19 package org.sleuthkit.datamodel;
21 import com.google.common.collect.ImmutableSet;
22 import com.google.common.eventbus.EventBus;
23 import com.mchange.v2.c3p0.ComboPooledDataSource;
24 import com.mchange.v2.c3p0.DataSources;
25 import com.mchange.v2.c3p0.PooledDataSource;
26 import com.zaxxer.sparsebits.SparseBitSet;
27 import java.beans.PropertyVetoException;
28 import java.io.BufferedInputStream;
29 import java.io.BufferedOutputStream;
31 import java.io.FileInputStream;
32 import java.io.FileOutputStream;
33 import java.io.IOException;
34 import java.io.InputStream;
35 import java.io.OutputStream;
36 import java.io.UnsupportedEncodingException;
37 import java.net.InetAddress;
38 import java.net.URLEncoder;
39 import java.nio.charset.StandardCharsets;
40 import java.nio.file.Paths;
41 import java.sql.Connection;
42 import java.sql.DriverManager;
43 import java.sql.PreparedStatement;
44 import java.sql.ResultSet;
45 import java.sql.SQLException;
46 import java.sql.Statement;
47 import java.text.SimpleDateFormat;
48 import java.util.ArrayList;
49 import java.util.Arrays;
50 import java.util.Collection;
51 import java.util.Collections;
52 import java.util.Date;
53 import java.util.EnumMap;
54 import java.util.HashMap;
55 import java.util.HashSet;
56 import java.util.LinkedHashMap;
57 import java.util.List;
59 import java.util.MissingResourceException;
60 import java.util.Properties;
61 import java.util.ResourceBundle;
63 import java.util.UUID;
64 import java.util.concurrent.ConcurrentHashMap;
65 import java.util.concurrent.locks.ReentrantReadWriteLock;
66 import java.util.logging.Level;
67 import java.util.logging.Logger;
68 import org.postgresql.util.PSQLState;
84 import org.sqlite.SQLiteConfig;
85 import org.sqlite.SQLiteDataSource;
86 import org.sqlite.SQLiteJDBCLoader;
94 private static final int MAX_DB_NAME_LEN_BEFORE_TIMESTAMP = 47;
103 private static final long BASE_ARTIFACT_ID = Long.MIN_VALUE;
104 private static final Logger logger = Logger.getLogger(
SleuthkitCase.class.getName());
105 private static final ResourceBundle bundle = ResourceBundle.getBundle(
"org.sleuthkit.datamodel.Bundle");
106 private static final int IS_REACHABLE_TIMEOUT_MS = 1000;
107 private static final String SQL_ERROR_CONNECTION_GROUP =
"08";
108 private static final String SQL_ERROR_AUTHENTICATION_GROUP =
"28";
109 private static final String SQL_ERROR_PRIVILEGE_GROUP =
"42";
110 private static final String SQL_ERROR_RESOURCE_GROUP =
"53";
111 private static final String SQL_ERROR_LIMIT_GROUP =
"54";
112 private static final String SQL_ERROR_INTERNAL_GROUP =
"xx";
113 private static final int MIN_USER_DEFINED_TYPE_ID = 10000;
115 private static final Set<String> CORE_TABLE_NAMES = ImmutableSet.of(
117 "tsk_event_descriptions",
130 "tsk_files_derived_method",
133 "blackboard_artifact_tags",
134 "blackboard_artifacts",
135 "blackboard_attributes",
136 "blackboard_artifact_types",
137 "blackboard_attribute_types",
139 "file_encoding_types",
140 "ingest_module_types",
141 "ingest_job_status_types",
144 "ingest_job_modules",
147 "account_relationships",
151 private static final Set<String> CORE_INDEX_NAMES = ImmutableSet.of(
155 "artifact_artifact_objID",
160 "relationships_account1",
161 "relationships_account2",
162 "relationships_relationship_source_obj_id",
163 "relationships_date_time",
164 "relationships_relationship_type",
165 "relationships_data_source_obj_id",
168 "events_data_source_obj_id",
169 "events_file_obj_id",
170 "events_artifact_id");
172 private static final String TSK_VERSION_KEY =
"TSK_VER";
173 private static final String SCHEMA_MAJOR_VERSION_KEY =
"SCHEMA_MAJOR_VERSION";
174 private static final String SCHEMA_MINOR_VERSION_KEY =
"SCHEMA_MINOR_VERSION";
175 private static final String CREATION_SCHEMA_MAJOR_VERSION_KEY =
"CREATION_SCHEMA_MAJOR_VERSION";
176 private static final String CREATION_SCHEMA_MINOR_VERSION_KEY =
"CREATION_SCHEMA_MINOR_VERSION";
178 private final ConnectionPool connections;
179 private final Map<Long, VirtualDirectory> rootIdsToCarvedFileDirs =
new HashMap<>();
180 private final Map<Long, FileSystem> fileSystemIdMap =
new HashMap<>();
181 private final List<ErrorObserver> sleuthkitCaseErrorObservers =
new ArrayList<>();
182 private final String databaseName;
183 private final String dbPath;
184 private final DbType dbType;
185 private final String caseDirPath;
187 private final String caseHandleIdentifier;
188 private String dbBackupPath;
199 private final Map<Long, SparseBitSet> hasChildrenBitSetMap =
new HashMap<>();
201 private long nextArtifactId;
206 private final ReentrantReadWriteLock rwLock =
new ReentrantReadWriteLock(
true);
214 private final Map<String, Set<Long>> deviceIdToDatasourceObjIdMap =
new HashMap<>();
216 private final EventBus eventBus =
new EventBus(
"SleuthkitCase-EventBus");
219 eventBus.register(listener);
223 eventBus.unregister(listener);
226 void fireTSKEvent(Object event) {
227 eventBus.post(event);
231 private final Map<Long, Content> frequentlyUsedContentMap =
new HashMap<>();
233 private Examiner cachedCurrentExaminer = null;
236 Properties p =
new Properties(System.getProperties());
237 p.put(
"com.mchange.v2.log.MLog",
"com.mchange.v2.log.FallbackMLog");
238 p.put(
"com.mchange.v2.log.FallbackMLog.DEFAULT_CUTOFF_LEVEL",
"SEVERE");
239 System.setProperties(p);
258 if (info.getHost() == null || info.getHost().isEmpty()) {
259 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingHostname"));
260 }
else if (info.getPort() == null || info.getPort().isEmpty()) {
261 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingPort"));
262 }
else if (info.getUserName() == null || info.getUserName().isEmpty()) {
263 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingUsername"));
264 }
else if (info.getPassword() == null || info.getPassword().isEmpty()) {
265 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.MissingPassword"));
269 Class.forName(
"org.postgresql.Driver");
270 Connection conn = DriverManager.getConnection(
"jdbc:postgresql://" + info.getHost() +
":" + info.getPort() +
"/postgres", info.getUserName(), info.getPassword());
274 }
catch (SQLException ex) {
276 String sqlState = ex.getSQLState().toLowerCase();
277 if (sqlState.startsWith(SQL_ERROR_CONNECTION_GROUP)) {
279 if (InetAddress.getByName(info.getHost()).isReachable(IS_REACHABLE_TIMEOUT_MS)) {
281 result = bundle.getString(
"DatabaseConnectionCheck.Port");
283 result = bundle.getString(
"DatabaseConnectionCheck.HostnameOrPort");
285 }
catch (IOException | MissingResourceException any) {
287 result = bundle.getString(
"DatabaseConnectionCheck.Everything");
289 }
else if (sqlState.startsWith(SQL_ERROR_AUTHENTICATION_GROUP)) {
290 result = bundle.getString(
"DatabaseConnectionCheck.Authentication");
291 }
else if (sqlState.startsWith(SQL_ERROR_PRIVILEGE_GROUP)) {
292 result = bundle.getString(
"DatabaseConnectionCheck.Access");
293 }
else if (sqlState.startsWith(SQL_ERROR_RESOURCE_GROUP)) {
294 result = bundle.getString(
"DatabaseConnectionCheck.ServerDiskSpace");
295 }
else if (sqlState.startsWith(SQL_ERROR_LIMIT_GROUP)) {
296 result = bundle.getString(
"DatabaseConnectionCheck.ServerRestart");
297 }
else if (sqlState.startsWith(SQL_ERROR_INTERNAL_GROUP)) {
298 result = bundle.getString(
"DatabaseConnectionCheck.InternalServerIssue");
300 result = bundle.getString(
"DatabaseConnectionCheck.Connection");
303 }
catch (ClassNotFoundException ex) {
304 throw new TskCoreException(bundle.getString(
"DatabaseConnectionCheck.Installation"));
320 Class.forName(
"org.sqlite.JDBC");
321 this.dbPath = dbPath;
322 this.dbType = dbType;
324 this.caseDirPath = dbFile.getParentFile().getAbsolutePath();
325 this.databaseName = dbFile.
getName();
326 this.connections =
new SQLiteConnections(dbPath);
327 this.caseHandle = caseHandle;
328 this.caseHandleIdentifier = caseHandle.getCaseDbIdentifier();
330 logSQLiteJDBCDriverInfo();
350 private SleuthkitCase(String host,
int port, String dbName, String userName, String password, SleuthkitJNI.CaseDbHandle caseHandle, String caseDirPath, DbType dbType)
throws Exception {
352 this.databaseName = dbName;
353 this.dbType = dbType;
354 this.caseDirPath = caseDirPath;
355 this.connections =
new PostgreSQLConnections(host, port, dbName, userName, password);
356 this.caseHandle = caseHandle;
357 this.caseHandleIdentifier = caseHandle.getCaseDbIdentifier();
361 private void init() throws Exception {
362 typeIdToArtifactTypeMap =
new ConcurrentHashMap<>();
363 typeIdToAttributeTypeMap =
new ConcurrentHashMap<>();
364 typeNameToArtifactTypeMap =
new ConcurrentHashMap<>();
365 typeNameToAttributeTypeMap =
new ConcurrentHashMap<>();
371 initBlackboardArtifactTypes();
372 initBlackboardAttributeTypes();
373 initNextArtifactId();
374 updateDatabaseSchema(null);
376 try (CaseDbConnection connection = connections.getConnection()) {
377 initIngestModuleTypes(connection);
378 initIngestStatusTypes(connection);
379 initReviewStatuses(connection);
380 initEncodingTypes(connection);
381 populateHasChildrenMap(connection);
382 updateExaminers(connection);
383 initDBSchemaCreationVersion(connection);
386 blackboard =
new Blackboard(
this);
387 communicationsMgr =
new CommunicationsManager(
this);
388 timelineMgr =
new TimelineManager(
this);
389 dbAccessManager =
new CaseDbAccessManager(
this);
390 taggingMgr =
new TaggingManager(
this);
398 static Set<String> getCoreTableNames() {
399 return CORE_TABLE_NAMES;
407 static Set<String> getCoreIndexNames() {
408 return CORE_INDEX_NAMES;
419 boolean getHasChildren(Content content) {
420 long objId = content.getId();
421 long mapIndex = objId / Integer.MAX_VALUE;
422 int mapValue = (int) (objId % Integer.MAX_VALUE);
424 synchronized (hasChildrenBitSetMap) {
425 if (hasChildrenBitSetMap.containsKey(mapIndex)) {
426 return hasChildrenBitSetMap.get(mapIndex).get(mapValue);
437 private void setHasChildren(Long objId) {
438 long mapIndex = objId / Integer.MAX_VALUE;
439 int mapValue = (int) (objId % Integer.MAX_VALUE);
441 synchronized (hasChildrenBitSetMap) {
442 if (hasChildrenBitSetMap.containsKey(mapIndex)) {
443 hasChildrenBitSetMap.get(mapIndex).set(mapValue);
445 SparseBitSet bitSet =
new SparseBitSet();
446 bitSet.set(mapValue);
447 hasChildrenBitSetMap.put(mapIndex, bitSet);
460 return communicationsMgr;
491 return dbAccessManager;
509 private void initBlackboardArtifactTypes() throws SQLException,
TskCoreException {
510 CaseDbConnection connection = connections.getConnection();
511 Statement statement = null;
512 ResultSet resultSet = null;
515 statement = connection.createStatement();
518 statement.execute(
"INSERT INTO blackboard_artifact_types (artifact_type_id, type_name, display_name) VALUES (" + type.getTypeID() +
" , '" + type.getLabel() +
"', '" + type.getDisplayName() +
"')");
519 }
catch (SQLException ex) {
520 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) AS count FROM blackboard_artifact_types WHERE artifact_type_id = '" + type.getTypeID() +
"'");
522 if (resultSet.getLong(
"count") == 0) {
528 this.typeIdToArtifactTypeMap.put(type.getTypeID(),
new BlackboardArtifact.Type(type));
529 this.typeNameToArtifactTypeMap.put(type.getLabel(),
new BlackboardArtifact.Type(type));
532 int newPrimaryKeyIndex = Collections.max(Arrays.asList(ARTIFACT_TYPE.values())).getTypeID() + 1;
533 statement.execute(
"ALTER SEQUENCE blackboard_artifact_types_artifact_type_id_seq RESTART WITH " + newPrimaryKeyIndex);
536 closeResultSet(resultSet);
537 closeStatement(statement);
550 private void initBlackboardAttributeTypes() throws SQLException, TskCoreException {
551 CaseDbConnection connection = connections.getConnection();
552 Statement statement = null;
553 ResultSet resultSet = null;
556 statement = connection.createStatement();
557 for (ATTRIBUTE_TYPE type : ATTRIBUTE_TYPE.values()) {
559 statement.execute(
"INSERT INTO blackboard_attribute_types (attribute_type_id, type_name, display_name, value_type) VALUES (" + type.getTypeID() +
", '" + type.getLabel() +
"', '" + type.getDisplayName() +
"', '" + type.getValueType().getType() +
"')");
560 }
catch (SQLException ex) {
561 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) AS count FROM blackboard_attribute_types WHERE attribute_type_id = '" + type.getTypeID() +
"'");
563 if (resultSet.getLong(
"count") == 0) {
569 this.typeIdToAttributeTypeMap.put(type.getTypeID(),
new BlackboardAttribute.Type(type));
570 this.typeNameToAttributeTypeMap.put(type.getLabel(),
new BlackboardAttribute.Type(type));
573 int newPrimaryKeyIndex = Collections.max(Arrays.asList(ATTRIBUTE_TYPE.values())).getTypeID() + 1;
574 statement.execute(
"ALTER SEQUENCE blackboard_attribute_types_attribute_type_id_seq RESTART WITH " + newPrimaryKeyIndex);
577 closeResultSet(resultSet);
578 closeStatement(statement);
593 private void initNextArtifactId() throws SQLException, TskCoreException {
594 CaseDbConnection connection = connections.getConnection();
595 Statement statement = null;
596 ResultSet resultSet = null;
599 statement = connection.createStatement();
600 resultSet = connection.executeQuery(statement,
"SELECT MAX(artifact_id) AS max_artifact_id FROM blackboard_artifacts");
602 this.nextArtifactId = resultSet.getLong(
"max_artifact_id") + 1;
603 if (this.nextArtifactId == 1) {
604 this.nextArtifactId = BASE_ARTIFACT_ID;
607 closeResultSet(resultSet);
608 closeStatement(statement);
621 private void initIngestModuleTypes(CaseDbConnection connection)
throws SQLException, TskCoreException {
622 Statement statement = null;
623 ResultSet resultSet = null;
626 statement = connection.createStatement();
627 for (IngestModuleType type : IngestModuleType.values()) {
629 statement.execute(
"INSERT INTO ingest_module_types (type_id, type_name) VALUES (" + type.ordinal() +
", '" + type.toString() +
"');");
630 }
catch (SQLException ex) {
631 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM ingest_module_types WHERE type_id = " + type.ordinal() +
";");
633 if (resultSet.getLong(
"count") == 0) {
641 closeResultSet(resultSet);
642 closeStatement(statement);
654 private void initIngestStatusTypes(CaseDbConnection connection)
throws SQLException, TskCoreException {
655 Statement statement = null;
656 ResultSet resultSet = null;
659 statement = connection.createStatement();
660 for (IngestJobStatusType type : IngestJobStatusType.values()) {
662 statement.execute(
"INSERT INTO ingest_job_status_types (type_id, type_name) VALUES (" + type.ordinal() +
", '" + type.toString() +
"');");
663 }
catch (SQLException ex) {
664 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM ingest_job_status_types WHERE type_id = " + type.ordinal() +
";");
666 if (resultSet.getLong(
"count") == 0) {
674 closeResultSet(resultSet);
675 closeStatement(statement);
686 private void initReviewStatuses(CaseDbConnection connection)
throws SQLException, TskCoreException {
687 Statement statement = null;
688 ResultSet resultSet = null;
691 statement = connection.createStatement();
692 for (BlackboardArtifact.ReviewStatus status : BlackboardArtifact.ReviewStatus.values()) {
694 statement.execute(
"INSERT INTO review_statuses (review_status_id, review_status_name, display_name) "
695 +
"VALUES (" + status.getID() +
",'" + status.getName() +
"','" + status.getDisplayName() +
"')");
696 }
catch (SQLException ex) {
697 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM review_statuses WHERE review_status_id = " + status.getID());
699 if (resultSet.getLong(
"count") == 0) {
707 closeResultSet(resultSet);
708 closeStatement(statement);
720 private void initEncodingTypes(CaseDbConnection connection)
throws SQLException, TskCoreException {
721 Statement statement = null;
722 ResultSet resultSet = null;
725 statement = connection.createStatement();
726 for (TskData.EncodingType type : TskData.EncodingType.values()) {
728 statement.execute(
"INSERT INTO file_encoding_types (encoding_type, name) VALUES (" + type.getType() +
" , '" + type.name() +
"')");
729 }
catch (SQLException ex) {
730 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) as count FROM file_encoding_types WHERE encoding_type = " + type.getType());
732 if (resultSet.getLong(
"count") == 0) {
740 closeResultSet(resultSet);
741 closeStatement(statement);
754 private void updateExaminers(CaseDbConnection connection)
throws SQLException, TskCoreException {
756 String loginName = System.getProperty(
"user.name");
757 if (loginName.isEmpty()) {
758 logger.log(Level.SEVERE,
"Cannot determine logged in user name");
764 PreparedStatement statement;
767 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_EXAMINER_POSTGRESQL);
770 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_EXAMINER_SQLITE);
773 throw new TskCoreException(
"Unknown DB Type: " +
getDatabaseType().name());
775 statement.clearParameters();
776 statement.setString(1, loginName);
777 connection.executeUpdate(statement);
778 }
catch (SQLException ex) {
779 throw new TskCoreException(
"Error inserting row in tsk_examiners. login name: " + loginName, ex);
792 private void populateHasChildrenMap(CaseDbConnection connection)
throws TskCoreException {
793 long timestamp = System.currentTimeMillis();
795 Statement statement = null;
796 ResultSet resultSet = null;
799 statement = connection.createStatement();
800 resultSet = statement.executeQuery(
"select distinct par_obj_id from tsk_objects");
802 synchronized (hasChildrenBitSetMap) {
803 while (resultSet.next()) {
804 setHasChildren(resultSet.getLong(
"par_obj_id"));
807 long delay = System.currentTimeMillis() - timestamp;
808 logger.log(Level.INFO,
"Time to initialize parent node cache: {0} ms", delay);
809 }
catch (SQLException ex) {
810 throw new TskCoreException(
"Error populating parent node cache", ex);
812 closeResultSet(resultSet);
813 closeStatement(statement);
824 void addDataSourceToHasChildrenMap() throws TskCoreException {
826 CaseDbConnection connection = connections.getConnection();
828 populateHasChildrenMap(connection);
830 if (connection != null) {
845 private void updateDatabaseSchema(String dbPath)
throws Exception {
846 CaseDbConnection connection = connections.getConnection();
847 ResultSet resultSet = null;
848 Statement statement = null;
851 connection.beginTransaction();
853 boolean hasMinorVersion =
false;
854 ResultSet columns = connection.getConnection().getMetaData().getColumns(null, null,
"tsk_db_info",
"schema%");
855 while (columns.next()) {
856 if (columns.getString(
"COLUMN_NAME").equals(
"schema_minor_ver")) {
857 hasMinorVersion =
true;
862 int dbSchemaMajorVersion;
863 int dbSchemaMinorVersion = 0;
865 statement = connection.createStatement();
866 resultSet = connection.executeQuery(statement,
"SELECT schema_ver"
867 + (hasMinorVersion ?
", schema_minor_ver" :
"")
868 +
" FROM tsk_db_info");
869 if (resultSet.next()) {
870 dbSchemaMajorVersion = resultSet.getInt(
"schema_ver");
871 if (hasMinorVersion) {
873 dbSchemaMinorVersion = resultSet.getInt(
"schema_minor_ver");
876 throw new TskCoreException();
878 CaseDbSchemaVersionNumber dbSchemaVersion =
new CaseDbSchemaVersionNumber(dbSchemaMajorVersion, dbSchemaMinorVersion);
885 if (
false == CURRENT_DB_SCHEMA_VERSION.
isCompatible(dbSchemaVersion)) {
887 throw new TskUnsupportedSchemaVersionException(
888 "Unsupported DB schema version " + dbSchemaVersion +
", the highest supported schema version is " + CURRENT_DB_SCHEMA_VERSION.
getMajor() +
".X");
889 }
else if (dbSchemaVersion.compareTo(CURRENT_DB_SCHEMA_VERSION) < 0) {
892 if (null != dbPath) {
895 String backupFilePath = dbPath +
".schemaVer" + dbSchemaVersion.toString() +
".backup";
897 dbBackupPath = backupFilePath;
904 dbSchemaVersion = updateFromSchema2toSchema3(dbSchemaVersion, connection);
905 dbSchemaVersion = updateFromSchema3toSchema4(dbSchemaVersion, connection);
906 dbSchemaVersion = updateFromSchema4toSchema5(dbSchemaVersion, connection);
907 dbSchemaVersion = updateFromSchema5toSchema6(dbSchemaVersion, connection);
908 dbSchemaVersion = updateFromSchema6toSchema7(dbSchemaVersion, connection);
909 dbSchemaVersion = updateFromSchema7toSchema7dot1(dbSchemaVersion, connection);
910 dbSchemaVersion = updateFromSchema7dot1toSchema7dot2(dbSchemaVersion, connection);
911 dbSchemaVersion = updateFromSchema7dot2toSchema8dot0(dbSchemaVersion, connection);
912 dbSchemaVersion = updateFromSchema8dot0toSchema8dot1(dbSchemaVersion, connection);
913 dbSchemaVersion = updateFromSchema8dot1toSchema8dot2(dbSchemaVersion, connection);
914 dbSchemaVersion = updateFromSchema8dot2toSchema8dot3(dbSchemaVersion, connection);
915 dbSchemaVersion = updateFromSchema8dot3toSchema8dot4(dbSchemaVersion, connection);
916 dbSchemaVersion = updateFromSchema8dot4toSchema8dot5(dbSchemaVersion, connection);
917 dbSchemaVersion = updateFromSchema8dot5toSchema8dot6(dbSchemaVersion, connection);
918 statement = connection.createStatement();
919 connection.executeUpdate(statement,
"UPDATE tsk_db_info SET schema_ver = " + dbSchemaVersion.getMajor() +
", schema_minor_ver = " + dbSchemaVersion.getMinor());
920 connection.executeUpdate(statement,
"UPDATE tsk_db_info_extended SET value = " + dbSchemaVersion.getMajor() +
" WHERE name = '" + SCHEMA_MAJOR_VERSION_KEY +
"'");
921 connection.executeUpdate(statement,
"UPDATE tsk_db_info_extended SET value = " + dbSchemaVersion.getMinor() +
" WHERE name = '" + SCHEMA_MINOR_VERSION_KEY +
"'");
926 connection.commitTransaction();
927 }
catch (Exception ex) {
928 connection.rollbackTransaction();
931 closeResultSet(resultSet);
932 closeStatement(statement);
945 private void initDBSchemaCreationVersion(CaseDbConnection connection)
throws SQLException {
947 Statement statement = null;
948 ResultSet resultSet = null;
949 String createdSchemaMajorVersion =
"0";
950 String createdSchemaMinorVersion =
"0";
953 statement = connection.createStatement();
954 resultSet = connection.executeQuery(statement,
"SELECT name, value FROM tsk_db_info_extended");
955 while (resultSet.next()) {
956 String name = resultSet.getString(
"name");
957 if (name.equals(CREATION_SCHEMA_MAJOR_VERSION_KEY) || name.equals(
"CREATED_SCHEMA_MAJOR_VERSION")) {
958 createdSchemaMajorVersion = resultSet.getString(
"value");
959 }
else if (name.equals(CREATION_SCHEMA_MINOR_VERSION_KEY) || name.equals(
"CREATED_SCHEMA_MINOR_VERSION")) {
960 createdSchemaMinorVersion = resultSet.getString(
"value");
965 closeResultSet(resultSet);
966 closeStatement(statement);
970 caseDBSchemaCreationVersion =
new CaseDbSchemaVersionNumber(Integer.parseInt(createdSchemaMajorVersion), Integer.parseInt(createdSchemaMinorVersion));
982 public void copyCaseDB(String newDBPath)
throws IOException {
983 if (dbPath.isEmpty()) {
984 throw new IOException(
"Copying case database files is not supported for this type of case database");
986 InputStream in = null;
987 OutputStream out = null;
990 InputStream inFile =
new FileInputStream(dbPath);
991 in =
new BufferedInputStream(inFile);
992 OutputStream outFile =
new FileOutputStream(newDBPath);
993 out =
new BufferedOutputStream(outFile);
994 int bytesRead = in.read();
995 while (bytesRead != -1) {
996 out.write(bytesRead);
997 bytesRead = in.read();
1008 }
catch (IOException e) {
1009 logger.log(Level.WARNING,
"Could not close streams after db copy", e);
1018 private void logSQLiteJDBCDriverInfo() {
1020 SleuthkitCase.logger.info(String.format(
"sqlite-jdbc version %s loaded in %s mode",
1021 SQLiteJDBCLoader.getVersion(), SQLiteJDBCLoader.isNativeMode()
1022 ?
"native" :
"pure-java"));
1023 }
catch (Exception ex) {
1024 SleuthkitCase.logger.log(Level.SEVERE,
"Error querying case database mode", ex);
1041 @SuppressWarnings(
"deprecation")
1042 private CaseDbSchemaVersionNumber updateFromSchema2toSchema3(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection) throws SQLException, TskCoreException {
1043 if (schemaVersion.getMajor() != 2) {
1044 return schemaVersion;
1046 Statement statement = null;
1047 Statement updateStatement = null;
1048 ResultSet resultSet = null;
1051 statement = connection.createStatement();
1054 statement.execute(
"CREATE TABLE tag_names (tag_name_id INTEGER PRIMARY KEY, display_name TEXT UNIQUE, description TEXT NOT NULL, color TEXT NOT NULL)");
1055 statement.execute(
"CREATE TABLE content_tags (tag_id INTEGER PRIMARY KEY, obj_id INTEGER NOT NULL, tag_name_id INTEGER NOT NULL, comment TEXT NOT NULL, begin_byte_offset INTEGER NOT NULL, end_byte_offset INTEGER NOT NULL)");
1056 statement.execute(
"CREATE TABLE blackboard_artifact_tags (tag_id INTEGER PRIMARY KEY, artifact_id INTEGER NOT NULL, tag_name_id INTEGER NOT NULL, comment TEXT NOT NULL)");
1059 statement.execute(
"CREATE TABLE reports (report_id INTEGER PRIMARY KEY, path TEXT NOT NULL, crtime INTEGER NOT NULL, src_module_name TEXT NOT NULL, report_name TEXT NOT NULL)");
1062 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN size INTEGER;");
1063 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN md5 TEXT;");
1064 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN display_name TEXT;");
1067 statement.execute(
"ALTER TABLE tsk_fs_info ADD COLUMN display_name TEXT;");
1070 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN meta_seq INTEGER;");
1075 statement.execute(
"ALTER TABLE blackboard_attributes ADD COLUMN artifact_type_id INTEGER NULL NOT NULL DEFAULT -1;");
1076 statement.execute(
"CREATE INDEX attribute_artifactTypeId ON blackboard_attributes(artifact_type_id);");
1077 statement.execute(
"CREATE INDEX attribute_valueText ON blackboard_attributes(value_text);");
1078 statement.execute(
"CREATE INDEX attribute_valueInt32 ON blackboard_attributes(value_int32);");
1079 statement.execute(
"CREATE INDEX attribute_valueInt64 ON blackboard_attributes(value_int64);");
1080 statement.execute(
"CREATE INDEX attribute_valueDouble ON blackboard_attributes(value_double);");
1081 resultSet = statement.executeQuery(
"SELECT attrs.artifact_id AS artifact_id, "
1082 +
"arts.artifact_type_id AS artifact_type_id "
1083 +
"FROM blackboard_attributes AS attrs "
1084 +
"INNER JOIN blackboard_artifacts AS arts "
1085 +
"WHERE attrs.artifact_id = arts.artifact_id;");
1086 updateStatement = connection.createStatement();
1087 while (resultSet.next()) {
1088 long artifactId = resultSet.getLong(
"artifact_id");
1089 int artifactTypeId = resultSet.getInt(
"artifact_type_id");
1090 updateStatement.executeUpdate(
1091 "UPDATE blackboard_attributes "
1092 +
"SET artifact_type_id = " + artifactTypeId
1093 +
" WHERE blackboard_attributes.artifact_id = " + artifactId +
";");
1102 HashMap<String, TagName> tagNames =
new HashMap<String, TagName>();
1106 String comment =
"";
1108 for (BlackboardAttribute attribute : attributes) {
1109 if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()) {
1110 name = attribute.getValueString();
1111 }
else if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID()) {
1112 comment = attribute.getValueString();
1115 if (!name.isEmpty()) {
1117 if (tagNames.containsKey(name)) {
1118 tagName = tagNames.get(name);
1120 tagName =
addTagName(name,
"", TagName.HTML_COLOR.NONE);
1121 tagNames.put(name, tagName);
1123 addContentTag(content, tagName, comment, 0, content.getSize() - 1);
1127 long taggedArtifactId = -1;
1129 String comment =
"";
1131 for (BlackboardAttribute attribute : attributes) {
1132 if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()) {
1133 name = attribute.getValueString();
1134 }
else if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID()) {
1135 comment = attribute.getValueString();
1136 }
else if (attribute.getAttributeTypeID() == ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID()) {
1137 taggedArtifactId = attribute.getValueLong();
1140 if (taggedArtifactId != -1 && !name.isEmpty()) {
1142 if (tagNames.containsKey(name)) {
1143 tagName = tagNames.get(name);
1145 tagName =
addTagName(name,
"", TagName.HTML_COLOR.NONE);
1146 tagNames.put(name, tagName);
1152 "DELETE FROM blackboard_attributes WHERE artifact_id IN "
1153 +
"(SELECT artifact_id FROM blackboard_artifacts WHERE artifact_type_id = "
1154 + ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID()
1155 +
" OR artifact_type_id = " + ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID() +
");");
1157 "DELETE FROM blackboard_artifacts WHERE artifact_type_id = "
1158 + ARTIFACT_TYPE.TSK_TAG_FILE.getTypeID()
1159 +
" OR artifact_type_id = " + ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID() +
";");
1161 return new CaseDbSchemaVersionNumber(3, 0);
1163 closeStatement(updateStatement);
1164 closeResultSet(resultSet);
1165 closeStatement(statement);
1184 private CaseDbSchemaVersionNumber updateFromSchema3toSchema4(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1185 if (schemaVersion.getMajor() != 3) {
1186 return schemaVersion;
1189 Statement statement = null;
1190 ResultSet resultSet = null;
1191 Statement queryStatement = null;
1192 ResultSet queryResultSet = null;
1193 Statement updateStatement = null;
1198 statement = connection.createStatement();
1199 updateStatement = connection.createStatement();
1200 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN mime_type TEXT;");
1201 resultSet = statement.executeQuery(
"SELECT files.obj_id AS obj_id, attrs.value_text AS value_text "
1202 +
"FROM tsk_files AS files, blackboard_attributes AS attrs, blackboard_artifacts AS arts "
1203 +
"WHERE files.obj_id = arts.obj_id AND "
1204 +
"arts.artifact_id = attrs.artifact_id AND "
1205 +
"arts.artifact_type_id = 1 AND "
1206 +
"attrs.attribute_type_id = 62");
1207 while (resultSet.next()) {
1208 updateStatement.executeUpdate(
1210 +
"SET mime_type = '" + resultSet.getString(
"value_text") +
"' "
1211 +
"WHERE tsk_files.obj_id = " + resultSet.getInt(
"obj_id") +
";");
1216 statement.execute(
"ALTER TABLE blackboard_attribute_types ADD COLUMN value_type INTEGER NOT NULL DEFAULT -1;");
1217 resultSet = statement.executeQuery(
"SELECT * FROM blackboard_attribute_types AS types");
1218 while (resultSet.next()) {
1219 int attributeTypeId = resultSet.getInt(
"attribute_type_id");
1220 String attributeLabel = resultSet.getString(
"type_name");
1221 if (attributeTypeId < MIN_USER_DEFINED_TYPE_ID) {
1222 updateStatement.executeUpdate(
1223 "UPDATE blackboard_attribute_types "
1224 +
"SET value_type = " + ATTRIBUTE_TYPE.fromLabel(attributeLabel).getValueType().getType() +
" "
1225 +
"WHERE blackboard_attribute_types.attribute_type_id = " + attributeTypeId +
";");
1231 queryStatement = connection.createStatement();
1232 statement.execute(
"CREATE TABLE data_source_info (obj_id INTEGER PRIMARY KEY, device_id TEXT NOT NULL, time_zone TEXT NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id));");
1233 resultSet = statement.executeQuery(
"SELECT * FROM tsk_objects WHERE par_obj_id IS NULL");
1234 while (resultSet.next()) {
1235 long objectId = resultSet.getLong(
"obj_id");
1236 String timeZone =
"";
1237 queryResultSet = queryStatement.executeQuery(
"SELECT tzone FROM tsk_image_info WHERE obj_id = " + objectId);
1238 if (queryResultSet.next()) {
1239 timeZone = queryResultSet.getString(
"tzone");
1241 queryResultSet.close();
1242 updateStatement.executeUpdate(
"INSERT INTO data_source_info (obj_id, device_id, time_zone) "
1243 +
"VALUES(" + objectId +
", '" + UUID.randomUUID().toString() +
"' , '" + timeZone +
"');");
1257 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN data_source_obj_id BIGINT NOT NULL DEFAULT -1;");
1258 resultSet = statement.executeQuery(
"SELECT tsk_files.obj_id AS obj_id, par_obj_id FROM tsk_files, tsk_objects WHERE tsk_files.obj_id = tsk_objects.obj_id");
1259 while (resultSet.next()) {
1260 long fileId = resultSet.getLong(
"obj_id");
1261 long dataSourceId = getDataSourceObjectId(connection, fileId);
1262 updateStatement.executeUpdate(
"UPDATE tsk_files SET data_source_obj_id = " + dataSourceId +
" WHERE obj_id = " + fileId +
";");
1265 statement.execute(
"CREATE TABLE ingest_module_types (type_id INTEGER PRIMARY KEY, type_name TEXT NOT NULL)");
1266 statement.execute(
"CREATE TABLE ingest_job_status_types (type_id INTEGER PRIMARY KEY, type_name TEXT NOT NULL)");
1267 if (this.dbType.equals(DbType.SQLITE)) {
1268 statement.execute(
"CREATE TABLE ingest_modules (ingest_module_id INTEGER PRIMARY KEY, display_name TEXT NOT NULL, unique_name TEXT UNIQUE NOT NULL, type_id INTEGER NOT NULL, version TEXT NOT NULL, FOREIGN KEY(type_id) REFERENCES ingest_module_types(type_id));");
1269 statement.execute(
"CREATE TABLE ingest_jobs (ingest_job_id INTEGER PRIMARY KEY, obj_id BIGINT NOT NULL, host_name TEXT NOT NULL, start_date_time BIGINT NOT NULL, end_date_time BIGINT NOT NULL, status_id INTEGER NOT NULL, settings_dir TEXT, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(status_id) REFERENCES ingest_job_status_types(type_id));");
1271 statement.execute(
"CREATE TABLE ingest_modules (ingest_module_id BIGSERIAL PRIMARY KEY, display_name TEXT NOT NULL, unique_name TEXT UNIQUE NOT NULL, type_id INTEGER NOT NULL, version TEXT NOT NULL, FOREIGN KEY(type_id) REFERENCES ingest_module_types(type_id));");
1272 statement.execute(
"CREATE TABLE ingest_jobs (ingest_job_id BIGSERIAL PRIMARY KEY, obj_id BIGINT NOT NULL, host_name TEXT NOT NULL, start_date_time BIGINT NOT NULL, end_date_time BIGINT NOT NULL, status_id INTEGER NOT NULL, settings_dir TEXT, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(status_id) REFERENCES ingest_job_status_types(type_id));");
1275 statement.execute(
"CREATE TABLE ingest_job_modules (ingest_job_id INTEGER, ingest_module_id INTEGER, pipeline_position INTEGER, PRIMARY KEY(ingest_job_id, ingest_module_id), FOREIGN KEY(ingest_job_id) REFERENCES ingest_jobs(ingest_job_id), FOREIGN KEY(ingest_module_id) REFERENCES ingest_modules(ingest_module_id));");
1276 initIngestModuleTypes(connection);
1277 initIngestStatusTypes(connection);
1279 return new CaseDbSchemaVersionNumber(4, 0);
1282 closeResultSet(queryResultSet);
1283 closeStatement(queryStatement);
1284 closeStatement(updateStatement);
1285 closeResultSet(resultSet);
1286 closeStatement(statement);
1304 private CaseDbSchemaVersionNumber updateFromSchema4toSchema5(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1305 if (schemaVersion.getMajor() != 4) {
1306 return schemaVersion;
1309 Statement statement = null;
1313 statement = connection.createStatement();
1314 statement.execute(
"CREATE TABLE review_statuses (review_status_id INTEGER PRIMARY KEY, review_status_name TEXT NOT NULL, display_name TEXT NOT NULL)");
1324 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN review_status_id INTEGER NOT NULL DEFAULT " + BlackboardArtifact.ReviewStatus.UNDECIDED.getID());
1327 statement.execute(
"CREATE TABLE file_encoding_types (encoding_type INTEGER PRIMARY KEY, name TEXT NOT NULL);");
1328 initEncodingTypes(connection);
1335 initReviewStatuses(connection);
1340 statement.execute(
"ALTER TABLE tsk_files_path ADD COLUMN encoding_type INTEGER NOT NULL DEFAULT 0;");
1342 return new CaseDbSchemaVersionNumber(5, 0);
1345 closeStatement(statement);
1363 private CaseDbSchemaVersionNumber updateFromSchema5toSchema6(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1364 if (schemaVersion.getMajor() != 5) {
1365 return schemaVersion;
1372 Statement statement = null;
1373 ResultSet resultSet = null;
1379 statement = connection.createStatement();
1380 statement.execute(
"CREATE TABLE IF NOT EXISTS review_statuses (review_status_id INTEGER PRIMARY KEY, review_status_name TEXT NOT NULL, display_name TEXT NOT NULL)");
1382 resultSet = connection.executeQuery(statement,
"SELECT COUNT(*) AS count FROM review_statuses");
1384 if (resultSet.getLong(
"count") == 0) {
1393 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN review_status_id INTEGER NOT NULL DEFAULT " + BlackboardArtifact.ReviewStatus.UNDECIDED.getID());
1396 return new CaseDbSchemaVersionNumber(6, 0);
1399 closeResultSet(resultSet);
1400 closeStatement(statement);
1418 private CaseDbSchemaVersionNumber updateFromSchema6toSchema7(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1419 if (schemaVersion.getMajor() != 6) {
1420 return schemaVersion;
1426 Statement statement = null;
1427 Statement updstatement = null;
1428 ResultSet resultSet = null;
1431 statement = connection.createStatement();
1432 updstatement = connection.createStatement();
1433 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN extension TEXT");
1435 resultSet = connection.executeQuery(statement,
"SELECT obj_id,name FROM tsk_files");
1436 while (resultSet.next()) {
1437 long objID = resultSet.getLong(
"obj_id");
1438 String name = resultSet.getString(
"name");
1439 updstatement.executeUpdate(
"UPDATE tsk_files SET extension = '" +
escapeSingleQuotes(extractExtension(name)) +
"' "
1440 +
"WHERE obj_id = " + objID);
1443 statement.execute(
"CREATE INDEX file_extension ON tsk_files ( extension )");
1446 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN artifact_obj_id INTEGER NOT NULL DEFAULT -1");
1448 return new CaseDbSchemaVersionNumber(7, 0);
1451 closeResultSet(resultSet);
1452 closeStatement(statement);
1453 closeStatement(updstatement);
1471 private CaseDbSchemaVersionNumber updateFromSchema7toSchema7dot1(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1472 if (schemaVersion.getMajor() != 7) {
1473 return schemaVersion;
1476 if (schemaVersion.getMinor() != 0) {
1477 return schemaVersion;
1483 Statement statement = null;
1484 ResultSet resultSet = null;
1487 statement = connection.createStatement();
1490 if (schemaVersion.getMinor() == 0) {
1492 statement.execute(
"ALTER TABLE tsk_db_info ADD COLUMN schema_minor_ver INTEGER DEFAULT 1");
1494 return new CaseDbSchemaVersionNumber(7, 1);
1497 closeResultSet(resultSet);
1498 closeStatement(statement);
1516 private CaseDbSchemaVersionNumber updateFromSchema7dot1toSchema7dot2(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1517 if (schemaVersion.getMajor() != 7) {
1518 return schemaVersion;
1521 if (schemaVersion.getMinor() != 1) {
1522 return schemaVersion;
1525 Statement statement = null;
1526 Statement updstatement = null;
1527 ResultSet resultSet = null;
1531 statement = connection.createStatement();
1532 statement.execute(
"ALTER TABLE blackboard_artifacts ADD COLUMN data_source_obj_id INTEGER NOT NULL DEFAULT -1");
1535 updstatement = connection.createStatement();
1536 resultSet = connection.executeQuery(statement,
"SELECT artifact_id, obj_id FROM blackboard_artifacts");
1537 while (resultSet.next()) {
1538 long artifact_id = resultSet.getLong(
"artifact_id");
1539 long obj_id = resultSet.getLong(
"obj_id");
1540 long data_source_obj_id = getDataSourceObjectId(connection, obj_id);
1541 updstatement.executeUpdate(
"UPDATE blackboard_artifacts SET data_source_obj_id = " + data_source_obj_id +
" "
1542 +
"WHERE artifact_id = " + artifact_id);
1544 closeResultSet(resultSet);
1545 closeStatement(statement);
1546 closeStatement(updstatement);
1551 statement = connection.createStatement();
1552 statement.execute(
"ALTER TABLE tag_names ADD COLUMN knownStatus INTEGER NOT NULL DEFAULT " + TskData.FileKnown.UNKNOWN.getFileKnownValue());
1555 if (this.dbType.equals(DbType.SQLITE)) {
1556 statement.execute(
"CREATE TABLE account_types (account_type_id INTEGER PRIMARY KEY, type_name TEXT UNIQUE NOT NULL, display_name TEXT NOT NULL)");
1557 statement.execute(
"CREATE TABLE accounts (account_id INTEGER PRIMARY KEY, account_type_id INTEGER NOT NULL, account_unique_identifier TEXT NOT NULL, UNIQUE(account_type_id, account_unique_identifier) , FOREIGN KEY(account_type_id) REFERENCES account_types(account_type_id))");
1558 statement.execute(
"CREATE TABLE account_relationships (relationship_id INTEGER PRIMARY KEY, account1_id INTEGER NOT NULL, account2_id INTEGER NOT NULL, relationship_source_obj_id INTEGER NOT NULL, date_time INTEGER, relationship_type INTEGER NOT NULL, data_source_obj_id INTEGER NOT NULL, UNIQUE(account1_id, account2_id, relationship_source_obj_id), FOREIGN KEY(account1_id) REFERENCES accounts(account_id), FOREIGN KEY(account2_id) REFERENCES accounts(account_id), FOREIGN KEY(relationship_source_obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(data_source_obj_id) REFERENCES tsk_objects(obj_id))");
1560 statement.execute(
"CREATE TABLE account_types (account_type_id BIGSERIAL PRIMARY KEY, type_name TEXT UNIQUE NOT NULL, display_name TEXT NOT NULL)");
1561 statement.execute(
"CREATE TABLE accounts (account_id BIGSERIAL PRIMARY KEY, account_type_id INTEGER NOT NULL, account_unique_identifier TEXT NOT NULL, UNIQUE(account_type_id, account_unique_identifier) , FOREIGN KEY(account_type_id) REFERENCES account_types(account_type_id))");
1562 statement.execute(
"CREATE TABLE account_relationships (relationship_id BIGSERIAL PRIMARY KEY, account1_id INTEGER NOT NULL, account2_id INTEGER NOT NULL, relationship_source_obj_id INTEGER NOT NULL, date_time BIGINT, relationship_type INTEGER NOT NULL, data_source_obj_id INTEGER NOT NULL, UNIQUE(account1_id, account2_id, relationship_source_obj_id), FOREIGN KEY(account1_id) REFERENCES accounts(account_id), FOREIGN KEY(account2_id) REFERENCES accounts(account_id), FOREIGN KEY(relationship_source_obj_id) REFERENCES tsk_objects(obj_id), FOREIGN KEY(data_source_obj_id) REFERENCES tsk_objects(obj_id))");
1566 statement.execute(
"CREATE INDEX artifact_artifact_objID ON blackboard_artifacts(artifact_obj_id)");
1567 statement.execute(
"CREATE INDEX relationships_account1 ON account_relationships(account1_id)");
1568 statement.execute(
"CREATE INDEX relationships_account2 ON account_relationships(account2_id)");
1569 statement.execute(
"CREATE INDEX relationships_relationship_source_obj_id ON account_relationships(relationship_source_obj_id)");
1570 statement.execute(
"CREATE INDEX relationships_date_time ON account_relationships(date_time)");
1571 statement.execute(
"CREATE INDEX relationships_relationship_type ON account_relationships(relationship_type)");
1572 statement.execute(
"CREATE INDEX relationships_data_source_obj_id ON account_relationships(data_source_obj_id)");
1574 return new CaseDbSchemaVersionNumber(7, 2);
1576 closeResultSet(resultSet);
1577 closeStatement(statement);
1578 closeStatement(updstatement);
1596 private CaseDbSchemaVersionNumber updateFromSchema7dot2toSchema8dot0(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1597 if (schemaVersion.getMajor() != 7) {
1598 return schemaVersion;
1601 if (schemaVersion.getMinor() != 2) {
1602 return schemaVersion;
1605 Statement updateSchemaStatement = connection.createStatement();
1606 Statement getExistingReportsStatement = connection.createStatement();
1607 ResultSet resultSet = null;
1608 ResultSet existingReports = null;
1616 updateSchemaStatement.execute(
"ALTER TABLE reports RENAME TO old_reports");
1619 updateSchemaStatement.execute(
"CREATE TABLE reports (obj_id BIGSERIAL PRIMARY KEY, path TEXT NOT NULL, crtime INTEGER NOT NULL, src_module_name TEXT NOT NULL, report_name TEXT NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id))");
1622 existingReports = getExistingReportsStatement.executeQuery(
"SELECT * FROM old_reports");
1623 while (existingReports.next()) {
1624 String path = existingReports.getString(2);
1625 long crtime = existingReports.getInt(3);
1626 String sourceModule = existingReports.getString(4);
1627 String reportName = existingReports.getString(5);
1629 PreparedStatement insertObjectStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_OBJECT, Statement.RETURN_GENERATED_KEYS);
1630 insertObjectStatement.clearParameters();
1631 insertObjectStatement.setNull(1, java.sql.Types.BIGINT);
1632 insertObjectStatement.setLong(2, TskData.ObjectType.REPORT.getObjectType());
1633 connection.executeUpdate(insertObjectStatement);
1634 resultSet = insertObjectStatement.getGeneratedKeys();
1635 if (!resultSet.next()) {
1636 throw new TskCoreException(String.format(
"Failed to INSERT report %s (%s) in tsk_objects table", reportName, path));
1638 long objectId = resultSet.getLong(1);
1641 PreparedStatement insertReportStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_REPORT);
1642 insertReportStatement.clearParameters();
1643 insertReportStatement.setLong(1, objectId);
1644 insertReportStatement.setString(2, path);
1645 insertReportStatement.setLong(3, crtime);
1646 insertReportStatement.setString(4, sourceModule);
1647 insertReportStatement.setString(5, reportName);
1648 connection.executeUpdate(insertReportStatement);
1652 updateSchemaStatement.execute(
"DROP TABLE old_reports");
1654 return new CaseDbSchemaVersionNumber(8, 0);
1656 closeResultSet(resultSet);
1657 closeResultSet(existingReports);
1658 closeStatement(updateSchemaStatement);
1659 closeStatement(getExistingReportsStatement);
1677 private CaseDbSchemaVersionNumber updateFromSchema8dot0toSchema8dot1(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1678 if (schemaVersion.getMajor() != 8) {
1679 return schemaVersion;
1682 if (schemaVersion.getMinor() != 0) {
1683 return schemaVersion;
1688 try (Statement statement = connection.createStatement();) {
1690 if (this.dbType.equals(DbType.SQLITE)) {
1691 statement.execute(
"CREATE TABLE tsk_examiners (examiner_id INTEGER PRIMARY KEY, login_name TEXT NOT NULL, display_name TEXT, UNIQUE(login_name) )");
1692 statement.execute(
"ALTER TABLE content_tags ADD COLUMN examiner_id INTEGER REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1693 statement.execute(
"ALTER TABLE blackboard_artifact_tags ADD COLUMN examiner_id INTEGER REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1695 statement.execute(
"CREATE TABLE tsk_examiners (examiner_id BIGSERIAL PRIMARY KEY, login_name TEXT NOT NULL, display_name TEXT, UNIQUE(login_name))");
1696 statement.execute(
"ALTER TABLE content_tags ADD COLUMN examiner_id BIGINT REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1697 statement.execute(
"ALTER TABLE blackboard_artifact_tags ADD COLUMN examiner_id BIGINT REFERENCES tsk_examiners(examiner_id) DEFAULT NULL");
1700 return new CaseDbSchemaVersionNumber(8, 1);
1719 private CaseDbSchemaVersionNumber updateFromSchema8dot1toSchema8dot2(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1720 if (schemaVersion.getMajor() != 8) {
1721 return schemaVersion;
1724 if (schemaVersion.getMinor() != 1) {
1725 return schemaVersion;
1730 try (Statement statement = connection.createStatement();) {
1731 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN sha1 TEXT DEFAULT NULL");
1732 statement.execute(
"ALTER TABLE tsk_image_info ADD COLUMN sha256 TEXT DEFAULT NULL");
1734 statement.execute(
"ALTER TABLE data_source_info ADD COLUMN acquisition_details TEXT");
1742 statement.execute(
"CREATE TABLE tsk_db_info_extended (name TEXT PRIMARY KEY, value TEXT NOT NULL)");
1743 ResultSet result = statement.executeQuery(
"SELECT tsk_ver FROM tsk_db_info");
1745 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + TSK_VERSION_KEY +
"', '" + result.getLong(
"tsk_ver") +
"')");
1746 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + SCHEMA_MAJOR_VERSION_KEY +
"', '8')");
1747 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + SCHEMA_MINOR_VERSION_KEY +
"', '2')");
1748 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + CREATION_SCHEMA_MAJOR_VERSION_KEY +
"', '0')");
1749 statement.execute(
"INSERT INTO tsk_db_info_extended (name, value) VALUES ('" + CREATION_SCHEMA_MINOR_VERSION_KEY +
"', '0')");
1751 String primaryKeyType;
1754 primaryKeyType =
"BIGSERIAL";
1757 primaryKeyType =
"INTEGER";
1760 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
1764 statement.execute(
"CREATE TABLE tsk_event_types ("
1765 +
" event_type_id " + primaryKeyType +
" PRIMARY KEY, "
1766 +
" display_name TEXT UNIQUE NOT NULL, "
1767 +
" super_type_id INTEGER REFERENCES tsk_event_types(event_type_id) )");
1768 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1769 +
" values( 0, 'Event Types', null)");
1770 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1771 +
" values(1, 'File System', 0)");
1772 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1773 +
" values(2, 'Web Activity', 0)");
1774 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1775 +
" values(3, 'Misc Types', 0)");
1776 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1777 +
" values(4, 'Modified', 1)");
1778 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1779 +
" values(5, 'Accessed', 1)");
1780 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1781 +
" values(6, 'Created', 1)");
1782 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1783 +
" values(7, 'Changed', 1)");
1786 statement.execute(
"CREATE TABLE tsk_event_descriptions ("
1787 +
" event_description_id " + primaryKeyType +
" PRIMARY KEY, "
1788 +
" full_description TEXT NOT NULL, "
1789 +
" med_description TEXT, "
1790 +
" short_description TEXT,"
1791 +
" data_source_obj_id BIGINT NOT NULL, "
1792 +
" file_obj_id BIGINT NOT NULL, "
1793 +
" artifact_id BIGINT, "
1794 +
" hash_hit INTEGER NOT NULL, "
1795 +
" tagged INTEGER NOT NULL, "
1796 +
" FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id), "
1797 +
" FOREIGN KEY(file_obj_id) REFERENCES tsk_files(obj_id), "
1798 +
" FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id))"
1801 statement.execute(
"CREATE TABLE tsk_events ( "
1802 +
" event_id " + primaryKeyType +
" PRIMARY KEY, "
1803 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
1804 +
" event_description_id BIGINT NOT NULL REFERENCES tsk_event_descriptions(event_description_id) ,"
1805 +
" time INTEGER NOT NULL) "
1809 statement.execute(
"CREATE INDEX events_time ON tsk_events(time)");
1810 statement.execute(
"CREATE INDEX events_type ON tsk_events(event_type_id)");
1811 statement.execute(
"CREATE INDEX events_data_source_obj_id ON tsk_event_descriptions(data_source_obj_id) ");
1812 statement.execute(
"CREATE INDEX events_file_obj_id ON tsk_event_descriptions(file_obj_id) ");
1813 statement.execute(
"CREATE INDEX events_artifact_id ON tsk_event_descriptions(artifact_id) ");
1814 statement.execute(
"CREATE INDEX events_sub_type_time ON tsk_events(event_type_id, time) ");
1815 return new CaseDbSchemaVersionNumber(8, 2);
1835 private CaseDbSchemaVersionNumber updateFromSchema8dot2toSchema8dot3(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1836 if (schemaVersion.getMajor() != 8) {
1837 return schemaVersion;
1840 if (schemaVersion.getMinor() != 2) {
1841 return schemaVersion;
1846 ResultSet resultSet = null;
1848 try (Statement statement = connection.createStatement();) {
1853 String primaryKeyType;
1856 primaryKeyType =
"BIGSERIAL";
1859 primaryKeyType =
"INTEGER";
1862 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
1866 statement.execute(
"CREATE TABLE IF NOT EXISTS tsk_event_types ("
1867 +
" event_type_id " + primaryKeyType +
" PRIMARY KEY, "
1868 +
" display_name TEXT UNIQUE NOT NULL, "
1869 +
" super_type_id INTEGER REFERENCES tsk_event_types(event_type_id) )");
1871 resultSet = statement.executeQuery(
"SELECT * from tsk_event_types");
1875 if (!resultSet.next()) {
1877 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1878 +
" values( 0, 'Event Types', null)");
1879 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1880 +
" values(1, 'File System', 0)");
1881 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1882 +
" values(2, 'Web Activity', 0)");
1883 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1884 +
" values(3, 'Misc Types', 0)");
1885 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1886 +
" values(4, 'Modified', 1)");
1887 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1888 +
" values(5, 'Accessed', 1)");
1889 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1890 +
" values(6, 'Created', 1)");
1891 statement.execute(
"insert into tsk_event_types(event_type_id, display_name, super_type_id)"
1892 +
" values(7, 'Changed', 1)");
1897 statement.execute(
"DROP TABLE IF EXISTS tsk_events");
1901 statement.execute(
"DROP TABLE IF EXISTS tsk_event_descriptions");
1904 statement.execute(
"CREATE TABLE tsk_event_descriptions ("
1905 +
" event_description_id " + primaryKeyType +
" PRIMARY KEY, "
1906 +
" full_description TEXT NOT NULL, "
1907 +
" med_description TEXT, "
1908 +
" short_description TEXT,"
1909 +
" data_source_obj_id BIGINT NOT NULL, "
1910 +
" file_obj_id BIGINT NOT NULL, "
1911 +
" artifact_id BIGINT, "
1912 +
" hash_hit INTEGER NOT NULL, "
1913 +
" tagged INTEGER NOT NULL, "
1914 +
" UNIQUE(full_description, file_obj_id, artifact_id), "
1915 +
" FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id), "
1916 +
" FOREIGN KEY(file_obj_id) REFERENCES tsk_files(obj_id), "
1917 +
" FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id))"
1921 statement.execute(
"CREATE TABLE tsk_events ( "
1922 +
" event_id " + primaryKeyType +
" PRIMARY KEY, "
1923 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
1924 +
" event_description_id BIGINT NOT NULL REFERENCES tsk_event_descriptions(event_description_id) ,"
1925 +
" time INTEGER NOT NULL, "
1926 +
" UNIQUE (event_type_id, event_description_id, time))"
1930 statement.execute(
"UPDATE tsk_db_info_extended SET name = 'CREATION_SCHEMA_MAJOR_VERSION' WHERE name = 'CREATED_SCHEMA_MAJOR_VERSION'");
1931 statement.execute(
"UPDATE tsk_db_info_extended SET name = 'CREATION_SCHEMA_MINOR_VERSION' WHERE name = 'CREATED_SCHEMA_MINOR_VERSION'");
1933 return new CaseDbSchemaVersionNumber(8, 3);
1935 closeResultSet(resultSet);
1961 private CaseDbSchemaVersionNumber updateFromSchema8dot3toSchema8dot4(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
1962 if (schemaVersion.getMajor() != 8) {
1963 return schemaVersion;
1966 if (schemaVersion.getMinor() != 3) {
1967 return schemaVersion;
1970 Statement statement = connection.createStatement();
1971 ResultSet results = null;
1978 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
1984 results = statement.executeQuery(
"SELECT column_name FROM information_schema.columns "
1985 +
"WHERE table_name='tsk_event_descriptions' and column_name='file_obj_id'");
1986 if (results.next()) {
1988 statement.execute(
"ALTER TABLE tsk_event_descriptions "
1989 +
"RENAME COLUMN file_obj_id TO content_obj_id");
1993 statement.execute(
"CREATE TABLE temp_tsk_events ( "
1994 +
" event_id BIGSERIAL PRIMARY KEY, "
1995 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
1996 +
" event_description_id BIGINT NOT NULL REFERENCES tsk_event_descriptions(event_description_id),"
1997 +
" time BIGINT NOT NULL, "
1998 +
" UNIQUE (event_type_id, event_description_id, time))"
2002 statement.execute(
"INSERT INTO temp_tsk_events(event_id, event_type_id, "
2003 +
"event_description_id, time) SELECT * FROM tsk_events");
2006 statement.execute(
"DROP TABLE tsk_events");
2009 statement.execute(
"ALTER TABLE temp_tsk_events RENAME TO tsk_events");
2012 statement.execute(
"CREATE INDEX events_data_source_obj_id ON tsk_event_descriptions(data_source_obj_id) ");
2013 statement.execute(
"CREATE INDEX events_content_obj_id ON tsk_event_descriptions(content_obj_id) ");
2014 statement.execute(
"CREATE INDEX events_artifact_id ON tsk_event_descriptions(artifact_id) ");
2015 statement.execute(
"CREATE INDEX events_sub_type_time ON tsk_events(event_type_id, time) ");
2016 statement.execute(
"CREATE INDEX events_time ON tsk_events(time) ");
2020 boolean hasMisnamedColumn =
false;
2021 results = statement.executeQuery(
"pragma table_info('tsk_event_descriptions')");
2022 while (results.next()) {
2023 if (results.getString(
"name") != null && results.getString(
"name").equals(
"file_obj_id")) {
2024 hasMisnamedColumn =
true;
2029 if (hasMisnamedColumn) {
2031 statement.execute(
"CREATE TABLE temp_tsk_event_descriptions ("
2032 +
" event_description_id INTEGER PRIMARY KEY, "
2033 +
" full_description TEXT NOT NULL, "
2034 +
" med_description TEXT, "
2035 +
" short_description TEXT,"
2036 +
" data_source_obj_id BIGINT NOT NULL, "
2037 +
" content_obj_id BIGINT NOT NULL, "
2038 +
" artifact_id BIGINT, "
2039 +
" hash_hit INTEGER NOT NULL, "
2040 +
" tagged INTEGER NOT NULL, "
2041 +
" UNIQUE(full_description, content_obj_id, artifact_id), "
2042 +
" FOREIGN KEY(data_source_obj_id) REFERENCES data_source_info(obj_id), "
2043 +
" FOREIGN KEY(content_obj_id) REFERENCES tsk_files(obj_id), "
2044 +
" FOREIGN KEY(artifact_id) REFERENCES blackboard_artifacts(artifact_id))"
2047 statement.execute(
"CREATE TABLE temp_tsk_events ( "
2048 +
" event_id INTEGER PRIMARY KEY, "
2049 +
" event_type_id BIGINT NOT NULL REFERENCES tsk_event_types(event_type_id) ,"
2050 +
" event_description_id BIGINT NOT NULL REFERENCES temp_tsk_event_descriptions(event_description_id),"
2051 +
" time INTEGER NOT NULL, "
2052 +
" UNIQUE (event_type_id, event_description_id, time))"
2056 statement.execute(
"INSERT INTO temp_tsk_event_descriptions(event_description_id, full_description, "
2057 +
"med_description, short_description, data_source_obj_id, content_obj_id, artifact_id, "
2058 +
"hash_hit, tagged) SELECT * FROM tsk_event_descriptions");
2060 statement.execute(
"INSERT INTO temp_tsk_events(event_id, event_type_id, "
2061 +
"event_description_id, time) SELECT * FROM tsk_events");
2064 statement.execute(
"DROP TABLE tsk_events");
2065 statement.execute(
"DROP TABLE tsk_event_descriptions");
2068 statement.execute(
"ALTER TABLE temp_tsk_event_descriptions RENAME TO tsk_event_descriptions");
2069 statement.execute(
"ALTER TABLE temp_tsk_events RENAME TO tsk_events");
2072 statement.execute(
"CREATE INDEX events_data_source_obj_id ON tsk_event_descriptions(data_source_obj_id) ");
2073 statement.execute(
"CREATE INDEX events_content_obj_id ON tsk_event_descriptions(content_obj_id) ");
2074 statement.execute(
"CREATE INDEX events_artifact_id ON tsk_event_descriptions(artifact_id) ");
2075 statement.execute(
"CREATE INDEX events_sub_type_time ON tsk_events(event_type_id, time) ");
2076 statement.execute(
"CREATE INDEX events_time ON tsk_events(time) ");
2080 throw new TskCoreException(
"Unsupported data base type: " +
getDatabaseType().toString());
2084 if (this.dbType.equals(DbType.SQLITE)) {
2085 statement.execute(
"CREATE TABLE tsk_pool_info (obj_id INTEGER PRIMARY KEY, pool_type INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
2087 statement.execute(
"CREATE TABLE tsk_pool_info (obj_id BIGSERIAL PRIMARY KEY, pool_type INTEGER NOT NULL, FOREIGN KEY(obj_id) REFERENCES tsk_objects(obj_id) ON DELETE CASCADE)");
2091 insertAccountTypeIfNotExists(statement,
"IMO",
"IMO");
2092 insertAccountTypeIfNotExists(statement,
"LINE",
"LINE");
2093 insertAccountTypeIfNotExists(statement,
"SKYPE",
"Skype");
2094 insertAccountTypeIfNotExists(statement,
"TANGO",
"Tango");
2095 insertAccountTypeIfNotExists(statement,
"TEXTNOW",
"TextNow");
2096 insertAccountTypeIfNotExists(statement,
"THREEMA",
"ThreeMa");
2097 insertAccountTypeIfNotExists(statement,
"VIBER",
"Viber");
2098 insertAccountTypeIfNotExists(statement,
"XENDER",
"Xender");
2099 insertAccountTypeIfNotExists(statement,
"ZAPYA",
"Zapya");
2100 insertAccountTypeIfNotExists(statement,
"SHAREIT",
"ShareIt");
2102 return new CaseDbSchemaVersionNumber(8, 4);
2104 closeResultSet(results);
2105 closeStatement(statement);
2110 private CaseDbSchemaVersionNumber updateFromSchema8dot4toSchema8dot5(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
2111 if (schemaVersion.getMajor() != 8) {
2112 return schemaVersion;
2115 if (schemaVersion.getMinor() != 4) {
2116 return schemaVersion;
2119 Statement statement = connection.createStatement();
2124 statement.execute(
"CREATE TABLE tsk_tag_sets (tag_set_id BIGSERIAL PRIMARY KEY, name TEXT UNIQUE)");
2125 statement.execute(
"ALTER TABLE tag_names ADD COLUMN tag_set_id BIGINT REFERENCES tsk_tag_sets(tag_set_id)");
2128 statement.execute(
"CREATE TABLE tsk_tag_sets (tag_set_id INTEGER PRIMARY KEY, name TEXT UNIQUE)");
2129 statement.execute(
"ALTER TABLE tag_names ADD COLUMN tag_set_id INTEGER REFERENCES tsk_tag_sets(tag_set_id)");
2133 statement.execute(
"ALTER TABLE tag_names ADD COLUMN rank INTEGER");
2135 String insertStmt =
"INSERT INTO tsk_tag_sets (name) VALUES ('Project VIC')";
2137 statement.execute(insertStmt, Statement.RETURN_GENERATED_KEYS);
2139 statement.execute(insertStmt);
2141 try (ResultSet resultSet = statement.getGeneratedKeys()) {
2142 if (resultSet != null && resultSet.next()) {
2143 int tagSetId = resultSet.getInt(1);
2145 String updateQuery =
"UPDATE tag_names SET tag_set_id = %d, color = '%s', rank = %d, display_name = '%s' WHERE display_name = '%s'";
2146 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Red", 1,
"Child Exploitation (Illegal)",
"CAT-1: Child Exploitation (Illegal)"));
2147 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Lime", 2,
"Child Exploitation (Non-Illegal/Age Difficult)",
"CAT-2: Child Exploitation (Non-Illegal/Age Difficult)"));
2148 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Yellow", 3,
"CGI/Animation (Child Exploitive)",
"CAT-3: CGI/Animation (Child Exploitive)"));
2149 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Purple", 4,
"Exemplar/Comparison (Internal Use Only)",
"CAT-4: Exemplar/Comparison (Internal Use Only)"));
2150 statement.executeUpdate(String.format(updateQuery, tagSetId,
"Fuchsia", 5,
"Non-pertinent",
"CAT-5: Non-pertinent"));
2152 String
deleteContentTag =
"DELETE FROM content_tags WHERE tag_name_id IN (SELECT tag_name_id from tag_names WHERE display_name LIKE 'CAT-0: Uncategorized')";
2153 String deleteArtifactTag =
"DELETE FROM blackboard_artifact_tags WHERE tag_name_id IN (SELECT tag_name_id from tag_names WHERE display_name LIKE 'CAT-0: Uncategorized')";
2154 String deleteCat0 =
"DELETE FROM tag_names WHERE display_name = 'CAT-0: Uncategorized'";
2155 statement.executeUpdate(deleteContentTag);
2156 statement.executeUpdate(deleteArtifactTag);
2157 statement.executeUpdate(deleteCat0);
2160 throw new TskCoreException(
"Failed to retrieve the default tag_set_id from DB");
2170 statement.execute(
"ALTER TABLE tsk_fs_info ADD COLUMN data_source_obj_id BIGINT NOT NULL DEFAULT -1;");
2173 statement.execute(
"ALTER TABLE tsk_fs_info ADD COLUMN data_source_obj_id INTEGER NOT NULL DEFAULT -1;");
2176 Statement updateStatement = connection.createStatement();
2177 try (ResultSet resultSet = statement.executeQuery(
"SELECT obj_id FROM tsk_fs_info")) {
2178 while (resultSet.next()) {
2179 long fsId = resultSet.getLong(
"obj_id");
2180 long dataSourceId = getDataSourceObjectId(connection, fsId);
2181 updateStatement.executeUpdate(
"UPDATE tsk_fs_info SET data_source_obj_id = " + dataSourceId +
" WHERE obj_id = " + fsId +
";");
2184 closeStatement(updateStatement);
2187 return new CaseDbSchemaVersionNumber(8, 5);
2190 closeStatement(statement);
2195 private CaseDbSchemaVersionNumber updateFromSchema8dot5toSchema8dot6(CaseDbSchemaVersionNumber schemaVersion, CaseDbConnection connection)
throws SQLException, TskCoreException {
2196 if (schemaVersion.getMajor() != 8) {
2197 return schemaVersion;
2200 if (schemaVersion.getMinor() != 5) {
2201 return schemaVersion;
2204 Statement statement = connection.createStatement();
2207 statement.execute(
"ALTER TABLE tsk_files ADD COLUMN sha256 TEXT");
2209 return new CaseDbSchemaVersionNumber(8, 6);
2212 closeStatement(statement);
2228 private void insertAccountTypeIfNotExists(Statement statement, String type_name, String display_name)
throws TskCoreException, SQLException {
2230 String insertSQL = String.format(
"INTO account_types(type_name, display_name) VALUES ('%s', '%s')", type_name, display_name);
2233 insertSQL =
"INSERT " + insertSQL +
" ON CONFLICT DO NOTHING";
2236 insertSQL =
"INSERT OR IGNORE " + insertSQL;
2239 throw new TskCoreException(
"Unknown DB Type: " +
getDatabaseType().name());
2241 statement.execute(insertSQL);
2251 static String extractExtension(
final String fileName) {
2253 int i = fileName.lastIndexOf(
".");
2255 if ((i > 0) && ((i + 1) < fileName.length())) {
2256 ext = fileName.substring(i + 1);
2267 return ext.toLowerCase();
2291 return CURRENT_DB_SCHEMA_VERSION;
2301 return caseDBSchemaCreationVersion;
2320 return dbBackupPath;
2347 return databaseName;
2367 rwLock.writeLock().lock();
2378 rwLock.writeLock().unlock();
2389 rwLock.readLock().lock();
2400 rwLock.readLock().unlock();
2420 }
catch (Exception ex) {
2421 throw new TskCoreException(
"Failed to open case database at " + dbPath, ex);
2451 return new SleuthkitCase(info.getHost(), Integer.parseInt(info.getPort()), databaseName, info.getUserName(), info.getPassword(), caseHandle, caseDir, info.getDbType());
2452 }
catch (PropertyVetoException exp) {
2454 throw new TskCoreException(exp.getMessage(), exp);
2458 }
catch (Exception exp) {
2460 throw new TskCoreException(exp.getMessage(), exp);
2475 CaseDatabaseFactory factory =
new CaseDatabaseFactory(dbPath);
2476 factory.createCaseDatabase();
2480 }
catch (Exception ex) {
2481 throw new TskCoreException(
"Failed to create case database at " + dbPath, ex);
2501 String databaseName = createCaseDataBaseName(caseName);
2515 CaseDatabaseFactory factory =
new CaseDatabaseFactory(databaseName, info);
2516 factory.createCaseDatabase();
2519 return new SleuthkitCase(info.getHost(), Integer.parseInt(info.getPort()),
2520 databaseName, info.getUserName(), info.getPassword(), caseHandle, caseDirPath, info.getDbType());
2521 }
catch (PropertyVetoException exp) {
2523 throw new TskCoreException(exp.getMessage(), exp);
2524 }
catch (Exception exp) {
2526 throw new TskCoreException(exp.getMessage(), exp);
2539 private static String createCaseDataBaseName(String candidateDbName) {
2541 if (!candidateDbName.isEmpty()) {
2545 dbName = candidateDbName.replaceAll(
"[^\\p{ASCII}]",
"_");
2550 dbName = dbName.replaceAll(
"[\\p{Cntrl}]",
"_");
2555 dbName = dbName.replaceAll(
"[ /?:'\"\\\\]",
"_");
2560 dbName = dbName.toLowerCase();
2566 if ((dbName.length() > 0 && !(Character.isLetter(dbName.codePointAt(0))) && !(dbName.codePointAt(0) ==
'_'))) {
2567 dbName =
"_" + dbName;
2574 if (dbName.length() > MAX_DB_NAME_LEN_BEFORE_TIMESTAMP) {
2575 dbName = dbName.substring(0, MAX_DB_NAME_LEN_BEFORE_TIMESTAMP);
2587 SimpleDateFormat dateFormat =
new SimpleDateFormat(
"yyyyMMdd_HHmmss");
2588 Date date =
new Date();
2589 dbName = dbName +
"_" + dateFormat.format(date);
2604 if (cachedCurrentExaminer != null) {
2605 return cachedCurrentExaminer;
2607 String loginName = System.getProperty(
"user.name");
2608 if (loginName == null || loginName.isEmpty()) {
2609 throw new TskCoreException(
"Failed to determine logged in user name.");
2612 CaseDbConnection connection = connections.getConnection();
2614 ResultSet resultSet = null;
2616 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_EXAMINER_BY_LOGIN_NAME);
2617 statement.clearParameters();
2618 statement.setString(1, loginName);
2619 resultSet = connection.executeQuery(statement);
2620 if (resultSet.next()) {
2621 cachedCurrentExaminer =
new Examiner(resultSet.getLong(
"examiner_id"), resultSet.getString(
"login_name"), resultSet.getString(
"display_name"));
2622 return cachedCurrentExaminer;
2624 throw new TskCoreException(
"Error getting examaminer for name = " + loginName);
2627 }
catch (SQLException ex) {
2628 throw new TskCoreException(
"Error getting examaminer for name = " + loginName, ex);
2630 closeResultSet(resultSet);
2646 Examiner getExaminerById(
long id)
throws TskCoreException {
2648 CaseDbConnection connection = connections.getConnection();
2650 ResultSet resultSet = null;
2652 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_EXAMINER_BY_ID);
2653 statement.clearParameters();
2654 statement.setLong(1,
id);
2655 resultSet = connection.executeQuery(statement);
2656 if (resultSet.next()) {
2657 return new Examiner(resultSet.getLong(
"examiner_id"), resultSet.getString(
"login_name"), resultSet.getString(
"full_name"));
2659 throw new TskCoreException(
"Error getting examaminer for id = " +
id);
2661 }
catch (SQLException ex) {
2662 throw new TskCoreException(
"Error getting examaminer for id = " +
id, ex);
2664 closeResultSet(resultSet);
2688 return this.caseHandle.initAddImageProcess(timeZone, addUnallocSpace, noFatFsOrphans, imageCopyPath,
this);
2700 CaseDbConnection connection = connections.getConnection();
2703 ResultSet rs = null;
2705 s = connection.createStatement();
2706 rs = connection.executeQuery(s,
"SELECT obj_id, type FROM tsk_objects "
2707 +
"WHERE par_obj_id IS NULL");
2708 Collection<ObjectInfo> infos =
new ArrayList<ObjectInfo>();
2710 infos.add(
new ObjectInfo(rs.getLong(
"obj_id"),
ObjectType.
valueOf(rs.getShort(
"type"))));
2713 List<Content> rootObjs =
new ArrayList<Content>();
2714 for (ObjectInfo i : infos) {
2715 if (null != i.type) {
2726 throw new TskCoreException(
"Parentless object has wrong type to be a root (ABSTRACTFILE, but not VIRTUAL_DIRECTORY: " + i.type);
2732 throw new TskCoreException(
"Parentless object has wrong type to be a root: " + i.type);
2737 }
catch (SQLException ex) {
2738 throw new TskCoreException(
"Error getting root objects", ex);
2758 List<Long> getDataSourceObjIds(String deviceId)
throws TskCoreException {
2761 synchronized (deviceIdToDatasourceObjIdMap) {
2762 if (deviceIdToDatasourceObjIdMap.containsKey(deviceId)) {
2763 return new ArrayList<Long>(deviceIdToDatasourceObjIdMap.get(deviceId));
2766 CaseDbConnection connection = connections.getConnection();
2769 ResultSet rs = null;
2771 s = connection.createStatement();
2772 rs = connection.executeQuery(s,
"SELECT obj_id FROM data_source_info WHERE device_id = '" + deviceId +
"'");
2773 List<Long> dataSourceObjIds =
new ArrayList<Long>();
2775 dataSourceObjIds.add(rs.getLong(
"obj_id"));
2778 long ds_obj_id = rs.getLong(
"obj_id");
2779 if (deviceIdToDatasourceObjIdMap.containsKey(deviceId)) {
2780 deviceIdToDatasourceObjIdMap.get(deviceId).add(ds_obj_id);
2782 deviceIdToDatasourceObjIdMap.put(deviceId,
new HashSet<Long>(Arrays.asList(ds_obj_id)));
2785 return dataSourceObjIds;
2786 }
catch (SQLException ex) {
2787 throw new TskCoreException(
"Error getting data sources", ex);
2814 CaseDbConnection connection = connections.getConnection();
2816 Statement statement = null;
2817 ResultSet resultSet = null;
2818 Statement statement2 = null;
2819 ResultSet resultSet2 = null;
2821 statement = connection.createStatement();
2822 statement2 = connection.createStatement();
2823 resultSet = connection.executeQuery(statement,
2824 "SELECT ds.obj_id, ds.device_id, ds.time_zone, img.type, img.ssize, img.size, img.md5, img.sha1, img.sha256, img.display_name "
2825 +
"FROM data_source_info AS ds "
2826 +
"LEFT JOIN tsk_image_info AS img "
2827 +
"ON ds.obj_id = img.obj_id");
2829 List<DataSource> dataSourceList =
new ArrayList<DataSource>();
2832 while (resultSet.next()) {
2834 Long objectId = resultSet.getLong(
"obj_id");
2835 String deviceId = resultSet.getString(
"device_id");
2836 String timezone = resultSet.getString(
"time_zone");
2837 String type = resultSet.getString(
"type");
2845 resultSet2 = connection.executeQuery(statement2,
"SELECT name FROM tsk_files WHERE tsk_files.obj_id = " + objectId);
2846 String dsName = (resultSet2.next()) ? resultSet2.getString(
"name") :
"";
2854 String parentPath =
"/";
2855 dataSource =
new LocalFilesDataSource(
this, objectId, objectId, deviceId, dsName, dirType, metaType, dirFlag, metaFlags, timezone, null, null,
FileKnown.
UNKNOWN, parentPath);
2860 Long ssize = resultSet.getLong(
"ssize");
2861 Long size = resultSet.getLong(
"size");
2862 String md5 = resultSet.getString(
"md5");
2863 String sha1 = resultSet.getString(
"sha1");
2864 String sha256 = resultSet.getString(
"sha256");
2865 String name = resultSet.getString(
"display_name");
2867 List<String> imagePaths = imagePathsMap.get(objectId);
2869 if (imagePaths.size() > 0) {
2870 String path = imagePaths.get(0);
2871 name = (
new java.io.File(path)).getName();
2877 dataSource =
new Image(
this, objectId, Long.valueOf(type), deviceId, ssize, name,
2878 imagePaths.toArray(
new String[imagePaths.size()]), timezone, md5, sha1, sha256, size);
2881 dataSourceList.add(dataSource);
2884 return dataSourceList;
2886 }
catch (SQLException ex) {
2887 throw new TskCoreException(
"Error getting data sources", ex);
2889 closeResultSet(resultSet);
2890 closeStatement(statement);
2891 closeResultSet(resultSet2);
2892 closeStatement(statement2);
2919 CaseDbConnection connection = connections.getConnection();
2921 Statement statement = null;
2922 ResultSet resultSet = null;
2923 Statement statement2 = null;
2924 ResultSet resultSet2 = null;
2926 statement = connection.createStatement();
2927 statement2 = connection.createStatement();
2928 resultSet = connection.executeQuery(statement,
2929 "SELECT ds.device_id, ds.time_zone, img.type, img.ssize, img.size, img.md5, img.sha1, img.sha256, img.display_name "
2930 +
"FROM data_source_info AS ds "
2931 +
"LEFT JOIN tsk_image_info AS img "
2932 +
"ON ds.obj_id = img.obj_id "
2933 +
"WHERE ds.obj_id = " + objectId);
2934 if (resultSet.next()) {
2935 String deviceId = resultSet.getString(
"device_id");
2936 String timezone = resultSet.getString(
"time_zone");
2937 String type = resultSet.getString(
"type");
2945 resultSet2 = connection.executeQuery(statement2,
"SELECT name FROM tsk_files WHERE tsk_files.obj_id = " + objectId);
2946 String dsName = (resultSet2.next()) ? resultSet2.getString(
"name") :
"";
2953 String parentPath =
"/";
2954 dataSource =
new LocalFilesDataSource(
this, objectId, objectId, deviceId, dsName, dirType, metaType, dirFlag, metaFlags, timezone, null, null,
FileKnown.
UNKNOWN, parentPath);
2959 Long ssize = resultSet.getLong(
"ssize");
2960 Long size = resultSet.getLong(
"size");
2961 String md5 = resultSet.getString(
"md5");
2962 String sha1 = resultSet.getString(
"sha1");
2963 String sha256 = resultSet.getString(
"sha256");
2964 String name = resultSet.getString(
"display_name");
2966 List<String> imagePaths = getImagePathsById(objectId);
2968 if (imagePaths.size() > 0) {
2969 String path = imagePaths.get(0);
2970 name = (
new java.io.File(path)).getName();
2976 dataSource =
new Image(
this, objectId, Long.valueOf(type), deviceId, ssize, name,
2977 imagePaths.toArray(
new String[imagePaths.size()]), timezone, md5, sha1, sha256, size);
2980 throw new TskDataException(String.format(
"There is no data source with obj_id = %d", objectId));
2982 }
catch (SQLException ex) {
2983 throw new TskCoreException(String.format(
"Error getting data source with obj_id = %d", objectId), ex);
2985 closeResultSet(resultSet);
2986 closeStatement(statement);
2987 closeResultSet(resultSet2);
2988 closeStatement(statement2);
3007 return getArtifactsHelper(
"blackboard_artifacts.artifact_type_id = " + artifactTypeID);
3021 CaseDbConnection connection = connections.getConnection();
3023 ResultSet rs = null;
3026 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_FROM_SOURCE);
3027 statement.clearParameters();
3028 statement.setLong(1, objId);
3029 rs = connection.executeQuery(statement);
3032 count = rs.getLong(
"count");
3035 }
catch (SQLException ex) {
3036 throw new TskCoreException(
"Error getting number of blackboard artifacts by content", ex);
3055 CaseDbConnection connection = connections.getConnection();
3057 ResultSet rs = null;
3060 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_OF_TYPE);
3061 statement.clearParameters();
3062 statement.setInt(1, artifactTypeID);
3063 rs = connection.executeQuery(statement);
3066 count = rs.getLong(
"count");
3069 }
catch (SQLException ex) {
3070 throw new TskCoreException(
"Error getting number of blackboard artifacts by type", ex);
3090 CaseDbConnection connection = connections.getConnection();
3092 ResultSet rs = null;
3095 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_OF_TYPE_BY_DATA_SOURCE);
3096 statement.clearParameters();
3097 statement.setInt(2, artifactTypeID);
3098 statement.setLong(1, dataSourceID);
3099 rs = connection.executeQuery(statement);
3102 count = rs.getLong(
"count");
3105 }
catch (SQLException ex) {
3106 throw new TskCoreException(String.format(
"Error getting number of blackboard artifacts by type (%d) and data source (%d)", artifactTypeID, dataSourceID), ex);
3129 CaseDbConnection connection = connections.getConnection();
3132 ResultSet rs = null;
3134 s = connection.createStatement();
3135 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3136 +
"arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3137 +
"types.type_name AS type_name, types.display_name AS display_name, "
3138 +
" arts.review_status_id AS review_status_id "
3139 +
"FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3140 +
"WHERE arts.artifact_id = attrs.artifact_id "
3141 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3142 +
" AND attrs.value_text = '" + value +
"'"
3143 +
" AND types.artifact_type_id=arts.artifact_type_id"
3145 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3147 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3148 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3152 }
catch (SQLException ex) {
3153 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3180 String valSubStr =
"%" + subString;
3181 if (startsWith ==
false) {
3184 CaseDbConnection connection = connections.getConnection();
3187 ResultSet rs = null;
3189 s = connection.createStatement();
3190 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3191 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3192 +
" types.type_name AS type_name, types.display_name AS display_name, "
3193 +
" arts.review_status_id AS review_status_id "
3194 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3195 +
" WHERE arts.artifact_id = attrs.artifact_id "
3196 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3197 +
" AND LOWER(attrs.value_text) LIKE LOWER('" + valSubStr +
"')"
3198 +
" AND types.artifact_type_id=arts.artifact_type_id "
3200 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3202 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3203 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3207 }
catch (SQLException ex) {
3208 throw new TskCoreException(
"Error getting blackboard artifacts by attribute. " + ex.getMessage(), ex);
3232 CaseDbConnection connection = connections.getConnection();
3235 ResultSet rs = null;
3237 s = connection.createStatement();
3238 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3239 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3240 +
" types.type_name AS type_name, types.display_name AS display_name, "
3241 +
" arts.review_status_id AS review_status_id "
3242 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3243 +
"WHERE arts.artifact_id = attrs.artifact_id "
3244 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3245 +
" AND attrs.value_int32 = " + value
3246 +
" AND types.artifact_type_id=arts.artifact_type_id "
3248 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3250 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3251 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3255 }
catch (SQLException ex) {
3256 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3280 CaseDbConnection connection = connections.getConnection();
3283 ResultSet rs = null;
3285 s = connection.createStatement();
3286 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3287 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3288 +
" types.type_name AS type_name, types.display_name AS display_name, "
3289 +
" arts.review_status_id AS review_status_id "
3290 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3291 +
" WHERE arts.artifact_id = attrs.artifact_id "
3292 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3293 +
" AND attrs.value_int64 = " + value
3294 +
" AND types.artifact_type_id=arts.artifact_type_id "
3296 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3298 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3299 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3303 }
catch (SQLException ex) {
3304 throw new TskCoreException(
"Error getting blackboard artifacts by attribute. " + ex.getMessage(), ex);
3328 CaseDbConnection connection = connections.getConnection();
3331 ResultSet rs = null;
3333 s = connection.createStatement();
3334 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3335 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3336 +
" types.type_name AS type_name, types.display_name AS display_name, "
3337 +
" arts.review_status_id AS review_status_id "
3338 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3339 +
" WHERE arts.artifact_id = attrs.artifact_id "
3340 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3341 +
" AND attrs.value_double = " + value
3342 +
" AND types.artifact_type_id=arts.artifact_type_id "
3344 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3346 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3347 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3351 }
catch (SQLException ex) {
3352 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3376 CaseDbConnection connection = connections.getConnection();
3379 ResultSet rs = null;
3381 s = connection.createStatement();
3382 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3383 +
" arts.obj_id AS obj_id, arts.artifact_obj_id AS artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3384 +
" types.type_name AS type_name, types.display_name AS display_name, "
3385 +
" arts.review_status_id AS review_status_id "
3386 +
" FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3387 +
" WHERE arts.artifact_id = attrs.artifact_id "
3388 +
" AND attrs.attribute_type_id = " + attrType.getTypeID()
3389 +
" AND attrs.value_byte = " + value
3390 +
" AND types.artifact_type_id=arts.artifact_type_id "
3392 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3394 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3395 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3399 }
catch (SQLException ex) {
3400 throw new TskCoreException(
"Error getting blackboard artifacts by attribute", ex);
3417 CaseDbConnection connection = connections.getConnection();
3420 ResultSet rs = null;
3422 s = connection.createStatement();
3423 rs = connection.executeQuery(s,
"SELECT artifact_type_id, type_name, display_name FROM blackboard_artifact_types");
3427 rs.getString(
"type_name"), rs.getString(
"display_name")));
3429 return artifactTypes;
3430 }
catch (SQLException ex) {
3431 throw new TskCoreException(
"Error getting artifact types", ex);
3449 String typeIdList =
"";
3456 String query =
"SELECT DISTINCT artifact_type_id FROM blackboard_artifacts "
3457 +
"WHERE artifact_type_id IN (" + typeIdList +
")";
3458 CaseDbConnection connection = connections.getConnection();
3461 ResultSet rs = null;
3463 s = connection.createStatement();
3464 rs = connection.executeQuery(s, query);
3470 }
catch (SQLException ex) {
3471 throw new TskCoreException(
"Error getting artifact types in use", ex);
3491 CaseDbConnection connection = connections.getConnection();
3494 ResultSet rs = null;
3496 s = connection.createStatement();
3497 rs = connection.executeQuery(s,
3498 "SELECT DISTINCT arts.artifact_type_id AS artifact_type_id, "
3499 +
"types.type_name AS type_name, types.display_name AS display_name "
3500 +
"FROM blackboard_artifact_types AS types "
3501 +
"INNER JOIN blackboard_artifacts AS arts "
3502 +
"ON arts.artifact_type_id = types.artifact_type_id");
3506 rs.getString(
"type_name"), rs.getString(
"display_name")));
3508 return uniqueArtifactTypes;
3509 }
catch (SQLException ex) {
3510 throw new TskCoreException(
"Error getting attribute types", ex);
3527 CaseDbConnection connection = connections.getConnection();
3530 ResultSet rs = null;
3532 s = connection.createStatement();
3533 rs = connection.executeQuery(s,
"SELECT attribute_type_id, type_name, display_name, value_type FROM blackboard_attribute_types");
3539 return attribute_types;
3540 }
catch (SQLException ex) {
3541 throw new TskCoreException(
"Error getting attribute types", ex);
3562 CaseDbConnection connection = connections.getConnection();
3565 ResultSet rs = null;
3567 s = connection.createStatement();
3568 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM blackboard_attribute_types");
3571 count = rs.getInt(
"count");
3574 }
catch (SQLException ex) {
3575 throw new TskCoreException(
"Error getting number of blackboard artifacts by type", ex);
3596 ArrayList<BlackboardArtifact> getArtifactsHelper(String whereClause)
throws TskCoreException {
3597 CaseDbConnection connection = connections.getConnection();
3599 ResultSet rs = null;
3601 Statement statement = connection.createStatement();
3602 String query =
"SELECT blackboard_artifacts.artifact_id AS artifact_id, "
3603 +
"blackboard_artifacts.obj_id AS obj_id, "
3604 +
"blackboard_artifacts.artifact_obj_id AS artifact_obj_id, "
3605 +
"blackboard_artifacts.data_source_obj_id AS data_source_obj_id, "
3606 +
"blackboard_artifact_types.artifact_type_id AS artifact_type_id, "
3607 +
"blackboard_artifact_types.type_name AS type_name, "
3608 +
"blackboard_artifact_types.display_name AS display_name, "
3609 +
"blackboard_artifacts.review_status_id AS review_status_id "
3610 +
"FROM blackboard_artifacts, blackboard_artifact_types "
3611 +
"WHERE blackboard_artifacts.artifact_type_id = blackboard_artifact_types.artifact_type_id "
3613 +
" AND " + whereClause;
3614 rs = connection.executeQuery(statement, query);
3615 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3617 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3618 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3622 }
catch (SQLException ex) {
3623 throw new TskCoreException(
"Error getting or creating a blackboard artifact", ex);
3643 private long getArtifactsCountHelper(
int artifactTypeID,
long obj_id)
throws TskCoreException {
3644 CaseDbConnection connection = connections.getConnection();
3646 ResultSet rs = null;
3649 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_SOURCE_AND_TYPE);
3650 statement.clearParameters();
3651 statement.setLong(1, obj_id);
3652 statement.setInt(2, artifactTypeID);
3653 rs = connection.executeQuery(statement);
3656 count = rs.getLong(
"count");
3659 }
catch (SQLException ex) {
3660 throw new TskCoreException(
"Error getting blackboard artifact count", ex);
3681 return getArtifactsHelper(
"blackboard_artifacts.obj_id = " + obj_id +
" AND blackboard_artifact_types.type_name = '" + artifactTypeName +
"';");
3697 return getArtifactsHelper(
"blackboard_artifacts.obj_id = " + obj_id +
" AND blackboard_artifact_types.artifact_type_id = " + artifactTypeID +
";");
3729 int artifactTypeID = this.
getArtifactType(artifactTypeName).getTypeID();
3730 if (artifactTypeID == -1) {
3733 return getArtifactsCountHelper(artifactTypeID, obj_id);
3749 return getArtifactsCountHelper(artifactTypeID, obj_id);
3765 return getArtifactsCountHelper(artifactType.getTypeID(), obj_id);
3780 return getArtifactsHelper(
"blackboard_artifact_types.type_name = '" + artifactTypeName +
"';");
3795 return getArtifactsHelper(
"blackboard_artifact_types.artifact_type_id = " + artifactType.getTypeID() +
";");
3812 CaseDbConnection connection = connections.getConnection();
3815 ResultSet rs = null;
3817 s = connection.createStatement();
3818 rs = connection.executeQuery(s,
"SELECT DISTINCT arts.artifact_id AS artifact_id, "
3819 +
"arts.obj_id AS obj_id, arts.artifact_obj_id as artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3820 +
"types.type_name AS type_name, types.display_name AS display_name,"
3821 +
"arts.review_status_id AS review_status_id "
3822 +
"FROM blackboard_artifacts AS arts, blackboard_attributes AS attrs, blackboard_artifact_types AS types "
3823 +
"WHERE arts.artifact_id = attrs.artifact_id "
3824 +
"AND attrs.attribute_type_id = " + attrType.getTypeID()
3825 +
" AND arts.artifact_type_id = " + artifactType.getTypeID()
3826 +
" AND attrs.value_text = '" + value +
"'"
3827 +
" AND types.artifact_type_id=arts.artifact_type_id"
3829 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
3831 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3832 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3836 }
catch (SQLException ex) {
3837 throw new TskCoreException(
"Error getting blackboard artifacts by artifact type and attribute. " + ex.getMessage(), ex);
3857 CaseDbConnection connection = connections.getConnection();
3859 ResultSet rs = null;
3862 s = connection.createStatement();
3863 rs = connection.executeQuery(s,
"SELECT arts.artifact_id AS artifact_id, "
3864 +
"arts.obj_id AS obj_id, arts.artifact_obj_id as artifact_obj_id, arts.data_source_obj_id AS data_source_obj_id, arts.artifact_type_id AS artifact_type_id, "
3865 +
"types.type_name AS type_name, types.display_name AS display_name,"
3866 +
"arts.review_status_id AS review_status_id "
3867 +
"FROM blackboard_artifacts AS arts, blackboard_artifact_types AS types "
3868 +
"WHERE arts.artifact_id = " + artifactID
3869 +
" AND arts.artifact_type_id = types.artifact_type_id");
3871 return new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
3872 rs.getInt(
"artifact_type_id"), rs.getString(
"type_name"), rs.getString(
"display_name"),
3880 throw new TskCoreException(
"No blackboard artifact with id " + artifactID);
3882 }
catch (SQLException ex) {
3883 throw new TskCoreException(
"Error getting a blackboard artifact. " + ex.getMessage(), ex);
3900 CaseDbConnection connection = connections.getConnection();
3903 addBlackBoardAttribute(attr, artifactTypeId, connection);
3904 }
catch (SQLException ex) {
3905 throw new TskCoreException(
"Error adding blackboard attribute " + attr.toString(), ex);
3922 CaseDbConnection connection = connections.getConnection();
3925 connection.beginTransaction();
3927 addBlackBoardAttribute(attr, artifactTypeId, connection);
3929 connection.commitTransaction();
3930 }
catch (SQLException ex) {
3931 connection.rollbackTransaction();
3932 throw new TskCoreException(
"Error adding blackboard attributes", ex);
3939 private void addBlackBoardAttribute(
BlackboardAttribute attr,
int artifactTypeId, CaseDbConnection connection)
throws SQLException, TskCoreException {
3940 PreparedStatement statement;
3941 switch (attr.getAttributeType().getValueType()) {
3944 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_STRING_ATTRIBUTE);
3945 statement.clearParameters();
3946 statement.setString(7, attr.getValueString());
3949 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_BYTE_ATTRIBUTE);
3950 statement.clearParameters();
3951 statement.setBytes(7, attr.getValueBytes());
3954 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_INT_ATTRIBUTE);
3955 statement.clearParameters();
3956 statement.setInt(7, attr.getValueInt());
3959 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LONG_ATTRIBUTE);
3960 statement.clearParameters();
3961 statement.setLong(7, attr.getValueLong());
3964 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_DOUBLE_ATTRIBUTE);
3965 statement.clearParameters();
3966 statement.setDouble(7, attr.getValueDouble());
3969 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LONG_ATTRIBUTE);
3970 statement.clearParameters();
3971 statement.setLong(7, attr.getValueLong());
3974 throw new TskCoreException(
"Unrecognized artifact attribute value type");
3976 statement.setLong(1, attr.getArtifactID());
3977 statement.setInt(2, artifactTypeId);
3978 statement.setString(3, attr.getSourcesCSV());
3979 statement.setString(4,
"");
3980 statement.setInt(5, attr.getAttributeType().getTypeID());
3981 statement.setLong(6, attr.getAttributeType().getValueType().getType());
3982 connection.executeUpdate(statement);
3995 String addSourceToArtifactAttribute(BlackboardAttribute attr, String source)
throws TskCoreException {
4003 if (null == source || source.isEmpty()) {
4004 throw new TskCoreException(
"Attempt to add null or empty source module name to artifact attribute");
4006 CaseDbConnection connection = connections.getConnection();
4008 Statement queryStmt = null;
4009 Statement updateStmt = null;
4010 ResultSet result = null;
4011 String newSources =
"";
4013 connection.beginTransaction();
4014 String valueClause =
"";
4015 BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType = attr.getAttributeType().getValueType();
4016 if (BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE != valueType) {
4017 switch (valueType) {
4023 valueClause =
" value_int32 = " + attr.getValueInt();
4027 valueClause =
" value_int64 = " + attr.getValueLong();
4030 valueClause =
" value_double = " + attr.getValueDouble();
4033 throw new TskCoreException(String.format(
"Unrecognized value type for attribute %s", attr.getDisplayString()));
4035 String query =
"SELECT source FROM blackboard_attributes WHERE"
4036 +
" artifact_id = " + attr.getArtifactID()
4037 +
" AND attribute_type_id = " + attr.getAttributeType().getTypeID()
4038 +
" AND value_type = " + attr.getAttributeType().getValueType().getType()
4039 +
" AND " + valueClause +
";";
4040 queryStmt = connection.createStatement();
4041 updateStmt = connection.createStatement();
4042 result = connection.executeQuery(queryStmt, query);
4049 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ATTR_BY_VALUE_BYTE);
4050 statement.clearParameters();
4051 statement.setLong(1, attr.getArtifactID());
4052 statement.setLong(2, attr.getAttributeType().getTypeID());
4053 statement.setBytes(3, attr.getValueBytes());
4054 result = connection.executeQuery(statement);
4056 while (result.next()) {
4057 String oldSources = result.getString(
"source");
4058 if (null != oldSources && !oldSources.isEmpty()) {
4059 Set<String> uniqueSources =
new HashSet<String>(Arrays.asList(oldSources.split(
",")));
4060 if (!uniqueSources.contains(source)) {
4061 newSources = oldSources +
"," + source;
4063 newSources = oldSources;
4066 newSources = source;
4068 if (BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE != valueType) {
4069 String update =
"UPDATE blackboard_attributes SET source = '" + newSources +
"' WHERE"
4070 +
" artifact_id = " + attr.getArtifactID()
4071 +
" AND attribute_type_id = " + attr.getAttributeType().getTypeID()
4072 +
" AND value_type = " + attr.getAttributeType().getValueType().getType()
4073 +
" AND " + valueClause +
";";
4074 connection.executeUpdate(updateStmt, update);
4081 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_ATTR_BY_VALUE_BYTE);
4082 statement.clearParameters();
4083 statement.setString(1, newSources);
4084 statement.setLong(2, attr.getArtifactID());
4085 statement.setLong(3, attr.getAttributeType().getTypeID());
4086 statement.setBytes(4, attr.getValueBytes());
4087 connection.executeUpdate(statement);
4090 connection.commitTransaction();
4092 }
catch (SQLException ex) {
4093 connection.rollbackTransaction();
4094 throw new TskCoreException(String.format(
"Error adding source module to attribute %s", attr.getDisplayString()), ex);
4096 closeResultSet(result);
4097 closeStatement(updateStmt);
4098 closeStatement(queryStmt);
4119 CaseDbConnection connection = connections.getConnection();
4122 ResultSet rs = null;
4124 connection.beginTransaction();
4125 s = connection.createStatement();
4126 rs = connection.executeQuery(s,
"SELECT attribute_type_id FROM blackboard_attribute_types WHERE type_name = '" + attrTypeString +
"'");
4129 rs = connection.executeQuery(s,
"SELECT MAX(attribute_type_id) AS highest_id FROM blackboard_attribute_types");
4132 maxID = rs.getInt(
"highest_id");
4133 if (maxID < MIN_USER_DEFINED_TYPE_ID) {
4134 maxID = MIN_USER_DEFINED_TYPE_ID;
4139 connection.executeUpdate(s,
"INSERT INTO blackboard_attribute_types (attribute_type_id, type_name, display_name, value_type) VALUES ('" + maxID +
"', '" + attrTypeString +
"', '" + displayName +
"', '" + valueType.getType() +
"')");
4141 this.typeIdToAttributeTypeMap.put(type.getTypeID(), type);
4142 this.typeNameToAttributeTypeMap.put(type.getTypeName(), type);
4143 connection.commitTransaction();
4146 throw new TskDataException(
"The attribute type that was added was already within the system.");
4149 }
catch (SQLException ex) {
4150 connection.rollbackTransaction();
4151 throw new TskCoreException(
"Error adding attribute type", ex);
4171 if (this.typeNameToAttributeTypeMap.containsKey(attrTypeName)) {
4172 return this.typeNameToAttributeTypeMap.get(attrTypeName);
4174 CaseDbConnection connection = connections.getConnection();
4177 ResultSet rs = null;
4179 s = connection.createStatement();
4180 rs = connection.executeQuery(s,
"SELECT attribute_type_id, type_name, display_name, value_type FROM blackboard_attribute_types WHERE type_name = '" + attrTypeName +
"'");
4185 this.typeIdToAttributeTypeMap.put(type.getTypeID(), type);
4186 this.typeNameToAttributeTypeMap.put(attrTypeName, type);
4189 }
catch (SQLException ex) {
4190 throw new TskCoreException(
"Error getting attribute type id", ex);
4210 if (this.typeIdToAttributeTypeMap.containsKey(typeID)) {
4211 return this.typeIdToAttributeTypeMap.get(typeID);
4213 CaseDbConnection connection = connections.getConnection();
4216 ResultSet rs = null;
4218 s = connection.createStatement();
4219 rs = connection.executeQuery(s,
"SELECT attribute_type_id, type_name, display_name, value_type FROM blackboard_attribute_types WHERE attribute_type_id = " + typeID +
"");
4220 BlackboardAttribute.Type type = null;
4222 type =
new BlackboardAttribute.Type(rs.getInt(
"attribute_type_id"), rs.getString(
"type_name"),
4223 rs.getString(
"display_name"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(rs.getLong(
"value_type")));
4224 this.typeIdToAttributeTypeMap.put(typeID, type);
4225 this.typeNameToAttributeTypeMap.put(type.getTypeName(), type);
4228 }
catch (SQLException ex) {
4229 throw new TskCoreException(
"Error getting attribute type id", ex);
4249 if (this.typeNameToArtifactTypeMap.containsKey(artTypeName)) {
4250 return this.typeNameToArtifactTypeMap.get(artTypeName);
4252 CaseDbConnection connection = connections.getConnection();
4255 ResultSet rs = null;
4257 s = connection.createStatement();
4258 rs = connection.executeQuery(s,
"SELECT artifact_type_id, type_name, display_name FROM blackboard_artifact_types WHERE type_name = '" + artTypeName +
"'");
4262 rs.getString(
"type_name"), rs.getString(
"display_name"));
4263 this.typeIdToArtifactTypeMap.put(type.getTypeID(), type);
4264 this.typeNameToArtifactTypeMap.put(artTypeName, type);
4267 }
catch (SQLException ex) {
4268 throw new TskCoreException(
"Error getting artifact type from the database", ex);
4288 if (this.typeIdToArtifactTypeMap.containsKey(artTypeId)) {
4289 return typeIdToArtifactTypeMap.get(artTypeId);
4291 CaseDbConnection connection = connections.getConnection();
4294 ResultSet rs = null;
4296 s = connection.createStatement();
4297 rs = connection.executeQuery(s,
"SELECT artifact_type_id, type_name, display_name FROM blackboard_artifact_types WHERE artifact_type_id = " + artTypeId +
"");
4298 BlackboardArtifact.Type type = null;
4300 type =
new BlackboardArtifact.Type(rs.getInt(
"artifact_type_id"),
4301 rs.getString(
"type_name"), rs.getString(
"display_name"));
4302 this.typeIdToArtifactTypeMap.put(artTypeId, type);
4303 this.typeNameToArtifactTypeMap.put(type.getTypeName(), type);
4306 }
catch (SQLException ex) {
4307 throw new TskCoreException(
"Error getting artifact type from the database", ex);
4329 CaseDbConnection connection = connections.getConnection();
4332 ResultSet rs = null;
4334 connection.beginTransaction();
4335 s = connection.createStatement();
4336 rs = connection.executeQuery(s,
"SELECT artifact_type_id FROM blackboard_artifact_types WHERE type_name = '" + artifactTypeName +
"'");
4339 rs = connection.executeQuery(s,
"SELECT MAX(artifact_type_id) AS highest_id FROM blackboard_artifact_types");
4342 maxID = rs.getInt(
"highest_id");
4343 if (maxID < MIN_USER_DEFINED_TYPE_ID) {
4344 maxID = MIN_USER_DEFINED_TYPE_ID;
4349 connection.executeUpdate(s,
"INSERT INTO blackboard_artifact_types (artifact_type_id, type_name, display_name) VALUES ('" + maxID +
"', '" + artifactTypeName +
"', '" + displayName +
"')");
4351 this.typeIdToArtifactTypeMap.put(type.getTypeID(), type);
4352 this.typeNameToArtifactTypeMap.put(type.getTypeName(), type);
4353 connection.commitTransaction();
4356 throw new TskDataException(
"The attribute type that was added was already within the system.");
4358 }
catch (SQLException ex) {
4359 connection.rollbackTransaction();
4360 throw new TskCoreException(
"Error adding artifact type", ex);
4370 CaseDbConnection connection = connections.getConnection();
4372 ResultSet rs = null;
4374 Statement statement = connection.createStatement();
4375 rs = connection.executeQuery(statement,
"SELECT attrs.artifact_id AS artifact_id, "
4376 +
"attrs.source AS source, attrs.context AS context, attrs.attribute_type_id AS attribute_type_id, "
4377 +
"attrs.value_type AS value_type, attrs.value_byte AS value_byte, "
4378 +
"attrs.value_text AS value_text, attrs.value_int32 AS value_int32, "
4379 +
"attrs.value_int64 AS value_int64, attrs.value_double AS value_double, "
4380 +
"types.type_name AS type_name, types.display_name AS display_name "
4381 +
"FROM blackboard_attributes AS attrs, blackboard_attribute_types AS types WHERE attrs.artifact_id = " + artifact.getArtifactID()
4382 +
" AND attrs.attribute_type_id = types.attribute_type_id");
4383 ArrayList<BlackboardAttribute> attributes =
new ArrayList<BlackboardAttribute>();
4385 int attributeTypeId = rs.getInt(
"attribute_type_id");
4386 String attributeTypeName = rs.getString(
"type_name");
4388 if (this.typeIdToAttributeTypeMap.containsKey(attributeTypeId)) {
4389 attributeType = this.typeIdToAttributeTypeMap.get(attributeTypeId);
4392 rs.getString(
"display_name"),
4394 this.typeIdToAttributeTypeMap.put(attributeTypeId, attributeType);
4395 this.typeNameToAttributeTypeMap.put(attributeTypeName, attributeType);
4399 rs.getLong(
"artifact_id"),
4401 rs.getString(
"source"),
4402 rs.getString(
"context"),
4403 rs.getInt(
"value_int32"),
4404 rs.getLong(
"value_int64"),
4405 rs.getDouble(
"value_double"),
4406 rs.getString(
"value_text"),
4407 rs.getBytes(
"value_byte"), this
4409 attr.setParentDataSourceID(artifact.getDataSourceObjectID());
4410 attributes.add(attr);
4413 }
catch (SQLException ex) {
4414 throw new TskCoreException(
"Error getting attributes for artifact, artifact id = " + artifact.getArtifactID(), ex);
4435 CaseDbConnection connection = connections.getConnection();
4438 ResultSet rs = null;
4440 s = connection.createStatement();
4441 rs = connection.executeQuery(s,
"SELECT blackboard_attributes.artifact_id AS artifact_id, "
4442 +
"blackboard_attributes.source AS source, blackboard_attributes.context AS context, "
4443 +
"blackboard_attributes.attribute_type_id AS attribute_type_id, "
4444 +
"blackboard_attributes.value_type AS value_type, blackboard_attributes.value_byte AS value_byte, "
4445 +
"blackboard_attributes.value_text AS value_text, blackboard_attributes.value_int32 AS value_int32, "
4446 +
"blackboard_attributes.value_int64 AS value_int64, blackboard_attributes.value_double AS value_double "
4447 +
"FROM blackboard_attributes " + whereClause);
4448 ArrayList<BlackboardAttribute> matches =
new ArrayList<BlackboardAttribute>();
4454 rs.getLong(
"artifact_id"),
4456 rs.getString(
"source"),
4457 rs.getString(
"context"),
4458 rs.getInt(
"value_int32"),
4459 rs.getLong(
"value_int64"),
4460 rs.getDouble(
"value_double"),
4461 rs.getString(
"value_text"),
4462 rs.getBytes(
"value_byte"), this
4467 }
catch (SQLException ex) {
4468 throw new TskCoreException(
"Error getting attributes using this where clause: " + whereClause, ex);
4489 CaseDbConnection connection = connections.getConnection();
4491 ResultSet rs = null;
4494 s = connection.createStatement();
4495 rs = connection.executeQuery(s,
"SELECT blackboard_artifacts.artifact_id AS artifact_id, "
4496 +
"blackboard_artifacts.obj_id AS obj_id, blackboard_artifacts.artifact_obj_id AS artifact_obj_id, blackboard_artifacts.data_source_obj_id AS data_source_obj_id, blackboard_artifacts.artifact_type_id AS artifact_type_id, "
4497 +
"blackboard_artifacts.review_status_id AS review_status_id "
4498 +
"FROM blackboard_artifacts " + whereClause);
4499 ArrayList<BlackboardArtifact> matches =
new ArrayList<BlackboardArtifact>();
4505 type.getTypeID(), type.getTypeName(), type.getDisplayName(),
4507 matches.add(artifact);
4510 }
catch (SQLException ex) {
4511 throw new TskCoreException(
"Error getting attributes using this where clause: " + whereClause, ex);
4550 return newBlackboardArtifact(artifactType.getTypeID(), obj_id, artifactType.getLabel(), artifactType.getDisplayName());
4567 return newBlackboardArtifact(artifactTypeID, obj_id, type.getTypeName(), type.getDisplayName(), data_source_obj_id);
4570 private BlackboardArtifact
newBlackboardArtifact(
int artifact_type_id,
long obj_id, String artifactTypeName, String artifactDisplayName)
throws TskCoreException {
4571 try (CaseDbConnection connection = connections.getConnection()) {
4572 long data_source_obj_id = getDataSourceObjectId(connection, obj_id);
4573 return this.
newBlackboardArtifact(artifact_type_id, obj_id, artifactTypeName, artifactDisplayName, data_source_obj_id);
4577 private BlackboardArtifact
newBlackboardArtifact(
int artifact_type_id,
long obj_id, String artifactTypeName, String artifactDisplayName,
long data_source_obj_id)
throws TskCoreException {
4579 try (CaseDbConnection connection = connections.getConnection()) {
4580 long artifact_obj_id = addObject(obj_id, TskData.ObjectType.ARTIFACT.getObjectType(), connection);
4581 PreparedStatement statement = null;
4583 statement = connection.getPreparedStatement(PREPARED_STATEMENT.POSTGRESQL_INSERT_ARTIFACT, Statement.RETURN_GENERATED_KEYS);
4584 statement.clearParameters();
4585 statement.setLong(1, obj_id);
4586 statement.setLong(2, artifact_obj_id);
4587 statement.setLong(3, data_source_obj_id);
4588 statement.setInt(4, artifact_type_id);
4591 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_ARTIFACT, Statement.RETURN_GENERATED_KEYS);
4592 statement.clearParameters();
4593 this.nextArtifactId++;
4594 statement.setLong(1, this.nextArtifactId);
4595 statement.setLong(2, obj_id);
4596 statement.setLong(3, artifact_obj_id);
4597 statement.setLong(4, data_source_obj_id);
4598 statement.setInt(5, artifact_type_id);
4601 connection.executeUpdate(statement);
4602 try (ResultSet resultSet = statement.getGeneratedKeys()) {
4604 return new BlackboardArtifact(
this, resultSet.getLong(1),
4605 obj_id, artifact_obj_id, data_source_obj_id, artifact_type_id, artifactTypeName, artifactDisplayName, BlackboardArtifact.ReviewStatus.UNDECIDED,
true);
4607 }
catch (SQLException ex) {
4608 throw new TskCoreException(
"Error creating a blackboard artifact", ex);
4626 boolean getContentHasChildren(Content content)
throws TskCoreException {
4627 CaseDbConnection connection = connections.getConnection();
4629 ResultSet rs = null;
4632 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CHILD_OBJECTS_BY_PARENT);
4633 statement.clearParameters();
4634 statement.setLong(1, content.getId());
4635 rs = connection.executeQuery(statement);
4636 boolean hasChildren =
false;
4638 hasChildren = rs.getInt(
"count") > 0;
4641 }
catch (SQLException e) {
4642 throw new TskCoreException(
"Error checking for children of parent " + content, e);
4662 int getContentChildrenCount(Content content)
throws TskCoreException {
4664 if (!this.getHasChildren(content)) {
4668 CaseDbConnection connection = connections.getConnection();
4670 ResultSet rs = null;
4673 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CHILD_OBJECTS_BY_PARENT);
4674 statement.clearParameters();
4675 statement.setLong(1, content.getId());
4676 rs = connection.executeQuery(statement);
4677 int countChildren = -1;
4679 countChildren = rs.getInt(
"count");
4681 return countChildren;
4682 }
catch (SQLException e) {
4683 throw new TskCoreException(
"Error checking for children of parent " + content, e);
4702 List<Content> getAbstractFileChildren(Content parent, TSK_DB_FILES_TYPE_ENUM type)
throws TskCoreException {
4703 CaseDbConnection connection = connections.getConnection();
4705 ResultSet rs = null;
4707 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_PARENT_AND_TYPE);
4708 statement.clearParameters();
4709 long parentId = parent.getId();
4710 statement.setLong(1, parentId);
4711 statement.setShort(2, type.getFileType());
4712 rs = connection.executeQuery(statement);
4713 return fileChildren(rs, connection, parentId);
4714 }
catch (SQLException ex) {
4715 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4732 List<Content> getAbstractFileChildren(Content parent)
throws TskCoreException {
4733 CaseDbConnection connection = connections.getConnection();
4735 ResultSet rs = null;
4737 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_PARENT);
4738 statement.clearParameters();
4739 long parentId = parent.getId();
4740 statement.setLong(1, parentId);
4741 rs = connection.executeQuery(statement);
4742 return fileChildren(rs, connection, parentId);
4743 }
catch (SQLException ex) {
4744 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4763 List<Long> getAbstractFileChildrenIds(Content parent, TSK_DB_FILES_TYPE_ENUM type)
throws TskCoreException {
4764 CaseDbConnection connection = connections.getConnection();
4766 ResultSet rs = null;
4768 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_IDS_BY_PARENT_AND_TYPE);
4769 statement.clearParameters();
4770 statement.setLong(1, parent.getId());
4771 statement.setShort(2, type.getFileType());
4772 rs = connection.executeQuery(statement);
4773 List<Long> children =
new ArrayList<Long>();
4775 children.add(rs.getLong(
"obj_id"));
4778 }
catch (SQLException ex) {
4779 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4796 List<Long> getAbstractFileChildrenIds(Content parent)
throws TskCoreException {
4797 CaseDbConnection connection = connections.getConnection();
4799 ResultSet rs = null;
4801 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_IDS_BY_PARENT);
4802 statement.clearParameters();
4803 statement.setLong(1, parent.getId());
4804 rs = connection.executeQuery(statement);
4805 List<Long> children =
new ArrayList<Long>();
4807 children.add(rs.getLong(
"obj_id"));
4810 }
catch (SQLException ex) {
4811 throw new TskCoreException(
"Error getting AbstractFile children for Content", ex);
4829 List<Long> getBlackboardArtifactChildrenIds(Content parent)
throws TskCoreException {
4830 CaseDbConnection connection = connections.getConnection();
4832 ResultSet rs = null;
4834 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_OBJECTIDS_BY_PARENT);
4835 statement.clearParameters();
4836 statement.setLong(1, parent.getId());
4837 rs = connection.executeQuery(statement);
4838 List<Long> children =
new ArrayList<Long>();
4840 children.add(rs.getLong(
"obj_id"));
4843 }
catch (SQLException ex) {
4844 throw new TskCoreException(
"Error getting children for BlackboardArtifact", ex);
4861 List<Content> getBlackboardArtifactChildren(Content parent)
throws TskCoreException {
4863 long parentId = parent.getId();
4864 ArrayList<BlackboardArtifact> artsArray = getArtifactsHelper(
"blackboard_artifacts.obj_id = " + parentId +
";");
4866 List<Content> lc =
new ArrayList<Content>();
4867 lc.addAll(artsArray);
4879 Collection<ObjectInfo> getChildrenInfo(Content c)
throws TskCoreException {
4880 CaseDbConnection connection = connections.getConnection();
4883 ResultSet rs = null;
4885 s = connection.createStatement();
4886 rs = connection.executeQuery(s,
"SELECT tsk_objects.obj_id AS obj_id, tsk_objects.type AS type "
4887 +
"FROM tsk_objects LEFT JOIN tsk_files "
4888 +
"ON tsk_objects.obj_id = tsk_files.obj_id "
4889 +
"WHERE tsk_objects.par_obj_id = " + c.getId()
4890 +
" ORDER BY tsk_objects.obj_id");
4891 Collection<ObjectInfo> infos =
new ArrayList<ObjectInfo>();
4893 infos.add(
new ObjectInfo(rs.getLong(
"obj_id"), ObjectType.valueOf(rs.getShort(
"type"))));
4896 }
catch (SQLException ex) {
4897 throw new TskCoreException(
"Error getting Children Info for Content", ex);
4916 ObjectInfo getParentInfo(Content c)
throws TskCoreException {
4917 return getParentInfo(c.getId());
4930 ObjectInfo getParentInfo(
long contentId)
throws TskCoreException {
4931 CaseDbConnection connection = connections.getConnection();
4934 ResultSet rs = null;
4936 s = connection.createStatement();
4937 rs = connection.executeQuery(s,
"SELECT parent.obj_id AS obj_id, parent.type AS type "
4938 +
"FROM tsk_objects AS parent INNER JOIN tsk_objects AS child "
4939 +
"ON child.par_obj_id = parent.obj_id "
4940 +
"WHERE child.obj_id = " + contentId);
4942 return new ObjectInfo(rs.getLong(
"obj_id"), ObjectType.valueOf(rs.getShort(
"type")));
4946 }
catch (SQLException ex) {
4947 throw new TskCoreException(
"Error getting Parent Info for Content: " + contentId, ex);
4966 Directory getParentDirectory(FsContent fsc)
throws TskCoreException {
4971 ObjectInfo parentInfo = getParentInfo(fsc);
4972 if (parentInfo == null) {
4975 Directory parent = null;
4976 if (parentInfo.type == ObjectType.ABSTRACTFILE) {
4977 parent = getDirectoryById(parentInfo.id, fsc.getFileSystem());
4979 throw new TskCoreException(
"Parent of FsContent (id: " + fsc.getId() +
") has wrong type to be directory: " + parentInfo.type);
4998 Content content = frequentlyUsedContentMap.get(
id);
4999 if (null != content) {
5003 CaseDbConnection connection = connections.getConnection();
5006 ResultSet rs = null;
5011 s = connection.createStatement();
5012 rs = connection.executeQuery(s,
"SELECT * FROM tsk_objects WHERE obj_id = " +
id +
" LIMIT 1");
5016 parentId = rs.getLong(
"par_obj_id");
5018 }
catch (SQLException ex) {
5019 throw new TskCoreException(
"Error getting Content by ID.", ex);
5031 frequentlyUsedContentMap.put(
id, content);
5034 content = getVolumeSystemById(
id, parentId);
5037 content = getVolumeById(
id, parentId);
5038 frequentlyUsedContentMap.put(
id, content);
5041 content = getPoolById(
id, parentId);
5044 content = getFileSystemById(
id, parentId);
5045 frequentlyUsedContentMap.put(
id, content);
5056 frequentlyUsedContentMap.put(
id, content);
5066 throw new TskCoreException(
"Could not obtain Content object with ID: " +
id);
5079 String getFilePath(
long id) {
5080 CaseDbConnection connection;
5082 connection = connections.getConnection();
5083 }
catch (TskCoreException ex) {
5084 logger.log(Level.SEVERE,
"Error getting file path for file " +
id, ex);
5087 String filePath = null;
5089 ResultSet rs = null;
5091 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_LOCAL_PATH_FOR_FILE);
5092 statement.clearParameters();
5093 statement.setLong(1,
id);
5094 rs = connection.executeQuery(statement);
5096 filePath = rs.getString(
"path");
5098 }
catch (SQLException ex) {
5099 logger.log(Level.SEVERE,
"Error getting file path for file " +
id, ex);
5115 TskData.EncodingType getEncodingType(
long id) {
5116 CaseDbConnection connection;
5118 connection = connections.getConnection();
5119 }
catch (TskCoreException ex) {
5120 logger.log(Level.SEVERE,
"Error getting file path for file " +
id, ex);
5123 TskData.EncodingType type = TskData.EncodingType.NONE;
5125 ResultSet rs = null;
5127 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ENCODING_FOR_FILE);
5128 statement.clearParameters();
5129 statement.setLong(1,
id);
5130 rs = connection.executeQuery(statement);
5132 type = TskData.EncodingType.valueOf(rs.getInt(1));
5134 }
catch (SQLException ex) {
5135 logger.log(Level.SEVERE,
"Error getting encoding type for file " +
id, ex);
5152 String getFileParentPath(
long objectId, CaseDbConnection connection) {
5153 String parentPath = null;
5155 ResultSet rs = null;
5157 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_PATH_FOR_FILE);
5158 statement.clearParameters();
5159 statement.setLong(1, objectId);
5160 rs = connection.executeQuery(statement);
5162 parentPath = rs.getString(
"parent_path");
5164 }
catch (SQLException ex) {
5165 logger.log(Level.SEVERE,
"Error getting file parent_path for file " + objectId, ex);
5181 String getFileName(
long objectId, CaseDbConnection connection) {
5182 String fileName = null;
5184 ResultSet rs = null;
5186 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_NAME);
5187 statement.clearParameters();
5188 statement.setLong(1, objectId);
5189 rs = connection.executeQuery(statement);
5191 fileName = rs.getString(
"name");
5193 }
catch (SQLException ex) {
5194 logger.log(Level.SEVERE,
"Error getting file parent_path for file " + objectId, ex);
5212 DerivedFile.DerivedMethod getDerivedMethod(
long id)
throws TskCoreException {
5213 CaseDbConnection connection = connections.getConnection();
5214 DerivedFile.DerivedMethod method = null;
5216 ResultSet rs1 = null;
5217 ResultSet rs2 = null;
5219 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_DERIVED_FILE);
5220 statement.clearParameters();
5221 statement.setLong(1,
id);
5222 rs1 = connection.executeQuery(statement);
5224 int method_id = rs1.getInt(
"derived_id");
5225 String rederive = rs1.getString(
"rederive");
5226 method =
new DerivedFile.DerivedMethod(method_id, rederive);
5227 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_DERIVATION_METHOD);
5228 statement.clearParameters();
5229 statement.setInt(1, method_id);
5230 rs2 = connection.executeQuery(statement);
5232 method.setToolName(rs2.getString(
"tool_name"));
5233 method.setToolVersion(rs2.getString(
"tool_version"));
5234 method.setOther(rs2.getString(
"other"));
5237 }
catch (SQLException e) {
5238 logger.log(Level.SEVERE,
"Error getting derived method for file: " +
id, e);
5240 closeResultSet(rs2);
5241 closeResultSet(rs1);
5259 CaseDbConnection connection = connections.getConnection();
5281 ResultSet rs = null;
5283 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_BY_ID);
5284 statement.clearParameters();
5285 statement.setLong(1, objectId);
5286 rs = connection.executeQuery(statement);
5287 List<AbstractFile> files = resultSetToAbstractFiles(rs, connection);
5288 if (files.size() > 0) {
5289 return files.get(0);
5293 }
catch (SQLException ex) {
5294 throw new TskCoreException(
"Error getting file by id, id = " + objectId, ex);
5312 CaseDbConnection connection = connections.getConnection();
5314 ResultSet rs = null;
5316 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_BY_ARTIFACT_OBJ_ID);
5317 statement.clearParameters();
5318 statement.setLong(1,
id);
5319 rs = connection.executeQuery(statement);
5320 List<BlackboardArtifact> artifacts = resultSetToArtifacts(rs);
5321 if (artifacts.size() > 0) {
5322 return artifacts.get(0);
5326 }
catch (SQLException ex) {
5327 throw new TskCoreException(
"Error getting artifacts by artifact_obj_id, artifact_obj_id = " +
id, ex);
5346 CaseDbConnection connection = connections.getConnection();
5348 ResultSet rs = null;
5350 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_BY_ARTIFACT_ID);
5351 statement.clearParameters();
5352 statement.setLong(1,
id);
5353 rs = connection.executeQuery(statement);
5354 List<BlackboardArtifact> artifacts = resultSetToArtifacts(rs);
5355 if (artifacts.size() > 0) {
5356 return artifacts.get(0);
5360 }
catch (SQLException ex) {
5361 throw new TskCoreException(
"Error getting artifacts by artifact id, artifact id = " +
id, ex);
5381 private long getFileSystemId(
long fileId, CaseDbConnection connection) {
5383 ResultSet rs = null;
5386 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILE_SYSTEM_BY_OBJECT);
5387 statement.clearParameters();
5388 statement.setLong(1, fileId);
5389 rs = connection.executeQuery(statement);
5391 ret = rs.getLong(
"fs_obj_id");
5396 }
catch (SQLException e) {
5397 logger.log(Level.SEVERE,
"Error checking file system id of a file, id = " + fileId, e);
5417 String query = String.format(
"SELECT COUNT(*) AS count FROM tsk_files WHERE obj_id = %d AND data_source_obj_id = %d", fileId, dataSource.getId());
5418 CaseDbConnection connection = connections.getConnection();
5420 Statement statement = null;
5421 ResultSet resultSet = null;
5423 statement = connection.createStatement();
5424 resultSet = connection.executeQuery(statement, query);
5426 return (resultSet.getLong(
"count") > 0L);
5427 }
catch (SQLException ex) {
5428 throw new TskCoreException(String.format(
"Error executing query %s", query), ex);
5430 closeResultSet(resultSet);
5431 closeStatement(statement);
5448 public List<AbstractFile>
findFiles(
Content dataSource, String fileName)
throws TskCoreException {
5449 List<AbstractFile> files =
new ArrayList<AbstractFile>();
5450 CaseDbConnection connection = connections.getConnection();
5452 ResultSet resultSet = null;
5454 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_NAME);
5455 statement.clearParameters();
5456 statement.setString(1, fileName.toLowerCase());
5457 statement.setLong(2, dataSource.getId());
5458 resultSet = connection.executeQuery(statement);
5459 files.addAll(resultSetToAbstractFiles(resultSet, connection));
5460 }
catch (SQLException e) {
5461 throw new TskCoreException(bundle.getString(
"SleuthkitCase.findFiles.exception.msg3.text"), e);
5463 closeResultSet(resultSet);
5483 public List<AbstractFile>
findFiles(
Content dataSource, String fileName, String dirSubString)
throws TskCoreException {
5484 List<AbstractFile> files =
new ArrayList<AbstractFile>();
5485 CaseDbConnection connection = connections.getConnection();
5487 ResultSet resultSet = null;
5489 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_FILES_BY_DATA_SOURCE_AND_PARENT_PATH_AND_NAME);
5490 statement.clearParameters();
5491 statement.setString(1, fileName.toLowerCase());
5492 statement.setString(2,
"%" + dirSubString.toLowerCase() +
"%");
5493 statement.setLong(3, dataSource.getId());
5494 resultSet = connection.executeQuery(statement);
5495 files.addAll(resultSetToAbstractFiles(resultSet, connection));
5496 }
catch (SQLException e) {
5497 throw new TskCoreException(bundle.getString(
"SleuthkitCase.findFiles3.exception.msg3.text"), e);
5499 closeResultSet(resultSet);
5525 if (null != localTrans) {
5528 }
catch (TskCoreException ex2) {
5529 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
5547 long addObject(
long parentId,
int objectType, CaseDbConnection connection)
throws SQLException {
5548 ResultSet resultSet = null;
5552 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_OBJECT, Statement.RETURN_GENERATED_KEYS);
5553 statement.clearParameters();
5554 if (parentId != 0) {
5555 statement.setLong(1, parentId);
5557 statement.setNull(1, java.sql.Types.BIGINT);
5559 statement.setInt(2, objectType);
5560 connection.executeUpdate(statement);
5561 resultSet = statement.getGeneratedKeys();
5563 if (resultSet.next()) {
5564 if (parentId != 0) {
5565 setHasChildren(parentId);
5567 return resultSet.getLong(1);
5569 throw new SQLException(
"Error inserting object with parent " + parentId +
" into tsk_objects");
5572 closeResultSet(resultSet);
5595 if (transaction == null) {
5596 throw new TskCoreException(
"Passed null CaseDbTransaction");
5599 ResultSet resultSet = null;
5602 CaseDbConnection connection = transaction.getConnection();
5607 if (isRootDirectory((AbstractFile) parent, transaction)) {
5610 parentPath = ((AbstractFile) parent).getParentPath() + parent.
getName() +
"/";
5624 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
5625 statement.clearParameters();
5626 statement.setLong(1, newObjId);
5629 if (0 != parentId) {
5630 long parentFs = this.getFileSystemId(parentId, connection);
5631 if (parentFs != -1) {
5632 statement.setLong(2, parentFs);
5634 statement.setNull(2, java.sql.Types.BIGINT);
5637 statement.setNull(2, java.sql.Types.BIGINT);
5641 statement.setString(3, directoryName);
5645 statement.setShort(5, (
short) 1);
5649 statement.setShort(6, dirType.
getValue());
5651 statement.setShort(7, metaType.
getValue());
5655 statement.setShort(8, dirFlag.
getValue());
5658 statement.setShort(9, metaFlags);
5661 statement.setLong(10, 0);
5664 statement.setNull(11, java.sql.Types.BIGINT);
5665 statement.setNull(12, java.sql.Types.BIGINT);
5666 statement.setNull(13, java.sql.Types.BIGINT);
5667 statement.setNull(14, java.sql.Types.BIGINT);
5669 statement.setNull(15, java.sql.Types.VARCHAR);
5670 statement.setNull(16, java.sql.Types.VARCHAR);
5672 statement.setNull(18, java.sql.Types.VARCHAR);
5675 statement.setString(19, parentPath);
5678 long dataSourceObjectId;
5679 if (0 == parentId) {
5680 dataSourceObjectId = newObjId;
5682 dataSourceObjectId = getDataSourceObjectId(connection, parentId);
5684 statement.setLong(20, dataSourceObjectId);
5687 statement.setString(21, null);
5688 connection.executeUpdate(statement);
5690 return new VirtualDirectory(
this, newObjId, dataSourceObjectId, directoryName, dirType,
5693 }
catch (SQLException e) {
5694 throw new TskCoreException(
"Error creating virtual directory '" + directoryName +
"'", e);
5696 closeResultSet(resultSet);
5718 }
catch (TskCoreException ex) {
5721 }
catch (TskCoreException ex2) {
5722 logger.log(Level.SEVERE, String.format(
"Failed to rollback transaction after exception: %s", ex.getMessage()), ex2);
5746 if (transaction == null) {
5747 throw new TskCoreException(
"Passed null CaseDbTransaction");
5750 ResultSet resultSet = null;
5753 CaseDbConnection connection = transaction.getConnection();
5756 if ((parent == null) || isRootDirectory(parent, transaction)) {
5769 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
5770 statement.clearParameters();
5771 statement.setLong(1, newObjId);
5774 statement.setNull(2, java.sql.Types.BIGINT);
5777 statement.setString(3, directoryName);
5781 statement.setShort(5, (
short) 1);
5785 statement.setShort(6, dirType.
getValue());
5787 statement.setShort(7, metaType.
getValue());
5791 statement.setShort(8, dirFlag.
getValue());
5794 statement.setShort(9, metaFlags);
5797 statement.setLong(10, 0);
5800 statement.setNull(11, java.sql.Types.BIGINT);
5801 statement.setNull(12, java.sql.Types.BIGINT);
5802 statement.setNull(13, java.sql.Types.BIGINT);
5803 statement.setNull(14, java.sql.Types.BIGINT);
5805 statement.setNull(15, java.sql.Types.VARCHAR);
5806 statement.setNull(16, java.sql.Types.VARCHAR);
5808 statement.setNull(18, java.sql.Types.VARCHAR);
5811 statement.setString(19, parentPath);
5814 long dataSourceObjectId = getDataSourceObjectId(connection, parentId);
5815 statement.setLong(20, dataSourceObjectId);
5818 statement.setString(21, null);
5820 connection.executeUpdate(statement);
5822 return new LocalDirectory(
this, newObjId, dataSourceObjectId, directoryName, dirType,
5825 }
catch (SQLException e) {
5826 throw new TskCoreException(
"Error creating local directory '" + directoryName +
"'", e);
5828 closeResultSet(resultSet);
5853 Statement statement = null;
5857 CaseDbConnection connection = transaction.getConnection();
5862 statement = connection.createStatement();
5863 statement.executeUpdate(
"INSERT INTO data_source_info (obj_id, device_id, time_zone) "
5864 +
"VALUES(" + newObjId +
", '" + deviceId +
"', '" + timeZone +
"');");
5873 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
5874 preparedStatement.clearParameters();
5875 preparedStatement.setLong(1, newObjId);
5876 preparedStatement.setNull(2, java.sql.Types.BIGINT);
5877 preparedStatement.setString(3, rootDirectoryName);
5879 preparedStatement.setShort(5, (
short) 1);
5883 preparedStatement.setShort(7, metaType.
getValue());
5885 preparedStatement.setShort(8, dirFlag.
getValue());
5888 preparedStatement.setShort(9, metaFlags);
5889 preparedStatement.setLong(10, 0);
5890 preparedStatement.setNull(11, java.sql.Types.BIGINT);
5891 preparedStatement.setNull(12, java.sql.Types.BIGINT);
5892 preparedStatement.setNull(13, java.sql.Types.BIGINT);
5893 preparedStatement.setNull(14, java.sql.Types.BIGINT);
5894 preparedStatement.setNull(15, java.sql.Types.VARCHAR);
5895 preparedStatement.setNull(16, java.sql.Types.VARCHAR);
5897 preparedStatement.setNull(18, java.sql.Types.VARCHAR);
5898 String parentPath =
"/";
5899 preparedStatement.setString(19, parentPath);
5900 preparedStatement.setLong(20, newObjId);
5901 preparedStatement.setString(21, null);
5902 connection.executeUpdate(preparedStatement);
5904 return new LocalFilesDataSource(
this, newObjId, newObjId, deviceId, rootDirectoryName, dirType, metaType, dirFlag, metaFlags, timeZone, null, null,
FileKnown.
UNKNOWN, parentPath);
5906 }
catch (SQLException ex) {
5907 throw new TskCoreException(String.format(
"Error creating local files data source with device id %s and directory name %s", deviceId, rootDirectoryName), ex);
5909 closeStatement(statement);
5934 String timezone, String md5, String sha1, String sha256,
5938 Statement statement = null;
5941 CaseDbConnection connection = transaction.getConnection();
5946 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_IMAGE_INFO);
5947 preparedStatement.clearParameters();
5948 preparedStatement.setLong(1, newObjId);
5949 preparedStatement.setShort(2, (
short) type.getValue());
5950 preparedStatement.setLong(3, sectorSize);
5951 preparedStatement.setString(4, timezone);
5953 long savedSize = size < 0 ? 0 : size;
5954 preparedStatement.setLong(5, savedSize);
5955 preparedStatement.setString(6, md5);
5956 preparedStatement.setString(7, sha1);
5957 preparedStatement.setString(8, sha256);
5958 preparedStatement.setString(9, displayName);
5959 connection.executeUpdate(preparedStatement);
5962 for (
int i = 0; i < imagePaths.size(); i++) {
5963 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_IMAGE_NAME);
5964 preparedStatement.clearParameters();
5965 preparedStatement.setLong(1, newObjId);
5966 preparedStatement.setString(2, imagePaths.get(i));
5967 preparedStatement.setLong(3, i);
5968 connection.executeUpdate(preparedStatement);
5972 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_DATA_SOURCE_INFO);
5973 statement = connection.createStatement();
5974 preparedStatement.setLong(1, newObjId);
5975 preparedStatement.setString(2, deviceId);
5976 preparedStatement.setString(3, timezone);
5977 connection.executeUpdate(preparedStatement);
5980 String name = displayName;
5981 if (name == null || name.isEmpty()) {
5982 if (imagePaths.size() > 0) {
5983 String path = imagePaths.get(0);
5984 name = (
new java.io.File(path)).getName();
5989 return new Image(
this, newObjId, type.getValue(), deviceId, sectorSize, name,
5990 imagePaths.toArray(
new String[imagePaths.size()]), timezone, md5, sha1, sha256, savedSize);
5991 }
catch (SQLException ex) {
5992 if (!imagePaths.isEmpty()) {
5993 throw new TskCoreException(String.format(
"Error adding image with path %s to database", imagePaths.get(0)), ex);
5995 throw new TskCoreException(String.format(
"Error adding image with display name %s to database", displayName), ex);
5998 closeStatement(statement);
6021 CaseDbConnection connection = transaction.getConnection();
6022 long newObjId = addObject(parentObjId,
TskData.
ObjectType.
VS.getObjectType(), connection);
6026 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_VS_INFO);
6027 preparedStatement.clearParameters();
6028 preparedStatement.setLong(1, newObjId);
6029 preparedStatement.setShort(2, (
short) type.getVsType());
6030 preparedStatement.setLong(3, imgOffset);
6031 preparedStatement.setLong(4, blockSize);
6032 connection.executeUpdate(preparedStatement);
6035 return new VolumeSystem(
this, newObjId,
"", type.getVsType(), imgOffset, blockSize);
6036 }
catch (SQLException ex) {
6037 throw new TskCoreException(String.format(
"Error creating volume system with parent ID %d and image offset %d",
6038 parentObjId, imgOffset), ex);
6059 public Volume addVolume(
long parentObjId,
long addr,
long start,
long length, String desc,
6062 Statement statement = null;
6065 CaseDbConnection connection = transaction.getConnection();
6070 PreparedStatement preparedStatement;
6072 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_VS_PART_POSTGRESQL);
6074 preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_VS_PART_SQLITE);
6076 preparedStatement.clearParameters();
6077 preparedStatement.setLong(1, newObjId);
6078 preparedStatement.setLong(2, addr);
6079 preparedStatement.setLong(3, start);
6080 preparedStatement.setLong(4, length);
6081 preparedStatement.setString(5, desc);
6082 preparedStatement.setShort(6, (
short) flags);
6083 connection.executeUpdate(preparedStatement);
6086 return new Volume(
this, newObjId, addr, start, length, flags, desc);
6087 }
catch (SQLException ex) {
6088 throw new TskCoreException(String.format(
"Error creating volume with address %d and parent ID %d", addr, parentObjId), ex);
6090 closeStatement(statement);
6108 Statement statement = null;
6111 CaseDbConnection connection = transaction.getConnection();
6116 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_POOL_INFO);
6117 preparedStatement.clearParameters();
6118 preparedStatement.setLong(1, newObjId);
6119 preparedStatement.setShort(2, type.getValue());
6120 connection.executeUpdate(preparedStatement);
6123 return new Pool(
this, newObjId, type.getName(), type.getValue());
6124 }
catch (SQLException ex) {
6125 throw new TskCoreException(String.format(
"Error creating pool with type %d and parent ID %d", type.getValue(), parentObjId), ex);
6127 closeStatement(statement);
6151 long rootInum,
long firstInum,
long lastInum, String displayName,
6154 Statement statement = null;
6157 CaseDbConnection connection = transaction.getConnection();
6158 long newObjId = addObject(parentObjId,
TskData.
ObjectType.
FS.getObjectType(), connection);
6161 long dataSourceId = getDataSourceObjectId(connection, newObjId);
6165 PreparedStatement preparedStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FS_INFO);
6166 preparedStatement.clearParameters();
6167 preparedStatement.setLong(1, newObjId);
6168 preparedStatement.setLong(2, dataSourceId);
6169 preparedStatement.setLong(3, imgOffset);
6170 preparedStatement.setInt(4, type.getValue());
6171 preparedStatement.setLong(5, blockSize);
6172 preparedStatement.setLong(6, blockCount);
6173 preparedStatement.setLong(7, rootInum);
6174 preparedStatement.setLong(8, firstInum);
6175 preparedStatement.setLong(9, lastInum);
6176 preparedStatement.setString(10, displayName);
6177 connection.executeUpdate(preparedStatement);
6180 return new FileSystem(
this, newObjId, displayName, imgOffset, type, blockSize, blockCount, rootInum,
6181 firstInum, lastInum);
6182 }
catch (SQLException ex) {
6183 throw new TskCoreException(String.format(
"Error creating file system with image offset %d and parent ID %d",
6184 imgOffset, parentObjId), ex);
6186 closeStatement(statement);
6218 long metaAddr,
int metaSeq,
6221 long ctime,
long crtime,
long atime,
long mtime,
6222 boolean isFile,
Content parent)
throws TskCoreException {
6227 Statement queryStatement = null;
6229 CaseDbConnection connection = transaction.getConnection();
6238 AbstractFile parentFile = (AbstractFile) parent;
6239 if (isRootDirectory(parentFile, transaction)) {
6242 parentPath = parentFile.
getParentPath() + parent.getName() +
"/";
6248 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE_SYSTEM_FILE);
6249 statement.clearParameters();
6250 statement.setLong(1, objectId);
6251 statement.setLong(2, fsObjId);
6252 statement.setLong(3, dataSourceObjId);
6253 statement.setShort(4, (
short) attrType.getValue());
6254 statement.setInt(5, attrId);
6255 statement.setString(6, fileName);
6256 statement.setLong(7, metaAddr);
6257 statement.setInt(8, metaSeq);
6259 statement.setShort(10, (
short) 1);
6261 statement.setShort(11, dirType.
getValue());
6263 statement.setShort(12, metaType.
getValue());
6264 statement.setShort(13, dirFlag.getValue());
6265 statement.setShort(14, metaFlags);
6266 statement.setLong(15, size < 0 ? 0 : size);
6267 statement.setLong(16, ctime);
6268 statement.setLong(17, crtime);
6269 statement.setLong(18, atime);
6270 statement.setLong(19, mtime);
6271 statement.setString(20, parentPath);
6272 final String extension = extractExtension(fileName);
6273 statement.setString(21, extension);
6275 connection.executeUpdate(statement);
6277 DerivedFile derivedFile =
new DerivedFile(
this, objectId, dataSourceObjId, fileName, dirType, metaType, dirFlag, metaFlags,
6278 size, ctime, crtime, atime, mtime, null, null, null, parentPath, null, parent.getId(), null, null, extension);
6280 timelineManager.addEventsForNewFile(derivedFile, connection);
6286 attrType, attrId, fileName, metaAddr, metaSeq,
6287 dirType, metaType, dirFlag, metaFlags,
6288 size, ctime, crtime, atime, mtime,
6289 (
short) 0, 0, 0, null, null, null, parentPath, null,
6292 }
catch (SQLException ex) {
6293 logger.log(Level.WARNING,
"Failed to add file system file", ex);
6295 closeStatement(queryStatement);
6296 if (null != transaction) {
6299 }
catch (TskCoreException ex2) {
6300 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6316 CaseDbConnection connection = connections.getConnection();
6319 ResultSet rs = null;
6321 s = connection.createStatement();
6322 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE"
6324 +
" AND obj_id = data_source_obj_id"
6325 +
" ORDER BY dir_type, LOWER(name)");
6326 List<VirtualDirectory> virtDirRootIds =
new ArrayList<VirtualDirectory>();
6328 virtDirRootIds.add(virtualDirectory(rs, connection));
6330 return virtDirRootIds;
6331 }
catch (SQLException ex) {
6332 throw new TskCoreException(
"Error getting local files virtual folder id", ex);
6354 assert (null != fileRanges);
6355 if (null == fileRanges) {
6356 throw new TskCoreException(
"TskFileRange object is null");
6359 assert (null != parent);
6360 if (null == parent) {
6361 throw new TskCoreException(
"Conent is null");
6365 Statement statement = null;
6366 ResultSet resultSet = null;
6370 CaseDbConnection connection = transaction.getConnection();
6372 List<LayoutFile> fileRangeLayoutFiles =
new ArrayList<LayoutFile>();
6380 long end_byte_in_parent = fileRange.getByteStart() + fileRange.getByteLen() - 1;
6389 PreparedStatement prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
6390 prepStmt.clearParameters();
6391 prepStmt.setLong(1, fileRangeId);
6392 prepStmt.setNull(2, java.sql.Types.BIGINT);
6393 prepStmt.setString(3,
"Unalloc_" + parent.getId() +
"_" + fileRange.getByteStart() +
"_" + end_byte_in_parent);
6395 prepStmt.setNull(5, java.sql.Types.BIGINT);
6400 prepStmt.setLong(10, fileRange.getByteLen());
6401 prepStmt.setNull(11, java.sql.Types.BIGINT);
6402 prepStmt.setNull(12, java.sql.Types.BIGINT);
6403 prepStmt.setNull(13, java.sql.Types.BIGINT);
6404 prepStmt.setNull(14, java.sql.Types.BIGINT);
6405 prepStmt.setNull(15, java.sql.Types.VARCHAR);
6406 prepStmt.setNull(16, java.sql.Types.VARCHAR);
6408 prepStmt.setNull(18, java.sql.Types.VARCHAR);
6409 prepStmt.setNull(19, java.sql.Types.VARCHAR);
6410 prepStmt.setLong(20, parent.getId());
6413 prepStmt.setString(21, null);
6414 connection.executeUpdate(prepStmt);
6421 prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LAYOUT_FILE);
6422 prepStmt.clearParameters();
6423 prepStmt.setLong(1, fileRangeId);
6424 prepStmt.setLong(2, fileRange.getByteStart());
6425 prepStmt.setLong(3, fileRange.getByteLen());
6426 prepStmt.setLong(4, fileRange.getSequence());
6427 connection.executeUpdate(prepStmt);
6432 fileRangeLayoutFiles.add(
new LayoutFile(
this,
6435 Long.toString(fileRange.getSequence()),
6441 fileRange.getByteLen(),
6445 parent.getUniquePath(),
6451 return fileRangeLayoutFiles;
6453 }
catch (SQLException ex) {
6454 throw new TskCoreException(
"Failed to add layout files to case database", ex);
6456 closeResultSet(resultSet);
6457 closeStatement(statement);
6459 if (null != transaction) {
6462 }
catch (TskCoreException ex2) {
6463 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6481 assert (null != carvingResult);
6482 if (null == carvingResult) {
6483 throw new TskCoreException(
"Carving is null");
6485 assert (null != carvingResult.getParent());
6486 if (null == carvingResult.getParent()) {
6487 throw new TskCoreException(
"Carving result has null parent");
6489 assert (null != carvingResult.getCarvedFiles());
6490 if (null == carvingResult.getCarvedFiles()) {
6491 throw new TskCoreException(
"Carving result has null carved files");
6494 Statement statement = null;
6495 ResultSet resultSet = null;
6496 long newCacheKey = 0;
6499 CaseDbConnection connection = transaction.getConnection();
6508 while (null != root) {
6523 if (null == carvedFilesDir) {
6524 List<Content> rootChildren;
6526 rootChildren = ((FileSystem) root).getRootDirectory().
getChildren();
6530 for (
Content child : rootChildren) {
6536 if (null == carvedFilesDir) {
6537 long parId = root.
getId();
6539 if (root instanceof FileSystem) {
6540 Content rootDir = ((FileSystem) root).getRootDirectory();
6541 parId = rootDir.
getId();
6545 newCacheKey = root.
getId();
6546 rootIdsToCarvedFileDirs.put(newCacheKey, carvedFilesDir);
6553 String parentPath = getFileParentPath(carvedFilesDir.
getId(), connection) + carvedFilesDir.
getName() +
"/";
6554 List<LayoutFile> carvedFiles =
new ArrayList<LayoutFile>();
6570 PreparedStatement prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
6571 prepStmt.clearParameters();
6572 prepStmt.setLong(1, carvedFileId);
6574 prepStmt.setLong(2, root.
getId());
6576 prepStmt.setNull(2, java.sql.Types.BIGINT);
6578 prepStmt.setString(3, carvedFile.getName());
6580 prepStmt.setShort(5, (
short) 1);
6585 prepStmt.setLong(10, carvedFile.getSizeInBytes());
6586 prepStmt.setNull(11, java.sql.Types.BIGINT);
6587 prepStmt.setNull(12, java.sql.Types.BIGINT);
6588 prepStmt.setNull(13, java.sql.Types.BIGINT);
6589 prepStmt.setNull(14, java.sql.Types.BIGINT);
6590 prepStmt.setNull(15, java.sql.Types.VARCHAR);
6591 prepStmt.setNull(16, java.sql.Types.VARCHAR);
6593 prepStmt.setNull(18, java.sql.Types.VARCHAR);
6594 prepStmt.setString(19, parentPath);
6596 prepStmt.setString(21, extractExtension(carvedFile.getName()));
6597 connection.executeUpdate(prepStmt);
6604 prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LAYOUT_FILE);
6605 for (
TskFileRange tskFileRange : carvedFile.getLayoutInParent()) {
6606 prepStmt.clearParameters();
6607 prepStmt.setLong(1, carvedFileId);
6608 prepStmt.setLong(2, tskFileRange.getByteStart());
6609 prepStmt.setLong(3, tskFileRange.getByteLen());
6610 prepStmt.setLong(4, tskFileRange.getSequence());
6611 connection.executeUpdate(prepStmt);
6620 carvedFile.getName(),
6626 carvedFile.getSizeInBytes(),
6638 }
catch (SQLException ex) {
6639 throw new TskCoreException(
"Failed to add carved files to case database", ex);
6641 closeResultSet(resultSet);
6642 closeStatement(statement);
6644 if (null != transaction) {
6647 }
catch (TskCoreException ex2) {
6648 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6650 if (0 != newCacheKey) {
6651 rootIdsToCarvedFileDirs.remove(newCacheKey);
6688 long size,
long ctime,
long crtime,
long atime,
long mtime,
6689 boolean isFile,
Content parentObj,
6690 String rederiveDetails, String toolName, String toolVersion,
6693 localPath = localPath.replaceAll(
"^[/\\\\]+",
"");
6698 CaseDbConnection connection = transaction.getConnection();
6700 final long parentId = parentObj.
getId();
6701 String parentPath =
"";
6705 parentPath = ((AbstractFile) parentObj).getParentPath() + parentObj.
getName() +
'/';
6717 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
6718 statement.clearParameters();
6719 statement.setLong(1, newObjId);
6722 long fsObjId = this.getFileSystemId(parentId, connection);
6723 if (fsObjId != -1) {
6724 statement.setLong(2, fsObjId);
6726 statement.setNull(2, java.sql.Types.BIGINT);
6728 statement.setString(3, fileName);
6732 statement.setShort(5, (
short) 1);
6736 statement.setShort(6, dirType.
getValue());
6738 statement.setShort(7, metaType.
getValue());
6742 statement.setShort(8, dirFlag.
getValue());
6745 statement.setShort(9, metaFlags);
6749 long savedSize = size < 0 ? 0 : size;
6750 statement.setLong(10, savedSize);
6754 statement.setLong(11, ctime);
6755 statement.setLong(12, crtime);
6756 statement.setLong(13, atime);
6757 statement.setLong(14, mtime);
6759 statement.setNull(15, java.sql.Types.VARCHAR);
6760 statement.setNull(16, java.sql.Types.VARCHAR);
6762 statement.setNull(18, java.sql.Types.VARCHAR);
6765 statement.setString(19, parentPath);
6768 long dataSourceObjId = getDataSourceObjectId(connection, parentId);
6769 statement.setLong(20, dataSourceObjId);
6770 final String extension = extractExtension(fileName);
6772 statement.setString(21, extension);
6774 connection.executeUpdate(statement);
6777 addFilePath(connection, newObjId, localPath, encodingType);
6779 DerivedFile derivedFile =
new DerivedFile(
this, newObjId, dataSourceObjId, fileName, dirType, metaType, dirFlag, metaFlags,
6780 savedSize, ctime, crtime, atime, mtime, null, null, null, parentPath, localPath, parentId, null, encodingType, extension);
6782 timelineManager.addEventsForNewFile(derivedFile, connection);
6786 }
catch (SQLException ex) {
6787 connection.rollbackTransaction();
6788 throw new TskCoreException(
"Failed to add derived file to case database", ex);
6825 long size,
long ctime,
long crtime,
long atime,
long mtime,
6826 boolean isFile, String mimeType,
6827 String rederiveDetails, String toolName, String toolVersion,
6831 localPath = localPath.replaceAll(
"^[/\\\\]+",
"");
6833 CaseDbConnection connection = connections.getConnection();
6835 ResultSet rs = null;
6838 connection.beginTransaction();
6839 final long parentId = parentObj.
getId();
6840 String parentPath =
"";
6844 parentPath = ((AbstractFile) parentObj).getParentPath() + parentObj.
getName() +
'/';
6848 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_DERIVED_FILE);
6849 statement.clearParameters();
6856 statement.setShort(2, dirType.
getValue());
6858 statement.setShort(3, metaType.
getValue());
6862 statement.setShort(4, dirFlag.
getValue());
6865 statement.setShort(5, metaFlags);
6869 long savedSize = size < 0 ? 0 : size;
6870 statement.setLong(6, savedSize);
6874 statement.setLong(7, ctime);
6875 statement.setLong(8, crtime);
6876 statement.setLong(9, atime);
6877 statement.setLong(10, mtime);
6878 statement.setString(11, mimeType);
6879 statement.setString(12, String.valueOf(derivedFile.
getId()));
6880 connection.executeUpdate(statement);
6883 updateFilePath(connection, derivedFile.
getId(), localPath, encodingType);
6885 connection.commitTransaction();
6887 long dataSourceObjId = getDataSourceObjectId(connection, parentId);
6888 final String extension = extractExtension(derivedFile.
getName());
6889 return new DerivedFile(
this, derivedFile.
getId(), dataSourceObjId, derivedFile.
getName(), dirType, metaType, dirFlag, metaFlags,
6890 savedSize, ctime, crtime, atime, mtime, null, null, null, parentPath, localPath, parentId, null, encodingType, extension);
6891 }
catch (SQLException ex) {
6892 connection.rollbackTransaction();
6893 throw new TskCoreException(
"Failed to add derived file to case database", ex);
6921 long size,
long ctime,
long crtime,
long atime,
long mtime,
6927 LocalFile created =
addLocalFile(fileName, localPath, size, ctime, crtime, atime, mtime, isFile, encodingType, parent, localTrans);
6932 if (null != localTrans) {
6935 }
catch (TskCoreException ex2) {
6936 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
6967 long size,
long ctime,
long crtime,
long atime,
long mtime,
6972 size, ctime, crtime, atime, mtime,
6974 isFile, encodingType,
6975 parent, transaction);
7006 long size,
long ctime,
long crtime,
long atime,
long mtime,
7007 String md5, String sha256,
FileKnown known, String mimeType,
7010 CaseDbConnection connection = transaction.getConnection();
7011 Statement queryStatement = null;
7023 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
7024 statement.clearParameters();
7025 statement.setLong(1, objectId);
7026 statement.setNull(2, java.sql.Types.BIGINT);
7027 statement.setString(3, fileName);
7029 statement.setShort(5, (
short) 1);
7031 statement.setShort(6, dirType.
getValue());
7033 statement.setShort(7, metaType.
getValue());
7035 statement.setShort(8, dirFlag.
getValue());
7037 statement.setShort(9, metaFlags);
7039 long savedSize = size < 0 ? 0 : size;
7040 statement.setLong(10, savedSize);
7041 statement.setLong(11, ctime);
7042 statement.setLong(12, crtime);
7043 statement.setLong(13, atime);
7044 statement.setLong(14, mtime);
7045 statement.setString(15, md5);
7046 statement.setString(16, sha256);
7047 if (known != null) {
7048 statement.setByte(17, known.getFileKnownValue());
7052 statement.setString(18, mimeType);
7054 long dataSourceObjId;
7057 AbstractFile parentFile = (AbstractFile) parent;
7058 if (isRootDirectory(parentFile, transaction)) {
7061 parentPath = parentFile.
getParentPath() + parent.getName() +
"/";
7066 dataSourceObjId = getDataSourceObjectId(connection, parent.getId());
7068 statement.setString(19, parentPath);
7069 statement.setLong(20, dataSourceObjId);
7070 final String extension = extractExtension(fileName);
7071 statement.setString(21, extension);
7073 connection.executeUpdate(statement);
7074 addFilePath(connection, objectId, localPath, encodingType);
7084 ctime, crtime, atime, mtime,
7085 mimeType, md5, sha256, known,
7086 parent.getId(), parentPath,
7089 encodingType, extension);
7093 }
catch (SQLException ex) {
7094 throw new TskCoreException(String.format(
"Failed to INSERT local file %s (%s) with parent id %d in tsk_files table", fileName, localPath, parent.getId()), ex);
7096 closeStatement(queryStatement);
7113 CaseDbConnection connection = transaction.getConnection();
7114 Statement statement = null;
7115 ResultSet resultSet = null;
7118 String query = String.format(
"SELECT ParentRow.type AS parent_type, ParentRow.obj_id AS parent_object_id "
7119 +
"FROM tsk_objects ParentRow JOIN tsk_objects ChildRow ON ChildRow.par_obj_id = ParentRow.obj_id "
7120 +
"WHERE ChildRow.obj_id = %s;", file.
getId());
7122 statement = connection.createStatement();
7123 resultSet = statement.executeQuery(query);
7124 if (resultSet.next()) {
7125 long parentId = resultSet.getLong(
"parent_object_id");
7126 if (parentId == 0) {
7129 int type = resultSet.getInt(
"parent_type");
7130 return (type == TskData.ObjectType.IMG.getObjectType()
7131 || type == TskData.ObjectType.VS.getObjectType()
7132 || type == TskData.ObjectType.VOL.getObjectType()
7133 || type == TskData.ObjectType.FS.getObjectType());
7138 }
catch (SQLException ex) {
7139 throw new TskCoreException(String.format(
"Failed to lookup parent of file (%s) with id %d", file.
getName(), file.
getId()), ex);
7141 closeResultSet(resultSet);
7142 closeStatement(statement);
7168 long ctime,
long crtime,
long atime,
long mtime,
7169 List<TskFileRange> fileRanges,
7170 Content parent)
throws TskCoreException {
7172 if (null == parent) {
7173 throw new TskCoreException(
"Parent can not be null");
7178 parentPath = ((AbstractFile) parent).getParentPath() + parent.getName() +
'/';
7184 Statement statement = null;
7185 ResultSet resultSet = null;
7188 CaseDbConnection connection = transaction.getConnection();
7204 PreparedStatement prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_FILE);
7205 prepStmt.clearParameters();
7206 prepStmt.setLong(1, newFileId);
7209 if (0 != parent.getId()) {
7210 long parentFs = this.getFileSystemId(parent.getId(), connection);
7211 if (parentFs != -1) {
7212 prepStmt.setLong(2, parentFs);
7214 prepStmt.setNull(2, java.sql.Types.BIGINT);
7217 prepStmt.setNull(2, java.sql.Types.BIGINT);
7219 prepStmt.setString(3, fileName);
7221 prepStmt.setShort(5, (
short) 0);
7224 prepStmt.setShort(8, dirFlag.getValue());
7225 prepStmt.setShort(9, metaFlag.getValue());
7227 long savedSize = size < 0 ? 0 : size;
7228 prepStmt.setLong(10, savedSize);
7229 prepStmt.setLong(11, ctime);
7230 prepStmt.setLong(12, crtime);
7231 prepStmt.setLong(13, atime);
7232 prepStmt.setLong(14, mtime);
7233 prepStmt.setNull(15, java.sql.Types.VARCHAR);
7234 prepStmt.setNull(16, java.sql.Types.VARCHAR);
7236 prepStmt.setNull(18, java.sql.Types.VARCHAR);
7237 prepStmt.setString(19, parentPath);
7238 prepStmt.setLong(20, parent.getDataSource().getId());
7240 prepStmt.setString(21, extractExtension(fileName));
7241 connection.executeUpdate(prepStmt);
7248 prepStmt = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LAYOUT_FILE);
7250 prepStmt.clearParameters();
7251 prepStmt.setLong(1, newFileId);
7252 prepStmt.setLong(2, tskFileRange.getByteStart());
7253 prepStmt.setLong(3, tskFileRange.getByteLen());
7254 prepStmt.setLong(4, tskFileRange.getSequence());
7255 connection.executeUpdate(prepStmt);
7263 parent.getDataSource().getId(),
7269 metaFlag.getValue(),
7271 ctime, crtime, atime, mtime,
7281 }
catch (SQLException ex) {
7282 throw new TskCoreException(
"Failed to add layout file " + fileName +
" to case database", ex);
7284 closeResultSet(resultSet);
7285 closeStatement(statement);
7287 if (null != transaction) {
7290 }
catch (TskCoreException ex2) {
7291 logger.log(Level.SEVERE,
"Failed to rollback transaction after exception", ex2);
7309 private long getDataSourceObjectId(CaseDbConnection connection,
long objectId)
throws TskCoreException {
7311 Statement statement = null;
7312 ResultSet resultSet = null;
7314 statement = connection.createStatement();
7315 long dataSourceObjId;
7316 long ancestorId = objectId;
7318 dataSourceObjId = ancestorId;
7319 String query = String.format(
"SELECT par_obj_id FROM tsk_objects WHERE obj_id = %s;", ancestorId);
7320 resultSet = statement.executeQuery(query);
7321 if (resultSet.next()) {
7322 ancestorId = resultSet.getLong(
"par_obj_id");
7324 throw new TskCoreException(String.format(
"tsk_objects table is corrupt, SQL query returned no result: %s", query));
7328 }
while (0 != ancestorId);
7329 return dataSourceObjId;
7330 }
catch (SQLException ex) {
7331 throw new TskCoreException(String.format(
"Error finding root data source for object (obj_id = %d)", objectId), ex);
7333 closeResultSet(resultSet);
7334 closeStatement(statement);
7350 private void addFilePath(CaseDbConnection connection,
long objId, String path, TskData.EncodingType type) throws SQLException {
7351 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_LOCAL_PATH);
7352 statement.clearParameters();
7353 statement.setLong(1, objId);
7354 statement.setString(2, path);
7355 statement.setInt(3, type.getType());
7356 connection.executeUpdate(statement);
7370 private void updateFilePath(CaseDbConnection connection,
long objId, String path, TskData.EncodingType type) throws SQLException {
7371 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_LOCAL_PATH);
7372 statement.clearParameters();
7373 statement.setString(1, path);
7374 statement.setInt(2, type.getType());
7375 statement.setLong(3, objId);
7376 connection.executeUpdate(statement);
7395 return findFiles(dataSource, fileName, parentFile.getName());
7410 CaseDbConnection connection = connections.getConnection();
7413 ResultSet rs = null;
7415 s = connection.createStatement();
7416 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files WHERE " + sqlWhereClause);
7418 return rs.getLong(
"count");
7419 }
catch (SQLException e) {
7420 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.countFilesWhere().", e);
7447 CaseDbConnection connection = connections.getConnection();
7450 ResultSet rs = null;
7452 s = connection.createStatement();
7453 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE " + sqlWhereClause);
7454 return resultSetToAbstractFiles(rs, connection);
7455 }
catch (SQLException e) {
7456 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findAllFilesWhere(): " + sqlWhereClause, e);
7484 String queryTemplate =
"SELECT tsk_files.* FROM tsk_files JOIN tsk_objects ON tsk_objects.obj_id = tsk_files.obj_id WHERE par_obj_id = %d AND %s";
7486 try(CaseDbConnection connection = connections.getConnection()) {
7489 String query = String.format(queryTemplate, parentId, sqlWhereClause);
7490 try(Statement s = connection.createStatement(); ResultSet rs = connection.executeQuery(s, query)) {
7491 return resultSetToAbstractFiles(rs, connection);
7492 }
catch(SQLException ex) {
7493 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findAllFilesInFolderWhere(): " + query, ex);
7513 CaseDbConnection connection = connections.getConnection();
7516 ResultSet rs = null;
7518 s = connection.createStatement();
7519 rs = connection.executeQuery(s,
"SELECT obj_id FROM tsk_files WHERE " + sqlWhereClause);
7520 List<Long> ret =
new ArrayList<Long>();
7522 ret.add(rs.getLong(
"obj_id"));
7525 }
catch (SQLException e) {
7526 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findAllFileIdsWhere(): " + sqlWhereClause, e);
7546 public List<AbstractFile>
openFiles(
Content dataSource, String filePath)
throws TskCoreException {
7553 int lastSlash = path.lastIndexOf(
'/');
7556 if (lastSlash == path.length()) {
7557 path = path.substring(0, lastSlash - 1);
7558 lastSlash = path.lastIndexOf(
'/');
7561 String parentPath = path.substring(0, lastSlash);
7562 String fileName = path.substring(lastSlash);
7564 return findFiles(dataSource, fileName, parentPath);
7578 CaseDbConnection connection = connections.getConnection();
7581 ResultSet rs = null;
7583 s = connection.createStatement();
7584 rs = connection.executeQuery(s,
"SELECT * FROM tsk_file_layout WHERE obj_id = " +
id +
" ORDER BY sequence");
7585 List<TskFileRange> ranges =
new ArrayList<TskFileRange>();
7588 rs.getLong(
"byte_len"), rs.getLong(
"sequence"));
7592 }
catch (SQLException ex) {
7593 throw new TskCoreException(
"Error getting TskFileLayoutRanges by id, id = " +
id, ex);
7613 CaseDbConnection connection = connections.getConnection();
7616 ResultSet rs = null;
7618 s = connection.createStatement();
7619 rs = connection.executeQuery(s,
"SELECT tsk_image_info.type, tsk_image_info.ssize, tsk_image_info.tzone, tsk_image_info.size, tsk_image_info.md5, tsk_image_info.sha1, tsk_image_info.sha256, tsk_image_info.display_name, data_source_info.device_id, tsk_image_names.name "
7620 +
"FROM tsk_image_info "
7621 +
"INNER JOIN data_source_info ON tsk_image_info.obj_id = data_source_info.obj_id "
7622 +
"LEFT JOIN tsk_image_names ON tsk_image_names.obj_id = data_source_info.obj_id "
7623 +
"WHERE tsk_image_info.obj_id = " +
id);
7625 List<String> imagePaths =
new ArrayList<>();
7626 long type, ssize, size;
7627 String tzone, md5, sha1, sha256, name, device_id, imagePath;
7630 imagePath = rs.getString(
"name");
7631 if (imagePath != null) {
7632 imagePaths.add(imagePath);
7634 type = rs.getLong(
"type");
7635 ssize = rs.getLong(
"ssize");
7636 tzone = rs.getString(
"tzone");
7637 size = rs.getLong(
"size");
7638 md5 = rs.getString(
"md5");
7639 sha1 = rs.getString(
"sha1");
7640 sha256 = rs.getString(
"sha256");
7641 name = rs.getString(
"display_name");
7643 if (imagePaths.size() > 0) {
7644 String path = imagePaths.get(0);
7645 name = (
new java.io.File(path)).getName();
7650 device_id = rs.getString(
"device_id");
7652 throw new TskCoreException(
"No image found for id: " +
id);
7657 imagePath = rs.getString(
"name");
7658 if (imagePath != null) {
7659 imagePaths.add(imagePath);
7663 return new Image(
this,
id, type, device_id, ssize, name,
7664 imagePaths.toArray(
new String[imagePaths.size()]), tzone, md5, sha1, sha256, size);
7665 }
catch (SQLException ex) {
7666 throw new TskCoreException(
"Error getting Image by id, id = " +
id, ex);
7687 CaseDbConnection connection = connections.getConnection();
7690 ResultSet rs = null;
7692 s = connection.createStatement();
7693 rs = connection.executeQuery(s,
"SELECT * FROM tsk_vs_info "
7694 +
"where obj_id = " +
id);
7696 long type = rs.getLong(
"vs_type");
7697 long imgOffset = rs.getLong(
"img_offset");
7698 long blockSize = rs.getLong(
"block_size");
7700 vs.setParent(parent);
7703 throw new TskCoreException(
"No volume system found for id:" +
id);
7705 }
catch (SQLException ex) {
7706 throw new TskCoreException(
"Error getting Volume System by ID.", ex);
7723 VolumeSystem getVolumeSystemById(
long id,
long parentId)
throws TskCoreException {
7724 VolumeSystem vs = getVolumeSystemById(
id, null);
7725 vs.setParentId(parentId);
7740 FileSystem getFileSystemById(
long id, Image parent)
throws TskCoreException {
7741 return getFileSystemByIdHelper(
id, parent);
7752 FileSystem getFileSystemById(
long id,
long parentId)
throws TskCoreException {
7754 FileSystem fs = getFileSystemById(
id, vol);
7755 fs.setParentId(parentId);
7770 FileSystem getFileSystemById(
long id, Volume parent)
throws TskCoreException {
7771 return getFileSystemByIdHelper(
id, parent);
7785 Pool getPoolById(
long id, Content parent)
throws TskCoreException {
7786 return getPoolByIdHelper(
id, parent);
7797 Pool getPoolById(
long id,
long parentId)
throws TskCoreException {
7798 Pool pool = getPoolById(
id, null);
7799 pool.setParentId(parentId);
7814 private Pool getPoolByIdHelper(
long id, Content parent)
throws TskCoreException {
7817 try (CaseDbConnection connection = connections.getConnection();
7818 Statement s = connection.createStatement();
7819 ResultSet rs = connection.executeQuery(s,
"SELECT * FROM tsk_pool_info "
7820 +
"where obj_id = " +
id);) {
7822 Pool pool =
new Pool(
this, rs.getLong(
"obj_id"), TskData.TSK_POOL_TYPE_ENUM.valueOf(rs.getLong(
"pool_type")).getName(), rs.getLong(
"pool_type"));
7823 pool.setParent(parent);
7827 throw new TskCoreException(
"No pool found for ID:" +
id);
7829 }
catch (SQLException ex) {
7830 throw new TskCoreException(
"Error getting Pool by ID", ex);
7847 private FileSystem getFileSystemByIdHelper(
long id, Content parent)
throws TskCoreException {
7851 synchronized (fileSystemIdMap) {
7852 if (fileSystemIdMap.containsKey(
id)) {
7853 return fileSystemIdMap.get(
id);
7856 CaseDbConnection connection = connections.getConnection();
7859 ResultSet rs = null;
7861 s = connection.createStatement();
7862 rs = connection.executeQuery(s,
"SELECT * FROM tsk_fs_info "
7863 +
"where obj_id = " +
id);
7865 TskData.TSK_FS_TYPE_ENUM fsType = TskData.TSK_FS_TYPE_ENUM.valueOf(rs.getInt(
"fs_type"));
7866 FileSystem fs =
new FileSystem(
this, rs.getLong(
"obj_id"),
"", rs.getLong(
"img_offset"),
7867 fsType, rs.getLong(
"block_size"), rs.getLong(
"block_count"),
7868 rs.getLong(
"root_inum"), rs.getLong(
"first_inum"), rs.getLong(
"last_inum"));
7869 fs.setParent(parent);
7871 synchronized (fileSystemIdMap) {
7872 fileSystemIdMap.put(
id, fs);
7876 throw new TskCoreException(
"No file system found for id:" +
id);
7878 }
catch (SQLException ex) {
7879 throw new TskCoreException(
"Error getting File System by ID", ex);
7899 Volume getVolumeById(
long id, VolumeSystem parent)
throws TskCoreException {
7900 CaseDbConnection connection = connections.getConnection();
7903 ResultSet rs = null;
7905 s = connection.createStatement();
7906 rs = connection.executeQuery(s,
"SELECT * FROM tsk_vs_parts "
7907 +
"where obj_id = " +
id);
7918 description = rs.getString(
"desc");
7919 }
catch (Exception ex) {
7920 description = rs.getString(
"descr");
7922 Volume vol =
new Volume(
this, rs.getLong(
"obj_id"), rs.getLong(
"addr"),
7923 rs.getLong(
"start"), rs.getLong(
"length"), rs.getLong(
"flags"),
7925 vol.setParent(parent);
7928 throw new TskCoreException(
"No volume found for id:" +
id);
7930 }
catch (SQLException ex) {
7931 throw new TskCoreException(
"Error getting Volume by ID", ex);
7948 Volume getVolumeById(
long id,
long parentId)
throws TskCoreException {
7949 Volume vol = getVolumeById(
id, null);
7950 vol.setParentId(parentId);
7965 Directory getDirectoryById(
long id, FileSystem parentFs)
throws TskCoreException {
7966 CaseDbConnection connection = connections.getConnection();
7969 ResultSet rs = null;
7971 s = connection.createStatement();
7972 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files "
7973 +
"WHERE obj_id = " +
id);
7974 Directory temp = null;
7976 final short type = rs.getShort(
"type");
7977 if (type == TSK_DB_FILES_TYPE_ENUM.FS.getFileType()) {
7978 if (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()
7979 || rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue()) {
7980 temp = directory(rs, parentFs);
7982 }
else if (type == TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()) {
7983 throw new TskCoreException(
"Expecting an FS-type directory, got virtual, id: " +
id);
7986 throw new TskCoreException(
"No Directory found for id:" +
id);
7989 }
catch (SQLException ex) {
7990 throw new TskCoreException(
"Error getting Directory by ID", ex);
8009 List<FileSystem> fileSystems =
new ArrayList<>();
8010 CaseDbConnection connection = connections.getConnection();
8014 ResultSet rs = null;
8015 String queryStr =
"SELECT * FROM tsk_fs_info WHERE data_source_obj_id = " + image.getId();
8017 s = connection.createStatement();
8018 rs = connection.executeQuery(s, queryStr);
8022 fsType, rs.getLong(
"block_size"), rs.getLong(
"block_count"),
8023 rs.getLong(
"root_inum"), rs.getLong(
"first_inum"), rs.getLong(
"last_inum"));
8025 fileSystems.add(fs);
8027 }
catch (SQLException ex) {
8028 throw new TskCoreException(
"Error looking up files systems. Query: " + queryStr, ex);
8048 List<Content> getImageChildren(
Image img)
throws TskCoreException {
8049 Collection<ObjectInfo> childInfos = getChildrenInfo(img);
8050 List<Content> children =
new ArrayList<Content>();
8051 for (ObjectInfo info : childInfos) {
8052 if (null != info.type) {
8053 switch (info.type) {
8055 children.add(getVolumeSystemById(info.id, img));
8058 children.add(getPoolById(info.id, img));
8061 children.add(getFileSystemById(info.id, img));
8079 throw new TskCoreException(
"Image has child of invalid type: " + info.type);
8096 List<Long> getImageChildrenIds(Image img)
throws TskCoreException {
8097 Collection<ObjectInfo> childInfos = getChildrenInfo(img);
8098 List<Long> children =
new ArrayList<Long>();
8099 for (ObjectInfo info : childInfos) {
8100 if (info.type == ObjectType.VS
8101 || info.type == ObjectType.POOL
8102 || info.type == ObjectType.FS
8103 || info.type == ObjectType.ABSTRACTFILE
8104 || info.type == ObjectType.ARTIFACT) {
8105 children.add(info.id);
8106 }
else if (info.type == ObjectType.REPORT) {
8109 throw new TskCoreException(
"Image has child of invalid type: " + info.type);
8125 List<Content> getPoolChildren(Pool pool)
throws TskCoreException {
8126 Collection<ObjectInfo> childInfos = getChildrenInfo(pool);
8127 List<Content> children =
new ArrayList<Content>();
8128 for (ObjectInfo info : childInfos) {
8129 if (null != info.type) {
8130 switch (info.type) {
8132 children.add(getVolumeSystemById(info.id, pool));
8147 throw new TskCoreException(
"Pool has child of invalid type: " + info.type);
8164 List<Long> getPoolChildrenIds(Pool pool)
throws TskCoreException {
8165 Collection<ObjectInfo> childInfos = getChildrenInfo(pool);
8166 List<Long> children =
new ArrayList<Long>();
8167 for (ObjectInfo info : childInfos) {
8168 if (info.type == ObjectType.VS || info.type == ObjectType.ABSTRACTFILE || info.type == ObjectType.ARTIFACT) {
8169 children.add(info.id);
8171 throw new TskCoreException(
"Pool has child of invalid type: " + info.type);
8187 List<Content> getVolumeSystemChildren(VolumeSystem vs)
throws TskCoreException {
8188 Collection<ObjectInfo> childInfos = getChildrenInfo(vs);
8189 List<Content> children =
new ArrayList<Content>();
8190 for (ObjectInfo info : childInfos) {
8191 if (null != info.type) {
8192 switch (info.type) {
8194 children.add(getVolumeById(info.id, vs));
8209 throw new TskCoreException(
"VolumeSystem has child of invalid type: " + info.type);
8226 List<Long> getVolumeSystemChildrenIds(VolumeSystem vs)
throws TskCoreException {
8227 Collection<ObjectInfo> childInfos = getChildrenInfo(vs);
8228 List<Long> children =
new ArrayList<Long>();
8229 for (ObjectInfo info : childInfos) {
8230 if (info.type == ObjectType.VOL || info.type == ObjectType.ABSTRACTFILE || info.type == ObjectType.ARTIFACT) {
8231 children.add(info.id);
8233 throw new TskCoreException(
"VolumeSystem has child of invalid type: " + info.type);
8249 List<Content> getVolumeChildren(Volume vol)
throws TskCoreException {
8250 Collection<ObjectInfo> childInfos = getChildrenInfo(vol);
8251 List<Content> children =
new ArrayList<Content>();
8252 for (ObjectInfo info : childInfos) {
8253 if (null != info.type) {
8254 switch (info.type) {
8256 children.add(getPoolById(info.id, vol));
8259 children.add(getFileSystemById(info.id, vol));
8274 throw new TskCoreException(
"Volume has child of invalid type: " + info.type);
8291 List<Long> getVolumeChildrenIds(Volume vol)
throws TskCoreException {
8292 final Collection<ObjectInfo> childInfos = getChildrenInfo(vol);
8293 final List<Long> children =
new ArrayList<Long>();
8294 for (ObjectInfo info : childInfos) {
8295 if (info.type == ObjectType.FS || info.type == ObjectType.ABSTRACTFILE || info.type == ObjectType.ARTIFACT) {
8296 children.add(info.id);
8298 throw new TskCoreException(
"Volume has child of invalid type: " + info.type);
8317 public Image addImageInfo(
long deviceObjId, List<String> imageFilePaths, String timeZone)
throws TskCoreException {
8318 long imageId = this.caseHandle.addImageInfo(deviceObjId, imageFilePaths, timeZone,
this);
8332 CaseDbConnection connection = connections.getConnection();
8334 Statement s1 = null;
8335 ResultSet rs1 = null;
8337 s1 = connection.createStatement();
8338 rs1 = connection.executeQuery(s1,
"SELECT tsk_image_info.obj_id, tsk_image_names.name FROM tsk_image_info " +
8339 "LEFT JOIN tsk_image_names ON tsk_image_info.obj_id = tsk_image_names.obj_id");
8340 Map<Long, List<String>> imgPaths =
new LinkedHashMap<Long, List<String>>();
8341 while (rs1.next()) {
8342 long obj_id = rs1.getLong(
"obj_id");
8343 String name = rs1.getString(
"name");
8344 List<String> imagePaths = imgPaths.get(obj_id);
8345 if (imagePaths == null) {
8346 List<String> paths =
new ArrayList<String>();
8350 imgPaths.put(obj_id, paths);
8353 imagePaths.add(name);
8358 }
catch (SQLException ex) {
8359 throw new TskCoreException(
"Error getting image paths.", ex);
8361 closeResultSet(rs1);
8378 private List<String> getImagePathsById(
long objectId)
throws TskCoreException {
8379 List<String> imagePaths =
new ArrayList<String>();
8380 CaseDbConnection connection = connections.getConnection();
8382 Statement statement = null;
8383 ResultSet resultSet = null;
8385 statement = connection.createStatement();
8386 resultSet = connection.executeQuery(statement,
"SELECT name FROM tsk_image_names WHERE tsk_image_names.obj_id = " + objectId);
8387 while (resultSet.next()) {
8388 imagePaths.add(resultSet.getString(
"name"));
8390 }
catch (SQLException ex) {
8391 throw new TskCoreException(String.format(
"Error getting image names with obj_id = %d", objectId), ex);
8393 closeResultSet(resultSet);
8394 closeStatement(statement);
8409 CaseDbConnection connection = connections.getConnection();
8412 ResultSet rs = null;
8414 s = connection.createStatement();
8415 rs = connection.executeQuery(s,
"SELECT obj_id FROM tsk_image_info");
8416 Collection<Long> imageIDs =
new ArrayList<Long>();
8418 imageIDs.add(rs.getLong(
"obj_id"));
8420 List<Image> images =
new ArrayList<Image>();
8421 for (
long id : imageIDs) {
8425 }
catch (SQLException ex) {
8426 throw new TskCoreException(
"Error retrieving images.", ex);
8445 public void setImagePaths(
long obj_id, List<String> paths)
throws TskCoreException {
8446 CaseDbConnection connection = connections.getConnection();
8448 PreparedStatement statement = null;
8450 connection.beginTransaction();
8451 statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_IMAGE_NAME);
8452 statement.clearParameters();
8453 statement.setLong(1, obj_id);
8454 connection.executeUpdate(statement);
8455 for (
int i = 0; i < paths.size(); i++) {
8456 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_IMAGE_NAME);
8457 statement.clearParameters();
8458 statement.setLong(1, obj_id);
8459 statement.setString(2, paths.get(i));
8460 statement.setLong(3, i);
8461 connection.executeUpdate(statement);
8463 connection.commitTransaction();
8464 }
catch (SQLException ex) {
8465 connection.rollbackTransaction();
8466 throw new TskCoreException(
"Error updating image paths.", ex);
8484 void deleteDataSource(
long dataSourceObjectId)
throws TskCoreException {
8485 CaseDbConnection connection = connections.getConnection();
8486 Statement statement = null;
8489 statement = connection.createStatement();
8490 connection.beginTransaction();
8493 statement.execute(
"DELETE FROM tsk_objects WHERE obj_id = " + dataSourceObjectId);
8496 String accountSql =
"DELETE FROM accounts WHERE account_id in (SELECT account_id FROM accounts "
8497 +
"WHERE account_id NOT IN (SELECT account1_id FROM account_relationships) "
8498 +
"AND account_id NOT IN (SELECT account2_id FROM account_relationships))";
8499 statement.execute(accountSql);
8500 connection.commitTransaction();
8501 }
catch (SQLException ex) {
8502 connection.rollbackTransaction();
8503 throw new TskCoreException(
"Error deleting data source.", ex);
8535 private List<AbstractFile> resultSetToAbstractFiles(ResultSet rs, CaseDbConnection connection)
throws SQLException {
8536 ArrayList<AbstractFile> results =
new ArrayList<AbstractFile>();
8539 final short type = rs.getShort(
"type");
8540 if (type == TSK_DB_FILES_TYPE_ENUM.FS.getFileType()
8541 && (rs.getShort(
"meta_type") != TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue())) {
8543 if (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()) {
8544 result = directory(rs, null);
8546 result = file(rs, null);
8548 results.add(result);
8549 }
else if (type == TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.getFileType()
8550 || (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue())) {
8551 final VirtualDirectory virtDir = virtualDirectory(rs, connection);
8552 results.add(virtDir);
8553 }
else if (type == TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR.getFileType()) {
8554 final LocalDirectory localDir = localDirectory(rs);
8555 results.add(localDir);
8556 }
else if (type == TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS.getFileType()
8557 || type == TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS.getFileType()
8558 || type == TSK_DB_FILES_TYPE_ENUM.CARVED.getFileType()
8559 || type == TSK_DB_FILES_TYPE_ENUM.LAYOUT_FILE.getFileType()) {
8560 TSK_DB_FILES_TYPE_ENUM atype = TSK_DB_FILES_TYPE_ENUM.valueOf(type);
8561 String parentPath = rs.getString(
"parent_path");
8562 if (parentPath == null) {
8565 LayoutFile lf =
new LayoutFile(
this,
8566 rs.getLong(
"obj_id"),
8567 rs.getLong(
"data_source_obj_id"),
8568 rs.getString(
"name"),
8570 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")), TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8571 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8573 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8574 rs.getString(
"md5"), rs.getString(
"sha256"), FileKnown.valueOf(rs.getByte(
"known")), parentPath, rs.getString(
"mime_type"));
8576 }
else if (type == TSK_DB_FILES_TYPE_ENUM.DERIVED.getFileType()) {
8577 final DerivedFile df;
8578 df = derivedFile(rs, connection, AbstractContent.UNKNOWN_ID);
8580 }
else if (type == TSK_DB_FILES_TYPE_ENUM.LOCAL.getFileType()) {
8582 lf = localFile(rs, connection, AbstractContent.UNKNOWN_ID);
8584 }
else if (type == TSK_DB_FILES_TYPE_ENUM.SLACK.getFileType()) {
8585 final SlackFile sf = slackFile(rs, null);
8589 }
catch (SQLException e) {
8590 logger.log(Level.SEVERE,
"Error getting abstract files from result set", e);
8610 rs.getLong(
"data_source_obj_id"), rs.getLong(
"fs_obj_id"),
8611 TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf(rs.getShort(
"attr_type")),
8612 rs.getInt(
"attr_id"), rs.getString(
"name"), rs.getLong(
"meta_addr"), rs.getInt(
"meta_seq"),
8613 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8614 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8615 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8616 rs.getShort(
"meta_flags"), rs.getLong(
"size"),
8617 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8618 (short) rs.getInt(
"mode"), rs.getInt(
"uid"), rs.getInt(
"gid"),
8619 rs.getString(
"md5"), rs.getString(
"sha256"), FileKnown.valueOf(rs.getByte(
"known")),
8620 rs.getString(
"parent_path"), rs.getString(
"mime_type"), rs.getString(
"extension"));
8621 f.setFileSystem(fs);
8636 Directory directory(ResultSet rs, FileSystem fs)
throws SQLException {
8637 Directory dir =
new Directory(
this, rs.getLong(
"obj_id"), rs.getLong(
"data_source_obj_id"), rs.getLong(
"fs_obj_id"),
8638 TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf(rs.getShort(
"attr_type")),
8639 rs.getInt(
"attr_id"), rs.getString(
"name"), rs.getLong(
"meta_addr"), rs.getInt(
"meta_seq"),
8640 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8641 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8642 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8643 rs.getShort(
"meta_flags"), rs.getLong(
"size"),
8644 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8645 rs.getShort(
"mode"), rs.getInt(
"uid"), rs.getInt(
"gid"),
8646 rs.getString(
"md5"), rs.getString(
"sha256"), FileKnown.valueOf(rs.getByte(
"known")),
8647 rs.getString(
"parent_path"));
8648 dir.setFileSystem(fs);
8662 VirtualDirectory virtualDirectory(ResultSet rs, CaseDbConnection connection)
throws SQLException {
8663 String parentPath = rs.getString(
"parent_path");
8664 if (parentPath == null) {
8668 long objId = rs.getLong(
"obj_id");
8669 long dsObjId = rs.getLong(
"data_source_obj_id");
8670 if (objId == dsObjId) {
8672 String deviceId =
"";
8673 String timeZone =
"";
8675 ResultSet rsDataSourceInfo = null;
8679 s = connection.createStatement();
8680 rsDataSourceInfo = connection.executeQuery(s,
"SELECT device_id, time_zone FROM data_source_info WHERE obj_id = " + objId);
8681 if (rsDataSourceInfo.next()) {
8682 deviceId = rsDataSourceInfo.getString(
"device_id");
8683 timeZone = rsDataSourceInfo.getString(
"time_zone");
8685 }
catch (SQLException ex) {
8686 logger.log(Level.SEVERE,
"Error data source info for datasource id " + objId, ex);
8688 closeResultSet(rsDataSourceInfo);
8693 return new LocalFilesDataSource(
this,
8696 rs.getString(
"name"),
8697 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8698 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8699 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8700 rs.getShort(
"meta_flags"),
8702 rs.getString(
"md5"),
8703 rs.getString(
"sha256"),
8704 FileKnown.valueOf(rs.getByte(
"known")),
8707 final VirtualDirectory vd =
new VirtualDirectory(
this,
8709 rs.getString(
"name"),
8710 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8711 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8712 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8713 rs.getShort(
"meta_flags"), rs.getString(
"md5"), rs.getString(
"sha256"),
8714 FileKnown.valueOf(rs.getByte(
"known")), parentPath);
8728 LocalDirectory localDirectory(ResultSet rs)
throws SQLException {
8729 String parentPath = rs.getString(
"parent_path");
8730 if (parentPath == null) {
8733 final LocalDirectory ld =
new LocalDirectory(
this, rs.getLong(
"obj_id"),
8734 rs.getLong(
"data_source_obj_id"), rs.getString(
"name"),
8735 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8736 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8737 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8738 rs.getShort(
"meta_flags"), rs.getString(
"md5"), rs.getString(
"sha256"),
8739 FileKnown.valueOf(rs.getByte(
"known")), parentPath);
8756 private DerivedFile derivedFile(ResultSet rs, CaseDbConnection connection,
long parentId)
throws SQLException {
8757 boolean hasLocalPath = rs.getBoolean(
"has_path");
8758 long objId = rs.getLong(
"obj_id");
8759 String localPath = null;
8760 TskData.EncodingType encodingType = TskData.EncodingType.NONE;
8762 ResultSet rsFilePath = null;
8765 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_LOCAL_PATH_AND_ENCODING_FOR_FILE);
8766 statement.clearParameters();
8767 statement.setLong(1, objId);
8768 rsFilePath = connection.executeQuery(statement);
8769 if (rsFilePath.next()) {
8770 localPath = rsFilePath.getString(
"path");
8771 encodingType = TskData.EncodingType.valueOf(rsFilePath.getInt(
"encoding_type"));
8773 }
catch (SQLException ex) {
8774 logger.log(Level.SEVERE,
"Error getting encoding type for file " + objId, ex);
8776 closeResultSet(rsFilePath);
8780 String parentPath = rs.getString(
"parent_path");
8781 if (parentPath == null) {
8784 final DerivedFile df =
new DerivedFile(
this, objId, rs.getLong(
"data_source_obj_id"),
8785 rs.getString(
"name"),
8786 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8787 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8788 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8790 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8791 rs.getString(
"md5"), rs.getString(
"sha256"), FileKnown.valueOf(rs.getByte(
"known")),
8792 parentPath, localPath, parentId, rs.getString(
"mime_type"),
8793 encodingType, rs.getString(
"extension"));
8810 private LocalFile localFile(ResultSet rs, CaseDbConnection connection,
long parentId)
throws SQLException {
8811 long objId = rs.getLong(
"obj_id");
8812 String localPath = null;
8813 TskData.EncodingType encodingType = TskData.EncodingType.NONE;
8814 if (rs.getBoolean(
"has_path")) {
8815 ResultSet rsFilePath = null;
8818 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_LOCAL_PATH_AND_ENCODING_FOR_FILE);
8819 statement.clearParameters();
8820 statement.setLong(1, objId);
8821 rsFilePath = connection.executeQuery(statement);
8822 if (rsFilePath.next()) {
8823 localPath = rsFilePath.getString(
"path");
8824 encodingType = TskData.EncodingType.valueOf(rsFilePath.getInt(
"encoding_type"));
8826 }
catch (SQLException ex) {
8827 logger.log(Level.SEVERE,
"Error getting encoding type for file " + objId, ex);
8829 closeResultSet(rsFilePath);
8833 String parentPath = rs.getString(
"parent_path");
8834 if (null == parentPath) {
8837 LocalFile file =
new LocalFile(
this, objId, rs.getString(
"name"),
8838 TSK_DB_FILES_TYPE_ENUM.valueOf(rs.getShort(
"type")),
8839 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8840 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8841 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8843 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8844 rs.getString(
"mime_type"), rs.getString(
"md5"), rs.getString(
"sha256"), FileKnown.valueOf(rs.getByte(
"known")),
8845 parentId, parentPath, rs.getLong(
"data_source_obj_id"),
8846 localPath, encodingType, rs.getString(
"extension"));
8863 rs.getLong(
"data_source_obj_id"), rs.getLong(
"fs_obj_id"),
8864 TskData.TSK_FS_ATTR_TYPE_ENUM.valueOf(rs.getShort(
"attr_type")),
8865 rs.getInt(
"attr_id"), rs.getString(
"name"), rs.getLong(
"meta_addr"), rs.getInt(
"meta_seq"),
8866 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8867 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8868 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")),
8869 rs.getShort(
"meta_flags"), rs.getLong(
"size"),
8870 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8871 (short) rs.getInt(
"mode"), rs.getInt(
"uid"), rs.getInt(
"gid"),
8872 rs.getString(
"md5"), rs.getString(
"sha256"), FileKnown.valueOf(rs.getByte(
"known")),
8873 rs.getString(
"parent_path"), rs.getString(
"mime_type"), rs.getString(
"extension"));
8874 f.setFileSystem(fs);
8889 List<Content> fileChildren(ResultSet rs, CaseDbConnection connection,
long parentId)
throws SQLException {
8890 List<Content> children =
new ArrayList<Content>();
8893 TskData.TSK_DB_FILES_TYPE_ENUM type = TskData.TSK_DB_FILES_TYPE_ENUM.valueOf(rs.getShort(
"type"));
8898 if (rs.getShort(
"meta_type") != TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT_DIR.getValue()) {
8900 if (rs.getShort(
"meta_type") == TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()) {
8901 result = directory(rs, null);
8903 result = file(rs, null);
8905 children.add(result);
8907 VirtualDirectory virtDir = virtualDirectory(rs, connection);
8908 children.add(virtDir);
8912 VirtualDirectory virtDir = virtualDirectory(rs, connection);
8913 children.add(virtDir);
8916 LocalDirectory localDir = localDirectory(rs);
8917 children.add(localDir);
8919 case UNALLOC_BLOCKS:
8923 String parentPath = rs.getString(
"parent_path");
8924 if (parentPath == null) {
8927 final LayoutFile lf =
new LayoutFile(
this, rs.getLong(
"obj_id"),
8928 rs.getLong(
"data_source_obj_id"), rs.getString(
"name"), type,
8929 TSK_FS_NAME_TYPE_ENUM.valueOf(rs.getShort(
"dir_type")),
8930 TSK_FS_META_TYPE_ENUM.valueOf(rs.getShort(
"meta_type")),
8931 TSK_FS_NAME_FLAG_ENUM.valueOf(rs.getShort(
"dir_flags")), rs.getShort(
"meta_flags"),
8933 rs.getLong(
"ctime"), rs.getLong(
"crtime"), rs.getLong(
"atime"), rs.getLong(
"mtime"),
8934 rs.getString(
"md5"), rs.getString(
"sha256"),
8935 FileKnown.valueOf(rs.getByte(
"known")), parentPath, rs.getString(
"mime_type"));
8940 final DerivedFile df = derivedFile(rs, connection, parentId);
8944 final LocalFile lf = localFile(rs, connection, parentId);
8949 final SlackFile sf = slackFile(rs, null);
8976 private List<BlackboardArtifact> resultSetToArtifacts(ResultSet rs)
throws SQLException, TskCoreException {
8977 ArrayList<BlackboardArtifact> artifacts =
new ArrayList<BlackboardArtifact>();
8980 BlackboardArtifact.Type artifactType =
getArtifactType(rs.getInt(
"artifact_type_id"));
8981 if (artifactType != null) {
8982 artifacts.add(
new BlackboardArtifact(
this, rs.getLong(
"artifact_id"), rs.getLong(
"obj_id"), rs.getLong(
"artifact_obj_id"), rs.getLong(
"data_source_obj_id"),
8983 rs.getInt(
"artifact_type_id"), artifactType.getTypeName(), artifactType.getDisplayName(),
8984 BlackboardArtifact.ReviewStatus.withID(rs.getInt(
"review_status_id"))));
8986 throw new TskCoreException(
"Error looking up artifact type ID " + rs.getInt(
"artifact_type_id") +
" from artifact " + rs.getLong(
"artifact_id"));
8989 }
catch (SQLException e) {
8990 logger.log(Level.SEVERE,
"Error getting artifacts from result set", e);
9053 CaseDbConnection getConnection() throws TskCoreException {
9054 return connections.getConnection();
9063 String getCaseHandleIdentifier() {
9064 return caseHandleIdentifier;
9083 connections.close();
9084 }
catch (TskCoreException ex) {
9085 logger.log(Level.SEVERE,
"Error closing database connection pool.", ex);
9088 fileSystemIdMap.clear();
9091 if (this.caseHandle != null) {
9092 this.caseHandle.free();
9093 this.caseHandle = null;
9095 }
catch (TskCoreException ex) {
9096 logger.log(Level.SEVERE,
"Error freeing case handle.", ex);
9115 long id = file.getId();
9116 FileKnown currentKnown = file.getKnown();
9117 if (currentKnown.compareTo(fileKnown) > 0) {
9120 CaseDbConnection connection = connections.getConnection();
9122 Statement statement = null;
9124 statement = connection.createStatement();
9125 connection.executeUpdate(statement,
"UPDATE tsk_files "
9126 +
"SET known='" + fileKnown.getFileKnownValue() +
"' "
9127 +
"WHERE obj_id=" + id);
9129 file.setKnown(fileKnown);
9130 }
catch (SQLException ex) {
9131 throw new TskCoreException(
"Error setting Known status.", ex);
9133 closeStatement(statement);
9148 void setFileName(String name,
long objId)
throws TskCoreException {
9150 CaseDbConnection connection = connections.getConnection();
9154 preparedStatement.clearParameters();
9155 preparedStatement.setString(1, name);
9156 preparedStatement.setLong(2, objId);
9157 connection.executeUpdate(preparedStatement);
9158 }
catch (SQLException ex) {
9159 throw new TskCoreException(String.format(
"Error updating while the name for object ID %d to %s", objId, name), ex);
9174 void setImageName(String name,
long objId)
throws TskCoreException {
9176 CaseDbConnection connection = connections.getConnection();
9179 PreparedStatement preparedStatement = connection.getPreparedStatement(SleuthkitCase.PREPARED_STATEMENT.UPDATE_IMAGE_NAME);
9180 preparedStatement.clearParameters();
9181 preparedStatement.setString(1, name);
9182 preparedStatement.setLong(2, objId);
9183 connection.executeUpdate(preparedStatement);
9184 }
catch (SQLException ex) {
9185 throw new TskCoreException(String.format(
"Error updating while the name for object ID %d to %s", objId, name), ex);
9202 CaseDbConnection connection = connections.getConnection();
9203 Statement statement = null;
9204 ResultSet rs = null;
9207 statement = connection.createStatement();
9208 connection.executeUpdate(statement, String.format(
"UPDATE tsk_files SET mime_type = '%s' WHERE obj_id = %d", mimeType, file.getId()));
9209 file.setMIMEType(mimeType);
9210 }
catch (SQLException ex) {
9211 throw new TskCoreException(String.format(
"Error setting MIME type for file (obj_id = %s)", file.getId()), ex);
9214 closeStatement(statement);
9229 void setMd5Hash(
AbstractFile file, String md5Hash)
throws TskCoreException {
9230 if (md5Hash == null) {
9233 long id = file.getId();
9234 CaseDbConnection connection = connections.getConnection();
9237 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_FILE_MD5);
9238 statement.clearParameters();
9239 statement.setString(1, md5Hash.toLowerCase());
9240 statement.setLong(2,
id);
9241 connection.executeUpdate(statement);
9242 file.setMd5Hash(md5Hash.toLowerCase());
9243 }
catch (SQLException ex) {
9244 throw new TskCoreException(
"Error setting MD5 hash", ex);
9260 void setMd5ImageHash(Image img, String md5Hash)
throws TskCoreException {
9261 if (md5Hash == null) {
9264 long id = img.getId();
9265 CaseDbConnection connection = connections.getConnection();
9268 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_MD5);
9269 statement.clearParameters();
9270 statement.setString(1, md5Hash.toLowerCase());
9271 statement.setLong(2,
id);
9272 connection.executeUpdate(statement);
9273 }
catch (SQLException ex) {
9274 throw new TskCoreException(
"Error setting MD5 hash", ex);
9291 String getMd5ImageHash(Image img)
throws TskCoreException {
9292 long id = img.getId();
9293 CaseDbConnection connection = connections.getConnection();
9295 ResultSet rs = null;
9298 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_IMAGE_MD5);
9299 statement.clearParameters();
9300 statement.setLong(1,
id);
9301 rs = connection.executeQuery(statement);
9303 hash = rs.getString(
"md5");
9306 }
catch (SQLException ex) {
9307 throw new TskCoreException(
"Error getting MD5 hash", ex);
9324 void setSha1ImageHash(Image img, String sha1Hash)
throws TskCoreException {
9325 if (sha1Hash == null) {
9328 long id = img.getId();
9329 CaseDbConnection connection = connections.getConnection();
9332 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_SHA1);
9333 statement.clearParameters();
9334 statement.setString(1, sha1Hash.toLowerCase());
9335 statement.setLong(2,
id);
9336 connection.executeUpdate(statement);
9337 }
catch (SQLException ex) {
9338 throw new TskCoreException(
"Error setting SHA1 hash", ex);
9355 String getSha1ImageHash(Image img)
throws TskCoreException {
9356 long id = img.getId();
9357 CaseDbConnection connection = connections.getConnection();
9359 ResultSet rs = null;
9362 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_IMAGE_SHA1);
9363 statement.clearParameters();
9364 statement.setLong(1,
id);
9365 rs = connection.executeQuery(statement);
9367 hash = rs.getString(
"sha1");
9370 }
catch (SQLException ex) {
9371 throw new TskCoreException(
"Error getting SHA1 hash", ex);
9388 void setSha256ImageHash(Image img, String sha256Hash)
throws TskCoreException {
9389 if (sha256Hash == null) {
9392 long id = img.getId();
9393 CaseDbConnection connection = connections.getConnection();
9396 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_SHA256);
9397 statement.clearParameters();
9398 statement.setString(1, sha256Hash.toLowerCase());
9399 statement.setLong(2,
id);
9400 connection.executeUpdate(statement);
9401 }
catch (SQLException ex) {
9402 throw new TskCoreException(
"Error setting SHA256 hash", ex);
9419 String getSha256ImageHash(Image img)
throws TskCoreException {
9420 long id = img.getId();
9421 CaseDbConnection connection = connections.getConnection();
9423 ResultSet rs = null;
9426 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_IMAGE_SHA256);
9427 statement.clearParameters();
9428 statement.setLong(1,
id);
9429 rs = connection.executeQuery(statement);
9431 hash = rs.getString(
"sha256");
9434 }
catch (SQLException ex) {
9435 throw new TskCoreException(
"Error setting SHA256 hash", ex);
9451 void setAcquisitionDetails(DataSource datasource, String details)
throws TskCoreException {
9453 long id = datasource.getId();
9454 CaseDbConnection connection = connections.getConnection();
9457 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_ACQUISITION_DETAILS);
9458 statement.clearParameters();
9459 statement.setString(1, details);
9460 statement.setLong(2,
id);
9461 connection.executeUpdate(statement);
9462 }
catch (SQLException ex) {
9463 throw new TskCoreException(
"Error setting acquisition details", ex);
9479 void setAcquisitionDetails(
long dataSourceId, String details, CaseDbTransaction trans)
throws TskCoreException {
9482 CaseDbConnection connection = trans.getConnection();
9483 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_ACQUISITION_DETAILS);
9484 statement.clearParameters();
9485 statement.setString(1, details);
9486 statement.setLong(2, dataSourceId);
9487 connection.executeUpdate(statement);
9488 }
catch (SQLException ex) {
9489 throw new TskCoreException(
"Error setting acquisition details", ex);
9504 String getAcquisitionDetails(DataSource datasource)
throws TskCoreException {
9505 long id = datasource.getId();
9506 CaseDbConnection connection = connections.getConnection();
9508 ResultSet rs = null;
9511 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ACQUISITION_DETAILS);
9512 statement.clearParameters();
9513 statement.setLong(1,
id);
9514 rs = connection.executeQuery(statement);
9516 hash = rs.getString(
"acquisition_details");
9519 }
catch (SQLException ex) {
9520 throw new TskCoreException(
"Error setting acquisition details", ex);
9539 if (newStatus == null) {
9542 CaseDbConnection connection = connections.getConnection();
9544 Statement statement = null;
9546 statement = connection.createStatement();
9547 connection.executeUpdate(statement,
"UPDATE blackboard_artifacts "
9548 +
" SET review_status_id=" + newStatus.getID()
9549 +
" WHERE blackboard_artifacts.artifact_id = " + artifact.
getArtifactID());
9550 }
catch (SQLException ex) {
9551 throw new TskCoreException(
"Error setting review status", ex);
9553 closeStatement(statement);
9570 CaseDbConnection connection = connections.getConnection();
9573 ResultSet rs = null;
9575 s = connection.createStatement();
9576 Short contentShort = contentType.getValue();
9577 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files WHERE meta_type = '" + contentShort.toString() +
"'");
9580 count = rs.getInt(
"count");
9583 }
catch (SQLException ex) {
9584 throw new TskCoreException(
"Error getting number of objects.", ex);
9602 String escapedText = null;
9604 escapedText = text.replaceAll(
"'",
"''");
9617 if (md5Hash == null) {
9620 CaseDbConnection connection;
9622 connection = connections.getConnection();
9623 }
catch (TskCoreException ex) {
9624 logger.log(Level.SEVERE,
"Error finding files by md5 hash " + md5Hash, ex);
9629 ResultSet rs = null;
9631 s = connection.createStatement();
9632 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE "
9633 +
" md5 = '" + md5Hash.toLowerCase() +
"' "
9635 return resultSetToAbstractFiles(rs, connection);
9636 }
catch (SQLException ex) {
9637 logger.log(Level.WARNING,
"Error querying database.", ex);
9654 CaseDbConnection connection;
9656 connection = connections.getConnection();
9657 }
catch (TskCoreException ex) {
9658 logger.log(Level.SEVERE,
"Error checking md5 hashing status", ex);
9661 boolean allFilesAreHashed =
false;
9664 ResultSet rs = null;
9666 s = connection.createStatement();
9667 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files "
9669 +
"AND md5 IS NULL "
9670 +
"AND size > '0'");
9671 if (rs.next() && rs.getInt(
"count") == 0) {
9672 allFilesAreHashed =
true;
9674 }
catch (SQLException ex) {
9675 logger.log(Level.WARNING,
"Failed to query whether all files have MD5 hashes", ex);
9682 return allFilesAreHashed;
9691 CaseDbConnection connection;
9693 connection = connections.getConnection();
9694 }
catch (TskCoreException ex) {
9695 logger.log(Level.SEVERE,
"Error getting database connection for hashed files count", ex);
9701 ResultSet rs = null;
9703 s = connection.createStatement();
9704 rs = connection.executeQuery(s,
"SELECT COUNT(*) AS count FROM tsk_files "
9705 +
"WHERE md5 IS NOT NULL "
9706 +
"AND size > '0'");
9708 count = rs.getInt(
"count");
9710 }
catch (SQLException ex) {
9711 logger.log(Level.WARNING,
"Failed to query for all the files.", ex);
9731 CaseDbConnection connection = connections.getConnection();
9733 ResultSet resultSet = null;
9736 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAMES);
9737 resultSet = connection.executeQuery(statement);
9738 ArrayList<TagName> tagNames =
new ArrayList<>();
9739 while (resultSet.next()) {
9740 tagNames.add(
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9742 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank")));
9745 }
catch (SQLException ex) {
9746 throw new TskCoreException(
"Error selecting rows from tag_names table", ex);
9748 closeResultSet(resultSet);
9765 CaseDbConnection connection = connections.getConnection();
9767 ResultSet resultSet = null;
9770 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAMES_IN_USE);
9771 resultSet = connection.executeQuery(statement);
9772 ArrayList<TagName> tagNames =
new ArrayList<>();
9773 while (resultSet.next()) {
9774 tagNames.add(
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9776 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank")));
9779 }
catch (SQLException ex) {
9780 throw new TskCoreException(
"Error selecting rows from tag_names table", ex);
9782 closeResultSet(resultSet);
9802 ArrayList<TagName> tagNames =
new ArrayList<TagName>();
9808 CaseDbConnection connection = connections.getConnection();
9810 ResultSet resultSet = null;
9813 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAMES_IN_USE_BY_DATASOURCE);
9814 statement.setLong(1, dsObjId);
9815 statement.setLong(2, dsObjId);
9816 resultSet = connection.executeQuery(statement);
9817 while (resultSet.next()) {
9818 tagNames.add(
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9820 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank")));
9823 }
catch (SQLException ex) {
9824 throw new TskCoreException(
"Failed to get tag names in use for data source objID : " + dsObjId, ex);
9826 closeResultSet(resultSet);
9865 CaseDbConnection connection = connections.getConnection();
9867 ResultSet resultSet = null;
9869 PreparedStatement statement;
9871 statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_OR_UPDATE_TAG_NAME, Statement.RETURN_GENERATED_KEYS);
9872 statement.clearParameters();
9873 statement.setString(5, description);
9874 statement.setString(6, color.getName());
9875 statement.setByte(7, knownStatus.getFileKnownValue());
9876 statement.setString(1, displayName);
9877 statement.setString(2, description);
9878 statement.setString(3, color.getName());
9879 statement.setByte(4, knownStatus.getFileKnownValue());
9880 connection.executeUpdate(statement);
9882 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_TAG_NAME_BY_NAME);
9883 statement.clearParameters();
9884 statement.setString(1, displayName);
9885 resultSet = connection.executeQuery(statement);
9888 return new TagName(resultSet.getLong(
"tag_name_id"), displayName, description, color, knownStatus, resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
9890 }
catch (SQLException ex) {
9891 throw new TskCoreException(
"Error adding row for " + displayName +
" tag name to tag_names table", ex);
9893 closeResultSet(resultSet);
9924 CaseDbConnection connection = connections.getConnection();
9928 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_CONTENT_TAG);
9929 statement.clearParameters();
9930 statement.setLong(1, tag.getId());
9931 connection.executeUpdate(statement);
9932 }
catch (SQLException ex) {
9933 throw new TskCoreException(
"Error deleting row from content_tags table (id = " + tag.getId() +
")", ex);
9949 CaseDbConnection connection = connections.getConnection();
9951 ResultSet resultSet = null;
9957 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS);
9958 resultSet = connection.executeQuery(statement);
9959 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
9960 while (resultSet.next()) {
9961 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
9963 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
9965 tags.add(
new ContentTag(resultSet.getLong(
"tag_id"), content, tagName, resultSet.getString(
"comment"),
9966 resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name")));
9969 }
catch (SQLException ex) {
9970 throw new TskCoreException(
"Error selecting rows from content_tags table", ex);
9972 closeResultSet(resultSet);
9989 if (tagName.getId() ==
Tag.ID_NOT_SET) {
9990 throw new TskCoreException(
"TagName object is invalid, id not set");
9992 CaseDbConnection connection = connections.getConnection();
9994 ResultSet resultSet = null;
9997 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CONTENT_TAGS_BY_TAG_NAME);
9998 statement.clearParameters();
9999 statement.setLong(1, tagName.getId());
10000 resultSet = connection.executeQuery(statement);
10001 if (resultSet.next()) {
10002 return resultSet.getLong(
"count");
10004 throw new TskCoreException(
"Error getting content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")");
10006 }
catch (SQLException ex) {
10007 throw new TskCoreException(
"Error getting content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")", ex);
10009 closeResultSet(resultSet);
10010 connection.close();
10032 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10033 throw new TskCoreException(
"TagName object is invalid, id not set");
10036 CaseDbConnection connection = connections.getConnection();
10038 ResultSet resultSet = null;
10043 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE);
10044 statement.clearParameters();
10045 statement.setLong(1, tagName.getId());
10046 statement.setLong(2, dsObjId);
10048 resultSet = connection.executeQuery(statement);
10049 if (resultSet.next()) {
10050 return resultSet.getLong(
"count");
10052 throw new TskCoreException(
"Error getting content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")" +
" for dsObjId = " + dsObjId);
10054 }
catch (SQLException ex) {
10055 throw new TskCoreException(
"Failed to get content_tags row count for tag_name_id = " + tagName.getId() +
"data source objID : " + dsObjId, ex);
10057 closeResultSet(resultSet);
10058 connection.close();
10075 CaseDbConnection connection = connections.getConnection();
10077 ResultSet resultSet = null;
10085 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAG_BY_ID);
10086 statement.clearParameters();
10087 statement.setLong(1, contentTagID);
10088 resultSet = connection.executeQuery(statement);
10090 while (resultSet.next()) {
10091 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10093 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10095 resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10099 }
catch (SQLException ex) {
10100 throw new TskCoreException(
"Error getting content tag with id = " + contentTagID, ex);
10102 closeResultSet(resultSet);
10103 connection.close();
10121 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10122 throw new TskCoreException(
"TagName object is invalid, id not set");
10124 CaseDbConnection connection = connections.getConnection();
10126 ResultSet resultSet = null;
10132 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_TAG_NAME);
10133 statement.clearParameters();
10134 statement.setLong(1, tagName.getId());
10135 resultSet = connection.executeQuery(statement);
10136 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
10137 while (resultSet.next()) {
10139 tagName, resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10144 }
catch (SQLException ex) {
10145 throw new TskCoreException(
"Error getting content_tags rows (tag_name_id = " + tagName.getId() +
")", ex);
10147 closeResultSet(resultSet);
10148 connection.close();
10167 CaseDbConnection connection = connections.getConnection();
10169 ResultSet resultSet = null;
10178 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE);
10179 statement.clearParameters();
10180 statement.setLong(1, tagName.getId());
10181 statement.setLong(2, dsObjId);
10182 resultSet = connection.executeQuery(statement);
10183 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
10184 while (resultSet.next()) {
10186 tagName, resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10191 }
catch (SQLException ex) {
10192 throw new TskCoreException(
"Failed to get content_tags row count for tag_name_id = " + tagName.getId() +
" data source objID : " + dsObjId, ex);
10194 closeResultSet(resultSet);
10195 connection.close();
10212 CaseDbConnection connection = connections.getConnection();
10214 ResultSet resultSet = null;
10221 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_CONTENT_TAGS_BY_CONTENT);
10222 statement.clearParameters();
10223 statement.setLong(1, content.getId());
10224 resultSet = connection.executeQuery(statement);
10225 ArrayList<ContentTag> tags =
new ArrayList<ContentTag>();
10226 while (resultSet.next()) {
10227 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10229 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10231 resultSet.getString(
"comment"), resultSet.getLong(
"begin_byte_offset"), resultSet.getLong(
"end_byte_offset"), resultSet.getString(
"login_name"));
10235 }
catch (SQLException ex) {
10236 throw new TskCoreException(
"Error getting content tags data for content (obj_id = " + content.getId() +
")", ex);
10238 closeResultSet(resultSet);
10239 connection.close();
10269 CaseDbConnection connection = connections.getConnection();
10273 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_ARTIFACT_TAG);
10274 statement.clearParameters();
10275 statement.setLong(1, tag.getId());
10276 connection.executeUpdate(statement);
10277 }
catch (SQLException ex) {
10278 throw new TskCoreException(
"Error deleting row from blackboard_artifact_tags table (id = " + tag.getId() +
")", ex);
10280 connection.close();
10295 CaseDbConnection connection = connections.getConnection();
10297 ResultSet resultSet = null;
10303 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS);
10304 resultSet = connection.executeQuery(statement);
10305 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<>();
10306 while (resultSet.next()) {
10307 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10309 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10313 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10317 }
catch (SQLException ex) {
10318 throw new TskCoreException(
"Error selecting rows from blackboard_artifact_tags table", ex);
10320 closeResultSet(resultSet);
10321 connection.close();
10337 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10338 throw new TskCoreException(
"TagName object is invalid, id not set");
10340 CaseDbConnection connection = connections.getConnection();
10342 ResultSet resultSet = null;
10345 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_TAG_NAME);
10346 statement.clearParameters();
10347 statement.setLong(1, tagName.getId());
10348 resultSet = connection.executeQuery(statement);
10349 if (resultSet.next()) {
10350 return resultSet.getLong(
"count");
10352 throw new TskCoreException(
"Error getting blackboard_artifact_tags row count for tag name (tag_name_id = " + tagName.getId() +
")");
10354 }
catch (SQLException ex) {
10355 throw new TskCoreException(
"Error getting blackboard artifact_content_tags row count for tag name (tag_name_id = " + tagName.getId() +
")", ex);
10357 closeResultSet(resultSet);
10358 connection.close();
10379 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10380 throw new TskCoreException(
"TagName object is invalid, id not set");
10383 CaseDbConnection connection = connections.getConnection();
10385 ResultSet resultSet = null;
10390 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.COUNT_ARTIFACTS_BY_TAG_NAME_BY_DATASOURCE);
10391 statement.clearParameters();
10392 statement.setLong(1, tagName.getId());
10393 statement.setLong(2, dsObjId);
10394 resultSet = connection.executeQuery(statement);
10395 if (resultSet.next()) {
10396 return resultSet.getLong(
"count");
10398 throw new TskCoreException(
"Error getting blackboard_artifact_tags row count for tag name (tag_name_id = " + tagName.getId() +
")" +
" for dsObjId = " + dsObjId);
10400 }
catch (SQLException ex) {
10401 throw new TskCoreException(
"Failed to get blackboard_artifact_tags row count for tag_name_id = " + tagName.getId() +
"data source objID : " + dsObjId, ex);
10403 closeResultSet(resultSet);
10404 connection.close();
10421 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10422 throw new TskCoreException(
"TagName object is invalid, id not set");
10424 CaseDbConnection connection = connections.getConnection();
10426 ResultSet resultSet = null;
10432 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_TAG_NAME);
10433 statement.clearParameters();
10434 statement.setLong(1, tagName.getId());
10435 resultSet = connection.executeQuery(statement);
10436 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<BlackboardArtifactTag>();
10437 while (resultSet.next()) {
10441 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10445 }
catch (SQLException ex) {
10446 throw new TskCoreException(
"Error getting blackboard artifact tags data (tag_name_id = " + tagName.getId() +
")", ex);
10448 closeResultSet(resultSet);
10449 connection.close();
10470 if (tagName.getId() ==
Tag.ID_NOT_SET) {
10471 throw new TskCoreException(
"TagName object is invalid, id not set");
10474 CaseDbConnection connection = connections.getConnection();
10476 ResultSet resultSet = null;
10484 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_TAG_NAME_BY_DATASOURCE);
10485 statement.clearParameters();
10486 statement.setLong(1, tagName.getId());
10487 statement.setLong(2, dsObjId);
10488 resultSet = connection.executeQuery(statement);
10489 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<BlackboardArtifactTag>();
10490 while (resultSet.next()) {
10494 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10498 }
catch (SQLException ex) {
10499 throw new TskCoreException(
"Failed to get blackboard_artifact_tags row count for tag_name_id = " + tagName.getId() +
"data source objID : " + dsObjId, ex);
10501 closeResultSet(resultSet);
10502 connection.close();
10521 CaseDbConnection connection = connections.getConnection();
10523 ResultSet resultSet = null;
10531 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAG_BY_ID);
10532 statement.clearParameters();
10533 statement.setLong(1, artifactTagID);
10534 resultSet = connection.executeQuery(statement);
10536 while (resultSet.next()) {
10537 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10539 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10543 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10547 }
catch (SQLException ex) {
10548 throw new TskCoreException(
"Error getting blackboard artifact tag with id = " + artifactTagID, ex);
10550 closeResultSet(resultSet);
10551 connection.close();
10570 CaseDbConnection connection = connections.getConnection();
10572 ResultSet resultSet = null;
10579 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_ARTIFACT_TAGS_BY_ARTIFACT);
10580 statement.clearParameters();
10581 statement.setLong(1, artifact.getArtifactID());
10582 resultSet = connection.executeQuery(statement);
10583 ArrayList<BlackboardArtifactTag> tags =
new ArrayList<>();
10584 while (resultSet.next()) {
10585 TagName tagName =
new TagName(resultSet.getLong(
"tag_name_id"), resultSet.getString(
"display_name"),
10587 TskData.
FileKnown.
valueOf(resultSet.getByte(
"knownStatus")), resultSet.getLong(
"tag_set_id"), resultSet.getInt(
"rank"));
10590 artifact, content, tagName, resultSet.getString(
"comment"), resultSet.getString(
"login_name"));
10594 }
catch (SQLException ex) {
10595 throw new TskCoreException(
"Error getting blackboard artifact tags data (artifact_id = " + artifact.getArtifactID() +
")", ex);
10597 closeResultSet(resultSet);
10598 connection.close();
10612 CaseDbConnection connection = connections.getConnection();
10616 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.UPDATE_IMAGE_PATH);
10617 statement.clearParameters();
10618 statement.setString(1, newPath);
10619 statement.setLong(2, objectId);
10620 connection.executeUpdate(statement);
10621 }
catch (SQLException ex) {
10622 throw new TskCoreException(
"Error updating image path in database for object " + objectId, ex);
10624 connection.close();
10642 public Report addReport(String localPath, String sourceModuleName, String reportName)
throws TskCoreException {
10643 return addReport(localPath, sourceModuleName, reportName, null);
10664 String relativePath =
"";
10665 long createTime = 0;
10666 String localPathLower = localPath.toLowerCase();
10668 if (localPathLower.startsWith(
"http")) {
10669 relativePath = localPathLower;
10670 createTime = System.currentTimeMillis() / 1000;
10681 int length =
new File(casePathLower).toURI().relativize(
new File(localPathLower).toURI()).getPath().length();
10682 relativePath =
new File(localPath.substring(localPathLower.length() - length)).getPath();
10683 }
catch (IllegalArgumentException ex) {
10684 String errorMessage = String.format(
"Local path %s not in the database directory or one of its subdirectories", localPath);
10685 throw new TskCoreException(errorMessage, ex);
10689 java.io.File tempFile =
new java.io.File(localPath);
10691 createTime = tempFile.lastModified() / 1000;
10692 }
catch (Exception ex) {
10693 throw new TskCoreException(
"Could not get create time for report at " + localPath, ex);
10698 CaseDbConnection connection = connections.getConnection();
10700 ResultSet resultSet = null;
10704 long parentObjId = 0;
10705 if (parent != null) {
10706 parentObjId = parent.getId();
10711 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_REPORT);
10712 statement.clearParameters();
10713 statement.setLong(1, objectId);
10714 statement.setString(2, relativePath);
10715 statement.setLong(3, createTime);
10716 statement.setString(4, sourceModuleName);
10717 statement.setString(5, reportName);
10718 connection.executeUpdate(statement);
10719 return new Report(
this, objectId, localPath, createTime, sourceModuleName, reportName, parent);
10720 }
catch (SQLException ex) {
10721 throw new TskCoreException(
"Error adding report " + localPath +
" to reports table", ex);
10723 closeResultSet(resultSet);
10724 connection.close();
10738 CaseDbConnection connection = connections.getConnection();
10740 ResultSet resultSet = null;
10741 ResultSet parentResultSet = null;
10742 PreparedStatement statement = null;
10743 Statement parentStatement = null;
10746 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_REPORTS);
10747 parentStatement = connection.createStatement();
10748 resultSet = connection.executeQuery(statement);
10749 ArrayList<Report> reports =
new ArrayList<Report>();
10750 while (resultSet.next()) {
10751 String localpath = resultSet.getString(
"path");
10752 if (localpath.toLowerCase().startsWith(
"http") ==
false) {
10754 localpath = Paths.get(
getDbDirPath(), localpath).normalize().toString();
10759 long reportId = resultSet.getLong(
"obj_id");
10760 String parentQuery = String.format(
"SELECT * FROM tsk_objects WHERE obj_id = %s;", reportId);
10761 parentResultSet = parentStatement.executeQuery(parentQuery);
10762 if (parentResultSet.next()) {
10763 long parentId = parentResultSet.getLong(
"par_obj_id");
10766 parentResultSet.close();
10768 reports.add(
new Report(
this,
10771 resultSet.getLong(
"crtime"),
10772 resultSet.getString(
"src_module_name"),
10773 resultSet.getString(
"report_name"),
10777 }
catch (SQLException ex) {
10778 throw new TskCoreException(
"Error querying reports table", ex);
10780 closeResultSet(resultSet);
10781 closeResultSet(parentResultSet);
10782 closeStatement(statement);
10783 closeStatement(parentStatement);
10785 connection.close();
10800 CaseDbConnection connection = connections.getConnection();
10802 PreparedStatement statement = null;
10803 Statement parentStatement = null;
10804 ResultSet resultSet = null;
10805 ResultSet parentResultSet = null;
10809 statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_REPORT_BY_ID);
10810 parentStatement = connection.createStatement();
10811 statement.clearParameters();
10812 statement.setLong(1,
id);
10813 resultSet = connection.executeQuery(statement);
10815 if (resultSet.next()) {
10818 String parentQuery = String.format(
"SELECT * FROM tsk_objects WHERE obj_id = %s;",
id);
10819 parentResultSet = parentStatement.executeQuery(parentQuery);
10820 if (parentResultSet.next()) {
10821 long parentId = parentResultSet.getLong(
"par_obj_id");
10825 report =
new Report(
this, resultSet.getLong(
"obj_id"),
10826 Paths.get(
getDbDirPath(), resultSet.getString(
"path")).normalize().toString(),
10827 resultSet.getLong(
"crtime"),
10828 resultSet.getString(
"src_module_name"),
10829 resultSet.getString(
"report_name"),
10832 throw new TskCoreException(
"No report found for id: " +
id);
10834 }
catch (SQLException ex) {
10835 throw new TskCoreException(
"Error querying reports table for id: " +
id, ex);
10837 closeResultSet(resultSet);
10838 closeResultSet(parentResultSet);
10839 closeStatement(statement);
10840 closeStatement(parentStatement);
10841 connection.close();
10856 CaseDbConnection connection = connections.getConnection();
10860 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.DELETE_REPORT);
10861 statement.setLong(1, report.getId());
10862 connection.executeUpdate(statement);
10863 }
catch (SQLException ex) {
10864 throw new TskCoreException(
"Error querying reports table", ex);
10866 connection.close();
10871 static void closeResultSet(ResultSet resultSet) {
10872 if (resultSet != null) {
10875 }
catch (SQLException ex) {
10876 logger.log(Level.SEVERE,
"Error closing ResultSet", ex);
10881 static void closeStatement(Statement statement) {
10882 if (statement != null) {
10885 }
catch (SQLException ex) {
10886 logger.log(Level.SEVERE,
"Error closing Statement", ex);
10900 void setIngestJobEndDateTime(
long ingestJobId,
long endDateTime)
throws TskCoreException {
10901 CaseDbConnection connection = connections.getConnection();
10904 Statement statement = connection.createStatement();
10905 statement.executeUpdate(
"UPDATE ingest_jobs SET end_date_time=" + endDateTime +
" WHERE ingest_job_id=" + ingestJobId +
";");
10906 }
catch (SQLException ex) {
10907 throw new TskCoreException(
"Error updating the end date (ingest_job_id = " + ingestJobId +
".", ex);
10909 connection.close();
10914 void setIngestJobStatus(
long ingestJobId, IngestJobStatusType status)
throws TskCoreException {
10915 CaseDbConnection connection = connections.getConnection();
10918 Statement statement = connection.createStatement();
10919 statement.executeUpdate(
"UPDATE ingest_jobs SET status_id=" + status.ordinal() +
" WHERE ingest_job_id=" + ingestJobId +
";");
10920 }
catch (SQLException ex) {
10921 throw new TskCoreException(
"Error ingest job status (ingest_job_id = " + ingestJobId +
".", ex);
10923 connection.close();
10945 CaseDbConnection connection = connections.getConnection();
10947 ResultSet resultSet = null;
10948 Statement statement;
10950 connection.beginTransaction();
10951 statement = connection.createStatement();
10952 PreparedStatement insertStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_INGEST_JOB, Statement.RETURN_GENERATED_KEYS);
10953 insertStatement.setLong(1, dataSource.getId());
10954 insertStatement.setString(2, hostName);
10955 insertStatement.setLong(3, jobStart.getTime());
10956 insertStatement.setLong(4, jobEnd.getTime());
10957 insertStatement.setInt(5, status.ordinal());
10958 insertStatement.setString(6, settingsDir);
10959 connection.executeUpdate(insertStatement);
10960 resultSet = insertStatement.getGeneratedKeys();
10962 long id = resultSet.getLong(1);
10963 for (
int i = 0; i < ingestModules.size(); i++) {
10965 statement.executeUpdate(
"INSERT INTO ingest_job_modules (ingest_job_id, ingest_module_id, pipeline_position) "
10966 +
"VALUES (" +
id +
", " + ingestModule.
getIngestModuleId() +
", " + i +
");");
10970 connection.commitTransaction();
10971 return new IngestJobInfo(
id, dataSource.getId(), hostName, jobStart,
"", ingestModules,
this);
10972 }
catch (SQLException ex) {
10973 connection.rollbackTransaction();
10974 throw new TskCoreException(
"Error adding the ingest job.", ex);
10976 closeResultSet(resultSet);
10977 connection.close();
10996 CaseDbConnection connection = connections.getConnection();
10997 ResultSet resultSet = null;
10998 Statement statement = null;
10999 String uniqueName = factoryClassName +
"-" + displayName +
"-" + type.toString() +
"-" + version;
11002 statement = connection.createStatement();
11003 resultSet = statement.executeQuery(
"SELECT * FROM ingest_modules WHERE unique_name = '" + uniqueName +
"'");
11004 if (!resultSet.next()) {
11007 PreparedStatement insertStatement = connection.getPreparedStatement(PREPARED_STATEMENT.INSERT_INGEST_MODULE, Statement.RETURN_GENERATED_KEYS);
11008 insertStatement.setString(1, displayName);
11009 insertStatement.setString(2, uniqueName);
11010 insertStatement.setInt(3, type.ordinal());
11011 insertStatement.setString(4, version);
11012 connection.executeUpdate(insertStatement);
11013 resultSet = statement.getGeneratedKeys();
11015 long id = resultSet.getLong(1);
11020 return new IngestModuleInfo(resultSet.getInt(
"ingest_module_id"), resultSet.getString(
"display_name"),
11021 resultSet.getString(
"unique_name"),
IngestModuleType.
fromID(resultSet.getInt(
"type_id")), resultSet.getString(
"version"));
11023 }
catch (SQLException ex) {
11025 closeStatement(statement);
11026 statement = connection.createStatement();
11027 resultSet = statement.executeQuery(
"SELECT * FROM ingest_modules WHERE unique_name = '" + uniqueName +
"'");
11028 if (resultSet.next()) {
11029 return new IngestModuleInfo(resultSet.getInt(
"ingest_module_id"), resultSet.getString(
"display_name"),
11032 throw new TskCoreException(
"Couldn't add new module to database.", ex);
11034 }
catch (SQLException ex1) {
11035 throw new TskCoreException(
"Couldn't add new module to database.", ex1);
11038 closeResultSet(resultSet);
11039 closeStatement(statement);
11040 connection.close();
11053 CaseDbConnection connection = connections.getConnection();
11054 ResultSet resultSet = null;
11055 Statement statement = null;
11056 List<IngestJobInfo> ingestJobs =
new ArrayList<IngestJobInfo>();
11059 statement = connection.createStatement();
11060 resultSet = statement.executeQuery(
"SELECT * FROM ingest_jobs");
11061 while (resultSet.next()) {
11062 ingestJobs.add(
new IngestJobInfo(resultSet.getInt(
"ingest_job_id"), resultSet.getLong(
"obj_id"),
11063 resultSet.getString(
"host_name"),
new Date(resultSet.getLong(
"start_date_time")),
11065 resultSet.getString(
"settings_dir"), this.getIngestModules(resultSet.getInt(
"ingest_job_id"), connection),
this));
11068 }
catch (SQLException ex) {
11069 throw new TskCoreException(
"Couldn't get the ingest jobs.", ex);
11071 closeResultSet(resultSet);
11072 closeStatement(statement);
11073 connection.close();
11088 private List<IngestModuleInfo> getIngestModules(
int ingestJobId, CaseDbConnection connection)
throws SQLException {
11089 ResultSet resultSet = null;
11090 Statement statement = null;
11091 List<IngestModuleInfo> ingestModules =
new ArrayList<IngestModuleInfo>();
11094 statement = connection.createStatement();
11095 resultSet = statement.executeQuery(
"SELECT ingest_job_modules.ingest_module_id AS ingest_module_id, "
11096 +
"ingest_job_modules.pipeline_position AS pipeline_position, "
11097 +
"ingest_modules.display_name AS display_name, ingest_modules.unique_name AS unique_name, "
11098 +
"ingest_modules.type_id AS type_id, ingest_modules.version AS version "
11099 +
"FROM ingest_job_modules, ingest_modules "
11100 +
"WHERE ingest_job_modules.ingest_job_id = " + ingestJobId +
" "
11101 +
"AND ingest_modules.ingest_module_id = ingest_job_modules.ingest_module_id "
11102 +
"ORDER BY (ingest_job_modules.pipeline_position);");
11103 while (resultSet.next()) {
11104 ingestModules.add(
new IngestModuleInfo(resultSet.getInt(
"ingest_module_id"), resultSet.getString(
"display_name"),
11105 resultSet.getString(
"unique_name"),
IngestModuleType.
fromID(resultSet.getInt(
"type_id")), resultSet.getString(
"version")));
11107 return ingestModules;
11109 closeResultSet(resultSet);
11110 closeStatement(statement);
11119 static class ObjectInfo {
11122 private TskData.ObjectType type;
11124 ObjectInfo(
long id, ObjectType type) {
11133 TskData.ObjectType getType() {
11138 private interface DbCommand {
11140 void execute() throws SQLException;
11143 private enum PREPARED_STATEMENT {
11145 SELECT_ARTIFACTS_BY_TYPE(
"SELECT artifact_id, obj_id FROM blackboard_artifacts "
11146 +
"WHERE artifact_type_id = ?"),
11147 COUNT_ARTIFACTS_OF_TYPE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE artifact_type_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11148 COUNT_ARTIFACTS_OF_TYPE_BY_DATA_SOURCE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE data_source_obj_id = ? AND artifact_type_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11149 COUNT_ARTIFACTS_FROM_SOURCE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE obj_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11150 COUNT_ARTIFACTS_BY_SOURCE_AND_TYPE(
"SELECT COUNT(*) AS count FROM blackboard_artifacts WHERE obj_id = ? AND artifact_type_id = ? AND review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID()),
11151 SELECT_FILES_BY_PARENT(
"SELECT tsk_files.* "
11152 +
"FROM tsk_objects INNER JOIN tsk_files "
11153 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11154 +
"WHERE (tsk_objects.par_obj_id = ? ) "
11155 +
"ORDER BY tsk_files.meta_type DESC, LOWER(tsk_files.name)"),
11156 SELECT_FILES_BY_PARENT_AND_TYPE(
"SELECT tsk_files.* "
11157 +
"FROM tsk_objects INNER JOIN tsk_files "
11158 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11159 +
"WHERE (tsk_objects.par_obj_id = ? AND tsk_files.type = ? ) "
11160 +
"ORDER BY tsk_files.dir_type, LOWER(tsk_files.name)"),
11161 SELECT_FILE_IDS_BY_PARENT(
"SELECT tsk_files.obj_id AS obj_id "
11162 +
"FROM tsk_objects INNER JOIN tsk_files "
11163 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11164 +
"WHERE (tsk_objects.par_obj_id = ?)"),
11165 SELECT_FILE_IDS_BY_PARENT_AND_TYPE(
"SELECT tsk_files.obj_id AS obj_id "
11166 +
"FROM tsk_objects INNER JOIN tsk_files "
11167 +
"ON tsk_objects.obj_id=tsk_files.obj_id "
11168 +
"WHERE (tsk_objects.par_obj_id = ? "
11169 +
"AND tsk_files.type = ? )"),
11170 SELECT_FILE_BY_ID(
"SELECT * FROM tsk_files WHERE obj_id = ? LIMIT 1"),
11171 SELECT_ARTIFACT_BY_ARTIFACT_OBJ_ID(
"SELECT * FROM blackboard_artifacts WHERE artifact_obj_id = ? LIMIT 1"),
11172 SELECT_ARTIFACT_BY_ARTIFACT_ID(
"SELECT * FROM blackboard_artifacts WHERE artifact_id = ? LIMIT 1"),
11173 INSERT_ARTIFACT(
"INSERT INTO blackboard_artifacts (artifact_id, obj_id, artifact_obj_id, data_source_obj_id, artifact_type_id, review_status_id) "
11174 +
"VALUES (?, ?, ?, ?, ?," + BlackboardArtifact.ReviewStatus.UNDECIDED.getID() +
")"),
11175 POSTGRESQL_INSERT_ARTIFACT(
"INSERT INTO blackboard_artifacts (artifact_id, obj_id, artifact_obj_id, data_source_obj_id, artifact_type_id, review_status_id) "
11176 +
"VALUES (DEFAULT, ?, ?, ?, ?," + BlackboardArtifact.ReviewStatus.UNDECIDED.getID() +
")"),
11177 INSERT_STRING_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_text) "
11178 +
"VALUES (?,?,?,?,?,?,?)"),
11179 INSERT_BYTE_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_byte) "
11180 +
"VALUES (?,?,?,?,?,?,?)"),
11181 INSERT_INT_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_int32) "
11182 +
"VALUES (?,?,?,?,?,?,?)"),
11183 INSERT_LONG_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_int64) "
11184 +
"VALUES (?,?,?,?,?,?,?)"),
11185 INSERT_DOUBLE_ATTRIBUTE(
"INSERT INTO blackboard_attributes (artifact_id, artifact_type_id, source, context, attribute_type_id, value_type, value_double) "
11186 +
"VALUES (?,?,?,?,?,?,?)"),
11187 SELECT_FILES_BY_DATA_SOURCE_AND_NAME(
"SELECT * FROM tsk_files WHERE LOWER(name) LIKE LOWER(?) AND LOWER(name) NOT LIKE LOWER('%journal%') AND data_source_obj_id = ?"),
11188 SELECT_FILES_BY_DATA_SOURCE_AND_PARENT_PATH_AND_NAME(
"SELECT * FROM tsk_files WHERE LOWER(name) LIKE LOWER(?) AND LOWER(name) NOT LIKE LOWER('%journal%') AND LOWER(parent_path) LIKE LOWER(?) AND data_source_obj_id = ?"),
11189 UPDATE_FILE_MD5(
"UPDATE tsk_files SET md5 = ? WHERE obj_id = ?"),
11190 UPDATE_IMAGE_MD5(
"UPDATE tsk_image_info SET md5 = ? WHERE obj_id = ?"),
11191 UPDATE_IMAGE_SHA1(
"UPDATE tsk_image_info SET sha1 = ? WHERE obj_id = ?"),
11192 UPDATE_IMAGE_SHA256(
"UPDATE tsk_image_info SET sha256 = ? WHERE obj_id = ?"),
11193 SELECT_IMAGE_MD5(
"SELECT md5 FROM tsk_image_info WHERE obj_id = ?"),
11194 SELECT_IMAGE_SHA1(
"SELECT sha1 FROM tsk_image_info WHERE obj_id = ?"),
11195 SELECT_IMAGE_SHA256(
"SELECT sha256 FROM tsk_image_info WHERE obj_id = ?"),
11196 UPDATE_ACQUISITION_DETAILS(
"UPDATE data_source_info SET acquisition_details = ? WHERE obj_id = ?"),
11197 SELECT_ACQUISITION_DETAILS(
"SELECT acquisition_details FROM data_source_info WHERE obj_id = ?"),
11198 SELECT_LOCAL_PATH_FOR_FILE(
"SELECT path FROM tsk_files_path WHERE obj_id = ?"),
11199 SELECT_ENCODING_FOR_FILE(
"SELECT encoding_type FROM tsk_files_path WHERE obj_id = ?"),
11200 SELECT_LOCAL_PATH_AND_ENCODING_FOR_FILE(
"SELECT path, encoding_type FROM tsk_files_path WHERE obj_id = ?"),
11201 SELECT_PATH_FOR_FILE(
"SELECT parent_path FROM tsk_files WHERE obj_id = ?"),
11202 SELECT_FILE_NAME(
"SELECT name FROM tsk_files WHERE obj_id = ?"),
11203 SELECT_DERIVED_FILE(
"SELECT derived_id, rederive FROM tsk_files_derived WHERE obj_id = ?"),
11204 SELECT_FILE_DERIVATION_METHOD(
"SELECT tool_name, tool_version, other FROM tsk_files_derived_method WHERE derived_id = ?"),
11205 SELECT_MAX_OBJECT_ID(
"SELECT MAX(obj_id) AS max_obj_id FROM tsk_objects"),
11206 INSERT_OBJECT(
"INSERT INTO tsk_objects (par_obj_id, type) VALUES (?, ?)"),
11207 INSERT_FILE(
"INSERT INTO tsk_files (obj_id, fs_obj_id, name, type, has_path, dir_type, meta_type, dir_flags, meta_flags, size, ctime, crtime, atime, mtime, md5, sha256, known, mime_type, parent_path, data_source_obj_id,extension) "
11208 +
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11209 INSERT_FILE_SYSTEM_FILE(
"INSERT INTO tsk_files(obj_id, fs_obj_id, data_source_obj_id, attr_type, attr_id, name, meta_addr, meta_seq, type, has_path, dir_type, meta_type, dir_flags, meta_flags, size, ctime, crtime, atime, mtime, parent_path, extension)"
11210 +
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11211 UPDATE_DERIVED_FILE(
"UPDATE tsk_files SET type = ?, dir_type = ?, meta_type = ?, dir_flags = ?, meta_flags = ?, size= ?, ctime= ?, crtime= ?, atime= ?, mtime= ?, mime_type = ? "
11212 +
"WHERE obj_id = ?"),
11213 INSERT_LAYOUT_FILE(
"INSERT INTO tsk_file_layout (obj_id, byte_start, byte_len, sequence) "
11214 +
"VALUES (?, ?, ?, ?)"),
11215 INSERT_LOCAL_PATH(
"INSERT INTO tsk_files_path (obj_id, path, encoding_type) VALUES (?, ?, ?)"),
11216 UPDATE_LOCAL_PATH(
"UPDATE tsk_files_path SET path = ?, encoding_type = ? WHERE obj_id = ?"),
11217 COUNT_CHILD_OBJECTS_BY_PARENT(
"SELECT COUNT(obj_id) AS count FROM tsk_objects WHERE par_obj_id = ?"),
11218 SELECT_FILE_SYSTEM_BY_OBJECT(
"SELECT fs_obj_id from tsk_files WHERE obj_id=?"),
11219 SELECT_TAG_NAMES(
"SELECT * FROM tag_names"),
11220 SELECT_TAG_NAMES_IN_USE(
"SELECT * FROM tag_names "
11221 +
"WHERE tag_name_id IN "
11222 +
"(SELECT tag_name_id from content_tags UNION SELECT tag_name_id FROM blackboard_artifact_tags)"),
11223 SELECT_TAG_NAMES_IN_USE_BY_DATASOURCE(
"SELECT * FROM tag_names "
11224 +
"WHERE tag_name_id IN "
11225 +
"( SELECT content_tags.tag_name_id as tag_name_id "
11226 +
"FROM content_tags as content_tags, tsk_files as tsk_files"
11227 +
" WHERE content_tags.obj_id = tsk_files.obj_id"
11228 +
" AND tsk_files.data_source_obj_id = ?"
11230 +
"SELECT artifact_tags.tag_name_id as tag_name_id "
11231 +
" FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts "
11232 +
" WHERE artifact_tags.artifact_id = arts.artifact_id"
11233 +
" AND arts.data_source_obj_id = ?"
11235 INSERT_TAG_NAME(
"INSERT INTO tag_names (display_name, description, color, knownStatus) VALUES (?, ?, ?, ?)"),
11236 INSERT_CONTENT_TAG(
"INSERT INTO content_tags (obj_id, tag_name_id, comment, begin_byte_offset, end_byte_offset, examiner_id) VALUES (?, ?, ?, ?, ?, ?)"),
11237 DELETE_CONTENT_TAG(
"DELETE FROM content_tags WHERE tag_id = ?"),
11238 COUNT_CONTENT_TAGS_BY_TAG_NAME(
"SELECT COUNT(*) AS count FROM content_tags WHERE tag_name_id = ?"),
11239 COUNT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE(
11240 "SELECT COUNT(*) AS count FROM content_tags as content_tags, tsk_files as tsk_files WHERE content_tags.obj_id = tsk_files.obj_id"
11241 +
" AND content_tags.tag_name_id = ? "
11242 +
" AND tsk_files.data_source_obj_id = ? "
11244 SELECT_CONTENT_TAGS(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11245 +
"FROM content_tags "
11246 +
"INNER JOIN tag_names ON content_tags.tag_name_id = tag_names.tag_name_id "
11247 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id"),
11248 SELECT_CONTENT_TAGS_BY_TAG_NAME(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tsk_examiners.login_name "
11249 +
"FROM content_tags "
11250 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id "
11251 +
"WHERE tag_name_id = ?"),
11252 SELECT_CONTENT_TAGS_BY_TAG_NAME_BY_DATASOURCE(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id "
11253 +
"FROM content_tags as content_tags, tsk_files as tsk_files, tag_names as tag_names, tsk_examiners as tsk_examiners "
11254 +
"WHERE content_tags.examiner_id = tsk_examiners.examiner_id"
11255 +
" AND content_tags.obj_id = tsk_files.obj_id"
11256 +
" AND content_tags.tag_name_id = tag_names.tag_name_id"
11257 +
" AND content_tags.tag_name_id = ?"
11258 +
" AND tsk_files.data_source_obj_id = ? "),
11259 SELECT_CONTENT_TAG_BY_ID(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11260 +
"FROM content_tags "
11261 +
"INNER JOIN tag_names ON content_tags.tag_name_id = tag_names.tag_name_id "
11262 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id "
11263 +
"WHERE tag_id = ?"),
11264 SELECT_CONTENT_TAGS_BY_CONTENT(
"SELECT content_tags.tag_id, content_tags.obj_id, content_tags.tag_name_id, content_tags.comment, content_tags.begin_byte_offset, content_tags.end_byte_offset, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11265 +
"FROM content_tags "
11266 +
"INNER JOIN tag_names ON content_tags.tag_name_id = tag_names.tag_name_id "
11267 +
"LEFT OUTER JOIN tsk_examiners ON content_tags.examiner_id = tsk_examiners.examiner_id "
11268 +
"WHERE content_tags.obj_id = ?"),
11269 INSERT_ARTIFACT_TAG(
"INSERT INTO blackboard_artifact_tags (artifact_id, tag_name_id, comment, examiner_id) "
11270 +
"VALUES (?, ?, ?, ?)"),
11271 DELETE_ARTIFACT_TAG(
"DELETE FROM blackboard_artifact_tags WHERE tag_id = ?"),
11272 SELECT_ARTIFACT_TAGS(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tag_names.tag_set_id, tsk_examiners.login_name, tag_names.rank "
11273 +
"FROM blackboard_artifact_tags "
11274 +
"INNER JOIN tag_names ON blackboard_artifact_tags.tag_name_id = tag_names.tag_name_id "
11275 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id"),
11276 COUNT_ARTIFACTS_BY_TAG_NAME(
"SELECT COUNT(*) AS count FROM blackboard_artifact_tags WHERE tag_name_id = ?"),
11277 COUNT_ARTIFACTS_BY_TAG_NAME_BY_DATASOURCE(
"SELECT COUNT(*) AS count FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts WHERE artifact_tags.artifact_id = arts.artifact_id"
11278 +
" AND artifact_tags.tag_name_id = ?"
11279 +
" AND arts.data_source_obj_id = ? "),
11280 SELECT_ARTIFACT_TAGS_BY_TAG_NAME(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tsk_examiners.login_name "
11281 +
"FROM blackboard_artifact_tags "
11282 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id "
11283 +
"WHERE tag_name_id = ?"),
11284 SELECT_ARTIFACT_TAGS_BY_TAG_NAME_BY_DATASOURCE(
"SELECT artifact_tags.tag_id, artifact_tags.artifact_id, artifact_tags.tag_name_id, artifact_tags.comment, arts.obj_id, arts.artifact_obj_id, arts.data_source_obj_id, arts.artifact_type_id, arts.review_status_id, tsk_examiners.login_name "
11285 +
"FROM blackboard_artifact_tags as artifact_tags, blackboard_artifacts AS arts, tsk_examiners AS tsk_examiners "
11286 +
"WHERE artifact_tags.examiner_id = tsk_examiners.examiner_id"
11287 +
" AND artifact_tags.artifact_id = arts.artifact_id"
11288 +
" AND artifact_tags.tag_name_id = ? "
11289 +
" AND arts.data_source_obj_id = ? "),
11290 SELECT_ARTIFACT_TAG_BY_ID(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11291 +
"FROM blackboard_artifact_tags "
11292 +
"INNER JOIN tag_names ON blackboard_artifact_tags.tag_name_id = tag_names.tag_name_id "
11293 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id "
11294 +
"WHERE blackboard_artifact_tags.tag_id = ?"),
11295 SELECT_ARTIFACT_TAGS_BY_ARTIFACT(
"SELECT blackboard_artifact_tags.tag_id, blackboard_artifact_tags.artifact_id, blackboard_artifact_tags.tag_name_id, blackboard_artifact_tags.comment, tag_names.display_name, tag_names.description, tag_names.color, tag_names.knownStatus, tsk_examiners.login_name, tag_names.tag_set_id, tag_names.rank "
11296 +
"FROM blackboard_artifact_tags "
11297 +
"INNER JOIN tag_names ON blackboard_artifact_tags.tag_name_id = tag_names.tag_name_id "
11298 +
"LEFT OUTER JOIN tsk_examiners ON blackboard_artifact_tags.examiner_id = tsk_examiners.examiner_id "
11299 +
"WHERE blackboard_artifact_tags.artifact_id = ?"),
11300 SELECT_REPORTS(
"SELECT * FROM reports"),
11301 SELECT_REPORT_BY_ID(
"SELECT * FROM reports WHERE obj_id = ?"),
11302 INSERT_REPORT(
"INSERT INTO reports (obj_id, path, crtime, src_module_name, report_name) VALUES (?, ?, ?, ?, ?)"),
11303 DELETE_REPORT(
"DELETE FROM reports WHERE reports.obj_id = ?"),
11304 INSERT_INGEST_JOB(
"INSERT INTO ingest_jobs (obj_id, host_name, start_date_time, end_date_time, status_id, settings_dir) VALUES (?, ?, ?, ?, ?, ?)"),
11305 INSERT_INGEST_MODULE(
"INSERT INTO ingest_modules (display_name, unique_name, type_id, version) VALUES(?, ?, ?, ?)"),
11306 SELECT_ATTR_BY_VALUE_BYTE(
"SELECT source FROM blackboard_attributes WHERE artifact_id = ? AND attribute_type_id = ? AND value_type = 4 AND value_byte = ?"),
11307 UPDATE_ATTR_BY_VALUE_BYTE(
"UPDATE blackboard_attributes SET source = ? WHERE artifact_id = ? AND attribute_type_id = ? AND value_type = 4 AND value_byte = ?"),
11308 UPDATE_IMAGE_PATH(
"UPDATE tsk_image_names SET name = ? WHERE obj_id = ?"),
11309 SELECT_ARTIFACT_OBJECTIDS_BY_PARENT(
"SELECT blackboard_artifacts.artifact_obj_id AS artifact_obj_id "
11310 +
"FROM tsk_objects INNER JOIN blackboard_artifacts "
11311 +
"ON tsk_objects.obj_id=blackboard_artifacts.obj_id "
11312 +
"WHERE (tsk_objects.par_obj_id = ?)"),
11313 INSERT_OR_UPDATE_TAG_NAME(
"INSERT INTO tag_names (display_name, description, color, knownStatus) VALUES (?, ?, ?, ?) ON CONFLICT (display_name) DO UPDATE SET description = ?, color = ?, knownStatus = ?"),
11314 SELECT_EXAMINER_BY_ID(
"SELECT * FROM tsk_examiners WHERE examiner_id = ?"),
11315 SELECT_EXAMINER_BY_LOGIN_NAME(
"SELECT * FROM tsk_examiners WHERE login_name = ?"),
11316 INSERT_EXAMINER_POSTGRESQL(
"INSERT INTO tsk_examiners (login_name) VALUES (?) ON CONFLICT DO NOTHING"),
11317 INSERT_EXAMINER_SQLITE(
"INSERT OR IGNORE INTO tsk_examiners (login_name) VALUES (?)"),
11318 UPDATE_FILE_NAME(
"UPDATE tsk_files SET name = ? WHERE obj_id = ?"),
11319 UPDATE_IMAGE_NAME(
"UPDATE tsk_image_info SET display_name = ? WHERE obj_id = ?"),
11320 DELETE_IMAGE_NAME(
"DELETE FROM tsk_image_names WHERE obj_id = ?"),
11321 INSERT_IMAGE_NAME(
"INSERT INTO tsk_image_names (obj_id, name, sequence) VALUES (?, ?, ?)"),
11322 INSERT_IMAGE_INFO(
"INSERT INTO tsk_image_info (obj_id, type, ssize, tzone, size, md5, sha1, sha256, display_name)"
11323 +
" VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11324 INSERT_DATA_SOURCE_INFO(
"INSERT INTO data_source_info (obj_id, device_id, time_zone) VALUES (?, ?, ?)"),
11325 INSERT_VS_INFO(
"INSERT INTO tsk_vs_info (obj_id, vs_type, img_offset, block_size) VALUES (?, ?, ?, ?)"),
11326 INSERT_VS_PART_SQLITE(
"INSERT INTO tsk_vs_parts (obj_id, addr, start, length, desc, flags) VALUES (?, ?, ?, ?, ?, ?)"),
11327 INSERT_VS_PART_POSTGRESQL(
"INSERT INTO tsk_vs_parts (obj_id, addr, start, length, descr, flags) VALUES (?, ?, ?, ?, ?, ?)"),
11328 INSERT_POOL_INFO(
"INSERT INTO tsk_pool_info (obj_id, pool_type) VALUES (?, ?)"),
11329 INSERT_FS_INFO(
"INSERT INTO tsk_fs_info (obj_id, data_source_obj_id, img_offset, fs_type, block_size, block_count, root_inum, first_inum, last_inum, display_name)"
11330 +
"VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"),
11331 SELECT_TAG_NAME_BY_ID(
"SELECT * FROM tag_names where tag_name_id = ?"),
11332 SELECT_TAG_NAME_BY_NAME(
"SELECT * FROM tag_names where display_name = ?");
11334 private final String sql;
11336 private PREPARED_STATEMENT(String sql) {
11350 abstract private class ConnectionPool {
11352 private PooledDataSource pooledDataSource;
11354 public ConnectionPool() {
11355 pooledDataSource = null;
11358 CaseDbConnection getConnection() throws TskCoreException {
11359 if (pooledDataSource == null) {
11360 throw new TskCoreException(
"Error getting case database connection - case is closed");
11363 return getPooledConnection();
11364 }
catch (SQLException exp) {
11365 throw new TskCoreException(exp.getMessage());
11369 void close() throws TskCoreException {
11370 if (pooledDataSource != null) {
11372 pooledDataSource.close();
11373 }
catch (SQLException exp) {
11374 throw new TskCoreException(exp.getMessage());
11376 pooledDataSource = null;
11381 abstract CaseDbConnection getPooledConnection() throws SQLException;
11383 public PooledDataSource getPooledDataSource() {
11384 return pooledDataSource;
11387 public void setPooledDataSource(PooledDataSource pooledDataSource) {
11388 this.pooledDataSource = pooledDataSource;
11396 private final class SQLiteConnections
extends ConnectionPool {
11398 private final Map<String, String> configurationOverrides =
new HashMap<String, String>();
11400 SQLiteConnections(String dbPath)
throws SQLException {
11401 configurationOverrides.put(
"acquireIncrement",
"2");
11402 configurationOverrides.put(
"initialPoolSize",
"5");
11403 configurationOverrides.put(
"minPoolSize",
"5");
11408 configurationOverrides.put(
"maxPoolSize",
"20");
11409 configurationOverrides.put(
"maxStatements",
"200");
11410 configurationOverrides.put(
"maxStatementsPerConnection",
"20");
11412 SQLiteConfig config =
new SQLiteConfig();
11413 config.setSynchronous(SQLiteConfig.SynchronousMode.OFF);
11414 config.setReadUncommited(
true);
11415 config.enforceForeignKeys(
true);
11416 SQLiteDataSource unpooled =
new SQLiteDataSource(config);
11417 unpooled.setUrl(
"jdbc:sqlite:" + dbPath);
11418 setPooledDataSource((PooledDataSource) DataSources.pooledDataSource(unpooled, configurationOverrides));
11422 public CaseDbConnection getPooledConnection() throws SQLException {
11423 return new SQLiteConnection(getPooledDataSource().getConnection());
11431 private final class PostgreSQLConnections
extends ConnectionPool {
11433 PostgreSQLConnections(String host,
int port, String dbName, String userName, String password)
throws PropertyVetoException, UnsupportedEncodingException {
11434 ComboPooledDataSource comboPooledDataSource =
new ComboPooledDataSource();
11435 comboPooledDataSource.setDriverClass(
"org.postgresql.Driver");
11436 comboPooledDataSource.setJdbcUrl(
"jdbc:postgresql://" + host +
":" + port +
"/"
11437 + URLEncoder.encode(dbName, StandardCharsets.UTF_8.toString()));
11438 comboPooledDataSource.setUser(userName);
11439 comboPooledDataSource.setPassword(password);
11440 comboPooledDataSource.setAcquireIncrement(2);
11441 comboPooledDataSource.setInitialPoolSize(5);
11442 comboPooledDataSource.setMinPoolSize(5);
11447 comboPooledDataSource.setMaxPoolSize(20);
11448 comboPooledDataSource.setMaxStatements(200);
11449 comboPooledDataSource.setMaxStatementsPerConnection(20);
11450 setPooledDataSource(comboPooledDataSource);
11454 public CaseDbConnection getPooledConnection() throws SQLException {
11455 return new PostgreSQLConnection(getPooledDataSource().getConnection());
11462 abstract class CaseDbConnection
implements AutoCloseable {
11464 static final int SLEEP_LENGTH_IN_MILLISECONDS = 5000;
11465 static final int MAX_RETRIES = 20;
11467 private class CreateStatement
implements DbCommand {
11469 private final Connection connection;
11470 private Statement statement = null;
11472 CreateStatement(Connection connection) {
11473 this.connection = connection;
11476 Statement getStatement() {
11481 public void execute() throws SQLException {
11482 statement = connection.createStatement();
11486 private class SetAutoCommit
implements DbCommand {
11488 private final Connection connection;
11489 private final boolean mode;
11491 SetAutoCommit(Connection connection,
boolean mode) {
11492 this.connection = connection;
11497 public void execute() throws SQLException {
11498 connection.setAutoCommit(mode);
11502 private class Commit
implements DbCommand {
11504 private final Connection connection;
11506 Commit(Connection connection) {
11507 this.connection = connection;
11511 public void execute() throws SQLException {
11512 connection.commit();
11516 private class ExecuteQuery
implements DbCommand {
11518 private final Statement statement;
11519 private final String query;
11520 private ResultSet resultSet;
11522 ExecuteQuery(Statement statement, String query) {
11523 this.statement = statement;
11524 this.query = query;
11527 ResultSet getResultSet() {
11532 public void execute() throws SQLException {
11533 resultSet = statement.executeQuery(query);
11537 private class ExecutePreparedStatementQuery
implements DbCommand {
11539 private final PreparedStatement preparedStatement;
11540 private ResultSet resultSet;
11542 ExecutePreparedStatementQuery(PreparedStatement preparedStatement) {
11543 this.preparedStatement = preparedStatement;
11546 ResultSet getResultSet() {
11551 public void execute() throws SQLException {
11552 resultSet = preparedStatement.executeQuery();
11556 private class ExecutePreparedStatementUpdate
implements DbCommand {
11558 private final PreparedStatement preparedStatement;
11560 ExecutePreparedStatementUpdate(PreparedStatement preparedStatement) {
11561 this.preparedStatement = preparedStatement;
11565 public void execute() throws SQLException {
11566 preparedStatement.executeUpdate();
11570 private class ExecuteStatementUpdate
implements DbCommand {
11572 private final Statement statement;
11573 private final String updateCommand;
11575 ExecuteStatementUpdate(Statement statement, String updateCommand) {
11576 this.statement = statement;
11577 this.updateCommand = updateCommand;
11581 public void execute() throws SQLException {
11582 statement.executeUpdate(updateCommand);
11586 private class ExecuteStatementUpdateGenerateKeys
implements DbCommand {
11588 private final Statement statement;
11589 private final int generateKeys;
11590 private final String updateCommand;
11592 ExecuteStatementUpdateGenerateKeys(Statement statement, String updateCommand,
int generateKeys) {
11593 this.statement = statement;
11594 this.generateKeys = generateKeys;
11595 this.updateCommand = updateCommand;
11599 public void execute() throws SQLException {
11600 statement.executeUpdate(updateCommand, generateKeys);
11604 private class PrepareStatement
implements DbCommand {
11606 private final Connection connection;
11607 private final String input;
11608 private PreparedStatement preparedStatement = null;
11610 PrepareStatement(Connection connection, String input) {
11611 this.connection = connection;
11612 this.input = input;
11615 PreparedStatement getPreparedStatement() {
11616 return preparedStatement;
11620 public void execute() throws SQLException {
11621 preparedStatement = connection.prepareStatement(input);
11625 private class PrepareStatementGenerateKeys
implements DbCommand {
11627 private final Connection connection;
11628 private final String input;
11629 private final int generateKeys;
11630 private PreparedStatement preparedStatement = null;
11632 PrepareStatementGenerateKeys(Connection connection, String input,
int generateKeysInput) {
11633 this.connection = connection;
11634 this.input = input;
11635 this.generateKeys = generateKeysInput;
11638 PreparedStatement getPreparedStatement() {
11639 return preparedStatement;
11643 public void execute() throws SQLException {
11644 preparedStatement = connection.prepareStatement(input, generateKeys);
11648 abstract void executeCommand(DbCommand command)
throws SQLException;
11650 private final Connection connection;
11651 private final Map<PREPARED_STATEMENT, PreparedStatement> preparedStatements;
11652 private final Map<String, PreparedStatement> adHocPreparedStatements;
11654 CaseDbConnection(Connection connection) {
11655 this.connection = connection;
11656 preparedStatements =
new EnumMap<PREPARED_STATEMENT, PreparedStatement>(PREPARED_STATEMENT.class);
11657 adHocPreparedStatements =
new HashMap<>();
11661 return this.connection != null;
11664 PreparedStatement getPreparedStatement(PREPARED_STATEMENT statementKey)
throws SQLException {
11665 return getPreparedStatement(statementKey, Statement.NO_GENERATED_KEYS);
11668 PreparedStatement getPreparedStatement(PREPARED_STATEMENT statementKey,
int generateKeys)
throws SQLException {
11670 PreparedStatement statement;
11671 if (this.preparedStatements.containsKey(statementKey)) {
11672 statement = this.preparedStatements.get(statementKey);
11674 statement = prepareStatement(statementKey.getSQL(), generateKeys);
11675 this.preparedStatements.put(statementKey, statement);
11691 PreparedStatement getPreparedStatement(String sqlStatement,
int generateKeys)
throws SQLException {
11692 PreparedStatement statement;
11693 String statementKey =
"SQL:" + sqlStatement +
" Key:" + generateKeys;
11694 if (adHocPreparedStatements.containsKey(statementKey)) {
11695 statement = this.adHocPreparedStatements.get(statementKey);
11697 statement = prepareStatement(sqlStatement, generateKeys);
11698 this.adHocPreparedStatements.put(statementKey, statement);
11703 PreparedStatement prepareStatement(String sqlStatement,
int generateKeys)
throws SQLException {
11704 PrepareStatement prepareStatement =
new PrepareStatement(this.getConnection(), sqlStatement);
11705 executeCommand(prepareStatement);
11706 return prepareStatement.getPreparedStatement();
11709 Statement createStatement() throws SQLException {
11710 CreateStatement createStatement =
new CreateStatement(this.connection);
11711 executeCommand(createStatement);
11712 return createStatement.getStatement();
11716 SetAutoCommit setAutoCommit =
new SetAutoCommit(connection,
false);
11717 executeCommand(setAutoCommit);
11720 void commitTransaction() throws SQLException {
11721 Commit commit =
new Commit(connection);
11722 executeCommand(commit);
11724 SetAutoCommit setAutoCommit =
new SetAutoCommit(connection,
true);
11725 executeCommand(setAutoCommit);
11733 void rollbackTransaction() {
11735 connection.rollback();
11736 }
catch (SQLException e) {
11737 logger.log(Level.SEVERE,
"Error rolling back transaction", e);
11740 connection.setAutoCommit(
true);
11741 }
catch (SQLException e) {
11742 logger.log(Level.SEVERE,
"Error restoring auto-commit", e);
11753 void rollbackTransactionWithThrow() throws SQLException {
11755 connection.rollback();
11757 connection.setAutoCommit(
true);
11761 ResultSet
executeQuery(Statement statement, String query)
throws SQLException {
11762 ExecuteQuery queryCommand =
new ExecuteQuery(statement, query);
11763 executeCommand(queryCommand);
11764 return queryCommand.getResultSet();
11776 ResultSet
executeQuery(PreparedStatement statement)
throws SQLException {
11777 ExecutePreparedStatementQuery executePreparedStatementQuery =
new ExecutePreparedStatementQuery(statement);
11778 executeCommand(executePreparedStatementQuery);
11779 return executePreparedStatementQuery.getResultSet();
11782 void executeUpdate(Statement statement, String update)
throws SQLException {
11783 executeUpdate(statement, update, Statement.NO_GENERATED_KEYS);
11786 void executeUpdate(Statement statement, String update,
int generateKeys)
throws SQLException {
11787 ExecuteStatementUpdate executeStatementUpdate =
new ExecuteStatementUpdate(statement, update);
11788 executeCommand(executeStatementUpdate);
11791 void executeUpdate(PreparedStatement statement)
throws SQLException {
11792 ExecutePreparedStatementUpdate executePreparedStatementUpdate =
new ExecutePreparedStatementUpdate(statement);
11793 executeCommand(executePreparedStatementUpdate);
11800 public void close() {
11802 for (PreparedStatement stmt:preparedStatements.values()) {
11803 closeStatement(stmt);
11805 for (PreparedStatement stmt:adHocPreparedStatements.values()) {
11806 closeStatement(stmt);
11808 connection.close();
11809 }
catch (SQLException ex) {
11810 logger.log(Level.SEVERE,
"Unable to close connection to case database", ex);
11814 Connection getConnection() {
11815 return this.connection;
11822 private final class SQLiteConnection
extends CaseDbConnection {
11824 private static final int DATABASE_LOCKED_ERROR = 0;
11825 private static final int SQLITE_BUSY_ERROR = 5;
11827 SQLiteConnection(Connection conn) {
11832 void executeCommand(DbCommand command)
throws SQLException {
11833 int retryCounter = 0;
11838 }
catch (SQLException ex) {
11839 if ((ex.getErrorCode() == SQLITE_BUSY_ERROR || ex.getErrorCode() == DATABASE_LOCKED_ERROR) && retryCounter < MAX_RETRIES) {
11846 Thread.sleep(SLEEP_LENGTH_IN_MILLISECONDS);
11847 }
catch (InterruptedException exp) {
11848 Logger.getLogger(SleuthkitCase.class.getName()).log(Level.WARNING,
"Unexpectedly unable to wait for database.", exp);
11861 private final class PostgreSQLConnection
extends CaseDbConnection {
11863 private final String COMMUNICATION_ERROR = PSQLState.COMMUNICATION_ERROR.getState();
11864 private final String SYSTEM_ERROR = PSQLState.SYSTEM_ERROR.getState();
11865 private final String UNKNOWN_STATE = PSQLState.UNKNOWN_STATE.getState();
11866 private static final int MAX_RETRIES = 3;
11868 PostgreSQLConnection(Connection conn) {
11873 void executeUpdate(Statement statement, String update,
int generateKeys)
throws SQLException {
11874 CaseDbConnection.ExecuteStatementUpdateGenerateKeys executeStatementUpdateGenerateKeys =
new CaseDbConnection.ExecuteStatementUpdateGenerateKeys(statement, update, generateKeys);
11875 executeCommand(executeStatementUpdateGenerateKeys);
11879 PreparedStatement prepareStatement(String sqlStatement,
int generateKeys)
throws SQLException {
11880 CaseDbConnection.PrepareStatementGenerateKeys prepareStatementGenerateKeys =
new CaseDbConnection.PrepareStatementGenerateKeys(this.getConnection(), sqlStatement, generateKeys);
11881 executeCommand(prepareStatementGenerateKeys);
11882 return prepareStatementGenerateKeys.getPreparedStatement();
11886 void executeCommand(DbCommand command)
throws SQLException {
11887 SQLException lastException = null;
11888 for (
int retries = 0; retries < MAX_RETRIES; retries++) {
11891 lastException = null;
11893 }
catch (SQLException ex) {
11894 lastException = ex;
11895 String sqlState = ex.getSQLState();
11896 if (sqlState == null || sqlState.equals(COMMUNICATION_ERROR) || sqlState.equals(SYSTEM_ERROR) || sqlState.equals(UNKNOWN_STATE)) {
11898 Thread.sleep(SLEEP_LENGTH_IN_MILLISECONDS);
11899 }
catch (InterruptedException exp) {
11900 Logger.getLogger(SleuthkitCase.class.getName()).log(Level.WARNING,
"Unexpectedly unable to wait for database.", exp);
11909 if (lastException != null) {
11910 throw lastException;
11931 private final CaseDbConnection connection;
11935 this.connection = connection;
11936 this.sleuthkitCase = sleuthkitCase;
11938 this.connection.beginTransaction();
11939 }
catch (SQLException ex) {
11940 throw new TskCoreException(
"Failed to create transaction on case database", ex);
11952 CaseDbConnection getConnection() {
11953 return this.connection;
11964 this.connection.commitTransaction();
11965 }
catch (SQLException ex) {
11966 throw new TskCoreException(
"Failed to commit transaction on case database", ex);
11980 this.connection.rollbackTransactionWithThrow();
11981 }
catch (SQLException ex) {
11982 throw new TskCoreException(
"Case database transaction rollback failed", ex);
11993 this.connection.close();
12009 private ResultSet resultSet;
12010 private CaseDbConnection connection;
12012 private CaseDbQuery(String query)
throws TskCoreException {
12013 this(query,
false);
12016 private CaseDbQuery(String query,
boolean allowWriteQuery)
throws TskCoreException {
12017 if (!allowWriteQuery) {
12018 if (!query.regionMatches(
true, 0,
"SELECT", 0,
"SELECT".length())) {
12019 throw new TskCoreException(
"Unsupported query: Only SELECT queries are supported.");
12023 connection = connections.getConnection();
12024 }
catch (TskCoreException ex) {
12025 throw new TskCoreException(
"Error getting connection for query: ", ex);
12030 resultSet = connection.executeQuery(connection.createStatement(), query);
12031 }
catch (SQLException ex) {
12033 throw new TskCoreException(
"Error executing query: ", ex);
12047 public void close() throws TskCoreException {
12049 if (resultSet != null) {
12050 final Statement statement = resultSet.getStatement();
12051 if (statement != null) {
12056 connection.close();
12057 }
catch (SQLException ex) {
12058 throw new TskCoreException(
"Error closing query: ", ex);
12074 sleuthkitCaseErrorObservers.add(observer);
12086 int i = sleuthkitCaseErrorObservers.indexOf(observer);
12088 sleuthkitCaseErrorObservers.remove(i);
12102 for (
ErrorObserver observer : sleuthkitCaseErrorObservers) {
12103 if (observer != null) {
12105 observer.receiveError(context, errorMessage);
12106 }
catch (Exception ex) {
12107 logger.log(Level.SEVERE,
"Observer client unable to receive message: {0}, {1}",
new Object[]{context, errorMessage, ex});
12139 private final String contextString;
12141 private Context(String context) {
12142 this.contextString = context;
12146 return contextString;
12150 void receiveError(String context, String errorMessage);
12164 long getDataSourceObjectId(
long objectId) {
12166 CaseDbConnection connection = connections.getConnection();
12168 return getDataSourceObjectId(connection, objectId);
12170 connection.close();
12172 }
catch (TskCoreException ex) {
12173 logger.log(Level.SEVERE,
"Error getting data source object id for a file", ex);
12189 CaseDbConnection connection = connections.getConnection();
12191 ResultSet rs = null;
12194 PreparedStatement statement = connection.getPreparedStatement(PREPARED_STATEMENT.SELECT_MAX_OBJECT_ID);
12195 rs = connection.executeQuery(statement);
12198 id = rs.getLong(
"max_obj_id");
12201 }
catch (SQLException e) {
12202 throw new TskCoreException(
"Error getting last object id", e);
12204 closeResultSet(rs);
12205 connection.close();
12225 CaseDbConnection connection = connections.getConnection();
12227 Statement s = null;
12228 ResultSet rs = null;
12230 s = connection.createStatement();
12231 rs = connection.executeQuery(s,
"SELECT * FROM tsk_files WHERE " + sqlWhereClause);
12232 List<FsContent> results =
new ArrayList<FsContent>();
12233 List<AbstractFile> temp = resultSetToAbstractFiles(rs, connection);
12241 }
catch (SQLException e) {
12242 throw new TskCoreException(
"SQLException thrown when calling 'SleuthkitCase.findFilesWhere().", e);
12244 closeResultSet(rs);
12246 connection.close();
12264 CaseDbConnection connection = connections.getConnection();
12266 Statement s = null;
12267 ResultSet rs = null;
12269 s = connection.createStatement();
12270 rs = connection.executeQuery(s,
"SELECT artifact_type_id FROM blackboard_artifact_types WHERE type_name = '" + artifactTypeName +
"'");
12273 typeId = rs.getInt(
"artifact_type_id");
12276 }
catch (SQLException ex) {
12277 throw new TskCoreException(
"Error getting artifact type id", ex);
12279 closeResultSet(rs);
12281 connection.close();
12314 public int addArtifactType(String artifactTypeName, String displayName)
throws TskCoreException {
12317 }
catch (TskDataException ex) {
12318 throw new TskCoreException(
"Failed to add artifact type.", ex);
12336 public int addAttrType(String attrTypeString, String displayName)
throws TskCoreException {
12339 }
catch (TskDataException ex) {
12340 throw new TskCoreException(
"Couldn't add new attribute type");
12356 CaseDbConnection connection = connections.getConnection();
12358 Statement s = null;
12359 ResultSet rs = null;
12361 s = connection.createStatement();
12362 rs = connection.executeQuery(s,
"SELECT attribute_type_id FROM blackboard_attribute_types WHERE type_name = '" + attrTypeName +
"'");
12365 typeId = rs.getInt(
"attribute_type_id");
12368 }
catch (SQLException ex) {
12369 throw new TskCoreException(
"Error getting attribute type id", ex);
12371 closeResultSet(rs);
12373 connection.close();
12392 CaseDbConnection connection = connections.getConnection();
12394 Statement s = null;
12395 ResultSet rs = null;
12397 s = connection.createStatement();
12398 rs = connection.executeQuery(s,
"SELECT type_name FROM blackboard_attribute_types WHERE attribute_type_id = " + attrTypeID);
12400 return rs.getString(
"type_name");
12402 throw new TskCoreException(
"No type with that id");
12404 }
catch (SQLException ex) {
12405 throw new TskCoreException(
"Error getting or creating a attribute type name", ex);
12407 closeResultSet(rs);
12409 connection.close();
12428 CaseDbConnection connection = connections.getConnection();
12430 Statement s = null;
12431 ResultSet rs = null;
12433 s = connection.createStatement();
12434 rs = connection.executeQuery(s,
"SELECT display_name FROM blackboard_attribute_types WHERE attribute_type_id = " + attrTypeID);
12436 return rs.getString(
"display_name");
12438 throw new TskCoreException(
"No type with that id");
12440 }
catch (SQLException ex) {
12441 throw new TskCoreException(
"Error getting or creating a attribute type name", ex);
12443 closeResultSet(rs);
12445 connection.close();
12480 public ResultSet
runQuery(String query)
throws SQLException {
12481 CaseDbConnection connection;
12483 connection = connections.getConnection();
12484 }
catch (TskCoreException ex) {
12485 throw new SQLException(
"Error getting connection for ad hoc query", ex);
12489 return connection.executeQuery(connection.createStatement(), query);
12493 connection.close();
12509 final Statement statement = resultSet.getStatement();
12511 if (statement != null) {
12533 public LayoutFile addCarvedFile(String carvedFileName,
long carvedFileSize,
long containerId, List<TskFileRange> data)
throws TskCoreException {
12536 files.add(carvedFile);
12540 || parent instanceof
Volume
12541 || parent instanceof
Image) {
12544 throw new TskCoreException(String.format(
"Parent (id =%d) is not an file system, volume or image", containerId));
12563 public List<LayoutFile>
addCarvedFiles(List<CarvedFileContainer> filesToAdd)
throws TskCoreException {
12567 carvedFiles.add(carvedFile);
12572 || parent instanceof
Volume
12573 || parent instanceof
Image) {
12576 throw new TskCoreException(String.format(
"Parent (id =%d) is not an file system, volume or image", parent.
getId()));
12612 long size,
long ctime,
long crtime,
long atime,
long mtime,
12614 String rederiveDetails, String toolName, String toolVersion, String otherDetails)
throws TskCoreException {
12615 return addDerivedFile(fileName, localPath, size, ctime, crtime, atime, mtime,
12616 isFile, parentFile, rederiveDetails, toolName, toolVersion,
12651 long size,
long ctime,
long crtime,
long atime,
long mtime,
12652 String md5,
FileKnown known, String mimeType,
12656 return addLocalFile(fileName, localPath, size, ctime, crtime, atime, mtime,
12657 md5, null, known, mimeType, isFile, encodingType,
12658 parent, transaction);
12687 long size,
long ctime,
long crtime,
long atime,
long mtime,
12690 return addLocalFile(fileName, localPath, size, ctime, crtime, atime, mtime, isFile,
12715 long size,
long ctime,
long crtime,
long atime,
long mtime,
12718 return addLocalFile(fileName, localPath, size, ctime, crtime, atime, mtime,
12740 return this.caseHandle.initAddImageProcess(timezone, addUnallocSpace, noFatFsOrphans,
"",
this);
12757 }
catch (TskCoreException ex) {
12758 logger.log(Level.SEVERE,
"Error loading all file systems for image with ID {0}", image.
getId());
12759 return new ArrayList<>();
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, long value)
final IngestJobInfo addIngestJob(Content dataSource, String hostName, List< IngestModuleInfo > ingestModules, Date jobStart, Date jobEnd, IngestJobStatusType status, String settingsDir)
static ARTIFACT_TYPE fromID(int id)
FS
File that can be found in file system tree.
static FileKnown valueOf(byte known)
BlackboardArtifact getArtifactByArtifactId(long id)
AddImageProcess makeAddImageProcess(String timezone, boolean addUnallocSpace, boolean noFatFsOrphans)
BlackboardArtifact getArtifactById(long id)
List< Report > getAllReports()
ArrayList< BlackboardAttribute > getBlackboardAttributes(final BlackboardArtifact artifact)
long getBlackboardArtifactsCount(long objId)
int getArtifactTypeID(String artifactTypeName)
synchronized Content getParent()
long getBlackboardArtifactTagsCountByTagName(TagName tagName)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(ARTIFACT_TYPE artifactType)
LocalDirectory addLocalDirectory(long parentId, String directoryName, CaseDbTransaction transaction)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(String artifactTypeName)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, int value)
void addBlackboardAttributes(Collection< BlackboardAttribute > attributes, int artifactTypeId)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(int artifactTypeID, long obj_id)
CommunicationsManager getCommunicationsManager()
DerivedFile addDerivedFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails)
CaseDbTransaction beginTransaction()
boolean isCompatible(CaseDbSchemaVersionNumber dbSchemaVersion)
List< Content > getChildren()
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent)
ALLOC
Metadata structure is currently in an allocated state.
int countFilesMd5Hashed()
static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue)
CaseDbSchemaVersionNumber getDBSchemaCreationVersion()
ArrayList< BlackboardArtifact > getBlackboardArtifacts(int artifactTypeID)
void addErrorObserver(ErrorObserver observer)
DerivedFile updateDerivedFile(DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType)
Blackboard getBlackboard()
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, String md5, FileKnown known, String mimeType, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction)
TSK_FS_META_TYPE_DIR
Directory file NON-NLS.
List< AbstractFile > findFiles(Content dataSource, String fileName, AbstractFile parentFile)
synchronized void close()
TagName addOrUpdateTagName(String displayName, String description, TagName.HTML_COLOR color, TskData.FileKnown knownStatus)
void setFileMIMEType(AbstractFile file, String mimeType)
UNALLOC
Metadata structure is currently in an unallocated state.
void addBlackboardAttribute(BlackboardAttribute attr, int artifactTypeId)
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent, CaseDbTransaction transaction)
final List< LayoutFile > addLayoutFiles(Content parent, List< TskFileRange > fileRanges)
int addArtifactType(String artifactTypeName, String displayName)
List< DataSource > getDataSources()
BlackboardArtifactTagChange addArtifactTag(BlackboardArtifact artifact, TagName tagName, String comment)
synchronized CaseDbAccessManager getCaseDbAccessManager()
BlackboardArtifactTag getBlackboardArtifactTagByID(long artifactTagID)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, double value)
List< AbstractFile > openFiles(Content dataSource, String filePath)
List< BlackboardArtifactTag > getBlackboardArtifactTagsByArtifact(BlackboardArtifact artifact)
final IngestModuleInfo addIngestModule(String displayName, String factoryClassName, IngestModuleType type, String version)
long getBlackboardArtifactsCount(String artifactTypeName, long obj_id)
Content getContentById(long id)
BlackboardArtifactTag getAddedTag()
VersionNumber getDBSchemaVersion()
static IngestJobStatusType fromID(int typeId)
List< TagName > getTagNamesInUse()
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, byte value)
LAYOUT_FILE
Set of blocks from an image that have been designated as a file.
List< AbstractFile > findAllFilesInFolderWhere(long parentId, String sqlWhereClause)
static final String NAME_CARVED
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, String md5, String sha256, FileKnown known, String mimeType, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction)
static SleuthkitCase openCase(String databaseName, CaseDbConnectionInfo info, String caseDir)
static IngestModuleType fromID(int typeId)
List< ContentTag > getAllContentTags()
long getDataSourceObjectId()
List< VirtualDirectory > getVirtualDirectoryRoots()
LayoutFile addLayoutFile(String fileName, long size, TSK_FS_NAME_FLAG_ENUM dirFlag, TSK_FS_META_FLAG_ENUM metaFlag, long ctime, long crtime, long atime, long mtime, List< TskFileRange > fileRanges, Content parent)
long getBlackboardArtifactTagsCountByTagName(TagName tagName, long dsObjId)
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypes()
ContentTag getContentTagByID(long contentTagID)
LOCAL
Local file that was added (not from a disk image)
Map< Long, List< String > > getImagePaths()
List< Long > findAllFileIdsWhere(String sqlWhereClause)
synchronized TaggingManager getTaggingManager()
BlackboardArtifact getBlackboardArtifact(long artifactID)
List< BlackboardArtifact.Type > getArtifactTypesInUse()
BlackboardAttribute.Type addArtifactAttributeType(String attrTypeString, TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName)
AbstractFile getAbstractFileById(long id)
CARVED
Set of blocks for a file found from carving. Could be on top of a TSK_DB_FILES_TYPE_UNALLOC_BLOCKS ra...
BlackboardArtifactTag addBlackboardArtifactTag(BlackboardArtifact artifact, TagName tagName, String comment)
long countFilesWhere(String sqlWhereClause)
long getBlackboardArtifactsCount(ARTIFACT_TYPE artifactType, long obj_id)
FS
File System - see tsk_fs_info for more details.
Pool addPool(long parentObjId, TskData.TSK_POOL_TYPE_ENUM type, CaseDbTransaction transaction)
boolean isFileFromSource(Content dataSource, long fileId)
ArrayList< BlackboardArtifact > getMatchingArtifacts(String whereClause)
VirtualDirectory addVirtualDirectory(long parentId, String directoryName, CaseDbTransaction transaction)
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > getBlackboardArtifactTypesInUse()
void deleteReport(Report report)
List< Image > getImages()
int getAttrTypeID(String attrTypeName)
Image getImageById(long id)
Report addReport(String localPath, String sourceModuleName, String reportName, Content parent)
List< Content > getChildren()
USED
Metadata structure has been allocated at least once.
void unregisterForEvents(Object listener)
LOCAL_DIR
Local directory that was added (not from a disk image)
TimelineManager getTimelineManager()
final List< LayoutFile > addCarvedFiles(CarvingResult carvingResult)
void releaseSingleUserCaseReadLock()
VOL
Volume - see tsk_vs_parts for more details.
void closeRunQuery(ResultSet resultSet)
DerivedFile addDerivedFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType)
int addAttrType(String attrTypeString, String displayName)
void deleteBlackboardArtifactTag(BlackboardArtifactTag tag)
long getContentTagsCountByTagName(TagName tagName, long dsObjId)
List< ContentTag > getContentTagsByTagName(TagName tagName)
BlackboardArtifact newBlackboardArtifact(int artifactTypeID, long obj_id)
static String escapeSingleQuotes(String text)
String getAttrTypeDisplayName(int attrTypeID)
List< BlackboardArtifact > getBlackboardArtifacts(ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value)
List< AbstractFile > findFiles(Content dataSource, String fileName)
List< TagName > getAllTagNames()
Report getReportById(long id)
BlackboardAttribute.Type getAttributeType(String attrTypeName)
Image addImageInfo(long deviceObjId, List< String > imageFilePaths, String timeZone)
static HTML_COLOR getColorByName(String colorName)
void acquireSingleUserCaseWriteLock()
REPORT
Artifact - see blackboard_artifacts for more details.
List< AbstractFile > findFilesByMd5(String md5Hash)
long getBlackboardArtifactsTypeCount(int artifactTypeID, long dataSourceID)
BlackboardArtifact.Type getArtifactType(String artTypeName)
BlackboardArtifact newBlackboardArtifact(ARTIFACT_TYPE artifactType, long obj_id)
void releaseSingleUserCaseWriteLock()
DERIVED
File derived from a parent file (i.e. from ZIP)
List< LayoutFile > addCarvedFiles(List< CarvedFileContainer > filesToAdd)
List< BlackboardArtifactTag > getBlackboardArtifactTagsByTagName(TagName tagName)
static TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE fromType(long typeId)
static SleuthkitCase newCase(String caseName, CaseDbConnectionInfo info, String caseDirPath)
Report addReport(String localPath, String sourceModuleName, String reportName)
void releaseExclusiveLock()
List< BlackboardArtifactTag > getAllBlackboardArtifactTags()
ArrayList< BlackboardArtifact > getBlackboardArtifacts(String artifactTypeName, long obj_id)
Image addImage(TskData.TSK_IMG_TYPE_ENUM type, long sectorSize, long size, String displayName, List< String > imagePaths, String timezone, String md5, String sha1, String sha256, String deviceId, CaseDbTransaction transaction)
void removeErrorObserver(ErrorObserver observer)
String getContextString()
List< Content > getRootObjects()
List< AbstractFile > findFiles(Content dataSource, String fileName, String dirSubString)
ContentTagChange addContentTag(Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset)
FileSystem addFileSystem(long parentObjId, long imgOffset, TskData.TSK_FS_TYPE_ENUM type, long blockSize, long blockCount, long rootInum, long firstInum, long lastInum, String displayName, CaseDbTransaction transaction)
void acquireExclusiveLock()
boolean allFilesMd5Hashed()
String getAttrTypeString(int attrTypeID)
int getBlackboardAttributeTypesCount()
LayoutFile addCarvedFile(String carvedFileName, long carvedFileSize, long containerId, List< TskFileRange > data)
ArrayList< BlackboardAttribute.ATTRIBUTE_TYPE > getBlackboardAttributeTypes()
UNALLOC_BLOCKS
Set of blocks not allocated by file system. Parent should be image, volume, or file system...
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, AbstractFile parent)
ArrayList< BlackboardAttribute > getMatchingAttributes(String whereClause)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value)
long getBlackboardArtifactsTypeCount(int artifactTypeID)
List< ContentTag > getContentTagsByTagName(TagName tagName, long dsObjId)
void deleteContentTag(ContentTag tag)
static ObjectType valueOf(short objectType)
long getContentTagsCountByTagName(TagName tagName)
FsContent addFileSystemFile(long dataSourceObjId, long fsObjId, String fileName, long metaAddr, int metaSeq, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parent)
Collection< FileSystem > getImageFileSystems(Image image)
void updateImagePath(String newPath, long objectId)
VolumeSystem addVolumeSystem(long parentObjId, TskData.TSK_VS_TYPE_ENUM type, long imgOffset, long blockSize, CaseDbTransaction transaction)
Examiner getCurrentExaminer()
UNKNOWN
File marked as unknown by hash db.
List< TagName > getTagNamesInUse(long dsObjId)
List< AbstractFile > findAllFilesWhere(String sqlWhereClause)
boolean setKnown(AbstractFile file, FileKnown fileKnown)
static void tryConnect(CaseDbConnectionInfo info)
static SleuthkitCase openCase(String dbPath)
CaseDbQuery executeInsertOrUpdate(String query)
static String createNonUniquePath(String uniquePath)
List< BlackboardArtifactTag > getBlackboardArtifactTagsByTagName(TagName tagName, long dsObjId)
Volume addVolume(long parentObjId, long addr, long start, long length, String desc, long flags, CaseDbTransaction transaction)
long getBlackboardArtifactsCount(int artifactTypeID, long obj_id)
void submitError(String context, String errorMessage)
final List< IngestJobInfo > getIngestJobs()
ALLOC
Name is in an allocated state.
VIRTUAL_DIR
Virtual directory (not on fs) with no meta-data entry that can be used to group files of types other ...
static SleuthkitCase newCase(String dbPath)
String getBackupDatabasePath()
void acquireSingleUserCaseReadLock()
VirtualDirectory addVirtualDirectory(long parentId, String directoryName)
LocalFile addLocalFile(String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, TskData.EncodingType encodingType, Content parent, CaseDbTransaction transaction)
List< ContentTag > getContentTagsByContent(Content content)
ArrayList< BlackboardArtifact > getBlackboardArtifacts(ARTIFACT_TYPE artifactType, long obj_id)
int countFsContentType(TskData.TSK_FS_META_TYPE_ENUM contentType)
TagName addTagName(String displayName, String description, TagName.HTML_COLOR color)
ABSTRACTFILE
File - see tsk_files for more details.
ContentTag addContentTag(Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset)
DataSource getDataSource(long objectId)
List< BlackboardArtifact > getBlackboardArtifacts(BlackboardAttribute.ATTRIBUTE_TYPE attrType, String subString, boolean startsWith)
TSK_FS_META_TYPE_REG
Regular file NON-NLS.
Iterable< BlackboardArtifact.Type > getArtifactTypes()
List< BlackboardAttribute.Type > getAttributeTypes()
LocalFilesDataSource addLocalFilesDataSource(String deviceId, String rootDirectoryName, String timeZone, CaseDbTransaction transaction)
AddImageProcess makeAddImageProcess(String timeZone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageCopyPath)
List< FsContent > findFilesWhere(String sqlWhereClause)
static ReviewStatus withID(int id)
void copyCaseDB(String newDBPath)
ResultSet runQuery(String query)
List< TskFileRange > getFileRanges(long id)
BlackboardArtifact.Type addBlackboardArtifactType(String artifactTypeName, String displayName)
void registerForEvents(Object listener)
CaseDbQuery executeQuery(String query)
void setReviewStatus(BlackboardArtifact artifact, BlackboardArtifact.ReviewStatus newStatus)
void setImagePaths(long obj_id, List< String > paths)
VS
Volume System - see tsk_vs_info for more details.
IMG
Disk Image - see tsk_image_info for more details.
UNALLOC
Name is in an unallocated state.
Collection< FileSystem > getFileSystems(Image image)
LocalDirectory addLocalDirectory(long parentId, String directoryName)