| The Sleuth Kit
    4.3
    | 
Functions common to all text hash databases (i.e. More...
| Functions | |
| uint8_t | hdb_binsrch_accepts_updates () | 
| void | hdb_binsrch_close (TSK_HDB_INFO *hdb_info_base) | 
| const TSK_TCHAR * | hdb_binsrch_get_index_path (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype) | 
| uint8_t | hdb_binsrch_has_index (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype) | 
| uint8_t | hdb_binsrch_idx_add_entry_bin (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, unsigned char *hvalue, int hlen, TSK_OFF_T offset) | 
| Add a binary entry to the intermediate index file.  More... | |
| uint8_t | hdb_binsrch_idx_add_entry_str (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, char *hvalue, TSK_OFF_T offset) | 
| Add a string entry to the intermediate index file.  More... | |
| uint8_t | hdb_binsrch_idx_finalize (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info) | 
| Finalize index creation process by sorting the index and removing the intermediate temp file.  More... | |
| uint8_t | hdb_binsrch_idx_initialize (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, TSK_TCHAR *htype) | 
| Initialize the TSK hash DB index file.  More... | |
| int8_t | hdb_binsrch_lookup_bin (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) | 
| Search the index for the given hash value given (in binary form).  More... | |
| int8_t | hdb_binsrch_lookup_str (TSK_HDB_INFO *hdb_info_base, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) | 
| Search the index for a text/ASCII hash value.  More... | |
| int8_t | hdb_binsrch_lookup_verbose_str (TSK_HDB_INFO *hdb_info_base, const char *hash, void *lookup_result) | 
| TSK_HDB_BINSRCH_INFO * | hdb_binsrch_open (FILE *hDb, const TSK_TCHAR *db_path) | 
| Called by the various text-based databases to setup the TSK_HDB_BINSRCH_INFO struct.  More... | |
| uint8_t | hdb_binsrch_open_idx (TSK_HDB_INFO *hdb_info_base, TSK_HDB_HTYPE_ENUM htype) | 
| uint8_t | hdb_binsrch_uses_external_indexes () | 
Functions common to all text hash databases (i.e.
NSRL, HashKeeper, EnCase, etc.). Examples include index management and index-based lookup.
| uint8_t hdb_binsrch_idx_add_entry_bin | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info, | 
| unsigned char * | hvalue, | ||
| int | hlen, | ||
| TSK_OFF_T | offset | ||
| ) | 
Add a binary entry to the intermediate index file.
| hdb_binsrch_info | Hash database state info | 
| hvalue | Array of integers of hash value to add | 
| hlen | Number of bytes in hvalue | 
| offset | Byte offset of hash entry in original database. | 
References TSK_HDB_BINSRCH_INFO::hIdxTmp.
Referenced by encase_make_index().
| uint8_t hdb_binsrch_idx_add_entry_str | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info, | 
| char * | hvalue, | ||
| TSK_OFF_T | offset | ||
| ) | 
Add a string entry to the intermediate index file.
| hdb_binsrch_info | Hash database state info | 
| hvalue | String of hash value to add | 
| offset | Byte offset of hash entry in original database. | 
References TSK_HDB_BINSRCH_INFO::hIdxTmp.
Referenced by hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().
| uint8_t hdb_binsrch_idx_finalize | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info | ) | 
Finalize index creation process by sorting the index and removing the intermediate temp file.
| hdb_binsrch_info | Hash database state info structure. | 
References TSK_HDB_BINSRCH_INFO::hIdx, TSK_HDB_BINSRCH_INFO::hIdxTmp, TSK_HDB_BINSRCH_INFO::idx_fname, TSK_HDB_BINSRCH_INFO::idx_lbuf, TSK_HDB_BINSRCH_INFO::idx_llen, TSK_HDB_BINSRCH_INFO::idx_off, TSK_HDB_BINSRCH_INFO::idx_size, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), tsk_fprintf(), TSK_HDB_MAXLEN, tsk_verbose, and TSK_HDB_BINSRCH_INFO::uns_fname.
Referenced by encase_make_index(), hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().
| uint8_t hdb_binsrch_idx_initialize | ( | TSK_HDB_BINSRCH_INFO * | hdb_binsrch_info, | 
| TSK_TCHAR * | htype | ||
| ) | 
Initialize the TSK hash DB index file.
This creates the intermediate file, which will have entries added to it. This file must be sorted before the process is finished.
| hdb_binsrch_info | Hash database state structure | 
| htype | String of index type to create | 
References TSK_HDB_INFO::db_fname, TSK_HDB_INFO::db_name, TSK_HDB_INFO::db_type, TSK_HDB_BINSRCH_INFO::hash_type, TSK_HDB_BINSRCH_INFO::hIdxTmp, PRIcTSK, PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_DBTYPE_ENCASE_ID, TSK_HDB_DBTYPE_ENCASE_STR, TSK_HDB_DBTYPE_HK_ID, TSK_HDB_DBTYPE_HK_STR, TSK_HDB_DBTYPE_IDXONLY_ID, TSK_HDB_DBTYPE_MD5SUM_ID, TSK_HDB_DBTYPE_MD5SUM_STR, TSK_HDB_DBTYPE_NSRL_ID, TSK_HDB_DBTYPE_NSRL_MD5_STR, TSK_HDB_DBTYPE_NSRL_SHA1_STR, TSK_HDB_DBTYPE_NSRL_STR, TSK_HDB_HTYPE_INVALID_ID, TSK_HDB_HTYPE_MD5_ID, TSK_HDB_HTYPE_SHA1_ID, TSK_HDB_HTYPE_STR, TSK_HDB_IDX_HEAD_TYPE_STR, and TSK_HDB_BINSRCH_INFO::uns_fname.
Referenced by encase_make_index(), hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().
| TSK_HDB_BINSRCH_INFO* hdb_binsrch_open | ( | FILE * | hDb, | 
| const TSK_TCHAR * | db_path | ||
| ) | 
Called by the various text-based databases to setup the TSK_HDB_BINSRCH_INFO struct.
This will setup the basic function pointers, that will be overwritten by the more specific methods.
References TSK_HDB_INFO::db_type, TSK_HDB_BINSRCH_INFO::hash_len, TSK_HDB_BINSRCH_INFO::hash_type, TSK_HDB_BINSRCH_INFO::hDb, hdb_binsrch_lookup_bin(), hdb_binsrch_lookup_str(), TSK_HDB_DBTYPE_INVALID_ID, and TSK_HDB_HTYPE_INVALID_ID.
Copyright © 2007-2015 Brian Carrier.  (carrier -at- sleuthkit -dot- org)
 
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.