Sleuth Kit Java Bindings (JNI)  4.6
Java bindings for using The Sleuth Kit
Volume.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2011-2017 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.util.ResourceBundle;
22 import java.util.ArrayList;
23 import java.util.List;
24 
29 public class Volume extends AbstractContent {
30 
31  private long addr;
32  private long startSector; //in sectors, relative to volume system start
33  private long lengthInSectors; //in sectors
34  private long flags;
35  private String desc;
36  private volatile long volumeHandle = 0;
37  private static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
38 
50  protected Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc) {
51  super(db, obj_id, "vol" + Long.toString(addr)); //NON-NLS
52  this.addr = addr;
53  this.startSector = startSector;
54  this.lengthInSectors = lengthInSectors;
55  this.flags = flags;
56  if (!desc.equals("")) {
57  this.desc = desc;
58  } else {
59  this.desc = bundle.getString("Volume.desc.text");
60  }
61  }
62 
63  @Override
64  public int read(byte[] buf, long offset, long len) throws TskCoreException {
65  synchronized (this) {
66  Content myParent = getParent();
67  if (!(myParent instanceof VolumeSystem)) {
68  throw new TskCoreException(bundle.getString("Volume.read.exception.msg1.text"));
69  }
70  VolumeSystem parentVs = (VolumeSystem) myParent;
71 
72  // Reading from APFS volumes/volume systems is not yet supported
73  if (parentVs.getType().equals(TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS)) {
74  throw new TskCoreException("Reading APFS pool volumes not yet supported");
75  }
76 
77  // read from the volume
78  if (volumeHandle == 0) {
79  volumeHandle = SleuthkitJNI.openVsPart(parentVs.getVolumeSystemHandle(), addr);
80  }
81 
82  }
83  return SleuthkitJNI.readVsPart(volumeHandle, buf, offset, len);
84  }
85 
86  @Override
87  public void close() {
88  // there is nothing to free. The VolumeSystem structure
89  // in C++ contains this structure and will free it.
90  volumeHandle = 0;
91  }
92 
93  @Override
94  public void finalize() throws Throwable {
95  try {
96  close();
97  } finally {
98  super.finalize();
99  }
100  }
101 
102  @Override
103  public long getSize() {
104  return lengthInSectors * 512;
105  }
106 
107  @Override
108  public synchronized String getUniquePath() throws TskCoreException {
109  String uniquePath = "";
110  String name = getName();
111  if (!name.isEmpty()) {
112  uniquePath = "/vol_" + name; //NON-NLS
113  }
114 
115  Content myParent = getParent();
116  if (myParent != null) {
117  uniquePath = myParent.getUniquePath() + uniquePath;
118  }
119  return uniquePath;
120  }
121 
122  //methods get exact data from database. could be manipulated to get more
123  //meaningful data.
130  public long getAddr() {
131  return addr;
132  }
133 
140  public long getStart() {
141  return startSector;
142  }
143 
149  public long getLength() {
150  return lengthInSectors;
151  }
152 
158  public long getFlags() {
159  return flags;
160  }
161 
167  public String getFlagsAsString() {
168  return Volume.vsFlagToString(flags);
169  }
170 
177  public String getDescription() {
178  return desc;
179  }
180 
181  // ----- Here all the methods for vs flags conversion / mapping -----
189  public static String vsFlagToValue(long vsFlag) {
190 
191  String result = "";
192 
193  for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()) {
194  if (flag.getVsFlag() == vsFlag) {
195  result = flag.toString();
196  }
197  }
198  return result;
199  }
200 
208  public static long valueToVsFlag(String vsFlag) {
209 
210  long result = 0;
211 
212  for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()) {
213  if (flag.toString().equals(vsFlag)) {
214  result = flag.getVsFlag();
215  }
216  }
217  return result;
218  }
219 
227  public static String vsFlagToString(long vsFlag) {
228 
229  String result = "";
230 
231  long allocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC.getVsFlag();
232  long unallocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC.getVsFlag();
233 
234  // some variables that might be needed in the future
235  long metaFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META.getVsFlag();
236  long allFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL.getVsFlag();
237 
238  if ((vsFlag & allocFlag) == allocFlag) {
239  result = bundle.getString("Volume.vsFlagToString.allocated");
240  }
241  if ((vsFlag & unallocFlag) == unallocFlag) {
242  result = bundle.getString("Volume.vsFlagToString.unallocated");
243  }
244  // ... add more code here if needed
245 
246  return result;
247  }
248 
249  @Override
250  public <T> T accept(SleuthkitItemVisitor<T> v) {
251  return v.visit(this);
252  }
253 
254  @Override
255  public <T> T accept(ContentVisitor<T> v) {
256  return v.visit(this);
257  }
258 
259  @Override
260  public List<Content> getChildren() throws TskCoreException {
261  return getSleuthkitCase().getVolumeChildren(this);
262  }
263 
264  @Override
265  public List<Long> getChildrenIds() throws TskCoreException {
266  return getSleuthkitCase().getVolumeChildrenIds(this);
267  }
268 
274  public List<FileSystem> getFileSystems() throws TskCoreException {
275 
276  List<Content> children = getChildren();
277  List<FileSystem> fileSystems = new ArrayList<FileSystem>();
278  for (Content child : children) {
279  if (child instanceof FileSystem) {
280  fileSystems.add((FileSystem) child);
281  }
282  }
283 
284  return fileSystems;
285  }
286 
287  @Override
288  public String toString(boolean preserveState) {
289  return super.toString(preserveState) + "Volume [\t" + "addr " + addr + "\t" + "desc " + desc + "\t" + "flags " + flags + "\t" + "length " + lengthInSectors + "\t" + "start " + startSector + "]\t"; //NON-NLS
290  }
291 }
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL
TSK_VS_PART_FLAG_ALL
Show all sectors in the walk.
Definition: TskData.java:336
org.sleuthkit.datamodel.AbstractContent.getParent
synchronized Content getParent()
Definition: AbstractContent.java:114
org.sleuthkit.datamodel.Volume.valueToVsFlag
static long valueToVsFlag(String vsFlag)
Definition: Volume.java:208
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC
TSK_VS_PART_FLAG_ALLOC
Sectors are allocated to a volume in the volume system.
Definition: TskData.java:333
org.sleuthkit.datamodel.AbstractContent.getName
String getName()
Definition: AbstractContent.java:62
org.sleuthkit.datamodel.Volume.read
int read(byte[] buf, long offset, long len)
Definition: Volume.java:64
org.sleuthkit.datamodel.Volume.getFileSystems
List< FileSystem > getFileSystems()
Definition: Volume.java:274
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM.TSK_VS_TYPE_APFS
TSK_VS_TYPE_APFS
APFS pool NON-NLS.
Definition: TskData.java:581
org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle
synchronized long getVolumeSystemHandle()
Definition: VolumeSystem.java:100
org.sleuthkit.datamodel.Volume.toString
String toString(boolean preserveState)
Definition: Volume.java:288
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META
TSK_VS_PART_FLAG_META
Sectors contain volume system metadata and could also be ALLOC or UNALLOC.
Definition: TskData.java:335
org.sleuthkit.datamodel.AbstractContent
Definition: AbstractContent.java:36
org.sleuthkit.datamodel.Volume.Volume
Volume(SleuthkitCase db, long obj_id, long addr, long startSector, long lengthInSectors, long flags, String desc)
Definition: Volume.java:50
org.sleuthkit.datamodel.SleuthkitJNI.readVsPart
static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len)
Definition: SleuthkitJNI.java:1206
org.sleuthkit.datamodel.Volume.getChildrenIds
List< Long > getChildrenIds()
Definition: Volume.java:265
org.sleuthkit.datamodel.Volume.vsFlagToValue
static String vsFlagToValue(long vsFlag)
Definition: Volume.java:189
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM
Definition: TskData.java:331
org.sleuthkit.datamodel.Volume.getChildren
List< Content > getChildren()
Definition: Volume.java:260
org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase
SleuthkitCase getSleuthkitCase()
Definition: AbstractContent.java:269
org.sleuthkit.datamodel.Content
Definition: Content.java:32
org.sleuthkit.datamodel.TskData.TSK_VS_TYPE_ENUM
Definition: TskData.java:573
org.sleuthkit.datamodel.SleuthkitJNI.openVsPart
static long openVsPart(long vsHandle, long volId)
Definition: SleuthkitJNI.java:862
org.sleuthkit.datamodel.TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC
TSK_VS_PART_FLAG_UNALLOC
Sectors are not allocated to a volume.
Definition: TskData.java:334
org.sleuthkit.datamodel.Volume.getUniquePath
synchronized String getUniquePath()
Definition: Volume.java:108
org.sleuthkit.datamodel.Volume.vsFlagToString
static String vsFlagToString(long vsFlag)
Definition: Volume.java:227
org.sleuthkit.datamodel.Content.getUniquePath
String getUniquePath()

Copyright © 2011-2018 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.