Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb Class Reference

Classes

enum  Event
 
enum  KnownFilesType
 

Public Member Functions

void addPropertyChangeListener (PropertyChangeListener pcl)
 
void removePropertyChangeListener (PropertyChangeListener pcl)
 
String getHashSetName ()
 
String getDatabasePath () throws TskCoreException
 
String getIndexPath () throws TskCoreException
 
KnownFilesType getKnownFilesType ()
 
boolean getSearchDuringIngest ()
 
boolean getSendIngestMessages ()
 
boolean isUpdateable () throws TskCoreException
 
void addHashes (Content content) throws TskCoreException
 
void addHashes (Content content, String comment) throws TskCoreException
 
void addHashes (List< HashEntry > hashes) throws TskCoreException
 
boolean lookupMD5Quick (Content content) throws TskCoreException
 
HashHitInfo lookupMD5 (Content content) throws TskCoreException
 

Private Member Functions

 HashDb (int handle, String hashSetName, boolean useForIngest, boolean sendHitMessages, KnownFilesType knownFilesType)
 
void close () throws TskCoreException
 

Private Attributes

int handle
 
String hashSetName
 
boolean searchDuringIngest
 
boolean sendIngestMessages
 
KnownFilesType knownFilesType
 
boolean indexing
 
final PropertyChangeSupport propertyChangeSupport = new PropertyChangeSupport(this)
 

Detailed Description

Instances of this class represent hash databases used to classify files as known or know bad.

Definition at line 745 of file HashDbManager.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.HashDb ( int  handle,
String  hashSetName,
boolean  useForIngest,
boolean  sendHitMessages,
KnownFilesType  knownFilesType 
)
private

Member Function Documentation

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addHashes ( Content  content) throws TskCoreException

Adds hashes of content (if calculated) to the hash database.

Parameters
contentThe content for which the calculated hashes, if any, are to be added to the hash database.
Exceptions
TskCoreException

Definition at line 852 of file HashDbManager.java.

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.AddContentToHashDbAction.AddContentToHashDbMenu.addFilesToHashSet().

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addHashes ( Content  content,
String  comment 
) throws TskCoreException

Adds hashes of content (if calculated) to the hash database.

Parameters
contentThe content for which the calculated hashes, if any, are to be added to the hash database.
commentA comment to associate with the hashes, e.g., the name of the case in which the content was encountered.
Exceptions
TskCoreException

Definition at line 865 of file HashDbManager.java.

References org::sleuthkit::datamodel::SleuthkitJNI.addToHashDatabase(), org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), and org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.handle.

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addHashes ( List< HashEntry hashes) throws TskCoreException

Adds a list of hashes to the hash database at once

Parameters
hashesList of hashes
Exceptions
TskCoreException

Definition at line 882 of file HashDbManager.java.

References org::sleuthkit::datamodel::SleuthkitJNI.addToHashDatabase().

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.addPropertyChangeListener ( PropertyChangeListener  pcl)

Adds a listener for the events defined in HashDb.Event.

Definition at line 793 of file HashDbManager.java.

Referenced by org.sleuthkit.autopsy.modules.hashdatabase.HashLookupSettingsPanel.indexButtonActionPerformed().

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.close ( ) throws TskCoreException
private
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getDatabasePath ( ) throws TskCoreException
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getHashSetName ( )
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getIndexPath ( ) throws TskCoreException
KnownFilesType org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getKnownFilesType ( )
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSearchDuringIngest ( )
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.getSendIngestMessages ( )
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.isUpdateable ( ) throws TskCoreException

Indicates whether the hash database accepts updates.

Returns
True if the database accepts updates, false otherwise.

Definition at line 841 of file HashDbManager.java.

References org::sleuthkit::datamodel::SleuthkitJNI.isUpdateableHashDatabase().

HashHitInfo org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.lookupMD5 ( Content  content) throws TskCoreException

Lookup hash value in DB and provide details on file.

Parameters
content
Returns
null if file is not in database.
Exceptions
TskCoreException

Definition at line 910 of file HashDbManager.java.

References org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.handle, and org::sleuthkit::datamodel::SleuthkitJNI.lookupInHashDatabaseVerbose().

boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.lookupMD5Quick ( Content  content) throws TskCoreException

Perform a basic boolean lookup of the file's hash.

Parameters
content
Returns
True if file's MD5 is in the hash database
Exceptions
TskCoreException

Definition at line 892 of file HashDbManager.java.

References org::sleuthkit::datamodel::AbstractFile.getMd5Hash(), org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.handle, and org::sleuthkit::datamodel::SleuthkitJNI.lookupInHashDatabase().

void org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.removePropertyChangeListener ( PropertyChangeListener  pcl)

Removes a listener for the events defined in HashDb.Event.

Definition at line 800 of file HashDbManager.java.

Member Data Documentation

int org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.handle
private
String org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.hashSetName
private
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.indexing
private
KnownFilesType org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.knownFilesType
private
final PropertyChangeSupport org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.propertyChangeSupport = new PropertyChangeSupport(this)
private
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.searchDuringIngest
private
boolean org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb.sendIngestMessages
private

The documentation for this class was generated from the following file:

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.