Sleuth Kit Java Bindings (JNI)  4.9.0
Java bindings for using The Sleuth Kit
org.sleuthkit.datamodel.SleuthkitCase Class Reference

Classes

class  CaseDbConnection
 
class  CaseDbQuery
 
class  CaseDbTransaction
 
interface  ErrorObserver
 
class  ObjectInfo
 

Public Member Functions

void acquireExclusiveLock ()
 
void acquireSharedLock ()
 
void acquireSingleUserCaseReadLock ()
 
void acquireSingleUserCaseWriteLock ()
 
BlackboardAttribute.Type addArtifactAttributeType (String attrTypeString, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName) throws TskCoreException, TskDataException
 
int addArtifactType (String artifactTypeName, String displayName) throws TskCoreException
 
int addAttrType (String attrTypeString, String displayName) throws TskCoreException
 
BlackboardArtifactTag addBlackboardArtifactTag (BlackboardArtifact artifact, TagName tagName, String comment) throws TskCoreException
 
BlackboardArtifact.Type addBlackboardArtifactType (String artifactTypeName, String displayName) throws TskCoreException, TskDataException
 
void addBlackboardAttribute (BlackboardAttribute attr, int artifactTypeId) throws TskCoreException
 
void addBlackboardAttributes (Collection< BlackboardAttribute > attributes, int artifactTypeId) throws TskCoreException
 
LayoutFile addCarvedFile (String carvedFileName, long carvedFileSize, long containerId, List< TskFileRange > data) throws TskCoreException
 
final List< LayoutFileaddCarvedFiles (CarvingResult carvingResult) throws TskCoreException
 
List< LayoutFileaddCarvedFiles (List< CarvedFileContainer > filesToAdd) throws TskCoreException
 
ContentTag addContentTag (Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset) throws TskCoreException
 
DerivedFile addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException
 
DerivedFile addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException
 
void addErrorObserver (ErrorObserver observer)
 
FileSystem addFileSystem (long parentObjId, long imgOffset, TskData.TSK_FS_TYPE_ENUM type, long blockSize, long blockCount, long rootInum, long firstInum, long lastInum, String displayName, CaseDbTransaction transaction) throws TskCoreException
 
FsContent addFileSystemFile (long dataSourceObjId, long fsObjId, String fileName, long metaAddr, int metaSeq, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parent) throws TskCoreException
 
Image addImage (TskData.TSK_IMG_TYPE_ENUM type, long sectorSize, long size, String displayName, List< String > imagePaths, String timezone, String md5, String sha1, String sha256, String deviceId, CaseDbTransaction transaction) throws TskCoreException
 
Image addImageInfo (long deviceObjId, List< String > imageFilePaths, String timeZone) throws TskCoreException
 
final IngestJobInfo addIngestJob (Content dataSource, String hostName, List< IngestModuleInfo > ingestModules, Date jobStart, Date jobEnd, IngestJobStatusType status, String settingsDir) throws TskCoreException
 
final IngestModuleInfo addIngestModule (String displayName, String factoryClassName, IngestModuleType type, String version) throws TskCoreException
 
LayoutFile addLayoutFile (String fileName, long size, TSK_FS_NAME_FLAG_ENUM dirFlag, TSK_FS_META_FLAG_ENUM metaFlag, long ctime, long crtime, long atime, long mtime, List< TskFileRange > fileRanges, Content parent) throws TskCoreException
 
final List< LayoutFileaddLayoutFiles (Content parent, List< TskFileRange > fileRanges) throws TskCoreException
 
LocalDirectory addLocalDirectory (long parentId, String directoryName) throws TskCoreException
 
LocalDirectory addLocalDirectory (long parentId, String directoryName, CaseDbTransaction transaction) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, String md5, FileKnown known, String mimeType, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent, CaseDbTransaction transaction) throws TskCoreException
 
LocalFile addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent) throws TskCoreException
 
LocalFilesDataSource addLocalFilesDataSource (String deviceId, String rootDirectoryName, String timeZone, CaseDbTransaction transaction) throws TskCoreException
 
TagName addOrUpdateTagName (String displayName, String description, TagName.HTML_COLOR color, TskData.FileKnown knownStatus) throws TskCoreException
 
Pool addPool (long parentObjId, TskData.TSK_POOL_TYPE_ENUM type, CaseDbTransaction transaction) throws TskCoreException
 
Report addReport (String localPath, String sourceModuleName, String reportName) throws TskCoreException
 
Report addReport (String localPath, String sourceModuleName, String reportName, Content parent) throws TskCoreException
 
TagName addTagName (String displayName, String description, TagName.HTML_COLOR color) throws TskCoreException
 
VirtualDirectory addVirtualDirectory (long parentId, String directoryName) throws TskCoreException
 
VirtualDirectory addVirtualDirectory (long parentId, String directoryName, CaseDbTransaction transaction) throws TskCoreException
 
Volume addVolume (long parentObjId, long addr, long start, long length, String desc, long flags, CaseDbTransaction transaction) throws TskCoreException
 
VolumeSystem addVolumeSystem (long parentObjId, TskData.TSK_VS_TYPE_ENUM type, long imgOffset, long blockSize, CaseDbTransaction transaction) throws TskCoreException
 
boolean allFilesMd5Hashed ()
 
CaseDbTransaction beginTransaction () throws TskCoreException
 
synchronized void close ()
 
void closeRunQuery (ResultSet resultSet) throws SQLException
 
void copyCaseDB (String newDBPath) throws IOException
 
int countFilesMd5Hashed ()
 
long countFilesWhere (String sqlWhereClause) throws TskCoreException
 
int countFsContentType (TskData.TSK_FS_META_TYPE_ENUM contentType) throws TskCoreException
 
void deleteBlackboardArtifactTag (BlackboardArtifactTag tag) throws TskCoreException
 
void deleteContentTag (ContentTag tag) throws TskCoreException
 
void deleteReport (Report report) throws TskCoreException
 
CaseDbQuery executeInsertOrUpdate (String query) throws TskCoreException
 
CaseDbQuery executeQuery (String query) throws TskCoreException
 
List< Long > findAllFileIdsWhere (String sqlWhereClause) throws TskCoreException
 
List< AbstractFilefindAllFilesWhere (String sqlWhereClause) throws TskCoreException
 
List< AbstractFilefindFiles (Content dataSource, String fileName) throws TskCoreException
 
List< AbstractFilefindFiles (Content dataSource, String fileName, String dirSubString) throws TskCoreException
 
List< AbstractFilefindFiles (Content dataSource, String fileName, AbstractFile parentFile) throws TskCoreException
 
List< AbstractFilefindFilesByMd5 (String md5Hash)
 
List< FsContentfindFilesWhere (String sqlWhereClause) throws TskCoreException
 
AbstractFile getAbstractFileById (long id) throws TskCoreException
 
List< BlackboardArtifactTaggetAllBlackboardArtifactTags () throws TskCoreException
 
List< ContentTaggetAllContentTags () throws TskCoreException
 
List< ReportgetAllReports () throws TskCoreException
 
List< TagNamegetAllTagNames () throws TskCoreException
 
BlackboardArtifact getArtifactByArtifactId (long id) throws TskCoreException
 
BlackboardArtifact getArtifactById (long id) throws TskCoreException
 
BlackboardArtifact.Type getArtifactType (String artTypeName) throws TskCoreException
 
int getArtifactTypeID (String artifactTypeName) throws TskCoreException
 
Iterable< BlackboardArtifact.Type > getArtifactTypes () throws TskCoreException
 
List< BlackboardArtifact.Type > getArtifactTypesInUse () throws TskCoreException
 
BlackboardAttribute.Type getAttributeType (String attrTypeName) throws TskCoreException
 
List< BlackboardAttribute.Type > getAttributeTypes () throws TskCoreException
 
String getAttrTypeDisplayName (int attrTypeID) throws TskCoreException
 
int getAttrTypeID (String attrTypeName) throws TskCoreException
 
String getAttrTypeString (int attrTypeID) throws TskCoreException
 
String getBackupDatabasePath ()
 
Blackboard getBlackboard ()
 
BlackboardArtifact getBlackboardArtifact (long artifactID) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (int artifactTypeID) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String subString, boolean startsWith) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, int value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, long value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, double value) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, byte value) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (String artifactTypeName, long obj_id) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (int artifactTypeID, long obj_id) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (String artifactTypeName) throws TskCoreException
 
ArrayList< BlackboardArtifactgetBlackboardArtifacts (ARTIFACT_TYPE artifactType) throws TskCoreException
 
List< BlackboardArtifactgetBlackboardArtifacts (ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException
 
long getBlackboardArtifactsCount (long objId) throws TskCoreException
 
long getBlackboardArtifactsCount (String artifactTypeName, long obj_id) throws TskCoreException
 
long getBlackboardArtifactsCount (int artifactTypeID, long obj_id) throws TskCoreException
 
long getBlackboardArtifactsCount (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException
 
long getBlackboardArtifactsTypeCount (int artifactTypeID) throws TskCoreException
 
long getBlackboardArtifactsTypeCount (int artifactTypeID, long dataSourceID) throws TskCoreException
 
BlackboardArtifactTag getBlackboardArtifactTagByID (long artifactTagID) throws TskCoreException
 
List< BlackboardArtifactTaggetBlackboardArtifactTagsByArtifact (BlackboardArtifact artifact) throws TskCoreException
 
List< BlackboardArtifactTaggetBlackboardArtifactTagsByTagName (TagName tagName) throws TskCoreException
 
List< BlackboardArtifactTaggetBlackboardArtifactTagsByTagName (TagName tagName, long dsObjId) throws TskCoreException
 
long getBlackboardArtifactTagsCountByTagName (TagName tagName) throws TskCoreException
 
long getBlackboardArtifactTagsCountByTagName (TagName tagName, long dsObjId) throws TskCoreException
 
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypes () throws TskCoreException
 
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypesInUse () throws TskCoreException
 
ArrayList< BlackboardAttributegetBlackboardAttributes (final BlackboardArtifact artifact) throws TskCoreException
 
ArrayList< BlackboardAttribute.ATTRIBUTE_TYPE > getBlackboardAttributeTypes () throws TskCoreException
 
int getBlackboardAttributeTypesCount () throws TskCoreException
 
synchronized CaseDbAccessManager getCaseDbAccessManager () throws TskCoreException
 
CommunicationsManager getCommunicationsManager () throws TskCoreException
 
Content getContentById (long id) throws TskCoreException
 
ContentTag getContentTagByID (long contentTagID) throws TskCoreException
 
List< ContentTaggetContentTagsByContent (Content content) throws TskCoreException
 
List< ContentTaggetContentTagsByTagName (TagName tagName) throws TskCoreException
 
List< ContentTaggetContentTagsByTagName (TagName tagName, long dsObjId) throws TskCoreException
 
long getContentTagsCountByTagName (TagName tagName) throws TskCoreException
 
long getContentTagsCountByTagName (TagName tagName, long dsObjId) throws TskCoreException
 
Examiner getCurrentExaminer () throws TskCoreException
 
String getDatabaseName ()
 
DbType getDatabaseType ()
 
DataSource getDataSource (long objectId) throws TskDataException, TskCoreException
 
List< DataSourcegetDataSources () throws TskCoreException
 
String getDbDirPath ()
 
CaseDbSchemaVersionNumber getDBSchemaCreationVersion ()
 
VersionNumber getDBSchemaVersion ()
 
List< TskFileRangegetFileRanges (long id) throws TskCoreException
 
Collection< FileSystemgetFileSystems (Image image)
 
Image getImageById (long id) throws TskCoreException
 
Collection< FileSystemgetImageFileSystems (Image image) throws TskCoreException
 
Map< Long, List< String > > getImagePaths () throws TskCoreException
 
List< ImagegetImages () throws TskCoreException
 
final List< IngestJobInfogetIngestJobs () throws TskCoreException
 
long getLastObjectId () throws TskCoreException
 
ArrayList< BlackboardArtifactgetMatchingArtifacts (String whereClause) throws TskCoreException
 
ArrayList< BlackboardAttributegetMatchingAttributes (String whereClause) throws TskCoreException
 
Report getReportById (long id) throws TskCoreException
 
List< ContentgetRootObjects () throws TskCoreException
 
int getSchemaVersion ()
 
synchronized TaggingManager getTaggingManager ()
 
List< TagNamegetTagNamesInUse () throws TskCoreException
 
List< TagNamegetTagNamesInUse (long dsObjId) throws TskCoreException
 
TimelineManager getTimelineManager () throws TskCoreException
 
List< VirtualDirectorygetVirtualDirectoryRoots () throws TskCoreException
 
boolean isFileFromSource (Content dataSource, long fileId) throws TskCoreException
 
AddImageProcess makeAddImageProcess (String timeZone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageCopyPath)
 
AddImageProcess makeAddImageProcess (String timezone, boolean addUnallocSpace, boolean noFatFsOrphans)
 
BlackboardArtifact newBlackboardArtifact (int artifactTypeID, long obj_id) throws TskCoreException
 
BlackboardArtifact newBlackboardArtifact (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException
 
List< AbstractFileopenFiles (Content dataSource, String filePath) throws TskCoreException
 
void registerForEvents (Object listener)
 
void releaseExclusiveLock ()
 
void releaseSharedLock ()
 
void releaseSingleUserCaseReadLock ()
 
void releaseSingleUserCaseWriteLock ()
 
void removeErrorObserver (ErrorObserver observer)
 
ResultSet runQuery (String query) throws SQLException
 
void setFileMIMEType (AbstractFile file, String mimeType) throws TskCoreException
 
void setImagePaths (long obj_id, List< String > paths) throws TskCoreException
 
boolean setKnown (AbstractFile file, FileKnown fileKnown) throws TskCoreException
 
void setReviewStatus (BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus) throws TskCoreException
 
void submitError (String context, String errorMessage)
 
void unregisterForEvents (Object listener)
 
DerivedFile updateDerivedFile (DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException
 
void updateImagePath (String newPath, long objectId) throws TskCoreException
 

Static Public Member Functions

static String escapeSingleQuotes (String text)
 
static SleuthkitCase newCase (String dbPath) throws TskCoreException
 
static SleuthkitCase newCase (String caseName, CaseDbConnectionInfo info, String caseDirPath) throws TskCoreException
 
static SleuthkitCase openCase (String dbPath) throws TskCoreException
 
static SleuthkitCase openCase (String databaseName, CaseDbConnectionInfo info, String caseDir) throws TskCoreException
 
static void tryConnect (CaseDbConnectionInfo info) throws TskCoreException
 

Protected Member Functions

void finalize () throws Throwable
 

Detailed Description

Represents the case database with methods that provide abstractions for database operations.

Definition at line 91 of file SleuthkitCase.java.

Member Function Documentation

void org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock ( )

Acquires a write lock, but only if this is a single-user case. Always call this method in a try block with a call to the lock release method in an associated finally block.

Deprecated:
Use acquireSingleUserCaseWriteLock.

Definition at line 12892 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock().

void org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock ( )

Acquires a read lock, but only if this is a single-user case. Call this method in a try block with a call to the lock release method in an associated finally block.

Deprecated:
Use acquireSingleUserCaseReadLock.

Definition at line 12916 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock().

void org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock ( )

Acquires a read lock, but only if this is a single-user case. Call this method in a try block with a call to the lock release method in an associated finally block.

Definition at line 2353 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.TimelineManager.countEventsByType(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getAccountsRelatedToArtifact(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.Blackboard.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getCurrentExaminer(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.TimelineManager.getEventById(), org.sleuthkit.datamodel.TimelineManager.getEventIDs(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForArtifact(), org.sleuthkit.datamodel.TimelineManager.getEvents(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.TimelineManager.getMaxEventTime(), org.sleuthkit.datamodel.TimelineManager.getMinEventTime(), org.sleuthkit.datamodel.CommunicationsManager.getRelatedAccountDeviceInstances(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipCountsPairwise(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount(), org.sleuthkit.datamodel.SleuthkitCase.getReportById(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.TimelineManager.getSpanningInterval(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.TaggingManager.getTagSet(), org.sleuthkit.datamodel.TaggingManager.getTagSets(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.runQuery(), and org.sleuthkit.datamodel.CaseDbAccessManager.select().

void org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock ( )

Acquires a write lock, but only if this is a single-user case. Always call this method in a try block with a call to the lock release method in an associated finally block.

Definition at line 2331 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.CommunicationsManager.addAccountType(), org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.TaggingManager.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addFileSystem(), org.sleuthkit.datamodel.SleuthkitCase.addImage(), org.sleuthkit.datamodel.SleuthkitCase.addIngestJob(), org.sleuthkit.datamodel.SleuthkitCase.addIngestModule(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource(), org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName(), org.sleuthkit.datamodel.SleuthkitCase.addPool(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.TaggingManager.addTagSet(), org.sleuthkit.datamodel.SleuthkitCase.addVolume(), org.sleuthkit.datamodel.SleuthkitCase.addVolumeSystem(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.CaseDbAccessManager.createIndex(), org.sleuthkit.datamodel.CaseDbAccessManager.createTable(), org.sleuthkit.datamodel.CaseDbAccessManager.delete(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.TaggingManager.deleteTagSet(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForContent(), org.sleuthkit.datamodel.AbstractFile.save(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus(), org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForHashSetHit(), and org.sleuthkit.datamodel.SleuthkitCase.updateImagePath().

BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType ( String  attrTypeString,
TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE  valueType,
String  displayName 
) throws TskCoreException, TskDataException

Add an attribute type with the given name

Parameters
attrTypeStringName of the new attribute
valueTypeThe value type of this new attribute type
displayNameThe (non-unique) display name of the attribute type
Returns
the id of the new attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core
TskDataExceptionexception thrown if attribute type was already in the system

Definition at line 4084 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addAttrType(), and org.sleuthkit.datamodel.Blackboard.getOrAddAttributeType().

int org.sleuthkit.datamodel.SleuthkitCase.addArtifactType ( String  artifactTypeName,
String  displayName 
) throws TskCoreException

Adds a custom artifact type. The artifact type name must be unique, but the display name need not be unique.

Parameters
artifactTypeNameThe artifact type name.
displayNameThe artifact type display name.
Returns
The artifact type id assigned to the artifact type.
Exceptions
TskCoreExceptionIf there is an error adding the type to the case database.
Deprecated:
Use SleuthkitCase.addBlackboardArtifactType instead.

Definition at line 12476 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType().

int org.sleuthkit.datamodel.SleuthkitCase.addAttrType ( String  attrTypeString,
String  displayName 
) throws TskCoreException

Adds a custom attribute type with a string value type. The attribute type name must be unique, but the display name need not be unique.

Parameters
attrTypeStringThe attribute type name.
displayNameThe attribute type display name.
Returns
The attribute type id.
Exceptions
TskCoreExceptionIf there is an error adding the type to the case database.
Deprecated:
Use SleuthkitCase.addArtifactAttributeType instead.

Definition at line 12498 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), and org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING.

BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag ( BlackboardArtifact  artifact,
TagName  tagName,
String  comment 
) throws TskCoreException

Inserts a row into the blackboard_artifact_tags table in the case database.

Parameters
artifactThe blackboard artifact to tag.
tagNameThe name to use for the tag.
commentA comment to store with the tag.
Returns
A BlackboardArtifactTag data transfer object (DTO) for the new row.
Exceptions
TskCoreException
Deprecated:
User TaggingManager.addArtifactTag instead.

Definition at line 10154 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), and org.sleuthkit.datamodel.TaggingManager.BlackboardArtifactTagChange.getAddedTag().

BlackboardArtifact.Type org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType ( String  artifactTypeName,
String  displayName 
) throws TskCoreException, TskDataException

Add an artifact type with the given name. Will return an artifact Type.

Parameters
artifactTypeNameSystem (unique) name of artifact
displayNameDisplay (non-unique) name of artifact
Returns
Type of the artifact added
Exceptions
TskCoreExceptionexception thrown if a critical error occurs
TskDataExceptionexception thrown if given data is already in db within tsk core

Definition at line 4294 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType(), and org.sleuthkit.datamodel.Blackboard.getOrAddArtifactType().

void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute ( BlackboardAttribute  attr,
int  artifactTypeId 
) throws TskCoreException

Add a blackboard attribute.

Parameters
attrA blackboard attribute.
artifactTypeIdThe type of artifact associated with the attribute.
Exceptions
TskCoreExceptionthrown if a critical error occurs.

Definition at line 3865 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttribute().

void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes ( Collection< BlackboardAttribute attributes,
int  artifactTypeId 
) throws TskCoreException

Add a set blackboard attributes.

Parameters
attributesA set of blackboard attribute.
artifactTypeIdThe type of artifact associated with the attributes.
Exceptions
TskCoreExceptionthrown if a critical error occurs.

Definition at line 3887 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttributes().

LayoutFile org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile ( String  carvedFileName,
long  carvedFileSize,
long  containerId,
List< TskFileRange data 
) throws TskCoreException

Adds a carved file to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.

Parameters
carvedFileNamethe name of the carved file to add
carvedFileSizethe size of the carved file to add
containerIdthe ID of the parent volume, file system, or image
datathe layout information - a list of offsets that make up this carved file.
Returns
A LayoutFile object representing the carved file.
Exceptions
org.sleuthkit.datamodel.TskCoreException
Deprecated:
Use addCarvedFile(CarvingResult) instead

Definition at line 12695 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), and org.sleuthkit.datamodel.SleuthkitCase.getContentById().

final List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles ( CarvingResult  carvingResult) throws TskCoreException

Adds a carving result to the case database.

Parameters
carvingResultThe carving result (a set of carved files and their parent) to be added.
Returns
A list of LayoutFile representations of the carved files.
Exceptions
TskCoreExceptionIf there is a problem completing a case database operation.

Definition at line 6422 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.Content.getChildren(), org.sleuthkit.datamodel.AbstractContent.getChildren(), org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId(), org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.Content.getParent(), org.sleuthkit.datamodel.VirtualDirectory.NAME_CARVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().

List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles ( List< CarvedFileContainer filesToAdd) throws TskCoreException

Adds a collection of carved files to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.

Parameters
filesToAddA list of CarvedFileContainer files to add as carved files.
Returns
A list of the files added to the database.
Exceptions
org.sleuthkit.datamodel.TskCoreException
Deprecated:
Use addCarvedFile(CarvingResult) instead

Definition at line 12725 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.Content.getId().

ContentTag org.sleuthkit.datamodel.SleuthkitCase.addContentTag ( Content  content,
TagName  tagName,
String  comment,
long  beginByteOffset,
long  endByteOffset 
) throws TskCoreException

Inserts a row into the content_tags table in the case database.

Parameters
contentThe content to tag.
tagNameThe name to use for the tag.
commentA comment to store with the tag.
beginByteOffsetDesignates the beginning of a tagged section.
endByteOffsetDesignates the end of a tagged section.
Returns
A ContentTag data transfer object (DTO) for the new row.
Exceptions
TskCoreException
Deprecated:
Use TaggingManager.addContentTag

Definition at line 9809 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TaggingManager.addContentTag(), and org.sleuthkit.datamodel.TaggingManager.ContentTagChange.getAddedTag().

DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
Content  parentObj,
String  rederiveDetails,
String  toolName,
String  toolVersion,
String  otherDetails,
TskData.EncodingType  encodingType 
) throws TskCoreException

Creates a new derived file object, adds it to database and returns it.

TODO add support for adding derived method

Parameters
fileNamefile name the derived file
localPathlocal path of the derived file, including the file name. The path is relative to the database path.
sizesize of the derived file in bytes
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFilewhether a file or directory, true if a file
parentObjparent content object
rederiveDetailsdetails needed to re-derive file (will be specific to the derivation method), currently unused
toolNamename of derivation method/tool, currently unused
toolVersionversion of derivation method/tool, currently unused
otherDetailsdetails of derivation method/tool, currently unused
encodingTypeType of encoding used on the file (or NONE if no encoding)
Returns
newly created derived file object
Exceptions
TskCoreExceptionexception thrown if the object creation failed due to a critical system error

Definition at line 6628 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.Content.getName(), org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager(), org.sleuthkit.datamodel.Content.getUniquePath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile().

DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
AbstractFile  parentFile,
String  rederiveDetails,
String  toolName,
String  toolVersion,
String  otherDetails 
) throws TskCoreException

Creates a new derived file object, adds it to database and returns it.

TODO add support for adding derived method

Parameters
fileNamefile name the derived file
localPathlocal path of the derived file, including the file name. The path is relative to the database path.
sizesize of the derived file in bytes
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFilewhether a file or directory, true if a file
parentFileparent file object (derived or local file)
rederiveDetailsdetails needed to re-derive file (will be specific to the derivation method), currently unused
toolNamename of derivation method/tool, currently unused
toolVersionversion of derivation method/tool, currently unused
otherDetailsdetails of derivation method/tool, currently unused
Returns
newly created derived file object
Exceptions
TskCoreExceptionexception thrown if the object creation failed due to a critical system error
Deprecated:
Use the newer version with explicit encoding type parameter

Definition at line 12773 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

void org.sleuthkit.datamodel.SleuthkitCase.addErrorObserver ( ErrorObserver  observer)

Add an observer for SleuthkitCase errors.

Parameters
observerThe observer to add.
Deprecated:
Catch exceptions instead.

Definition at line 12235 of file SleuthkitCase.java.

FileSystem org.sleuthkit.datamodel.SleuthkitCase.addFileSystem ( long  parentObjId,
long  imgOffset,
TskData.TSK_FS_TYPE_ENUM  type,
long  blockSize,
long  blockCount,
long  rootInum,
long  firstInum,
long  lastInum,
String  displayName,
CaseDbTransaction  transaction 
) throws TskCoreException

Add a FileSystem to the database.

Parameters
parentObjIdObject ID of the file system's parent
imgOffsetOffset in the image
typeType of file system
blockSizeBlock size
blockCountBlock count
rootInumroot inum
firstInumfirst inum
lastInumlast inum
displayNamedisplay name
transactionCase DB transaction
Returns
the newly created FileSystem
Exceptions
TskCoreException

Definition at line 6093 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.ObjectType.FS, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

FsContent org.sleuthkit.datamodel.SleuthkitCase.addFileSystemFile ( long  dataSourceObjId,
long  fsObjId,
String  fileName,
long  metaAddr,
int  metaSeq,
TSK_FS_ATTR_TYPE_ENUM  attrType,
int  attrId,
TSK_FS_NAME_FLAG_ENUM  dirFlag,
short  metaFlags,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
Content  parent 
) throws TskCoreException

Add a file system file.

Parameters
dataSourceObjIdThe object id of the root data source of this file.
fsObjIdThe file system object id.
fileNameThe name of the file.
metaAddrThe meta address of the file.
metaSeqThe meta address sequence of the file.
attrTypeThe attributed type of the file.
attrIdThe attribute id
dirFlagThe allocated status from the name structure
metaFlags
sizeThe size of the file in bytes.
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFileTrue, unless the file is a directory.
parentThe parent of the file (e.g., a virtual directory)
Returns
Newly created file
Exceptions
TskCoreException

Definition at line 6159 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, and org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.

Image org.sleuthkit.datamodel.SleuthkitCase.addImage ( TskData.TSK_IMG_TYPE_ENUM  type,
long  sectorSize,
long  size,
String  displayName,
List< String >  imagePaths,
String  timezone,
String  md5,
String  sha1,
String  sha256,
String  deviceId,
CaseDbTransaction  transaction 
) throws TskCoreException

Add an image to the database.

Parameters
typeType of image
sectorSizeSector size
sizeImage size
displayNameDisplay name for the image
imagePathsImage path(s)
timezoneTime zone
md5MD5 hash
sha1SHA1 hash
sha256SHA256 hash
deviceIdDevice ID
transactionCase DB transaction
Returns
the newly added Image
Exceptions
TskCoreException

Definition at line 5876 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.ObjectType.IMG, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Image org.sleuthkit.datamodel.SleuthkitCase.addImageInfo ( long  deviceObjId,
List< String >  imageFilePaths,
String  timeZone 
) throws TskCoreException

Adds an image to the case database.

Parameters
deviceObjIdThe object id of the device associated with the image.
imageFilePathsThe image file paths.
timeZoneThe time zone for the image.
Returns
An Image object.
Exceptions
TskCoreExceptionif there is an error adding the image to case database.

Definition at line 8212 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getImageById().

final IngestJobInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestJob ( Content  dataSource,
String  hostName,
List< IngestModuleInfo ingestModules,
Date  jobStart,
Date  jobEnd,
IngestJobStatusType  status,
String  settingsDir 
) throws TskCoreException
Parameters
dataSourceThe datasource the ingest job is being run on
hostNameThe name of the host
ingestModulesThe ingest modules being run during the ingest job. Should be in pipeline order.
jobStartThe time the job started
jobEndThe time the job ended
statusThe ingest job status
settingsDirThe directory of the job's settings
Returns
An information object representing the ingest job added to the database.
Exceptions
TskCoreExceptionIf adding the job to the database fails.

Definition at line 10839 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.IngestModuleInfo.getIngestModuleId(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

final IngestModuleInfo org.sleuthkit.datamodel.SleuthkitCase.addIngestModule ( String  displayName,
String  factoryClassName,
IngestModuleType  type,
String  version 
) throws TskCoreException

Adds the given ingest module to the database.

Parameters
displayNameThe display name of the module
factoryClassNameThe factory class name of the module.
typeThe type of the module.
versionThe version of the module.
Returns
An ingest module info object representing the module added to the db.
Exceptions
TskCoreExceptionWhen the ingest module cannot be added.

Definition at line 10890 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.IngestModuleInfo.IngestModuleType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

LayoutFile org.sleuthkit.datamodel.SleuthkitCase.addLayoutFile ( String  fileName,
long  size,
TSK_FS_NAME_FLAG_ENUM  dirFlag,
TSK_FS_META_FLAG_ENUM  metaFlag,
long  ctime,
long  crtime,
long  atime,
long  mtime,
List< TskFileRange fileRanges,
Content  parent 
) throws TskCoreException

Add a new layout file to the database.

Parameters
fileNameThe name of the file.
sizeThe size of the file in bytes.
dirFlagThe allocated status from the name structure
metaFlagThe allocated status from the metadata structure
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
fileRangesThe byte ranges that belong to this file (relative to start of image)
parentThe parent of the file
Returns
The new LayoutFile
Exceptions
TskCoreException

Definition at line 7104 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.

LocalDirectory org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory ( long  parentId,
String  directoryName 
) throws TskCoreException

Adds a local directory to the database and returns a LocalDirectory object representing it.

Parameters
parentIdthe ID of the parent, or 0 if NULL
directoryNamethe name of the local directory to create
Returns
a LocalDirectory object representing the one added to the database.
Exceptions
TskCoreException

Definition at line 5657 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

LocalDirectory org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory ( long  parentId,
String  directoryName,
CaseDbTransaction  transaction 
) throws TskCoreException
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
TskData.EncodingType  encodingType,
AbstractFile  parent 
) throws TskCoreException

Wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.

Parameters
fileName
localPath
size
ctime
crtime
atime
mtime
isFile
encodingType
parent
Returns
Exceptions
TskCoreException

Definition at line 6860 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
TskData.EncodingType  encodingType,
Content  parent,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.

Parameters
fileNameThe name of the file.
localPathThe absolute path (including the file name) of the local/logical in secondary storage.
sizeThe size of the file in bytes.
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFileTrue, unless the file is a directory.
encodingTypeType of encoding used on the file
parentThe parent of the file (e.g., a virtual directory)
transactionA caller-managed transaction within which the add file operations are performed.
Returns
An object representing the local/logical file.
Exceptions
TskCoreExceptionif there is an error completing a case database operation.

Definition at line 6906 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
String  md5,
FileKnown  known,
String  mimeType,
boolean  isFile,
TskData.EncodingType  encodingType,
Content  parent,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.

Parameters
fileNameThe name of the file.
localPathThe absolute path (including the file name) of the local/logical in secondary storage.
sizeThe size of the file in bytes.
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
md5The MD5 hash of the file
knownThe known status of the file (can be null)
mimeTypeThe MIME type of the file
isFileTrue, unless the file is a directory.
encodingTypeType of encoding used on the file
parentThe parent of the file (e.g., a virtual directory)
transactionA caller-managed transaction within which the add file operations are performed.
Returns
An object representing the local/logical file.
Exceptions
TskCoreExceptionif there is an error completing a case database operation.

Definition at line 6945 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.AbstractFile.getDataSourceObjectId(), org.sleuthkit.datamodel.AbstractFile.getParentPath(), org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
AbstractFile  parent,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a local/logical file to the case database. The database operations are done within a caller-managed transaction; the caller is responsible for committing or rolling back the transaction.

Parameters
fileNameThe name of the file.
localPathThe absolute path (including the file name) of the local/logical in secondary storage.
sizeThe size of the file in bytes.
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFileTrue, unless the file is a directory.
parentThe parent of the file (e.g., a virtual directory)
transactionA caller-managed transaction within which the add file operations are performed.
Returns
An object representing the local/logical file.
Exceptions
TskCoreExceptionif there is an error completing a case database operation.
Deprecated:
Use the newer version with explicit encoding type parameter

Definition at line 12807 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile ( String  fileName,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
AbstractFile  parent 
) throws TskCoreException

Wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.

Parameters
fileName
localPath
size
ctime
crtime
atime
mtime
isFile
parent
Returns
Exceptions
TskCoreException
Deprecated:
Use the newer version with explicit encoding type parameter

Definition at line 12835 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.TskData.EncodingType.NONE.

LocalFilesDataSource org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource ( String  deviceId,
String  rootDirectoryName,
String  timeZone,
CaseDbTransaction  transaction 
) throws TskCoreException

Adds a local/logical files and/or directories data source.

Parameters
deviceIdAn ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID).
rootDirectoryNameThe name for the root virtual directory for the data source.
timeZoneThe time zone used to process the data source, may be the empty string.
transactionA transaction in the scope of which the operation is to be performed, managed by the caller.
Returns
The new local files data source.
Exceptions
TskCoreExceptionif there is an error adding the data source.

Definition at line 5795 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

TagName org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName ( String  displayName,
String  description,
TagName.HTML_COLOR  color,
TskData.FileKnown  knownStatus 
) throws TskCoreException

Inserts row into the tags_names table, or updates the existing row if the displayName already exists in the tag_names table in the case database.

Parameters
displayNameThe display name for the new tag name.
descriptionThe description for the new tag name.
colorThe HTML color to associate with the new tag name.
knownStatusThe TskData.FileKnown value to associate with the new tag name.
Returns
A TagName data transfer object (DTO) for the new row.
Exceptions
TskCoreException

Definition at line 9754 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addTagName().

Pool org.sleuthkit.datamodel.SleuthkitCase.addPool ( long  parentObjId,
TskData.TSK_POOL_TYPE_ENUM  type,
CaseDbTransaction  transaction 
) throws TskCoreException

Add a pool to the database.

Parameters
parentObjIdObject ID of the pool's parent
typeType of pool
transactionCase DB transaction
Returns
the newly created Pool
Exceptions
TskCoreException

Definition at line 6049 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.ObjectType.POOL, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Report org.sleuthkit.datamodel.SleuthkitCase.addReport ( String  localPath,
String  sourceModuleName,
String  reportName 
) throws TskCoreException

Inserts a row into the reports table in the case database.

Parameters
localPathThe path of the report file, must be in the database directory (case directory in Autopsy) or one of its subdirectories.
sourceModuleNameThe name of the module that created the report.
reportNameThe report name.
Returns
A Report object for the new row.
Exceptions
TskCoreException

Definition at line 10537 of file SleuthkitCase.java.

Report org.sleuthkit.datamodel.SleuthkitCase.addReport ( String  localPath,
String  sourceModuleName,
String  reportName,
Content  parent 
) throws TskCoreException

Inserts a row into the reports table in the case database.

Parameters
localPathThe path of the report file, must be in the database directory (case directory in Autopsy) or one of its subdirectories.
sourceModuleNameThe name of the module that created the report.
reportNameThe report name.
parentThe Content from which the report was created, if available.
Returns
A Report object for the new row.
Exceptions
TskCoreException

Definition at line 10556 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.TskData.ObjectType.REPORT.

TagName org.sleuthkit.datamodel.SleuthkitCase.addTagName ( String  displayName,
String  description,
TagName.HTML_COLOR  color 
) throws TskCoreException

Inserts row into the tags_names table in the case database.

Parameters
displayNameThe display name for the new tag name.
descriptionThe description for the new tag name.
colorThe HTML color to associate with the new tag name.
Returns
A TagName data transfer object (DTO) for the new row.
Exceptions
TskCoreException
Deprecated:
addOrUpdateTagName should be used this method calls addOrUpdateTagName with a default knownStatus value

Definition at line 9736 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName(), and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.

VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory ( long  parentId,
String  directoryName 
) throws TskCoreException

Adds a virtual directory to the database and returns a VirtualDirectory object representing it.

Parameters
parentIdthe ID of the parent, or 0 if NULL
directoryNamethe name of the virtual directory to create
Returns
Exceptions
TskCoreException

Definition at line 5463 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().

VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory ( long  parentId,
String  directoryName,
CaseDbTransaction  transaction 
) throws TskCoreException
Volume org.sleuthkit.datamodel.SleuthkitCase.addVolume ( long  parentObjId,
long  addr,
long  start,
long  length,
String  desc,
long  flags,
CaseDbTransaction  transaction 
) throws TskCoreException

Add a volume to the database

Parameters
parentObjIdObject ID of the volume's parent
addrAddress of the volume
startStart of the volume
lengthLength of the volume
descDescription of the volume
flagsFlags
transactionCase DB transaction
Returns
the newly created Volume
Exceptions
TskCoreException

Definition at line 6002 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.DbType.POSTGRESQL, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.TskData.ObjectType.VOL.

VolumeSystem org.sleuthkit.datamodel.SleuthkitCase.addVolumeSystem ( long  parentObjId,
TskData.TSK_VS_TYPE_ENUM  type,
long  imgOffset,
long  blockSize,
CaseDbTransaction  transaction 
) throws TskCoreException

Add a volume system to the database.

Parameters
parentObjIdObject ID of the volume system's parent
typeType of volume system
imgOffsetImage offset
blockSizeBlock size
transactionCase DB transaction
Returns
the newly added VolumeSystem
Exceptions
TskCoreException

Definition at line 5959 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.TskData.ObjectType.VS.

boolean org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed ( )

Query all the files to verify if they have an MD5 hash associated with them.

Returns
true if all files have an MD5 hash

Definition at line 9543 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

void org.sleuthkit.datamodel.SleuthkitCase.closeRunQuery ( ResultSet  resultSet) throws SQLException

Closes ResultSet and its Statement previously retrieved from runQuery()

Parameters
resultSetwith its Statement to close
Exceptions
SQLExceptionof closing the query files failed
Deprecated:
Do not use runQuery() and closeRunQuery(), use executeQuery() instead. Query the Database

Definition at line 12670 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB ( String  newDBPath) throws IOException

Make a duplicate / backup copy of the current case database. Makes a new copy only, and continues to use the current connection.

Parameters
newDBPathPath to the copy to be created. File will be overwritten if it exists.
Exceptions
IOExceptionif copying fails.

Definition at line 970 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

int org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed ( )

Query all the files and counts how many have an MD5 hash.

Returns
the number of files with an MD5 hash

Definition at line 9580 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

long org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere ( String  sqlWhereClause) throws TskCoreException

Count files matching the specific Where clause

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
count of files each of which satisfy the given WHERE clause
Exceptions
TskCoreExceptionQuery the Database

Definition at line 7347 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

int org.sleuthkit.datamodel.SleuthkitCase.countFsContentType ( TskData.TSK_FS_META_TYPE_ENUM  contentType) throws TskCoreException

Return the number of objects in the database of a given file type.

Parameters
contentTypeType of file to count
Returns
Number of objects with that type.
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 9459 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

void org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag ( BlackboardArtifactTag  tag) throws TskCoreException
void org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag ( ContentTag  tag) throws TskCoreException
void org.sleuthkit.datamodel.SleuthkitCase.deleteReport ( Report  report) throws TskCoreException

Deletes a row from the reports table in the case database.

Parameters
reportA Report data transfer object (DTO) for the row to delete.
Exceptions
TskCoreException

Definition at line 10750 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

static String org.sleuthkit.datamodel.SleuthkitCase.escapeSingleQuotes ( String  text)
static

Escape the single quotes in the given string so they can be added to the SQL caseDbConnection

Parameters
text
Returns
text the escaped version

Definition at line 9491 of file SleuthkitCase.java.

CaseDbQuery org.sleuthkit.datamodel.SleuthkitCase.executeInsertOrUpdate ( String  query) throws TskCoreException

This method allows developers to run arbitrary SQL queries, including INSERT and UPDATE. The CaseDbQuery object will take care of acquiring the necessary database lock and when used in a try-with-resources block will automatically take care of releasing the lock. If you do not use a try-with-resources block you must call CaseDbQuery.close() once you are done processing the files of the query.

Also note that if you use it within a transaction to insert something into the database, and then within that same transaction query the inserted item from the database, you will likely not see your inserted item, as the method uses new connections for each execution. With this method, you must close your transaction before successfully querying for newly-inserted items.

Parameters
queryThe query string to execute.
Returns
A CaseDbQuery instance.
Exceptions
TskCoreException

Definition at line 8935 of file SleuthkitCase.java.

CaseDbQuery org.sleuthkit.datamodel.SleuthkitCase.executeQuery ( String  query) throws TskCoreException

This method allows developers to run arbitrary SQL "SELECT" queries. The CaseDbQuery object will take care of acquiring the necessary database lock and when used in a try-with-resources block will automatically take care of releasing the lock. If you do not use a try-with-resources block you must call CaseDbQuery.close() once you are done processing the files of the query.

Also note that if you use it within a transaction to insert something into the database, and then within that same transaction query the inserted item from the database, you will likely not see your inserted item, as the method uses new connections for each execution. With this method, you must close your transaction before successfully querying for newly-inserted items.

Parameters
queryThe query string to execute.
Returns
A CaseDbQuery instance.
Exceptions
TskCoreException

Definition at line 8910 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.finalize ( ) throws Throwable
protected
List<Long> org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere ( String  sqlWhereClause) throws TskCoreException

Find and return list of all (abstract) ids of files matching the specific Where clause

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
a list of file ids each of which satisfy the given WHERE clause
Exceptions
TskCoreExceptionQuery the Database

Definition at line 7415 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere ( String  sqlWhereClause) throws TskCoreException

Find and return list of all (abstract) files matching the specific Where clause. You need to know the database schema to use this, which is outlined on the wiki. You should use enums from org.sleuthkit.datamodel.TskData to make the queries easier to maintain and understand.

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
a list of AbstractFile each of which satisfy the given WHERE clause
Exceptions
TskCoreExceptionQuery the Database

Definition at line 7384 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles ( Content  dataSource,
String  fileName 
) throws TskCoreException
Parameters
dataSourcethe dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileNamePattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
Returns
a list of AbstractFile for files/directories whose name matches the given fileName
Exceptions
TskCoreExceptionthrown if check failed

Definition at line 5394 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.findFiles(), and org.sleuthkit.datamodel.SleuthkitCase.openFiles().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles ( Content  dataSource,
String  fileName,
String  dirSubString 
) throws TskCoreException
Parameters
dataSourcethe dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileNamePattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
dirSubStringSubstring that must exist in parent path. Will be surrounded by % in LIKE query
Returns
a list of AbstractFile for files/directories whose name matches fileName and whose parent directory contains dirName.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 5429 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles ( Content  dataSource,
String  fileName,
AbstractFile  parentFile 
) throws TskCoreException

Find all files in the data source, by name and parent

Parameters
dataSourcethe dataSource (Image, parent-less VirtualDirectory) to search for the given file name
fileNamePattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
parentFileObject for parent file/directory to find children in
Returns
a list of AbstractFile for files/directories whose name matches fileName and that were inside a directory described by parentFile.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 7332 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.findFiles().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5 ( String  md5Hash)

Find all the files with the given MD5 hash.

Parameters
md5Hashhash value to match files with
Returns
List of AbstractFile with the given hash

Definition at line 9506 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<FsContent> org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere ( String  sqlWhereClause) throws TskCoreException

Find and return list of files matching the specific Where clause. Use findAllFilesWhere instead. It returns a more generic data type

Parameters
sqlWhereClausea SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!)
Returns
a list of FsContent each of which satisfy the given WHERE clause
Exceptions
TskCoreException
Deprecated:
use SleuthkitCase.findAllFilesWhere() instead

Definition at line 12386 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

AbstractFile org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById ( long  id) throws TskCoreException

Get abstract file object from tsk_files table by its id

Parameters
idid of the file object in tsk_files table
Returns
AbstractFile object populated, or null if not found.
Exceptions
TskCoreExceptionthrown if critical error occurred within tsk core and file could not be queried

Definition at line 5204 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addAttachments(), org.sleuthkit.datamodel.SleuthkitCase.addLocalDirectory(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags ( ) throws TskCoreException
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags ( ) throws TskCoreException
List<Report> org.sleuthkit.datamodel.SleuthkitCase.getAllReports ( ) throws TskCoreException

Selects all of the rows from the reports table in the case database.

Returns
A list, possibly empty, of Report data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 10632 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames ( ) throws TskCoreException

Selects all of the rows from the tag_names table in the case database.

Returns
A list, possibly empty, of TagName data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 9620 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId ( long  id) throws TskCoreException

Get artifact from blackboard_artifacts table by its artifact_id

Parameters
idArtifact ID of the artifact in blackboard_artifacts table
Returns
Artifact object populated, or null if not found.
Exceptions
TskCoreExceptionthrown if critical error occurred within tsk core and file could not be queried

Definition at line 5291 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.getArtifactById ( long  id) throws TskCoreException

Get artifact from blackboard_artifacts table by its artifact_obj_id

Parameters
idid of the artifact in blackboard_artifacts table
Returns
Artifact object populated, or null if not found.
Exceptions
TskCoreExceptionthrown if critical error occurred within tsk core and file could not be queried

Definition at line 5257 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById().

int org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID ( String  artifactTypeName) throws TskCoreException

Get the artifact type id associated with an artifact type name.

Parameters
artifactTypeNameAn artifact type name.
Returns
An artifact id or -1 if the attribute type does not exist.
Exceptions
TskCoreExceptionIf an error occurs accessing the case database.
Deprecated:
Use getArtifactType instead

Definition at line 12425 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Iterable<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes ( ) throws TskCoreException

Gets a list of all the artifact types for this case

Returns
a list of artifact types
Exceptions
TskCoreExceptionwhen there is an error getting the types

Definition at line 3382 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<BlackboardArtifact.Type> org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse ( ) throws TskCoreException

Gets the list of all unique artifact IDs in use.

Gets both static and dynamic IDs.

Returns
The list of unique IDs
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core

Definition at line 3456 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

BlackboardAttribute.Type org.sleuthkit.datamodel.SleuthkitCase.getAttributeType ( String  attrTypeName) throws TskCoreException

Get the attribute type associated with an attribute type name.

Parameters
attrTypeNameAn attribute type name.
Returns
An attribute type or null if the attribute type does not exist.
Exceptions
TskCoreExceptionIf an error occurs accessing the case database.

Definition at line 4136 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), and org.sleuthkit.datamodel.Blackboard.getOrAddAttributeType().

List<BlackboardAttribute.Type> org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes ( ) throws TskCoreException

Gets a list of all the attribute types for this case

Returns
a list of attribute types
Exceptions
TskCoreExceptionwhen there is an error getting the types

Definition at line 3492 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName ( int  attrTypeID) throws TskCoreException

Get the display name for the attribute with the given id. Will throw an error if that id does not exist

Parameters
attrTypeIDattribute id
Returns
string associated with the given id
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core
Deprecated:
Use getAttributeType instead

Definition at line 12589 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

int org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID ( String  attrTypeName) throws TskCoreException

Gets the attribute type id associated with an attribute type name.

Parameters
attrTypeNameAn attribute type name.
Returns
An attribute id or -1 if the attribute type does not exist.
Exceptions
TskCoreExceptionIf an error occurs accessing the case database.
Deprecated:
Use SleuthkitCase.getAttributeType instead.

Definition at line 12517 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString ( int  attrTypeID) throws TskCoreException

Get the string associated with the given id. Will throw an error if that id does not exist

Parameters
attrTypeIDattribute id
Returns
string associated with the given id
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core
Deprecated:
Use getAttributeType instead

Definition at line 12553 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

String org.sleuthkit.datamodel.SleuthkitCase.getBackupDatabasePath ( )

Returns the path of a backup copy of the database made when a schema version upgrade has occurred.

Returns
The path of the backup file or null if no backup was made.

Definition at line 2285 of file SleuthkitCase.java.

Blackboard org.sleuthkit.datamodel.SleuthkitCase.getBlackboard ( )

Gets the artifacts blackboard for this case.

Returns
The per case Blackboard object.

Definition at line 457 of file SleuthkitCase.java.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( int  artifactTypeID) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters
artifactTypeIDartifact type id (must exist in database)
Returns
list of blackboard artifacts.
Exceptions
TskCoreException

Definition at line 2972 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.CommunicationsManager.getAccountFileInstances(), org.sleuthkit.datamodel.Report.getArtifacts(), org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), and org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
String  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 3094 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
String  subString,
boolean  startsWith 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and String value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
subStringvalue substring of the string attribute of the attrType type to look for
startsWithif true, the artifact attribute string should start with the substring, if false, it should just contain it
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 3145 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
int  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and integer value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 3197 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
long  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and long value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 3245 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
double  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and double value. Does not included rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 3293 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
byte  value 
) throws TskCoreException

Get all blackboard artifacts that have an attribute of the given type and byte value. Does not include rejected artifacts.

Parameters
attrTypeattribute of this attribute type to look for in the artifacts
valuevalue of the attribute of the attrType type to look for
Returns
a list of blackboard artifacts with such an attribute
Exceptions
TskCoreExceptionexception thrown if a critical error occurred within tsk core and artifacts could not be queried

Definition at line 3341 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( String  artifactTypeName,
long  obj_id 
) throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters
artifactTypeNameartifact type name
obj_idobject id
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3646 of file SleuthkitCase.java.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( int  artifactTypeID,
long  obj_id 
) throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters
artifactTypeIDartifact type id (must exist in database)
obj_idobject id
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3662 of file SleuthkitCase.java.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( ARTIFACT_TYPE  artifactType,
long  obj_id 
) throws TskCoreException

Get all blackboard artifacts of a given type for the given object id. Does not included rejected artifacts.

Parameters
artifactTypeartifact type enum
obj_idobject id
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3678 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( String  artifactTypeName) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters
artifactTypeNameartifact type name
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3745 of file SleuthkitCase.java.

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( ARTIFACT_TYPE  artifactType) throws TskCoreException

Get all blackboard artifacts of a given type. Does not included rejected artifacts.

Parameters
artifactTypeartifact type enum
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3760 of file SleuthkitCase.java.

List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts ( ARTIFACT_TYPE  artifactType,
BlackboardAttribute.ATTRIBUTE_TYPE  attrType,
String  value 
) throws TskCoreException

Get all blackboard artifacts of a given type with an attribute of a given type and String value. Does not included rejected artifacts.

Parameters
artifactTypeartifact type enum
attrTypeattribute type enum
valueString value of attribute
Returns
list of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3777 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.REJECTED, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( long  objId) throws TskCoreException
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( String  artifactTypeName,
long  obj_id 
) throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters
artifactTypeNameartifact type name
obj_idobject id
Returns
count of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3694 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( int  artifactTypeID,
long  obj_id 
) throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters
artifactTypeIDartifact type id (must exist in database)
obj_idobject id
Returns
count of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3714 of file SleuthkitCase.java.

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount ( ARTIFACT_TYPE  artifactType,
long  obj_id 
) throws TskCoreException

Get count of all blackboard artifacts of a given type for the given object id. Does not include rejected artifacts.

Parameters
artifactTypeartifact type enum
obj_idobject id
Returns
count of blackboard artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3730 of file SleuthkitCase.java.

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount ( int  artifactTypeID) throws TskCoreException

Get a count of artifacts of a given type. Does not include rejected artifacts.

Parameters
artifactTypeIDId of the artifact type.
Returns
The artifacts count for the type.
Exceptions
TskCoreException

Definition at line 3020 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount ( int  artifactTypeID,
long  dataSourceID 
) throws TskCoreException

Get a count of artifacts of a given type for the given data source. Does not include rejected artifacts.

Parameters
artifactTypeIDId of the artifact type.
dataSourceID
Returns
The artifacts count for the type.
Exceptions
TskCoreException

Definition at line 3055 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID ( long  artifactTagID) throws TskCoreException

Selects the row in the blackboard artifact tags table in the case database with a specified tag id.

Parameters
artifactTagIDthe tag id of the BlackboardArtifactTag to retrieve.
Returns
the BlackBoardArtifact Tag with the given tag id, or null if no such tag could be found
Exceptions
TskCoreException

Definition at line 10414 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact ( BlackboardArtifact  artifact) throws TskCoreException

Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the blackboard_artifacts table.

Parameters
artifactA data transfer object (DTO) for the artifact to match.
Returns
A list, possibly empty, of BlackboardArtifactTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 10464 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().

Referenced by org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted().

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName ( TagName  tagName) throws TskCoreException

Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
A list, possibly empty, of BlackboardArtifactTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 10315 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName ( TagName  tagName,
long  dsObjId 
) throws TskCoreException

Gets artifact tags by tag name, for specified data source.

Parameters
tagNameThe representation of the desired tag type in the case database, which can be obtained by calling getTagNames and/or addTagName.
dsObjIddata source object id
Returns
A list, possibly empty, of the artifact tags with the specified tag name, for the specified data source.
Exceptions
TskCoreExceptionIf there is an error getting the tags from the case database.

Definition at line 10363 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName ( TagName  tagName) throws TskCoreException

Gets a count of the rows in the blackboard_artifact_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
The count, possibly zero.
Exceptions
TskCoreException

Definition at line 10231 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName ( TagName  tagName,
long  dsObjId 
) throws TskCoreException

Gets an artifact tags count by tag name, for the given data source.

Parameters
tagNameThe representation of the desired tag type in the case database, which can be obtained by calling getTagNames and/or addTagName.
dsObjIddata source object id
Returns
A count of the artifact tags with the specified tag name, for the given data source.
Exceptions
TskCoreExceptionIf there is an error getting the tags count from the case database.

Definition at line 10272 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes ( ) throws TskCoreException

Gets a list of the standard blackboard artifact type enum objects.

Returns
The members of the BlackboardArtifact.ARTIFACT_TYPE enum.
Exceptions
TskCoreExceptionSpecified, but not thrown.
Deprecated:
For a list of standard blackboard artifacts type enum objects, use BlackboardArtifact.ARTIFACT_TYPE.values.

Definition at line 12458 of file SleuthkitCase.java.

ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse ( ) throws TskCoreException
ArrayList<BlackboardAttribute.ATTRIBUTE_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes ( ) throws TskCoreException

Gets a list of the standard blackboard attribute type enum objects.

Returns
The members of the BlackboardAttribute.ATTRIBUTE_TYPE enum.
Exceptions
TskCoreExceptionSpecified, but not thrown.
Deprecated:
For a list of standard blackboard attribute types enum objects, use BlackboardAttribute.ATTRIBUTE_TYP.values.

Definition at line 12622 of file SleuthkitCase.java.

int org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount ( ) throws TskCoreException

Get count of blackboard attribute types

Counts both static (in enum) and dynamic attributes types (created by modules at runtime)

Returns
count of attribute types
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within TSK core

Definition at line 3527 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

synchronized CaseDbAccessManager org.sleuthkit.datamodel.SleuthkitCase.getCaseDbAccessManager ( ) throws TskCoreException

Definition at line 479 of file SleuthkitCase.java.

CommunicationsManager org.sleuthkit.datamodel.SleuthkitCase.getCommunicationsManager ( ) throws TskCoreException

Gets the communications manager for this case.

Returns
The per case CommunicationsManager object.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 448 of file SleuthkitCase.java.

Content org.sleuthkit.datamodel.SleuthkitCase.getContentById ( long  id) throws TskCoreException

Get content object by content id

Parameters
idto get content object for
Returns
instance of a Content object (one of its subclasses), or null if not found.
Exceptions
TskCoreExceptionthrown if critical error occurred within tsk core

Definition at line 4942 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getReportById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().

Referenced by org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.AbstractFile.getDataSource(), org.sleuthkit.datamodel.BlackboardArtifact.getDataSource(), org.sleuthkit.datamodel.AccountFileInstance.getFile(), org.sleuthkit.datamodel.AbstractContent.getParent(), org.sleuthkit.datamodel.Report.getParent(), org.sleuthkit.datamodel.BlackboardArtifact.getParent(), and org.sleuthkit.datamodel.SleuthkitCase.getReportById().

ContentTag org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID ( long  contentTagID) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified tag id.

Parameters
contentTagIDthe tag id of the ContentTag to retrieve.
Returns
The content tag.
Exceptions
TskCoreException

Definition at line 9968 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent ( Content  content) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified foreign key into the tsk_objects table.

Parameters
contentA data transfer object (DTO) for the content to match.
Returns
A list, possibly empty, of ContentTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 10106 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().

Referenced by org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted().

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName ( TagName  tagName) throws TskCoreException

Selects the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
A list, possibly empty, of ContentTag data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 10015 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName ( TagName  tagName,
long  dsObjId 
) throws TskCoreException

Gets content tags by tag name, for the given data source.

Parameters
tagNameThe tag name of interest.
dsObjIddata source object id
Returns
A list, possibly empty, of the content tags with the specified tag name, and for the given data source.
Exceptions
TskCoreExceptionIf there is an error getting the tags from the case database.

Definition at line 10060 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

long org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName ( TagName  tagName) throws TskCoreException

Gets a count of the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.

Parameters
tagNameA data transfer object (DTO) for the tag name to match.
Returns
The count, possibly zero.
Exceptions
TskCoreException

Definition at line 9883 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

long org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName ( TagName  tagName,
long  dsObjId 
) throws TskCoreException

Gets content tags count by tag name, for the given data source

Parameters
tagNameThe representation of the desired tag type in the case database, which can be obtained by calling getTagNames and/or addTagName.
dsObjIddata source object id
Returns
A count of the content tags with the specified tag name, and for the given data source
Exceptions
TskCoreExceptionIf there is an error getting the tags count from the case database.

Definition at line 9925 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

String org.sleuthkit.datamodel.SleuthkitCase.getDatabaseName ( )

Gets the case database name.

Returns
The case database name.

Definition at line 2312 of file SleuthkitCase.java.

DataSource org.sleuthkit.datamodel.SleuthkitCase.getDataSource ( long  objectId) throws TskDataException, TskCoreException

Gets a specific data source for the case. If it is an image, an Image will be instantiated. Otherwise, a LocalFilesDataSource will be instantiated.

NOTE: The DataSource class is an emerging feature and at present is only useful for obtaining the object id and the data source identifier, an ASCII-printable identifier for the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.

Parameters
objectIdThe object id of the data source.
Returns
The data source.
Exceptions
TskDataExceptionIf there is no data source for the given object id.
TskCoreExceptionIf there is a problem getting the data source.

Definition at line 2883 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.

List<DataSource> org.sleuthkit.datamodel.SleuthkitCase.getDataSources ( ) throws TskCoreException

Gets the data sources for the case. For each data source, if it is an image, an Image will be instantiated. Otherwise, a LocalFilesDataSource will be instantiated.

NOTE: The DataSource interface is an emerging feature and at present is only useful for obtaining the object id and the device id, an ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). In the future, this method will be a replacement for the getRootObjects method.

Returns
A list of the data sources for the case.
Exceptions
TskCoreExceptionif there is a problem getting the data sources.

Definition at line 2779 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.Content.close(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.

String org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath ( )

Get the full path to the case directory. For a SQLite case database, this is the same as the database directory path.

Returns
Case directory path.

Definition at line 2322 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), and org.sleuthkit.datamodel.SleuthkitCase.getReportById().

CaseDbSchemaVersionNumber org.sleuthkit.datamodel.SleuthkitCase.getDBSchemaCreationVersion ( )

Gets the creation version of the database schema.

Returns
the creation version for the database schema, the creation version will be 0.0 for databases created prior to 8.2

Definition at line 2266 of file SleuthkitCase.java.

VersionNumber org.sleuthkit.datamodel.SleuthkitCase.getDBSchemaVersion ( )

Gets the database schema version in use.

Returns
the database schema version in use.

Definition at line 2256 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion().

List<TskFileRange> org.sleuthkit.datamodel.SleuthkitCase.getFileRanges ( long  id) throws TskCoreException

Get file layout ranges from tsk_file_layout, for a file with specified id

Parameters
idof the file to get file layout ranges for
Returns
list of populated file ranges
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 7480 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Referenced by org.sleuthkit.datamodel.AbstractFile.getRanges().

Collection<FileSystem> org.sleuthkit.datamodel.SleuthkitCase.getFileSystems ( Image  image)

Helper to return FileSystems in an Image

Parameters
imageImage to lookup FileSystem for
Returns
Collection of FileSystems in the image
Deprecated:
Use getImageFileSystems which throws an exception if an error occurs.

Definition at line 12875 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.AbstractContent.getId(), and org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems().

Image org.sleuthkit.datamodel.SleuthkitCase.getImageById ( long  id) throws TskCoreException
Collection<FileSystem> org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems ( Image  image) throws TskCoreException
Map<Long, List<String> > org.sleuthkit.datamodel.SleuthkitCase.getImagePaths ( ) throws TskCoreException

Returns a map of image object IDs to a list of fully qualified file paths for that image

Returns
map of image object IDs to file paths
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 8226 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

Referenced by org.sleuthkit.datamodel.SleuthkitCase.getDataSources().

List<Image> org.sleuthkit.datamodel.SleuthkitCase.getImages ( ) throws TskCoreException
final List<IngestJobInfo> org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs ( ) throws TskCoreException

Gets all of the ingest jobs that have been run.

Returns
The information about the ingest jobs that have been run
Exceptions
TskCoreExceptionIf there is a problem getting the ingest jobs

Definition at line 10947 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.IngestJobInfo.IngestJobStatusType.fromID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

long org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId ( ) throws TskCoreException

Get last (max) object id of content object in tsk_objects.

Returns
currently max id
Exceptions
TskCoreExceptionexception thrown when database error occurs and last object id could not be queried
Deprecated:
Do not use, assumes a single-threaded, single-user case.

Definition at line 12350 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts ( String  whereClause) throws TskCoreException

Get all artifacts that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables

Parameters
whereClausea sqlite where clause
Returns
a list of matching artifacts
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core Query the Database

Definition at line 4453 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.BlackboardArtifact.ReviewStatus.withID().

Referenced by org.sleuthkit.datamodel.Report.getAllArtifacts(), and org.sleuthkit.datamodel.AbstractContent.getAllArtifacts().

ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes ( String  whereClause) throws TskCoreException

Get all attributes that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables

Parameters
whereClausea sqlite where clause
Returns
a list of matching attributes
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core Query the Database

Definition at line 4399 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

List<Content> org.sleuthkit.datamodel.SleuthkitCase.getRootObjects ( ) throws TskCoreException

Get the list of root objects (data sources) from the case database, e.g., image files, logical (local) files, virtual directories.

Returns
List of content objects representing root objects.
Exceptions
TskCoreException

Definition at line 2665 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().

int org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion ( )

Returns case database schema version number. As of TSK 4.5.0 db schema versions are two part Major.minor. This method only returns the major part. Use getDBSchemaVersion() for the complete version.

Returns
The schema version number as an integer.
Deprecated:
since 4.5.0 Use getDBSchemaVersion() instead for more complete version info.

Definition at line 2247 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getDBSchemaVersion(), and org.sleuthkit.datamodel.VersionNumber.getMajor().

synchronized TaggingManager org.sleuthkit.datamodel.SleuthkitCase.getTaggingManager ( )

Get the case database TaggingManager object.

Returns
The per case TaggingManager object.

Definition at line 488 of file SleuthkitCase.java.

List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse ( ) throws TskCoreException

Selects all of the rows from the tag_names table in the case database for which there is at least one matching row in the content_tags or blackboard_artifact_tags tables.

Returns
A list, possibly empty, of TagName data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 9654 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().

List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse ( long  dsObjId) throws TskCoreException

Selects all of the rows from the tag_names table in the case database for which there is at least one matching row in the content_tags or blackboard_artifact_tags tables, for the given data source object id.

Parameters
dsObjIddata source object id
Returns
A list, possibly empty, of TagName data transfer objects (DTOs) for the rows.
Exceptions
TskCoreException

Definition at line 9690 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.FileKnown.valueOf().

TimelineManager org.sleuthkit.datamodel.SleuthkitCase.getTimelineManager ( ) throws TskCoreException
List<VirtualDirectory> org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots ( ) throws TskCoreException

Get IDs of the virtual folder roots (at the same level as image), used for containers such as for local files.

Returns
IDs of virtual directory root objects.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 6258 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock(), and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.

boolean org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource ( Content  dataSource,
long  fileId 
) throws TskCoreException

Checks if the file is a (sub)child of the data source (parentless Content object such as Image or VirtualDirectory representing filesets)

Parameters
dataSourcedataSource to check
fileIdid of file to check
Returns
true if the file is in the dataSource hierarchy
Exceptions
TskCoreExceptionthrown if check failed

Definition at line 5362 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess ( String  timeZone,
boolean  addUnallocSpace,
boolean  noFatFsOrphans,
String  imageCopyPath 
)

Starts the multi-step process of adding an image data source to the case by creating an object that can be used to control the process and get progress messages from it.

Parameters
timeZoneThe time zone of the image.
addUnallocSpaceSet to true to create virtual files for unallocated space in the image.
noFatFsOrphansSet to true to skip processing orphan files of FAT file systems.
imageCopyPathPath to which a copy of the image should be written. Use the empty string to disable image writing.
Returns
An object that encapsulates control of adding an image via the SleuthKit native code layer.

Definition at line 2653 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess ( String  timezone,
boolean  addUnallocSpace,
boolean  noFatFsOrphans 
)

Start process of adding a image to the case. Adding an image is a multi-step process and this returns an object that allows it to happen.

Parameters
timezoneTZ time zone string to use for ingest of image.
addUnallocSpaceSet to true to create virtual files for unallocated space in the image.
noFatFsOrphansSet to true to skip processing orphan files of FAT file systems.
Returns
Object that encapsulates control of adding an image via the SleuthKit native code layer
Deprecated:
Use the newer version with explicit image writer path parameter

Definition at line 12860 of file SleuthkitCase.java.

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact ( int  artifactTypeID,
long  obj_id 
) throws TskCoreException

Add a new blackboard artifact with the given type. If that artifact type does not exist an error will be thrown. The artifact type name can be looked up in the returned blackboard artifact.

Parameters
artifactTypeIDthe type the given artifact should have
obj_idthe content object id associated with this artifact
Returns
a new blackboard artifact
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core

Definition at line 4498 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.getArtifactType().

Referenced by org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact(), org.sleuthkit.datamodel.Report.newArtifact(), org.sleuthkit.datamodel.AbstractContent.newArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().

BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact ( ARTIFACT_TYPE  artifactType,
long  obj_id 
) throws TskCoreException

Add a new blackboard artifact with the given type.

Parameters
artifactTypethe type the given artifact should have
obj_idthe content object id associated with this artifact
Returns
a new blackboard artifact
Exceptions
TskCoreExceptionexception thrown if a critical error occurs within tsk core

Definition at line 4514 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.newCase ( String  dbPath) throws TskCoreException
static

Creates a new SQLite case database.

Parameters
dbPathPath to where SQlite case database should be created.
Returns
A case database object.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 2439 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.Examples.Sample.run().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.newCase ( String  caseName,
CaseDbConnectionInfo  info,
String  caseDirPath 
) throws TskCoreException
static

Creates a new PostgreSQL case database.

Parameters
caseNameThe name of the case. It will be used to create a case database name that can be safely used in SQL commands and will not be subject to name collisions on the case database server. Use getDatabaseName to get the created name.
infoThe information to connect to the database.
caseDirPathThe case directory path.
Returns
A case database object.
Exceptions
org.sleuthkit.datamodel.TskCoreException

The flow of this method involves trying to create a new case and if successful, return that case. If unsuccessful, an exception is thrown. We catch any exceptions, and use tryConnect() to attempt to obtain further information about the error. If tryConnect() is unable to successfully connect, tryConnect() will throw a TskCoreException with a message containing user-level error reporting. If tryConnect() is able to connect, flow continues and we rethrow the original exception obtained from trying to create the case. In this way, we obtain more detailed information if we are able, but do not lose any information if unable.

Definition at line 2466 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.tryConnect().

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.openCase ( String  dbPath) throws TskCoreException
static

Open an existing case database.

Parameters
dbPathPath to SQLite case database.
Returns
Case database object.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 2379 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

static SleuthkitCase org.sleuthkit.datamodel.SleuthkitCase.openCase ( String  databaseName,
CaseDbConnectionInfo  info,
String  caseDir 
) throws TskCoreException
static

Open an existing multi-user case database.

Parameters
databaseNameThe name of the database.
infoConnection information for the the database.
caseDirThe folder where the case metadata fils is stored.
Returns
A case database object.
Exceptions
TskCoreExceptionIf there is a problem opening the database.

Definition at line 2402 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.tryConnect().

List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.openFiles ( Content  dataSource,
String  filePath 
) throws TskCoreException
Parameters
dataSourcethe data source (Image, VirtualDirectory for file-sets, etc) to search for the given file name
filePathThe full path to the file(s) of interest. This can optionally include the image and volume names. Treated in a case- insensitive manner.
Returns
a list of AbstractFile that have the given file path.
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 7449 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.AbstractFile.createNonUniquePath(), and org.sleuthkit.datamodel.SleuthkitCase.findFiles().

void org.sleuthkit.datamodel.SleuthkitCase.registerForEvents ( Object  listener)

Definition at line 216 of file SleuthkitCase.java.

void org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock ( )

Releases a write lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.

Deprecated:
Use releaseSingleUserCaseWriteLock.

Definition at line 12904 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

void org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock ( )

Releases a read lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.

Deprecated:
Use releaseSingleUserCaseReadLock.

Definition at line 12928 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

void org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock ( )

Releases a read lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.

Definition at line 2364 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.close(), org.sleuthkit.datamodel.TimelineManager.countEventsByType(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.CommunicationsManager.getAccount(), org.sleuthkit.datamodel.CommunicationsManager.getAccountDeviceInstancesWithRelationships(), org.sleuthkit.datamodel.CommunicationsManager.getAccountsRelatedToArtifact(), org.sleuthkit.datamodel.CommunicationsManager.getAccountType(), org.sleuthkit.datamodel.CommunicationsManager.getAccountTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactByArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactById(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypes(), org.sleuthkit.datamodel.Blackboard.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeType(), org.sleuthkit.datamodel.SleuthkitCase.getAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagByID(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getCurrentExaminer(), org.sleuthkit.datamodel.SleuthkitCase.getDataSource(), org.sleuthkit.datamodel.SleuthkitCase.getDataSources(), org.sleuthkit.datamodel.TimelineManager.getEventById(), org.sleuthkit.datamodel.TimelineManager.getEventIDs(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForArtifact(), org.sleuthkit.datamodel.TimelineManager.getEvents(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImageFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getIngestJobs(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.TimelineManager.getMaxEventTime(), org.sleuthkit.datamodel.TimelineManager.getMinEventTime(), org.sleuthkit.datamodel.CommunicationsManager.getRelatedAccountDeviceInstances(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipCountsPairwise(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSources(), org.sleuthkit.datamodel.CommunicationsManager.getRelationshipSourcesCount(), org.sleuthkit.datamodel.SleuthkitCase.getReportById(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.TimelineManager.getSpanningInterval(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.TaggingManager.getTagSet(), org.sleuthkit.datamodel.TaggingManager.getTagSets(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.runQuery(), and org.sleuthkit.datamodel.CaseDbAccessManager.select().

void org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock ( )

Releases a write lock, but only if this is a single-user case. This method should always be called in the finally block of a try block in which the lock was acquired.

Definition at line 2342 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.TskData.DbType.SQLITE.

Referenced by org.sleuthkit.datamodel.CommunicationsManager.addAccountType(), org.sleuthkit.datamodel.SleuthkitCase.addArtifactAttributeType(), org.sleuthkit.datamodel.TaggingManager.addArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.TaggingManager.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addFileSystem(), org.sleuthkit.datamodel.SleuthkitCase.addImage(), org.sleuthkit.datamodel.SleuthkitCase.addIngestJob(), org.sleuthkit.datamodel.SleuthkitCase.addIngestModule(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFilesDataSource(), org.sleuthkit.datamodel.SleuthkitCase.addOrUpdateTagName(), org.sleuthkit.datamodel.SleuthkitCase.addPool(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.TaggingManager.addTagSet(), org.sleuthkit.datamodel.SleuthkitCase.addVolume(), org.sleuthkit.datamodel.SleuthkitCase.addVolumeSystem(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.CaseDbAccessManager.createIndex(), org.sleuthkit.datamodel.CaseDbAccessManager.createTable(), org.sleuthkit.datamodel.CaseDbAccessManager.delete(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.TaggingManager.deleteTagSet(), org.sleuthkit.datamodel.TimelineManager.getEventIDsForContent(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.AbstractFile.save(), org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus(), org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForArtifactTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagAdded(), org.sleuthkit.datamodel.TimelineManager.updateEventsForContentTagDeleted(), org.sleuthkit.datamodel.TimelineManager.updateEventsForHashSetHit(), and org.sleuthkit.datamodel.SleuthkitCase.updateImagePath().

void org.sleuthkit.datamodel.SleuthkitCase.removeErrorObserver ( ErrorObserver  observer)

Remove an observer for SleuthkitCase errors.

Parameters
observerThe observer to remove.
Deprecated:
Catch exceptions instead.

Definition at line 12247 of file SleuthkitCase.java.

ResultSet org.sleuthkit.datamodel.SleuthkitCase.runQuery ( String  query) throws SQLException

Process a read-only query on the tsk database, any table Can be used to e.g. to find files of a given criteria. resultSetToFsContents() will convert the files to useful objects. MUST CALL closeRunQuery() when done

Parameters
querythe given string query to run
Returns
the resultSet from running the query. Caller MUST CALL closeRunQuery(resultSet) as soon as possible, when done with retrieving data from the resultSet
Exceptions
SQLExceptionif error occurred during the query
Deprecated:
Do not use runQuery(), use executeQuery() instead. Query the Database

Definition at line 12642 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseReadLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseReadLock().

void org.sleuthkit.datamodel.SleuthkitCase.setFileMIMEType ( AbstractFile  file,
String  mimeType 
) throws TskCoreException

Stores the MIME type of a file in the case database and updates the MIME type of the given file object.

Parameters
fileA file.
mimeTypeThe MIME type.
Exceptions
TskCoreExceptionIf there is an error updating the case database.

Definition at line 9091 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

void org.sleuthkit.datamodel.SleuthkitCase.setImagePaths ( long  obj_id,
List< String >  paths 
) throws TskCoreException

Set the file paths for the image given by obj_id

Parameters
obj_idthe ID of the image to update
pathsthe fully qualified path to the files that make up the image
Exceptions
TskCoreExceptionexception thrown when critical error occurs within tsk core and the update fails

Definition at line 8339 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

boolean org.sleuthkit.datamodel.SleuthkitCase.setKnown ( AbstractFile  file,
FileKnown  fileKnown 
) throws TskCoreException

Store the known status for the FsContent in the database Note: will not update status if content is already 'Known Bad'

Parameters
fileThe AbstractFile object
fileKnownThe object's known status
Returns
true if the known status was updated, false otherwise
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 9004 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

void org.sleuthkit.datamodel.SleuthkitCase.setReviewStatus ( BlackboardArtifact  artifact,
BlackboardArtifact.ReviewStatus  newStatus 
) throws TskCoreException

Set the review status of the given artifact to newStatus

Parameters
artifactThe artifact whose review status is being set.
newStatusThe new review status for the given artifact. Must not be null.
Exceptions
TskCoreExceptionthrown if a critical error occurred within tsk core

Definition at line 9428 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.BlackboardArtifact.getArtifactID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().

Referenced by org.sleuthkit.datamodel.BlackboardArtifact.setReviewStatus().

void org.sleuthkit.datamodel.SleuthkitCase.submitError ( String  context,
String  errorMessage 
)

Submit an error to all clients that are listening.

Parameters
contextThe context in which the error occurred.
errorMessageA description of the error that occurred.
Deprecated:
Catch exceptions instead.

Definition at line 12263 of file SleuthkitCase.java.

static void org.sleuthkit.datamodel.SleuthkitCase.tryConnect ( CaseDbConnectionInfo  info) throws TskCoreException
static

Attempts to connect to the database with the passed in settings, throws if the settings are not sufficient to connect to the database type indicated. Only attempts to connect to remote databases.

When issues occur, it attempts to diagnose them by looking at the exception messages, returning the appropriate user-facing text for the exception received. This method expects the Exceptions messages to be in English and compares against English text.

Parameters
infoThe connection information
Exceptions
org.sleuthkit.datamodel.TskCoreException

Definition at line 247 of file SleuthkitCase.java.

Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.openCase().

void org.sleuthkit.datamodel.SleuthkitCase.unregisterForEvents ( Object  listener)

Definition at line 220 of file SleuthkitCase.java.

DerivedFile org.sleuthkit.datamodel.SleuthkitCase.updateDerivedFile ( DerivedFile  derivedFile,
String  localPath,
long  size,
long  ctime,
long  crtime,
long  atime,
long  mtime,
boolean  isFile,
String  mimeType,
String  rederiveDetails,
String  toolName,
String  toolVersion,
String  otherDetails,
TskData.EncodingType  encodingType 
) throws TskCoreException

Updates an existing derived file in the database and returns a new derived file object with the updated contents

Parameters
derivedFileThe derived file you wish to update
localPathlocal path of the derived file, including the file name. The path is relative to the database path.
sizesize of the derived file in bytes
ctimeThe changed time of the file.
crtimeThe creation time of the file.
atimeThe accessed time of the file
mtimeThe modified time of the file.
isFilewhether a file or directory, true if a file
mimeTypeThe MIME type the updated file should have, null to unset it
rederiveDetailsdetails needed to re-derive file (will be specific to the derivation method), currently unused
toolNamename of derivation method/tool, currently unused
toolVersionversion of derivation method/tool, currently unused
otherDetailsdetails of derivation method/tool, currently unused
encodingTypeType of encoding used on the file (or NONE if no encoding)
Returns
newly created derived file object which contains the updated data
Exceptions
TskCoreExceptionexception thrown if the object creation failed due to a critical system error

Definition at line 6764 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.AbstractContent.getName(), org.sleuthkit.datamodel.Content.getName(), org.sleuthkit.datamodel.AbstractContent.getParent(), org.sleuthkit.datamodel.Content.getUniquePath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.

void org.sleuthkit.datamodel.SleuthkitCase.updateImagePath ( String  newPath,
long  objectId 
) throws TskCoreException

Change the path for an image in the database.

Parameters
newPathNew path to the image
objectIdData source ID of the image
Exceptions
TskCoreException

Definition at line 10506 of file SleuthkitCase.java.

References org.sleuthkit.datamodel.SleuthkitCase.acquireSingleUserCaseWriteLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSingleUserCaseWriteLock().


The documentation for this class was generated from the following file:

Copyright © 2011-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.