes) {

                                 hashDbAddEntryNat(entry.getFileName(), entry.getMd5Hash(), entry.getSha1Hash(), entry.getSha256Hash(), entry.getComment(), dbHandle);

                         }

                         hashDbCommitTransactionNat(dbHandle);

                 } catch (TskCoreException ex) {

                         try {

                                 hashDbRollbackTransactionNat(dbHandle);

                         } catch (TskCoreException ex2) {

                                 ex2.initCause(ex);

                                 throw ex2;

                         }

                         throw ex;

                 }

         }


         public static boolean isUpdateableHashDatabase(int dbHandle) throws TskCoreException {

                 return hashDbIsUpdateableNat(dbHandle);

         }


         public static boolean hashDatabaseIsIndexOnly(int dbHandle) throws TskCoreException {

                 return hashDbIsIdxOnlyNat(dbHandle);

         }


         private static String timezoneLongToShort(String timezoneLongForm) {

                 if (timezoneLongForm == null || timezoneLongForm.isEmpty()) {

                         return "";

                 }


                 String timezoneShortForm;

                 TimeZone zone = TimeZone.getTimeZone(timezoneLongForm);

                 int offset = zone.getRawOffset() / 1000;

                 int hour = offset / 3600;

                 int min = (offset % 3600) / 60;

                 DateFormat dfm = new SimpleDateFormat("z");

                 dfm.setTimeZone(zone);

                 boolean hasDaylight = zone.useDaylightTime();

                 String first = dfm.format(new GregorianCalendar(2010, 1, 1).getTime()).substring(0, 3); // make it only 3 letters code

                 String second = dfm.format(new GregorianCalendar(2011, 6, 6).getTime()).substring(0, 3); // make it only 3 letters code

                 int mid = hour * -1;

                 timezoneShortForm = first + Integer.toString(mid);

                 if (min != 0) {

                         timezoneShortForm = timezoneShortForm + ":" + (min < 10 ? "0" : "") + Integer.toString(min);

                 }

                 if (hasDaylight) {

                         timezoneShortForm += second;

                 }

                 return timezoneShortForm;

         }


         public static int finishImageWriter(long imgHandle) throws TskCoreException {

                 return finishImageWriterNat(imgHandle);

         }


         public static int getFinishImageProgress(long imgHandle) {

                 return getFinishImageProgressNat(imgHandle);

         }


         public static void cancelFinishImage(long imgHandle) {

                 cancelFinishImageNat(imgHandle);

         }


         public static long findDeviceSize(String devPath) throws TskCoreException {

                 return findDeviceSizeNat(devPath);

         }


         public static boolean isImageSupported(String imagePath) {

                 return isImageSupportedNat(imagePath);

         }


         private static native String getVersionNat();


         private static native void startVerboseLoggingNat(String logPath);


         private static native long newCaseDbNat(String dbPath) throws TskCoreException;


         private static native long newCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName);


         private static native long openCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName);


         private static native long openCaseDbNat(String path) throws TskCoreException;


         private static native void closeCaseDbNat(long db) throws TskCoreException;


         private static native int hashDbOpenNat(String hashDbPath) throws TskCoreException;


         private static native int hashDbNewNat(String hashDbPath) throws TskCoreException;


         private static native int hashDbBeginTransactionNat(int dbHandle) throws TskCoreException;


         private static native int hashDbCommitTransactionNat(int dbHandle) throws TskCoreException;


         private static native int hashDbRollbackTransactionNat(int dbHandle) throws TskCoreException;


         private static native int hashDbAddEntryNat(String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle) throws TskCoreException;


         private static native boolean hashDbIsUpdateableNat(int dbHandle);


         private static native boolean hashDbIsReindexableNat(int dbHandle);


         private static native String hashDbPathNat(int dbHandle);


         private static native String hashDbIndexPathNat(int dbHandle);


         private static native String hashDbGetDisplayName(int dbHandle) throws TskCoreException;


         private static native void hashDbCloseAll() throws TskCoreException;


         private static native void hashDbClose(int dbHandle) throws TskCoreException;


         private static native void hashDbCreateIndexNat(int dbHandle) throws TskCoreException;


         private static native boolean hashDbIndexExistsNat(int dbHandle) throws TskCoreException;


         private static native boolean hashDbIsIdxOnlyNat(int dbHandle) throws TskCoreException;


         private static native boolean hashDbLookup(String hash, int dbHandle) throws TskCoreException;


         private static native HashHitInfo hashDbLookupVerbose(String hash, int dbHandle) throws TskCoreException;


         private static native long initAddImgNat(long db, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;


         private static native long initializeAddImgNat(long db, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException;


         private static native void runOpenAndAddImgNat(long process, String deviceId, String[] imgPath, int splits, String timezone) throws TskCoreException, TskDataException;


         private static native void runAddImgNat(long process, String deviceId, long a_img_info, String timeZone, String imageWriterPath) throws TskCoreException, TskDataException;


         private static native void stopAddImgNat(long process) throws TskCoreException;


         private static native void revertAddImgNat(long process) throws TskCoreException;


         private static native long commitAddImgNat(long process) throws TskCoreException;


         private static native long openImgNat(String[] imgPath, int splits) throws TskCoreException;


         private static native long openVsNat(long imgHandle, long vsOffset) throws TskCoreException;


         private static native long openVolNat(long vsHandle, long volId) throws TskCoreException;


         private static native long openFsNat(long imgHandle, long fsId) throws TskCoreException;


         private static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId) throws TskCoreException;


         private static native int readImgNat(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


         private static native int readVsNat(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


         private static native int readVolNat(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


         private static native int readFsNat(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;


         private static native int readFileNat(long fileHandle, byte[] readBuffer, long offset, int offset_type, long len) throws TskCoreException;


         private static native int saveFileMetaDataTextNat(long fileHandle, String fileName) throws TskCoreException;


         private static native void closeImgNat(long imgHandle);


         private static native void closeVsNat(long vsHandle);


         private static native void closeFsNat(long fsHandle);


         private static native void closeFileNat(long fileHandle);


         private static native long findDeviceSizeNat(String devicePath) throws TskCoreException;


         private static native String getCurDirNat(long process);


         private static native boolean isImageSupportedNat(String imagePath);


         private static native int finishImageWriterNat(long a_img_info);


         private static native int getFinishImageProgressNat(long a_img_info);


         private static native void cancelFinishImageNat(long a_img_info);


 }

org.sleuthkit

org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsUpdateableNat
static native boolean hashDbIsUpdateableNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.readImg
static int readImg(long imgHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:663

org.sleuthkit.datamodel.SleuthkitJNI.commitAddImgNat
static native long commitAddImgNat(long process)

org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabaseIndexPath
static String getHashDatabaseIndexPath(int dbHandle)
Definition: SleuthkitJNI.java:935

org.sleuthkit.datamodel.SleuthkitJNI.closeVsNat
static native void closeVsNat(long vsHandle)

org.sleuthkit.datamodel.SleuthkitJNI.readVs
static int readVs(long vsHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:682

org.sleuthkit.datamodel.SleuthkitJNI.createLookupIndexForHashDatabase
static void createLookupIndexForHashDatabase(int dbHandle)
Definition: SleuthkitJNI.java:882

org.sleuthkit.datamodel.HashHitInfo
Definition: HashHitInfo.java:28

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.caseDbPointer
final long caseDbPointer
Definition: SleuthkitJNI.java:171

org.sleuthkit.datamodel.SleuthkitJNI.startVerboseLoggingNat
static native void startVerboseLoggingNat(String logPath)

org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles, boolean useCache)
Definition: SleuthkitJNI.java:511

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM
Definition: SleuthkitJNI.java:728

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess
Definition: SleuthkitJNI.java:251

org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase
static void addToHashDatabase(String filename, String md5, String sha1, String sha256, String comment, int dbHandle)
Definition: SleuthkitJNI.java:1029

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.imageHandleCache
static final Map< String, Long > imageHandleCache
Definition: SleuthkitJNI.java:79

org.sleuthkit.datamodel.SleuthkitJNI.readImgNat
static native int readImgNat(long imgHandle, byte[] readBuffer, long offset, long len)

org.sleuthkit.datamodel.SleuthkitJNI.createHashDatabase
static int createHashDatabase(String path)
Definition: SleuthkitJNI.java:952

org.sleuthkit.datamodel.SleuthkitJNI.getCurDirNat
static native String getCurDirNat(long process)

org.sleuthkit.datamodel.SleuthkitJNI.closeFs
static void closeFs(long fsHandle)
Definition: SleuthkitJNI.java:855

org.sleuthkit.datamodel.SleuthkitJNI.cancelFinishImage
static void cancelFinishImage(long imgHandle)
Definition: SleuthkitJNI.java:1122

org.sleuthkit.datamodel.TskData
Definition: TskData.java:30

org.sleuthkit.datamodel.SleuthkitJNI.hashDbRollbackTransactionNat
static native int hashDbRollbackTransactionNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.openFile
static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId)
Definition: SleuthkitJNI.java:616

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run
void run(String deviceId, String[] imageFilePaths)
Definition: SleuthkitJNI.java:299

org.sleuthkit.datamodel.SleuthkitJNI.readFile
static int readFile(long fileHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:757

org.sleuthkit.datamodel.SleuthkitJNI.hashDbAddEntryNat
static native int hashDbAddEntryNat(String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.readVsNat
static native int readVsNat(long vsHandle, byte[] readBuffer, long offset, long len)

org.sleuthkit.datamodel.SleuthkitJNI.revertAddImgNat
static native void revertAddImgNat(long process)

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_SLACK
START_OF_SLACK
Definition: SleuthkitJNI.java:730

org.sleuthkit.datamodel.TskDataException
Definition: TskDataException.java:24

org.sleuthkit.datamodel.SleuthkitJNI.finishImageWriter
static int finishImageWriter(long imgHandle)
Definition: SleuthkitJNI.java:1102

org.sleuthkit.datamodel.SleuthkitJNI.runAddImgNat
static native void runAddImgNat(long process, String deviceId, long a_img_info, String timeZone, String imageWriterPath)

org.sleuthkit.datamodel.SleuthkitJNI.cancelFinishImageNat
static native void cancelFinishImageNat(long a_img_info)

org

org.sleuthkit.datamodel.SleuthkitJNI.readFileNat
static native int readFileNat(long fileHandle, byte[] readBuffer, long offset, int offset_type, long len)

org.sleuthkit.datamodel.SleuthkitJNI.lookupInHashDatabaseVerbose
static HashHitInfo lookupInHashDatabaseVerbose(String hash, int dbHandle)
Definition: SleuthkitJNI.java:1013

org.sleuthkit.datamodel.SleuthkitJNI.getVersionNat
static native String getVersionNat()

org.sleuthkit.datamodel.SleuthkitJNI.hashDbIndexExistsNat
static native boolean hashDbIndexExistsNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSizeNat
static native long findDeviceSizeNat(String devicePath)

org.sleuthkit.datamodel.SleuthkitJNI.openVs
static long openVs(long imgHandle, long vsOffset)
Definition: SleuthkitJNI.java:554

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.commit
synchronized long commit()
Definition: SleuthkitJNI.java:360

org.sleuthkit.datamodel.SleuthkitJNI.saveFileMetaDataTextNat
static native int saveFileMetaDataTextNat(long fileHandle, String fileName)

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.stop
synchronized void stop()
Definition: SleuthkitJNI.java:327

org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsIdxOnlyNat
static native boolean hashDbIsIdxOnlyNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.openVolNat
static native long openVolNat(long vsHandle, long volId)

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.tskAutoDbPointer
volatile long tskAutoDbPointer
Definition: SleuthkitJNI.java:257

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.isCanceled
boolean isCanceled
Definition: SleuthkitJNI.java:258

org.sleuthkit.datamodel.SleuthkitJNI.closeFsNat
static native void closeFsNat(long fsHandle)

org.sleuthkit.datamodel.SleuthkitJNI.hashDbClose
static native void hashDbClose(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.fsHandleCache
static final Map< Long, Map< Long, Long > > fsHandleCache
Definition: SleuthkitJNI.java:85

org.sleuthkit.datamodel.SleuthkitJNI.convertSignedToUnsigned
static int convertSignedToUnsigned(int val)
Definition: SleuthkitJNI.java:640

org.sleuthkit.datamodel.SleuthkitJNI.readFsNat
static native int readFsNat(long fsHandle, byte[] readBuffer, long offset, long len)

org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseIsIndexOnly
static boolean hashDatabaseIsIndexOnly(int dbHandle)
Definition: SleuthkitJNI.java:1055

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.revert
synchronized void revert()
Definition: SleuthkitJNI.java:341

org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM
Definition: TskData.java:275

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.fileSystemToFileHandles
static final Map< Long, List< Long > > fileSystemToFileHandles
Definition: SleuthkitJNI.java:93

org.sleuthkit.datamodel.SleuthkitJNI.isImageSupported
static boolean isImageSupported(String imagePath)
Definition: SleuthkitJNI.java:1141

org.sleuthkit.datamodel.SleuthkitJNI.readVsPart
static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:700

org.sleuthkit.datamodel.LibraryUtils.loadSleuthkitJNI
static boolean loadSleuthkitJNI()
Definition: LibraryUtils.java:72

org.sleuthkit.datamodel.SleuthkitJNI.hashDbLookupVerbose
static native HashHitInfo hashDbLookupVerbose(String hash, int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.hashDbCommitTransactionNat
static native int hashDbCommitTransactionNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache
Definition: SleuthkitJNI.java:68

org.sleuthkit.datamodel.SleuthkitJNI.SleuthkitJNI
SleuthkitJNI()
Definition: SleuthkitJNI.java:59

org.sleuthkit.datamodel.SleuthkitJNI.hashDbOpenNat
static native int hashDbOpenNat(String hashDbPath)

org.sleuthkit.datamodel.SleuthkitJNI.closeVs
static void closeVs(long vsHandle)
Definition: SleuthkitJNI.java:845

org.sleuthkit.datamodel.SleuthkitJNI.newCaseDbNat
static native long newCaseDbNat(String dbPath)

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle
Definition: SleuthkitJNI.java:166

org.sleuthkit.datamodel.SleuthkitJNI.openImage
static long openImage(String[] imageFiles)
Definition: SleuthkitJNI.java:492

org.sleuthkit.datamodel.SleuthkitJNI.openImgNat
static native long openImgNat(String[] imgPath, int splits)

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.skipFatFsOrphans
final boolean skipFatFsOrphans
Definition: SleuthkitJNI.java:255

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.val
final int val
Definition: SleuthkitJNI.java:732

org.sleuthkit.datamodel.HashEntry
Definition: HashEntry.java:25

org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSize
static long findDeviceSize(String devPath)
Definition: SleuthkitJNI.java:1137

org.sleuthkit.datamodel.TskCoreException
Definition: TskCoreException.java:25

org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabaseDisplayName
static String getHashDatabaseDisplayName(int dbHandle)
Definition: SleuthkitJNI.java:984

org.sleuthkit.datamodel.SleuthkitJNI.openFileNat
static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId)

org.sleuthkit.datamodel.SleuthkitJNI.closeFileNat
static native void closeFileNat(long fileHandle)

org.sleuthkit.datamodel.SleuthkitJNI.getFileMetaDataText
static List< String > getFileMetaDataText(long fileHandle)
Definition: SleuthkitJNI.java:797

org.sleuthkit.datamodel.SleuthkitJNI.closeImg
static void closeImg(long imgHandle)
Definition: SleuthkitJNI.java:834

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM
TSK_FS_FILE_READ_OFFSET_TYPE_ENUM(int val)
Definition: SleuthkitJNI.java:734

org.sleuthkit.datamodel.SleuthkitJNI.openFs
static long openFs(long imgHandle, long fsOffset)
Definition: SleuthkitJNI.java:587

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.addUnallocSpace
final boolean addUnallocSpace
Definition: SleuthkitJNI.java:254

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.imageWriterPath
final String imageWriterPath
Definition: SleuthkitJNI.java:256

org.sleuthkit.datamodel.SleuthkitJNI.openVsNat
static native long openVsNat(long imgHandle, long vsOffset)

org.sleuthkit.datamodel.SleuthkitJNI.hashDbLookup
static native boolean hashDbLookup(String hash, int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run
void run(String[] imageFilePaths)
Definition: SleuthkitJNI.java:397

org.sleuthkit.datamodel.SleuthkitJNI.readVolNat
static native int readVolNat(long volHandle, byte[] readBuffer, long offset, long len)

org.sleuthkit.datamodel.SleuthkitJNI.timezoneLongToShort
static String timezoneLongToShort(String timezoneLongForm)
Definition: SleuthkitJNI.java:1068

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.addFileHandle
static void addFileHandle(long fileHandle, long fsHandle)
Definition: SleuthkitJNI.java:103

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.currentDirectory
synchronized String currentDirectory()
Definition: SleuthkitJNI.java:377

org.sleuthkit.datamodel.SleuthkitJNI.newCaseDbMultiNat
static native long newCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName)

org.sleuthkit.datamodel.SleuthkitJNI.hashDbCloseAll
static native void hashDbCloseAll()

org.sleuthkit.datamodel.SleuthkitJNI.getFinishImageProgress
static int getFinishImageProgress(long imgHandle)
Definition: SleuthkitJNI.java:1113

org.sleuthkit.datamodel.SleuthkitJNI.openHashDatabase
static int openHashDatabase(String path)
Definition: SleuthkitJNI.java:939

org.sleuthkit.datamodel.SleuthkitJNI.hashDbBeginTransactionNat
static native int hashDbBeginTransactionNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.AddImageProcess
AddImageProcess(String timeZone, boolean addUnallocSpace, boolean skipFatFsOrphans, String imageWriterPath)
Definition: SleuthkitJNI.java:273

org.sleuthkit.datamodel.SleuthkitJNI.closeFile
static void closeFile(long fileHandle)
Definition: SleuthkitJNI.java:866

org.sleuthkit.datamodel.SleuthkitJNI.lookupInHashDatabase
static boolean lookupInHashDatabase(String hash, int dbHandle)
Definition: SleuthkitJNI.java:998

org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseHasLookupIndex
static boolean hashDatabaseHasLookupIndex(int dbHandle)
Definition: SleuthkitJNI.java:895

org.sleuthkit.datamodel.LibraryUtils
Definition: LibraryUtils.java:33

org.sleuthkit.datamodel.SleuthkitJNI.openFsNat
static native long openFsNat(long imgHandle, long fsId)

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_FILE
START_OF_FILE
Definition: SleuthkitJNI.java:729

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.CaseDbHandle
CaseDbHandle(long caseDbPointer)
Definition: SleuthkitJNI.java:179

org.sleuthkit.datamodel.SleuthkitJNI.closeCaseDbNat
static native void closeCaseDbNat(long db)

org.sleuthkit.datamodel.SleuthkitJNI.initAddImgNat
static native long initAddImgNat(long db, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans)

org.sleuthkit.datamodel.SleuthkitJNI.runOpenAndAddImgNat
static native void runOpenAndAddImgNat(long process, String deviceId, String[] imgPath, int splits, String timezone)

org.sleuthkit.datamodel.SleuthkitJNI
Definition: SleuthkitJNI.java:46

org.sleuthkit.datamodel
Definition: AbstractContent.java:19

org.sleuthkit.datamodel.SleuthkitJNI.openVsPart
static long openVsPart(long vsHandle, long volId)
Definition: SleuthkitJNI.java:570

org.sleuthkit.datamodel.SleuthkitJNI.finishImageWriterNat
static native int finishImageWriterNat(long a_img_info)

org.sleuthkit.datamodel.SleuthkitJNI.isImageSupportedNat
static native boolean isImageSupportedNat(String imagePath)

org.sleuthkit.datamodel.SleuthkitJNI.getFinishImageProgressNat
static native int getFinishImageProgressNat(long a_img_info)

org.sleuthkit.datamodel.SleuthkitJNI.readFileSlack
static int readFileSlack(long fileHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:779

org.sleuthkit.datamodel.SleuthkitJNI.isUpdateableHashDatabase
static boolean isUpdateableHashDatabase(int dbHandle)
Definition: SleuthkitJNI.java:1051

org.sleuthkit.datamodel.SleuthkitJNI.hashDbNewNat
static native int hashDbNewNat(String hashDbPath)

org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase
static void addToHashDatabase(List< HashEntry > hashes, int dbHandle)
Definition: SleuthkitJNI.java:1033

org.sleuthkit.datamodel.SleuthkitJNI.stopAddImgNat
static native void stopAddImgNat(long process)

org.sleuthkit.datamodel.SleuthkitJNI.closeAllHashDatabases
static void closeAllHashDatabases()
Definition: SleuthkitJNI.java:962

org.sleuthkit.datamodel.SleuthkitJNI.initializeAddImgNat
static native long initializeAddImgNat(long db, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans)

org.sleuthkit.datamodel.SleuthkitJNI.closeImgNat
static native void closeImgNat(long imgHandle)

org.sleuthkit.datamodel.SleuthkitJNI.hashDatabaseCanBeReindexed
static boolean hashDatabaseCanBeReindexed(int dbHandle)
Definition: SleuthkitJNI.java:909

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.fileHandleCache
static final Set< Long > fileHandleCache
Definition: SleuthkitJNI.java:91

org.sleuthkit.datamodel.SleuthkitJNI.hashDbGetDisplayName
static native String hashDbGetDisplayName(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.hashDbIndexPathNat
static native String hashDbIndexPathNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.closeHandlesAndClearCache
static void closeHandlesAndClearCache()
Definition: SleuthkitJNI.java:130

org.sleuthkit.datamodel.SleuthkitJNI.getVersion
static String getVersion()
Definition: SleuthkitJNI.java:471

org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.getValue
int getValue()
Definition: SleuthkitJNI.java:738

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.INVALID_FILE_HANDLE
static final String INVALID_FILE_HANDLE
Definition: SleuthkitJNI.java:95

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.cacheLock
static final Object cacheLock
Definition: SleuthkitJNI.java:73

org.sleuthkit.datamodel.SleuthkitJNI.openCaseDbMultiNat
static native long openCaseDbMultiNat(String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName)

org.sleuthkit.datamodel.SleuthkitJNI.startVerboseLogging
static void startVerboseLogging(String logPath)
Definition: SleuthkitJNI.java:478

org.sleuthkit.datamodel.SleuthkitJNI.hashDbCreateIndexNat
static native void hashDbCreateIndexNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.hashDbPathNat
static native String hashDbPathNat(int dbHandle)

org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.timeZone
final String timeZone
Definition: SleuthkitJNI.java:253

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.removeFileHandle
static void removeFileHandle(long fileHandle)
Definition: SleuthkitJNI.java:117

org.sleuthkit.datamodel.SleuthkitJNI.readFs
static int readFs(long fsHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:719

org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabasePath
static String getHashDatabasePath(int dbHandle)
Definition: SleuthkitJNI.java:922

org.sleuthkit.datamodel.SleuthkitJNI.HandleCache.isValidFileHandle
static boolean isValidFileHandle(long fileHandle)
Definition: SleuthkitJNI.java:124

org.sleuthkit.datamodel.SleuthkitJNI.closeHashDatabase
static void closeHashDatabase(int dbHandle)
Definition: SleuthkitJNI.java:973

org.sleuthkit.datamodel.SleuthkitJNI.openCaseDbNat
static native long openCaseDbNat(String path)

org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsReindexableNat
static native boolean hashDbIsReindexableNat(int dbHandle)