Sleuth Kit Java Bindings (JNI)  4.2
Java bindings for using The Sleuth Kit
DerivedFile.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2013 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.text.MessageFormat;
22 import java.util.ResourceBundle;
23 import java.util.List;
24 import java.util.logging.Level;
25 import java.util.logging.Logger;
26 
27 import org.sleuthkit.datamodel.TskData.FileKnown;
28 import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
29 import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
30 import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
31 import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM;
32 
42 public class DerivedFile extends AbstractFile {
43 
44  private volatile DerivedMethod derivedMethod;
45  private static final Logger logger = Logger.getLogger(DerivedFile.class.getName());
46  private static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
47  private boolean hasDerivedMethod = true;
48 
71  protected DerivedFile(SleuthkitCase db, long objId, String name, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size,
72  long ctime, long crtime, long atime, long mtime,
73  String md5Hash, FileKnown knownState, String parentPath, String localPath, long parentId) {
74 
75  super(db, objId, TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_DEFAULT, (short) 0,
76  name, TSK_DB_FILES_TYPE_ENUM.LOCAL, 0L, 0, dirType, metaType, dirFlag,
77  metaFlags, size, ctime, crtime, atime, mtime, (short) 0, 0, 0, md5Hash, knownState, parentPath);
78 
79  //use the local path read infrastructure
80  setLocalPath(localPath, false); //local paths for derived files are relative to case db
81  }
82 
83  @Override
84  public boolean isRoot() {
85  //not a root of a fs, since it always has a parent
86  return false;
87  }
88 
89  @Override
90  public Content getDataSource() throws TskCoreException {
91  //TODO need schema support to implement this more efficiently
92  Content parent = getParent();
93  Content dataSource = parent.getDataSource();
94  while (dataSource == null) {
95  parent = parent.getParent();
96  if (parent == null) {
97  //should never happen
98  break;
99  }
100  dataSource = parent.getDataSource();
101  }
102  return dataSource;
103  }
104 
105  @Override
106  public List<Content> getChildren() throws TskCoreException {
107  //derived file/dir children, can only be other derived files
108  return getSleuthkitCase().getAbstractFileChildren(this, TSK_DB_FILES_TYPE_ENUM.DERIVED);
109 
110  }
111 
112  @Override
113  public List<Long> getChildrenIds() throws TskCoreException {
114  //derived file/dir children, can only be other derived files
115  return getSleuthkitCase().getAbstractFileChildrenIds(this, TSK_DB_FILES_TYPE_ENUM.DERIVED);
116  }
117 
118  @Override
119  public <T> T accept(SleuthkitItemVisitor<T> v) {
120  return v.visit(this);
121  }
122 
123  @Override
124  public <T> T accept(ContentVisitor<T> v) {
125  return v.visit(this);
126  }
127 
135  public synchronized DerivedMethod getDerivedMethod() throws TskCoreException {
136  if (derivedMethod == null && hasDerivedMethod == true) {
137  try {
138  derivedMethod = getSleuthkitCase().getDerivedMethod(getId());
139  if (derivedMethod == null) {
140  hasDerivedMethod = false; //do not attempt to lazy load
141  }
142  } catch (TskCoreException e) {
143  String msg = MessageFormat.format(bundle.getString("DerviedFile.derivedMethod.exception.msg1.text"), getId());
144  logger.log(Level.WARNING, msg, e);
145  throw new TskCoreException(msg, e);
146  }
147  }
148 
149  return derivedMethod;
150  }
151 
152  @Override
153  protected void finalize() throws Throwable {
154  try {
155  close();
156  } finally {
157  super.finalize(); //To change body of generated methods, choose Tools | Templates.
158  }
159  }
160 
161  @Override
162  public String toString(boolean preserveState) {
163  return super.toString(preserveState) + "DerivedFile{" //NON-NLS
164  + "derivedMethod=" + derivedMethod //NON-NLS
165  + ", hasDerivedMethod=" + hasDerivedMethod //NON-NLS
166  + '}';
167  }
168 
173  public static class DerivedMethod {
174 
175  private int derivedId;
176  private String toolName;
177  private String toolVersion;
178  private String other;
179  private String rederiveDetails;
180 
181  public DerivedMethod(int derivedId, String rederiveDetails) {
182  this.derivedId = derivedId;
183  this.rederiveDetails = rederiveDetails;
184  if (this.rederiveDetails == null) {
185  this.rederiveDetails = "";
186  }
187  this.toolName = "";
188  this.toolVersion = "";
189  this.other = "";
190  }
191 
192  void setToolName(String toolName) {
193  this.toolName = toolName;
194  }
195 
196  void setToolVersion(String toolVersion) {
197  this.toolVersion = toolVersion;
198  }
199 
200  void setOther(String other) {
201  this.other = other;
202  }
203 
204  public int getDerivedId() {
205  return derivedId;
206  }
207 
208  public String getToolName() {
209  return toolName;
210  }
211 
212  public String getToolVersion() {
213  return toolVersion;
214  }
215 
216  public String getOther() {
217  return other;
218  }
219 
220  public String getRederiveDetails() {
221  return rederiveDetails;
222  }
223 
224  @Override
225  public String toString() {
226  return "DerivedMethod{" + "derived_id=" + derivedId + ", toolName=" + toolName + ", toolVersion=" + toolVersion + ", other=" + other + ", rederiveDetails=" + rederiveDetails + '}'; //NON-NLS
227  }
228  }
229 }
org.sleuthkit.datamodel.AbstractContent.parentId
long parentId
Definition: AbstractContent.java:44
org.sleuthkit.datamodel.AbstractFile.dirType
final TSK_FS_NAME_TYPE_ENUM dirType
Definition: AbstractFile.java:46
org.sleuthkit.datamodel.AbstractContent.getParent
synchronized Content getParent()
Definition: AbstractContent.java:118
org.sleuthkit.datamodel.DerivedFile.DerivedMethod.DerivedMethod
DerivedMethod(int derivedId, String rederiveDetails)
Definition: DerivedFile.java:181
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM.TSK_FS_ATTR_TYPE_DEFAULT
TSK_FS_ATTR_TYPE_DEFAULT
Definition: TskData.java:271
org.sleuthkit.datamodel.AbstractFile.dirFlag
final TSK_FS_NAME_FLAG_ENUM dirFlag
Definition: AbstractFile.java:48
org.sleuthkit.datamodel.AbstractContent.getName
String getName()
Definition: AbstractContent.java:62
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM
Definition: TskData.java:38
org.sleuthkit.datamodel.DerivedFile.DerivedMethod.rederiveDetails
String rederiveDetails
details to rederive specific to this method
Definition: DerivedFile.java:179
org.sleuthkit.datamodel.DerivedFile.DerivedFile
DerivedFile(SleuthkitCase db, long objId, String name, TSK_FS_NAME_TYPE_ENUM dirType, TSK_FS_META_TYPE_ENUM metaType, TSK_FS_NAME_FLAG_ENUM dirFlag, short metaFlags, long size, long ctime, long crtime, long atime, long mtime, String md5Hash, FileKnown knownState, String parentPath, String localPath, long parentId)
Definition: DerivedFile.java:71
org.sleuthkit.datamodel.Content.getDataSource
Content getDataSource()
org.sleuthkit.datamodel.Content.getParent
Content getParent()
org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM
Definition: TskData.java:150
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL
LOCAL
Local file that was added (not from a disk image)
Definition: TskData.java:647
org.sleuthkit.datamodel.DerivedFile.toString
String toString(boolean preserveState)
Definition: DerivedFile.java:162
org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM
Definition: TskData.java:268
org.sleuthkit.datamodel.AbstractContent.db
final SleuthkitCase db
Definition: AbstractContent.java:39
org.sleuthkit.datamodel.AbstractContent.parent
Content parent
Definition: AbstractContent.java:42
org.sleuthkit.datamodel.DerivedFile.hasDerivedMethod
boolean hasDerivedMethod
whether it has the derived method to lazy load or not
Definition: DerivedFile.java:47
org.sleuthkit.datamodel.AbstractFile.metaFlags
final Set< TSK_FS_META_FLAG_ENUM > metaFlags
Definition: AbstractFile.java:49
org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase
SleuthkitCase getSleuthkitCase()
Definition: AbstractContent.java:167
org.sleuthkit.datamodel.Content
Definition: Content.java:32
org.sleuthkit.datamodel.AbstractFile.localPath
String localPath
local path as stored in db tsk_files_path, is relative to the db,
Definition: AbstractFile.java:59
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED
DERIVED
File derived from a parent file (i.e. from ZIP)
Definition: TskData.java:646
org.sleuthkit.datamodel.DerivedFile.DerivedMethod.toolName
String toolName
Name of derivation method/tool.
Definition: DerivedFile.java:176
org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM
Definition: TskData.java:99
org.sleuthkit.datamodel.AbstractContent.getId
long getId()
Definition: AbstractContent.java:147
org.sleuthkit.datamodel.DerivedFile.DerivedMethod.derivedId
int derivedId
Unique id for this derivation method.
Definition: DerivedFile.java:175
org.sleuthkit.datamodel.DerivedFile.derivedMethod
volatile DerivedMethod derivedMethod
Definition: DerivedFile.java:44
org.sleuthkit.datamodel.DerivedFile.getDerivedMethod
synchronized DerivedMethod getDerivedMethod()
Definition: DerivedFile.java:135
org.sleuthkit.datamodel.AbstractFile.setLocalPath
void setLocalPath(String localPath, boolean isAbsolute)
Definition: AbstractFile.java:781
org.sleuthkit.datamodel.AbstractContent.name
String name
Definition: AbstractContent.java:41
org.sleuthkit.datamodel.AbstractFile.metaType
final TSK_FS_META_TYPE_ENUM metaType
Definition: AbstractFile.java:47
org.sleuthkit.datamodel.DerivedFile.DerivedMethod.toolVersion
String toolVersion
Version of tool used in derivation method.
Definition: DerivedFile.java:177
org.sleuthkit.datamodel.AbstractContent.objId
long objId
Definition: AbstractContent.java:40
org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM
Definition: TskData.java:642

Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.