Sleuth Kit Java Bindings (JNI)  4.6
Java bindings for using The Sleuth Kit
Sample.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2012-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel.Examples;
20 
21 import java.util.ArrayList;
22 import java.util.List;
23 import java.util.UUID;
24 import java.util.logging.Level;
25 import java.util.logging.Logger;
33 
37 public class Sample {
38 
39  public static void run(String imagePath) {
40  try {
41  SleuthkitCase sk = SleuthkitCase.newCase(imagePath + ".db");
42 
43  // initialize the case with an image
44  String timezone = "";
45  AddImageProcess process = sk.makeAddImageProcess(timezone, true, false, "");
46  ArrayList<String> paths = new ArrayList<String>();
47  paths.add(imagePath);
48  try {
49  process.run(UUID.randomUUID().toString(), paths.toArray(new String[paths.size()]), 0);
50  } catch (TskDataException ex) {
51  Logger.getLogger(Sample.class.getName()).log(Level.SEVERE, null, ex);
52  }
53  process.commit();
54 
55  // print out all the images found, and their children
56  List<Image> images = sk.getImages();
57  for (Image image : images) {
58  System.out.println("Found image: " + image.getName());
59  System.out.println("There are " + image.getChildren().size() + " children.");
60  for (Content content : image.getChildren()) {
61  System.out.println('"' + content.getName() + '"' + " is a child of " + image.getName());
62  }
63  }
64 
65  // print out all .txt files found
66  List<AbstractFile> files = sk.findAllFilesWhere("LOWER(name) LIKE LOWER('%.txt')");
67  for (AbstractFile file : files) {
68  System.out.println("Found text file: " + file.getName());
69  }
70 
71  } catch (TskCoreException e) {
72  System.out.println("Exception caught: " + e.getMessage());
73  Sample.usage(e.getMessage());
74 
75  }
76  }
77 
78  public static void usage(String error) {
79  System.out.println("Usage: ant -Dimage:{image string} run-sample");
80  if (error.contains("deleted first")) {
81  System.out.println("A database for the image already exists. Delete it to run this sample again.");
82  } else if (error.contains("unable to open database")) {
83  System.out.println("Image must be encapsulated by double quotes. Ex: ant -Dimage=\"C:\\Users\\You\\image.E01\" run-sample");
84  }
85  }
86 
87  public static void main(String[] args) {
88  Sample.run(args[0]);
89  }
90 }
static void run(String imagePath)
Definition: Sample.java:39
static void main(String[] args)
Definition: Sample.java:87
static void usage(String error)
Definition: Sample.java:78
List< Content > getChildren()
void run(String deviceId, String[] imageFilePaths, int sectorSize)
List< AbstractFile > findAllFilesWhere(String sqlWhereClause)
static SleuthkitCase newCase(String dbPath)
AddImageProcess makeAddImageProcess(String timeZone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageCopyPath)

Copyright © 2011-2018 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.