Sleuth Kit Java Bindings (JNI)
4.6
Java bindings for using The Sleuth Kit
|
Inherits org.sleuthkit.datamodel.AbstractFile.
Classes | |
class | DerivedMethod |
Public Member Functions | |
synchronized DerivedMethod | getDerivedMethod () throws TskCoreException |
boolean | isRoot () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
boolean | canRead () |
void | close () |
long | convertToImgOffset (long fileOffset) throws TskCoreException |
boolean | exists () |
long | getAtime () |
String | getAtimeAsDate () |
int | getAttributeId () |
short | getAttrId () |
TskData.TSK_FS_ATTR_TYPE_ENUM | getAttrType () |
long | getCrtime () |
String | getCrtimeAsDate () |
long | getCtime () |
String | getCtimeAsDate () |
Content | getDataSource () throws TskCoreException |
long | getDataSourceObjectId () |
String | getDirFlagAsString () |
TSK_FS_NAME_TYPE_ENUM | getDirType () |
String | getDirTypeAsString () |
int | getGid () |
TskData.FileKnown | getKnown () |
String | getLocalAbsPath () |
String | getLocalPath () |
String | getMd5Hash () |
long | getMetaAddr () |
String | getMetaFlagsAsString () |
long | getMetaSeq () |
TSK_FS_META_TYPE_ENUM | getMetaType () |
String | getMetaTypeAsString () |
String | getMIMEType () |
String | getModesAsString () |
long | getMtime () |
String | getMtimeAsDate () |
String | getNameExtension () |
String | getParentPath () |
List< TskFileRange > | getRanges () throws TskCoreException |
long | getSize () |
TskData.TSK_DB_FILES_TYPE_ENUM | getType () |
int | getUid () |
boolean | isDir () |
boolean | isDirNameFlagSet (TSK_FS_NAME_FLAG_ENUM flag) |
boolean | isFile () |
boolean | isMetaFlagSet (TSK_FS_META_FLAG_ENUM metaFlag) |
MimeMatchEnum | isMimeType (SortedSet< String > mimeTypes) |
boolean | isModeSet (TskData.TSK_FS_META_MODE_ENUM mode) |
abstract boolean | isRoot () |
boolean | isVirtual () |
List< AbstractFile > | listFiles () throws TskCoreException |
final int | read (byte[] buf, long offset, long len) throws TskCoreException |
void | save () throws TskCoreException |
void | setKnown (TskData.FileKnown knownState) |
void | setMd5Hash (String md5Hash) |
void | setMIMEType (String mimeType) |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
boolean | equals (Object obj) |
ArrayList< BlackboardArtifact > | getAllArtifacts () throws TskCoreException |
long | getAllArtifactsCount () throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (int artifactTypeID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifacts (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
long | getArtifactsCount (String artifactTypeName) throws TskCoreException |
long | getArtifactsCount (int artifactTypeID) throws TskCoreException |
long | getArtifactsCount (ARTIFACT_TYPE type) throws TskCoreException |
List< Content > | getChildren () throws TskCoreException |
int | getChildrenCount () throws TskCoreException |
List< Long > | getChildrenIds () throws TskCoreException |
Content | getDataSource () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact () throws TskCoreException |
BlackboardArtifact | getGenInfoArtifact (boolean create) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Set< String > | getHashSetNames () throws TskCoreException |
long | getId () |
String | getName () |
synchronized Content | getParent () throws TskCoreException |
SleuthkitCase | getSleuthkitCase () |
synchronized String | getUniquePath () throws TskCoreException |
boolean | hasChildren () throws TskCoreException |
int | hashCode () |
BlackboardArtifact | newArtifact (int artifactTypeID) throws TskCoreException |
BlackboardArtifact | newArtifact (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
String | toString () |
String | toString (boolean preserveState) |
Public Member Functions inherited from org.sleuthkit.datamodel.Content | |
long | getArtifactsCount (BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException |
ArrayList< BlackboardAttribute > | getGenInfoAttributes (BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException |
Protected Member Functions | |
DerivedFile (SleuthkitCase db, long objId, String name, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, String md5Hash, FileKnown knownState, String parentPath, String localPath, long parentId) | |
void | finalize () throws Throwable |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
AbstractFile (SleuthkitCase db, long objId, TskData.TSK_FS_ATTR_TYPE_ENUM attrType, short attrId, String name, TskData.TSK_DB_FILES_TYPE_ENUM fileType, long metaAddr, int metaSeq, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, short modes, int uid, int gid, String md5Hash, FileKnown knownState, String parentPath) | |
void | finalize () throws Throwable |
int | readInt (byte[] buf, long offset, long len) throws TskCoreException |
final int | readLocal (byte[] buf, long offset, long len) throws TskCoreException |
void | setLocalPath (String localPath, boolean isAbsolute) |
Protected Member Functions inherited from org.sleuthkit.datamodel.AbstractContent | |
AbstractContent (SleuthkitCase db, long obj_id, String name) | |
Additional Inherited Members | |
Static Public Member Functions inherited from org.sleuthkit.datamodel.AbstractFile | |
static String | createNonUniquePath (String uniquePath) |
static String | epochToTime (long epoch) |
static String | epochToTime (long epoch, TimeZone tzone) |
static long | timeToEpoch (String time) |
Static Public Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
static final long | UNKNOWN_ID = -1 |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractFile | |
final int | attrId |
final TskData.TSK_FS_ATTR_TYPE_ENUM | attrType |
final TSK_FS_NAME_FLAG_ENUM | dirFlag |
final TSK_FS_NAME_TYPE_ENUM | dirType |
final TskData.TSK_DB_FILES_TYPE_ENUM | fileType |
TskData.FileKnown | knownState |
String | md5Hash |
final long | metaAddr |
final Set< TSK_FS_META_FLAG_ENUM > | metaFlags |
final int | metaSeq |
final TSK_FS_META_TYPE_ENUM | metaType |
final Set< TskData.TSK_FS_META_MODE_ENUM > | modes |
final String | parentPath |
long | size |
final int | uid |
Protected Attributes inherited from org.sleuthkit.datamodel.AbstractContent | |
long | parentId |
A representation of a file or directory that has been derived from another file and is stored outside of the data source (e.g., on a user's machine). A typical example of a derived file is a file extracted from an archive file.
Definition at line 36 of file DerivedFile.java.
|
protected |
/** Constructs a representation of a file or directory that has been derived from another file and is stored outside of the data source (e.g., on a user's machine). A typical example of a derived file is a file extracted from an archive file.
db | The case database to which the file has been added. |
objId | The object id of the file in the case database. |
name | The name of the file. |
dirType | The type of the file, usually as reported in the name structure of the file system. May be set to TSK_FS_NAME_TYPE_ENUM.UNDEF. |
metaType | The type of the file, usually as reported in the metadata structure of the file system. May be set to TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF. |
dirFlag | The allocated status of the file, usually as reported in the name structure of the file system. |
metaFlags | The allocated status of the file, usually as reported in the metadata structure of the file system. |
size | The size of the file. |
ctime | The changed time of the file. |
crtime | The created time of the file. |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
md5Hash | The MD5 hash of the file, null if not yet calculated. |
knownState | The known state of the file from a hash database lookup, null if not yet looked up. |
parentPath | The path of the parent of the file. |
localPath | The absolute path of the file in secondary storage. |
parentId | The object id of parent of the file. |
Definition at line 296 of file DerivedFile.java.
References org.sleuthkit.datamodel.AbstractFile.dirFlag, org.sleuthkit.datamodel.AbstractFile.dirType, org.sleuthkit.datamodel.AbstractFile.knownState, org.sleuthkit.datamodel.AbstractFile.md5Hash, org.sleuthkit.datamodel.AbstractFile.metaFlags, org.sleuthkit.datamodel.AbstractFile.metaType, org.sleuthkit.datamodel.TskData.EncodingType.NONE, org.sleuthkit.datamodel.AbstractContent.parentId, org.sleuthkit.datamodel.AbstractFile.parentPath, and org.sleuthkit.datamodel.AbstractFile.size.
|
protected |
Closes this derived file, if it was open.
Throwable |
Definition at line 177 of file DerivedFile.java.
References org.sleuthkit.datamodel.AbstractFile.close().
synchronized DerivedMethod org.sleuthkit.datamodel.DerivedFile.getDerivedMethod | ( | ) | throws TskCoreException |
Gets the method used to derive this file, if it has been recorded.
TskCoreException | if there was an error querying the case database. |
Definition at line 129 of file DerivedFile.java.
References org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase().
boolean org.sleuthkit.datamodel.DerivedFile.isRoot | ( | ) |
Indicates whether or not this derived file is the root of a file system, always returns false.
Definition at line 117 of file DerivedFile.java.
String org.sleuthkit.datamodel.DerivedFile.toString | ( | boolean | preserveState | ) |
Provides a string representation of this derived file.
preserveState | True if state should be included in the string representation of this object. |
Definition at line 193 of file DerivedFile.java.
Copyright © 2011-2018 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.