Sleuth Kit Java Bindings (JNI)
4.2
Java bindings for using The Sleuth Kit
|
Classes | |
class | CaseDbConnection |
class | CaseDbQuery |
class | CaseDbTransaction |
class | ConnectionPerThreadDispenser |
interface | ErrorObserver |
class | ObjectInfo |
Public Member Functions | |
void | acquireExclusiveLock () |
void | acquireSharedLock () |
int | addArtifactType (String artifactTypeName, String displayName) throws TskCoreException |
int | addAttrType (String attrTypeString, String displayName) throws TskCoreException |
BlackboardArtifactTag | addBlackboardArtifactTag (BlackboardArtifact artifact, TagName tagName, String comment) throws TskCoreException |
void | addBlackboardAttribute (BlackboardAttribute attr, int artifactTypeId) throws TskCoreException |
void | addBlackboardAttributes (Collection< BlackboardAttribute > attributes, int artifactTypeId) throws TskCoreException |
LayoutFile | addCarvedFile (String carvedFileName, long carvedFileSize, long containerId, List< TskFileRange > data) throws TskCoreException |
List< LayoutFile > | addCarvedFiles (List< CarvedFileContainer > filesToAdd) throws TskCoreException |
ContentTag | addContentTag (Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset) throws TskCoreException |
DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException |
void | addErrorObserver (ErrorObserver observer) |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent) throws TskCoreException |
LocalFile | addLocalFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parent, CaseDbTransaction trans) throws TskCoreException |
Report | addReport (String localPath, String sourceModuleName, String reportName) throws TskCoreException |
TagName | addTagName (String displayName, String description, TagName.HTML_COLOR color) throws TskCoreException |
VirtualDirectory | addVirtualDirectory (long parentId, String directoryName) throws TskCoreException |
VirtualDirectory | addVirtualDirectory (long parentId, String directoryName, CaseDbTransaction trans) throws TskCoreException |
boolean | allFilesMd5Hashed () |
CaseDbTransaction | beginTransaction () throws TskCoreException |
void | close () |
void | closeRunQuery (ResultSet resultSet) throws SQLException |
void | copyCaseDB (String newDBPath) throws IOException |
int | countFilesMd5Hashed () |
long | countFilesWhere (String sqlWhereClause) throws TskCoreException |
int | countFsContentType (TskData.TSK_FS_META_TYPE_ENUM contentType) throws TskCoreException |
void | deleteBlackboardArtifactTag (BlackboardArtifactTag tag) throws TskCoreException |
void | deleteContentTag (ContentTag tag) throws TskCoreException |
void | deleteReport (Report report) throws TskCoreException |
CaseDbQuery | executeQuery (String query) throws TskCoreException |
void | finalize () throws Throwable |
List< Long > | findAllFileIdsWhere (String sqlWhereClause) throws TskCoreException |
List< AbstractFile > | findAllFilesWhere (String sqlWhereClause) throws TskCoreException |
List< AbstractFile > | findFiles (Content dataSource, String fileName) throws TskCoreException |
List< AbstractFile > | findFiles (Content dataSource, String fileName, String dirName) throws TskCoreException |
List< AbstractFile > | findFiles (Content dataSource, String fileName, AbstractFile parentFile) throws TskCoreException |
List< AbstractFile > | findFilesByMd5 (String md5Hash) |
List< FsContent > | findFilesWhere (String sqlWhereClause) throws TskCoreException |
AbstractFile | getAbstractFileById (long id) throws TskCoreException |
List< BlackboardArtifactTag > | getAllBlackboardArtifactTags () throws TskCoreException |
List< ContentTag > | getAllContentTags () throws TskCoreException |
List< Report > | getAllReports () throws TskCoreException |
List< TagName > | getAllTagNames () throws TskCoreException |
int | getArtifactTypeID (String artifactTypeName) throws TskCoreException |
String | getAttrTypeDisplayName (int attrTypeID) throws TskCoreException |
int | getAttrTypeID (String attrTypeName) throws TskCoreException |
String | getAttrTypeString (int attrTypeID) throws TskCoreException |
String | getBackupDatabasePath () |
BlackboardArtifact | getBlackboardArtifact (long artifactID) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (int artifactTypeID) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, String subString, boolean startsWith) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, int value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, long value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, double value) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (BlackboardAttribute.ATTRIBUTE_TYPE attrType, byte value) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (String artifactTypeName, long obj_id) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (int artifactTypeID, long obj_id) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (String artifactTypeName) throws TskCoreException |
ArrayList< BlackboardArtifact > | getBlackboardArtifacts (ARTIFACT_TYPE artifactType) throws TskCoreException |
List< BlackboardArtifact > | getBlackboardArtifacts (ARTIFACT_TYPE artifactType, BlackboardAttribute.ATTRIBUTE_TYPE attrType, String value) throws TskCoreException |
long | getBlackboardArtifactsCount (long objId) throws TskCoreException |
long | getBlackboardArtifactsCount (String artifactTypeName, long obj_id) throws TskCoreException |
long | getBlackboardArtifactsCount (int artifactTypeID, long obj_id) throws TskCoreException |
long | getBlackboardArtifactsCount (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException |
long | getBlackboardArtifactsTypeCount (int artifactTypeID) throws TskCoreException |
List< BlackboardArtifactTag > | getBlackboardArtifactTagsByArtifact (BlackboardArtifact artifact) throws TskCoreException |
List< BlackboardArtifactTag > | getBlackboardArtifactTagsByTagName (TagName tagName) throws TskCoreException |
long | getBlackboardArtifactTagsCountByTagName (TagName tagName) throws TskCoreException |
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > | getBlackboardArtifactTypes () throws TskCoreException |
ArrayList< BlackboardArtifact.ARTIFACT_TYPE > | getBlackboardArtifactTypesInUse () throws TskCoreException |
ArrayList< BlackboardAttribute > | getBlackboardAttributes (final BlackboardArtifact artifact) throws TskCoreException |
ArrayList< BlackboardAttribute.ATTRIBUTE_TYPE > | getBlackboardAttributeTypes () throws TskCoreException |
int | getBlackboardAttributeTypesCount () throws TskCoreException |
Content | getContentById (long id) throws TskCoreException |
List< ContentTag > | getContentTagsByContent (Content content) throws TskCoreException |
List< ContentTag > | getContentTagsByTagName (TagName tagName) throws TskCoreException |
long | getContentTagsCountByTagName (TagName tagName) throws TskCoreException |
String | getDbDirPath () |
List< TskFileRange > | getFileRanges (long id) throws TskCoreException |
Collection< FileSystem > | getFileSystems (Image image) |
Image | getImageById (long id) throws TskCoreException |
Map< Long, List< String > > | getImagePaths () throws TskCoreException |
List< Image > | getImages () throws TskCoreException |
long | getLastObjectId () throws TskCoreException |
ArrayList< BlackboardArtifact > | getMatchingArtifacts (String whereClause) throws TskCoreException |
ArrayList< BlackboardAttribute > | getMatchingAttributes (String whereClause) throws TskCoreException |
List< Content > | getRootObjects () throws TskCoreException |
int | getSchemaVersion () |
List< TagName > | getTagNamesInUse () throws TskCoreException |
List< VirtualDirectory > | getVirtualDirectoryRoots () throws TskCoreException |
boolean | isFileFromSource (Content dataSource, long fileId) throws TskCoreException |
AddImageProcess | makeAddImageProcess (String timezone, boolean processUnallocSpace, boolean noFatFsOrphans) |
BlackboardArtifact | newBlackboardArtifact (int artifactTypeID, long obj_id) throws TskCoreException |
BlackboardArtifact | newBlackboardArtifact (ARTIFACT_TYPE artifactType, long obj_id) throws TskCoreException |
List< AbstractFile > | openFiles (Content dataSource, String filePath) throws TskCoreException |
void | releaseExclusiveLock () |
void | releaseSharedLock () |
void | removerErrorObserver (ErrorObserver observer) |
ResultSet | runQuery (String query) throws SQLException |
void | setImagePaths (long obj_id, List< String > paths) throws TskCoreException |
boolean | setKnown (AbstractFile file, FileKnown fileKnown) throws TskCoreException |
void | submitError (String context, String errorMessage) |
Static Public Member Functions | |
static SleuthkitCase | newCase (String dbPath) throws TskCoreException |
static SleuthkitCase | openCase (String dbPath) throws TskCoreException |
Private Member Functions | |
SleuthkitCase (String dbPath, SleuthkitJNI.CaseDbHandle caseHandle) throws Exception | |
void | addBlackBoardAttribute (BlackboardAttribute attr, int artifactTypeId, CaseDbConnection connection) throws SQLException, TskCoreException |
void | addFilePath (CaseDbConnection connection, long objId, String path) throws SQLException |
long | getArtifactsCountHelper (int artifactTypeID, long obj_id) throws TskCoreException |
List< BlackboardArtifact > | getArtifactsHelper (ResultSet rs) throws SQLException |
ArrayList< BlackboardArtifact > | getArtifactsHelper (int artifactTypeID, String artifactTypeName, long obj_id) throws TskCoreException |
ArrayList< BlackboardArtifact > | getArtifactsHelper (int artifactTypeID, String artifactTypeName) throws TskCoreException |
FileSystem | getFileSystemByIdHelper (long id, Content parent) throws TskCoreException |
long | getFileSystemId (long fileId) |
void | initBlackboardArtifactTypes () throws SQLException, TskCoreException |
void | initBlackboardAttributeTypes () throws SQLException, TskCoreException |
void | initNextArtifactId () throws TskCoreException, SQLException |
void | logSQLiteJDBCDriverInfo () |
BlackboardArtifact | newBlackboardArtifact (int artifact_type_id, long obj_id, String artifactTypeName, String artifactDisplayName) throws TskCoreException |
List< AbstractFile > | resultSetToAbstractFiles (ResultSet rs) throws SQLException |
List< FsContent > | resultSetToFsContents (ResultSet rs) throws SQLException |
void | updateDatabaseSchema () throws Exception |
int | updateFromSchema2toSchema3 (int schemaVersionNumber) throws SQLException, TskCoreException |
Static Private Member Functions | |
static void | closeResultSet (ResultSet resultSet) |
static void | closeStatement (Statement statement) |
static String | escapeForBlackboard (String text) |
Private Attributes | |
final Map< Long, Long > | carvedFileContainersCache = new HashMap<Long, Long>() |
SleuthkitJNI.CaseDbHandle | caseHandle |
final ConnectionPerThreadDispenser | connections = new ConnectionPerThreadDispenser() |
String | dbBackupPath |
final String | dbDirPath |
final String | dbPath |
final ArrayList< ErrorObserver > | errorObservers = new ArrayList<ErrorObserver>() |
final Map< Long, FileSystem > | fileSystemIdMap = new HashMap<Long, FileSystem>() |
long | nextArtifactId |
final ResultSetHelper | rsHelper = new ResultSetHelper(this) |
final ReentrantReadWriteLock | rwLock = new ReentrantReadWriteLock(true) |
int | versionNumber |
Static Private Attributes | |
static final long | BASE_ARTIFACT_ID = Long.MIN_VALUE |
static final ResourceBundle | bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle") |
static final int | DATABASE_LOCKED_ERROR = 0 |
static final Logger | logger = Logger.getLogger(SleuthkitCase.class.getName()) |
static final int | SCHEMA_VERSION_NUMBER = 3 |
static final int | SQLITE_BUSY_ERROR = 5 |
Represents the case database with methods that provide abstractions for database operations.
Definition at line 67 of file SleuthkitCase.java.
|
private |
Private constructor, clients must use newCase() or openCase() method to create an instance of this class.
dbPath | The full path to a SQLite case database file. |
caseHandle | A handle to a case database object in the native code SleuthKit layer. |
Exception |
Definition at line 102 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.dbPath, org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.logSQLiteJDBCDriverInfo(), and org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.newCase(), and org.sleuthkit.datamodel.SleuthkitCase.openCase().
void org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock | ( | ) |
Acquire the lock that provides exclusive access to the case database. Call this method in a try block with a call to the lock release method in an associated finally block.
Definition at line 475 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addAttrType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), and org.sleuthkit.datamodel.SleuthkitCase.setKnown().
void org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock | ( | ) |
Acquire the lock that provides shared access to the case database. Call this method in a try block with a call to the lock release method in an associated finally block.
Definition at line 493 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.CaseDbQuery(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), and org.sleuthkit.datamodel.SleuthkitCase.runQuery().
int org.sleuthkit.datamodel.SleuthkitCase.addArtifactType | ( | String | artifactTypeName, |
String | displayName | ||
) | throws TskCoreException |
Add an artifact type with the given name. Will return an id that can be used to look that artifact type up.
artifactTypeName | System (unique) name of artifact |
displayName | Display (non-unique) name of artifact |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1644 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
int org.sleuthkit.datamodel.SleuthkitCase.addAttrType | ( | String | attrTypeString, |
String | displayName | ||
) | throws TskCoreException |
add an attribute type with the given name
attrTypeString | name of the new attribute |
displayName | the (non-unique) display name of the attribute type |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1420 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
BlackboardArtifactTag org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag | ( | BlackboardArtifact | artifact, |
TagName | tagName, | ||
String | comment | ||
) | throws TskCoreException |
Inserts a row into the blackboard_artifact_tags table in the case database.
artifact | The blackboard artifact to tag. |
tagName | The name to use for the tag. |
comment | A comment to store with the tag. |
TskCoreException |
Definition at line 4740 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute | ( | BlackboardAttribute | attr, |
int | artifactTypeId | ||
) | throws TskCoreException |
Add a blackboard attribute.
attr | A blackboard attribute. |
artifactTypeId | The type of artifact associated with the attribute. |
TskCoreException | thrown if a critical error occurs. |
Definition at line 1334 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttribute().
|
private |
Definition at line 1371 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.escapeForBlackboard().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes().
void org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes | ( | Collection< BlackboardAttribute > | attributes, |
int | artifactTypeId | ||
) | throws TskCoreException |
Add a set blackboard attributes.
attributes | A set of blackboard attribute. |
artifactTypeId | The type of artifact associated with the attributes. |
TskCoreException | thrown if a critical error occurs. |
Definition at line 1354 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.addAttributes().
LayoutFile org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile | ( | String | carvedFileName, |
long | carvedFileSize, | ||
long | containerId, | ||
List< TskFileRange > | data | ||
) | throws TskCoreException |
Adds a carved file to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.
carvedFileName | the name of the carved file to add |
carvedFileSize | the size of the carved file to add |
containerId | the ID of the parent volume, file system, or image |
data | the layout information - a list of offsets that make up this carved file. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 2738 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().
List<LayoutFile> org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles | ( | List< CarvedFileContainer > | filesToAdd | ) | throws TskCoreException |
Adds a collection of carved files to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles virtual directory if it does not exist already.
filesToAdd | a list of CarvedFileContainer files to add as carved files |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 2762 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.Directory.getChildren(), org.sleuthkit.datamodel.Content.getChildren(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.getFileType(), org.sleuthkit.datamodel.Content.getId(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.FileSystem.getRootDirectory(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.VirtualDirectory.NAME_CARVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.UNALLOC, and org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFile().
ContentTag org.sleuthkit.datamodel.SleuthkitCase.addContentTag | ( | Content | content, |
TagName | tagName, | ||
String | comment, | ||
long | beginByteOffset, | ||
long | endByteOffset | ||
) | throws TskCoreException |
Inserts a row into the content_tags table in the case database.
content | The content to tag. |
tagName | The name to use for the tag. |
comment | A comment to store with the tag. |
beginByteOffset | Designates the beginning of a tagged section. |
endByteOffset | Designates the end of a tagged section. |
TskCoreException |
Definition at line 4549 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
DerivedFile org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parentFile, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails | ||
) | throws TskCoreException |
Creates a new derived file object, adds it to database and returns it.
TODO add support for adding derived method
fileName | file name the derived file |
localPath | local path of the derived file, including the file name. The path is relative to the database path. |
size | size of the derived file in bytes |
ctime | |
crtime | |
atime | |
mtime | |
isFile | whether a file or directory, true if a file |
parentFile | parent file object (derived or local file) |
rederiveDetails | details needed to re-derive file (will be specific to the derivation method), currently unused |
toolName | name of derivation method/tool, currently unused |
toolVersion | version of derivation method/tool, currently unused |
otherDetails | details of derivation method/tool, currently unused |
TskCoreException | exception thrown if the object creation failed due to a critical system error |
Definition at line 2968 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addFilePath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
void org.sleuthkit.datamodel.SleuthkitCase.addErrorObserver | ( | ErrorObserver | observer | ) |
This is a temporary workaround to avoid an API change.
observer | The observer to add. |
Definition at line 4417 of file SleuthkitCase.java.
|
private |
Add a path (such as a local path) for a content object to tsk_file_paths
objId | object id of the file to add the path for |
path | the path to add |
SQLException | exception thrown when database error occurred and path was not added |
Definition at line 3212 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), and org.sleuthkit.datamodel.SleuthkitCase.addLocalFile().
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parent | ||
) | throws TskCoreException |
wraps the version of addLocalFile that takes a Transaction in a transaction local to this method.
fileName | |
localPath | |
size | |
ctime | |
crtime | |
atime | |
mtime | |
isFile | |
parent |
TskCoreException |
Definition at line 3074 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
LocalFile org.sleuthkit.datamodel.SleuthkitCase.addLocalFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parent, | ||
CaseDbTransaction | trans | ||
) | throws TskCoreException |
Creates a new local file object, adds it to database and returns it.
todo: at the moment we trust the transaction and don't do anything to check it is valid or in the correct state. we should.
fileName | file name the derived file |
localPath | local absolute path of the local file, including the file name. |
size | size of the derived file in bytes |
ctime | |
crtime | |
atime | |
mtime | |
isFile | whether a file or directory, true if a file |
parent | parent file object (such as virtual directory, another local file, or FsContent type of file) |
trans | the transaction in the scope of which the operation is to be performed, managed by the caller |
TskCoreException | exception thrown if the object creation failed due to a critical system error |
Definition at line 3116 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.addFilePath(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG, and org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED.
Report org.sleuthkit.datamodel.SleuthkitCase.addReport | ( | String | localPath, |
String | sourceModuleName, | ||
String | reportName | ||
) | throws TskCoreException |
Inserts a row into the reports table in the case database.
localPath | The path of the report file, must be in the database directory (case directory in Autopsy) or one of its subdirectories. |
sourceModuleName | The name of the module that created the report. |
reportName | The report name, may be empty. |
TskCoreException |
Definition at line 4934 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
TagName org.sleuthkit.datamodel.SleuthkitCase.addTagName | ( | String | displayName, |
String | description, | ||
TagName.HTML_COLOR | color | ||
) | throws TskCoreException |
Inserts row into the tags_names table in the case database.
displayName | The display name for the new tag name. |
description | The description for the new tag name. |
color | The HTML color to associate with the new tag name. |
TskCoreException |
Definition at line 4516 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory | ( | long | parentId, |
String | directoryName | ||
) | throws TskCoreException |
wraps the version of addVirtualDirectory that takes a Transaction in a transaction local to this method
parentId | |
directoryName |
TskCoreException |
Definition at line 2581 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.beginTransaction(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.commit(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction.rollback().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles().
VirtualDirectory org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory | ( | long | parentId, |
String | directoryName, | ||
CaseDbTransaction | trans | ||
) | throws TskCoreException |
Adds a virtual directory to the database and returns a VirtualDirectory object representing it.
parentId | the ID of the parent, or 0 if NULL |
directoryName | the name of the virtual directory to create |
trans | the transaction in the scope of which the operation is to be performed, managed by the caller |
TskCoreException |
Definition at line 2608 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.ALLOC, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.DIR, org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.getValue(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.getValue(), org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.FileKnown.UNKNOWN, org.sleuthkit.datamodel.TskData.TSK_FS_META_FLAG_ENUM.USED, and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
boolean org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed | ( | ) |
Query all the files to verify if they have an MD5 hash associated with them.
Definition at line 4333 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.REG, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
CaseDbTransaction org.sleuthkit.datamodel.SleuthkitCase.beginTransaction | ( | ) | throws TskCoreException |
Create a new transaction on the case database. The transaction object that is returned can be passed to methods that take a CaseDbTransaction. The caller is responsible for calling either commit() or rollback() on the transaction object.
TskCoreException |
Definition at line 457 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), and org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory().
void org.sleuthkit.datamodel.SleuthkitCase.close | ( | ) |
Call to free resources when done with instance.
Definition at line 4162 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.caseHandle, org.sleuthkit.datamodel.SleuthkitCase.ConnectionPerThreadDispenser.close(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.finalize().
|
staticprivate |
Definition at line 5029 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addAttrType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
void org.sleuthkit.datamodel.SleuthkitCase.closeRunQuery | ( | ResultSet | resultSet | ) | throws SQLException |
Closes ResultSet and its Statement previously retrieved from runQuery()
resultSet | with its Statement to close |
SQLException | of closing the query results failed |
Definition at line 4126 of file SleuthkitCase.java.
|
staticprivate |
Definition at line 5039 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addAttrType(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.initBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.setKnown(), org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
void org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB | ( | String | newDBPath | ) | throws IOException |
Make a duplicate / backup copy of the current case database. Makes a new copy only, and continues to use the current connection.
newDBPath | Path to the copy to be created. File will be overwritten if it exists. |
IOException | if copying fails. |
Definition at line 251 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().
int org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed | ( | ) |
Query all the files and counts how many have an MD5 hash.
Definition at line 4369 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
long org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Count files matching the specific Where clause
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException |
Definition at line 3243 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
int org.sleuthkit.datamodel.SleuthkitCase.countFsContentType | ( | TskData.TSK_FS_META_TYPE_ENUM | contentType | ) | throws TskCoreException |
Return the number of objects in the database of a given file type.
contentType | Type of file to count |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 4254 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
void org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag | ( | BlackboardArtifactTag | tag | ) | throws TskCoreException |
Definition at line 4767 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
void org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag | ( | ContentTag | tag | ) | throws TskCoreException |
Definition at line 4578 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
void org.sleuthkit.datamodel.SleuthkitCase.deleteReport | ( | Report | report | ) | throws TskCoreException |
Deletes a row from the reports table in the case database.
report | A Report data transfer object (DTO) for the row to delete. |
TskCoreException |
Definition at line 5015 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
|
staticprivate |
Escape the single quotes in the given string so they can be added to the SQL caseDbConnection
text |
Definition at line 4284 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addBlackBoardAttribute().
CaseDbQuery org.sleuthkit.datamodel.SleuthkitCase.executeQuery | ( | String | query | ) | throws TskCoreException |
This method allows developers to run arbitrary SQL "SELECT" queries. The CaseDbQuery object will take care of acquiring the necessary database lock and when used in a try-with-resources block will automatically take care of releasing the lock. If you do not use a try-with-resources block you must call CaseDbQuery.close() once you are done processing the results of the query.
query | The query string to execute. |
TskCoreException |
Definition at line 4146 of file SleuthkitCase.java.
void org.sleuthkit.datamodel.SleuthkitCase.finalize | ( | ) | throws Throwable |
Definition at line 4151 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.close().
List<Long> org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Find and return list of all (abstract) ids of files matching the specific Where clause
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException |
Definition at line 3299 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Find and return list of all (abstract) files matching the specific Where clause. You need to know the database schema to use this, which is outlined on the wiki. You should use enums from org.sleuthkit.datamodel.TskData to make the queries easier to maintain and understand.
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException |
Definition at line 3272 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles | ( | Content | dataSource, |
String | fileName | ||
) | throws TskCoreException |
dataSource | the dataSource (Image, parent-less VirtualDirectory) to search for the given file name |
fileName | Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement). |
TskCoreException | thrown if check failed |
Definition at line 2468 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.findFiles(), and org.sleuthkit.datamodel.SleuthkitCase.openFiles().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles | ( | Content | dataSource, |
String | fileName, | ||
String | dirName | ||
) | throws TskCoreException |
dataSource | the dataSource (Image, parent-less VirtualDirectory) to search for the given file name |
fileName | Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement). |
dirName | Pattern of the name of a parent directory of fileName (case insensitive, used in LIKE SQL statement) |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 2522 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFiles | ( | Content | dataSource, |
String | fileName, | ||
AbstractFile | parentFile | ||
) | throws TskCoreException |
Find all files in the data source, by name and parent
dataSource | the dataSource (Image, parent-less VirtualDirectory) to search for the given file name |
fileName | Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement). |
parentFile | Object for parent file/directory to find children in |
Definition at line 3231 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.findFiles().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5 | ( | String | md5Hash | ) |
Find all the files with the given MD5 hash.
md5Hash | hash value to match files with |
Definition at line 4297 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().
List<FsContent> org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere | ( | String | sqlWhereClause | ) | throws TskCoreException |
Find and return list of files matching the specific Where clause. Use findAllFilesWhere instead. It returns a more generic data type
sqlWhereClause | a SQL where clause appropriate for the desired files (do not begin the WHERE clause with the word WHERE!) |
TskCoreException |
Definition at line 3332 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToFsContents().
AbstractFile org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById | ( | long | id | ) | throws TskCoreException |
Get abstract file object from tsk_files table by its id
id | id of the file object in tsk_files table |
TskCoreException | thrown if critical error occurred within tsk core and file could not be queried |
Definition at line 2351 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags | ( | ) | throws TskCoreException |
Selects all of the rows from the blackboard_artifacts_tags table in the case database.
TskCoreException |
Definition at line 4791 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags | ( | ) | throws TskCoreException |
Selects all of the rows from the content_tags table in the case database.
TskCoreException |
Definition at line 4601 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<Report> org.sleuthkit.datamodel.SleuthkitCase.getAllReports | ( | ) | throws TskCoreException |
Selects all of the rows from the reports table in the case database.
TskCoreException |
Definition at line 4985 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames | ( | ) | throws TskCoreException |
Selects all of the rows from the tag_names table in the case database.
TskCoreException |
Definition at line 4456 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
|
private |
Helper method to get count of all artifacts matching the type id name and object id
artifactTypeID | artifact type id |
obj_id | associated object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1086 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount().
|
private |
Helper to iterate over blackboard artifacts result set containing all columns and return a list of artifacts in the set. Must be enclosed in acquireSharedLock. Result set and statement must be freed by the caller.
rs | existing, active result set (not closed by this method) |
SQLException | if result set could not be iterated upon |
Definition at line 699 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromID(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getDisplayName(), and org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getLabel().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts().
|
private |
Helper method to get all artifacts matching the type id name and object id
artifactTypeID | artifact type id |
artifactTypeName | artifact type name |
obj_id | associated object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1053 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
|
private |
Helper method to get all artifacts matching the type id name.
artifactTypeID | artifact type id |
artifactTypeName | artifact type name |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1118 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
int org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID | ( | String | artifactTypeName | ) | throws TskCoreException |
Get the artifact type id associated with an artifact type name.
artifactTypeName | An artifact type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 1547 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount().
String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName | ( | int | attrTypeID | ) | throws TskCoreException |
Get the display name for the attribute with the given id. Will throw an error if that id does not exist
attrTypeID | attribute id |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1517 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.BlackboardAttribute.getAttributeTypeDisplayName().
int org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID | ( | String | attrTypeName | ) | throws TskCoreException |
Get the attribute type id associated with an attribute type name.
attrTypeName | An attribute type name. |
TskCoreException | If an error occurs accessing the case database. |
Definition at line 1455 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
String org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString | ( | int | attrTypeID | ) | throws TskCoreException |
Get the string associated with the given id. Will throw an error if that id does not exist
attrTypeID | attribute id |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1486 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.BlackboardAttribute.getAttributeTypeName().
String org.sleuthkit.datamodel.SleuthkitCase.getBackupDatabasePath | ( | ) |
Returns the path of a backup copy of the database made when a schema version upgrade has occurred.
Definition at line 444 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.dbBackupPath.
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact | ( | long | artifactID | ) | throws TskCoreException |
Get the blackboard artifact with the given artifact id
artifactID | artifact ID |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1301 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.BlackboardAttribute.getParentArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | int | artifactTypeID | ) | throws TskCoreException |
Get all blackboard artifacts of a given type.
artifactTypeID | artifact type id (must exist in database) |
TskCoreException |
Definition at line 608 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.fromID(), org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.getDisplayName(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.AbstractContent.getArtifacts(), org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
String | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and String value
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 721 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
String | subString, | ||
boolean | startsWith | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and String value
attrType | attribute of this attribute type to look for in the artifacts |
subString | value substring of the string attribute of the attrType type to look for |
startsWith | if true, the artifact attribute string should start with the substring, if false, it should just contain it |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 758 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
int | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and integer value
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 796 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
long | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and long value
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 830 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
double | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and double value
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 864 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | BlackboardAttribute.ATTRIBUTE_TYPE | attrType, |
byte | value | ||
) | throws TskCoreException |
Get all blackboard artifacts that have an attribute of the given type and byte value
attrType | attribute of this attribute type to look for in the artifacts |
value | value of the attribute of the attrType type to look for |
TskCoreException | exception thrown if a critical error occurred within tsk core and artifacts could not be queried |
Definition at line 898 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | String | artifactTypeName, |
long | obj_id | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type for the given object id
artifactTypeName | artifact type name |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1149 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | int | artifactTypeID, |
long | obj_id | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type for the given object id
artifactTypeID | artifact type id (must exist in database) |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1166 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | ARTIFACT_TYPE | artifactType, |
long | obj_id | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type for the given object id
artifactType | artifact type enum |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1180 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | String | artifactTypeName | ) | throws TskCoreException |
Get all blackboard artifacts of a given type
artifactTypeName | artifact type name |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1238 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | ARTIFACT_TYPE | artifactType | ) | throws TskCoreException |
Get all blackboard artifacts of a given type
artifactType | artifact type enum |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1254 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper().
List<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts | ( | ARTIFACT_TYPE | artifactType, |
BlackboardAttribute.ATTRIBUTE_TYPE | attrType, | ||
String | value | ||
) | throws TskCoreException |
Get all blackboard artifacts of a given type with an attribute of a given type and String value.
artifactType | artifact type enum |
attrType | attribute type enum |
value | String value of attribute |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1269 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | long | objId | ) | throws TskCoreException |
Get a count of blackboard artifacts for a given content.
objId | Id of the content. |
TskCoreException |
Definition at line 639 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.AbstractContent.getAllArtifactsCount(), and org.sleuthkit.datamodel.AbstractContent.getArtifactsCount().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | String | artifactTypeName, |
long | obj_id | ||
) | throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given object id
artifactTypeName | artifact type name |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1194 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), and org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | int | artifactTypeID, |
long | obj_id | ||
) | throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given object id
artifactTypeID | artifact type id (must exist in database) |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1212 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount | ( | ARTIFACT_TYPE | artifactType, |
long | obj_id | ||
) | throws TskCoreException |
Get count of all blackboard artifacts of a given type for the given object id
artifactType | artifact type enum |
obj_id | object id |
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1226 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount | ( | int | artifactTypeID | ) | throws TskCoreException |
Get a count of artifacts of a given type.
artifactTypeID | Id of the artifact type. |
TskCoreException |
Definition at line 668 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse().
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact | ( | BlackboardArtifact | artifact | ) | throws TskCoreException |
Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the blackboard_artifacts table.
artifact | A data transfer object (DTO) for the artifact to match. |
TskCoreException |
Definition at line 4898 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<BlackboardArtifactTag> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Selects the rows in the blackboard_artifacts_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 4859 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.BlackboardArtifact.getObjectID(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
long org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Gets a count of the rows in the blackboard_artifact_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 4824 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes | ( | ) | throws TskCoreException |
Get standard blackboard artifact types in use. This does not currently return user-defined ones.
TskCoreException | exception thrown if a critical error occurred within tsk core |
Definition at line 929 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse().
ArrayList<BlackboardArtifact.ARTIFACT_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypesInUse | ( | ) | throws TskCoreException |
Get all of the blackboard artifact types that are in use in the blackboard.
TskCoreException |
Definition at line 966 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), and org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes().
ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes | ( | final BlackboardArtifact | artifact | ) | throws TskCoreException |
Definition at line 1671 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.BlackboardArtifact.getAttributes(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
ArrayList<BlackboardAttribute.ATTRIBUTE_TYPE> org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes | ( | ) | throws TskCoreException |
Get all blackboard attribute types
Gets both static (in enum) and dynamic attributes types (created by modules at runtime)
TskCoreException | exception thrown if a critical error occurred within tsk core |
Definition at line 988 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.fromLabel(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
int org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount | ( | ) | throws TskCoreException |
Get count of blackboard attribute types
Counts both static (in enum) and dynamic attributes types (created by modules at runtime)
TskCoreException | exception thrown if a critical error occurs within TSK core |
Definition at line 1020 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Content org.sleuthkit.datamodel.SleuthkitCase.getContentById | ( | long | id | ) | throws TskCoreException |
Get content object by content id
id | to get content object for |
TskCoreException | thrown if critical error occurred within tsk core |
Definition at line 2154 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.AbstractContent.getParent(), and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent | ( | Content | content | ) | throws TskCoreException |
Selects the rows in the content_tags table in the case database with a specified foreign key into the tsk_objects table.
content | A data transfer object (DTO) for the content to match. |
TskCoreException |
Definition at line 4704 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<ContentTag> org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Selects the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 4667 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
long org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName | ( | TagName | tagName | ) | throws TskCoreException |
Gets a count of the rows in the content_tags table in the case database with a specified foreign key into the tag_names table.
tagName | A data transfer object (DTO) for the tag name to match. |
TskCoreException |
Definition at line 4632 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
String org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath | ( | ) |
Get the full path to the case database directory.
Definition at line 466 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.dbDirPath.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), and org.sleuthkit.datamodel.AbstractFile.setLocalPath().
List<TskFileRange> org.sleuthkit.datamodel.SleuthkitCase.getFileRanges | ( | long | id | ) | throws TskCoreException |
Get file layout ranges from tsk_file_layout, for a file with specified id
id | of the file to get file layout ranges for |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 3387 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.AbstractFile.getRanges().
|
private |
Get file system by id and Content parent
id | of the filesystem to get |
parent | a direct parent Content object |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 3541 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.fileSystemIdMap, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
|
private |
Get the object ID of the file system that a file is located in.
Note: for FsContent files, this is the real fs for other non-fs AbstractFile files, this field is used internally for data source id (the root content obj)
fileId | object id of the file to get fs column id for |
Definition at line 2384 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), and org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource().
Collection<FileSystem> org.sleuthkit.datamodel.SleuthkitCase.getFileSystems | ( | Image | image | ) |
Helper to return FileSystems in an Image
image | Image to lookup FileSystem for |
Definition at line 3668 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.AbstractContent.getId(), org.sleuthkit.datamodel.TskData.ObjectType.IMG, and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.findFiles(), and org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource().
Image org.sleuthkit.datamodel.SleuthkitCase.getImageById | ( | long | id | ) | throws TskCoreException |
Get am image by the image object id
id | of the image object |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 3417 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), and org.sleuthkit.datamodel.SleuthkitCase.getRootObjects().
Map<Long, List<String> > org.sleuthkit.datamodel.SleuthkitCase.getImagePaths | ( | ) | throws TskCoreException |
Returns a map of image object IDs to a list of fully qualified file paths for that image
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 3886 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<Image> org.sleuthkit.datamodel.SleuthkitCase.getImages | ( | ) | throws TskCoreException |
TskCoreException |
Definition at line 3926 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
long org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId | ( | ) | throws TskCoreException |
Get last (max) object id of content object in tsk_objects.
TskCoreException | exception thrown when database error occurs and last object id could not be queried |
Definition at line 3959 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
ArrayList<BlackboardArtifact> org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts | ( | String | whereClause | ) | throws TskCoreException |
Get all artifacts that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables
whereClause | a sqlite where clause |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1749 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
Referenced by org.sleuthkit.datamodel.AbstractContent.getAllArtifacts().
ArrayList<BlackboardAttribute> org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes | ( | String | whereClause | ) | throws TskCoreException |
Get all attributes that match a where clause. The clause should begin with "WHERE" or "JOIN". To use this method you must know the database tables
whereClause | a sqlite where clause |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1714 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.fromType(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<Content> org.sleuthkit.datamodel.SleuthkitCase.getRootObjects | ( | ) | throws TskCoreException |
Get the list of root objects (data sources) from the case database, e.g., image files, logical (local) files, virtual directories.
TskCoreException |
Definition at line 561 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.TskData.ObjectType.IMG, org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.ObjectType.valueOf().
int org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion | ( | ) |
Returns case database schema version number.
Definition at line 434 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.versionNumber.
List<TagName> org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse | ( | ) | throws TskCoreException |
Selects all of the rows from the tag_names table in the case database for which there is at least one matching row in the content_tags or blackboard_artifact_tags tables.
TskCoreException |
Definition at line 4486 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.TagName.HTML_COLOR.getColorByName(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
List<VirtualDirectory> org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots | ( | ) | throws TskCoreException |
Get IDs of the virtual folder roots (at the same level as image), used for containers such as for local files.
org.sleuthkit.datamodel.TskCoreException |
Definition at line 2698 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.ObjectType.ABSTRACTFILE, org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock(), and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
|
private |
Make sure the predefined artifact types are in the artifact types table.
SQLException |
Definition at line 119 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
|
private |
Make sure the predefined artifact attribute types are in the artifact attribute types table.
SQLException |
Definition at line 145 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
|
private |
Initialize the next artifact id. If there are entries in the blackboard_artifacts table we will use max(artifact_id) + 1 otherwise we will initialize the value to 0x8000000000000000 (the maximum negative signed long).
TskCoreException | |
SQLException |
Definition at line 174 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.BASE_ARTIFACT_ID, org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
boolean org.sleuthkit.datamodel.SleuthkitCase.isFileFromSource | ( | Content | dataSource, |
long | fileId | ||
) | throws TskCoreException |
Checks if the file is a (sub)child of the data source (parentless Content object such as Image or VirtualDirectory representing filesets)
dataSource | dataSource to check |
fileId | id of file to check |
TskCoreException | thrown if check failed |
Definition at line 2424 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), and org.sleuthkit.datamodel.SleuthkitCase.getFileSystems().
|
private |
Write some SQLite JDBC driver details to the log file.
Definition at line 283 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.logger.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
AddImageProcess org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess | ( | String | timezone, |
boolean | processUnallocSpace, | ||
boolean | noFatFsOrphans | ||
) |
Start process of adding a image to the case. Adding an image is a multi-step process and this returns an object that allows it to happen.
timezone | TZ time zone string to use for ingest of image. |
processUnallocSpace | Set to true to process unallocated space in the image. |
noFatFsOrphans | Set to true to skip processing orphan files of FAT file systems. |
Definition at line 550 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.caseHandle.
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact | ( | int | artifactTypeID, |
long | obj_id | ||
) | throws TskCoreException |
Add a new blackboard artifact with the given type. If that artifact type does not exist an error will be thrown. The artifact type name can be looked up in the returned blackboard artifact.
artifactTypeID | the type the given artifact should have |
obj_id | the content object id associated with this artifact |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1783 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact(), org.sleuthkit.datamodel.AbstractContent.newArtifact(), and org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().
BlackboardArtifact org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact | ( | ARTIFACT_TYPE | artifactType, |
long | obj_id | ||
) | throws TskCoreException |
Add a new blackboard artifact with the given type.
artifactType | the type the given artifact should have |
obj_id | the content object id associated with this artifact |
TskCoreException | exception thrown if a critical error occurs within tsk core |
Definition at line 1796 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact().
|
private |
Definition at line 1800 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
|
static |
Create a new case database.
dbPath | Path to where SQlite case database should be created. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 529 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, and org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
Referenced by org.sleuthkit.datamodel.Examples.Sample.run().
|
static |
Open an existing case database.
dbPath | Path to SQLite case database. |
org.sleuthkit.datamodel.TskCoreException |
Definition at line 513 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.caseHandle, and org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
List<AbstractFile> org.sleuthkit.datamodel.SleuthkitCase.openFiles | ( | Content | dataSource, |
String | filePath | ||
) | throws TskCoreException |
dataSource | the data source (Image, VirtualDirectory for file-sets, etc) to search for the given file name |
filePath | The full path to the file(statement) of interest. This can optionally include the image and volume names. Treated in a case- insensitive manner. |
Definition at line 3358 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.AbstractFile.createNonUniquePath(), and org.sleuthkit.datamodel.SleuthkitCase.findFiles().
void org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock | ( | ) |
Release the lock that provides exclusive access to the database. This method should always be called in the finally block of a try block in which the lock was acquired.
Definition at line 484 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.addArtifactType(), org.sleuthkit.datamodel.SleuthkitCase.addAttrType(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttribute(), org.sleuthkit.datamodel.SleuthkitCase.addBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.addCarvedFiles(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addDerivedFile(), org.sleuthkit.datamodel.SleuthkitCase.addLocalFile(), org.sleuthkit.datamodel.SleuthkitCase.addReport(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.addVirtualDirectory(), org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.SleuthkitCase.deleteBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.deleteContentTag(), org.sleuthkit.datamodel.SleuthkitCase.getLastObjectId(), org.sleuthkit.datamodel.SleuthkitCase.newBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.setImagePaths(), and org.sleuthkit.datamodel.SleuthkitCase.setKnown().
void org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock | ( | ) |
Release the lock that provides shared access to the database. This method should always be called in the finally block of a try block in which the lock was acquired.
Definition at line 502 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.allFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.CaseDbQuery(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery.close(), org.sleuthkit.datamodel.SleuthkitCase.countFilesMd5Hashed(), org.sleuthkit.datamodel.SleuthkitCase.countFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.countFsContentType(), org.sleuthkit.datamodel.SleuthkitCase.deleteReport(), org.sleuthkit.datamodel.SleuthkitCase.findAllFileIdsWhere(), org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.SleuthkitCase.getAllBlackboardArtifactTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllContentTags(), org.sleuthkit.datamodel.SleuthkitCase.getAllReports(), org.sleuthkit.datamodel.SleuthkitCase.getAllTagNames(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsCountHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactsHelper(), org.sleuthkit.datamodel.SleuthkitCase.getArtifactTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeDisplayName(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeID(), org.sleuthkit.datamodel.SleuthkitCase.getAttrTypeString(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactsTypeCount(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifactTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypes(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributeTypesCount(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByContent(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getContentTagsCountByTagName(), org.sleuthkit.datamodel.SleuthkitCase.getFileRanges(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystemId(), org.sleuthkit.datamodel.SleuthkitCase.getFileSystems(), org.sleuthkit.datamodel.SleuthkitCase.getImageById(), org.sleuthkit.datamodel.SleuthkitCase.getImagePaths(), org.sleuthkit.datamodel.SleuthkitCase.getImages(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getMatchingAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getRootObjects(), org.sleuthkit.datamodel.SleuthkitCase.getTagNamesInUse(), org.sleuthkit.datamodel.SleuthkitCase.getVirtualDirectoryRoots(), and org.sleuthkit.datamodel.SleuthkitCase.runQuery().
void org.sleuthkit.datamodel.SleuthkitCase.removerErrorObserver | ( | ErrorObserver | observer | ) |
This is a temporary workaround to avoid an API change.
observer | The observer to remove. |
Definition at line 4428 of file SleuthkitCase.java.
|
private |
Creates file object from a SQL query result set of rows from the tsk_files table. Assumes that the query was of the form "SELECT * FROM tsk_files WHERE XYZ".
rs | ResultSet to get content from. Caller is responsible for closing it. |
SQLException | if the query fails |
Definition at line 4018 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.CARVED, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL, org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS, org.sleuthkit.datamodel.AbstractContent.UNKNOWN_ID, org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS, org.sleuthkit.datamodel.TskData.TSK_FS_NAME_TYPE_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.valueOf(), org.sleuthkit.datamodel.TskData.FileKnown.valueOf(), and org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.findAllFilesWhere(), org.sleuthkit.datamodel.SleuthkitCase.findFiles(), org.sleuthkit.datamodel.SleuthkitCase.findFilesByMd5(), org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), and org.sleuthkit.datamodel.SleuthkitCase.resultSetToFsContents().
|
private |
Creates FsContent objects from SQL query result set on tsk_files table
rs | the result set with the query results |
SQLException | if SQL query result getting failed |
Definition at line 4075 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM.FS, and org.sleuthkit.datamodel.SleuthkitCase.resultSetToAbstractFiles().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.findFilesWhere().
ResultSet org.sleuthkit.datamodel.SleuthkitCase.runQuery | ( | String | query | ) | throws SQLException |
Process a read-only query on the tsk database, any table Can be used to e.g. to find files of a given criteria. resultSetToFsContents() will convert the results to useful objects. MUST CALL closeRunQuery() when done
query | the given string query to run |
SQLException | if error occurred during the query |
Definition at line 4101 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireSharedLock(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.releaseSharedLock().
void org.sleuthkit.datamodel.SleuthkitCase.setImagePaths | ( | long | obj_id, |
List< String > | paths | ||
) | throws TskCoreException |
Set the file paths for the image given by obj_id
obj_id | the ID of the image to update |
paths | the fully qualified path to the files that make up the image |
TskCoreException | exception thrown when critical error occurs within tsk core and the update fails |
Definition at line 3987 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
boolean org.sleuthkit.datamodel.SleuthkitCase.setKnown | ( | AbstractFile | file, |
FileKnown | fileKnown | ||
) | throws TskCoreException |
Store the known status for the FsContent in the database Note: will not update status if content is already 'Known Bad'
file | The AbstractFile object |
fileKnown | The object'statement known status |
TskCoreException | thrown if a critical error occurred within tsk core |
Definition at line 4193 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.acquireExclusiveLock(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), and org.sleuthkit.datamodel.SleuthkitCase.releaseExclusiveLock().
void org.sleuthkit.datamodel.SleuthkitCase.submitError | ( | String | context, |
String | errorMessage | ||
) |
This is a temporary workaround to avoid an API change.
context | The context in which the error occurred. |
errorMessage | A description of the error that occurred. |
Definition at line 4443 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.FsContent.readInt().
|
private |
Modify the case database to bring it up-to-date with the current version of the database schema.
Exception |
Definition at line 197 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.copyCaseDB(), org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), org.sleuthkit.datamodel.SleuthkitCase.SCHEMA_VERSION_NUMBER, and org.sleuthkit.datamodel.SleuthkitCase.updateFromSchema2toSchema3().
Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
|
private |
Update a version 2 database schema to a version 3 database schema.
schemaVersionNumber | The schema version number of the database. |
SQLException | |
TskCoreException |
Definition at line 302 of file SleuthkitCase.java.
References org.sleuthkit.datamodel.SleuthkitCase.addBlackboardArtifactTag(), org.sleuthkit.datamodel.SleuthkitCase.addContentTag(), org.sleuthkit.datamodel.SleuthkitCase.addTagName(), org.sleuthkit.datamodel.SleuthkitCase.closeResultSet(), org.sleuthkit.datamodel.SleuthkitCase.closeStatement(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifact(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts(), org.sleuthkit.datamodel.SleuthkitCase.getBlackboardAttributes(), org.sleuthkit.datamodel.SleuthkitCase.getContentById(), org.sleuthkit.datamodel.Content.getSize(), org.sleuthkit.datamodel.TagName.HTML_COLOR.NONE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT, org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_FILE, org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TAG_NAME, and org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().
|
staticprivate |
Definition at line 72 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.initNextArtifactId().
|
staticprivate |
Definition at line 74 of file SleuthkitCase.java.
|
private |
Definition at line 77 of file SleuthkitCase.java.
|
private |
Definition at line 82 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.close(), org.sleuthkit.datamodel.SleuthkitCase.makeAddImageProcess(), org.sleuthkit.datamodel.SleuthkitCase.newCase(), org.sleuthkit.datamodel.SleuthkitCase.openCase(), and org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
|
private |
Definition at line 75 of file SleuthkitCase.java.
|
staticprivate |
Definition at line 70 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.executeQuery(), and org.sleuthkit.datamodel.SleuthkitCase.CaseDbConnection.prepareStatement().
|
private |
Definition at line 84 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getBackupDatabasePath().
|
private |
Definition at line 81 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getDbDirPath().
|
private |
Definition at line 80 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.SleuthkitCase().
|
private |
Definition at line 79 of file SleuthkitCase.java.
|
private |
Definition at line 78 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getFileSystemByIdHelper().
|
staticprivate |
Definition at line 73 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.logSQLiteJDBCDriverInfo().
|
private |
Definition at line 85 of file SleuthkitCase.java.
|
private |
Definition at line 76 of file SleuthkitCase.java.
|
private |
Definition at line 91 of file SleuthkitCase.java.
|
staticprivate |
Definition at line 69 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.updateDatabaseSchema().
|
staticprivate |
Definition at line 71 of file SleuthkitCase.java.
|
private |
Definition at line 83 of file SleuthkitCase.java.
Referenced by org.sleuthkit.datamodel.SleuthkitCase.getSchemaVersion().
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.