TskData.java

Go to the documentation of this file.

/*
 * Sleuth Kit Data Model
 *
 * Copyright 2011 Basis Technology Corp.
 * Contact: carrier <at> sleuthkit <dot> org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.sleuthkit.datamodel;

import java.text.MessageFormat;
import java.util.ResourceBundle;
import java.util.EnumSet;
import java.util.Set;

public class TskData {

        private static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");

        public enum TSK_FS_NAME_TYPE_ENUM {

                UNDEF(0, "-"), 
                FIFO(1, "p"), 
                CHR(2, "c"), 
                DIR(3, "d"), 
                BLK(4, "b"), 
                REG(5, "r"), 
                LNK(6, "l"), 
                SOCK(7, "s"), 
                SHAD(8, "h"), 
                WHT(9, "w"), 
                VIRT(10, "v");     

                private short dirType;
                String label;

                private TSK_FS_NAME_TYPE_ENUM(int type, String label) {
                        this.dirType = (short) type;
                        this.label = label;
                }

                public short getValue() {
                        return dirType;
                }

                public String getLabel() {
                        return this.label;
                }

                static public TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type) {
                        for (TSK_FS_NAME_TYPE_ENUM v : TSK_FS_NAME_TYPE_ENUM.values()) {
                                if (v.dirType == dir_type) {
                                        return v;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskFsNameTypeEnum.exception.msg1.text"), dir_type));
                }
        }

        public enum TSK_FS_META_TYPE_ENUM {

                TSK_FS_META_TYPE_UNDEF(0, "-"),
                TSK_FS_META_TYPE_REG(1, "r"), 
                TSK_FS_META_TYPE_DIR(2, "d"), 
                TSK_FS_META_TYPE_FIFO(3, "p"), 
                TSK_FS_META_TYPE_CHR(4, "c"), 
                TSK_FS_META_TYPE_BLK(5, "b"), 
                TSK_FS_META_TYPE_LNK(6, "l"), 
                TSK_FS_META_TYPE_SHAD(7, "s"), 
                TSK_FS_META_TYPE_SOCK(8, "h"), 
                TSK_FS_META_TYPE_WHT(9, "w"), 
                TSK_FS_META_TYPE_VIRT(10, "v");      

                private short metaType;
                private String metaTypeStr;

                private TSK_FS_META_TYPE_ENUM(int type, String metaTypeStr) {
                        this.metaType = (short) type;
                        this.metaTypeStr = metaTypeStr;
                }

                public short getValue() {
                        return metaType;
                }

                @Override
                public String toString() {
                        return metaTypeStr;
                }

                public static TSK_FS_META_TYPE_ENUM valueOf(short metaType) {
                        for (TSK_FS_META_TYPE_ENUM type : TSK_FS_META_TYPE_ENUM.values()) {
                                if (type.getValue() == metaType) {
                                        return type;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskFsMetaTypeEnum.exception.msg1.text"), metaType));
                }
        }

        public enum TSK_FS_NAME_FLAG_ENUM {

                ALLOC(1, bundle.getString("TskData.tskFsNameFlagEnum.allocated")), 
                UNALLOC(2, bundle.getString("TskData.tskFsNameFlagEnum.unallocated"));    

                private short dirFlag;
                private String dirFlagStr;

                private TSK_FS_NAME_FLAG_ENUM(int flag, String dirFlagStr) {
                        this.dirFlag = (short) flag;
                        this.dirFlagStr = dirFlagStr;
                }

                public short getValue() {
                        return dirFlag;
                }

                @Override
                public String toString() {
                        return dirFlagStr;
                }

                public static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag) {
                        for (TSK_FS_NAME_FLAG_ENUM flag : TSK_FS_NAME_FLAG_ENUM.values()) {
                                if (flag.dirFlag == dirFlag) {
                                        return flag;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskFsNameFlagEnum.exception.msg1.text"), dirFlag));
                }
        }

        public enum TSK_FS_META_FLAG_ENUM {

                ALLOC(1, bundle.getString("TskData.tskFsMetaFlagEnum.allocated")), 
                UNALLOC(2, bundle.getString("TskData.tskFsMetaFlagEnum.unallocated")), 
                USED(4, bundle.getString("TskData.tskFsMetaFlagEnum.used")), 
                UNUSED(8, bundle.getString("TskData.tskFsMetaFlagEnum.unused")), 
                COMP(16, bundle.getString("TskData.tskFsMetaFlagEnum.compressed")), 
                ORPHAN(32, bundle.getString("TskData.tskFsMetaFlagEnum.orphan"));       

                private short meta_flag;
                private String label;

                private TSK_FS_META_FLAG_ENUM(int flag, String label) {
                        this.meta_flag = (short) flag;
                        this.label = label;
                }

                public short getValue() {
                        return meta_flag;
                }

                @Override
                public String toString() {
                        return label;
                }

                public static Set<TSK_FS_META_FLAG_ENUM> valuesOf(short metaFlags) {
                        Set<TSK_FS_META_FLAG_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_FLAG_ENUM.class);

                        for (TSK_FS_META_FLAG_ENUM v : TSK_FS_META_FLAG_ENUM.values()) {
                                long flag = v.getValue();

                                if ((metaFlags & flag) == flag) {
                                        matchedFlags.add(v);
                                }
                        }

                        return matchedFlags;
                }

                public static short toInt(Set<TSK_FS_META_FLAG_ENUM> metaFlags) {
                        short val = 0;
                        for (TSK_FS_META_FLAG_ENUM flag : metaFlags) {
                                val |= flag.getValue();
                        }
                        return val;
                }

        }

        public enum TSK_FS_ATTR_TYPE_ENUM {

                TSK_FS_ATTR_TYPE_NOT_FOUND(0x00), // 0
                TSK_FS_ATTR_TYPE_DEFAULT(0x01), // 1
                TSK_FS_ATTR_TYPE_NTFS_SI(0x10), // 16
                TSK_FS_ATTR_TYPE_NTFS_ATTRLIST(0x20), // 32
                TSK_FS_ATTR_TYPE_NTFS_FNAME(0x30), // 48
                TSK_FS_ATTR_TYPE_NTFS_VVER(0x40), // 64 (NT)
                TSK_FS_ATTR_TYPE_NTFS_OBJID(0x40), // 64 (2K)
                TSK_FS_ATTR_TYPE_NTFS_SEC(0x50), // 80
                TSK_FS_ATTR_TYPE_NTFS_VNAME(0x60), // 96
                TSK_FS_ATTR_TYPE_NTFS_VINFO(0x70), // 112
                TSK_FS_ATTR_TYPE_NTFS_DATA(0x80), // 128
                TSK_FS_ATTR_TYPE_NTFS_IDXROOT(0x90), // 144
                TSK_FS_ATTR_TYPE_NTFS_IDXALLOC(0xA0), // 160
                TSK_FS_ATTR_TYPE_NTFS_BITMAP(0xB0), // 176
                TSK_FS_ATTR_TYPE_NTFS_SYMLNK(0xC0), // 192 (NT)
                TSK_FS_ATTR_TYPE_NTFS_REPARSE(0xC0), // 192 (2K)
                TSK_FS_ATTR_TYPE_NTFS_EAINFO(0xD0), // 208
                TSK_FS_ATTR_TYPE_NTFS_EA(0xE0), // 224
                TSK_FS_ATTR_TYPE_NTFS_PROP(0xF0), //  (NT)
                TSK_FS_ATTR_TYPE_NTFS_LOG(0x100), //  (2K)
                TSK_FS_ATTR_TYPE_UNIX_INDIR(0x1001), //  Indirect blocks for UFS and ExtX file systems

                // Types for HFS+ File Attributes
                TSK_FS_ATTR_TYPE_HFS_DEFAULT(0x01), // 1    Data fork of fs special files and misc
                TSK_FS_ATTR_TYPE_HFS_DATA(0x1100), // 4352 Data fork of regular files
                TSK_FS_ATTR_TYPE_HFS_RSRC(0x1101), // 4353 Resource fork of regular files
                TSK_FS_ATTR_TYPE_HFS_EXT_ATTR(0x1102), // 4354 Extended Attributes) except compression records
                TSK_FS_ATTR_TYPE_HFS_COMP_REC(0x1103); // 4355 Compression records

                private int val;

                private TSK_FS_ATTR_TYPE_ENUM(int val) {
                        this.val = val;
                }

                public int getValue() {
                        return val;
                }

                public static TSK_FS_ATTR_TYPE_ENUM valueOf(int val) {
                        for (TSK_FS_ATTR_TYPE_ENUM type : TSK_FS_ATTR_TYPE_ENUM.values()) {
                                if (type.val == val) {
                                        return type;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskFsAttrTypeEnum.exception.msg1.text"), val));
                }
        };

        public enum TSK_VS_PART_FLAG_ENUM {

                TSK_VS_PART_FLAG_ALLOC(1), 
                TSK_VS_PART_FLAG_UNALLOC(2), 
                TSK_VS_PART_FLAG_META(4), 
                TSK_VS_PART_FLAG_ALL(7);        

                private long vs_flag;

                private TSK_VS_PART_FLAG_ENUM(long flag) {
                        vs_flag = flag;
                }

                public long getVsFlag() {
                        return vs_flag;
                }

        }

        public enum TSK_FS_META_MODE_ENUM {
                /* The following describe the file permissions */

                TSK_FS_META_MODE_ISUID(0004000), 
                TSK_FS_META_MODE_ISGID(0002000), 
                TSK_FS_META_MODE_ISVTX(0001000), 

                TSK_FS_META_MODE_IRUSR(0000400), 
                TSK_FS_META_MODE_IWUSR(0000200), 
                TSK_FS_META_MODE_IXUSR(0000100), 

                TSK_FS_META_MODE_IRGRP(0000040), 
                TSK_FS_META_MODE_IWGRP(0000020), 
                TSK_FS_META_MODE_IXGRP(0000010), 

                TSK_FS_META_MODE_IROTH(0000004), 
                TSK_FS_META_MODE_IWOTH(0000002), 
                TSK_FS_META_MODE_IXOTH(0000001);       

                private short mode;

                private TSK_FS_META_MODE_ENUM(int mode) {
                        this.mode = (short) mode;
                }

                public short getMode() {
                        return mode;
                }

                public static Set<TSK_FS_META_MODE_ENUM> valuesOf(short modes) {
                        Set<TSK_FS_META_MODE_ENUM> matchedFlags = EnumSet.noneOf(TSK_FS_META_MODE_ENUM.class);

                        for (TSK_FS_META_MODE_ENUM v : TSK_FS_META_MODE_ENUM.values()) {
                                long flag = v.getMode();

                                if ((modes & flag) == flag) {
                                        matchedFlags.add(v);
                                }
                        }

                        return matchedFlags;
                }

                public static short toInt(Set<TSK_FS_META_MODE_ENUM> modes) {
                        short modesInt = 0;
                        for (TSK_FS_META_MODE_ENUM mode : modes) {
                                modesInt |= mode.getMode();
                        }
                        return modesInt;
                }
        };

    
        public enum TSK_FS_TYPE_ENUM {

                TSK_FS_TYPE_DETECT(0x00000000), 
                TSK_FS_TYPE_NTFS(0x00000001), 
                TSK_FS_TYPE_NTFS_DETECT(0x00000001), 
                TSK_FS_TYPE_FAT12(0x00000002), 
                TSK_FS_TYPE_FAT16(0x00000004), 
                TSK_FS_TYPE_FAT32(0x00000008), 
                TSK_FS_TYPE_EXFAT(0x0000000A), 
                TSK_FS_TYPE_FAT_DETECT(0x0000000e), 
                TSK_FS_TYPE_FFS1(0x00000010), 
                TSK_FS_TYPE_FFS1B(0x00000020), 
                TSK_FS_TYPE_FFS2(0x00000040), 
                TSK_FS_TYPE_FFS_DETECT(0x00000070), 
                TSK_FS_TYPE_EXT2(0x00000080), 
                TSK_FS_TYPE_EXT3(0x00000100), 
                TSK_FS_TYPE_EXT_DETECT(0x00000180), 
                TSK_FS_TYPE_SWAP(0x00000200), 
                TSK_FS_TYPE_SWAP_DETECT(0x00000200), 
                TSK_FS_TYPE_RAW(0x00000400), 
                TSK_FS_TYPE_RAW_DETECT(0x00000400), 
                TSK_FS_TYPE_ISO9660(0x00000800), 
                TSK_FS_TYPE_ISO9660_DETECT(0x00000800), 
                TSK_FS_TYPE_HFS(0x00001000), 
                TSK_FS_TYPE_HFS_DETECT(0x00001000), 
                TSK_FS_TYPE_EXT4(0x00002000), 
                TSK_FS_TYPE_YAFFS2(0x00004000), 
                TSK_FS_TYPE_YAFFS2_DETECT(0x00004000), 
                TSK_FS_TYPE_UNSUPP(0xffffffff);        

                private int value;

                private TSK_FS_TYPE_ENUM(int value) {
                        this.value = value;
                }

                public int getValue() {
                        return value;
                }

                public static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue) {
                        for (TSK_FS_TYPE_ENUM type : TSK_FS_TYPE_ENUM.values()) {
                                if (type.value == fsTypeValue) {
                                        return type;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskFsTypeEnum.exception.msg1.text"), fsTypeValue));
                }

        };

    public enum TSK_IMG_TYPE_ENUM {

                TSK_IMG_TYPE_DETECT(0, bundle.getString("TskData.tskImgTypeEnum.autoDetect")), // Auto Detection
                TSK_IMG_TYPE_RAW_SING(1, bundle.getString("TskData.tskImgTypeEnum.rawSingle")), // Single raw file (dd)
                TSK_IMG_TYPE_RAW_SPLIT(2, bundle.getString("TskData.tskImgTypeEnum.rawSplit")), // Split raw files
                TSK_IMG_TYPE_AFF_AFF(4, "AFF"), // Advanced Forensic Format NON-NLS
                TSK_IMG_TYPE_AFF_AFD(8, "AFD"), // AFF Multiple File NON-NLS
                TSK_IMG_TYPE_AFF_AFM(16, "AFM"), // AFF with external metadata NON-NLS
                TSK_IMG_TYPE_AFF_ANY(32, "AFF"), // All AFFLIB image formats (including beta ones) NON-NLS
                TSK_IMG_TYPE_EWF_EWF(64, "E01"), // Expert Witness format (encase) NON-NLS
                TSK_IMG_TYPE_UNSUPP(65535, bundle.getString("TskData.tskImgTypeEnum.unknown"));   // Unsupported Image Type

                private long imgType;
                private String name;

                private TSK_IMG_TYPE_ENUM(long type, String name) {
                        this.imgType = type;
                        this.name = name;
                }

                public static TSK_IMG_TYPE_ENUM valueOf(long imgType) {
                        for (TSK_IMG_TYPE_ENUM type : TSK_IMG_TYPE_ENUM.values()) {
                                if (type.getValue() == imgType) {
                                        return type;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskImgTypeEnum.exception.msg1.text"), imgType));
                }

                public long getValue() {
                        return imgType;
                }

                public String getName() {
                        return name;
                }
        };

    public enum TSK_VS_TYPE_ENUM {

                TSK_VS_TYPE_DETECT(0x0000, bundle.getString("TskData.tskVSTypeEnum.autoDetect")), 
                TSK_VS_TYPE_DOS(0x0001, "DOS"), 
                TSK_VS_TYPE_BSD(0x0002, "BSD"), 
                TSK_VS_TYPE_SUN(0x0004, "SUN VTOC"), 
                TSK_VS_TYPE_MAC(0x0008, "Mac"), 
                TSK_VS_TYPE_GPT(0x0010, "GPT"), 
                TSK_VS_TYPE_DBFILLER(0x00F0, bundle.getString("TskData.tskVSTypeEnum.fake")), 
                TSK_VS_TYPE_UNSUPP(0xFFFF, bundle.getString("TskData.tskVSTypeEnum.unsupported"));    

                private long vsType;
                private String name;

                private TSK_VS_TYPE_ENUM(long type, String name) {
                        this.vsType = type;
                        this.name = name;
                }

                public static TSK_VS_TYPE_ENUM valueOf(long vsType) {
                        for (TSK_VS_TYPE_ENUM type : TSK_VS_TYPE_ENUM.values()) {
                                if (type.getVsType() == vsType) {
                                        return type;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskVSTypeEnum.exception.msg1.text"), vsType));
                }

                public long getVsType() {
                        return vsType;
                }

                public String getName() {
                        return name;
                }
        };


        public enum ObjectType {

                IMG(0), 
                VS(1), 
                VOL(2), 
                FS(3), 
                ABSTRACTFILE(4); 

                private short objectType;

                private ObjectType(int objectType) {
                        this.objectType = (short) objectType;
                }

                public short getObjectType() {
                        return objectType;
                }

                public static ObjectType valueOf(short objectType) {
                        for (ObjectType v : ObjectType.values()) {
                                if (v.objectType == objectType) {
                                        return v;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.objectTypeEnum.exception.msg1.text"), objectType));
                }
        }

        public enum TSK_DB_FILES_TYPE_ENUM {

                FS(0, "File System"), 
                CARVED(1, "Carved"), 
                DERIVED(2, "Derived"), 
                LOCAL(3, "Local"), 
                UNALLOC_BLOCKS(4, "Unallocated Blocks"), 
                UNUSED_BLOCKS(5, "Unused Blocks"), 
                VIRTUAL_DIR(6, "Virtual Directory"), 
                ;

                private final short fileType;
                private final String name;

                private TSK_DB_FILES_TYPE_ENUM(int fileType, String name) {
                        this.fileType = (short) fileType;
                        this.name = name;
                }

                public static TSK_DB_FILES_TYPE_ENUM valueOf(short fileType) {
                        for (TSK_DB_FILES_TYPE_ENUM type : TSK_DB_FILES_TYPE_ENUM.values()) {
                                if (type.fileType == fileType) {
                                        return type;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.tskDbFilesTypeEnum.exception.msg1.text"), fileType));
                }

                public short getFileType() {
                        return fileType;
                }

                public String getName() {
                        return name;
                }
        }

        public enum FileKnown {

                UNKNOWN(0, bundle.getString("TskData.fileKnown.unknown")), 
                KNOWN(1, bundle.getString("TskData.fileKnown.known")), 
                BAD(2, bundle.getString("TskData.fileKnown.knownBad")); 

                private byte known;
                private String name;

                private FileKnown(int known, String name) {
                        this.known = (byte) known;
                        this.name = name;
                }

                public static FileKnown valueOf(byte known) {
                        for (FileKnown v : FileKnown.values()) {
                                if (v.known == known) {
                                        return v;
                                }
                        }
                        throw new IllegalArgumentException(
                                        MessageFormat.format(bundle.getString("TskData.fileKnown.exception.msg1.text"), known));
                }

                public String getName() {
                        return this.name;
                }

                public byte getFileKnownValue() {
                        return this.known;
                }
        }
}