|
Sleuth Kit Java Bindings (JNI)
4.6
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.6
Java bindings for using The Sleuth Kit
|
Classes | |
| class | CaseDbHandle |
Static Public Member Functions | |
| static void | addToHashDatabase (String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException |
| static void | addToHashDatabase (List< HashEntry > hashes, int dbHandle) throws TskCoreException |
| static void | cancelFinishImage (long imgHandle) |
| static void | closeAllHashDatabases () throws TskCoreException |
| static void | closeFile (long fileHandle) |
| static void | closeFile (long fileHandle, SleuthkitCase skCase) |
| static void | closeFs (long fsHandle) |
| static void | closeHashDatabase (int dbHandle) throws TskCoreException |
| static void | closeImg (long imgHandle) |
| static void | closeVs (long vsHandle) |
| static int | createHashDatabase (String path) throws TskCoreException |
| static void | createLookupIndexForHashDatabase (int dbHandle) throws TskCoreException |
| static long | findDeviceSize (String devPath) throws TskCoreException |
| static int | finishImageWriter (long imgHandle) throws TskCoreException |
| static List< String > | getFileMetaDataText (long fileHandle) throws TskCoreException |
| static int | getFinishImageProgress (long imgHandle) |
| static String | getHashDatabaseDisplayName (int dbHandle) throws TskCoreException |
| static String | getHashDatabaseIndexPath (int dbHandle) throws TskCoreException |
| static String | getHashDatabasePath (int dbHandle) throws TskCoreException |
| static String | getVersion () |
| static boolean | hashDatabaseCanBeReindexed (int dbHandle) throws TskCoreException |
| static boolean | hashDatabaseHasLookupIndex (int dbHandle) throws TskCoreException |
| static boolean | hashDatabaseIsIndexOnly (int dbHandle) throws TskCoreException |
| static boolean | isImageSupported (String imagePath) |
| static boolean | isUpdateableHashDatabase (int dbHandle) throws TskCoreException |
| static boolean | lookupInHashDatabase (String hash, int dbHandle) throws TskCoreException |
| static HashHitInfo | lookupInHashDatabaseVerbose (String hash, int dbHandle) throws TskCoreException |
| static long | openFile (long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, SleuthkitCase skCase) throws TskCoreException |
| static long | openFile (long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException |
| static long | openFs (long imgHandle, long fsOffset, SleuthkitCase skCase) throws TskCoreException |
| static long | openFs (long imgHandle, long fsOffset) throws TskCoreException |
| static int | openHashDatabase (String path) throws TskCoreException |
| static long | openImage (String[] imageFiles, SleuthkitCase skCase) throws TskCoreException |
| static long | openImage (String[] imageFiles, int sSize, SleuthkitCase skCase) throws TskCoreException |
| static long | openImage (String[] imageFiles) throws TskCoreException |
| static long | openImage (String[] imageFiles, int sSize) throws TskCoreException |
| static long | openVs (long imgHandle, long vsOffset) throws TskCoreException |
| static long | openVsPart (long vsHandle, long volId) throws TskCoreException |
| static int | readFile (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readFileSlack (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readFs (long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readImg (long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readVs (long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readVsPart (long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static void | startVerboseLogging (String logPath) |
A utility class that provides a interface to the SleuthKit via JNI. Supports case management, add image process, reading data off content objects Setting up Hash database parameters and updating / reading values
Caches image and filesystem handles and reuses them for the duration of the application
Definition at line 48 of file SleuthkitJNI.java.
|
static |
Adds a hash value to a hash database.
| filename | Name of file (can be null) |
| md5 | Text of MD5 hash (can be null) |
| sha1 | Text of SHA1 hash (can be null) |
| sha256 | Text of SHA256 hash (can be null) |
| comment | A comment (can be null) |
| dbHandle | Handle to DB |
| TskCoreException |
Definition at line 1596 of file SleuthkitJNI.java.
|
static |
Definition at line 1600 of file SleuthkitJNI.java.
|
static |
Cancel the finish image process
| imgHandle |
Definition at line 1708 of file SleuthkitJNI.java.
|
static |
Close the currently open lookup databases. Resets the handle counting.
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1525 of file SleuthkitJNI.java.
|
static |
frees the fileHandle pointer
| fileHandle | pointer to file structure in sleuthkit |
Definition at line 1383 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.close().
|
static |
frees the fileHandle pointer
| fileHandle | pointer to file structure in sleuthkit |
| skCase | the case containing the file |
Definition at line 1393 of file SleuthkitJNI.java.
|
static |
frees the fsHandle pointer Currently does not do anything - fsHandle should only be freed as part of CaseDbHandle.free().
| fsHandle | pointer to file system structure in sleuthkit |
Definition at line 1800 of file SleuthkitJNI.java.
|
static |
Close a particular open lookup database. Existing handles are not affected.
| dbHandle | Handle of database to close. |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1538 of file SleuthkitJNI.java.
|
static |
frees the imgHandle pointer currently does not close the image - imgHandle should only be freed as part of CaseDbHandle.free().
| imgHandle | to close the image |
Definition at line 1779 of file SleuthkitJNI.java.
|
static |
frees the vsHandle pointer - currently does nothing
| vsHandle | pointer to volume system structure in sleuthkit |
Definition at line 1789 of file SleuthkitJNI.java.
|
static |
Creates a hash database. Will be of the default TSK hash database type.
| path | The path to the database |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1515 of file SleuthkitJNI.java.
|
static |
Create an index for a hash database.
| dbHandle | A hash database handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1439 of file SleuthkitJNI.java.
|
static |
Get size of a device (physical, logical device, image) pointed to by devPath
| devPath | device path pointing to the device |
| TskCoreException | exception thrown if the device size could not be queried |
Definition at line 1730 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.getSize().
|
static |
Fills in any gaps in the image created by image writer.
| imgHandle | The image handle. |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1671 of file SleuthkitJNI.java.
|
static |
Get human readable (some what) details about a file. This is the same as the 'istat' TSK tool
| fileHandle | pointer to file structure in the sleuthkit |
| TskCoreException | if errors occurred |
Definition at line 1343 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.getMetaDataText().
|
static |
Get the current progress of the finish image process (0-100)
| imgHandle |
Definition at line 1690 of file SleuthkitJNI.java.
|
static |
Get the name of the database
| dbHandle | Previously opened hash db handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1551 of file SleuthkitJNI.java.
|
static |
getHashDatabaseIndexPath
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1492 of file SleuthkitJNI.java.
|
static |
getHashDatabasePath
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1479 of file SleuthkitJNI.java.
|
static |
get the Sleuth Kit version string
Definition at line 717 of file SleuthkitJNI.java.
|
static |
hashDatabaseCanBeReindexed
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1466 of file SleuthkitJNI.java.
|
static |
Check if an index exists for a hash database.
| dbHandle | A hash database handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 1452 of file SleuthkitJNI.java.
|
static |
Definition at line 1622 of file SleuthkitJNI.java.
|
static |
Definition at line 1734 of file SleuthkitJNI.java.
|
static |
Definition at line 1618 of file SleuthkitJNI.java.
|
static |
Lookup the given hash value and get basic answer
| hash | Hash value to search for. |
| dbHandle | Handle of database to lookup in. |
| TskCoreException |
Definition at line 1565 of file SleuthkitJNI.java.
|
static |
Lookup hash value in DB and return details on results (more time consuming than basic lookup)
| hash | Hash value to search for |
| dbHandle | Handle of database to lookup in. |
| TskCoreException |
Definition at line 1580 of file SleuthkitJNI.java.
|
static |
Get file Handle
| fsHandle | fsHandle pointer in the sleuthkit |
| fileId | id of the file |
| attrType | file attribute type to open |
| attrId | file attribute id to open |
| skCase | the case associated with this file |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1032 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Get file Handle
| fsHandle | fsHandle pointer in the sleuthkit |
| fileId | id of the file |
| attrType | file attribute type to open |
| attrId | file attribute id to open |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1873 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
| imgHandle | pointer to imgHandle in sleuthkit |
| fsOffset | byte offset to the file system |
| skCase | the case containing the file system |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 933 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFs().
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
| imgHandle | pointer to imgHandle in sleuthkit |
| fsOffset | byte offset to the file system |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1854 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openFs().
|
static |
Open a hash database for lookups
| path | Path to Hash DB or index file |
| TskCoreException | if there is an error opening the DB |
Definition at line 1502 of file SleuthkitJNI.java.
|
static |
Open the image and return the image info pointer.
| imageFiles | the paths to the images |
| skCase | the case this image belongs to |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 741 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.getImageHandle(), org.sleuthkit.datamodel.SleuthkitJNI.openImage(), and org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run().
|
static |
Open the image with a specified sector size and return the image info pointer.
| imageFiles | the paths to the images |
| sSize | the sector size (use '0' for autodetect) |
| skCase | the case this image belongs to |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 761 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image and return the image info pointer.
| imageFiles | the paths to the images |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1816 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Open the image with a specified sector size and return the image info pointer.
| imageFiles | the paths to the images |
| sSize | the sector size (use '0' for autodetect) |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1835 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
static |
Get volume system Handle
| imgHandle | a handle to previously opened image |
| vsOffset | byte offset in the image to the volume system (usually 0) |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 838 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle().
|
static |
Get volume Handle
| vsHandle | pointer to the volume system structure in the sleuthkit |
| volId | id of the volume |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 862 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Volume.read().
|
static |
reads data from an file
| fileHandle | pointer to a file structure in the sleuthkit |
| readBuffer | pre-allocated buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1273 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FsContent.readInt().
|
static |
reads data from the slack space of a file
| fileHandle | pointer to a file structure in the sleuthkit |
| readBuffer | pre-allocated buffer to read to |
| offset | byte offset in the slack to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1320 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SlackFile.readInt().
|
static |
reads data from an file system
| fsHandle | pointer to a file system structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1230 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FileSystem.read().
|
static |
reads data from an image
| imgHandle | |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1135 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.read().
|
static |
reads data from an volume system
| vsHandle | pointer to a volume system structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | sector offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1162 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.VolumeSystem.read().
|
static |
reads data from an volume
| volHandle | pointer to a volume structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1206 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Volume.read().
|
static |
Enable verbose logging and redirect stderr to the given log file.
| logPath | the log file path |
Definition at line 726 of file SleuthkitJNI.java.
Copyright © 2011-2018 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
