Autopsy  4.19.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.coreutils.AppSQLiteDB Class Reference


class  AppSQLiteDBFileBundle

Public Member Functions

AbstractFile attachDatabase (DataSource dataSource, String dbName, String dbPath, String dbAlias) throws SQLException
void close ()
boolean columnExists (String tableName, String columnName) throws TskCoreException
void detachDatabase (String dbAlias) throws SQLException
AbstractFile getDBFile ()
ResultSet runQuery (String queryStr) throws SQLException
boolean tableExists (String tableName) throws TskCoreException

Static Public Member Functions

static Collection< AppSQLiteDBfindAppDatabases (DataSource dataSource, String dbFileName, boolean matchExactName, String parentPathSubstr)

Private Member Functions

 AppSQLiteDB (AppSQLiteDBFileBundle appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException

Static Private Member Functions

static Collection< AppSQLiteDBFileBundlefindAndCopySQLiteDB (DataSource dataSource, String dbName, boolean matchExactName, String dbPath, boolean matchExactPath) throws TskCoreException
static void findAndCopySQLiteMetaFile (AbstractFile sqliteFile, String metaFileName) throws NoCurrentCaseException, TskCoreException, IOException

Private Attributes

final Connection connection
final AbstractFile dbAbstractFile
final Logger logger = Logger.getLogger(AppSQLiteDB.class.getName())
final Statement statement

Detailed Description

An abstraction around an SQLite app DB found in a data source. This class makes a copy of it, along with any meta files (WAL, SHM), opens a SQLite connection to it, and runs queries on it.

Definition at line 48 of file

Constructor & Destructor Documentation

org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB ( AppSQLiteDBFileBundle  appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException

Member Function Documentation

AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase ( DataSource  dataSource,
String  dbName,
String  dbPath,
String  dbAlias 
) throws SQLException

Attaches a database to the current connection.

Finds the specified database file in the specified folder. If found, makes copy of the database in the case folder and run ATTACH DATABASE sql.

dataSourcedata source in which to look file the db file
dbNamename of db file to look for
dbPathpath in which to look for the db file
dbAliasalias name to attach the database as
abstract file for the matching db file. null if no match is found.
SQLExceptionin case of an SQL error

Definition at line 150 of file

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().

void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.close ( )

Closes the DB connection.

Definition at line 278 of file

boolean org.sleuthkit.autopsy.coreutils.AppSQLiteDB.columnExists ( String  tableName,
String  columnName 
) throws TskCoreException

Checks if a column exists in a table.

tableNamename of the table
columnNamecolumn name to check
true if the column exists, false otherwise

Definition at line 298 of file

void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.detachDatabase ( String  dbAlias) throws SQLException

Detaches the specified database from the connection

dbAliasalias for database to detach

Definition at line 250 of file

static Collection<AppSQLiteDBFileBundle> org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB ( DataSource  dataSource,
String  dbName,
boolean  matchExactName,
String  dbPath,
boolean  matchExactPath 
) throws TskCoreException

Finds database file with the specified name, makes a copy of the file in the case directory, and returns the AbstractFile as well as the file copy.

dataSourcedata source to search in
dbNamedb file name to search
matchExactNamewhether to look for exact file name or a pattern match
dbPathpath to match
matchExactPathwhether to look for exact path name or a substring match
a collection of AppSQLiteDBFileBundle

Definition at line 186 of file

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().

Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase(), and org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases().

static void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile ( AbstractFile  sqliteFile,
String  metaFileName 
) throws NoCurrentCaseException, TskCoreException, IOException

Searches for a meta file associated with the give SQLite database. If found, it copies this file into the temp directory of the current case.

sqliteFilefile being processed
metaFileNamename of meta file to look for
NoCurrentCaseExceptionCase has been closed.
TskCoreExceptionfileManager cannot find AbstractFile files.
IOExceptionIssue during writing to file.

Definition at line 390 of file

References, org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(),, org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().

Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB().

static Collection<AppSQLiteDB> org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases ( DataSource  dataSource,
String  dbFileName,
boolean  matchExactName,
String  parentPathSubstr 

Looks for application SQLite database files with a given name or name substring and a given parent path or parent path substring. For each database file found, a temporary copy is made and an open connection to the database in the form of an AppSQLiteDB object is created and returned.

dataSourceThe data source to be searched for the database files.
dbFileNameThe database file name or file name substring for which to search.
matchExactNameWhether or not the database file name argument is the full database file name or a substring.
parentPathSubstrThe parent path substring, may pass the empty string to match any parent path.
A list, possibly empty, of AppSQLiteDB objects for the files that were found, copied, and connected to.

Definition at line 108 of file

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB(), org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().

AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.getDBFile ( )
ResultSet org.sleuthkit.autopsy.coreutils.AppSQLiteDB.runQuery ( String  queryStr) throws SQLException

Runs the given query on the database and returns result set.

queryStrSQL string for the query to run
ResultSet from running the query.
SQLExceptionin case of an error.

Definition at line 265 of file

boolean org.sleuthkit.autopsy.coreutils.AppSQLiteDB.tableExists ( String  tableName) throws TskCoreException

Checks if a table exists in the case database.

tableNamename of the table to check
true if the table exists, false otherwise

Definition at line 342 of file

Member Data Documentation

final Connection org.sleuthkit.autopsy.coreutils.AppSQLiteDB.connection

Definition at line 54 of file

final AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.dbAbstractFile
final Logger org.sleuthkit.autopsy.coreutils.AppSQLiteDB.logger = Logger.getLogger(AppSQLiteDB.class.getName())

Definition at line 50 of file

final Statement org.sleuthkit.autopsy.coreutils.AppSQLiteDB.statement

Definition at line 55 of file

The documentation for this class was generated from the following file:

Copyright © 2012-2021 Basis Technology. Generated on: Fri Aug 6 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.